We're both thinking along the same lines of privacy-preserving unique identity and should collab on this.
I created BrightID as a public good to address this problem, but it never grew beyond the Ethereum ecosystem. Maybe I was too early 7 years ago and now is the right time to go mainstream.
Here's how BrightID addresses the six key privacy issues you surfaced.
1. Verification privacy
Names and photos are shared peer-to-peer when you connect; they aren't stored on servers, so there's no honeypot. Their only use is to recall with whom you connected; you could use a nym and a picture of your cat. You can use a different name and photo with different connections.
I agree KYC is great for corrupt people and terrible for honest people, so it's a no-go.
Biometrics hand wave over the real problem of trust, and create a new batch of problems. I'd be happy to enumerate the problems for you, but I think you've already come to the conclusion that biometrics are not the answer.
2. Master Key Vulnerability
Your identifier is under the stewardship of a number of people you trust to be your "recovery" connections. They can create and revoke signing keys for you to let you recover from an attack or a loss.
We even created a Soulbound NFT that was claimed by 10,000 people. It had zero resale value because an owner could use social recovery to recover it into any wallet they chose. So if their wallet was stolen or they lost everything, they could still get their Soulbound NFT back. This is what Soulbound really means, not just a "non-transferable token."
3. Cross-platform identity linking
Apps never see your main identifier. They only see a contextID or appID.
4. Transaction Linkability
BrightID isn't a wallet, but allows you to generate new wallets and seed them with gas through a BrightID enabled faucet, creating new unlinked addresses.
5. Platform-Specific Tracking
Apps within a platform can each register with BrightID separately and have their own system of identifiers (appIds).
6. Pseudonymity Limitations
Let's think about this more. An app could allow you to be verified multiple times, but only once with a level 2 verification; the rest of your pseudonyms could have at most a level 1 verification, and they could be limited in number. This permits exploration in certain areas of an app but limits some areas more strictly. Because we use blind signatures, neither the app nor BrightID nodes can link your pseudonyms together. The people who verify you (who already know you) would know the number of pseudonyms you have (to impose a maximum per app), but not know the actual pseudonyms.
We're both thinking along the same lines of privacy-preserving unique identity and should collab on this.
I created BrightID as a public good to address this problem, but it never grew beyond the Ethereum ecosystem. Maybe I was too early 7 years ago and now is the right time to go mainstream.
Here's how BrightID addresses the six key privacy issues you surfaced.
1. Verification privacy
Names and photos are shared peer-to-peer when you connect; they aren't stored on servers, so there's no honeypot. Their only use is to recall with whom you connected; you could use a nym and a picture of your cat. You can use a different name and photo with different connections.
I agree KYC is great for corrupt people and terrible for honest people, so it's a no-go.
Biometrics hand wave over the real problem of trust, and create a new batch of problems. I'd be happy to enumerate the problems for you, but I think you've already come to the conclusion that biometrics are not the answer.
2. Master Key Vulnerability
Your identifier is under the stewardship of a number of people you trust to be your "recovery" connections. They can create and revoke signing keys for you to let you recover from an attack or a loss.
We even created a Soulbound NFT that was claimed by 10,000 people. It had zero resale value because an owner could use social recovery to recover it into any wallet they chose. So if their wallet was stolen or they lost everything, they could still get their Soulbound NFT back. This is what Soulbound really means, not just a "non-transferable token."
3. Cross-platform identity linking
Apps never see your main identifier. They only see a contextID or appID.
4. Transaction Linkability
BrightID isn't a wallet, but allows you to generate new wallets and seed them with gas through a BrightID enabled faucet, creating new unlinked addresses.
5. Platform-Specific Tracking
Apps within a platform can each register with BrightID separately and have their own system of identifiers (appIds).
6. Pseudonymity Limitations
Let's think about this more. An app could allow you to be verified multiple times, but only once with a level 2 verification; the rest of your pseudonyms could have at most a level 1 verification, and they could be limited in number. This permits exploration in certain areas of an app but limits some areas more strictly. Because we use blind signatures, neither the app nor BrightID nodes can link your pseudonyms together. The people who verify you (who already know you) would know the number of pseudonyms you have (to impose a maximum per app), but not know the actual pseudonyms.