The inability to simultaneously verify sentience, location, and identity

I think a lot of people try to do identity things without understanding the fundamental nature of the problem they&#x27;re attacking.<p>For instance: I&#x27;m really really worried that governments are going to default into an understanding of digital identity that involves ownership of an email address and mobile phone rather than ability to sign a document.<p>Or: I&#x27;m really annoyed that software services and web apps have clauses like &quot;you can&#x27;t use scripts or automation software to access our API&quot; when a browser is just <i>that</i>. And they should really be enforcing rate limits and punishing abusive behavior whether the user clicked a button in a browser or a script did.<p>These type of things are not rooted in a fundamental understanding of identity, they&#x27;re sloppy stop-gaps. Despite all its faults, this is one of the reasons I&#x27;m super excited about WebAuthN. At least is make common the idea that an identity is a cryptographic secret and not a &quot;possession of an email and phone&quot;. We really really need to dig out of this &quot;email address identifies you&quot; hole.<p>Anyway it&#x27;s exciting to see people discuss the topic more formally. It gives me hope that we can ultimately get to a better understanding of digital identity and not be trying to solve impossible problems by chasing an impossibly perfect solution that verifies all 3 tenets that actually doesn&#x27;t exist and making a big mess of things because nobody stopped to ask or understand the scope of what we <i>should</i> be trying to do.<p>Ultimately identity should be empowering not oppressive. And right now it feels more like services oppress people into all sorts of weird requirements like having an email, getting a phone verification code, running software on a device that has an integrity attestation framework, etc. rather than trust them and punish bad behavior.<p>I want my government (and web services, but especially my government) to trust me and punish bad behavior, not treat me like an untrusted bot that needs to be managed and continuously verified.

IMO, the meat of this paper is in section 4.3 and 4.4.<p>And I cannot say for sure, but the formal proof of 4.4 basically summarizes the same points pointed out in 4.3.<p>Most of these are not inherently mathematical problems but a social one.<p>&gt; Verifying sentience is a fuzzy concept. While they can be bound together momentarily as we see in [66 ], the binding is very easily decoupled.The verified user might choose to sell off their uniqueness identifier at time period 𝑡 + 1 if the verification which binds sentience with uniqueness ends at 𝑡.<p>Basically, people can sell identities<p>----<p>What really concerns me though, is how much and how often this paper discusses DRM, or in their own words, a &quot;trust anchor&quot;<p>&gt; With the assumed threat model in our case, the lack of inherent trust in the user only compounds the unreliability of the model without any trust anchor.<p>&gt; Assuming a proof of location is for a mobile device, rather than a particular human being, then associating the proof of uniqueness obtained under such a condition, i.e., without the involvement of a trust anchor, is unreliable.<p>I know that the authors aren&#x27;t directly calling for more centralized trust. But given recent development at Google, we all know how the readers would think

The philosophy of identity is quite interesting to me. I&#x27;ve been thinking about it for a long time.<p>I like the idea of proof of personhood, and proof of location. These are both concepts that I have explored extensively. I looked at retina scans, and found it they&#x27;re both not unique enough, and not secure enough to act as a basis for a currency.<p>My proof of location was based on the 500 mile email story. Many millions of round trips between two devices could allow someone to prove on a blockchain that two secret keys were stored arbitrarily close to one another for some amount of time.<p>The paper mentions key signing parties which I believe must be part of any web of trust that proves personhood. Proving uniqueness is more difficult. There&#x27;s nothing that would stop me from having several different identities verified at different key signing parties, then using those to generate even more.<p>Using genealogy seems to be the only way to truly verify a unique identity if the system becomes widespread enough that parents often verify their children at birth. Then the age of the identity matches the age of the individual.<p>Farther into the future, the possibility of creating multiple copies of myself makes it much more difficult to tie an identity to a particular group of cells. There&#x27;s nothing truly unique about a copy, especially if we have the ability to change our DNA.<p>Philosophically, I started to wonder if there&#x27;s anything particularly special about any arrangement of cells. Maybe we should all just do our best, share resources, and create a society where abundance makes keeping track of all this stuff unnecessary.

&gt; Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms.<p>In some sense I think the authors&#x27; hypothesis is a good thing, ie that you can never fully verify someone online. It prevents wholesale algorithmic management of people, which is really what governments and companies would like to do, and forced some level of human contact or at least intervention. I expect it&#x27;s inevitable that they&#x27;ll find a way to offload the problem onto the citizen, for the most part they already have, but I&#x27;m personally glad it&#x27;s impossible to assign me some kind of infallible identifier that will let me be <i>The Castle</i> style abused remotely and without recourse.

Half the internet thinks troll means &quot;person who disagrees with me or (dis)likes thing i (dis)like&quot; - I&#x27;m distrustful of people who paint them as a big problem on the internet.<p>Is this how the western Social Credit system begins?

we cannot live in a society where I must demonstrate to another human that I&#x27;m human with a piece of paper just because the other human is a bureaucrat with a computer.<p>this is an &#x27;online only&#x27; problem

The location element of the trilemma doesn&#x27;t seem as important as the other two, and is a violation of privacy. Let it be hard to discover.<p>A social site that discovers everyone&#x27;s location, and reminds them it knows where they are, would probably drastically cut down on the trolling and abuse, but at what cost.

Title should read &quot;sentience, location, and uniqueness&quot;, which the paper states are the three key properties of identity

What about Apple&#x27;s FaceID? Secure, private, decentralized, and and verifies sentience (well atleast intactness of your physical head), location and identity.

It’s all the same problem that Ken Thompson identified in his classic Turing lecture: there is no way to reliably identify Trojans.

Nit Pet Peeve: Confusing sapience and sentience.