Yes it's possible to do this. I wrote up a scheme for that years ago that I called "proof of passport". You can create anonymous identities tied to a hash of your epassport certificate using SGX enclaves and some careful protocol design.

Needless to say, such ideas make some people very unhappy, although it can be done in a way that doesn't grant governments any new powers they don't already have. The most common objection is from Americans who make the same arguments they make about elections: some people don't have id of any kind and shouldn't be expected to get one.

You can also of course buy identities from people who don't care, as a sibling comment says. But that's inevitable for any identity system where identities can be had cheaply.

> Americans who make the same arguments they make about elections

What is that argument like, in practice?

"I will not tell you who I am, but I demand to vote!"

> that's inevitable for any identity system where identities can be had cheaply

Therein lies the rub. Your system is the economic solution to the spam problem. You don't really care about the passport itself, all you want is to associate generating identity with a cost.

A closely related solution to the same problem is to associate every identity in the system with a phone number, which also carries a cost to generate. Similar to what most tech giants do (helped on by external factors, but that's the basic argument).

Then you cannot hand wave away any problems with that they are "inevitable for any system where identities are too cheap". Because the proposed solution is to associate identity with cost. If that cost is too small in practice, it is not a good solution.

I think systems like yours could become extremely valuable sooner than people expect, as the alternative is effectively 100% noise.

As others have mentioned, there are numerous ideological issues. However the alternative might be never encountering a real person online again.

And if not applicable for the broader internet, then probably in smaller or even country-sized gated communities, where people will expect to interact with 'real humans.

Also while IDs may be traded, the relatively small number of fake IDs compared to the infinite bots that can be created today is not even comparable.

Even if a passport was required, I think the same problems would appear. There are plenty of people with no interest in ever posting on Reddit. Some of them might be convinced to allow someone else to use a bot to post on their behalf if there is money to be made.

Not to mention there are plenty of leaked/faked passports out there

I'll just put this out there because I don't know if I could ever implement it, I've had this idea that's essentially "IP permitted from"

We would extend the whois database to contain an oauth url for a given IP block and then forums or other services that need to ensure a real human person is present (Like at registration or when combined with some other trust systems), would bounce the user over to the URL and it would require the user to login via U2F/passkeys/TOTP/etc.

The thinking is that isps are the ones who know their customers are real, and as long as they can challenge them in a human interactive way, that should provide a strong signal that it's a real human. It's also a good way to protect against cookie stealing and could provide resistance from 'man in the browser" attacks as the end user would become suspicious of all the isp challenge pages popping up if a machine was being used in spamming.

It's not foolproof, there could be insiders working at the ISP, and this would require cooperation of all isps everywhere, but it would be a step in the right direction

Historically speaking, Reddit has been incredibly loose about identifying who is behind an account. Not even requiring email verification, let alone phone number or something more advanced like a drivers license.

The future is likely more similar to LinkedIn

Folks have suggested web-of-trust systems. I don't know how they would be implemented - for now, I guess this is already sort of a thing on any platform where users can "repost"/"retweet" things.

We will probably need dogs like they did in the Terminator movies at some point.

> Is there an alternative that retains max privacy in a world with a trillion bots spamming away?

Block and fine ISP's that host bots. Throw people in prison that run bots.

Block

Seems like we need to start trading anonymity for credibility?

Maybe that’s not such a bad thing.

Anonymity on the web has led to some pretty atrocious behavior.

Plus, at this point, anonymity on the internet is an illusion anyway.

Just use existing trusted CAs to issue personal certs based on some reasonably robust verification process.

Maybe the AI apocalypse will help fix the internet by making anonymity untenable.

While we can wish very hard that credibility is a tradeoff with anonymity, any real world data shows that reality is far from that simple.

It is not hard to find Facebook groups that are far far more toxic than most Reddit groups, for example. Most USEnet identities were not hard to associate with real world identities, but the quality of those posts was not obviously better than those that weren't. And so on.

There are differences between the groups, but perhaps those have more to do with whatever contemporary issues that carry social stigma than with signal quality. And social stigma is very different between societies and tends to change over time. One generation can upend them completely, and any solution to social credibility must take a longer aim than that.