From c9d3d3d65665e325d7f8e6bf63d4d4a62f35c98b Mon Sep 17 00:00:00 2001 From: jaseg Date: Sun, 15 Aug 2021 13:25:05 +0200 Subject: deploy.py auto-commit --- content/posts/sybil-resistance-identity/index.rst | 89 ----------------------- 1 file changed, 89 deletions(-) delete mode 100644 content/posts/sybil-resistance-identity/index.rst (limited to 'content/posts/sybil-resistance-identity/index.rst') diff --git a/content/posts/sybil-resistance-identity/index.rst b/content/posts/sybil-resistance-identity/index.rst deleted file mode 100644 index f90b5ac..0000000 --- a/content/posts/sybil-resistance-identity/index.rst +++ /dev/null @@ -1,89 +0,0 @@ ---- -title: "Identity between Cyberspace and Meatspace" -date: 2020-09-09T15:00:00+02:00 -draft: true ---- - -.. raw:: html - -
- -
Photo by Tim Bennett on Unsplash
-
- -Identity in Cyberspace -====================== - -.. Identity is a frequent problem -.. Easy solutions abound -.. Precise modelling is uncommon -.. True identity is sensitive, hard to handle -.. -.. Often, conversational features emphasized -> true identity is unnecessary -.. Social role theory -.. Call to action - -Most computer systems that interface with humans have a concept of user identity. The data structures used for its -storage vary, but usually one *account* corresponds to one human *user*. In many applications, the system operator tries -to ensure that one user cannot create multiple accounts. In online social networks, astrotufing_ and trolling are easier -to fight when limits are imposed on account creation. In online stores, fraud prevention means the store operator needs -their customers legal identity and the operator must be able to ban offending customers. In mobile messaging systems, -users have to be able to find each other by some identifier such as name or phone number, and this identifier has to be -unique and hard to forge. - -Today, in systems that allow anyone to create an account have largely converged to require either an email address or a -mobile phone number. Email addresses are used by systems that are less vulnerable to abuse and that are used on laptop -or desktop computers. Mobile phone numbers are abundantly used in smartphone apps, as well as in systems more prone to -abuse such as online social networks or ecommerce. Both are easily verified using a confirmation email or SMS. - -When designing or programming an online system, it is uncommon that the precise real-world semantics of accounts are -modelled. Most computer systems use ad-hoc data models. During their creation, their programmers implicit assumptions -about the world are encoded into these data models. Most of the time this works fine, but it does lead to significant -blind spots that can make systems break down for a fraction of their users. - -Lives in Meatspace -================== - -A consequence of the proliferation of phone numbers being used to identify people is that most people will not be able -to create multiple accounts. *"That's the point!"* you might say, but while we want to prevent scammers, spammers and -boored schoolchildren from messing with our systems, everybody else may have legitimate reasons to have more than one -account. - -We can apply sociology's model of roles_ to understand this issue. In sociology, a role is the comprehensive pattern of -rules and expectations that govern an individual's behavior corresponding to their social position. A key fact is that -most people occupy mutliple roles. A parent may also be a company employee or a wife and perform accordingly given the -circumstances. Systems that tie digital identity to legal personhood through the contracts behind phone numbers impede -their users' attempts at role separation. Effects of this are e.g. that nowadays employers routinely screen applicants' -social media accounts for unacceptable content. - -While this role conflict merely amounts to a minor inconvenience to most there are many to who it poses an existential -problem. Consider an LGBT+ person living in a repressive country or a politically conservative person living in a -very liberal city. Both have legitimate reasons to strictly separate parts of their private lives from others. For both, -much is at stake. Yet, both will have to practically circumvent most online systems registration barriers to implement -this separation. - -Trusting the User -================= - -While there is no single solution to these issues, there are several possible mitigations. The first and most important -one is to systematically think about the system's data model when creating it. Which assumptions about the real world -are inherent in it? Are these assumptions likely to cause issues? Ad-hoc models are easily created, but hard to get rid -of when they start causing problems. - -A general guideline on identity should be that hindering trolls by requiring things like phone numbers or credit card -numbers is very likely to also be an obstacle to many entirely legitimate uses. Captchas_ or invitation links can help -to keep out the trolls. Another approach is to limit the damage a troll can cause with things like effective moderation -systems, reputation systems or by limiting the reach of newly created accounts. - -Outside of e-commerce, actually tying a digital account to a real-world identity is very rarely necessary. The value of -a messenger app is not in the names in its contacts list, but the conversations behind these names. When two people meet -each other on the street, their interaction is shaped by a myriad of social factors—but *not* by them showing each other -their photo ID. - -Humans with their messy identities do not fit today's cyberspace well. Let's adapt cyberspace to humans, instead of -trying it the other way around. - -.. _astroturfing: https://en.wikipedia.org/wiki/Astroturfing -.. _roles: https://en.wikipedia.org/wiki/Role -.. _Captchas: https://link.springer.com/content/pdf/10.1007/3-540-39200-9_18.pdf - -- cgit