SoK: The Ghost Trilemma (2308.02202v3)
Abstract: Trolls, bots, and sybils distort online discourse and compromise the security of networked platforms. User identity is central to the vectors of attack and manipulation employed in these contexts. However it has long seemed that, try as it might, the security community has been unable to stem the rising tide of such problems. We posit the Ghost Trilemma, that there are three key properties of identity -- sentience, location, and uniqueness -- that cannot be simultaneously verified in a fully-decentralized setting. Many fully-decentralized systems -- whether for communication or social coordination -- grapple with this trilemma in some way, perhaps unknowingly. In this Systematization of Knowledge (SoK) paper, we examine the design space, use cases, problems with prior approaches, and possible paths forward. We sketch a proof of this trilemma and outline options for practical, incrementally deployable schemes to achieve an acceptable tradeoff of trust in centralized trust anchors, decentralized operation, and an ability to withstand a range of attacks, while protecting user privacy.
- [n. d.]. Overview of Proof of Individuality. http://proofofindividuality.weebly.com/overview.html
- 2011. CENTRAL ASIA AND THE ARAB SPRING: GROWING PRESSURE FOR HUMAN RIGHTS? https://www.govinfo.gov/content/pkg/CHRG-112jhrg93877/html/CHRG-112jhrg93877.htm.
- 2015. Fake ID Guides on the Deep Web. https://www.reddit.com/r/deepweb/comments/3gifi3/fake_id_guides_on_the_deep_web/.
- 2015. Here’s how much your company pays to rent office space. https://on.mktw.net/2UKHnU6.
- 2018. Did Google Duplex beat the Turing Test? Yes and No. http://bit.ly/3KkddR9.
- 2018. Job Ads for Russian Troll Factory. https://bit.ly/3e1BskS.
- 2019. Digital Blackface: Pro-Trump Trolls Are Impersonating Black People on Twitter. https://bit.ly/2XYbb1r.
- 2019. What Is the Average Income in the U.S.? https://www.thestreet.com/personal-finance/average-income-in-us-14852178.
- 2020. Cost of Data Breaches. https://www.scasecurity.com/cost-of-a-data-breach/.
- 2020. Fake Credit Card. https://www.deepwebsiteslinks.com/deep-web-links/.
- 2020. Quiz and Resources at SpotTheTroll. https://spotthetroll.org/start.
- 2020. Report Of The Select Committee On Intelligence United States Senate On Russian Active Measures Campaigns and Interference in the 2016 U.S. Election ’ Volume 2: Russia’s Use of Social Media With Additional Views. http://bit.ly/37WNmK8.
- 2021. Cyber Insurance. https://foundershield.com/coverage/cyber-liability-insurance/.
- 2021. Hacking Team Customer List. https://en.wikipedia.org/wiki/Hacking_Team,.
- 2021. What is a liquid democracy? https://followmyvote.com/liquid-democracy/
- 2022. New World Order Conspiracy Theories and Anti-Nato Rhetoric Surging on Twitter Amid Russian Invasion of Ukraine. https://networkcontagion.us/wp-content/uploads/NCRI-Insights-SitRep-March-2022.pdf.
- AbdelRahman Abdou. 2018. Internet Location Verification: Challenges and Solutions. arXiv preprint arXiv:1802.05169 (2018).
- On the Evasion of Delay-Based IP Geolocation. Technical Report. Technical report, Carleton University TR-14-03, June 2014.
- CPV: Delay-based location verification for the Internet. IEEE Transactions on Dependable and Secure Computing 14, 2 (2015), 130–144.
- Location verification on the Internet: Towards enforcing location-aware access policies over Internet clients. In 2014 IEEE Conference on Communications and Network Security. IEEE, 175–183.
- Distributed computing meets game theory: combining insights from two fields. Acm Sigact News 42, 2 (2011), 69–76.
- Linguistic cues to deception: Identifying political trolls on social media. In Proceedings of the international AAAI conference on web and social media, Vol. 13. 15–25.
- Ben Adida. 2008. Helios: Web-based Open-Audit Voting.. In USENIX security symposium, Vol. 17. 335–348.
- BAR fault tolerance for cooperative services. In Proceedings of the twentieth ACM symposium on Operating systems principles. 45–58.
- Sybil defense techniques in online social networks: a survey. IEEE Access 5 (2017), 1200–1219.
- Device, system, and method of liveness detection utilizing voice biometrics. US Patent 8,442,824.
- Aparna Alluri. 2019. WhatsApp: The ’black hole’ of fake news in India’s election. https://www.bbc.com/news/world-asia-india-47797151.
- Sok: The evolution of sybil defense via social networks. In 2013 ieee symposium on security and privacy. IEEE, 382–396.
- . Android Developers. 2019. UUID. https://developer.android.com/reference/java/util/UUID.
- Andrew Appel. 2022a. How to Assess an E-Voting System. https://bit.ly/3QhVldv.
- Andrew Appel. 2022b. How to Assess an E-Voting System. https://bit.ly/47dFm6f.
- Andrew Appel. 2022c. Switzerland’s e-voting: The threat model. https://bit.ly/43MZqJG
- Andrew Bailey and Nick Almond. [n. d.]. A New Identity and Financial Network. https://blockworks.co/news/worldcoin-privacy-concerns.
- Privacy-Preserving Fingercode Authentication. In Proceedings of the 12th ACM Workshop on Multimedia and Security (Roma, Italy) (MM&Sec ’10). Association for Computing Machinery, New York, NY, USA, 231–240. https://doi.org/10.1145/1854229.1854270
- soc2seq: Social embedding meets conversation model. arXiv preprint arXiv:1702.05512 (2017).
- Alex Blania and Sam Altman. [n. d.]. A New Identity and Financial Network. https://whitepaper.worldcoin.org/.
- Proof-of-personhood: Redemocratizing permissionless cryptocurrencies. In 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW). IEEE, 23–26.
- OULU-NPU: A Mobile Face Presentation Attack Database with Real-World Variations. In 2017 12th IEEE International Conference on Automatic Face Gesture Recognition (FG 2017). 612–618.
- Samantha Bradshaw and Philip Howard. 2017. Troops, trolls and troublemakers: A global inventory of organized social media manipulation. (2017).
- Samantha Bradshaw and Philip N Howard. 2019. The Global Disinformation Order 2019 Global Inventory of Organised Social Media Manipulation. http://bit.ly/2SleUSP.
- Human Rights Bureau of Democracy and Labor. 2023. Supporting critical open source technologies that enable a free and open internet - united states department of state. https://tinyurl.com/2fnx7ebd
- David Chaum. 1983. Blind signatures for untraceable payments. In Advances in cryptology. Springer, 199–203.
- Designing human friendly human interaction proofs (HIPs). In Proceedings of the 2005 Conference on Human Factors in Computing Systems, CHI 2005, Portland, Oregon, USA, April 2-7, 2005, Gerrit C. van der Veer and Carolyn Gale (Eds.). ACM, 711–720.
- Bobby Chesney and Danielle Citron. 2019. Deep fakes: A looming challenge for privacy, democracy, and national security. Calif. L. Rev. 107 (2019), 1753.
- Girija Chetty and Michael Wagner. 2006. Multi-level liveness verification for face-voice biometric authentication. In 2006 Biometrics Symposium: Special Session on Research at the Biometric Consortium Conference. IEEE, 1–6.
- Annina Claesson. 2019. Coming Together to Fight Fake News: Lessons from the European Approach to Disinformation. https://bit.ly/2XK8oYv.
- Jeremy Clark and Urs Hengartner. 2011. Selections: Internet voting with over-the-shoulder coercion-resistance. In International Conference on Financial Cryptography and Data Security. Springer, 47–61.
- An investigation of Bluetooth security vulnerabilities. In 2017 IEEE 7th annual computing and communication workshop and conference (CCWC). IEEE, 1–7.
- A survey on near field communication (NFC) technology. Wireless personal communications 71 (2013), 2259–2294.
- Challenges of face presentation attack detection in real scenarios. In Handbook of Biometric Anti-Spoofing. Springer, 247–266.
- Liveness Detection for User Authentication. US Patent App. 14/499,138.
- Stefano Cresci. 2020. A decade of social bot detection. Commun. ACM 63, 10 (2020), 72–83.
- Better safe than sorry: an adversarial approach to improve social bot detection. In Proceedings of the 10th ACM Conference on Web Science. 47–56.
- ID R & D. 2020. THE IMPORTANT ROLE OF LIVENESS DETECTION IN FACE BIOMETRIC AUTHENTICATION. Technical Report. ID R & D. https://www.idrnd.ai/wp-content/uploads/2020/09/IDRD-Facial-Liveness-WHITEPAPER-Sept2020.pdf
- Botornot: A system to evaluate social bots. In Proceedings of the 25th international conference companion on world wide web. 273–274.
- Efficient Testing of Physically Unclonable Functions for Uniqueness. In 2019 IEEE 28th Asian Test Symposium (ATS). IEEE Computer Society, Los Alamitos, CA, USA, 117–1175. https://doi.org/10.1109/ATS47505.2019.00022
- John R Douceur. 2002. The sybil attack. In International workshop on peer-to-peer systems. Springer, 251–260.
- Miriam Elder. 2012. Emails give insight into Kremlin youth group’s priorities, means and concerns. https://bit.ly/3eBc9pI.
- FCh FederalChancellery. [n. d.]a. Redesign and relaunch of trials:Final report of the Steering Committee Vote Electronique. ([n. d.]). shorturl.at/tuyG9.
- FCh FederalChancellery. [n. d.]b. Summary of the expert dialog: Redesign of Internet Voting Trials in Switzerland 2020. ([n. d.]). https://www.newsd.admin.ch/newsd/message/attachments/61843.pdf Created: 11-19-2020.
- Xuetao Feng and Yan Wang. 2019. System and method for efficient liveness detection. US Patent App. 16/019,955.
- Impossibility of Distributed Consensus with one Faulty Process. J. ACM 32, 2 (April 1985), 374–382.
- James S Fishkin and Robert C Luskin. 2005. Experimenting with a democratic ideal: Deliberative polling and public opinion. Acta politica 40 (2005), 284–298.
- International IDEA Institute for democracy and Electoral Assistance. [n. d.]. Use of E-Voting Around the World. https://www.idea.int/news-media/media/use-e-voting-around-world.
- Bryan Ford. 2019. The Remote Voting Minefield: from North Carolina to Switzerland. https://bford.info/2019/02/22/voting/
- Bryan Ford. 2020. Identity and Personhood in Digital Democracy: Evaluating Inclusion, Equality, Security, and Privacy in Pseudonym Parties and Other Proofs of Personhood. arXiv preprint arXiv:2011.02412 (2020).
- Bryan Ford. 2022. Auditing the Swiss Post E-voting System: An Architectural Perspective. (2022).
- Bryan Ford and Rainer Böhme. 2019. Rationality is self-defeating in permissionless systems. arXiv preprint arXiv:1910.08820 (2019).
- Bryan Ford and Jacob Strauss. 2008. An offline foundation for online accountable pseudonyms. In Proceedings of the 1st workshop on Social network systems. 31–36.
- Daniel Funke and Daniela Flamini. 2018. A guide to anti-misinformation actions around the world. https://www.poynter.org/ifcn/anti-misinformation-actions/.
- Silicon physical random functions. In Proceedings of the 9th ACM conference on Computer and communications security. 148–160.
- Statement from the listed authors of Stochastic Parrots on the “AI pause” letter. https://www.dair-institute.org/blog/letter-statement-March2023
- Review of the Fingerprint Liveness Detection (LivDet) competition series: 2009 to 2015. Image and Vision Computing 58 (2017), 110–128. https://doi.org/10.1016/j.imavis.2016.07.002
- Kristian Gjøsteen. 2011. The Norwegian internet voting protocol. In International Conference on E-Voting and Identity. Springer, 1–18.
- Olivia Goldhill. 2019. Politicians are embracing disinformation in the UK election. https://bit.ly/2TUFrbg.
- Making machine learning robust against adversarial inputs. Commun. ACM 61, 7 (2018), 56–66.
- Sonja Grabner-Kräuter and Sofie Bitter. 2015. Trust in online social networks: A multifaceted perspective. In Forum for social economics, Vol. 44. Taylor And Francis, 48–68.
- Changing perspectives: Is it sufficient to detect social bots?. In International conference on social computing and social media. Springer, 445–461.
- John Nicholas Gross. 2013a. Captcha Using Challenges Optimized for distinguishing between humans and machines. US Patent 8,494,854.
- John Nicholas Gross. 2013b. System and method for generating challenge items for CAPTCHAs. US Patent 8,380,503.
- Piero Guicciardi. 2022. Scalability of Encointer-a Proof-Of-Personhood Cryptocurrency. Master’s thesis. ETH Zurich.
- Vipin Gupta and Frank Pabian. 1997. Investigating the allegations of Indian nuclear test preparations in the Rajasthan desert: A CTB Verification Exercise Using Commercial Satellite Imagery. Science & Global Security 6, 2 (1997), 101–188.
- Vipin Gupta and Frank Pabian. 1998. Commercial satellite imagery and the CTBT verification process. The Nonproliferation Review 5, 3 (1998), 89–97.
- How not to prove your election outcome. In 2020 IEEE Symposium on Security and Privacy (SP). IEEE, 644–660.
- Hector Hoyos. 2016. System and method for determining liveness. US Patent 9,313,200.
- Emin Huseynov and Jean-Marc Seigneur. 2019. Physical presence verification using TOTP and QR codes. In 34th International Conference on ICT Systems Security and Privacy Protection-IFIP SEC 2019.
- Web bot detection evasion using generative adversarial networks. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR). IEEE, 115–120.
- Mircea Ionita. 2016. Methods and systems for determining user liveness. US Patent 9,305,225.
- Analyzing internet voting security. Commun. ACM 47, 10 (2004), 59–64.
- Spoofing and Anti-Spoofing with Wax Figure Faces. arXiv preprint arXiv:1910.05457 (2019).
- Security aspects of the in-vehicle network in the connected car. In 2011 IEEE Intelligent Vehicles Symposium (IV). IEEE, 528–533.
- Real-time face detection and motion analysis with application in “liveness” assessment. IEEE Transactions on Information Forensics and Security 2, 3 (2007), 548–558.
- Larry Koved. 2015. Usable multi-factor authentication and risk-based authorization. Technical Report. INTERNATIONAL BUSINESS MACHINES CORP YORKTOWN HEIGHTS NY.
- Swiss Post E-Voting Scope 4: Network Security Analysis. (2022).
- Sneha Kudugunta and Emilio Ferrara. 2018. Deep neural networks for bot detection. Information Sciences 467 (2018), 312–322.
- The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems 4, 3 (July 1982), 382–401.
- Hélène Landemore. 2020. Open democracy: Reinventing popular rule for the twenty-first century. Princeton University Press.
- Hélène Landemore. 2021. Open democracy and digital technologies. Digital technology and democratic theory (2021), 62–89.
- How not to prove your election outcome. Technical Report. Technical Report, March.
- Deep speaker: an end-to-end neural speaker embedding system. arXiv preprint arXiv:1705.02304 (2017).
- Lorenzo Alvisi, Michael Dahlin Laboratory for Advanced Systems Research (LASR), Dept. of Computer Sciences, The University of Texas at Austin. ([n. d.]).
- A persona-based neural conversation model. arXiv preprint arXiv:1603.06155 (2016).
- Deep reinforcement learning for dialogue generation. arXiv preprint arXiv:1606.01541 (2016).
- Anna Lysyanskaya and Zulfikar Ramzan. 1998. Group blind digital signatures: A scalable solution to electronic cash. In International Conference on Financial Cryptography. Springer, 184–197.
- Innocent Mbona and Jan HP Eloff. 2022. Feature selection using Benford’s law to support detection of malicious social media bots. Information Sciences 582 (2022), 369–381.
- TRIP: Trustless Coercion-Resistant In-Person Voter Registration. arXiv preprint arXiv:2202.06692 (2022).
- Martin Moore. 2023. Fake accounts on social media, epistemic uncertainty and the need for an independent auditing of accounts. Internet Policy Review 12, 1 (2023).
- Danielle Morgan and Arnis Parsovs. 2017. Using the Estonian Electronic Identity Card for Authentication to a Machine (Extended Version). Cryptology ePrint Archive (2017).
- Inside a Ukrainian Troll Farm. https://www.occrp.org/en/investigations/inside-a-ukrainian-troll-farm.
- Blockchain for secure location verification. J. Parallel and Distrib. Comput. 136 (2020), 40–51.
- RIA Novosti. 2012. Russia’s Snow Revolutionaries Ponder Next Move. https://sputniknews.com/20120206/171180369.html
- Multi-factor authentication: A survey. Cryptography 2, 1 (2018), 1.
- Andrew Osborne. 2011. Bloggers who are changing the face of Russia as the Snow Revolution takes hold. https://bit.ly/3E4bXyU
- Moritz Platt and Peter McBurney. 2021. Sybil attacks on identity-augmented Proof-of-Stake. Computer Networks 199 (2021), 108424.
- Movee: Video liveness verification for mobile devices using built-in motion sensors. IEEE Transactions on Mobile Computing 15, 5 (2015), 1197–1210.
- Kobosa Icconies Ramatsakane and Wai Sze Leung. 2017. Pick location security: Seamless integrated multi-factor authentication. In 2017 IST-Africa Week Conference (IST-Africa). IEEE, 1–10.
- Yefeng Ruan and Xukai Zou. 2017. Receipt-freeness and coercion resistance in remote E-voting systems. (2017).
- David Cerezo Sánchez. 2019. Zero-knowledge proof-of-identity: Sybil-resistant, anonymous authentication on permissionless blockchains and incentive compatible, strictly dominant cryptocurrencies. arXiv preprint arXiv:1905.09093 (2019).
- Secure verification of location claims. In Proceedings of the 2nd ACM workshop on Wireless security. 1–10.
- Detection of novel social bots by ensembles of specialized classifiers. In Proceedings of the 29th ACM international conference on information & knowledge management. 2725–2732.
- Giovanni Schmid. 2021. Thirty years of DNS insecurity: Current issues and perspectives. IEEE Communications Surveys & Tutorials 23, 4 (2021), 2429–2459.
- Eric Scigliano. 2021. Zoom Court Is Changing How Justice Is Served. https://www.theatlantic.com/magazine/archive/2021/05/can-justice-be-served-on-zoom/618392/
- Catherine Shu. 2020. Why the world must pay attention to the fight against disinformation and fake news in Taiwan. https://tcrn.ch/31IiScd.
- Who watches the watchmen? a review of subjective approaches for sybil-resistance in proof of personhood protocols. Frontiers in Blockchain (2020), 46.
- X-vectors: Robust dnn embeddings for speaker recognition. In 2018 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP). IEEE, 5329–5333.
- A neural network approach to context-sensitive generation of conversational responses. arXiv preprint arXiv:1506.06714 (2015).
- The ballot is busted before the blockchain: A security analysis of voatz, the first internet voting application used in us federal elections. In 29th {normal-{\{{USENIX$}$ Security Symposium (${$USENIX$}$ Security 20). 1535–1553.
- Security Analysis of the Estonian Internet Voting System. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (Scottsdale, Arizona, USA) (CCS ’14). Association for Computing Machinery, New York, NY, USA, 703–715. https://doi.org/10.1145/2660267.2660315
- Who shared it?: How Americans decide what news to trust on social media.
- Stilgherrian. 2020. Twitter bots and trolls promote conspiracy theories about Australian bushfires. https://zd.net/2Ux2jhV.
- Link: Location verification through immediate neighbors knowledge. In International Conference on Mobile and Ubiquitous Systems: Computing, Networking, and Services. Springer, 210–223.
- Craig Timberg and Tony Romm. 2019. Russian trolls sought to inflame debate over climate change, fracking, Dakota pipeline. https://www.chicagotribune.com/nation-world/ct-russian-trolls-climate-change-20180301-story.html
- John Timmer. 2020. Study looks at how Russian troll farms are politicizing vaccines. https://arstechnica.com/science/2020/04/study-looks-at-how-russian-troll-farms-are-politicizing-vaccines/
- rtCaptcha: A Real-Time CAPTCHA Based Liveness Detection System.. In NDSS.
- Lisa Vaas. 2018. Twitter publishes data on Iranian and Russian troll farms. https://bit.ly/2Mgfaja.
- Feature engineering for social bot detection. In Feature engineering for machine learning and data analytics. CRC Press, 311–334.
- Online human-bot interactions: Detection, estimation, and characterization. In Proceedings of the international AAAI conference on web and social media, Vol. 11. 280–289.
- An analysis of social network-based sybil defenses. ACM SIGCOMM Computer Communication Review 40, 4 (2010), 363–374.
- Towards Street-Level Client-Independent IP Geolocation.. In NSDI, Vol. 11. 27–27.
- Using improved conditional generative adversarial networks to detect social bots on Twitter. IEEE Access 8 (2020), 36664–36680.
- Virtual U: Defeating Face Liveness Detection by Building Virtual Models from Your Public Photos. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 497–512. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/xu
- Botometer 101: Social bot practicum for computational social scientists. arXiv preprint arXiv:2201.01608 (2022).
- Arming the public with artificial intelligence to counter social bots. Human Behavior and Emerging Technologies 1, 1 (2019), 48–61.
- Scalable and generalizable social bot detection through data selection. In Proceedings of the AAAI conference on artificial intelligence, Vol. 34. 1096–1103.
- Using publicly available satellite imagery and deep learning to understand economic well-being in Africa. Nature communications 11, 1 (2020), 2583.
- Virginia Alvino Young. 2020. Nearly Half Of The Twitter Accounts Discussing ‘Reopening America’ May Be Bots. https://bit.ly/2WX5j83.
- Sybilguard: defending against sybil attacks via social networks. IEEE/ACM Transactions on networking 16, 3 (2008), 576–589.
- System and method for generating challenge utterances for speaker verification. US Patent 9,318,114.