Long Term R&D: "People Parties" Proof of Human (proposal)

1. Summary

This is a motion proposal for the long-term R&D of the DFINITY Foundation, as part of the follow-up to this post: Motion Proposals on Long Term R&D Plans (Please read this post for context).

This project’s objective

The objective of this R&D motion proposal is to improve the initial people parties implementation that is currently being worked on and to be released shortly. Those improvements have the goal to, among other things, strengthen the personhood validation process, improve the decentralization of the implementation, extend the validation strategy based on validated participants from earlier rounds, and design a more scalable system.*

2. Discussion lead

Dieter Sommer, Björn Tackmann

3. How this R&D proposal is different from previous types

Previous motion proposals have revolved around specific features and tended to have clear, finite goals that are delivered and completed. They tended to be measured in days, weeks, or months.

These motion proposals are different and are defining the long-term plan that the foundation will use, e.g., for hiring and organizational build-out. They have the following traits and patterns:

1. Their scope is years, not weeks or months as in previous NNS motions
2. They have a broad direction but are active areas of R&D so they do not have an obvious line of execution.
3. They involve deep research in cryptography, networking, distributed systems, language, virtual machines, operating systems.
4. They are meant to match the strengths of where the DFINITY foundation’s expertise is best suited.
5. Work on these proposals will not start immediately.
6. There will be many follow-up discussions and proposals on each topic when work is underway and smaller milestones and tasks get defined.

An example may be the R&D for “Scalability” where there will be a team investigating and improving the scalability of the IC at various stages. Different bottlenecks will surface and different goals will be met.

3. How this R&D proposal is similar to what we have seen

We want to double down on the behaviors we think have worked well. These include:

1. Publicly identifying owners of subject areas to engage and discuss their thinking with the community
2. Providing periodic updates to the community as things evolve, milestones reached, proposals are needed, etc…
3. Presenting more and more R&D thinking early and openly.

This has worked well for the last 6 months so we want to repeat this pattern.

4. Next Steps

Developer forum intro posted
1-pager from the discussion lead posted
NNS Motion proposal submitted

5. What we are asking the community

• Ask questions
• Read 1-pager
• Give feedback
• Vote on the motion proposal

Frankly, we do not expect many nitty-gritty details because these are meant to address projects that go on for long time horizons.

The DFINITY foundation’s only goal is to improve the adoption of the IC so we want to sanity-check the projects we see necessary for growing the IC by having you (the ICP community) tell us what you all think of these active R&D threads we have.

6. What this means for the existing Roadmap or Projects

In terms of the current roadmap and proposals executed, those are still being worked on and have priority.

An intellectually honest way to look at this long-term R&D project is to see them as the upstream or “primordial soup” from which more baked projects emerge from. With this lens, these proposals are akin to asking, “what kind of specialties or strengths do we want to make sure DFINITY foundation has built up?”

Most (if not all) projects that the DFINITY foundation has executed or is executing are borne from long-running R&D threads. Even when community feedback tells the foundation, “we need X” or “Y does not work”, it is typically the team with the most relevant R&D area that picks up the short-term feature or project.

Please note:

Some folks gave asked if they should vote to “reject” any of the Long Term R&D projects as a way to signal prioritization. The answer is simple: “No, please, ACCEPT”

These long-term R&D projects are the DFINITY’s foundation’s thesis at R&D threads it should have across years (3 years is the number we sometimes use internally). We are asking the community to ACCEPT (pending 1-pager and more community feedback of course). Prioritization can come at a separate step.

I am Dieter Sommer, a member of the DFINITY research team. I am responsible for this motion proposal on people parties and look forward to the discussions with you!

1. Objective

The objective of this R&D motion proposal is to improve the initial people parties implementation that is currently being worked on and to be released shortly. Those improvements have the goal to, among other things, strengthen the personhood validation process, improve the decentralization of the implementation, extend the validation strategy based on validated participants from earlier rounds, and design a more scalable system.

2. Background

People parties are a proof of personhood (also referred to as proof of humanity) built on and for the Internet Computer. Each people party takes place at one specific point in time. Prior to that time, each prospective participant commits to a location that they will visit for the time of the party. At the beginning of the party, participants are assigned to small, random subgroups, and meet in a real-time audio / video call with other participants assigned to the same group. The video call, however, does not show the participants’ faces; instead, participants show their surroundings, proving that they are at the place they committed to. As locations chosen by different participants must have a certain minimum distance, and no participant can be physically present at two locations simultaneously, the proof of personhood even guarantees the uniqueness of the validated persons.

3. Why this is important

The main purpose of people parties is democratization. Each validated participant can designate a neuron in the network nervous system that receives increased voting power; this improves the relative voting power of the “many” vs. the “heavy”. It also provides additional voting rewards to all validated participants, which further motivates people to participate in the parties. The validated personhood also benefits the Internet Computer ecosystem more broadly: Open Internet Systems, which are dapps that are controlled by a decentralized governance system, will be able to benefit from the improved decentralization similarly to the Internet Computer itself. And any dapp will be able to use the validation information in order to, e.g., differentiate between bots and actual human users.

4. Topics under this project

• Improve the proof of personhood to be more inclusive, rely less on centralized components, and gradually increase hardness for keeping bots out.
• New verification strategy that uses information from prior rounds and, e.g., assigns more trust to already (and frequently) validated persons.
• Design scalable implementation by using multiple canisters running on different subnets of the Internet Computer to orchestrate the parties.

5. Key milestones (and technical solution if known)

It is currently too early to already provide the concrete milestones for the future R&D initiative. What can be said already now is that we will work on the improvement in an agile way with the goal of providing value through incremental releases of the functionalities we intend to research and implement. It is likely that we will have multiple milestones for each major functionality, following our usual R&D process.

6. Discussion leads

Björn Tackmann (@bjoern ), Timo Hanke (@timo ), Dieter Sommer (@dieter.sommer)

7. Why the DFINITY Foundation should make this a long-running R&D project

There will be an incentive by attackers to make attempts of building bot systems that would succeed in the personhood proofs and benefit from this. Thus, we expect that validation mechanisms need to continuously improve in order to keep thwarting attacks. This will require a longer-running involvement of the Foundation in terms of research and development efforts in stronger personhood validation mechanisms. Also, new mechanisms will need to be tried out with the community for their practicability and usability.

In addition to the above mentioned challenges, already the basic agenda in this motion proposal will require a substantial amount of R&D activities, which further motivates that this be a long-running R&D motion proposal.

8. Skills and Expertise necessary to accomplish this (maybe teams?)

This R&D initiative requires teams with a broad set of skills including the following:

• Personhood validation
• Thinking like an attacker, anticipating likely next steps by attackers, assessing what attackers may be capable of based on existing and upcoming technology
• Secure system design
• Internet Computer scalability
• Formal security modeling
• Security proofs
• Reliable and resilient browser-based real-time peer-to-peer audio / video conferencing
• Asynchronous systems and communication protocols

9. Open Research questions

• Strengthened mechanisms for proving personhood
• New verification strategies based on verified participants in previous rounds
• Scalability of the canister-based backend to parties of massive size, e.g., by running canisters on multiple subnets
• More strongly decentralized architecture for people parties, avoiding centralized components that may be a single point of failure

10. Examples where community can integrate into project

• Design reviews
• Code reviews
• Ideas / research on strengthened mechanisms for proving personhood
• Code contributions
• Helping test the implementations: This is hard to do for the Foundation alone as larger tests before a GA may require party dry-runs with more people than the Foundation has employees. This is a point where support by the community may be crucial for moving forward.

11. What we are asking the community

• Review comments, ask questions, give feedback
• Vote accept or reject on NNS Motion

Proposal is live!

https://dashboard.internetcomputer.org/proposal/35668

The reasons I rejected this offer are as follows.

1. I don’t think this is essential for the IC. Other proposals have a direct impact on the development of ICs, but in my opinion this one does not. It’s inevitable if someone creates a new dapp, but I don’t think it’s right for Dfinity to make this, and for people parties to share ICP rewards (in any way). This is not a business of Dfinity.

2. It is known that humans represent various personalities in the digital space. This is because one person can create multiple accounts. I wouldn’t say that multiple accounts are beneficial everywhere. But overall, it’s unclear whether the advantages outweigh the disadvantages. I don’t think people should be able to create only one account for any service.

Is it right I just write my thoughts here? Or do I have to write it here: People Parties - Community Proposal ?

People parties would be very useful to further increase decentralization on the NNS, which is a crucial aspect of the IC moving forward. This proposal would facilitate that and also offer dApps a way to filter out bots.

This is a good place. Thank you for taking the time to express your concerns. This is important part of an open design process.

I’m of the opinion that Dfinity should be working on the People Parties concept. It is not just a Proof of Humanity feature, which many existing and future apps on the IC need. It is also critical for decentralization of the IC on a larger scale. That means there must be an integration with NNS tokenomics. The combination of Proof of Humanity and Tokenomics integration is not something I would want anyone other than Dfinity to develop.

I agree with @wpb, the only thing that worries me is that the current design might become vulnerable to AI in the near future. Dominic said currently no AI can generate video in response to commands. But the AI/ML scene is evolving very quickly so who knows what will be doable in just 2 years time.

The other day I found this demontration: Google’s New AI: This is Where Selfies Go Hyper! 🤳 - YouTube
I know its a tech demo and still doesn’t look 100% natural, but perhaps in a couple years it will be mature enough to trick us, just with this technique someone could “scan” multiple locations and then virtually move the camera around when he is asked to focus on some specific item, allowing an individual to attend multiple parties at the same time.

Question: How would the people party system prevent somebody with multiple phones from attending a people party with one phone, then attending another party at a later date with a different phone, and so on? Unless this is solved, people parties won’t achieve their purpose of proving unique personhood and allowing one ID per person.

I’m leaning towards discouraging DFINITY from working on projects like this, which could be considered more of an application layer concern. DFINITY has finite resources and I’d much rather see them tackling the enormous challenges of the base layer protocols and leave things like this to the application layer teams.

I don’t like the idea, it doesn’t solve the problem of unique identity as people can create multiple unique verified identities at a later date. Bots have an attack vector by spamming invitations and by chance ending up in a party containing only bots, then voting to authenticate each other, even if it involves locking up ICP to join a party. Also it’s less permissionless than the actual web.

I think the simplest way to protect against ddos/bots is to develop a firewall that blocks users based on the number of ICP they have staked. Adding a flat fee for staking/unstaking ICP would make it very expensive for attackers to setup a lot of bot addresses. Dapp devs could design how they want their Dapps to interact with this pseudo-firewall, for example a social media Dapp might only want to serve users who have at least 10 ICP staked. While a static website Dapp might only want to block users with <1 ICP staked if there is too much traffic/a suspected ddoss attack.

Personally, I’m glad somebody is trying to solve the proof of humanity problem in a new way. If there’s an organization I trust to get something quality out there, it’s DFINITY.

I agree that the foundation has more important challenges to tackle, but considering people parties would require changes to tokenomics, liquid democracy and NNS I wouldn’t trust anyone more than Dfinity to work on them.

Indeed, the solution that is proposed now may, even though sufficient now, at some time be obsoleted by advancements in AI or other relevant technologies. This means that the solution for proof of humanity will need to evolve in lockstep with advancements of other relevant technologies. But this is not true just for this domain, but is a more general pattern in many areas of technology.

Since we want proof of personhood to affect tokenomics, and since people parties may end up breaking down over time, and since there are other teams working on their own proofs, should we not allow multiple proofs to be integrated into the tokenomics?

For example, perhaps the NNS will allow a voting boost if any of a number of proofs of personhood are presented, and maybe you get more of a boost the more proofs you have. We would all vote on which proofs to include.

Relying on people parties as our only solution may end up being suboptimal.

Jordan, this sounds interesting, can you give some more details on which other teams are working on their own proofs? Thank you!

@bob11 and I think deeply about it and have discussed it at length. He may pursue it at some point. I’m encouraging others and trying to find solutions wherever I can.

@dostro is working on a proof of personhood/humanity with his team (Identity Labs).

Solutions on Ethereum, like Burrata, should also be usable especially once we have the Ethereum integration.

Totally agree with Jordan about the direction a dapp (NNS or otherwise) will need to go in terms of presentation of proofs.

I also don’t think that should exclude dfinity from working on this one if the company has the resources because I agree with Jordan again on a previous point about wanting to know that proper resources are devoted to other priorities we might find more valuable.

However, there seem to be so many other priorities we could argue should be higher than people parties that it’s hard to imagine voting to prioritize people parties above.