diff options
Diffstat (limited to 'content/blog/sybil-resistance-identity/index.rst')
| -rw-r--r-- | content/blog/sybil-resistance-identity/index.rst | 89 |
1 files changed, 89 insertions, 0 deletions
diff --git a/content/blog/sybil-resistance-identity/index.rst b/content/blog/sybil-resistance-identity/index.rst new file mode 100644 index 0000000..f90b5ac --- /dev/null +++ b/content/blog/sybil-resistance-identity/index.rst @@ -0,0 +1,89 @@ +--- +title: "Identity between Cyberspace and Meatspace" +date: 2020-09-09T15:00:00+02:00 +draft: true +--- + +.. raw:: html + + <figure class="header"> + <img src="images/succulents.jpg"> + <figcaption>Photo by <a href="https://unsplash.com/@timbennettcreative">Tim Bennett</a> on <a href="https://unsplash.com/">Unsplash</a></figcaption> + </figure> + +Identity in Cyberspace +====================== + +.. Identity is a frequent problem +.. Easy solutions abound +.. Precise modelling is uncommon +.. True identity is sensitive, hard to handle +.. +.. Often, conversational features emphasized -> true identity is unnecessary +.. Social role theory +.. Call to action + +Most computer systems that interface with humans have a concept of user identity. The data structures used for its +storage vary, but usually one *account* corresponds to one human *user*. In many applications, the system operator tries +to ensure that one user cannot create multiple accounts. In online social networks, astrotufing_ and trolling are easier +to fight when limits are imposed on account creation. In online stores, fraud prevention means the store operator needs +their customers legal identity and the operator must be able to ban offending customers. In mobile messaging systems, +users have to be able to find each other by some identifier such as name or phone number, and this identifier has to be +unique and hard to forge. + +Today, in systems that allow anyone to create an account have largely converged to require either an email address or a +mobile phone number. Email addresses are used by systems that are less vulnerable to abuse and that are used on laptop +or desktop computers. Mobile phone numbers are abundantly used in smartphone apps, as well as in systems more prone to +abuse such as online social networks or ecommerce. Both are easily verified using a confirmation email or SMS. + +When designing or programming an online system, it is uncommon that the precise real-world semantics of accounts are +modelled. Most computer systems use ad-hoc data models. During their creation, their programmers implicit assumptions +about the world are encoded into these data models. Most of the time this works fine, but it does lead to significant +blind spots that can make systems break down for a fraction of their users. + +Lives in Meatspace +================== + +A consequence of the proliferation of phone numbers being used to identify people is that most people will not be able +to create multiple accounts. *"That's the point!"* you might say, but while we want to prevent scammers, spammers and +boored schoolchildren from messing with our systems, everybody else may have legitimate reasons to have more than one +account. + +We can apply sociology's model of roles_ to understand this issue. In sociology, a role is the comprehensive pattern of +rules and expectations that govern an individual's behavior corresponding to their social position. A key fact is that +most people occupy mutliple roles. A parent may also be a company employee or a wife and perform accordingly given the +circumstances. Systems that tie digital identity to legal personhood through the contracts behind phone numbers impede +their users' attempts at role separation. Effects of this are e.g. that nowadays employers routinely screen applicants' +social media accounts for unacceptable content. + +While this role conflict merely amounts to a minor inconvenience to most there are many to who it poses an existential +problem. Consider an LGBT+ person living in a repressive country or a politically conservative person living in a +very liberal city. Both have legitimate reasons to strictly separate parts of their private lives from others. For both, +much is at stake. Yet, both will have to practically circumvent most online systems registration barriers to implement +this separation. + +Trusting the User +================= + +While there is no single solution to these issues, there are several possible mitigations. The first and most important +one is to systematically think about the system's data model when creating it. Which assumptions about the real world +are inherent in it? Are these assumptions likely to cause issues? Ad-hoc models are easily created, but hard to get rid +of when they start causing problems. + +A general guideline on identity should be that hindering trolls by requiring things like phone numbers or credit card +numbers is very likely to also be an obstacle to many entirely legitimate uses. Captchas_ or invitation links can help +to keep out the trolls. Another approach is to limit the damage a troll can cause with things like effective moderation +systems, reputation systems or by limiting the reach of newly created accounts. + +Outside of e-commerce, actually tying a digital account to a real-world identity is very rarely necessary. The value of +a messenger app is not in the names in its contacts list, but the conversations behind these names. When two people meet +each other on the street, their interaction is shaped by a myriad of social factors—but *not* by them showing each other +their photo ID. + +Humans with their messy identities do not fit today's cyberspace well. Let's adapt cyberspace to humans, instead of +trying it the other way around. + +.. _astroturfing: https://en.wikipedia.org/wiki/Astroturfing +.. _roles: https://en.wikipedia.org/wiki/Role +.. _Captchas: https://link.springer.com/content/pdf/10.1007/3-540-39200-9_18.pdf + |