Topic: Identifi.org - Address book with ratings (Read 27880 times)

No doubt that Sirius is a legend. But, identifi.org should have had a 301 redirect to iris.to. Instead, it is showing some weird Casino blog on landing page! I wish, Sirius logs in for a while at BitcoinTalk and clears the doubt.

I confirm that iris.to is the right domain name now.

Me, sirius and 3 others are actively working and developing it as we speak. ( My username there is merlin-web )

May I add that I feel blessed, very lucky and honored to be on this team, since sirius has worked with satoshi himself in the first few years of bitcoin.

I don't know if you still check BitcoinTalk. Identifi.org seems to have launched as Iris.to. I would just like to know if it is compliant to BlueSky or any other open standard?

Update
https://twitter.com/marttimalmi/status/1107625240115458048

Hi. I'm a developer.
I would like to help.

https://www.facebook.com/antoine.brule.8

Thanks for the link, although I don't see anything that addresses my previous post.

My impression from talking to Tim and reading Sirius' whitepaper from a few years ago is that nobody associated with identifi has put forth a vision to tackle the kind of problem in my previous post. In other words, how identifi could provide the foundation for a fully formed pseudonymous reputation system (PRS). Although I would be happy to be proven wrong!

This to me is the most interesting problem in the crypto space. I have ideas on potential strategies and am working on demonstrating those ideas on my website OpenBazaar.OnTheBlockchain.com which I hope will provide a useful reputation system for OpenBazaar. It is not yet in beta although I hope that's not too far away. Essentially what I am building now is a platform that will calculate average ratings of listings using ratings generated on my site as well as ratings generated on OpenBazaar itself, and will also calculate trust scores of users based on ratings generated on my site. All averages are weighted averages, where the weight of the rating depends on the trust score of the user doing the rating. Unvetted users are given a default trust score which is adjustable by the user and can be set to zero if desired.

I haven't done this yet, but my roadmap includes allowing users to sign json-formatted ratings using a self sovereign identity (like a keybase ID perhaps), and then storing the rating + signature on the ipfs. I haven't learned enough yet about identifi to know whether I could use the identifi library to assist me in this task. Although by a quick perusal, it looks like identifi has functions that will store data in ipfs, so perhaps I can use it.

You can follow here the next things that Sirius is going to add/change
https://trello.com/b/8qUutkmP/identifi

Suppose Alice trusts Bob (in a generic sense), Bob trusts Charlie, and Charlie vouches for Dave as being an excellent food critic. Alice wants to eat at Restaurant X which is in fact a terrible restaurant, but was rated 5 out of 5 stars by 3 unvetted user accounts (all three of which are actually the restaurant owner, unbeknownst to anyone). It was rated 1 out of 5 by Dave. Yelp averages these out for a composite score of 4 out of 5 stars. Obviously this is a misleading average score! How do we solve this problem using web of trust?

I would like to see a solution whereby Restaurant X's average is a weighted average, where Dave's 1-star rating is given a lot more weight than the 5-star ratings by the unvetted users, so that Alice sees that Restaurant X's composite score is (for example) 1.2 out of 5 instead of 4 out of 5. If she wants, Alice can do a visual inspection of her web of trust and trace the connection between her and Dave, but this would be very time intensive and it should not be necessary for her to do this for every single rater of every single restaurant under consideration.

Is it envisioned that identifi will enable a solution like this? If it's not, then we need to develop such a vision.

Addendum: I would like to see a solution that would do all of the above, and in addition would be able to hide some of the connections. For example: suppose Bob wants to keep his connection to Charlie private. There should still be a way for Alice to know that her web of trust tells her that Dave is an excellent food critic and Restaurant X is a bad one, WITHOUT revealing the full connection between her and Dave. I believe that this is very much doable (perhaps using zero knowledge proofs, or maybe other cryptographic tools) but that the first step should be to tackle the more simple scenario where all connections and ratings are public. Then and only then can we turn our attention to the privacy-preserving algorithms.

Suppose I want to go to a restaurant. I look at the reviews on Yelp and I want to attend only to the reviewers who are deemed trustworthy by my web of trust. A reputation system can help me with that. I fail to see how an insurance system, no matter the implementation, can realistically provide a superset of this functionality.

The idea is interesting and could be very useful, but here a lot of work remains to be done about the security of personal data and the reliability of ratings. How are you going to achieve reliability, honesty of the reviews? I think you need a sociologist and a specialist in user experience.
And about the site. Search doesn't work, and fonts are very pixelated (you need anti-aliasing).

Without blockchain, what happens if somebody attempts the pendant of a double spend? E.g. different ratings...

http://unbit.nl/2014/09/16/martti-malmi-on-bitcoin-and-identifi/

An interview and some information about Identifi

identifi is one of the critical missing components, it is required and must exist - sirius is a skilled, hard working, and respected.

I would encourage any able developer with any free time to get familiar with the project, and if they subsequently have any motivation then contribute whatever time they can to this project, whether developing, testing, or simply discussing issues.

I for one will do what I can.

http://identi.fi isn't asking password anymore!

Please come to test this new products and help to fix things!
https://github.com/identifi/identifi-rails/issues
https://github.com/identifi/identifi

Nah. Skill, motivation and a skype account is sufficient.

Is relocation a criteria to join your team ?

Looking for paid developers, check out http://identifi.org/

Just something I got stuck with, easy (?) 0.5 BTC for someone who's familiar with bitcoin-qt code: https://github.com/identifi/identifi/issues/3

Now we just need to get that one fixed, plus some network code, and we have something that works.

The current data storage and transfer model might not be the optimal, but this is more of a proof-of-concept implementation.

Very interesting project, looking to implement something like this in a P2P lending project I am considering doing. Keeping watch

Hello Sirius,

I'm from Kenya. I've been following keenly on digital currency trends. Much has been said of crypto currencies and Africa and I've been brainstorming ideas on how to best leverage crypto concepts such as the blockchain to solving some of the immediate problems in Kenya (some can be generalized to much of Sub Saharan Africa). Anyway, some of my thoughts led me here. Identity. I think its possible to use the blockchain (or a public ledger) to store multiple identities of individuals and have them hold on to the private key to restore their identities on multiple services/sign ups in case of loss. I'll explain

My friend carries around 14 cards in his wallet: multiple debit cards, loyalty cards, National ID card, Social Security card. . .you get the picture. Here in Kenya, the national identification card/issuing system is separate from tax ID, Social Security ID and hospital insurance iD. There's no centralized database system to lock in all identities into 1 card. Losing any of these cards requires a tedious process of restoring it. Takes days/weeks/months depending on card. Much of the national system isn't computerized to streamline process [read zero-early adoption]

To my point. Imagine a 'transaction' on a public ledger that establishes an individual and all his/her identities on whatever service [ALL in one]. Any additional identities are added to an address through 'new transactions'. The info will be hashed and the private key secured by the individual. Losing any of the cards would just require the owner to restore his identity on a new card via the private key and a new transaction to verify restoration.

I'm curious on whether such a system is in development based on the blockchain concept. Are you aware of any? I'd like to get your take on the feasibility of this. I'm not looking to develop, but rather, to have it as a possible application of cryptos to Africa for a digital currency awareness campaign.

I see that this project was posted in 2012. Ethereum was not around then. But, in 2014, I believe the best implementation of this project is done through Ethereum.

White Paper: https://github.com/ethereum/wiki/wiki/%5BEnglish%5D-White-Paper

There is an update on the project, you can now easly join with a Twitter account.
http://identi.fi (identifi/identifi)

Does it really have to, or is that just the way people have always done it before?

Reputation systems give you a limited and imperfect method of predicting intentionally malicious behavior.

Insurance provides recourse that covers both intentional and unintentional damages. Properly implemented insurance systems offer a strict superset of the functionality provided by reputation systems and also don't require privacy compromises.

Owning facebook profile won't prevent any one from making a lot of them. Not to mention not everyone might like the idea of publication of they personality under certain vote. Besides for many if people they facebook profile is more of private thing, reserved for they family and friends ( well family mostly recently hehe, twitter is for friends). But lunching such service shouldn't be a problem and I'm always happy to see new initiatives. Another problem might be traffic on such site, what you probably would enjoy, and possible attacks from unhappy sites.

Escrow requires trust in the arbitrator.

Reputation is valuable in basically all human interaction. Airbnb, couchsurfing and Uber are practical examples of the power of reputation systems.

Identity and reputation is the wrong way to go.

Building recourse into transactions such that you don't need to trust counterparties is the correct path.

Then you don't need to identify who you're doing business with so there's no valid reason to build privacy-destroying databases.

The purpose is to crawl data from existing sources, so we don't need to build the WoT from scratch. The bitcoin-otc crawler is on GitHub too.

In Identifi, anyone can do identity verifications (i.e. make connections between identifiers) and choose whose verifications they trust. Anyone can start building a good reputation in identity verfication. A pseudonymous identity is just an identifier (a bitcoin address for example) that hasn't been reliably connected to the identifiers of an actual person.

Most users will probably be using the network through a web service, but I'm planning to make it easier to be run locally. A browser plugin would be an interesting solution.

That looks nice. I think I get the gist of what you're trying to do presently. Are those all test entries or is the intention to work with, say, nanotube to read ratings off of bitcoin-otc? It looks as if the user/account is an email located there, but I presume the idea is to identify the user and the site on which that user account resides.

I always thought it'd be kind of nice to have an identity management system whereby a trusted API (a "central" location) could indicate the last time an individual has proven their identity either via GPG, signed message with a registered Bitcoin address, or done phone call/text verification. Essentially if they don't meet M of N authorizations, the API would reject any "authentication" request as that particular user. Then sites like this forum, OTC, and etc could all work of it and consider it a reasonably secure way to ensure the entity they are speaking with is the correct one.

I know different exchanges do different forms of two-factor authentication, but having a single trusted source would be handy. Additionally, if open-sourced or hosted as a TOR hidden service, it could work to provide trust to otherwise anonymous identities as well.

Not completely functional yet, but still something to show: http://identi.fi (identifi/identifi). It's a Rails UI for the Identifi client, which is built on bitcoin-qt codebase. Basically, we flood trust packets throughout the network. Nodes give the priority to packets that are authored and signed by someone from within their web of trust.

Feedback, technical suggestions and help with development is very welcome. The code is available on GitHub.

Well this is an intriguing read.  I hadn't realized there was so much work being done to get a system like this up and running and now I see I was mistaken.  Gonna have a fair bit of catching to do to wrap my mind around this one.

So glad to see this happening!

I suggested this in June 2011 and put some thoughts about what it may and may not include. Really happy to see Sirius making this happen! More power to your elbow!

Here's my post from two years ago:
https://bitcointalksearch.org/topic/compounded-networked-identity-and-bitcoin-for-grown-ups-17290

I believe there's this guy Joe Cascio working on something similar:
http://joecascio.net/joecblog/2013/03/25/collateralized-identity-using-bitcoin-to-suppress-sockpuppets/

Im working on such a system that should be fairly simple to use AND to hack on.

https://docs.google.com/document/d/1cKlN55wX7n0SLvxidLoFVrJnNMJO-Iefr8bVyeHBseg/edit?usp=sharing

I've just found these!
Site: http://identifi.org
Github: https://github.com/identifi/identifi

It's starting to get near the end of the summer, Sirius. How have things been going? Do you have any updates. I checked out the slides in your signature and felt compelled to post. This looks really interesting, and seems to be the only one done by someone with a reputation here already. It'd help immensely in getting us off of using GPG and WoT to something simpler that the typical forum-goer can use.

Good idea! Let me know if you need a tester!

To prevent Sybil attacks have users mine their identity.   Then you can use this mining to weight nodes.  Make it more beneficial to mine your one identity than many fake friends.   This way indents are not throw away.  I have thought about this a lot and will post more when I am not on my phone

A user identity database can be created without requesting personal information such as name, address, etc...

All that is needed for user identification is a cryptographic identifier that only that specific user has access to. For example, a brain-wallet key generated from a very long passphrase.

I'm hoping to get a prototype out after this summer.

This idea blew my mind.  Sorry for the necro-bump, but has this gained any traction?

 

I've started coding this based on Freenet's Library plugin. I'll let you know when I have something that works.

Slides from my presentation at Bitcoin Cafe Helsinki: http://www.rvl.io/mmalmi/identifi

My friend and I were actully working on something simialr to this until he kinda gave up and then it ended. If someone is interested in doing this I would love to help you with it.

@sirius
Maybe you can use this software for part 2)
 of your proposal :
http://code.google.com/p/phantom/

They even have anti-government licensing )
If your project will take off and will
 generate huge traffic phantom maybe better,
than Freenet.
Freenet can even collapse under
 your project's additional weight (
-------
Although, phantom can only give you networking capabilities, but not DHT or
 indexing.

I'm working on a Real P2P messaging system (encrypted channels only) which requires public/private keys. Perhaps this could be the database, You build trust by communication over public key identity, then attach your contract to your P2P identity public, Although my app isn't near complete yet, but I posted here to notify those who would like to help contribute to the project: https://github.com/Xenland/P2P-Crypt

Alternatively,

 would it be possible to make a website interface to #bitcoin-otc with the database distributed? Just something to point and click to generate your keys and identity for a start.

 Such as thing could be easily moved to a tor hidden service. I say tor because that would go nicely for Silkroad users.

Thanks for the links and ideas.

Looks like there actually is an indexing tool for Freenet: https://wiki.freenetproject.org/B-tree_index. Would be cool if Freenet could be used for all the networking stuff. I'll be looking into it.


Namecoin is a name/value system and it's not the best option for storing tons of data, like relations in this case.

This project definitely needs to get going. I started something very similar called "Bitcoin's Distributed PKI".
It was put on hold for the BitSafe Hardware Wallet.

I would argue that block chain technology is ideal for this system.
Bitcoin's block chain should be used for managing and establishing the identity and the public keys that go with it.
a separate database or block chain for reputation portion.

Interestingly, I had similar thoughts.  I spent the weekend trying to work this out and posted this thread, yesterday as well.

https://bitcointalksearch.org/topic/rfc-trust-transaction-130101

http://privwiki.dreamhosters.com/wiki/Distributed_Web_of_Trust_Proposal_2

From the people who brought you #bitcoin-otc's WoT

EDIT: also #bitcoin-wot for discussion

Distributed identity and reputation database  -- good idea.

Hey sirius ... good to see that ginger kitten back around.

Just gonna keep a watch for now .... except to say, isn't namecoin able to do a lot of this already?

All of the heavy lifting can already be provided through various means.

The things is that nothing decentralised is easy to use. I gave up on Bitcoin-OTC

Social networking based WoT is the only good option I can think of. Users could evaluate relations' trustworthiness based on their creator's location in the social network. Off to crawl Facebook ->

Not one to pick an easy task, are you?

I can't really help you here, but I can locate potential problems pretty fast.  Assuming that you can develop such a distributed reputation database, that can't be undermined or hacked, what prevents people from developing multiple online identities to game the rep systems?

Here's my idea in a nutshell: A distributed network that models identity and reputation as a graph, where different kinds of user identifiers are nodes and user-created relations are links between them. The relations can be evaluated with various algorithms and criteria, such as social network based web of trust to make it sybil-proof.

The network allows users to check the reputation and other connections of a previously unknown identity. For example, you could decide to borrow 20 bucks to a stranger in a pub after finding out he's your 3rd degree connection on FB and has mostly positive ratings. Or you could write reviews of policemen, teachers, judges or other public servants with whom you can't choose not to interact.

Reputation that is instantly visible to everyone is a big incentive to not be a butthead. Maybe even bigger than threat of imprisonment, and definitely more cost-efficient and p2p.



1. Data model
1.1 Identifier
Unique or non-unique identifier of a user. Examples:

• Name
• Phone number
• Email address
• GPG key
• Facebook username
• Date of birth
• Photograph

Fields: type, value.

1.2 Relation
A link between two or more identifiers. Relations are GPG-signed by their creator. Examples:

• ID1 says: "I traded with ID2 and it went smoothly"
• ID1 says: ID2, ID3 and ID4 belong to the same owner
• ID1 says: ID2 and ID3 are Friends on Facebook
• ID1 borrowed $100 to ID2 (signed by both parties)

Fields: Type, value, timestamp, target IDs, signatures.

2. Distributed data storage and index
This is more of an open question and I'm asking for your ideas on it. The network must be resistant to censorship and political pressure. In addition to storing the static identifiers and relations, for searching we need a dynamic inverted index that links identifiers to the relations they're involved in.

Freenet would be a solution for the static part but it doesn't solve the indexing problem. Distributed indexing could be done with a distributed hash table structure, for which there are existing libraries like Kademlia. Bootstrapping would be easier if we could use an existing indexing network like YaCy, but it doesn't support Freenet atm.

3. Use case
Web site where users can rate their experience with public servants.

1. Alice logs on to the site with her FB account
2. The site creates an ID with type "[email protected]" and Alice's username as value.
3. Alice writes a review of Bob the policeman.
4. Alice adds Bob's full name, phone number, email and FB username to the review.
5. The site creates a relation that connects Alice's ID with all the Bob's IDs she entered. The relation content is Alice's review and it's signed with the site's GPG key (because the site verifed Alice's FB identity).
6. The newly created relation is published to the network.

Now the review can be found by any of the Bob's IDs entered by Alice. Changes or additions to Bob's details can be added later with new relations. Bob could write a reply to the review and sign it with his WoT-verified GPG key, for instance.



Ideas and suggestions welcome!