Changes between Version 1 and Version 2 of Ticket #18361, comment 104


Ignore:
Timestamp:
Feb 23, 2016, 9:59:19 PM (3 years ago)
Author:
ford
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #18361, comment 104

    v1 v2  
    99Some other particular possibilities:
    1010
    11 - Anonymous credentials attesting that, e.g., "I am a user with a Twitter account who has been around at least 1 hear and has at least 100 followers".  In other words, build on the investment that the big social media companies make all the time to detect and shutdown abusive or automated accounts.  This basis is not remotely perfect obviously, but pragmatically, social media identities that have "survived a while" and have friends/followers are much more expensive on the black market than fresh Sybil accounts created by paid CAPTCHA-solvers.  Thus, users who can produce better anonymous evidence that they're "real" might get a bigger pile or faster rate of anonymous tokens than they do just by solving a CAPTCHA.  My group started exploring this approach in our Crypto-Book project ([http]//dedis.cs.yale.edu/dissent/papers/cryptobook-abs) but there are certainly gaps to be filled to make it practical.
     11- Anonymous credentials attesting that, e.g., "I am a user with a Twitter account who has been around at least 1 hear and has at least 100 followers".  In other words, build on the investment that the big social media companies make all the time to detect and shutdown abusive or automated accounts.  This basis is not remotely perfect obviously, but pragmatically, social media identities that have "survived a while" and have friends/followers are much more expensive on the black market than fresh Sybil accounts created by paid CAPTCHA-solvers.  Thus, users who can produce better anonymous evidence that they're "real" might get a bigger pile or faster rate of anonymous tokens than they do just by solving a CAPTCHA.  My group started exploring this approach in our Crypto-Book project ([http://dedis.cs.yale.edu/dissent/papers/cryptobook-abs]) but there are certainly gaps to be filled to make it practical.
    1212
    13 - Anonymous credentials that can attest with even higher certainty that they represent "one and only one real person", e.g., credentials derived from pseudonyms distributed at physical pseudonym parties (see [http]//bford.info/pub/net/sybil.pdf and [http]//bford.github.io/2015/10/07/names.html).  No one would be "required" to participate in such a system, but those that do might be able to get an even bigger pile or faster flow of tokens on the basis of demonstrating with higher certainty that they're one and only one real person.  Further, this seems like ultimately the only kind of basis that might provide a legitimate "democratic foundation": e.g., a basis that would allow Tor to hold online polls or votes and be reasonably certain that each real human got one and only one vote.
     13- Anonymous credentials that can attest with even higher certainty that they represent "one and only one real person", e.g., credentials derived from pseudonyms distributed at physical pseudonym parties (see [http://bford.info/pub/net/sybil.pdf] and [http://bford.github.io/2015/10/07/names.html]).  No one would be "required" to participate in such a system, but those that do might be able to get an even bigger pile or faster flow of tokens on the basis of demonstrating with higher certainty that they're one and only one real person.  Further, this seems like ultimately the only kind of basis that might provide a legitimate "democratic foundation": e.g., a basis that would allow Tor to hold online polls or votes and be reasonably certain that each real human got one and only one vote.
    1414
    15 - Anonymous credentials based on reputation scores that users exhibiting "good/civil behavior" can build up over time.  Basically, use a "carrot" approach rather than the "stick" approach that blacklistable credentials tend to represent.  We're also starting to explore ideas in this space; see our upcoming NSDI paper on AnonRep ([http]//dedis.cs.yale.edu/dissent/papers/anonrep-abs).
     15- Anonymous credentials based on reputation scores that users exhibiting "good/civil behavior" can build up over time.  Basically, use a "carrot" approach rather than the "stick" approach that blacklistable credentials tend to represent.  We're also starting to explore ideas in this space; see our upcoming NSDI paper on AnonRep ([http://dedis.cs.yale.edu/dissent/papers/anonrep-abs]).
    1616
    1717At any rate, the problem is definitely not at all simple; we need to start with baby steps (e.g., the CF+Google looping bug, then maybe a simple CAPTCHA-based credential scheme).  But in the longer term we need an architecture flexible enough to deal with abuse while allowing well-behaved users to demonstrate as such in multiple different ways based on multiple different trust foundations.