Ethereum co-founder warns of privacy risks in ZK-based one-ID-per-person systems

The tech world loves a good beef, and a fresh one concerns the pros and cons of zero knowledge (ZK) identity systems. A recent blog post from Vitalik Buterin, the Canadian computer programmer and co-founder of Ethereum, takes a few jabs at the World network, in the course of making an argument that digital ID systems using zero-knowledge proofs still have risks – which come “specifically from attempting to uphold a one-identity-per-person property.”

“On the surface, widespread adoption of ZK-wrapped digital ID seems like it would be a great victory for d/acc, protecting our social media, voting, and all kinds of internet services against manipulation from sybils and bots, all without compromising on privacy,” writes Buterin.

But, he contends, “under one-per-person ID, even if ZK-wrapped, we risk coming closer to a world where all of your activity must de-facto be under a single public identity.” He believes that, since one-per-person ID systems could compel users to conduct all online activity under a single, traceable identity, they compromise the flexibility enabled by pseudonyms – and could actually make people less anonymous.

Moreover, he says, “ZK on its own does not protect you from coercion.” Butalek points out that “a government could force someone to reveal their secret, so that they can see their entire activity. This is not theoretical: the US government is already starting to require visa applicants to make their social media accounts public. Additionally, employers can easily make revealing your full public profile a condition of employment.”

“Again, in these situations, the value of the ZK property falls away, but the downside of the new ‘one account per person’ property remains.

The conclusion to be drawn, Buterin says, is that “there can’t be an easily legible hard limit on how many identities you can easily get. If you can only have one identity, you do not have pseudonymity, and you can be coerced into revealing it.”

“Pseudonymity is fragile, and so it requires a large safety buffer. With modern AI tools, it’s easy to correlate activity between multiple platforms: between choices of words you use, times of day you post, time intervals between posts, topics of conversation, and other public information, you only need 33 bits of information to uniquely identify a person in the world. One could use AI tools defensively to counter this, but even still, you do not want one mistake to be the end of your pseudonymity.”

Buterin writes in the context of radical change in both the structure and nature of identity and a re-shaping of the world political climate around an authoritarian U.S. administration that grows increasingly hostile to its own populace. He notes that pseudonymity is “especially important for privacy, whistleblowing, and safety in high-risk environments,” and that centralized ID systems could enable increased surveillance by hostile authorities or corporations.

Another of his arguments concerns wealth and the concept of an identity system as a vehicles for Universal Basic Income (UBI) – namely, that “identity can’t be purely financial (N identities at a cost of N) because this is too vulnerable to large-scale actors having oversized influence.”

Taking these arguments together, he says, “we want it to be as easy as possible to get multiple identities, subject to the constraints of (i) limiting the power of large-scale actors in governance-like applications, (ii) limiting the ability to exploit UBI-like applications.”

In the end, Buterin’s take is that a concept of “pluralistic identity” accommodates these conditions. He defines pluralistic identity as “an identity regime where there is no single dominant issuing authority, whether that’s a person, or an institution, or a platform.”

“An ideal explicit pluralistic identity system may not even need to have the concept of discrete identities; rather, you might have an amorphous cloud of your provable past actions, and prove different parts of it in a fine-grained way as needed for each action.”

He says the biggest risk from identity systems with delusions of universal grandeur is that, “if their market share gets too close to 100 percent, they shift the world from the pluralistic identity to a one-per-person model.”

It’s a complex argument from someone who has stakes in the blockchain, but also a worldview that stands at odds to that embodied in the grandiose branding of World the company. Yet it can be boiled down to a fairly simple assertion: there are factors to suggest one-per-person digital ID systems are easier to track and prone to abuse for surveillance. As such, in the current global political climate, it’s probably better to remain amorphous, equally comfortable being Ms. Karen Cobb, cobbsalad6235441, GrimDark_Witch, a string of six emojis, or whomever else a person might be.

Article Topics

data privacy  |  digital ID  |  digital identity  |  Ethereum  |  identity management  |  Vitalik Buterin  |  zero knowledge