Problem: AI attacks. Solution: A secure proof-of-humanity system which protects human privacy.
I woke this morning with a revelation and a new hope. It is this: if done right, with privacy and security protected, a “prove you are human” system could protect against human unethical use of AI.
The Need for Protection Against AI
What are the risks of AI? What AI can do is much more than most people realize. AI has also been weaponized for much longer than most people realize. AI, when fed real information on a person or a group of people, can use large language model script generation, voice cloning, fake image generation and deep fake video to dramatically change human behaviors. AI is a proven tool. It is used in wars. By dark artful deception, it can even kill.
For instance, during the Israel-Hamas conflict, there were instances of AI-generated images and videos being used to spread false claims and evoke strong emotional reactions. These AI-generated content included images of babies amidst bombing wreckage and videos showing supposed missile strikes and ruined neighborhoods[3][5]. Additionally, generative AI programs have been used to create deceptive content, such as false claims about the war and emotionally manipulative images, which are designed to mislead the public and exacerbate the existing problem of misinformation[3][5]. The use of AI in war propaganda has raised concerns about the potential for AI to become another form of weapon and the risks associated with the spread of AI-generated disinformation during conflicts and elections[5].
Protecting against AI involves enforcing accountability[15], transparency, and ethical standards so the benefits of AI can be maximized while minimizing the risks and potential harms.
Why Captchas?
I personally hate Captchas, especially the ones that take too much time by putting you in what seems like an endless loop. I do not want to click on crosswalks, traffic lights and motorcycles, but have to admit that the latest Captcha iteration where you move a puzzle piece into a puzzle are fast and easy.
Once the user interface is working, the biggest problem I have with Captchas, is the potential intrusions on privacy. If I felt like I was proving myself human without being tracked by Big Tech for who knows what purposes, I would feel much better about it.
How A Blockchain Captcha can Help Saving Humanity
The blockchain is the basis for Bitcoin. It is a proven technology, it works. If you want to understand how it works, the details are available. Once you accept that it does work, you can realize that there are many options for how to apply it. One idea is a Blockchain Captcha, a way to prove you are human to an application or to another human, without going through a human centralized system which could be co-opted or run by corruption. Uses of a Blockchain Captcha include:
1. Preventing automated attacks: CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) systems are currently used to verify whether the user is a human or a bot. However, traditional CAPTCHA systems are often bypassed by sophisticated bots. By implementing a Blockchain Captcha, the decentralized nature of the blockchain ensures that it cannot be tampered with or manipulated by bots. This significantly strengthens the ability to distinguish humans from automated programs, preventing malicious activities such as automated hacking attempts, distributed denial-of-service attacks, and spamming.
2. Combating misinformation and fake news: In the digital age, misinformation and fake news have become highly prevalent, leading to social division, public unrest, and even the manipulation of democratic processes. A Blockchain Captcha could be integrated into online platforms to verify the authenticity of content creators and publishers. By ensuring that real humans are responsible for creating or endorsing content, the system would enhance trust and reduce the spread of false information.
3. Securing digital identities: Blockchain technology enables the creation of self-sovereign digital identities, which are owned and controlled by individuals. By integrating a Blockchain Captcha into the process of establishing and verifying digital identities, the system can mitigate identity theft, fraud, and unauthorized access. This contributes to protecting individuals’ privacy and ensuring trust in online interactions.
4. Safeguarding financial transactions: Blockchain technology provides secure and transparent transactions by eliminating intermediaries, enabling peer-to-peer transactions, and ensuring tamper-proof records. By incorporating a Blockchain Captcha as an additional layer of security during financial transactions, the system can prevent unauthorized access to accounts and minimize the risk of online fraud or hacking.
5. Enhancing data security and privacy: With numerous instances of data breaches and personal information leaks, data security and privacy have become critical concerns for individuals and organizations. A Blockchain Captcha can help protect sensitive data by verifying the identity of users before granting access to confidential information. Additionally, by storing transactional records on the blockchain, data integrity and immutability are ensured, reducing the risk of data tampering or unauthorized modifications.
Overall, a Blockchain Captcha brings together the security features of blockchain technology with the human verification aspect of CAPTCHA systems. By leveraging the decentralized and immutable nature of the blockchain, it can contribute to saving humanity by protecting against various online threats, including automated attacks, misinformation, identity theft, financial fraud, and data breaches.
Is There a Blockchain Captcha?
Yes, one blockchain-based Captcha is called Prosopo Captcha, which is a drop-in replacement for reCaptcha and hCaptcha[6]. Prosopo Captcha is a decentralized bot protection service that offers robust bot protection without compromising user privacy. It is designed to protect applications from bots and bad actors without compromising user privacy or security[6].
Other blockchain-related Captcha solutions include:
1. Privacy Pass: A cryptocurrency-based anti-bot project that aligns with the anonymity values of the crypto community. Its tokens are unlinkable, so websites can’t create a composite picture of users’ browsing habits when they redeem them[7].
2. HCaptcha: A service that monetizes CAPTCHAs through cryptocurrency rewards. Website operators can get paid if they allow visitors to access their website without solving a CAPTCHA[7].
3. Geetest: A CAPTCHA service involved in the blockchain industry, which uses step-up challenges and AI-powered backend engine for security and customization[10].
These blockchain-based Captcha solutions aim to provide a more secure and user-friendly experience for website users while protecting websites from bots and other malicious activities.
What is Prosopo Captcha?
Prosopo Captcha is a decentralized human verification service that can be used to stop bots from interacting with a website or application. It is a drop-in replacement for reCAPTCHA and hCaptcha, designed to protect user privacy and collect zero data[11][6]. The system uses a combination of machine learning and human verification to determine whether a user is a human or a bot. When a user attempts to access a protected resource, they are presented with a challenge that is easy for humans to solve but difficult for bots. If the user successfully completes the challenge, they are allowed to access the resource; otherwise, they are blocked from accessing it[12].
To deploy Prosopo Captcha on a website or app, developers can easily implement it via a script tag or a React component. The JavaScript snippet will display the Prosopo Captcha challenge to users and verify their response. Additionally, to verify the user’s response on the server side, the `@prosopo/server` package can be used[11][12].
Prosopo Captcha is a decentralized bot protection service that offers robust bot protection without compromising user privacy. It does not store any data, and bot detectors receive minimal information from the application, ensuring no centralized user data store[6].
Why Avoid Google’s reCAPTCHA
The Prosopo web site has a good write up on this, so we are including it here:
Centralisation and Data Privacy Concerns
All verification requests go through Google’s servers, making it a centralised system. Your site’s users don’t want to hand all their data over to Google if they don’t have to – the privacy concerns here are inevitable.
Price
If you reach the levels of traffic that you’re probably aiming for, reCAPTCHA can quickly get very expensive.
Image Labelling Over Verification
Human verification is not the main aim of CAPTCHA for Google – data labelling is. Google is more than happy with supplying a poor user experience and letting false positives through, as long as it helps build their closed-source library of labelled images.
Overzealous Blocking
reCAPTCHA often blocks users who use VPNs, proxies, or Tor, mistaking them for automated traffic. Individuals who care about their privacy, often the most technical and valuable users, should not have their online experience damaged.
Google Recaptcha has raised concerns about privacy invasion due to its data collection practices and potential implications for user privacy. The tool ranks public IPs based on users with Google cookies, leading to repetitive challenges for users sharing IPs. Additionally, Google Recaptcha collects data that enhances Google’s advertising products and machine learning algorithms, potentially raising GDPR compliance issues[16][17][18][19]. The tool’s tracking and analysis of user behavior on websites to determine bot likelihood have sparked debates about its impact on privacy, especially under GDPR regulations[20].
Is Prosopo Vaporware?
At this time Prosopo Captcha is available in beta, it is not rolled out an proven at scale as far as we can tell. We are continuing to investigate its possible uses and to verify that it is not just another stealth data collection scheme (extremely tempting for humans) for secret profit.
If the ethics and implementation are right, this could be the solution, if not, I feel strongly that something like it, something that does what Prosopo claims to do, is.
Citations
[1] https://www.calcalistech.com/ctechnews/article/h3u0zc3eg
[2] https://www.foreignaffairs.com/united-states/coming-age-ai-powered-propaganda
[3] https://www.rollingstone.com/politics/politics-features/israel-hamas-misinformation-fueled-ai-images-1234863586/
[4] https://www.pbs.org/newshour/show/how-militaries-are-using-artificial-intelligence-on-and-off-the-battlefield
[5] https://whyy.org/articles/deepfakes-gaza-war-artificial-intelligence/
[6] https://prosopo.io
[7] https://cryptobriefing.com/crypto-captcha-anti-bot-recognition/
[8] https://www.hcaptcha.com
[9] https://www.coindesk.com/markets/2018/09/26/blockchain-startups-aim-to-kill-the-captcha-with-a-new-anti-bot-protocol/
[10] https://www.geetest.com/en/Industry/blockchain
[11] https://github.com/prosopo/captcha
[12] https://www.prosopo.io/articles/how-to-deploy-prosopo-procaptcha-on-your-website-or-app/
[13] https://cryptobriefing.com/crypto-captcha-anti-bot-recognition/
[14] https://www.cloudflare.com/learning/bots/how-captchas-work/
[15] https://newsi8.com/detect-and-debunk-ai-propaganda/
[16] https://www.reddit.com/r/privacy/comments/l6umob/google_recaptcha_is_a_privacy_nightmare_and_big/
[17] https://datadome.co/guides/captcha/recaptchav2-recaptchav3-efficient-bot-protection/
[18] https://news.ycombinator.com/item?id=36430280
[19] https://measuredcollective.com/gdpr-recaptcha-how-to-stay-compliant-with-gdpr/
[20] https://www.fastcompany.com/90369697/googles-new-recaptcha-has-a-dark-side
