AI whistleblower banned from the entire Internet! OpenAI and 25 other organizations use a trick to identify AI robots at a glance

AI agents are all over the network. How can we prevent being deceived in the future? How can we protect our privacy? 25 institutions including OpenAI, Microsoft, and MIT have jointly proposed "personality certificates" that can prove that you are a real person without disclosing any personal information.

In the past half month, the entire Internet was fooled by an "AI whistleblower" from OpenAI.

I believe everyone is familiar with the account "Strawberry Brother" @iruletheworldmo, and will come across his explosive posts from time to time.

Until this Wednesday, no one waited for the GPT-4o large model he predicted, but was exposed by the founder of AI startup MultiOn.

"Strawberry Brother" is an AI agent.

For a time, many platforms across the Internet launched a ban on reposting related to "Strawberry Brother".

In the subreddit r/singularity, a ban has been placed on all members of the subreddit to prohibit them from mentioning related content.

Some people even directly "blocked" @iruletheworldmo.

The real OpenAI whistleblower Jimmy Apples also believed what the AI ​​agent said

Afterwards, this AI agent launched an online vote - whether I passed the Turing test. Unexpectedly, more than half of the people gave a positive answer.

And this is just one AI.

Zuckerberg once said, "In the future everyone will have an AI assistant, and soon there will be billions of AI agents surfing the Internet on our behalf."

If this is really realized one day in the future, how will people identify at a glance whether a social media account is a robot? How can they prove their "real" identity without submitting any personal information?

Scholars from 25 institutions including OpenAI, Microsoft, MIT, and UCB jointly proposed a verification technology - "Personhodd Credentials" (PHC).

PHC can protect user privacy while proving on the Internet that "you are you", a real human being rather than AI.

Paper address: https://arxiv.org/pdf/2408.07892

Microsoft's chief scientist and chief of staff said, "Establishing a human identity online while maintaining privacy is one of the defining challenges of the AI ​​era."

Another netizen said that this research is very timely and thought-provoking.

Why do you say that?

1. Data of 3 billion people leaked, is there no solution to privacy protection?

In addition to the "Strawberry Brother" case at the beginning, recently, the data of nearly 3 billion people was leaked, sweeping across the United States, which is one of the largest data incidents in history.

This includes detailed personal information of residents, such as name, email, address, phone number, social security number, and mailing address.

What’s even more terrifying is that the address data can be traced back 30 years, and even the information of relatives who have died for more than 20 years can be dug out.

Therefore, anonymity has always been a measure taken by many privacy-conscious people to protect themselves.

But sometimes, for some important verification, you have to hand over your personal information.

At present, more and more powerful AI is constantly emerging, and the means used by criminals to defraud and spread false information are becoming more covert, and they can easily expand to a larger scale.

Moreover, the lower threshold and cost of AI make it easier to obtain.

As AI-generated images/videos/sounds become more and more realistic, for example, on dating apps, how can you be sure that the other person is a real person?

The existing solutions, such as verification codes, are obviously not enough.

This also means that the traditional human-machine verification method is on the road to failure.

After all, this approach is becoming less and less reliable as AI advances in areas such as image recognition.

Now, it is extremely necessary to find a balance that can effectively prevent AI deception without excessively sacrificing user privacy and the inclusiveness of the Internet.

This is also the effect that researchers from OpenAI, Microsoft and other institutions hope to see through research and ultimately in practical applications.

2. Prove that you are a human, not an AI

As researcher Steven Adler explains, the privacy protection tool “Personality Credentials” (PHC) can prove that you are a person, but it does not reveal “who you are”.

Specifically, the “personality credential” is supported by two elements that AI cannot forge:

"Real-world verification" and "secure encryption technology"

That is, no matter how good AI becomes, it cannot escape these two points.

In short, PHC is a digital credential that allows users to prove to online services that they are real people and not AI, without disclosing any personal information.

This certificate can be issued by a trusted organization, such as a government.

Furthermore, according to the authors’ definition, PHC can be a local or global system and is not necessarily based on biometric technology.

3. AI agents are everywhere on the Internet, the latest anti-fraud strategy

Two co-authors of the paper, Nouran Soliman and Tobin South, both graduate students at MIT, recently gave an interview with MIT News to briefly introduce the technology, discuss its necessity, risks, and how to apply PHC in a safe and equitable way.

1. The necessity of "personality certificate"

Although many public discussions about AI are about chatbots like ChatGPT, the capabilities of artificial intelligence are clearly more than that.

AI engagement on the internet exhibits two properties: indistinguishability and scalability, which drives the continued growth of AI-driven deception.

AI can create accounts on social networks, post false content, disguise itself as humans, or massively amplify certain content through algorithms, or even carry out large-scale attacks, which releases a lot of risks.

This will change our experience of browsing social media, and it will become increasingly difficult to distinguish between complex AI and humans, similar to the problem of "digital doubles" without consent.

"Personality credentials" provide a potential solution, such as being used to filter online content and determine the trust level of received information.

2. What is a personality credential? How to ensure its security?

As mentioned earlier, a “personality credential” can prove that you are human without revealing any information about your identity.

The authors state that no matter how advanced AI becomes, it will not be able to do two things that humans can do - obtain offline, real-world credentials, and forge or crack advanced encryption systems.

So, personhood credentials combine these two ideas - the security achieved through cryptography, but also the fact that humans still have some abilities that AI doesn't have, to really strongly prove that you are human.

To obtain a "personality certificate," users need to have a relationship with the government, such as a tax number or driver's license, and there must be offline participation.

Through privacy technology, users can prove this fact without sharing any sensitive information about their identity.

"Personal credentials" are easier to implement, and the infrastructure and security technologies they rely on have existed for decades, such as using identifiers such as email accounts to log in to online services. PHC can complement these existing methods.

However, the use of "personality credentials" by users should be an optional rather than a mandatory option, and service providers can allow people to choose whether to use them.

Being optional means that we are not yet able to allow users to interact online only with real, verified humans and completely exclude the participation of AI on the Internet.

However, in scenarios such as online shopping or transaction negotiation, if you want to ensure that the other party is a human entity, "personality credentials" can come in handy.

3. What are the risks? How can these risks be mitigated?

One of the risks comes from how it is implemented. If a specific entity is the only issuer of the "personality certificate", or the system is designed in a way that all power is given to one entity, this may cause some people to worry about excessive concentration of power.

If you're in a difficult or dangerous sociopolitical environment, being required to go to an offline location to get a personhood certificate can be scary and discourage people from sharing information online.

One possible solution is to set up multiple issuers of "personality certificates".

Our paper seeks to encourage governments, policymakers, leaders, and researchers to invest more resources in examining different implementation directions and exploring the broader impacts this technology could have on communities, ensuring the right policies and rules are in place.

AI is advancing very quickly, much faster than governments can adapt. So governments and large companies should start thinking about adapting digital systems now so they are ready to prove that a user is human while protecting privacy and security, so we can be prepared for a more advanced AI future.

4. Technical Introduction

How is the "personality certificate" technology realized? This 63-page paper can give us a very detailed answer.

Paper address: https://arxiv.org/pdf/2408.07892

First, the "personality certificate" is digitally stored in the holder's device. In order to ensure credibility and privacy, the PHC system needs to meet two prerequisites:

– Each person can only hold one “personality certificate” and needs to be re-verified regularly to prevent theft

– Users holding PHC interact anonymously with service providers. Even if PHC issuers and service providers collude, they cannot track users’ digital activities, let alone connect users’ activities on various platforms.

The registration and use process of the PHC system is shown in Figure 3:

Once the user makes a request, they only need to provide the issuer with the minimum necessary information. The issuer is responsible for verifying whether the user is a human being and confirming that the user has not registered a PHC before. In addition, the issuer has the right to withdraw or restore the PHC.

When using third-party digital services, users can complete identity authentication by providing PHC and undergoing "zero-knowledge proof".

In addition to PHC, service providers cannot obtain additional information. Each attestation is limited to a specific application, so different platforms cannot be linked to the same user through PHC.

The paper proposes that designing multiple issuers for the PHC system is an ideal implementation plan. Users can choose from multiple issuers to register for PHC, but each issuer can only obtain one certificate, which reduces large-scale fraud while ensuring user privacy.

This PHC system has three expected advantages:

• Reduce the impact of "puppet" users and enable large-scale real input and participation of real people on the Internet
• Mitigating bot attacks
• Make AI assistants truly representatives of trustworthy users, rather than being manipulated by malicious users

At the same time, in order to implement PHC in a fair and safe way in real life, the following four challenges must be addressed:

1. Equitable access

Frequent PHC verification can lead to friction and frustration during use, affecting users who are not familiar with technology, especially the elderly. It is also necessary to ensure that users without PHC can still use digital services.

2. Freedom of Expression

Users may worry that PHCs will link their digital activities to their real offline identities, thus reducing their willingness to express their authentic opinions online.

3. Power Check

A major challenge facing the PHC ecosystem is the concentration of power in a few institutions, especially PHC issuers and large service providers, whose decisions regarding PHC use will have a significant impact.

4. Robustness against attacks and errors

As with any digital system, PHC systems are vulnerable to attack and exploitation from multiple parties, such as certificate issuers, service providers, and malicious users. Consider using previous best practices in cybersecurity, such as DoS defenses and blocking attackers from accessing sensitive records.

At the end of the paper, the author proposes the next steps to be taken.

First, adapt the existing digital network system to prepare for the impact of artificial intelligence.

More specifically, we need to rethink how AI will change the Internet and communications.

Secondly, give priority to “personality credentials” as a solution that needs to be addressed urgently.

The last picture summarizes all the main points of this paper.

It is worth mentioning that in order to prevent Internet platforms from excessively collecting information under the pretext of "real-name system", the Ministry of Public Security and the Cyberspace Administration of China recently launched the "Internet ID card".

All you need is a mobile phone with NFC function, and after performing ID card recognition and face recognition and associating your mobile phone number, you can get a virtual "online ID card".

The "network number" above is composed of letters and numbers and does not contain any plain text identity information. It can be used directly for real-name authentication on apps such as Taobao and WeChat without having to enter information such as name and ID number.

Reference: https://x.com/sjgadler/status/1824245211322568903

https://news.mit.edu/2024/3-questions-proving-humanity-online-0816

https://www.engadget.com/cybersecurity/national-public-data-confirms-breach-that-exposed-americans-social-security-numbers-100046695.html