privacy issue during verification of passport #8
Comments
|
Hey, thanks for spending so much time on this. Let me address these points now I have some space. Yes. The digital version of the passport should be hosted somewhere either in public or using a private link only shared on an ad hoc basis. You could also ping it to someone via bluetooth or over private connection between phones for example. You do not need a copy of the PGP key on you to know that the ID matches the signature, the PGP software just won't tell you who it is from if it doesn't have their key in its address book. Though of course there's nothing wrong with providing it, or putting a link to keybase.io/user like we did in the demo. This is what public keys are for. I haven't included thumb prints or any biometric data yet as this poses a security risk and leaves the owner vulnerable to kidnapping. The "Biomentric Fingerprint" I have used on the original design is often confused with a real fingerprint, it's just a word list for the public key: http://en.wikipedia.org/wiki/PGP_word_list I want the physical document to be machine readable eventually. There is already pretty good image recognition software in Google Image Search and Evernote's Hello https://evernote.com/hello/ You hold up a business card, it detects the edges and OCRs the text. It then looks them up on LinkedIn and gets you to confirm they are the same person. Also I just like the idea of having something physical and I think other people will too :) Yes your software could just use an Blockchain.info API for example. The personal identifiable data the current design exposes is: Now compare this to your Government Passport: Name So now every time I scan this in and send it to an exchange like Bitstamp I have to trust that they are going to take good care of it. Because if they don't and it falls in to the wrong hands someone can use the government URI Scheme and just masquerade as me. Maybe take out a loan? Maybe create a fake passport and use someone else's photo, sell on the black market for $5,000 each? Every time they send it in to Bitstamp because Bitstamp doesn't have a copy of the original or any way of verifying it they have no reason to suspect it's not the real Chris Ellis, after all they don't know what I look like. My design really changes little in the status quo. I have simply assembled existing technologies to improve the current system while making it entirely open and voluntary. The information you share about yourself uses existing habits used by hundreds of millions on social media every day. But now you have a cryptographically secure way of attaching your activities to a Public Key which you can prove is yours in to the future. Then to bring this "trust account" back to the physical world just sign your government ID cards etc with your PGP Key to prove it's yours thus consolidating your various Identities. Thank-you so much for making me think hard about this. You are right to urge caution and I am in agreement that we should do more tests with dummy IDs first. |
|
One of the problems with github is that there is an inordinate amount of space dedicated to "why things don't/won't work"; there is no space for commendations. Chris, whether you realize it or not, you're cruising through some pivotal and foundational theoritical real estate of the future. Let me take this opportunity to thank you and to let you know that I think you should drink more coffee and keep these thoughts coming. I have some recommendations to improve this protocol that I have yet to put in writing, most of it is code that I'm trying to amalgamate. Will report back as soon as there is some progress. |
|
"Chris, whether you realize it or not, you're cruising through some pivotal and foundational theoritical real estate of the future. Let me take this opportunity to thank you and to let you know that I think you should drink more coffee and keep these thoughts coming."--I could not agree more. This is real "Bitcoin 2.0", not the myopic viewpoint that the protocol is simply a payments innovation. Remember our conversation about the inverse relationship between legacy and the fear of death? You have sown the seeds of a legacy that will grow as large and will live as long as a California Sequoia. |
|
Hey no worries, I appreciate it. You're making this idea more resilient with the peer review process. |
and others
There seems to be an issue with the verification of a passport.
If I am not mistaken, to verify that a certain passport is even in the blockchain and not fake(i.e. just a arbitrary print out) I would require:
only then can I verify that the digital passport has been signed by a particular PGP key pair. Once it is verified I can then trust the content of the digital passport, including the picture,merkle root + other details. This exposes the digital version of the passport to a third party including any personal data like biometric signatures, and thumbprints indefinitely.
4)I then have to verify that the hash digest of the digital content has been incorporated into the blockchain.
In essence it does expose a lot of data to the third party for verfication. The only secret left is the PGP private key. I feel there has to be a better design that keeps certain aspects in addition to the PGP private key secret. I think we should think about these in more detial before attempting to roll out the prelilminary versions tied to real individuals.
PS:- It may also be useful to state, in order to avoid confusion, that unlike canonical passports, the non-digital version of the global citizen passport does not perform a function and requires the accompaniment of the digital version if any verification is to take place.
The text was updated successfully, but these errors were encountered: