One aspect regarding People Parties (whether conducted by dfinity or by a 3rd party like Identity Labs) that I haven’t seen discussed yet is that they provide incredible opportunities for collaborations and idea sharing. Nothing could be better for innovation then thousands of meetings of randomized people from a diverse pool, even if the purpose of the meeting isn’t related to innovation.
For that reason I strongly recommend People Parties both from dfinity and from 3rd parties.
I get the importance of proof of humanity, but I’m a bit concerned about this approach. Maybe because I don’t have enough background, but honestly I don’t feel too keen about going to a random place and making a videocall with random people. How am I protected from bad actors? How can I be assured that someone will not use this method to somehow track my device? I could also make different accounts, participate in parties for every single one of them, or just make my friends participate for me and they all could be validated, right? So how is this method the safest way to prove you’re a real person? Consider this, I’m just a regular user, not a dev.
Adding this: What happens if I end up in a crowded place and I’m recording people around me? In some countries, you’re not allowed to take pictures/record videos of people without their consent.
As proposed, for me this motion is a big NO NO! There must be better ways to prove your personhood without invading your own or others’ privacy.
How can I be assured that someone will not use this method to somehow track my device?
How would that happen?
I could also make different accounts, participate in parties for every single one of them
People parties validate the account for a limited period of time, Dom also mentioned there would be incentives to verify the same account multiple times in a row rather than different ones.
or just make my friends participate for me and they all could be validated, right?
They would but you would have to tell your friends to do it many times as I said, this is also something I think is less likely to happen if in the future IC becomes mainstream and people party verification is something you want to keep for yourself rather than give away. Imagine a scenario where only verified accounts can buy limited goods such as clothing or tickets to a concert.
So how is this method the safest way to prove you’re a real person?
Each account is linked to an individual, now that individual may have obtained multiple verified accounts by paying or asking friends but the 1 account 1 individual is still a thing, IRL politicians can buy votes so I don’t think there is a perfect solution to the issue, just ones that are good enough.
No idea, but I’m not comfortable with going on random videocalls with random people to show them my surroundings. The privacy issue still remains imo for people passing in front of my camera while recording.
Honestly, I don’t see my parents, for example, going around on videocalls with random people multiple times just to keep their identity verified. This is not a solution for onboarding regular people to the space. Another example (and I know I’m looking for the needle in the hay stack now), but what happens if a person who is disabled is asked to go, idk, on top of a 200m staircase?
This is not a solution for onboarding regular people to the space.
Maybe, it’s definitely not for everyone, but I don’t think it’s that bad either, many digital identities systems require you to provide photos of documents, proof of residence and even do a call with an operator using a webcam, that’s a lot of data I’m giving out to strangers who might be using subpar practices to protect my stuff, I’d rather go for a walk for 5 mins and be verified honestly, but to each their own.
but what happens if a person who is disabled is asked to go, idk, on top of a 200m staircase?
They shouldn’t, you decide where you have to be on the day of the party and commands should be simple stuff like “show us the street sign”, “show us the sidewalk”, “show us your shoes”, I wouldn’t expect to be told to run or go somewhere specific.
What about creating closed circles of people you actually know, instead? Like, I could validate, let’s say, a friend called Alex, and Alex validates me and another of his friends called Emma. Emma validates one of her friends, Betty, and, for some coincidence, I also know Betty so I get validated as well by her and vice-versa. This way there would be no need to go around, no videocalls, and you would actually verify people you already have in your contacts and you would be verified by multiple people. Let me know if I made a mess in explaining the concept or if you guys got the idea.
We have been experiencing some (hopefully temporary) show stoppers in the mobile app development for the people parties mobile Web app and it is highly likely that we can not release people parties in the Chromium release. We are currently looking for workarounds for the issues and hiring engineers to support the team. All this incurs some delays unfortunately. The implementation progress is currently slow and we try to mitigate the issues in the Web app with a native app.
Doesn’t people parties lock anyone out of the system without outdoor mobile data ? many poor people consider this a luxury
Also what about people living remotely in strange parts of the world, say Africa. How would they verify personhood ?
For example I read discussion of a geographical feature which would block people from registering in the same location for the People Party, how far would this be? as I know of people within 100M of me (flats/apartments) who stake ICP
Doesn’t people parties lock anyone out of the system without outdoor mobile data
It does but if you don’t have mobile data most likely you don’t even have an home connection so verifying a Internet Identity would be the last of your worries, nowadays there are more people with mobile phones and access to mobile data than pc and home connections, especially in poor countries.
which would block people from registering in the same location for the People Party, how far would this be?
Iirc 150m or so, but thats not a big issue you choose the location beforehand and if someone already picked a location in that radius you can choose another one nearby, I doubt this scenario will ever stop you from partecipating to a party unless pretty much an entire city were to attend at the same party.
The approach we have in mind is, as you noticed, not inclusive for everyone, unfortunately. We are aware of this. Mobile data is a requirement, for example. However, the plan is to improve on inclusiveness in further iterations of the people parties feature. If we aim at having everything in the first iteration, this would be too much, it’s better to launch something that works for a good fraction of people and then improve. If we aim too high initially, we run the risk of never finishing. We had some technical challenges delaying us substantially already with our scoped-down approach we currently take.
Do you have an idea that would have fewer requirements and still be a solid proof of humanity?
Currently, the PoC for the native app is iOS only and full native, with the only goal of validating whether the native app can resolve some media streaming problems we have on the Web app. Depending on the success of the PoC, we need to decide on the final architecture for the mobile app.
I gave the proposed system some thought and I came up with a few issues which could be used to abuse it:
AI tech in the next few years could become advanced enough to simulate human behaviour.
Dom said all participants would be split in subgroups of 4 and one needs at least 2 out of 3 votes to be approved, a bad actor with enough money could join a party with thousands of phones (the number increases/decreases based on how many legit participants are attending the party), this attack could disrupt the party in 2 ways: either by verifying bots actors as individuals or by negating verification to legit participants.
A bad actor with enough money could pay hundreds of individuals in poor countries a small fee to attend the party and then transfer ownership of the verified neuron.
Has the Foundation already thought about these attack vectors? If so how do you plan to solve them?
We also think that the approach we decided to go for needs to evolve over time so that we keep ahead of advancements in AI and other fields. Personhood verification will always be some form of arms race between the verification technology and hackers trying to circumvent it.
About our dear proof of humanity, what do we think about this :
Of course, it means that we would rely on a third party’s hardware, so some people could see a problem here. But I see things differently. Anyways, what do you think about this ?
Can I ask if this is still being actively worked on - https://personhood.ic0.app/? I see the Personhood canister in the w4rem system subnet, but it’s not controlled by the NNS yet so I can’t see when it was last updated (and haven’t been able to locate the source code).