Concept: Preventing Identity Theft with Optional Identity Verification

Now that our brand new UI is complete, the LocalEthereum team is moving full-steam-ahead with new features. Earlier, we said combating fraud is a 2019 priority—today we’re releasing details about a new feature we’re working on to prevent scams on the platform.

We’re working on a new identity verification solution to help combat fraud, but we’re not KYC-ing. LocalEthereum is creating a safe way for traders to optionally verify and share their identity without LocalEthereum seeing it.

This isn’t a feature announcement—yet. It’s one of the many things we’ve been building lately that hasn’t yet made it to the finish line. We’re publishing our work-in-progress concept here, in spirit of transparency, to invite feedback and criticism, and so other projects facing a similar problem can innovate based on our insight and ideas.

The current makeshift solution

LocalEthereum currently has no identity verification. We don’t ask for your name before you’re able to trade, let alone any documents.

However, we don’t prevent users from choosing to share identity documents with each other directly via encrypted messages. It’s well known that some payment methods, especially PayPal, carry a greater risk of fraud—especially chargeback fraud. With these risks in mind, some heavy-weight traders have already implemented their own identity verification processes using the encrypted attachment feature.

Usually, this process is as simple as asking the other party to upload a copy of their photo identification in an end-to-end encrypted message. When the payment comes in, the seller will match the name on the incoming payment to the name printed on the buyer’s government-issued identification.

What’s wrong with that?

The problems with sending identity documents like this are that, while messages are end-to-end encrypted, there is no way to control what the person on the receiving end does with the document and most users aren’t trained or equipped to spot a fake ID.

Unfortunately, there is no way to know whether the recipient has erased a document after use, or whether they are storing the document unsafely. The greatest risk of having an identity document in unknown hands is that it might end up being leaked or offered for sale on the dark web, and later used for nefarious purposes. It could even end up back on LocalEthereum by somebody pretending to be you.

For these reasons, sharing sensitive identity documents with unknown traders isn’t an ideal solution. It’s a working solution, and the risk may be slim if you’re dealing with a trusted trader, but the probability of becoming a victim is non-zero.

Potential alternatives

If sharing identity documents over encrypted messages is unsafe, what can be done to prevent identity theft? We looked at three potential solutions:

Watermark the document ❌

Watermarking solves the issue of identity theft in most cases, however many watermarks can be photoshopped out, and this doesn’t address the point that users are not usually equipped to authenticate documents.

Have LocalEthereum verify identities ❌

LocalEthereum is a hands-off non-custodial platform — we can’t touch your ETH, we can’t read your messages(unless you ask us to), and we don’t dictate the terms of your interactions. Hosting a central repository of sensitive documents violates our core values of privacy and security, and makes us a target for thieves.

Centralised custodial services are a target for ruthless hackers, but cryptocurrency isn’t the only gold for hackers: personal data can also be very valuable. Troves of sensitive information have been stolen in high-profile data breaches from companies such as Equifax, Yahoo, eBay, Adobe, Ashley Madison, and many others.

A complex hands-off solution involving cryptography ✅

Perfect!

The ideal experience

We think we’ve come up with a pretty good solution that will…

Enable users to share their name, and prove that it is their name, without revealing any identity document to the other party, and without revealing their name to LocalEthereum.

Here’s how it will look:

1. A user uploads an identity document to a trusted attestor.

The user will upload their photo identification on a page dedicated to the new feature. They can choose to manually designate a trusted attestor, or let LocalEthereum suggest one for them. A small fee will be attached to pay for the attestor’s time.

(Example UI; we promise the real deal will look better.)

2. The trusted attestor verifies that the name on the identity document belongs to the user.

The trusted attestor—in this example, the attestor’s name is Charlie—will verify the uploaded document. Once it’s verified, Alice will be notified that she can now use the verified name in trades.

An attestor could be anybody—it might be a reputable trader, a well-known trustworthy individual, or a company with a long-track record in identity verification. More on this soon.

3. The user can share their verified name to any other party without revealing the original document.

The verified identity can now be used in an unlimited number of trades, instead of sending identity documents directly to other traders. Assuming that Charlie is highly trusted, the other user will be satisfied in knowing that the name is verified by Charlie as belonging to you.


How this can work

The way this verification system will work involves:

  1. Public key cryptography
  2. A marketplace of trusted people
  3. Our existing end-to-end encrypted messaging protocol

Say Bob is a trader. To thwart fraud and/or comply with local regulations, he needs to know the names of people he trades with.

Alice wants to verify her full name to other traders. She has a scan of her passport that people can use to verify her name, but she’s worried that by using it in every trade, a rogue trader will copy it and steal her identity.

There is a public list or marketplace of trusted attestors, who compete with each other on reputation and price. Alice picks Charlie, one of the most trusted attestors in the marketplace, who happens to charge 80¢ to verify an identity document.

With the help of LocalEthereum’s UI, Alice uploads an encrypted copy of her passport, which only Charlie can decipher. This end-to-end encryption can be accomplished either via an encrypt-to-public-key solution like RSA, or an anonymous key agreement protocol like ECDH.

Charlie checks the passport, ensures its authenticity and notes the name printed on the document. Once the document is verified, Charlie signs a message containing a hash of Alice’s full name plus her public key — e.g. SHA3(Alice Realname 0x3D2F55CA).

Now, given Alice’s public key, Charlie’s public key, Alice’s full name and Charlie’s attestation signature, somebody else can verify that Charlie has confirmed Alice’s real name is Alice Realname.

Charlie’s attestation signature and the verified name are transferred to Alice, again end-to-end encrypted, so that LocalEthereum is kept in the dark. These details (her real name and the attestation) are stored encrypted in Alice’s LocalEthereum account. (At some point during the process, Charlie is compensated for the effort, which could be covered in part or full by LocalEthereum.)

Now, Alice is ready to trade with her verified identity. She opens a trade with Bob — who happens to have a low risk-tolerance — and Bob asks Alice for her real name. In an end-to-end encrypted message, Alice sends to Bob her real name and the attestation signature from Charlie.

Assuming that Bob trusts Charlie too, Bob has all the information necessary to verify that Charlie has confirmed the name “Alice Realname” belongs to Alice. He doesn’t need to see the original document.

With the attestation signature safely locked away in Alice’s account, she can re-use the verified ID throughout the lifetime of her LocalEthereum account.

Meanwhile, LocalEthereum is unaware of Alice’s identity, and is not even aware that Alice shared her identity with Bob. Similarly, Charlie has no knowledge of Alice’s trading activity, and he’s not aware of the interaction between Alice and Bob.

This will be an optional feature

After reading this, please don’t scream “LocalEthereum is doing KYC!” — that’s not the case.

Our intention is only to make the platform safer for people who are already choosing to share their identity with other users. We suspect that this feature will be used by traders with a low risk-tolerance trading large amounts over unsafe payment mediums such as PayPal and Venmo, or those that may be required to do so to comply with local regulation.

Users will be asked to mark their offer with a special “I will ask for your name” icon if it’s their ordinary procedure to ask for the other side’s identity. This will make it easy for users who don’t wish to share their identity.

Missing pieces

As mentioned, this is currently a work-in-progress concept. The finished product might differ slightly to the technical system described above, however we intend to keep the user-experience the same.

There are currently three unknowns:

  1. We don’t know if a suitable decentralised marketplace of reputable attestors currently exists
  2. We’re unsure about the cost of identity verification at scale
  3. We’re not entirely sure how reputation will be measured; we assume there must be a kind of sybil-resistant web-of-trust in play

There are a few decentralised identity solutions around, and a few more in the works. We’ve spoken with a few teams already about a possible integration, however we’re still searching for the best identity-related project to help bring this concept to life.

We think that the design of some decentralised identity projects is needlessly complex and burdensome for our use case. For example, there are at least two decentralised identity projects that put everything on-chain and require end-users to install a proprietary mobile app before they can upload their ID.

If you’re building an identity solution or reputation-based marketplace which seems to fit the bill, or you have any feedback, ideas or criticism, reach out to us! LocalEthereum has a user base of more than 100,000, an accumulative trading volume nearing $70 million, and we’re eager to find people to help turn this mock-up into reality.