Commentary
Proof-of-You
- by Joe Mandese @mp_joemandese, November 14, 2022
Elon Musk’s rationale for utilizing a premium subscription mode for verifying the authenticity of people on Twitter got me thinking about an authentication model I tried -- but failed -- to develop as a side hustle in recent years. I call it “proof-of-you,” which was a play on blockchain models utilizing “proof-of-work” and “proof-of-stake” to mine cryptocurrencies, create NFTs, and power most of the smart contracts that have been the early stages of the Web3 economy.
Initially, I did not start thinking about the problem of authenticating people in social media platforms like Twitter, although I think my proof-of-you model solves the problem for them as well.
I began thinking about it in the early days of programmatic trading, when agencies told me they were transitioning from buying media to reach audiences to buying the audiences themselves through exchanges, platforms and marketplaces that traded pieces of their identity like a derivatives market.
advertisement
advertisement
The problem was that the snippets of identity data they traded often were not very good, because they utilized things like third-party cookies and devices IDs that -- as Musk might explain it -- didn’t have very good “signal-to-noise ratios.”
Those trackers deflated the identity of people when users dumped their cookies, utilized incognito modes, VPNs, ad blockers and a variety of other technologies. They inflated -- or I should say, conflated -- identities when multiple users utilized a device or browser that the trackers defined as an individual person.
There were other problems too, but the bottom line was that with the exception of first-party identity data -- information the consumer provided willingly about themselves -- the data wasn’t very good, and we ended up citing industry anecdotes about the probability of a data-management platform even getting our gender right as being a 50/50 proposition.
Honestly, even first-party data has issues that I don’t think the ad industry wants to accept, since it has emerged as the new gold standard and solution to the deprecation of cookies and device trackers.
And by that, I don’t just mean how they are used to do lookalike target and audience reach extension, but that they don’t actually prove who someone is. In reality, they only prove who someone is in the context of whatever way a marketer or media platform got them to opt in, and in most cases it was because of some impulse offer, content access or because it made doing something more convenient than trying to do it anonymously.
Even worse, I believed that people were far more complex and dynamic than any momentary snapshot of data about them would never actually represent who they are, and perhaps more importantly, how they are changing over time.
To do that, you need a system in which people were constantly updating their own data to prove who they were to other third parties, principally advertisers and media, but occasionally other institutions, and even other individual people.
So I launched a venture that utilized Wall Street’s ask/bid model, but instead of trading stocks, it enabled people to trade their identity – as well as explicit actions like consideration, trial, conversion, etc. – with brands who offered them the best values for it.
Importantly, it was 100% up to any individual to decide what information about their identity they wanted to make public in their profile, or what they were willing to trade as part of a private exchange with a brand bidding for it.
In our market trials we proved people were willing to trade even some of the most sensitive identity data bout themselves – everything from finance and credit scores, all the way up to their physical DNA – depending on what a brand was offering them for it.
Keep in mind, much of this data already exists about them in the “real world” via regulated marketplaces – FICO scores, HIPA data, etc. – that capture, organize and define who they are – often incorrectly – to third parties that bid for them in the open marketplace.
In those cases, people have very little knowledge or leverage about how that data is compiled, organized and used to identify their authenticity and value as a person in the marketplace, and I find it truly ironic that two of the Big 3 credit bureaus now operate audience management platforms that brands used to target people explicitly.
Again, aside from the ethical or moral implications of these identity marketplaces, I’ve believed they just weren’t that good and could be made better if you gave people the ability – and the reason – to prove who they when you needed them to prove it.
Interestingly, when we were developing our proof-of-you model, we had to build it based on industry standard verification models for digital media, so we utlized the default standard of email verification for new users, but we believed that given enough time – and good enough reasons – people would eventually add higher order forms of verification – mobile phone numbers, credit cards, etc. – when it made sense. And perhaps most importantly, when they trusted that the other side was equally authentic and offering to exchange the right value to enter into a relationship with them.
Uber, Lyft, Airbnb and the ilk had already proven that market structure works, because it works for both sides of the authentication market. In the case of Uber, the passenger and the driver. In the case of Airbnb, the guest and the host.
The problem with Musk’s paid verification model for Twitter users, is there is no corresponding transactional component to it. You are simply paying Twitter for the right to have a stamp of approval. There is no other quid pro quo involved. At least at this stage of the game.
If Musk was really smart, he’d build that in and make Twitter an intermediary between consumers and brands that want to have authentic, value-based relationships with each other.
While my venture ultimately failed due to lack of resources, I still believe the proof-of-you model is the right one for an era in which we will increasingly be dealing with authentication issues, not just to mitigate fraud, invalid traffic, bots, trolls, nefarious state actors, etc., but to have an indelible, but dynamic representation of who we are as our own personal identities evolve over time and change with every new technology or media platform experience that becomes a part of who we are – from deep fakes to avatars on the metaverse.
If this is something Musk is serious about developing, I recommend he talk to Tim Berners-Lee, the guy who literally invented the internet, and also founded Inrupt, which is the closest thing I’ve come across that lives up to the proof-of-you model.
Joe Mandese is the Editor in Chief of MediaPost. You can reach Joe at joe@mediapost.com.
Joe - great article. There is no doubt "proof-of-you" is desired by many companies. The problem is to get people to sign-up for it and for the model to be paid. Some Comments:
1) id.me is the leading identity company I have seen, they are behind California DMV and used by US Social Security. However, they charge organizations to do that. At scale, it might be $1-$4 cost per user for initial identity creation and verification, and then $1 for annual renewal. Expensive. If they could sell their ID system to Facebook and Twitter, then they could become more universally used.
2) The mobile operators sell identity verification via a mobile#....they have a company Zenkey.
Your venture was in a good space, but single identity is still fragmented, with big companies having the best chance of success. With multiple id-verify systems, there is no single source of truth.
Twiiter confused "verification" with "identity verification" (or Elon did...). Public figures should get free identity verification (which doesn't always require the players like Zenkey, credit bureaus, and others). They still need to figure out why average person on Twitter would have a reason to pay for id-verification, or include id-verification in subscriptions that people signup for.
@Charles Pierce: Good comments and a lot to think about. I'm familiar with id.me and similar companies, but I don't think it's about paying people for their identities, nor having a platform set up to do that. I think it's about giving people the ability to organize their identity data and trade it with others when they receive the right offer for it. Sometimes that is payment. Sometimes it's other things. Right now, marketers spend hundreds of billions of dollars "rewarding" or incentifying people to share their identity with them. It's a very disorganized market for both marketers and consumers. I think there could be a more efficient and logical market structure. Something more akin to Wall Sreet's.
Interesting that we want better ID verification in order to drop a comment on Twitter, but a hasty scrawl is sufficient for voting.
id.me lets users pick which personal data fields to share with brands (some hotels use it) at the time of purchase. To your point, marketers want to reach people with intent or immediate intent to buy their product/service. Amazon, Google Search, and Browsers (like Microsoft Edge is doing...) can pick up "intent" and sell that info to sellers or make money via advertising sales. Facebook can match potential buyers via its data. Yes, it is complex to figure out a better way than spying on consumers via their actons and trying to interpret intent. I would say identity and intent-to-purchase are two separate issues...of course, identity is needed at the end to complete a purchase. As I said, the big companies stand between marketing/advertising departments and consumers with intent. Amazon and Google have little incentive to make it easer or share the data they accumulate, for sure.
@Kevin Killion: Interesting equivalency, but there are only 15 states that don't require a government-issued photo ID (same authentication that will get you on a commerical aircraft, drink at a bar, or pretty much anything else in the U.S.). And in those states, your signature is an affidavit, which is enforceable by law.
As someone who has followed voting rules in different states, and worked as a poll worker for the first time, you do have a legitimate question around voting, but probably more needed for registering to vote. Some comments:
1) Registering to vote requires ID. In states with "automatic voter registration" at DMVs, you are NOT automatically registered to vote without proof of meeting US citizenship requirements. Yes, you can get a drivers license as an undocumented person, and no you can't get registered to vote.
2) Mail-in ballots are pretty secure. They get sent to real people's registered voter address and one signs certification at a minimum, subject to criminal penalties. In 2020, some well-know public officials were caught voting in 2 different states as they got a ballot at an address in a state with a vacation home or whatever, and google search shows maybe 100 voter fraud cases at a national level. Not much. NET/NET: Mail-in ballots are checked against in-person voting to make sure people don't vote twice. For fraud, someone would have to steal 100s of envelopes out of 100s of mailboxes, without residents raising any questions as to why they didn't get their ballot.
3) IDs in-person might be helpful, but reality is not really needed. When a voter signs in, they vote once. A subsequent impersonator would not be able to sign in. No one has complained in my state about someone voting in person under their name first, and we have 6 million eligible voters. Impersonation just doesn't happen for live voting.
4) In all cases, the cross-checks and voting rules make it pretty much impossible for any large fraud (think thousands, or even hundreds of illegal votes) to occur. The only thing I have seen that COULD happen is someone getting hold of the official ballots, taking a bunch, fillng them in by hand, and then submitting them. Mail-in ballots you couldn't do because of cross-checks. We have multiple people working polling so need 4 or more people to collaborate after polls close. "Missing ballots" can't happen as we have to certify how many blank ballots come in, count up how many are left, and this is cross-checked to total ballots used.
In short, our election processes are pretty darn reliable, and wide-spread voter fraud (even in the dozens would be extremely hard to do) isn't something that I could see being effectively done. In my state, voting machines count paper ballots, so "hacking" can be proven by re-counting the actual ballots. It's a good system.
Good comments Charles.
But one has to ask ... who determines the electorates? Elbridge Gerry?
AU has the Australian Electoral Commission which draws the boundaries. They change regularly due to the fluidity of the population of voting age. By reviewing electorates each election (National, State or Local) a fair degree of equality is achieved. The electorates are not based soley on voting population but also include things like size (our outback is pretty big). The voting population is usually within +/- 10%. By ensuring that we have a high degree of voting equality. We also have compulsory voting - for the first time in a century our turnout dipped just below 90%.
Love the "check in" from the great country of AU. Thanks for Gerry reference - I learned something new! I will try and summarize here on national and state elections.
1) FOR PRESIDENT: The US constitution says states (legislatures basically) determine the manner of selection of "electors". So, the citizens vote for "electors". Electors are normally pledged to vote for the candidate they represent.
Each state gets elector total based on their total US Senators (all states have 2) and US Reps (based on population, essentially distributed like your AU districts with roughly each US Rep representing same # of people, +/- 10% or as close. Large states get lots of reps, sparse states may only get 1 US Rep minimum.)
2) So, at this point, the US democracy is really just a duopoly run by Democrat and Republican parties. The state legislatures determine the districts by census count every 20 years (US Constitutional requirement). In some states, the legislatures by state constitutional amendments (based on voter referendum or state legislature laws) or other laws have transferred the district selection to commissions. Mostly though, the parties in both states put their own people on Redistricting Commissions, they fight it out, and overall legislature votes , or sometimes a state judge has final say.
NET/NET: Highly partisan process overall. In my state, the two parties who appoint most people to the redistricting commisison, will cooperate to achieve things. 2 examples. In 2000, our state lost 1 US Rep position due to lower population. So, the Democrats chose one of their incumbents to lose his district in exchange for a minority-majority district which the Republicans agreed to. Minority-majority means over 50% of people belong to a minority based on ethnicity. The parties eat their young and work with each other to support incumbency power wherever possible.
3) It may NOT MATTER how gerrymandered districts are. They do analysis, and the districts by population are relatively close, and they fight for party #s, or minority #s . However, people of similar incomes and views tend to live together, so you will get districts that are very weighted by party or race. You would actually have to do MORE GERRYMANDERING to "balance this out". Ballotpedia did analysis of 2020 elections. What I took away from that with my analysis is that 85% of our US House Districts are basically uncompetitive and thus don't matter for national elections.
4) On a National basis, 48 out of 50 states award ALL ELECTORAL votes to the PRESIDENTIAL candidate with the most votes in the state. So, a 51% - 49% result gives 100% of electoral college votes to the candidate. This is very disenfranchising, but both parties like the system apparently. 2 states do proportional awarding which is more fair and reflects voters' choices.