HIP-? on Identity Theft

Proof of Humanity
4

Thanks for starting this thread, Santi!

It’s a tricky attack, and although maybe this is not happening today… it will certainly happen in the future as we gain mass adoption.

This will be an issue, I call it human-in-the-middle, and it was the only plausible attack vector I could think of.

Agreed! It’s the attack I’m most concerned about, by a very large margin.

Possible ways to increase cost of the attack

(summarizing the thread so far and adding some more possibliities):

Increase the coordination/trust required between a puppeteer and their human puppet:

  • Require an additional check after 3 days
  • Require an additional check some random amount of time later, with a limited time to respond (thanks to @clesaege for this idea) — even harder to coordinate against this

Increase the benefits of proof of humanity so that people want to claim it for themselves

  • There may always be a large pool of people who aren’t educated about PoH
    • Though people can prove their understanding during registration on video
  • This incentive might be cancelled out: the greater the benefit, the greater the reward to puppeteers for each human puppet they slip in, and the greater amount they can afford to pay those puppets.

Shrink the pool of willing human puppets

  • Exclude people who learn about the benefits and want them for themselves
    • We could ensure this education by having it be part of what they say on video, if we can ascertain they understand the language they’re speaking
    • However, the larger the benefits of registering, the more revenue the puppeteer earns per bribe, and the larger the bribe they can afford to pay…
  • Exclude people who are unwilling to lie on camera (registration could involve an oath on this topic)

Let community challenge/investigate suspected bribery cases (this is brilliant, @justin!)

  • Offer people being bribed a safe way out
    • We could have videochat sessions where a commnity notary can visually verify that there is no one looking over the human’s shoulder, can ask them to change location (e.g. walk outside)
    • Community notary can ask if anyone offered them money to record a video
    • If notary learns of bribe, they could have a way to invalidate the registered identity without the puppeteer becoming aware (similar to coercion-resistant votes using MACI in https://vitalik.ca/general/2021/05/25/voting2.html)
    • However, we’d need some way to establish a secure communication line with the human puppet, which I don’t immediately see a way to do: the puppeteer can submit their own contact information and mitm video communications.

Verification scores

  • Perhaps when you initially register with PoH, you’re verified with a medium verification score
  • Then can increase score by taking on additional challenges that would be hard to coordinate with the puppeteer, getting vouches from trusted parts of the graph, etc.
  • Sidenote: hmm — I wonder if rather than requiring renewal every 6 months (not great UX), we could just have a score that decays with the time since last verification. If you wait a year to reverify, your verification score might be quite low — after some years, perhaps your score would be negligible.
    • Projects relying on PoH could have a minimum score requirement and/or could weight by verification score

Next steps

  • Anyone have have more thoughts on how to make this attack more expensive?
    • Even ideas that seem infeasible or have terrible UX it could be good for spurring conversation.
  • How can we get more people thinking about this problem?
8 Likes