Comment by cakealert

If you're really curious about this, there's a place where people discuss these problems annually: https://internetidentityworkshop.com/

Various things you're not thinking of:

- "The person at the keyboard, is the same person as that ID identifies" is a high expectation, and can probably be avoided—you just need verifiable credentials and you gotta trust they're not spoofed

- Many official government IDs are digital now

- Most architectures for solving this problem involve bundling multiple identity "attestations," so proof of personhood would ultimately be a gradient. (This does, admittedly, seem complicated though ... but World is already doing it, and there are many examples of services where providing additional information confers additional trust. Blue checkmarks to name the most obvious one.)

As for what it might look like to start from the ground up and solve this problem, https://urbit.org/, for all its flaws, is the only serious attempt I know of and proves it's possible in principle, though perhaps not in practice

We almost all have IC Chip readers in our pocket (our cell phones), so if the government issues a card that has a private key embedded in it, akin to existing GnuPG SmartCards, you can use your phone to sign an attestation of your personhood.

In fact, Japan already has this in the form of "My Number Card". You go to a webpage, the webpage says "scan this QR code, touch your phone to your ID card, and type in your pin code", and doing that is enough to prove the the website that you're a human. You can choose to share name/birthday/address, and it's possible to only share a subset.

Robots do not get issued these cards. The government verifies your human-ness when they issue them. Any site can use this system, not just government sites.

That is already solved by governments and businesses. If you have recently attempted to log into a US government website, you were probably told that you need Login.gov or ID.me. ID.me verifies identity via driver’s license, passport, Social Security number—and often requires users to take a video selfie, matched against uploaded ID images. If automated checks fail, a “Trusted Referee” video call is offered.

If you think this sounds suspiciously close the what businesses do with KYC, Know Your Customer, you're correct!

Not good enough, providers and governments want proof of life and proof of identity that matches government IDs.

Without that, anyone can pretend to be their dead grandma/murder victim, or someone whose ID they stole.

IDs would have to be reissued with a public/private key model you can use to sign your requests.

> the person at the keyboard, is the same person as that ID identifies

This won't be possible to verify - you could lend your ID out to bots but that would come at the risk of being detected and blanket banned from the internet.

UK is stupidly far behind on this though. On one hand the digitization of government services is really well done(thanks to the fantastic team behind .gov websites), but on the other it's like being in the dark ages of tech. My native country has physical ID cards that contain my personal certificate that I can use to sign things or to - gasp! - prove that I am who I say I am. There is a government app that you can use to scan your ID card using the NFC chip in your phone, after providing it with a password that you set when you got the card it produces a token that can then be used to verify your identy or sign documents digitally - and those signatures legally have the same weight as real paper signatures.

UK is in this weird place where there isn't one kind of ID that everyone has - for most people it's the driving licence, but obviously that's not good enough. But my general point is that UK could just look over at how other countries are doing it and copy good solutions to this problem, instead of whatever nonsense is being done right now with the age verification process being entirely outsourced to private companies.

In Europe we have itsme. You link the phone app to your ID, then you can use it to scan QR codes to log into websites.

Officially sanctioned 2fa tied to your official government ID. Over here we have "It's me" [1].

Yes, you can in theory still use your ID card with a usb cardreader for accessing gov services, but good luck finding up to date drivers for your OS or use a mobile etc.

[1] https://www.itsme-id.com/en-BE/

I doesn’t require a ground up rework. The easiest idea is real people can get an official online id at some site like login.gov and website operators verify people using that api. Some countries already have this kind of thing from what I understand. The tech bros want to implement this on the blockchain but the government could also do it.

In all likelihood, most people will do so via the Apple Wallet (or the equivalent on their non-Apple devices). It's going to be painful to use Open source OSes for a while, thanks to CloudFlare and Anubis. This is not the future I want, but we can't have nice things.

What's next? Requiring a license to make toast in your own damn toaster?

"Luckily" you won't have to do only that, you'll need to provide live video to prove you're the person in the ID and that you're alive.

It doesn't need to. Thanks to asymmetric cryptography governments can in theory provide you with a way to prove you are a human (or of a certain age) without:

1. the government knowing who you are authenticating yourself to

2. or the recipient learning anything but the fact that you are a human

3. or the recipient being able to link you to a previous session if you authenticate yourself again later

The EU is trying to build such a scheme for online age verification (I'm not sure if their scheme also extends to point 3 though. Probably?).

You are right about the negative outcomes that this might have but you have way too much faith in the average person caring enough before it happens to them.

I live with the naïve and optimistic dream that something like that would just show that everyone was in the list so they can't use it to discriminate against people.

> sells its access data

or has it leaked somehow.

Note: one of the founders of the World app is Sam Altman.

> A social media site can ban an abusive user without them being able to simply register a new account.

This is an absolutely gargantuan-sized antifeature that would single-handedly drive me out of the parts of the internet that choose to embrace this hellish tech.

>A zero-knowledge way of attesting persistent pseudonymous identity

why would a government do that though? the alternative is easier and gives it more of what it wants.

They are already getting people hooked on "free" access so they will have plenty of subjects willing to do that to keep that access.

Can you elaborate on that? Are you implying that it is strictly impossible to do this in a privacy-preserving way?

If it's illegal that person could face legal consequences

You’d at least be limited to deploying a single verified scraper which might be too slow for people to bother with.