Who Are You? — Digitally Speaking
There are four kinds of personal data.
- Credential data: Such as a driving license, a thumbprint, social security number, credit cards, logins for websites and so on.
- Data that are title. This includes documents that might prove you own a particular house (deeds), or car (documents), or computer (a simple sales receipt.
- Incidental data. Other data that happen to be created by you and belong to you, such as emails, logs of your activity, files you created.
- Digital artifacts. Things you own (such as CDs videos, photographs, PDFs, etc.) that also happen to be data.
This blog post is about the first kind of data. It reared its head at Permission.io, in an internal brainstorm about proof of identity.
The Identity Conundrum
We kicked the following question around:
“How do you prove that someone is a person and not a software robot?”
For background: we are building a network where individuals get paid for viewing ads and other content.
Naturally, we do not want an army of bots breaking into the Permission.io network to defraud the advertisers. If we do not find a way to prevent that, then as sure as night time follows sunset, it will happen.
The Invasion of the Ad Bots
Non-human traffic is a big problem in the digital ad industry. In 2017 it was estimated that 25% of ad clicks on the web were fraudulent. It had increased over the previous year, when it was merely 20% or so. The cost to the ad industry was estimated at $8.2 billion.
Click fraud operates in different ways. Some bots will do fake Google searches merely to cost the advertiser click money. It could be a malevolent hacker taking revenge on a company, or a competitor could sponsor it. Some websites create bots to click on the automated ads that appear. Some scams involve setting up clusters of fake websites that no-one ever visits except bots that click on display ads that could never be seen by human eye. If the topic fascinates you, you might enjoy visiting the Wikipedia page on click fraud .
So we thought as follows:
We do not want anyone signing up on our platform who is not a real person, or who is not who they say they are. If it’s possible to dream up a scheme for exploiting our platform, no doubt someone will attempt it, by setting up multiple identities and automating them.
Prevention is better than cure, and we’d like to prevent it.
The Wheel of Trust
It is relatively easy to set up a fake Facebook ID or Twitter or Reddit ID or even a fake Linked-In ID. It not at all easy to set up fake bank accounts or crypto exchange accounts, because those sites perform Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. Fake driving licenses are possible, but difficult, as are fake passport and fake birth certificates.
And while Facebook and Twitter may be easy to fake, it is not so easy to fake a detailed and active Facebook or Twitter account. The same goes for Linked In. It’s easy to set up a fake account but the educational and job records can be checked and if there are none — well that smells fake. For every such fakable “ID,” you can calculate a “trust probability” as to how likely it is to be fake.
Thinking about all of this brought us to the idea we call “The Wheel of Trust.” It is illustrated above. The idea behind it is to establish an ID as “highly likely to be genuine” by linking together many such IDs — each of which is assigned a “trust probability.”
The Permission.io user could create such an identity by some personal data (name, address, telephone number) and links to multiple personal data sources: credentials (driving license, passport, etc.), social network identities (Facebook, Twitter, etc.), bank accounts, cryptocurrency exchanges, biometrics, behavioral data and so on. An important aspect of this is that, technically, all this data could be checked (through zero-knowledge proofs) without the company itself ever seeing it or accessing it. (I’ll write another blog post to explain how.)
The Wheel of Identity
The idea here is not for the Permission.io network to become the reference point for identities; when we surveyed the identity landscape, we realized that there were far too many identity initiatives already in progress — including several national one — for it to be worth offering yet another one.
The Wheel of trust becomes a wheel of identity, through its spokes. Every source of identity is a spoke in the wheel. It may be possible to fake a single spoke, but faking a whole wheel will be very difficult indeed.
Robin Bloor Ph D. is the Technology Evangelist for Permission.io, author of The “Common Sense” of Crypto Currency, cofounder of The Bloor Group and webmaster of TheDataRightsofMan.com.
