Bryan Ford,

EPFL – École Polytechnique Fédérale de Lausanne

Abstract:

Numerous fundamental weaknesses of our online ecosystem derive from its inability to distinguish securely between real people and fake identities. Social botnets, fake news, anonymous trolling, astroturfing, deep fakes, sock puppetry, online poll and ballot stuffing, annoying CAPTCHAs, and environmentally disastrous proof-of-work mining are all symptoms of the Internet’s lack of Sybil attack protection. Conventional “strong identity” solutions such as KYC, biometrics, and trust networks each have severe security, privacy, and usability weaknesses. The AI-powered arms race between better detection and better fakery leads us only towards real people becoming less “convincingly real” online than fakes, rendering real people increasingly-powerless bystanders in a bot-versus-bot world. These lessons point towards a single conclusion: to keep technology accountable to real people, we must stop seeking a magic-bullet pure technology solution to Sybil attacks, as there probably isn’t one.

Because securely recognizing real people must actually involve real people, we propose a “back to basics” approach to Sybil protection founded on physical security. We demand only that each real person have a real, physical body with which to attend occasional offline events in person. Via physical security and transparency processes, each real person obtains one and only one cryptographic proof-of-presence or “attendance badge” per event. Proof-of-presence ceremonies may be run at minimal cost by groups of people anywhere, coincident with other in-person events organized anyway such as meetings, conferences, town halls, concerts, political protests, etc. The convenience cost of these physical events are amortized by numerous applications and potential rewards from proof-of-presence tokens, including: trolling-resistant social networks and newsfeeds; reputation systems and “likes” that count only real people; accountably-anonymous “verified” online identities for browsing and website login; secure single-use promotional coupons from local or online businesses; privacy-preserving credentials for abuse-resistant online forums, polls, and democratic deliberation; smart contract systems that understand the notion of “person” and can implement “one-per-person” accounts, airdrops, and other benefits; and cryptocurrencies that provide a permissionless form of universal basic income.

Bio

Prof. Bryan Ford leads the Decentralized/Distributed Systems (DEDIS) research laboratory at the Swiss Federal Institute of Technology in Lausanne (EPFL). Ford focuses broadly on building secure decentralized systems, touching on topics including private and anonymous communication, scalable decentralized systems, blockchain technology, Internet architecture, and operating systems. Ford earned his B.S. at the University of Utah and his Ph.D. at MIT, then joined the faculty of Yale University where his work received the Jay Lepreau Best Paper Award and grants from NSF, DARPA, and ONR, including the NSF CAREER award. His continuing work receives support from EPFL, the AXA Research Fund, and numerous industry partners. He has served on numerous prestigious advisory boards including on the DARPA Information Science and Technology (ISAT) study group and the Swiss FinTech Innovations (SFTI) advisory board

For more information:

.....