Privado ID Solutions

Reclaiming Trust in the Age of AI: Private Proofs of Uniqueness and Digital Reputation

October 9, 2024
Blog
Privado ID Solutions

Verifying digital identities while preserving privacy has become increasingly important, particularly with the growing influence of AI and deepfakes. 

This article explores how unique digital identifiers can help build trust and reputation online without compromising personal privacy:

  • Proof of Uniqueness: Proving humanity and uniqueness is key to building individual reputations and preventing bots and duplicate accounts.
  • The Dangers of a Public Permanent Digital Identifier: Unique digital identifiers must be securely managed to prevent tracking, cross-application tracing, and loss of privacy.
  • Context-based Unique Identifiers (CBUI): Privacy-preserving solutions like zero-knowledge proofs and CBUIs can ensure secure identity verification without compromising user privacy.

Proof of Humanity, Uniqueness and Reputation

Building trust among digital users begins with establishing a reliable system for verifying individual identities and ensuring each user's reputation is real. For instance, such a reputation system could be used to issue credentials to users before they decide to meet in real life after using a dating app, so each person can trust the other before taking the risk.

So, how can individual reputation be built? The truth is, reputation cannot exist without a personal proof of uniqueness. This means that reputation systems first need to trust that you are a user (not a bot) –you need to prove your humanity. That should be the first filter to avoid scammers and bots on the app. Usually this is proven during the onboarding of the user into the app, with things as simple as a captcha or more sophisticated as a video recording.

However, that doesn't prove anything about your intentions. In fact, it's impossible to assess your intentions –the best we can do is to mimic the reputation models that we have in the real world– or in other online reputation models that do work (like the reviews for hotels and restaurants).

The common factor in these 2 cases (real world people and online business) is that they can't remove their past actions and behaviors from their history. There is no "reset" button for your reputation when it's attached to your identity. And that's the key –your identity should be unique and permanent. 

Reputation systems don't work if you can just create another account and start again. That's why any online reputation model for individuals has to rely on Proof of Uniqueness –the proof that, as a person, you can only have one account in this app. If you try to create a second account, the system will detect that it's you again and will not allow it.

The only way to achieve this is through the combination of national ID and biometrics –the same process used by banks and other institutions to comply with the KYC regulations.

But reputation is bigger than your biometric hash or your national ID –reputation is the aggregation of multiple sources of attestation, each one with their own reputation. Reputation could be just a scoring system (by all the people who have met you in person) or something more complex that assigns different "weights" to the scoring of each individual based on their own reputation.

That is why this statement remains valid: Reputation is only possible with unique identities. While it is impossible to prove good intentions (as is the case in the real world), giving individuals something to lose is the most effective way to prevent wrongdoing

From anonymous accounts to trusted and reputable digital identities –each level supports the next one.

The Need for Reputation in the Post-AI Era

The previous section outlined the need for a proof of uniqueness (a unique global and permanent, human-attached identifier) as the cornerstone of any digital reputation system.

Why is a digital reputation system needed? Because society is moving backwards to the per-photography era, when the trust didn't come from the content itself (text), but from the source (who wrote it, who published it).

The audiovisual era changed these trust assumptions –there is no longer a need to know the source of a photo or a video to trust it– a video taken from the battlefield in Ukraine with a mobile phone can be anonymous and most people will trust that these actions happened. when reading about the same facts in a newspaper, the credibility of the source would likely be questioned before fully believing what it is saying:

All these pictures are AI-generated –from political manipulation to fear-mongering for profit or fun

Generative AI will take society back to source-based trust (in opposition to content-based trust). The challenge is that we don't have trusted identities nor a long-lasting reputation don’t exist in the digital space. If the source of a fake video is a Twitter account or an e-mail address, the reputation can be clean just by creating another one.

That is why long lasting reputations attached to trusted identities is crucial to re-establish  communication channels in a post-AI era.

The Dangers of a Public Permanent Digital Identifier

Let's imagine that somehow each individual has a unique identifier that is attached to them forever (like WorldCoin is doing, or like your government does when you get your digital national ID) –you get only once in your lifetime, you can't change it or get more. What happens now?

This identifier will be used by any digital service provider (social networks, e-commerce, mobile apps…) to verify that you are a unique human being (not an AI) –it will be the ultimate reverse Turing Test, the new Captcha. But there is an important difference to Captcha –if you share your unique identifier you are risking yourself to:

  • Cross-application tracking: Think in cookies on steroids. You would be leaving a trace of all your digital activity forever, a trace that is non-repudiable (it can be held against you legally).
  • Denial of Service: What if Google, Apple or Meta decide that they don't want to offer services to you? They would not be banning your account, but yourself. This could spell not just inconvenience, but the end of your professional career.
  • The end of privacy: The relationship of power between users and big applications is not symmetric. Think about the last time you bought a TV or a phone –do you really have a choice to reject their terms of use? If every application and device starts asking for your unique identifier just to provide the service, then everyone will know exactly who you are.

You can extend these examples further by replacing "accounts" by "people". These sentences are way scarier: banning an account, stealing an account, doxing an account, or monitoring an account…

The Chinese Social Scoring system is the most famous dystopian implementation of digital reputation

The Challenges of Privacy-preserving Solutions

The solutions proposed for these challenges in using personal unique identifiers have been always related to a bunch of cryptography tools like Zero Knowledge, Hashing, Accumulators, etc. Both Worldcoin and Privado ID use a similar idea:

First Challenge – the identifier

When a wallet “presents” credentials to a service provider it can follow different mechanisms (DIDCOM, OpenID, Connect your Wallet…) –but there is always an authentication step, then the user of the wallet has to prove that he is in control of the “secret” that protects his identity (password, device, or private keys).

In the world of Web3 decentralized identities, this usually means sharing your Ethereum Address or your DID (decentralized identifier). Once this is done, then the wallet can present credentials owned by that identifier (NFT, verifiable credentials, etc.).

The first challenge with privacy is that by sharing this identifier (Ethereum Address or DID) and later presenting credentials links one to the other –now the service provider knows that that DID is linked to that person. The more you use your credentials, the more you are doxing your identifier.

Imagine that you are asked to share your country of residence in one application, your date of birth to another and your employer to a third one. Although none of them have the full picture, it would be easy for an external observer to collect this data under the same identifier and build a full profile of you (especially if you leave these traces on-chain or on public networks).

By aggregating all the online activity done through a single identifier, it’s possible to build a detailed profile

The technical solution for this is quite simple (conceptually, although not technically) –give each application a different identifier so they can’t track you. But wait…does that mean that you’ll have to manage hundreds of identifiers? Also –do you need to obtain credentials for each new identifier?

Here is where cryptography comes to the rescue. You can generate a Zero-Knowledge proof about the fact that your application-specific identifier is deterministically derived from your permanent identifier –and that means that any credential issued to your permanent identifier is also valid for all the new application-specific identifiers. And all that can be managed automatically by your wallet.

In Privado ID we call this feature “Private Profiles” –and is the default option every time you present credentials to an application.

This challenge is still unsolved when the identifier is your Ethereum address –and that’s why it is argued that the identifier should not be your address (DID are better)… but that’s a long story that can be discussed in another post.

Second Challenge –sharing the uniqueness credential

Ok, you authenticated and proved that you are in control of the identifier that holds the credentials in a private manner –now what? That doesn’t prove that you are a unique human. A bot could create thousands of identifiers –what closes the deal is that you also used the identifier to obtain credentials about your uniqueness from a trusted issuer (government, bank, orbs, etc.).

Can you now share the credential with the application? Well, if you do so you risk to suffer all the consequences exposed above –you would be giving that application our passport number or biometric hash with all its consequences.

The technical solution for this is similar to the way identifiers were “anonymized” before:

  1. The service provider (application asking for a proof of uniqueness) provides a "context token" to the user wallet (a random number).
  2. Using the unique identifier in the credentials owned by the user (e.g. your passport number or biometric hash), the wallet generates another unique identifier (derived cryptographically from the original one + the context token), that it’s called "context-based-unique-identifier" (CBUI).
  3. The wallet sends this new identifier (CBUI) to the service provider.

This way, the service provider doesn't get your real unique identifier –but if the user tries to use the service again under the same context token, the wallet will generate the same CBUI. The CBUI is unique in this context.

Now, the service provider can work with a single context or create multiple contexts –an example would be a web selling tickets to multiple concerts that wants to sell 1 ticket per person. Each concert would have a different context-token, so each user would have a CBUI per concert.

An incognito machine that creates “multiple copies of a passport from a single one”.

Both Worldcoin and Privado ID use this technique –the difference is that the first one can only present the uniqueness credentials, while Privado ID can present any type of credentials in the same privacy preserving way.

Third Challenge –Service Providers Collusion

Context-based-unique-identifiers (CBUI) seem a good solution to the problem –but they depend on the service provider to keep their context for themselves.

What would happen if a consortium of big service providers (e.g. FAANG) decided to use the same context token forever? Then all users would be using a perpetual global context –and the CBUI would lose all validity –you are not sharing your passport, but it doesn’t matter because your CBUI is just as irreplaceable and important.

The truth is that there is not a solution to avoid this type of behavior yet –this is a new field of research to be explored. Privado ID is committed to build trustless systems that don’t depend on the good behavior of their users.

Nobody said privacy was easy.

Single or Multiple Providers for the Unique Identifier?

Two Different Unique Identifiers

The importance of privacy-preserving mechanisms for sharing unique identifiers has been discussed over this article, but the process of obtaining such identifiers has not yet been addressed. Who should be responsible for providing these unique identifiers?

First, let’s talk about different options to generate identifiers that can be attached to people. They can be classified in 2 types:

  • National ID: A trusted government may use biometrics to ensure the uniqueness of your record, but an arbitrary ID is assigned to you. The organization is responsible to ensure that each individual gets only one ID
  • Biometrics: The identifier is generated from the analysis of physical and/or behavioral characteristics of the individual. Scanning your face, iris, fingerprints or palm are examples of this. 

There are some pros and cons for each:

Pros Cons
National ID (e.g. passport) Arbitrary ID. It needs your consent to be verified.
It can be revoked or changed if it’s compromised.
Legally binding when it comes from the government.
Not as inclusive in some regions where individuals don’t have documentation or national IDs.
The ID may change over time (e.g. passports).
Biometrics (e.g. iris) Easy to produce with current mobile phones (face scan, fingerprints, voice).
Hard to fake. Inclusive and accessible for people without a national ID.
You can be tracked without your consent.
Attached to your body means it’s forever and can’t be revoked or changed. Due to varying algorithms, biometric providers produce unique vectors, implying the need for a global monopoly for universal uniqueness.
Some central entity controls your biometric data.

It may reveal other aspects of your body as health issues.

For the first case, there are hundreds of biometry providers that can generate biometric hashes. For the second, the most common provider is your government (national ID and passport).

Which one is better?

Can a Universal Unique Identifier (UUID) Exist Across the Entire Internet?

As discussed before, the question is not whether it can exist, but if it should exist. Having a UUID (in opposition to a context-based unique ID) is a direct road to a dystopian future where one could be banned from all digital services or tracked perpetually.

If the question is “can it exist?”, then it is needed to determine which type of identifier should serve as the UUID.

Since each biometric solution provider will have a different algorithm, they will produce different biometric vectors even when they are scanning the same thing (Facetec will produce a different biometric vector than Facia on the same face).

This means that you can’t have multiple biometric providers as the source of our UUID –so the only solution here is a global monopoly (this is what Worldcoin is trying to achieve)-- a single source means that your vector is really universally unique.

To avoid this scenario, the second option is to use your government's arbitrary ID. Each government has been doing this for decades and that is how passport numbers work. The challenge now lies in finding a way to use these UUID provided by governments in a way that they cannot be tracked or shared without your consent.

Connecting all the dots, the best solution would be:

  1. Use your government issued UUID (National ID number, Passport Number) as your UUID.
  2. Use it to prove your uniqueness without disclosing the UUID (don’t share your passport number, just a cryptographically derived proof).
  3. Make this proof context-based, so each application receives a different proof (CBUID).

Privado ID is making this a reality –solving the problem of trust without creating a dystopian scenario. This is a political and social decision, but the commitment is to show that it’s possible to do it in the right way.

If you want to explore identity solutions with us, please contact the Privado ID's growth team.

What’s Next?

Share this post

Stay up to date

Get our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.