One of the topics that I’m most excited about in crypto is identity and reputation systems. This would allow people to verify their identity and reputation and use that within decentralized applications (dapps). This is a complicated problem so this post covers a few thoughts on challenges and useful applications in crypto.
I have interacted with a number of different identity systems having worked on building compliance and fraud tools at Coinbase. It’s challenging to have accurate identity verification especially in countries where there is little infrastructure that supports this. There are many different regions and types of IDs so the number of possible IDs is large. It’s difficult to determine if someone providing an uncommon ID has presented a legitimate one. That’s why often companies verifying identity will ask for a limited set of documents that are accepted.
IDs are also easily stolen and readily available for purchase on darknet markets so you don’t always know if the person who is providing the ID is the actual person. Therefore some services will ask a series of questions like where was the street you grew up on and which of the listed addresses is a place you actually lived. This also leads to issues like the person doesn’t have enough historical records to be presented with questions, the person forgets the answer, or this information can be easily found by someone trying to impersonate them.
Furthermore there are 1 billion people who do not have an official ID, with 1 in 2 women in low income countries not having an ID, so many people are excluded from services that require official identity verification.
A lot of these issues require governments to have better systems in place for issuing and keeping track of official IDs. One area where crypto can be useful is ensuring that the person interacting with the application is the correct person. Decentralized identity could involve a person signing a transaction using their own private key to prove it is them. Note that this also means that people have to secure their own private key or there’s a centralized company that abstracts this process away.
Zero knowledge proofs could also be used in verifying identity while ensuring privacy and protecting sensitive information. For example, someone can provide an ID to an app which would check that it is not from a sanctioned country but provide no further details about the ID to the app. Another interesting thing you could prove would be that you have a certain net worth to be an accredited investor without providing details on the total amount e.g. crypto balance.
Right now in the US there are multiple credit bureaus (e.g. Experian, TransUnion, Equifax) that other institutions rely on to tell them an individual’s credit. Credit bureaus can put certain groups such as international and young people at a disadvantage. Companies like Lending Club for peer to peer lending and BTCJam for crypto have attempted improving these systems by including additional data points. Reputation systems can be useful in decentralized finance (DeFi). Currently when someone needs to take a loan out in DeFi, they need to overcollateralize their loan so that the lender has enough collateral should the borrower default. Reputation systems can help lower these collateral requirements. Much of the DeFi activity is publicly available so you can keep track of things like loan amounts and repayments to build up a credit history. There will likely be companies that aggregate this data and provide a credit score. That way credit agencies aren’t the only ones that can control this information.
However, people can spend significant amounts of time building up their reputation to later sell it or scam for larger amounts of money so it’s important to still have proper controls in place e.g. collateral requirements and limits. People can also create multiple accounts and build up a reputation for all of them (e.g. interacting with each other) so there will need to be checks on whether the accounts appear to be controlled by the same person. One option could be asking someone to link their public Keybase, GitHub, Twitter, etc accounts.
Crypto exchanges with fiat rails have a unique fraud problem in that crypto transactions are irreversible but the payment methods to purchase that crypto are reversible. Offering fiat rails and not having a strong anti fraud system in place could cost them the entire business. Therefore these crypto exchanges have data that can be useful in determining which accounts have a history of good activity and which are fraudulent. It’s possible that some of these companies will eventually provide a fraud/reputation score (with the user opting in of course) to help the customer provide another data point to other services that they are not a fraudulent user.
Sites like hive.one and fifty.one are also great initial resources for serving as reputation systems. These sites provide a reputation score for accounts based on the influence of the people that follow them.
These reputation scores could even be combined as part of a weighting on token voting so people with significant amounts of tokens don’t control the entire voting system. However, there would need to be a balance so that influential people aren’t the ones that make all the decisions either. There’s a lot of interesting experimentation that’s possible here.
You could also have systems where people vouch for other people and build out a reputation network through this. If the person who is being vouched for acts negatively, then those who vouched for them will have a negative impact on their public reputation. However, this is a complicated model since you will have to get the incentives right on why people would be willing to risk their reputation.
There’s another possibility where you could have prediction markets where people are betting on a company or person’s reputation score. You could then use it as a hedge if something goes wrong. However, this is more of a dystopian thought experiment as there’s a number of perverse incentives introduced. For example you could short someone’s reputation and then spend time damaging their reputation to make money.
Overall, creating high quality identity and reputation services is a difficult problem to solve. I think the end result will likely look like a mix of both centralized and decentralized systems. It’s particularly difficult to have real world identity linked to crypto networks without a centralized entity vouching for the correctness of this data. For example, you could have a centralized identity service that ends up plugging into crypto applications. You could also have centralized companies that aggregate information but no single company controls people’s reputation or owns the documents. I’m excited to see more experimentation with this and would love to chat with anyone working in this area.
Thanks Jordan Clifford for reviewing this post and Ali Yahya for a conversation around some of the ideas.