Need for establishing identify of witnesses - discussion and proposal

in #witness-category7 years ago (edited)

I am a STEEM witness and been a silent observer of activities on steemit. Also a not so active member of PAL and Dolphin Cocoon Projects as well as attempting to create a steem community in India under the name #TeamIndia. The recent incidents of actions from individuals on steemit / STEEM is quite disturbing.

With important projects like #STEEMFLEAMARKET and PAYWITHSTEEM etc, the issue of tracebility and anti-fraud measures increases. On demand basis, people can tend to disclose they are and it is a need for the growth of ecosystem. Privacy and anonymity should not be used to create havoc.

A comment by @positivechange10 which was made here is below:

I also think some of the whales should step in and protect those who  have been taken advantage of...all these so called witnesses that are  supposdly so,concencerned about the community....Where are they? This  whole situation is going to impact Steem,community!!

Since it addressed witnesses as well, I found it my responsibility to respond with the following:

@positivechange10 - since you mentioned about witnesses and I am one, I am responding here. I am very new here, just 2 months and setup a witness in the first 15 days or so. Its a very very easy process if one has the right technical skills (not too complicated, say 2 years of skills max). Around the time I started watching all the scams and other things which is happening and personally I have been silent. In general the STEEM block chain is getting used like a ponzi scam + MLM and some are taking revenue from the Steem Power which is not otherwise easy to convert. As witnesses, I think the first thing everyone should do is to announce who they are in real life and there are many who has done that and the first thing I am going to do is make a post and announce a protocol to announce true identities. Only that will help to contact each other in the case of issues and calamities. My so called VP - SP etc are very small and I am helpless apart from trying to come up with some thoughts. Personally I am not converting real world money into STEEM or any crypto currency but I have some mining going on and that I am trying to convert. Also, I expected bad things to happen over the blackfriday - cybermonday time period so withdrew whatever little SBD I had to an exchange (where again my identify is verified 100%). I know this doen't help much, but I felt morally obliged to comment and I will get back with whatever I can do in my power.

In response to a comment by @positivechange10 addressing witnesses, I responded as above and further thoughts made me conclude that the eco-system is arguably censorship resistant because people use arbitrary names and stay anonymous. But when it comes to witnesses who are the key holders of trust of the massive community, there has be some sort of peer verification or old school PGP style circle of trust.

One the ideas is to define  a standard like security.txt 

The main purpose of security.txt is to help make things easier for  companies and security researchers when trying to secure platforms.  Thanks to security.txt, security researchers can easily get in touch  with companies  about security issues.

In the similar format, we can have a STEEM-witness-steemitusername.txt which roughly looks like the same. For me, STEEM-witness-bobinson.txt or this can be just STEEMuser.txt so this can be used for voting bots and other activities. 

----------------------begin STEEMbobinson.txt----------------------

MANDATORY DISCLOSURE:

LEGAL NAME:   BOBINSON K B

CITIZENSHIP: INDIAN

EMAIL ADDRESS: [email protected]

PROOF OF IDENTITY:

Attaching link to PDF file signed with government issued digital certificate & pasting the entire PDF as a comment to get posted on the STEEM block chain.

OPTIONAL FIELDS:

PGP KEY: http://pgp.mit.edu/pks/lookup?op=vindex&search=0x6758AC253F851CF7

#use tabs for spacing after fields

----------------------end STEEMbobinson.txt--------------------

Explanation of fields

PGP Key is a public key - private key mechanism to exchange secure messages and I believe it can be easily understood by STEEM witnesses and such audience who has knowledge of PKI.

PROOF OF IDENTITY

This can be a tricky part as either people will have to upload their goverment issued certificates or biometric ids like UID of India which in itself is a controversy. In my case, I have a goverment issued digital certificate which I obtained after verifying government issued TAX id and passport. I created a small PDF document, signed it with the digital certificate and pasted the content as a comment to this post. This ensures that my proof of identity is distributed across the block chain and any change in the same can raise concerns.

The proof of identify field establishes the fact that the STEEM user with the specific handle is who he claims to be. In simple terms, he has both access to the government issued digital certificate as well as the steem keys.

The digitally signed PDF looks like below:

(This is a screen grab of the file opened in adobe acrobat reader and the digital certificate issued by )

    

The PDF opened in a text browser looks likes the following:

The block chain  screenshot (below):

 -: TO BE UPDATED AFTER making a comment :-

I am sure there are better alternatives to this and inviting community support for the same.

Discussion

This is definitely not going to be acceptable to everyone as this going to directly impact privacy. But as a witness I think its very important to update rest of the community who they are voting for. If handful of people adopt policies similar to this STEEMit.com will definitely be a better place and become what it aspires to be.


I'm a Steem witness.

If you would like to read about my witness and related projects, you can do so here: My witness thread  You can approve my witness account here: https://steemit.com/~witnesses  and scrolling down till you see the VOTE field, and entering bobinson in the ‘VOTE’ field.

Thank you for your consideration and support!

Sort:  

Having the identities of all the witnesses known would not be good for the security of the network. Also, a lot of witnesses would consider themselves physically at-risk if people knew their identities.

Would this data being open lead to identity thief? I am so hesitant as viewers can somehow use the data against me...

@mawit07 - Its a valid point. I deliberated on it. Most of the items I posted are all publicly available. But then I thought, If I can't protect myself, how can I be a witness and safe keep the entire community or a part of it ?

  1. What is publicly not available is my private keys (both personal ones) & the official government backed/vetted ones.
  2. Its not ordinarily possible to reverse and find my private keys (unless you are NSA & the https://www.xkcd.com/538/ ).
  3. The email id I shared is already part of multiple leaks & can be verified at https://haveibeenpwned.com/ but so far not much of issues or even spam has happened as I use different passwords for every account and now my password length is 70.
  4. So in short there is no information that I shared which is not otherwise publicly available.

Oh yes, the wrench scenario mentioned here works well with any password or private key:


Courtesy XKCD

Good post. Voted you for witness.

Your thought is towards positive direction.

interesting post!

Right there you are....Great suggestion....and initiatives....U should have posted it through Utopian.

thank you ... didn't take the utopian route as the idea behind sharing this not to really convince others, but I just wanted to create a model and convey people who vote me as witness who I am. Convincing others may not easy but if anyone else like follow suite, they can.

Congratulations! This post has been upvoted from the communal account, @minnowsupport, by bobinson from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.

If you would like to delegate to the Minnow Support Project you can do so by clicking on the following links: 50SP, 100SP, 250SP, 500SP, 1000SP, 5000SP. Be sure to leave at least 50SP undelegated on your account.

@ering has voted on behalf of @minnowpond.
If you would like to recieve upvotes from minnowponds team on all your posts, simply FOLLOW @minnowpond.

            To receive an BiggerUpvote send 0.5 SBD to @minnowpond with your posts url as the memo
            To receive an BiggerUpvote and a reSteem send 1.25SBD to @minnowpond with your posts url as the memo
            To receive an upvote send 0.25 SBD to @minnowpond with your posts url as the memo
            To receive an reSteem send 0.75 SBD to @minnowpond with your posts url as the memo
            To receive an upvote and a reSteem send 1.00SBD to @minnowpond with your posts url as the memo

@bobinson i believe this will bring greater levels of trust, and minimize scammers.....Great post and thank you for addressing so many peoples concerns....Blessings🙏😇