Ok...
and no one can hack the device and fake location and 'movement', right ?
Of course one can try hacking the system and fake movement; and just for that sake we develop our
"proof-of-movement" algorithms. Really, this cocktail of algorithms (we call it a "spoof-proof cocktail") is made of
3 classes of algorithms:
1. Proof-of-social-being algorithms -- which only looks at the social network, the network or all users and the links between them,
to already filter out most faked users (bots), before even looking at their GPS data.
A link between 2 people can be defined in several ways, one of which is the mutual existence of their phone number in each other's phone contact list.
Such a link cannot be faked between a bot (with faked phone number) and a real person, unless of course this person cheat. So the number of links
a cloud of bots may have with the whole system equals the number of collaboratively cheating people; which is dramatically smaller than the number of links a cloud of real persons would have to the whole system. In that way, very simple algorithms will recognise clouds of bots.
It's important to emphasize, though, that the point is that it's pretty easy to identify millions of bots, but it won't reach easily a single or a few bots.
The point is that we are less concerned with someone making a couple of faked users, but we are very concerned (and protect against) someone faking thousands (or even hundreds) of faked riders.
2. Proof-of-location algorithms -- which basically cross refer real-time-loca data between different users, and between users and external data.
For example, we can ask the phone what is the temperature it sees. If two people located at the same point report different answers, we may know one of them is cheating (meaning, it's a faked users). We can ask ask the phone what wifi it sees around (for example, many buses have very strong wifis, visible for hundreds of meters), and again, if several users report a wifi they see, and then one user does not report about it we know he's a faked one.
3. Proof-of-movement algorithms -- analysing the signals of movement in a way that differentiate an authentic movement from an artificially created one. Of course, one can "record" his movement data, but then we'll see multiplication of such data all over the place (assuming it's used for many faked users), knowing its faked.
And then I should add that:
A. This is just a very brief flavour of it, we have plenty other heuristics.
B. We are in testing phase, still a stage of development, and most of the heuristics are still to be developed and coded. That's why we limit extensively the mining at this stage.
C. Also at later stages, mining will be limited in a way that won't allow for a serious damage to the system even in the case of successful spoofing
(but of course, we believe we'll have enough tools to avoid such spoofing whatsoever).
D. We'll be conducting a Proof-of-Movement Hackathon in a few weeks, where hackers from all over the world will be invited to:
1. either secure the network by writing more proof-of-movement algorithms.
2. or, hack it.
Both successful contributions will be generously rewarded with Zooz tokens (and perhaps even BTC if funds will be available).
So it's a good opportunity to invite you all to participate in this event.
and most importantly...
E. This is just the place where we want to ask for the community feedback -- your ideas for more heuristics, comments about weaknesses, suggestions, etc.
This is a community project -- and we call the community to help in making it better.
Yours,
Matan Field