Disable NFC & Change the KYC

[stuk88]

Hey!
I'm working on an Israeli version of the app and the network (core) to able to allow Israeli to join the network.
Israeli passports does not always have NFC chip, and mostly dont.
So I thought about removing the nfc requirement from the registration and converting it to a simple ID_NUMBER->HASH conversion.
The ID number can be checked for validity with certain rules.
So whats the HASH I should use to get setInAddress value.

• Do you have a recommended procedure on adding a country?
• Should I define different network?

[ubiubi18]

Hey stuk88, great to have you here! I am not the developer, but i follow ubic for some time. I think the nfc requirement is important for the security of ubic, because that way only those people can access the nfc chip who provide additionally passport number, date of birth and date of expiry (not to the blockchain, just to access nfc). If that additional layer of security is not in place it would be much easier to collect passport data without consent of passport holders. I think proper privacy is really important to keep ubic save from abuse. Right now theft is harder than only collecting passport numbers, thiefs will have to collect physical passports and personal information to register multiple accounts under their control? I dont know what is and what isnt technically possible just with passport numbers though. Maybe you can combine it somehow with a web of trust to make it more sybil- and theft-resistant?

[rgex]

@stuk88 thank you for your interest in the project.
As @ubiubi18 already mentioned the registration is based on the digital signature from the government that is included within the NFC chip.

Looking on the internet I found out that Israeli passports issued during or after 2013 do have a chip.
As of now they are not supported, because we don't have enough data to know if they work with UBIC, indeed to be compatible the document signing certificate used within the passport has to meet some criterias.

I will soon update the "Bondi Passport Reader" apps on both the app store and the play store in order to collect the document signing certificates of the countries on which we don't have enough data yet.
This includes Russia, South Korea, all African counties and Israel.
So maybe it will be possible to join for Israeli passport holders (issued during or after 2013) in some weeks.

[stuk88]

Yea.. not all the passports were issued with a chip (mine is from 2016 and its paper based)
And its a bit shady (the people don't want to move over to a digital passport), and not everybody have a valid and even any, passport.

But, we have a national ID card that has a Social Security Number, and more stuff..
I wish to implement (myself) the ID recognition & validation code.
So to make it simple, yes, I know that the system will not be as secure if only a ID number is needed to register, And I think of multiple ways of making sure that its not fake ID. But yes its not a bullet proof method.

BUT(!) I don't care its not bullet proof, because the main concern right now is to help people in need without a proper income because of the Corona.
I'm relying on that its a bit of a hassle to register so not many people will do it, and those who does will not do the hassle of installing the app on another phone.

The urgency is critical.
So any ideas on what hash should I use to get the wallet address based of the ID string?

[stuk88]

And yes I thought about taking a picture of the ID and picture of the person, and validating it with other members of the network.. But its too much for a simple registration right now,
And the privacy issue is hard, because I dont want to save a personal info on the network.

Any more ideas on how to double validate a user automatically would be welcome of course

[stuk88]

Found that one:
https://www.brightid.org/#get-started
Any thoughts on that?

[stuk88]

Just another thought...
Combined with a phone number will make it more thief proof.
If the phone number will be accessible to a Random Validation's group, I can run with it tomorrow and time is of the essence.
If the phone is saved on the Blockchain I have to encrypt the phone numbers so only the User Validation Group could see them. (Maybe its not the best idea.. and I got more at the end of the comment)

So if I do that, I need to find those thief's or scammers..
A good counter measure could be to run a check on the Blockchain and check if there are wallets that pay only to a single or constant group of wallets the same amount,
And that it was like that since it registered or the previous period.

For example: After a year of constant same amount transactions to the same people is registered, without any changes to the previous period the wallet can be locked or registered as shady, and will be up to a check.

Comparing period hash's could be the way to do it. And yea I can do it in a separate script.

A user validation check could be:

• What BrightID are doing, but I guess its not that good to ask his contacts if he is who he is... (not everybody on the app, maybe a group of scammers that just cover each other, or a person that represent himself as someone else to his circles)
• Because the UBI is a local thing, we could always just ask for phone number with the SSN, and when in doubt that the person exists, we could contact him and validate him personally.
• Blockchain based communication: If a person can get and send messages to wallets, we can contact the person within the blockchain itself, and just ask him to call us. (Can a person get a Message with a zero (0) amount transaction?)

[ubiubi18]

I think UBIC is not compatible with those ideas.

Anyway, let us try out everything - you might want to do some research on existing approaches for sybil resistance as well as for existing cryptoubi projects.
One starting point could be the "openubi" telegram group and scrolling back there.

I share the urge for basic income, but that is not gonna happen in crypto without proper sybil resistance. A lot of projects allready failed on doing manual kyc because of the huge ammount of registrants as well because of abuse.

There are pictures of people holding their IDs (likely used once by crypto exchanges for kyc) traded on black markets as far as i know, i was told they have been allready abused for some cryptoubi projects - so that alone likely wont do it. Mobile Phone numbers were also abused in cryptoubi, projects like 'mannabase' likely failed on their abuse ending up with too many sybil accounts.

I like the approach of 'Web of trust' as well, i have even a bright id account. I am not sure if they will be sybil proof enough and if they will scale up fast enough to help cryptoubi to go mainstream, but let us try everything :)

Also there is a project made in Israel called "gooddollar", but i am not sure about their Intentions and sybil resistance.

Anyway, dont give up, it is worth the effort!

[rgex]

Yea.. not all the passports were issued with a chip (mine is from 2016 and its paper based)

This surprises me, have you tried scanning it?
If it has this sign on the front cover it has a chip for sure.
NFC chip sign: https://upload.wikimedia.org/wikipedia/commons/f/fb/EPassport_logo.svg

[stuk88]

Yea.. not all the passports were issued with a chip (mine is from 2016 and its paper based)

This surprises me, have you tried scanning it?
If it has this sign on the front cover it has a chip for sure.
NFC chip sign: https://upload.wikimedia.org/wikipedia/commons/f/fb/EPassport_logo.svg

yea.. there is no chip.

[rgex]

Support for Israeli passports (with a chip) has been added as of today.