What are some strategies a platform like this can take against spam or influence bots? Tying real life identities to users would certainly limit that(though identity theft and account selling could still happen), but that adds friction to joining, poses security risks, and many people might feel less comfortable putting their opinions openly online where backlash could impact real life.
eID is the obvious answer here in Europe. Right now it's kinda scattered with different providers, but I believe EU is working on a more universal protocol. Unfortnately there are rumors it will require official Google/Apple play stores, unrooted devices, and all that it does today already.
But it should be treated as a relatively safe ID, it's even used for voting. If you feel uncomfortable, just have one device for eID, and one for everything else.
I think it's a great tool if we want to implement some sort of liquid democracy feature.
So a local ballot box.
Host a platform like this at city hall, county building, capitol building, schools.
Only a human can access a terminal. Have humans monitor ingress/egress.
A more generalized solution that solves the specific problem inherent to all these digital ones.
If it requires me to leave the house, that increase in friction will mean I will vote maybe on 1/100th what I would otherwise vote on. I suspect pretty much everyone is the same
We really need proof of soul systems to exist, extended to also have a proof of citizenship. While the proof of soul systems can plausible be done in a decentralized manner, proof of citizenship is much harder, and in my opinion this is one of (the few) things the government should really do.
What about Zero-Knowledge Identity? Use zero knowledge proofs to prove that I have an eID without actually providing my identity.
EFF has a good write-up about zero-knowledge: https://www.eff.org/deeplinks/2025/07/zero-knowledge-proofs-...
> What ZKPs don’t do is mitigate verifier abuse or limit their requests, such as over-asking for information they don’t need or limiting the number of times they request your age over time. They don’t prevent websites or applications from collecting other kinds of observable personally identifiable information like your IP address or other device information while interacting with them.
Interesting. While that is true I don't see how it's an argument against. Over-asking + ZKP certainly seems superior to over-asking + without ZKP. Without ZKP in a world where you constantly need to identify yourself you have absolutely no privacy.
And going forward I think that any communication without establishing some kind of trust boundary will just be noise.
Something like a cert chain, but it would need to be both simple to use and secure. Those two requirements are greatly at odds with each other.
Yeah one reason I think the government has to offer this is usability. While you can imagine a purely p2p protocol between cypherpunks, for everyone else there needs to be a way to social workers, DMV staff, etc can deal with edge cases (such as your id being stolen and needing a reset). Furthermore it helps if it's super illegal to tamper with this network (consider how rare check fraud is, despite being easy).
Check fraud is easy to commit but not easy to get away with while also benefiting financially.
It's also illegal to steal things but that happens much more frequently because it's often fairly easy to get away with.
Yes that's the idea, once you have the soul-bound eID the ZK part is trivial, but the eID with the guarantees I outlined is not at all trivial.
Worldcoin tried to solve that. Any solution for this will be similarly creepy.
Either I'm not sure what you mean by soul, or you are all-in on dualism.
Sorry the term of art is really soulbound identity right now, I use POS but it's less common. Definitions vary but I say a useful system must allow people to endorse statements with evidence they are a) alive b) not able to be represented by more than one identity (id is linked to your entire soul, not a persona or facet of your being) c) a kind of socially recognized person (human in the expected case)
and then layer on citizenship on top if you want to use this for polling, voting, etc.
How would this work considering that the soul is an entirely fictional concept?
Do you believe you are capable of doing that yourself?
All you have to do is flip the tortoise back over.
> You’re in a desert walking along in the sand when all of the sudden you look down, and you see a tortoise, it’s crawling toward you. You reach down, you flip the tortoise over on its back. The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can’t, not without your help. But you’re not helping. Why is that?
The point of the test is to see if the subject has had life experience enough that they could restrain their own empathy.
Wanting to flip the tortoise back over was why he failed the test.
The casual ginger hate is disgusting. smh.
It's funny to think of how the US government is effectively a decentralized web of trust system. Building one that works, that has sufficient network effects, auditability, accountability, enforcability, so that when things are maliciously exploited, or people make mistakes, your system is robust and resilient - these are profound technically difficult challenges.
The US government effectively has to operate IDs under a web of trust, with 50 units sitting at the top, and a around 3,000 county sub-units, each of which are handling anywhere from 0 to 88 sub-units of towns, cities, other community structures.
Each community then deals with one or more hospitals, one or more doctors in each hospital, and every time a baby is born, they get some paperwork filled out, filed upward through the hierarchy of institutions, shared at the top level between the massive distributed database of social security numbers, and there are laws and regulations and officials in charge of making sure each link in the chain is where it needs to be and operates according to a standard protocol.
At any rate - ID is hard. You've gotta have rules and enforcement, accountability and due process, transparency and auditing, and you end up with something that looks a bit like a ledger or a blockchain. Getting a working blockchain running is almost trivial at this point, or building on any of the myriad existing blockchains. The hard part is the network incentives. It can't be centralized - no signing up for an account on some website. Federated or domain based ID can be good, but they're too technical and dependent on other nations and states. The incentives have to line up, too; if it's too low friction and easy, it'll constantly get exploited and scammed at a low level. If it's too high friction and difficult, nobody will want to bother with it.
Absent a compelling reason to participate, people need to be compelled into these ID schemes, and if they're used for important things, they need a corresponding level of enforcement, and force, backing them up, with due process. You can't run it like a gmail account, because then it's not reliable as a source of truth, and so on.
I don't know if there's a singular, technological fix, short of incorruptible AGI that we can trust to run things for us following an explicit set of rules, with protocols that allow any arbitrary independent number of networks and nodes and individuals to participate.
> they need a corresponding level of enforcement
Yes 100%, that's why the government needs to offer it, make tampering a serious offense, and dynamically defend its integrity from attackers.
> incorruptible AGI
Not a lot of alpha in planning for scenarios where we get that
The invite-tree they discuss is likely an effective measure. It provides a way of tracking back influxes of bots to responsible pre-existing account(s) and banning them too. And if someone is responsible for inviting many of the pre-existing accounts them too... Making the game of whac-a-mole winnable.
I'm assuming it's equivalent to lobste.rs implementation: https://lobste.rs/about#invitations
The cost of this is adding a ton of friction to joining.
For many purposes, we need anonymous authentication. I haven't heard about much innovation on that and similar privacy fronts in awhile.
Off the top of my head, a possible method is a proxy or two or three, each handling different components of authentication and without knowledge of the other components. They return a token with validity properties (such as duration, level of service). All the vendor (e.g., Polis) would know is the validity of the token.
I'm sure others have thought about it more ...
You could do it now with OpenID SSO that only takes passkeys. The downside is that losing the passkey would lose the account. The problem is that OpenID leaks the authenticating sites to authentication site.
The problem is that lots of sites need/want email address. So would need system for anonymous email, and that would either need real email to forward, or way to read email.
I mean I can prove with a zero-knowledge-proof that have solved a Sudoku puzzle without actually giving away the solution so this seems possible?
[flagged]
It might be an unpopular idea, but I think being somewhat liberal with doling out timeouts and bans for inflammatory/reactionary/overemotional posting would do a lot of good, too. It strongly crystalizes community norms and sends a message that this is a space to engage with the higher functioning portions of your brain instead of letting your amygdala and dopamine pathways take the wheel.
Edit: Why is parent comment flagged/dead? Doesn’t seem that controversial?
I'd like to add to your point that private torrent trackers have had invite tree systems for awhile, and usually if your invitee breaks a rule, you get in trouble as well, so you are encouraged to only invite people you trust. The system has worked well for a long time, and some of these communities still thrive because of the trust that is built.