BrightID: A Personal Stamp of Uniqueness
BrightID is a Giveth Social Coding project. The Social Coding Team is comprised of Giveth Galaxy members that manage, create, and contribute to projects that are beneficial but aren’t in themselves a source of revenue. We spoke with Adam Stallard about his work on this application.
The acceleration of information technology has outpaced our current ability to prevent some of the negative impacts that it has made. Social media outlets like Facebook have been targeted by swarms of bots that impersonate humans and influence public opinion. Bad actors may pose as multiple users in order to game rating systems such as Yelp.
What if there was a way to easily prove one’s personhood and the identification solution was adopted by social media? BrightID is attempting to address the issue of public identification with an application that allows someone to be verified as a unique individual. I asked Adam Stallard to help me understand the concepts behind digital identity.
AS: The thing I’m trying to get across with BrightID is there’s a certain problem — that of unique personhood — that isn’t going to be solved with IDs in the way we traditionally think of them. Throwing more personal data , even biometrics, at the problem isn’t going to solve it. It comes down to trusted verifiers. We will solve this problem eventually — with a worldwide network of identity verifiers. The main question is, “Who will act as the verifiers?” I think it should be the people that know you the best.
BS: So you see a difference between identification and personal data? How can you guarantee one without compromising the other?
AS: Yes. Separating personal data from a stamp of unique personhood: it doesn’t require personal data. In fact, personal data doesn’t help because you’ll always need someone to verify the data. This is different than traditional uses of IDs, which are checkpoints and ownership. For those situations, biometrics and background data are helpful. We don’t require personal data or biometrics because we have no use for them anyway.
Let’s say that Facebook wants to start using BrightID to limit duplicate accounts. Then we need to help them to make sure they don’t leak your personal data with your BrightID, because that’s kind of a permanent leak if that happens. So, we want to help apps safeguard BrightIDs the same way they would passwords.
BS: How does BrightID fit into the Giveth ecosystem?
AS: I think anytime you want to have an application that can potentially include anyone and you want to be able to restrict it to one user per person — then BrightID is a good use case. For Giveth, they have what amounts to a liquid democracy. Voting is one of the two major use cases for BrightID; the other being Universal Basic Income.
BrightID’s two main functions are to help users become verified as unique individuals and to connect users to apps that offer added benefits for being verified as unique. It is not, however, for verifying one’s personal data, so it isn’t a KYC/AML solution for financial compliance. And perhaps in this new world we are building, it won’t be necessary.
BrightID’s system for unique identification relies on a “Trust Score” generated by personal connections between members of groups, and personal connections between those groups. A user’s unique identification is assumed because of this Trust Score. The more personal connections you have, and the more trusted a group of people is, the greater the score.
The BrightID network consists of server nodes, each with a copy of all the connections. Under the hood, it is a graph database, and since each node has a complete copy of the graph, operations are fast.
When two users make a connection, it is cryptographically signed by both of them. Users’ clients then connect to a node, which verifies these signatures and add the connection to the graph. Nodes are run by application providers who have a need for a unique ID verification system. When an ID is queried, several nodes can be asked for their score data to look for a consistent value. Nodes are constantly analyzing the graph looking for Sybil attacks, thwarting anyone who tries to duplicate themselves.
To have a more in-depth look at the BrightID Mobile App Spec, see the BrightID Wiki or the BrightID FAQ. If you want to become part of the Social Coding program, or have questions about this or any of our other projects, come to join.giveth.io and be part of the conversation.
More on Giveth: