I am pretty sure that I am human. I am also pretty sure that my wife, my friends, my colleagues, and other people I have met in real life are also human.
I am less sure about disembodied entities on the internet, like you. If you are human, then welcome to this post and I would like to hear what you think about it in the comments. Before you post anything though, I need you to prove to me that you are human because I don’t want to read comments posted by evil-spammy-bots.
Why?
I know asking you to prove that you are human is weird, but it is necessary. Without some kind of proof that you are human every service on the internet built for human communication would quickly becomes taken over by bots. This is because bots make hundreds of millions of dollars per year through advertisements, scams, and malicious content (e.g. viruses) that annoy/harm humans.
#spambot
Email is a good example of a service where bots send the majority of all messages as it doesn’t require any proof that the sender is human. Bots do this so well because they are very fast at posting messages and this makes them cheap to run. Compared to bots, we humans are very slow. Our time and attention is an expensive resource. Forcing a bot to be as slow as a human is the reason for the proof. A bot (like this one) sending 100 million emails a day would take nearly 3 years to send the same amount of emails if it took 1 second to prove they were human.
I want you to prove to me that you are human so I know it costs you about as much time to post a comment as it takes me to read it.
How?
It is too difficult and expensive to prove that you are human directly to me. Instead, I am going to trust Medium to do it, and Medium in turn trusts Google, Facebook, or Twitter (if you logged in with one of these services). This trust is necessary because the difficulty and scale to prove you are human is so huge that it has fallen to a small group of large companies. These companies are trusted by an increasing number of services to stop spam on the internet. So how are these companies solving this difficult task?
They used to just have you write down letters from an image with distorted characters.
n752Grr is proof I am human
This was used because humans have a far superior visual abilities than bots. At least we used to. Since around 2010 improvements to image reading algorithms helped bots solve these kind of problems as fast as humans. Add to that the decrease in outsourced labour costs (to about $0.35 to read 1000 images) and ingenious workarounds (like tricking people to read images to view streaming content) — reading distorted images can no longer prove you are human.
These days companies like Facebook, Google, and Twitter have different ways to decide your humanity.
Facebook has the most strict policy that states you have to be a real human and use your real name.
Facebook has “developed sophisticated systems to help block automated programs (or “bots”)”. However, these systems sometimes discriminate against other cultures and the disenfranchised seeking anonymity from authoritarian regimes.
Google uses its reCAPTCHA service (that is free for everyone) which asks you to click a button or group some images.
Bot solving reCAPTCHA
This service tracks your mouse movements, IP address, cookies, and other information to try determine if you are human. Google says “You don’t have to verify your identity, to verify your humanity.”, but the system uses IP addresses that could identify you via other Google services e.g. gmail, youtube, Adwords…
Twitter allows bots as long as they behave like good humans and don’t spam other users with unwanted messages. This policy has meant that now 9% to 15% of all Twitter users are bots, many of which are bad like @sunneversets100, an amplifier-bot of pro-Kremlin messages that in a 288 day period posted over 200k tweets (research borrowed from here). This bad-bot tweeted 5 times every 10 minutes for 288 days which is about 140 times more than an average user tweets.
Typical Twitter user
Twitter says it has programs to delete bots, but online tools that try to detect bots on Twitter show little decrease, e.g. this tool estimates that 55% (20 million) of Donald Trump’s followers are bots and 18% (16 million) of Barack Obama’s followers are too.
Today, we have companies we are entrusting with securing our ever growing communication over the internet. They are trying to prove we are human using “sophisticated programs” whose inner workings are hidden from me and you. These programs often require personal information, can sometimes discriminate against groups of people, and have dubious success rates. Well, now I am less sure you are human. Especially if you logged in with Twitter.
Future
The rise in propaganda, fake news, ransomware, and spam spread by bots is increasing the need for a good “proof of human”. The companies that we trust to determine our humanity are fighting an up-hill battle as the constant improvement of AI is making bots closer and closer to human. Soon we might live in a dystopian future where to participate in human communication you will be required to prove, by unknown methods, that you are human to a few large multi-national corporations. Wait, are we there already?
Are you human?
Proof of Work replacing Proof of Human
If we want to stop our dystopian present where a few companies control proof of human for most of the internet, we can to look at how similar problems have been solved by decentralized systems, e.g. distributed-ledges like Bitcoin. These systems are networks constructed of mutually distrusting parties that must work together towards a similar goal. To stop evil spammy bots from consuming their networks, these distributed ledgers have to employ multiple strategies. One such strategy is proof of work.
A game is a “_voluntary attempt to overcome unnecessary obstacles”
—_Bernard Suits
Proof of work is a game we force computers to play to slow them down. Bitcoin’s proof is to find a string that when added to a message makes their SHA-256 hash start with a certain number of 0s. For example, (from the Bitcoin wiki) if you wanted to find a proof of work for “Hello, World!” and the target was to find three 0’s, we could start by adding integers to the end of the string like:
“Hello, world!0” => 1312af178c253...``“Hello, world!1” => e9afc424b79e4...``“Hello, world!2” => ae37343a357a8...``…``“Hello, world!4248” => 6e110d98b388e...``“Hello, world!4249” => c004190b822f1...``“Hello, world!4250” => 0000c3af42fc3...
This would take 4251 tries (the work) to find the answer (the proof). Finding this proof took time but everyone can easily validate it. This game also comes with a difficulty setting where we can make it harder for computers to play by asking them to find more 0’s.
Instead of asking humans to perform a slow task like reading an image, we could ask computers to play our proof of work game. This would slow bots down to a more human speed, increasing their cost. Moreover, the difficulty setting becomes an adjustable lever we can use as computers become faster, or as bots launch focused attacks (like during an election). Another benefit is that, unlike proof of human, AI research and human labour costs don’t affect proof of work’s efficacy.
The costs to find a proof are distributed across the networks users based on how much they use/abuse it. As a human, you might pay only half a second more to post a comment, barely noticeable to you. Where as a bot trying to post the same comment a million times would be waiting for five days.
Proof of work has a few downsides though, it can lead to bad UX for users as they wait for their computers to find a proof, it also wastes power as the computer plays its game. Both of these can be mitigated by only requiring proofs from users that act like bots, or changing the difficulty for different actions, e.g. having a high difficulty for signup and a low difficulty for commenting.
Using proof of work instead of proof of human to secure communication is not perfect. Selecting the right proof and building a system that punishes bots but not humans is a difficult challenge. I think proof of work is ultimately better than proof of human because it can be understood without being hidden, its adjustable difficulty allows for finer control, and it can be implemented without needing to trust a few large companies.
Securing a Blockchain with Proof of Human
Let’s invert the above scenario: could we build a blockchain that uses proof of human instead of proof of work?
This entire post came out of a joke where I wanted to try to build a blockchain that used the distorted images proof (or another proof of human) instead of proof of work. After some thought, I am not sure it is possible and here is why.
All proof of human methods (I have seen) require a trusted central party to generate the problem, keep some piece of information secret which is then used to validate the answer. It is not decentralized to have a trusted party.
For a decentralized proof of human method to secure a blockchain it should follow the following constraints:
- It should be easier for a human to solve than a computer; a computer can solve it, it just has to cost them more than a human to solve
- It should be easy for any parties computer to validate
- It should have adjustable difficulty; as computers get better at being human, we real humans can increase the difficulty
- The answer to a problem cannot be not known by anyone; otherwise someone would have an advantage
Reading distorted images has 2/4 of these properties, as whomever generated the distorted image knows the answer (4) and is the only party who can validate it (2).
Weakening some of the above constraints might work. For example, if we had humans validate the answer using crowd computing, and the problem was something like “find a unique picture of a fluffy cat”. This problem satisfies (1) (3) and (4), until computers become a better judges of “fluffy”.
A fluffy cat proving I am human
“Proof of Human via Fluffy Cat” is a distributed reverse Turing test where the answers are validated by having many humans “vote” on the picture that is most likely taken by a human. The winner after a time limit is then selected to be human. The two problems with this solution is that it assumes humans are good at recognizing other humans, and making sure only humans “vote” requires another proof of human. Ultimately, this would just become a decentralized reddit where users are rewarded for looking at cat pictures all day.
Besides the technical aspects of this idea, another concern is the morality of having a blockchain powered by proof of human. The problem is that this could create a dystopian future where people are paid to repeatedly prove that they are human in blockchain mines. It is concerning that we are nearly there as right now people are earning $0.35 to prove they are human 1000 times by reading distorted images.
Post script
Most of the ideas in this post have already been explored by multiple other sources: proof of human is just another name for CAPTCHA, proof of work to protect APIs has been around since the 90s and is actively used in implementations like Hashcash. I think using “proof of human” to secure a blockchain might be an original idea, even if it is a bad one. I am still interested to find out if it is possible. So, if you have any ideas about how to use a “proof of human” to implement a blockchain, leave a comment below… but only if you are human.
Further Reading
Aljazeera blocking comments now relying on Facebook and twitter
Machines learning to flag toxic comments
The Economics of Spam (2012)
Life 3.0 equates the size of a consciousness to the speed at which it can make decisions. That is, being slow might be a necessary part of being a conscious and human.