Unique ID generation for every harmony one wallet address created

hello @Semar_Martins, the AI model also has a liveliness check, we were planning on implementing Facetec (https://www.facetec.com/), it is the best in the world at liveliness check and creating 3D face maps which solve spoofing issues.

to confirm your wallet, you have to install the wallet on your desktop/phone which means that you have to have physical access to the device.

the real burden is already on the users, they are having a hard time doing transactions and the gas fees has been increased, its a proposed solution and we will try our best to protect the AI model. i I would also like to state that a KYC checks your location, national id/passport- we wont request any of these features,(check out the demo video)
wallets can be imported to other devices, and ideas unless proven they work efficiently with minimal risks wont be deployed to the main harmony wallet. I think you have a rare case( all of your cameras are broken), even after we complete the building its going to take months before a vote to will be conducted.

an alternative is increasing the number of shards and transaction fees well and libp2p upgrade.

ā€œYou need to have physical access to the deviceā€ Well yea, but I really donā€™t think youā€™re safe from an adversarial attack on the model. I can be quite sure that there will not be any adversarial attacks on MY cellphone. The wallet cannot be so sure

The incentives are different. I really hope the project works out, but Iā€™m quite skeptical tbh

il add the technical details of the system in a few hours, then we shall have more discussion on ways we can improve the project.

1 Like

Hey @Antony_Kimani and thanks for the proposal. Itā€™s obvious to me thereā€™s a passion behind this proposal and a goal to create a safer place for the Harmony ecosystem. There are a few concerns I would like to discuss to see if/how we can get around them:

a. We are eventually going to decommission the chrome extension as we continue getting closer to the release of 1Wallet. The enhancements youā€™re proposing seems very specific to the chrome extension and Iā€™m not sure how well this translates to 1Wallet.

b. It seems one of the issues youā€™re looking to address is the creation of multiple addresses without some type of authorization system. With this being specific to the Chrome extension, how will this stop anyone from using another desktop or mobile wallet to bypass the restriction?

c. How is this going to stop anyone from using arb bots or CLI to generate high amounts of transactions?

Thanks Antony.

1 Like

hello, i have added the technical details of the MVP, we will be using Facenet model and another open-source liveness project. Check out the details we have added and tell me what you think

hey too , a safe blockchain community will be very beneficial to all network users. I have added the technical part of the proposal to clarify some of these issues.

a) we had to be very specific when submitting the proposal at first so that you guys know what exactly trying to build. ( unique universal identifiers in the blockchain community). after development, we aim at getting the system implemented in the whole blockchain community to prevent cross-chain crimes, the project will open source and we will implement it in the 1wallet

b) there are people with multiple addresses who are using them for good purposes , it would be a bad idea to limit them. After confirming the wallet a unique ID will be added to the device, which will be used to sign every transaction before sending them to the leader node( its in the technical part ) even if someone changes wallets he/she will still have to confirm his account inorder to send transactions to the leader nodes to harmony network ( I have changed to confirm your address not wallet)

c) arb bots will need unique IDs to send transactions to the harmony network , to get the unique IDs they have to bypass the A, by securing the AI even if they create thousands of multiple addresses the transactions will be cancelled

1 Like

using examples is better.
we are only trying to solve one problem ( making )
example
Imagine a whale decides he wants to slow down the network, he creates lots of wallet adresses and uses them to send multiple meaningless transactions. harmony notices this addresses but they cannot do anything about them , and even if they are black listed they can easily create new wallets and continue slowing the network down.
solution
if harmony notices wallet adresses that are behaving maliciously then they need to be publicly called out and blaclisted. For the owner of the wallet address who has acted malicioulsy and used his face to confirm the wallet address it means he will never be able to create another wallet address unless using someone else face , using this method harmony will become antgi -fragile( becoming better as more fraud cases occur) , this is because scammers are going to run out of faces to verify since each similar face is going to produce the same hash and if the hash has been blacklisted the face owner cant create a new account

1 Like

itā€™s a similar idea to what Solana implemented yesterday, finding ways to whitelists users, users with unique ID(hashed FaceID) will be given first priority,
it will also allow harmony to group wallet addresses, it is important because of data analytics purposes and being able to track scammers

Great to see so many ideas coming out of Africa!!!

1 Like

there are lots of interested developers with great idead who want to build , you should organize a meetup in our university

1 Like

Please apply here for this great idea:

1 Like

Hello Antony. My apologies if I missed the answer to this, but Iā€™m still trying to understand something specific.

  • Would this feature be tied to a specific wallet? If soā€¦

  • The purpose of this is to prevent and/or discourage spamming and malicious activity. If this is tied to a specific wallet, what will stop someone from performing malicious activity using another wallet or CLI from bypassing these restrictions?

To be clear, I think some sort of ID to prove youā€™re a legitimate person (vs a bot) could be helpful if that means your transaction is processed with higher urgency. Though, if weā€™re just increasing gas, Iā€™m not sure how thatā€™ll scale.

1 Like

Hello, I discussed with the Google Club today about hosting a blockchain event and they also want to build a blockchain club. We are filling out the application today since the event will be hosted at the university. We aim (that is, if our application is accepted) to use some of the funds to start a blockchain club in the school.

Hey, the face ID will be tied to a specific address, e.g., my wallet address, one1rmecdedm8eucynsnyj879n2dmvu8ggk5cl3kwd.
Sooner or later, harmony will have to implement a white/blacklist to curb the rising cases of fraud.
The second point is that today there was a rug pull in the Da Vinci gallery. The guy obviously had a harmony one wallet address, which should be blacklisted (or at least, in the future, should not be given first priority to interact with the blockchain -whitelist). If his face was attached to the blacklisted wallet address, he would have a difficult time creating another address using the same Face ID.

You are right on the third point. Face ID is the way we have been trying to prove you are a legitimate person. Most people wonā€™t want to share with harmony their unique identities, e.g., driversā€™ license, national ID, or passport. By using face ID, we will have solved the problem of creating a unique key identification without compromising on knowing the real personā€™s identity.

@Antony_Kimani - Thanks for the quick response. Can you please clarify this previous question:

Would the Unique ID function be called by a specific wallet? At what layer will this occur? If you can please clarify this thatā€™d be great.

Hereā€™s my concern:

Letā€™s say this is enabled for 1Wallet. Users opt-in for face recognition (this cannot be mandatory) and are trusted to make multiple addresses.

Another person downloads Metamask and creates multiple addresses on the Harmony network. We essentially make usability harder for users of 1Wallet while itā€™s still easy for everyone else to create multiple addresses.

Can you please speak to this specific concern and what your thoughts are? Specifically about using different wallets to circumvent the Unique ID.

Thanks Antony.

Hey, sorry it took me this long to reply.
We have been working on another project to help people send money via their phone numbers (their phone numbers are the unique identifiers in every transaction they want to send to the chain).
Letā€™s assume a user wants to send money (tokens) to another personā€™s phone number. The person inputs the transaction details and clicks send. For a successful transfer, the following has to occur:

  1. Is the phone number verified (unique key)?
  2. What wallet address is attached to the phone number? Does it have enough tokens to be transferred? If yes, sign the transaction using the pin and send it to the blockchain.

As you can see, the unique ID function is called first, then we look to see if the attached wallet address is attached to the ID, and finally, we send the transaction to the blockchain.
This means that every transaction that is sent to the chain has to be attached to the unique key. This only means one thing: all transactions on our smart contract have been sent by a human.
The unique key will be attached to the harmony wallet one address and not the harmony wallet, hence every time a harmony wallet address is created, it has to be verified (has a unique key) to send transactions to the chain. The verification is automated hence it will still make the blockchain permissionless if only you can prove that you are just human.
The biggest issue with implementing ID (national/passport/driverā€™s license) is that peopleā€™s privacy might be compromised, e.g. when Binance was hacked and peopleā€™s faces were shared online (coindesk.com, 2019).
scalability issue, the system checks within microseconds, it would take an average of 2.3 seconds to send transactions which is still a good number.
There is a company that has already built a prototype and has even made ZK rollups on their KYC. It has all the features I described above. https://everestdotorg.medium.com/ Itā€™s called Everest. It also has built-in APIs, I donā€™t think it is a good strategy to build something similar. Maybe the community can decide to implement the Everest APIā€™s
Also, it has to be compulsory for it to work effectively, I think we should let the project lie low until the community can agree to such a system.
Final remarks

Working on this project has been great for our team. We have learnt so much about the harmony eco-system , interacted with many developers and community members. We would like to stop working on this project because we feel it is a bounty project and it should not be a grant. It would take less than $5k to build and integrate the system. We would like to participate as a bounty project with the blessings of the community.

Links
Coindesk.com, (2019), Binance Customer Data Has Leaked: What We Know and What We Don't - CoinDesk

2 Likes

Hello, just to let you know that you made a typo at the end of the medium link, the correct one is https://everestdotorg.medium.com/

1 Like

thank you for pointing it out

@Antony_Kimani I was asked to take a look at this proposal.

  1. Private keys can be arbitrarily generated offline and funds can be sent to corresponding addresses (derived from public key) without the existence of a wallet and any prior interaction with the blockchain thereof. Your proposal may prevent these funds to be accessed by the private key owner (since you require a valid face id associated with the public key). This places additional burdens on applications, users, and a significant deviation from Ethereum. How do you address that?
  2. Who and how face id authorities are managed and regulated? This is not discussed. Without a comprehensive and well-balanced design, how is the proposal different from operating a centralized payment system with face id as the primary authentication and identification mechanism?
  3. How exactly are face ids are computed and how are mobile devices utilized to achieve that? iOS FaceID does not disclose such data to applications. It is also very challenging for non-native applications to accurately capture and share such data to developers.
2 Likes