AI, Deepfakes and Digital Identity
The rise of AI generated content is making it harder to tell what is real and what is fake online. Fortunately, a new web standard around identity is here to help.
The past few months have seen several breakthroughs in AI. The tldr; of why this is happening is that a few years ago, a new type of deep learning architecture called “transformers” was released, and there was a realization that the quality of the predictions were directly correlated to the size of the model. The more computing power and data you could train your AI with, the more human-like it would behave.
These mega-models make it possible to have human-level conversations with AI (e.g. ChatGPT), or create high quality images from text prompts:
The capabilities of AI to fake humans goes way beyond images and text; however. It can be used to create entirely fake podcast episodes (for example here with AI Joe Rogan talking to an AI Steve Jobs), and even have actors play in movies and ads without the actual actor being there. For example, here is a Russian commercial where Bruce Willis’ face was superposed onto another actor’s face:
The possibilities are seemingly infinite, and the realness is mindblowing. I have been in AI for nearly 20 years, and to be honest I didn’t think we would get to this level of accuracy so quickly.
And while people mostly use AI to do good things, some are of course using it for criminal purposes, for example to scam people by pretending to be someone else:
Beyond scams, we also see a rise in deepfakes used for several other scary purposes:
political targeting, with fake videos of politicians sayings things
revenge porn, where people create fake porn movies that include people from their school or social group
corporate spying, with people using deepfakes on zoom to attend meetings and fish for confidential information
I think it is fair to say we can no longer trust anything we hear, see or watch online. And this, I believe, is the biggest societal threat we face with AI.
DIDs to the rescue
While there are some attempts to use AI to detect AI, a better approach is to authenticate content posted online. By doing so, people would be able to know whether some content they are seeing is legitimate or fake. It wouldn’t matter how good AI is at impersonating us, since we would rely on a different system of trust.
This could work as follows:
the author generates some content, then signs it digitally
the content is uploaded to the internet, along with the signature
when someone wants to check if the content is legitimate, they can do so by verifying that the signature is legitimate
optionally, we could store the signature and the hash of the content it corresponds to on a blockchain, to keep an immutable history of who published what.
Building such a system is easy. The hard part is ensuring that we have an incorruptible system to manage our digital identities. Without it, we wouldn’t trust that the person who signed is actually who they say they are!
Our digital identities should be issued by a trusted entity (such as a government), or by other means such as social attestation (i.e. you ask people who are verified to verify you). It’s also of course perfectly fine to self-issue an anonymous identity, but it probably won’t be trusted as much (think of anonymous Twitter accounts vs verified ones).
They should be secure and impossible to falsify, which is exactly what cryptographic signatures are for. The corresponding cryptographic keys however should not be managed by a central party, but rather decentralized and managed locally by the user. We can use blockchain wallets for this, by storing the identity private keys inside a crypto wallet like Metamask. After all, that’s exactly what your Ethereum wallet is: an identity with a secret key that is used to certify that you are the one who made a transaction!
We should be able to selectively disclose part of our identities, to remain in control of our privacy. For example, if you want to access an adult website, you only need to prove you are 18, and you shouldn’t have to disclose your name or nationality. This can be done using Zero-Knowledge proofs to create “zk-attestations”. Basically you generate a proof that you are over 18, without revealing anything else about your identity.
Finally, and I really want to stress how important this is, such an identity system should be standardized so that we can use the same identity everywhere. Fortunately, this has been done by the W3C who created a new decentralized identity standard, called DID. Not only can DIDs be used to sign content, they can also act as a way to login to a service, replacing passwords and social sign-ons. You can think of DIDs as a generalization of blockchain wallets, acting as a decentralized alternative to the “Sign in with Google”. Mark my words: this is the most important web standard to emerge since HTTPS, and it will change everything.
Investing in DID
I am currently looking at multiple angles to invest in DID. The ones I am most excited about are:
Decentralized social networks, since they are easy entry points for people to create and use their DIDs, without even realizing that’s what they do.
Crypto wallets, as they are already used by hundreds of millions of people to access web3 apps, and could easily conform to the DID standard to act as a universal login and authentication tool.
ZK-attestations as they allow us to keep our identities private while still using them everywhere.
DID infrastructure and services, such as backups for your identities, hosted DID servers, etc.
And finally, identity blockchains that have some proof of humanity and thus could act as trusted DID issuers.
AI might take our jobs, but cryptography will prevent them from taking our lives!
Rand
ps: if you like what you read, please consider sharing on Twitter or LinkedIn!