It's an interesting design problem to have panel of peers attest an individual's identity. It could be made fairly seamless if there was a common system in which a suitably distributed authentication secret could be recombined under instruction from the relevant party. Can it be made to work for normal humans? I daresay we have the ingenuity to design something...
Apple’s Recovery Contacts are a similar idea. The main difference is that just one can help you recover your account, but it doesn’t seem too hard from a UX perspective to make 3/5 recovery contacts required to unlock an account.
The Decentralized Recovery (DeRec) Alliance has recently launched to solve this very problem. Dr. Leemon Baird gave a talk last year on how this works at a higher level [0]. The alliance is comprised of members from the Algorand, Hedera, Ripple crypto communities but the application of proper DeRec would be certainly applicable anywhere you have any type of secret; in fact I believe you can be a DeRec 'helper' right now. There's a robust primer on the protocol published as well [1], here's a pull-quote:
> Decentralized recovery is a method of safeguarding a user's secret by distributing shares of that secret among multiple helpers, who store their individual share on their local device in order to help the user recover that secret in future. The shares are constructed under a threshold secret-sharing scheme (e.g. Shamir's secret sharing scheme), with a chosen threshold (defaults to half) -- at least three helpers must be present in order to use the protocol. Should the user lose access to their device, they can recover their secret data by retrieving the previously-distributed shares from at least half of their helpers. For successful recovery, the user only needs to recall the identities of half of their helpers and authenticate with them in-person.
Some day someone is going to produce a fantastic heist movie about breaking this kind of scheme - five different characters, each of which need to be scammed in different ways to obtain their piece of a shared secret.
Sadly it's quite possible this will be a dramatized version of a real-world event. We've already seen quite a few messed up crimes to steal keys to steal crypto. Secret sharing just means you need to kidnap a few extra people.
But in fact, in order to kidnap these people you'd also need to know these people, and know they are assigned to be part of the derec network. With DeRec all the helpers don't need to know about each other at all. And you may not know how many helpers a given helper has behind them. It's actually much much more difficult to do the heist-and-interrogate-with-a-pipe-wrench approach if you don't know who to beat up, nor how many of them need to authenticate.
Edit: OT but while I have a glimpse of your attention, kudos in order!! I love datasette and basically everything you write is highly useful to me!
I came up with a similar general approach about 10 years ago, but lacked the time or inclination (and probably knowledge, frankly) so I'm very pleased this is being pursued.
Of course it works. I was aware of such mechanisms appearing in the Chinese social media app WeChat years ago. In fact I would say it's a great fit for any kind of social media app that involves interacting with peers.
However the utility is probably nil if there're no social features to begin with.
We could also leverage trusted third parties for this purpose, for example, banks or DMV or Walmart.
However, there needs to be a fiduciary interest by the third-party (eg liability for identity theft, etc) in order to incentivize them to avoid fraud. It is not clear that there would be enough profit involved to offset the liability.
