In computer security an important type of an attack in a decentralized system like Internet is a Sybil
attack. The core of the attack is that many protocols we have developed
depend on the assumption that each entity participating in a protocol participates only once and that it cannot create
an arbitrarily number of additional “puppet” entities which it can control. Because on the Internet it is easy to
present yourself with multiple identities, decentralized systems with open membership are often susceptible to this
type of an attack.
Why are we designing such protocols? Maybe it is because so many protocols are based on existing processes we find
between humans? Or maybe there is some fundamental issue of open, decentralized systems and identities.
But even more interesting is to observe that we have similar protocols in our existing society, with the same
assumption. Moreover, we also allow people to create additional identities as needed. We call them corporations. Many
our protocols in our society were designed when only humans were persons. Governments make sure that humans have unique
identities and we have passports to allow governments to trust other governments about this validation. Creating
corporations is on the other hand much less controlled. You have many countries with less strict laws which allow one to
create shell (“puppet”) corporations. Traversing multiple
jurisdictions through interactions between such corporations can hide many traces of linked identities. In a way, we
allow arbitrary number of corporations to be created, without really requiring passports for them to be able to work
with other corporations across borders. A passport which would link corporations to their unique
identities. Furthermore, the issue is even more complicated because there can be multiple
people behind corporations, and also other corporations.
So a real question is not why we are designing such protocols on the Internet, but why we are having ways to compromise
such protocols outside the Internet. When we know that they can be misused and used to launch attacks. We already see
such attacks in practice through pervasive tax evasions and other financial maneuvers.