It sounds like all you've actually invented is "identifying people by their bank accounts", only with more steps.
I suppose if the NFT could be registered using an anonymous cryptocurrency, it might end up being a more privacy-preserving system than getting people to pay for an account using traditional methods.
It also might be cheaper than paying to join multiple services, if you only have to pay once and can use your NFT username across them all. On the other hand, a single malicious admin could try to extort you by threatening to ban you from all those other services.
A better approach would be a blockchain-based anonymous identity system, which is apparently what BrightID is:
Trivially. You make it so that there's no recognized way to change the private key for a username.
> It sounds like all you've actually invented is "identifying people by their bank accounts", only with more steps.
I've created a layer of indirection between usernames and bank accounts. The system doesn't need to know or care about how you managed to burn tokens for the username.
> A better approach would be a blockchain-based anonymous identity system, which is apparently what BrightID is:
Does BrightID guarantee that asshats have an asymptotically worse time registering usernames than admins have shadowbanning them? If usernames are easy to come by, then so are sockpuppets and one-off spam and troll accounts.
> You make it so that there's no recognized way to change the private key for a username.
Making it impossible to rotate keys doesn't sound like it follows cryptographic best practices, but in any case, there's nothing stopping someone from selling their private key to someone else.
If you just want to avoid squatting/speculating, you could make the user IDs be random unique values but associate them with a non-unique human-readable name.
> If usernames are easy to come by, then so are sockpuppets and one-off spam and troll accounts.
I haven't used BrightID, but I believe it works by having users meet in person and mutually verify each other as being unique humans. It should be impossible for someone to pretend to be two people in the same place at the same time, so that does seem viable.
> nothing stopping someone from selling their private key to someone else.
The fact that the original owner(s) can still use the name would prevent resale. For example, the admins could simply shadowban a username if they verify that multiple users have the same key (e.g. if my private key was stolen, I'd report it to the admin).
> If you just want to avoid squatting/speculating, you could make the user IDs be random unique values but associate them with a non-unique human-readable name.
The literal identifier isn't important to account resale value. User accounts include all of the state as well as the literal identifier, including reputation, longevity, and associated app content. This is all valuable to asshats -- they want high-reputation accounts to broaden their spam audience. But in order to make it costly for asshats to gain high-reputation accounts (more costly for them than for admins to shadowban them), we can't give them any shortcuts -- the system should compel them to spend time and energy to earn their reputation like everyone else. So, account resale shouldn't be supported by the system.
> I believe it works by having users meet in person and mutually verify each other as being unique humans. It should be impossible for someone to pretend to be two people in the same place at the same time, so that does seem viable.
This does not sound like it prevents a small number of asshats from just creating a bunch of fake sockpuppet accounts. If creating accounts is a cheap (or cheaper) than shadowbanning them, then the asshats will eventually overwhelm the admins.
> The buyer would know that maybe the seller still has the key, since cannot be rotated
If the buyer is a spammer, they won't care that the seller can still send non-spammy messages with the account. If the seller is a squatter/speculator, they have nothing to gain from interfering with their customer's account.
> A group of people cooperating can pretend to be 99999 people?
It would be easy to determine from the (anonymous) social graph that those 99999 people are only connected to each other and a small group of other (real) people. An algorithm looking at this graph could then select 100 people out of the 99999 group and require them to meet with 2 other distantly-connected people at a specified public place. If less than 102 people show up, then those 100 lose trust points. That's how I guess it would work, anyway.
What if the seller is a spammer or scammer, and first sells the account, remembers the private key, and a bit later starts spamming or scamming
> It would be easy to determine from the (anonymous) social graph that those 99999 people are only connected to each other and a small group of other (real) people
If the "group of people" is small, yes. I didn't say that the group was small though.
If it is larger, and they arrange the connections in realistic looking ways (for detection algorithms), then they can get away with it. Think of an island where most people are connected with others on the island only -- and maybe 10% of them connected to people on the mainland. Something like that can happen in real life I suppose, and the "group of people" (possibly many, paid by a company or a state) could construct such graphs and pretend to be more than what they are
> An algorithm looking at this graph could then select 100 people out of the 99999 group and require them to meet with 2 other distantly-connected people at a specified public place
That's an interesting way to try to handle that. However, first the algorithm would need to realize that a part of the graph is suspicious. (And people would need to be really motivated to, in real life, actually go to somewhere :-) ? what of they're busy with friends and family)
It sounds like all you've actually invented is "identifying people by their bank accounts", only with more steps.
I suppose if the NFT could be registered using an anonymous cryptocurrency, it might end up being a more privacy-preserving system than getting people to pay for an account using traditional methods.
It also might be cheaper than paying to join multiple services, if you only have to pay once and can use your NFT username across them all. On the other hand, a single malicious admin could try to extort you by threatening to ban you from all those other services.
A better approach would be a blockchain-based anonymous identity system, which is apparently what BrightID is:
https://www.brightid.org/