What is the right and fair way to stop Mike Hearn?

[tvbcof]

Bro, no one cares about your role playing game scenarios. We are not playing Shadowrun here, we are discussing technical solutions for a security issue in the Bitcoin P2P network.

This.

+ it's not the users being affected, but people running a service for those users (see bolded part).
I doubt that under the given circumstances in the outlined scenario, there'd be any. People would offer those services from outside.

On The Other Hand...  It is not some whacked theory that power structures can and will interfere with things they don't like or consider a threat.  Witness what happened in China a few months ago (if that) and specific to Bitcoin even.  Focusing to exclusively on technical aspects of almost any solution is likely a very big mistake.

You can argue that 'it cannot happen here' because our Western governments (or whatever) are so different.  That would be the same argument used last year about the unbelievable level of spying and the construction individual dossiers on every citizen, and about the interaction between corporations and governments to conspire in this sphere.  Now, well, 'not so much.'

You can still make the argument that (for the most part) the 5-eyes have not abused the powers they've cultivated.  Even if true, I'm not buying that this means much about what the future holds.  Just as Machiavelli is amazingly 'modern', the actions and activities of those who hold power and wish to maintain it will be almost indistinguishable from their counterparts going back thousands of years.  I will bet on this (but I won't bet on when.)

[1714754602]

1714754602

[1714754602]

1714754602

[1714754602]

1714754602

[anti-scam]

After thinking about it more, the passport idea does seem a bit lazy (though still not malicious as many have accused). The risk of all of the hashes being bruteforced is a pretty large downside since those who would need to provide that extra identification most would be running over Tor and likely not keen on taking any chance of having their identity revealed.

My personal feeling is that a 'proof-of-connectivity' relying on data transmission rates and time-stamping might be a way forward. For example - if I gave you a starting point such as a nearby train station, and told you times and turns you could identify my house with 100% accuracy each time.

If you could start with one node and probe a map of its connectivity to others nearby, you'd end up with a trust less connectivity map accurately identifying that node.

Or imagine a 'Stargate' model, where a sequence of latencies to nearby nodes produces an unforgeable code/identifier. Each block originating from a node could even be labelled with its 'gate address'. Furthermore, this could generate a node map that's permanently encoded into the block chain, growing organically with the network but also allowing the identification of spoofed nodes (for example, nodes that suddenly appear and have a fixed time lag to one particular group of nodes that it's trying to spoof, but 'wrong' latencies to other supposedly nearby nodes).

This is an interesting idea but I doubt it's so simple in an actual network. Do you know of any academic papers or what not that actually promote this idea? It would also be kind of silly to blacklist a reliable and honest node just because it moved.

[NanoAkron]

Here is a scenario. In a small country with a brutal dictator inflation is rampant. People switch to cryptocurrencies to avoid confiscation of their wealth. As they don't know any better they use government ID's in conjunction with the system. Some day the mechanism is compromised and the government obtains all records of people using bitcoin in the country. the people are arrested and thrown into jail.

better to think more about what the consequences of actions are. would bitcoin developers compromise security in poor nations to get some added benefits in rich nations? the world is a pretty big place.

 

Bro, no one cares about your role playing game scenarios. We are not playing Shadowrun here, we are discussing technical solutions for a security issue in the Bitcoin P2P network.

I have never disliked someone on a public forum quite so much before as you. Genuinely, your antagonistic and arrogant platitudes just get my back up.

You continually belittle bitcoin as 'just a p2p network', totally ignoring the value already held in bitcoins and its potential future.

Why don't you just fuck off?

[erik777]

After thinking about it more, the passport idea does seem a bit lazy (though still not malicious as many have accused). The risk of all of the hashes being bruteforced is a pretty large downside since those who would need to provide that extra identification most would be running over Tor and likely not keen on taking any chance of having their identity revealed.

My personal feeling is that a 'proof-of-connectivity' relying on data transmission rates and time-stamping might be a way forward. For example - if I gave you a starting point such as a nearby train station, and told you times and turns you could identify my house with 100% accuracy each time.

If you could start with one node and probe a map of its connectivity to others nearby, you'd end up with a trust less connectivity map accurately identifying that node.

Or imagine a 'Stargate' model, where a sequence of latencies to nearby nodes produces an unforgeable code/identifier. Each block originating from a node could even be labelled with its 'gate address'. Furthermore, this could generate a node map that's permanently encoded into the block chain, growing organically with the network but also allowing the identification of spoofed nodes (for example, nodes that suddenly appear and have a fixed time lag to one particular group of nodes that it's trying to spoof, but 'wrong' latencies to other supposedly nearby nodes).

This is an interesting idea but I doubt it's so simple in an actual network. Do you know of any academic papers or what not that actually promote this idea? It would also be kind of silly to blacklist a reliable and honest node just because it moved.

I like the concept because it is using current trustless info to build common sense intelligence, and is quantifiable.  I don't think this implies blacklisting the node that moved.  It just implies a lower trust level in the near term until evidence showed it moved.  Lower trust simply means it wouldn't be trusted as the sole source of a confirmation when on an untrusted network, the open wifi example Mike gave, but can participate as a normal node otherwise. 

The bottom line, while the devil is in the details of ANY proposal, I prefer one that builds on the data in our trustless network to create node signatures and reputations that can be used when relying on confirmations on an untrusted local network, partially attested with signatures from nodes.  I think it's fair to presume that if someone is using wifi to fake a network, they still won't have the private keys of the reputable nodes, right? If they do, then we have a much bigger problem. 

[justusranvier]

When governments control the money supply, the result is pure evil.

http://news.yahoo.com/airlines-halt-ticket-sales-venezuela-210753054--finance.html

All the shills, sockpuppets, and collaborators who want to prevent Bitcoin from becoming a tool for freeing humanity from that blight can go fuck themselves.

[NanoAkron]

After thinking about it more, the passport idea does seem a bit lazy (though still not malicious as many have accused). The risk of all of the hashes being bruteforced is a pretty large downside since those who would need to provide that extra identification most would be running over Tor and likely not keen on taking any chance of having their identity revealed.

My personal feeling is that a 'proof-of-connectivity' relying on data transmission rates and time-stamping might be a way forward. For example - if I gave you a starting point such as a nearby train station, and told you times and turns you could identify my house with 100% accuracy each time.

If you could start with one node and probe a map of its connectivity to others nearby, you'd end up with a trust less connectivity map accurately identifying that node.

Or imagine a 'Stargate' model, where a sequence of latencies to nearby nodes produces an unforgeable code/identifier. Each block originating from a node could even be labelled with its 'gate address'. Furthermore, this could generate a node map that's permanently encoded into the block chain, growing organically with the network but also allowing the identification of spoofed nodes (for example, nodes that suddenly appear and have a fixed time lag to one particular group of nodes that it's trying to spoof, but 'wrong' latencies to other supposedly nearby nodes).

This is an interesting idea but I doubt it's so simple in an actual network. Do you know of any academic papers or what not that actually promote this idea? It would also be kind of silly to blacklist a reliable and honest node just because it moved.

I like the concept because it is using current trustless info to build common sense intelligence, and is quantifiable.  I don't think this implies blacklisting the node that moved.  It just implies a lower trust level in the near term until evidence showed it moved.  Lower trust simply means it wouldn't be trusted as the sole source of a confirmation when on an untrusted network, the open wifi example Mike gave, but can participate as a normal node otherwise.  

The bottom line, while the devil is in the details of ANY proposal, I prefer one that builds on the data in our trustless network to create node signatures and reputations that can be used when relying on confirmations on an untrusted local network, partially attested with signatures from nodes.  I think it's fair to presume that if someone is using wifi to fake a network, they still won't have the private keys of the reputable nodes, right? If they do, then we have a much bigger problem.  

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

[tvbcof]

I have never disliked someone on a public forum quite so much before as you. Genuinely, your antagonistic and arrogant platitudes just get my back up.

You continually belittle bitcoin as 'just a p2p network', totally ignoring the value already held in bitcoins and its potential future.

Why don't you just fuck off?

I like the guy.  He and I often seem to see eye-to-eye on stuff, and I (think I) see what he's doing to you guys in the last few posts.

What I really like about Augusto and the rest of the Bitcoin Foundation guys is that they are selling their soul and I can capitalize on it without doing anything.  Worse than that, I can ramble on about principle and all that crap then giggle my ass off all the way to the bank as they make me rich!  What's not to love!?

Oh, BTW, I wouldn't call the guy's comments about Bitcoin being P2P 'belittling'.  I'd call it lying.  If not currently, at least in the fairly near future.

[anti-scam]

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.

[erik777]

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.

latency isn't accurate, stable or dependent on one variable like geography.  On top of that, by itself, it can be spoofed to the extent a fake node can delay communication to reach a known latency. 

But, in a bigger picture of a network, average latency over time can be a means to confirm that node X is probably node X, if attested by node N1 attesting its latency is in normal range, N2 attesting it is normal, N3 saying it is near normal, where N1, N2 and N3 are known nodes who's public keys you posses.  Node X can pass these attestations to you, provable by the signatures of N1, N2 and N3. 
 

[anti-scam]

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.

latency isn't accurate, stable or dependent on one variable like geography.  On top of that, by itself, it can be spoofed to the extent a fake node can delay communication to reach a known latency. 

But, in a bigger picture of a network, average latency over time can be a means to confirm that node X is probably node X, if attested by node N1 attesting its latency is in normal range, N2 attesting it is normal, N3 saying it is near normal, where N1, N2 and N3 are known nodes who's public keys you posses.  Node X can pass these attestations to you, provable by the signatures of N1, N2 and N3. 
 

But then we have to trust N1, N2, and N3, who would all have to be presumably verified by N4, N5, and N6, and so on. Does this bootstrap in a decentralized manner?

[coinrevo]

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

could you please open up a separate thread for this? its an important idea. thanks.

can we agree on one principle in bitcoin: it does not pre-suppose governments for any functionality? how about putting that in the charter of a new foundation?

[waxwing]

Do you recognise that your solution is completely counter to the trustless distributed nature of bitcoin?

Mike's solutions in no way affect the "trustless distributed nature of bitcoin" because this is laughable nonsense.

There is no such thing as "trustless distributed nature of bitcoin".

Bitcoin is a software which allows users to form a P2P network where they register transactions in a distributed ledger. There is no "nature" being distributed. There is a ledger being distributed. No, it is not "trustless". Unconditional trust is still required to form the P2P network. Each client have to trust each other in order to work. Transmission of the unit of account (a.k.a. BTC or XBT) requires consent by the user signature (private-key). In other words, by using the Bitcoin software a person trust that a bunch of random people using the same software is going to validate his/her transaction.

Bro, do you even ... solve the Byzantine Generals problem?

What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party.

[erik777]

Sorry for the massive quote but I'm on my phone...

Thanks for the reply - you're absolutely right that I'm currently lacking details required for implementation. I AM currently looking for academic papers that could back this idea up in purely mathematical/objective terms.

With all this talk of Mike Hearn's proposal for external tokens to verify nodes, I just wanted to hypothesise potential alternatives based on the network we already have. We all know that:

1. Time moves in one direction
2. Networks have non-zero latencies between nodes
3. Geographic location can correlate with local network latency/routing
4. Time stamping CAN be highly accurate with modern technology

I believe a combination of these factors would allow more objective identification of nodes, using inherent properties of the network itself to provide zero-trust identification.

I am NOT advocating white/black/brown-listing in any fashion, merely local trustworthiness built upon a history of functionality within the greater network.

My only reservation is you would think that if this type of fingerprinting were as accurate as you'd need it to be then it would already be used for tracking, breaking Tor, and the like. Of course there's a difference between an involuntary timing attack and a node specifically trying to prove its validity to you.

latency isn't accurate, stable or dependent on one variable like geography.  On top of that, by itself, it can be spoofed to the extent a fake node can delay communication to reach a known latency. 

But, in a bigger picture of a network, average latency over time can be a means to confirm that node X is probably node X, if attested by node N1 attesting its latency is in normal range, N2 attesting it is normal, N3 saying it is near normal, where N1, N2 and N3 are known nodes who's public keys you posses.  Node X can pass these attestations to you, provable by the signatures of N1, N2 and N3. 
 

But then we have to trust N1, N2, and N3, who would all have to be presumably verified by N4, N5, and N6, and so on. Does this bootstrap in a decentralized manner?

Yeah, but you trust N1-3 enough to vouch for X because:

- You connected to them previously from a "trusted" network (your home), whereas now you're connected to X from an "untrusted" network, such as a wifi hotspot in a cafe. 

- No one is vouching for trustworthiness, per se.  They are only vouching that the latency of X is within historical norms since T (time), and they know other facts about X, such as how long they've "known" X and other things they have learned about X. 

The bottom line is if you're trying to detect the integrity of a node you're talking to, you are asking peers that have talked to that node in the past that you've talked to in better contexts.  Each node can track latency, uptime, etc, on all the nodes they talk to.  They don't have to share details, just how normal it is. 

To be sure, you can't 100% trust any node.  That's not the goal.  You're just trying to make it more difficult for someone to create a fake bitcoin network on a wifi spot they are hosting.  This can make it virtually impossible to pop up a bunch of new nodes with no history on the bitcoin network, or to bring them up and down.  Does it rule out every type of node fraud?  No, but it makes it much harder.  You'd have to create a history on the network with your nodes.  And, as soon as your nodes are identified as bad, that history would become moot, requiring a new history. 

You are creating higher credibility for nodes with a HISTORY of uptime, consistent latency with its peers, and presence on the blockchain over those that are new, credibility you'd primarily use when on an untrusted local network and you need transaction confirmation quickly, the scenario Mike is trying to address with passports.

This is not the same as real world trust networks.  This is based purely on network data, with the network reinforcing itself, increasing its own integrity dynamically.  This is still conducive to a trustless network so long as you don't make it part of your core, but an add-on to offset those times when you can't otherwise trust the network and nodes you are currently talking to without a historical linkage. 

[erik777]

Also, I threw in the concept of identifying a bad node requiring the operator to create a new node with no history.  That sounds like blacklisting, but here's the difference, because like most here, I'm completely against PEOPLE blacklisting nodes. 

Node X is bad, but has an untarnished history on the Bitcoin network.  Node X forwards you recent attestation from its peers, peers you've built some credibility with by using them in a trusted setting, such as at home when you received Bitcoins. 

Node X then lies to you about the blockchain because Node X has considered you its mark.  You rely on this and hand over your fiat currency in the cafe. 

If Node X signed its lie with the same public key that its peer nodes used to attest to the facts they knew about it, you can now take this signed lie and put it on the "liar liar node's on fire" chain.  You've now provided proof that node X lied to you that the Bitcoin network can see. 

Yes, it won't get your fiat currency back.  You'll need muscle or persuasion for that.  But, it will help to erase the historical integrity that node X established on the Bitcoin network.  It isn't blacklisting, because you only proved that X lied, which you could not forge without X's private key.  No human can blacklist anyone.  But, we can prove when someone signs a document that contains a lie about the blockchain. 

 

[NanoAkron]

Also, I threw in the concept of identifying a bad node requiring the operator to create a new node with no history.  That sounds like blacklisting, but here's the difference, because like most here, I'm completely against PEOPLE blacklisting nodes. 

Node X is bad, but has an untarnished history on the Bitcoin network.  Node X forwards you recent attestation from its peers, peers you've built some credibility with by using them in a trusted setting, such as at home when you received Bitcoins. 

Node X then lies to you about the blockchain because Node X has considered you its mark.  You rely on this and hand over your fiat currency in the cafe. 

If Node X signed its lie with the same public key that its peer nodes used to attest to the facts they knew about it, you can now take this signed lie and put it on the "liar liar node's on fire" chain.  You've now provided proof that node X lied to you that the Bitcoin network can see. 

Yes, it won't get your fiat currency back.  You'll need muscle or persuasion for that.  But, it will help to erase the historical integrity that node X established on the Bitcoin network.  It isn't blacklisting, because you only proved that X lied, which you could not forge without X's private key.  No human can blacklist anyone.  But, we can prove when someone signs a document that contains a lie about the blockchain. 

Sounds very good, and in keeping with the 'maths is more objective than humans' ideology of bitcoin network.

I'm going to open up a new thread about this as recommended by coinrevo. It'll be titled something like 'Establishing node trustworthiness without external tokens'.

[augustocroppo]

Bro, do you even ... solve the Byzantine Generals problem?

What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party.

 

Bro, you are misinterpreting the holly scripture. The almighty Satoshi is speaking about a specific functionality of the Bitcoin software. He is not speaking about the unconditional trust that is necessary to operate any P2P network. Do you even understand the difference, bro? There is not necessary trust between two parties to validate a transaction, but there is necessary trust from all parties to form the network. You are ignoring the fact that elimination of a central authority to validate the transaction do not translate in a complete elimination of trust to operate the network. The only trust eliminated is the trust in a third party to validate a specific transaction, not the trust that each user must have to participate in the whole network. The required trust from the end user increases in proportion to his own lack of technical understanding. As less an end user understand the process to participate in the network, more trust is required from him to participate in the network.

You see, grandma have to trust that the software she is using (she do not even know what that means) is not a corrupted code. Grandma have to trust the peers connected to the software she is using (she do not even know what that means) are not corrupted nodes. Grandma have to trust the hard earned BTC she is sending to an exchange platform (she do not even know what that means) are going to be exchanged by real money.

[Mike Hearn]

Here is a scenario. In a small country with a brutal dictator inflation is rampant. People switch to cryptocurrencies to avoid confiscation of their wealth.

I must admit, I don't worry too much about this scenario because I don't see any way for Bitcoin to have any real impact in a country where using it is illegal. There are about a million ways a government can round up Bitcoin users beyond strange mathematical games - most obviously, find anyone advertising a price in Bitcoins and punish them. For people to use Bitcoin they have to be able to spend it, and to be able to spend it you need to find merchants willing to accept it, and for a merchant to accept it requires advertising that fact.

If you think brute forcing salted passport hashes is the easiest way to crack down on Bitcoin, then that implies you believe the government has no ability to just go into the marketplace and use undercover agents to ask around. Seems unlikely. Also remember you could just not run nodes in that country, or run them but without providing passport proofs (you could provide a sacrifice proof instead, or no anti-sybil data at all).

Also - maybe this isn't obvious, but I write my talks to be interesting, not as a cast-iron manifesto of things that are guaranteed to happen. Using zk-SNARKS to prove ownership of a passport for anti-sybil purposes is an interesting idea, but that doesn't mean it'll actually ever be implemented. We can't even prototype it today!

FYI I agree that Satoshi was probably not a hard core crypto anarchist. He started to back away from the project around the time people were suggesting WikiLeaks should accept donations with it (what he called "kicking the hornets nest"). I doubt he would have been happy about the Silk Road, which opened just two months after he stopped posting publicly.

[Mike Hearn]

We can create real passports, that are actually more valid than a government produced effort. I don't know why anyone would trust government passports anyway, it proves that either it's real, or that you had the money and means to get a fake. Not really much use as an ID in the 21st century anyway.

Go for it! If you think you can verify and issue identities that are harder/more expensive to forge than passports, and which the majority of people are eligible for, then the "Carlton Banks Pass" would work just as well. There's no particular reason it has to be a government issued ID, it just happens that governments put a lot of effort into issuing these things at scale, there are international standards for them, they can be read using Android phones, and lots of people already have gone through the process to obtain one. So in that sense it's a convenient existing infrastructure that can be reused.

[waxwing]

Bro, do you even ... solve the Byzantine Generals problem?

What is needed is an electronic payment system based on cryptographic proof instead of trust,
allowing any two willing parties to transact directly with each other without the need for a trusted
third party.

 

Bro, you are misinterpreting the holly scripture. The almighty Satoshi is speaking about a specific functionality of the Bitcoin software. He is not speaking about the unconditional trust that is necessary to operate any P2P network. Do you even understand the difference, bro? There is not necessary trust between two parties to validate a transaction, but there is necessary trust from all parties to form the network. You are ignoring the fact that elimination of a central authority to validate the transaction do not translate in a complete elimination of trust to operate the network. The only trust eliminated is the trust in a third party to validate a specific transaction, not the trust that each user must have to participate in the whole network.

Nope. Still not trust, only verification. There is no assumption of trust anywhere. Even in the case of a majority of nodes actively attacking, there is still no need to trust - the attack can be seen in quasi real time.

The required trust from the end user increases in proportion to his own lack of technical understanding. As less an end user understand the process to participate in the network, more trust is required from him to participate in the network.

Totally different issue. If I'm a simpleton I have to "take it on trust" that 5 + 7 is 12. That doesn't mean that mathematics is based on trust.

Let's take another look at your original statement:

Unconditional trust is still required to form the P2P network. Each client have to trust each other in order to work.

False.

[waxwing]

We can create real passports, that are actually more valid than a government produced effort. I don't know why anyone would trust government passports anyway, it proves that either it's real, or that you had the money and means to get a fake. Not really much use as an ID in the 21st century anyway.

Go for it! If you think you can verify and issue identities that are harder/more expensive to forge than passports, and which the majority of people are eligible for, then the "Carlton Banks Pass" would work just as well. There's no particular reason it has to be a government issued ID, it just happens that governments put a lot of effort into issuing these things at scale, there are international standards for them, they can be read using Android phones, and lots of people already have gone through the process to obtain one. So in that sense it's a convenient existing infrastructure that can be reused.

Mike, it might have got lost in the noise (I think it's the other thread for the video), but did you see my question about active authentication? I'm really curious.