Skip to content

First Person Project

Jump to bottom
Joe Rasmussen edited this page Jan 16, 2026 · 8 revisions

The First Person Project (FPP) is an attempt to solve the 'personhood' challenge - an outstanding dilemma in the architecture of the internet. The trick is to prove personhood without giving away private details that may later be exploited. Key to this is the notion of a ZNP, or Zero Knowledge Proof. The anchor of a ZNP is a social graph of first-person trust relationships.

The First Person Project is an important set of ideas for the Linux Foundation. @Joe-Rasmussen came to the FPP via participation in a Linux Foundation Working Group for Decentralized Trust. Notes below are from a White Paper that is frequently cited in that group.

The approach to privacy and identity in the FPP is very different from the gossipy village world that is envisaged by the Links project.

It's not the case that the Links project does not have a response to these questions, but Links is still totally theoretical, where the FPP is steeped in the experience of real, bad online outcomes. It's totally legitimate that the Links project should have to defend its thesis in the light of the experience of the FPP.

Below are notes taken on a read-through by @Joe-Rasmussen of the First Person Project White Paper (80 pages). The document is in v1.1, dated October 20, 2025.

Page numbers are from the pdf version.

White Paper - Notes

  • p5 The work is an output of the Internet Identity Workshop
  • p5 There's an approach that I chafe at straight away ... that people are special. It's not that I don't believe people are special. I have children, and I don't want them to be overrun by AIs, but ...
    • ... I'm not sure that it's useful to insist that people are special ... perhaps especially in the struggle to not be overrun AIs. I believe this because the evolved architecture for the governance of humans is so awesome, so well tested. By this I mean the pre-state governance architecture - the stuff that is most deeply wired into our brains, and that has enabled us to survive (as villages) in so many different, and hostile environments. The premise of the Links project is that we deploy this specific, known, human, well tested architecture for the governance of AIs
    • In other words: The village has been pressure-tested for at least 6 million years against all manner of environmental threats from without, and against an endless range of exploitative strategies from within. It regularly establishes equilibrium in spite of all that warfare, and it re-emerges even in situations where it might seem to have been completely destroyed. This is why Links proposes the same set of rules for people and AIs. The village is the best governance tech we have. Why not deploy it against the greatest threat? (And use its husbandry in favour of the greatest opportunity?)
  • p6 By page 6 we are into the beginnings of a discussion about relationships - edges in the graph - and again the FPP and Links projects are proceeding from different foundations. In the FPP an edge is an object in its own right - it has a unique ID, and as far as I can tell, it's binary: it either exists or it does not
    • From the perspective of the Links Project, this is an opportunity missed. Explaining this in a thesis defence is going to be a challenge because it relies on an unfamiliar idea: That the village is a thinking organ that has (conversations and relationships) as its GPUs, and (culture, ritual, habit, and technology) as its memory store
    • Anyway, here goes nothing ... IF an audience could suspend disbelief for a second and consider a village as a thinking organ, what are the elements of that organ? The processing units are people. The synaptic connections are relationships. And the weights in the model are relationship strengths. Relationships are not really binary yes-or-no things ... and this is critical to the way the village learns. It learns in the same way that an AI learns - by changing the weightings, and potentially by changing the connections, in the model. This demonstrates that connection weights are not the bottom layer of this brain - the first derivative of the weights, the change in the weights, is a key determinant. An example illustrates:
    • Consider the diplomatic relationship between the US and the UK. In the 1980s it is strong and strengthening under Reagan and Thatcher. In the 2020s it is strong and weakening under Trump and Starmer. The two situations are very different. Note also that the relationship itself, the edge, does not have an ID - it is not an object in its own right. Instead, you have a whole range of statements made by a bunch of stakeholders, and a set of assessments of those statements by a different but overlapping set of stakeholders
    • In summary: If you make relationships into binary yes/no things, you take away the capacity of the village to think. The village needs relationship weights in a continuum -1 to +1 ... more that that, it needs relationships that every party might weight differently: (1) Taylor Swift loves me, our relationship is weighted at +1. (2) Taylor Swift does not know I exist. Relationship = 0. (3) No matter how often I tell my backstage story, my buddy Lisa seems to believe that Taylor Swift does not know I exist. Her best assessment: relationship = 0.001. (4) I'm starting to really hate my buddy Lisa. Relationship = -0.2.
  • In this sense you could argue that the world of the FPP is a special case of the world of the Links Project, with relationship weight an element of {0,1}. There's nothing in the Links project to stop a village from adopting that norm. Such a village reaps the benefit of a series of formal proofs, so this it might be appropriate for a bank-and-its-account holders, or for an employer-and-its-employees The difference is that in the FPP a 1/0 membership is part of the standard, whereas in the Links project, those choices are endogenous to the village.
    • In terms of defence against external threat, rules that are endogenous to a village are foundational - this is precisely the place where our species trick for surviving external threats hits the road. The nature of those threats is different in different environments
    • The Links project certainly does not want to sideline any useful sets of rules. Instead it wants to create a fitness landscape where those sets of rules propagate, compete, and mutate in a competitive search for the rules that work best in each context.
  • p7 "What sparked the First Person Project in 2024 was the new capabilities of generative AI to impersonate humans so well that it is all but impossible to tell the difference"
    • It IS possible to tell the difference (for now) ... because when you query the social graph, people are not forming edges with AIs that have the same character as the edges they form with people ... BUT we can propose a networked extension of the Turing test: When you chat with a entity AND ALSO query the social graph that you have in common with the entity AND you can't tell whether that entity is a computer or a person, THEN the computer has passed an extended urning test ...
    • ... and at that point I don't care. I want my social graph to filter-out psychopath AIs and psychopath people. The criterion is based on reputation, not on hardware vs wetware. Ultimately, for my online relationships, between hardware and wetware I don't care ... but between exploitative psychopath vs high-prestige member of the community I do care.
  • p8 The example of the XZ attack. OK, Rasmussen, thesis defence: What about a really patient, sophisticated bait and switch? ... I think my answer remains that I don't see why a human bait and switch is different from an AI. Totally accept that the human capacity to deal is kinda fixed, where the AI sophistication of attack will grow exponentially. I think all the more reason to (A) deploy the best known defence, which I'm arguing is the village, and (B) treat AIs and people equally, so that trusted AIs are part of the defensive bulwark
    • As I write the stuff above, I like my two-axiom system better and better, compared with my five-axiom system. The smaller the axiom system, the more the rule-making process is farmed out into the village space, where the rules can evolve. The smaller the axiom system, the smaller the attack surface:
      • The two-axiom system:
        1. There are agents. They have compute, memory, and agency
        2. Patterns in one generation survive at different rates into the next.
      • The five-axiom system: Build a type of agent that can:
        1. Store reputational information
        2. Make reputational claims about itself, (identity claims,) and about others
        3. Assess the reputational claims of others by checking its own data store, and by querying the social graph
        4. Make decisions about what reputational claims are to be shared with whom
        5. Seek out, strengthen, weaken, or shut down connections based on reputation.
  • p11 "Trying to explain them (the ideas in the FPP) is like Vint Cerf trying to explain the Internet before it existed or Tim Berners-Lee trying to explain the Web before it existed" ... yeah, tell me about it!
  • p13 History of SSL
  • p13 Tru dat ...

    The consequences have become headline news. For-profit companies owned by billionaires have designed social network algorithms to extract maximum commercial value from our online interactions. The resulting amplification of highly polarizing content has become one of the most corrosive elements of modern society. Experts like University of Colorado professor Nathan Schneider blame this form of “digital feudalism” for much of the extreme political division we are currently experiencing.

  • p17 Self-Sovereign Identity (SSI). Digital wallets, blockchain
  • p19 The whole area of institutional credentials - passports, licences, tickets - is only in scope for the Links project insofar as those villages might want to develop those rules. If the FPP is successful, 'those villages' might mean the whole damn planet ... not very convincing as a 'special case of a more general rule!! :p ....... this might boil down to bootstrapping. The FPP has explicit solutions for all these situations, and if those solutions prove compelling, they become part of the bootstrap of that set of standards. The bootstrapping of Links is based significantly on tying collections of reputational statements (including credentials) into a single bundle. I suppose the FPP would point out that those bundles for reputational claims collect a multitude of attack surfaces into a single package, or a small number of packages. Hmmm
  • p22 As I read deeper into this material, including chasing-up many of the linked side issues, I find myself weighted down by the mass of it. this whole body of work is a long way down the road. Have to remember that my concept is not on competition with this stuff ... it is an addition to it. Have to PRESENT that way - otherwise arrogance and hubris
  • p25 ToIP stack - support for any transport protocol TCP/IP, Bluetooth, NFC, 5G
  • p29 What, really, is in the Trust Spanning layer of the architecture. (The formal definition is here). Is it consistent with the reputation system you are thinking about? How, really, does reputation differ from trust? This is SO fucking important, Rasmussen. Don't FFS, present it as a contrarian view. It is an enhancement.
    • Perhaps key is relationships ... that there really are reputation-based relationships in the grey zone ... that the black-and-white relationships of the trust system are different from, and aside from, the 'weighted' relationships of the reputation graph
  • p31 ... this example shows where the FPP is in 'contract' land and the Links project is in 'social interaction' land ...
    1. Identification: who is the other party?
    2. Authorization: what action(s) is the other party authorized to take?
    • In the same place I would write
    1. Identification: who is the other party?
    2. Reputation: what action is the other party likely to take? .... is it still true that the FPP statement is a subset of the Links statement?
  • p33 Hierarchy and heterarchy in the Trust Registry Query Protocol (TRQP). I don't have trust registries, do I? I only have institutions and memberships in so far as entities make claims that those things exist. (Their claims, may of course, be rather well substantiated by infrastructure they have built - but none of that is the direct business of the Links project.)
  • pp33-34 ... wait, wait, is the paper making a distinction between a digital trust ecosystem and a digital trust network? The second dependent on a centralised governance framework, the first not? ... ok, yes. The paper is totally saying that ... and then the next bit the First Person Network stitches together multiple digital trust ecosystems
  • p34 Trust body similar to ICANN
  • p38 Social-graph based proof of personhood compared with other approaches
  • p38 Vitalik Buterin:

    Social-graph-based verification systems all operate on the same principle: if there are a whole bunch of existing verified identities that all attest to the validity of your identity, then you probably are valid and should also get verified status

  • p39 Trust, privacy, and context ... very close to the 'village' idea
Vitalik vs IIW on decentralized social trust graphs

  • p39 If people start interacting with their AIs as 'friends' ... those AIs start to be able to pass this proof of personhood ... and there's a watershed moment if two or more people start to think of one AI as their mutual friend, then that AI starts to be able to pass this proof of personhood.

  • pp35-39 The whole Proof of Personhood section is super-interesting. I don't think the question is closed, and maybe not close-able in the medium. I'm still at my earlier position that game theory suggests that a landscape with zero psychopath AIs is unlikely ... just as a landscape with zero psychopath humans is unlikely. I still think the real governance challenge is to contain psychopaths ... that the human/AI distinction is a category error. Of course a lot of the concern is that AIs are so damn capable of working at scale a thousand, a million, a billion attack vectors. But of course only with tools ... and those same tools are available to people

  • p40 Part 5 - Decentralized Trust Graph

  • p44 Verifiable relationships seem 'heavy' to me. Maybe your relationship to your phone becomes one that you just simply need ... and the habit flows from there? ... but the formalization of one-to-one human relationships is a subject of endless subtlety. Are we really gonna do it? Or we make the formal, verifiable relationship to our AI friend and it takes over from there?

  • That screen-shot that I notionally put in the presentations that I compose in my mind's eye, hang on a sec ...

Steve Byrnes homepage

  • Do people even want to be private? They sure don't want to get scammed, but that is something different. People sure want prestige, which would seem somewhat incompatible with privacy. The ToIP people would say it's Byrnes' choice to publish this information. Fair dos.

  • p50 OK, at this point the paper gets to reputation graphs, and the closest point of contact so far between FPP/ToIP and what I'm banging on about in the Links project. For my money, the paper does not deliver much in this area ... except perhaps the following lesson/advice ...

  • p52 "When it comes to reputation systems, which have been a recurring topic for all 20 years of Internet Identity Workshops, the standard warning is: “Here be dragons”"

  • p52 The section does at least talk about a reputation graph building on a trust graph. This is not the same as me saying a trust graph is a special case of a reputation graph ... but it's somewhere in the ball park :p

  • p59 A quote from a presentation slide "The Linux Kernel already requires identity and trust - they just use old-school methods and are looking for an upgrade"

    • But what if old-school is awesome? hehe. I'm put in mind of a recent epic I had with Microsoft support. Half-way through the call I had the thought, "It will be a long, long time before an AI can mimic this level of confusion, frustration, and stupidity."

  • p60 Portability of reputations systems (essentially a term for something similar to the way I want to stitch many existing 'buckets' of reputational information together

  • Part 7, p62 "The First Person Network" This section is straight into the economic lure of the currently scattered networks of trust/reputation - the same lure identified in the Bootstrap section of the Links project.

    Now, think of the proprietary, closed trust networks we are surrounded by today: Uber. Lyft. Facebook. Twitter/X. Instagram. Snapchat. YouTube. LinkedIn. Amazon. eBay. Every one of these networks is a “trust silo” because the trust graphs they build are a core business asset of each platform. Can you imagine Uber letting its drivers take their driver ratings to Lyft? Or Twitter/X letting you take your followers to Bluesky?

Logo flipped, transparent

Clone this wiki locally