The problems with sending identity documents like this are that, while messages are end-to-end encrypted, there is no way to control what the person on the receiving end does with the document and most users aren’t trained or equipped to spot a fake ID.
Unfortunately, there is no way to know whether the recipient has erased a document after use, or whether they are storing the document unsafely. The greatest risk of having an identity document in unknown hands is that it might end up being leaked or offered for sale on the dark web, and later used for nefarious purposes. It could even end up back on LocalEthereum by somebody pretending to be you.
For these reasons, sharing sensitive identity documents with unknown traders isn’t an ideal solution. It’s a working solution, and the risk may be slim if you’re dealing with a trusted trader, but the probability of becoming a victim is non-zero.
If sharing identity documents over encrypted messages is unsafe, what can be done to prevent identity theft? We looked at three potential solutions:
Watermarking solves the issue of identity theft in most cases, however many watermarks can be photoshopped out, and this doesn’t address the point that users are not usually equipped to authenticate documents.
LocalEthereum is a hands-off non-custodial platform — we can’t touch your ETH, we can’t read your messages(unless you ask us to), and we don’t dictate the terms of your interactions. Hosting a central repository of sensitive documents violates our core values of privacy and security, and makes us a target for thieves.
Centralised custodial services are a target for ruthless hackers, but cryptocurrency isn’t the only gold for hackers: personal data can also be very valuable. Troves of sensitive information have been stolen in high-profile data breaches from companies such as Equifax, Yahoo, eBay, Adobe, Ashley Madison, and many others.
We think we’ve come up with a pretty good solution that will…
Enable users to share their name, and prove that it is their name, without revealing any identity document to the other party, and without revealing their name to LocalEthereum.
Here’s how it will look:
The user will upload their photo identification on a page dedicated to the new feature. They can choose to manually designate a trusted attestor, or let LocalEthereum suggest one for them. A small fee will be attached to pay for the attestor’s time.
The trusted attestor—in this example, the attestor’s name is Charlie—will verify the uploaded document. Once it’s verified, Alice will be notified that she can now use the verified name in trades.
An attestor could be anybody—it might be a reputable trader, a well-known trustworthy individual, or a company with a long-track record in identity verification. More on this soon.
The verified identity can now be used in an unlimited number of trades, instead of sending identity documents directly to other traders. Assuming that Charlie is highly trusted, the other user will be satisfied in knowing that the name is verified by Charlie as belonging to you.
The way this verification system will work involves:
Say Bob is a trader. To thwart fraud and/or comply with local regulations, he needs to know the names of people he trades with.
Alice wants to verify her full name to other traders. She has a scan of her passport that people can use to verify her name, but she’s worried that by using it in every trade, a rogue trader will copy it and steal her identity.
There is a public list or marketplace of trusted attestors, who compete with each other on reputation and price. Alice picks Charlie, one of the most trusted attestors in the marketplace, who happens to charge 80¢ to verify an identity document.
With the help of LocalEthereum’s UI, Alice uploads an encrypted copy of her passport, which only Charlie can decipher. This end-to-end encryption can be accomplished either via an encrypt-to-public-key solution like RSA, or an anonymous key agreement protocol like ECDH.
Charlie checks the passport, ensures its authenticity and notes the name printed on the document. Once the document is verified, Charlie signs a message containing a hash of Alice’s full name plus her public key — e.g.
SHA3(Alice Realname 0x3D2F55CA).
Now, given Alice’s public key, Charlie’s public key, Alice’s full name and Charlie’s attestation signature, somebody else can verify that Charlie has confirmed Alice’s real name is Alice Realname.
Charlie’s attestation signature and the verified name are transferred to Alice, again end-to-end encrypted, so that LocalEthereum is kept in the dark. These details (her real name and the attestation) are stored encrypted in Alice’s LocalEthereum account. (At some point during the process, Charlie is compensated for the effort, which could be covered in part or full by LocalEthereum.)
Now, Alice is ready to trade with her verified identity. She opens a trade with Bob — who happens to have a low risk-tolerance — and Bob asks Alice for her real name. In an end-to-end encrypted message, Alice sends to Bob her real name and the attestation signature from Charlie.
Assuming that Bob trusts Charlie too, Bob has all the information necessary to verify that Charlie has confirmed the name “Alice Realname” belongs to Alice. He doesn’t need to see the original document.
With the attestation signature safely locked away in Alice’s account, she can re-use the verified ID throughout the lifetime of her LocalEthereum account.
Meanwhile, LocalEthereum is unaware of Alice’s identity, and is not even aware that Alice shared her identity with Bob. Similarly, Charlie has no knowledge of Alice’s trading activity, and he’s not aware of the interaction between Alice and Bob.
After reading this, please don’t scream “LocalEthereum is doing KYC!” — that’s not the case.
Our intention is only to make the platform safer for people who are already choosing to share their identity with other users. We suspect that this feature will be used by traders with a low risk-tolerance trading large amounts over unsafe payment mediums such as PayPal and Venmo, or those that may be required to do so to comply with local regulation.
Users will be asked to mark their offer with a special “I will ask for your name” icon if it’s their ordinary procedure to ask for the other side’s identity. This will make it easy for users who don’t wish to share their identity.
As mentioned, this is currently a work-in-progress concept. The finished product might differ slightly to the technical system described above, however we intend to keep the user-experience the same.
There are currently three unknowns:
There are a few decentralised identity solutions around, and a few more in the works. We’ve spoken with a few teams already about a possible integration, however we’re still searching for the best identity-related project to help bring this concept to life.
We think that the design of some decentralised identity projects is needlessly complex and burdensome for our use case. For example, there are at least two decentralised identity projects that put everything on-chain and require end-users to install a proprietary mobile app before they can upload their ID.
If you’re building an identity solution or reputation-based marketplace which seems to fit the bill, or you have any feedback, ideas or criticism, reach out to us! LocalEthereum has a user base of more than 100,000, an accumulative trading volume nearing $70 million, and we’re eager to find people to help turn this mock-up into reality.