Namecoin's motto is "Bitcoin frees money – Namecoin frees DNS, identities, and other technologies."
/u/biolizard89 has done fantastic work on the DNS part, but let's focus on the identity use case here. Recent events have convinced me that digital identity on the internet is broken. Consider:
- Twitter hack. Twitter's internal admin tool was compromised by hackers to commandeer ~130 top verified users including Biden, Obama, Buffet, Musk, Bezos, Apple, Uber, etc. to tweet out crypto scams on these users accounts.
- GPT-3 is ready for release and will allow bad actors to AstroTurf and control the narrative on social networks for monetary and political gain at massive scale. Also take a peek at /r/SubSimulatorGPT2/ which is solely populated by GPT bots to get a taste.
- ARTBreeder can create user profile images that are indistinguishable from real users.
- Deepfakes can twist reality and manipulate faces and voices to turn real actors into puppets promoting false narratives.
What was true in 1993 when cartoonist Peter Steiner wrote "On the internet, nobody knows you are a dog" is still true today. The only difference is that identity is increasingly being weaponized using AI/ML so "On the internet, nobody knows you are a bot" would perhaps be more apt.
I read the following comment from a user on slashdot yesterday:
For the time being, you can assume that this comment was written by a human being. You can click on my username, look back at my history of posts, and go, "OK, here's a bunch of posts, by a person, going back more than a decade, to the TIME BEFORE BOTS." That is, before the first year of 2020.
Since humans are likely to adopt the majority opinion, bad actors find real value in being able to control the narrative online by surrounding the reader with manufactured opinions by bots that due to advances in ML/AI are quickly becoming indistinguishable from real users. This amounts to a Sybil attack on the minds of digital content consumers and poses major threat to the integrity of our social fabric.
Apart from the recent twitter incident used for scamming, nation states have been known to create massive bot armies of fake and hijacked user accounts to try and shift the narratives regarding the Hong Kong independence protests as well as national elections. This will only increase.
Currently, our digital identity is fragmented into silo's largely controlled by government institutions and mega corporations (FAANG) based on a "Trust us" model. As recent events have proven, this is a bad model and in dire need of improvement/replacement. IMHO we need to move from "Trust us" to a "Trust but verify" model where the user is in full control of their digital identity.
Namecoin can and should play an important role in building this 'web of trust composed of self-sovereign identities" as it is neutral (no owner), permissionless and secure (merge-mined). Daniel already developed a proof of concept with NameID but what can we do to take this further?
Personally I'd like to see users create Namecoin identities and link them to their social identities (e.g. Google, Facebook, Twitter, Reddit, etc). Then whenever they create content, they sign it with their private keys. This would allow a reader to verify the content was created by the user. Content verification would have stopped the recent twitter hack, because even if the hackers would have access to internal admin tools they would not have the private keys that the users produce valid content with. "Not your keys, not your content"
Content verification is only one part. Ideally a user would like to verify the integrity of the content creator as well. E.g. has this user passed human verification in any of the linked platforms? Does a trusted linked entity vouch for the reputation or integrity of this user (e.g. a government entity, financial entity or non-governmental organization?). This would require those platforms to allow linking of Namecoin ID with their Platform ID and allow lookup and signing of metadata provided by these platforms. (e.g. UserID Y is linked to PlatformID X and completed human verification on date Z, signed Twitter).
I image users could install an extension similar to uBlock or Privacy Badger that contains human curated blacklists and heuristics that operate on Namecoin entities to perform these checks and flag or filter content and users that fail integrity checks. This would allow a users to automatically weed out potential bots and trolls but keep full control of this process themselves, avoiding potential censorship if this task would fall on the platform owners themselves (something governments are pushing for).
We could take this even further and integrate Namecoin ID's in software and hardware devices as well. This could create chains of trust to verify the entire chain of content creation and manipulation to the final content posted on a social platform. Where every entity signs the resulting content. (E.g. camera -> photoshop -> twitter post)
Apart from signing content/messages (PGP style). Namecoin could perhaps also be used for managing identity tokens in a users 'Identity wallet'. Looking into my physical wallet this could include things like credit cards, insurance cards, government issued IDs, membership cards, transportation cards, key cards, etc. This could be done similar to 'colored coins' on Bitcoin. But would have to support some type of smart contract functionality to be useful (e.g. expiring tokens, etc).
I'm not a developer nor a technical writer, but I do think we need to think long and hard about how we can solve digital identity in a way that empowers users to trust and verify the content and identities of the peers we interact with online while also respecting privacy and preventing censorship by external parties. Namecoin could be the better path to building this web of trust, but given the current pace of AI/ML and the willingness by bad actors to weaponize it at scale against users interests we might not have much time. (Apologies for the rant!)
No comments:
Post a Comment