IFT Proposal: Unique Identity and Other Attestations by Peer Notaries: Aura

I’d like to propose that BrightID join IFT as a provider of the basic human right to identify as an anonymous, yet unique person.

I architected BrightID as a public good with core tenets of preserving privacy, operating peer-to-peer (both on the personal level and the node level) without censorship, and self-sovereign ownership of one’s own identity. I feel that we resonate powerfully with the principles of IFT.

We need an alternative identifier for use online other than those provided by government IDs. Social security numbers being used as identifiers have created security debacles in the form of massive data leaks. The advent of ePassports help, but don’t solve the problem of centralized control leading to censorship and opaque procedures permitting internal attacks (such as bribery and sybil attacks). In addition, many people are stateless; instead of trying to fix the problem of statelessness, we should extend rights and benefits to people simply for existing.

Verification in BrightID is done by people that already know the subject person. Recovery and stewardship of a person’s unique identifier are also handled by such people, making the recovery process highly resilient in contrast to recovering from a stolen social security number or biometric scan.

Being a public good, BrightID has been chronically underfunded. This has been the primary hindrance to its adoption. Despite this, we’ve filled the Ethereum ecosystem with 100,000 verified users. I continue to devote my time and own savings to working on this difficult but important problem.

Let me also share with you the Aura app, which extends decentralized attestations to other domains. We’ve seen the mishandling and overreach recently in governments to require 18+ verification. Aura would be an elegant and non-intrusive, non-governmental solution to prove majority, as well as many other attestations in a decentralized way that relies on first-hand knowledge rather than governmental proxy agents. Aura is an open system where people with intimate knowledge validate each other and non-human subjects. Aura participants also validate contributors in Aura itself. The Aura accountability protocol is the product of years of user research and experiments in graph theory conducted in the context of actual BrightID usage.

As Aura becomes integral to BrightID, I also propose that it join the IFT as part of BrightID.

I’ve been discussing with Cyp, @roxanneen and @vpavlin how to leverage BrightID and Aura to onboard new users to Status L2 and Waku. Our goals are: fair and generous network access for new users, soulbound recovery of accounts, and defeating sybil attacks that could threaten network stability.

I think BrightID (with Aura) could do even more good under the stewardship of IFT. Let me know if you agree.

Naming

I propose the name “Aura” when joining the IFT. It fits the feeling of the other portfolio organizations with similarly short names. “Aura” can encompass both BrightID and Aura, since Aura is a generalized version of BrightID that proves all kinds of attestations in a decentralized way (not just human uniqueness).

Given the recent changes to how internal/incubated projects are named, I would now propose “Logos ID” as the name.

I don’t know how to things so the TLDR is basically I’d just put Adam in charge of Logos ID. I actually thought about “Logos ID” back in Budapest.

To be extremely blunt here the problem with Adam’s work is the problem of every bit of stuff that is way, way, way too powerful, that it wraps around and then people just don’t understand it. I immediately understood the importance of Adam’s work 6+ years ago the microsecond I laid my eyes on it. Its importance was instantly, radiantly obvious to me. I did some similar stuff and what I discovered in the 3 to 4 years following that is that people have absolutely zero idea about what “identity” even is and that to grapple with the problem as a whole in an adequate way and come out on the other side you need to do it the exact way Adam is doing it. There’s no shortcut.

People’s inability to grapple with the concept of “identity” – a fundamentally social-psychological construct, hence people miss it – made me essentially give up with human identification and go back to Proof-of-Work as a way to rate-limit systems in a transparent way that emulates democratic and unencumbered access to metered (and hence spam-protected, and hence viable, and sexy) large-scale public digital systems via multiple layers of proxying instead. At least I don’t have to explain to people what a person is.

If you solve identity, you win. And this is a solvable problem. To solve it, you need to actually solve it – and to do that you have to understand what “identity” means at the deepest possible level, then walk back, and then realize that you want it very much, why you want it, and why any platform that masters and owns this wins a definitive victory.

People think Social Media is powerful because it has “content.” No, Social Media has identity. We go there for identity. If you understand that, and you understand there’s actually a way to free people from Zuckerbook, then you would be doing that. You would own that technology.

I know enough now to understand that what I am writing here probably makes not much sense to most people, and that’s the point. Adam is the guy that can actually make sense when talking about identity, to the point of building a decentralized and scalable human reputation system that actually works, which is what he did.

I cannot stress how Adam is key to making this work. I mean this literally. I cannot stress it. I technically don’t know how to do it, how to properly relay the importance of this. But maybe nobody can and that’s the point.

As a suggestion; links to the protocol documentation would help others evaluate the solution, and contribute to the conversation meaningfully.

Having read through the website(brightid org), docs, and LitePaper(brightid org/whitepaper) - I have not been able to find any technical details about the proposed approach.

I’ve used BrightID before and while I like the concept, the UI immediately “felt” untrustworthy to me - this is not to say I don’t like BrightID / the concept of it, I do and I definitely think there’s a lot of utility to it. I’d love to contribute to this - whether I do that by improving the UI/UX and making it more accessible or improving the documentation for it / making it more visible.

If I’m interpreting @fcecin’s point correctly, it’s hard for people to wrap their head around BrightID because that’s an entirely new way of doing ID. But so were Ethereum/Bitcoin at some point in time - they were entirely new ways of issuing currency, but eventually people did MUCH MORE than just wrapping their heads around Eth/Bitcoin.

If you want to discuss with me how we can take this further, feel free to tag /DM me on Discord @medici_se_lorenzo_41338.

Oh Also, I love the name Aura haha it conveys the point perfectly AND appeals to genz/gen alpha a lot (+1000 aura points for the name)

We’re in the processing of moving from a mobile app to a web app. Now that a user can protect their signing keys with a passkey, I feel that’s a more familiar experience. The new “Aura verified” app features a friendly way to find existing Aura users that can verify you (people you already know).

We’ve also built a dashboard for integrating apps, so they can try out BrightID/Aura verification for their users with a generated iframe or custom url they can manage easily through our hosted service.

The goal is to make a more familiar experience all around for end users and integrating apps.

“Aura” verification is a big improvement over the original BrightID verification because the trust graph is now made up of a smaller group of experts evaluating each other and in turn the “subjects” that want to be verified. This scales much better and reflects our learning from thousands of users over years of research.

I appreciate your offer and will reach out to you on Discord.