As discussed in another post, establishing unique real identities is a pre-requisite for applying the cryptographic tools to decouple a real identity from a pseudonymous one to make a uniqonym.

There are some existing solutions for ensuring people only have one identity:

  • https://proofofhumanity.id/ is one attempt using photos, videos, and humans vouching for others.
  • https://worldcoin.org scans irises and hashes the pattern.
  • Most governments around the world register births and assign unique government identifiers to individuals.

There is no perfect solution unfortunately - there are trade-offs.

Use photos and videos as in PoH

The biggest problem with this solution is that it is unlikely to be that hard to make AI generated images and videos (after fine-tuning AI models for the task), and easy to vouch for a bot that vouches for a bot, and so on, until you have hundreds or thousands of identities. As such, it is unlikely to scale well.

Using iris scans as in WorldCoin

This solution attempts to solve for the problem of AI-generated images by using hardware produced and signed by a supposed ‘trusted third party’. Anyone could generate an iris image with AI, but the official hardware has proprietary technology to check for liveness. The hardware is physically hardened against attacks, and has a key protected in hardware to sign iris hashes - that links through a certificate chain back to a certificate issued by the “World Foundation”.

If you trust the “World Foundation”, this solves the AI problem with PoH, and solves the problem to an extent of not trusting a government to do the right thing (except to the extent said government could order the World Foundation to comply, anyway). However, in exchange, it requires trust for WorldCoin - they could create an arbitrary number of identities.

It also has the problem of requiring a large investment to get it worldwide, and is inconvenient to onboard to.

People in general do not trust the World Foundation. While it is a not-for-profit, it is associated with Sam Altman, who famously was able to get the board of OpenAI to resign and replace it with one loyal to him, and transition OpenAI towards being fully for-profit. World Foundation does not have members - only 4 directors who appoint their successors, and have complete control over it.

As such, a solution that already has a perception of being ‘creepy’ and which relies on a trusted-third party that doesn’t seem all that trustworthy can probably be discounted. Another implementation of the same idea is unlikely at this point due to the entry costs.

Another problem is that it has faced legal challenges operating in some countries due to privacy or security trading concerns.

Leveraging government issued identities

This solution relies on governments to decide who is a real person, and then leverages existing infrastructure.

This solution has the upside that it potentially has the lowest barrier to entry - at least in countries where people already prove their identity to the government.

There are a few downsides:

  • The government could create lots of fake people and use those identities to create fake prevalence signals (i.e. do the exact thing uniquonyms are supposed to protect against). This could be mitigated to an extent by making uniquonyms per-country - if 50,000 Russian government certified uniquonyms show up on a Ukrainian forum pretending to be Ukrainians, users can just filter them out. Within a country, all of the options require some degree of trust of governments - they could scan all their prisoners irises, or force prisoners to hand over their private keys under any option, and use those to create inauthentic interactions.
  • Uniquonyms based on government issued identities would need to be unique per country. Someone with multiple citizenships or relationships with multiple governments might have a uniquonym per country per namespace.
  • There are technical complexities around implementation (to be covered in a separate post) unless governments provide a unique key
  • There is a trade-off (discussed below) between allowing a government to unmask uniquonyms for users under that government, or not allowing recovery if someone claims a uniquonym using stolen government credentials.

The unmasking vs recovery tradeoff

Suppose someone gets access to your computer while you are logged in to a government website. Suppose you don’t yet have a uniquonym in a particular namespace, but the attacker goes ahead and creates one linked to your real identity under their own private key.

This is the uniquonym recovery problem. In an ideal world, after you re-prove your identity to the government, and kick out the identity thief, you’d be able to take over the uniquonym or somehow detach it from your real identity.

However, if this was allowed, the government could do the same without your cooperation - hence unmasking your real uniquonym.

So there is a trade-off to be had between safety from the government as a threat actor, and recovery following actions of non-government threat actors. Due to the design goal of protecting dissidents, the uniquonym architecture plans for now are to disallow recovery in this scenario.

However, this can be limited by making uniquonyms expire and require periodic re-verification (e.g. every 6 months). Then, recovery is to wait 6 months, and claim a uniquonym after that. Other forms of recovery other than someone making a new uniquonym against your identity are more solvable for - e.g. lost private keys could be solved by providing printable backup QR codes that can identify a uniquonym, but have enough information to enable recovery. These would have the risk that a government raid of a dissident could uncover it and lead to the dissident’s pseudonym being found - but that is still a better threat posture if they have no way to identify the dissident’s real identity if they limit their actions to online.

Why the plan for uniquonyms is to leverage government identities

All the options have some drawbacks - there is no perfect option unfortunately.

However, robustness against AI-generated alts is almost certainly needed for uniquonyms to be a success, and reliance on the World Foundation as a trusted third party is not going to fly or be convenient enough for significant uptake.

Therefore, relying on government issued identities, with as many mitigations to the drawbacks as possible applied, is how I plan to take project uniquonym.