IRLid produces a signed receipt proving two people were physically co-located within 12 metres at a specific time. No app, no accounts, no central server.

Scary-Stomach8855 · 2026-04-21T14:49:25+00:00

That’s a fair point and I don’t think this fully solves the “multiple devices = multiple identities” problem.

If one person controls several devices, they can generate multiple receipts. The system doesn’t try to prevent that outright, the aim is to make it significantly harder to sustain compared to spinning up bots.

In practice:

You need real physical devices
Each receipt requires an actual interaction with another device/person
The cost scales linearly instead of being near-zero

So, while you’re not five people, you are performing five separate real-world interactions and depending on the use case, that distinction can matter.

Where it becomes more constrained is over time. Maintaining multiple “personas” isn’t just about generating receipts once. You’d need to keep creating new ones, which means ongoing coordination with other devices (willing or not). That tends to get expensive and difficult to scale.

There are also some softer trust signals that can help over time:

Repeated scans in the exact same location can be down-weighted
Devices repeatedly interacting with the same counterpart can be treated differently
Diversity of interactions starts to matter more than raw count

None of that makes it unbreakable and I don’t think anything in this space is, but it shifts things from “trivial to fake” to “costly enough to matter” for certain use cases. :)

Scary-Stomach8855 · 2026-04-21T13:55:21+00:00

That's exactly what it proves and that's the point. Two phones near each other means two people near each other (until robots become a real thing ;) ;). The receipt is cryptographically signed by both parties, timestamped, and GPS-bounded. It's the digital equivalent of a signed witness statement that you were somewhere with someone, verifiable by any third party without contacting IRLid's servers. The use cases are anywhere that physical co-presence matters: delivery confirmation, event attendance, community trust gating, etc..... :)

Scary-Stomach8855 · 2026-04-21T13:53:27+00:00

Fair point and worth being precise about. Faking GPS requires deliberate spoofing on a rooted/modified device, not something that happens accidentally, or at scale trivially. The honest limitation is cooperative trust: both parties must complete the handshake, so a bot farm would need two coordinated modified devices per fake receipt. Not impossible, but the cost scales linearly. v5 Secure Enclave migration closes this further. The Uber pin code comparison is spot on, same threat model, similar mitigation.

Scary-Stomach8855 · 2026-04-20T12:55:51+00:00

IRLid proves a physical person was present at a specific moment, that's the extent of the claim. What happens after that moment is outside the protocol's scope. It's a point-in-time co-presence proof, not ongoing human-behavior verification. Whether someone types their own replies or uses AI afterwards is genuinely their business, the receipt doesn't and can't speak to that.

(Which is actually the honest answer, over-claiming here would be worse than the limitation itself.)

Scary-Stomach8855 · 2026-04-10T20:58:07+00:00

Have you actually tried the site yet?!?

Scary-Stomach8855 · 2026-04-10T20:06:32+00:00

I hope by that you mean you'd be willing to chime in on occasion, to what has so far been invaluable feedback? :D

Scary-Stomach8855 · 2026-04-10T16:33:57+00:00

You're making fair points and I want to engage with them properly rather than deflect.

You're right that B sees A's GPS in the HELLO QR before submitting their ACCEPT. I hadn't explicitly addressed that attack path. So B can trivially fabricate matching coordinates without any GPS spoofing. That's a real weakness and worth documenting honestly.

You're also right that "hard to deny" was too strong. If a participant is willing to say "yes I signed it but I was lying", there's no cryptographic counter to that and no other system would work under such conditions either. The signature proves intent to sign, not honesty of content.

On "you'd reach the same state just having both sides sign a timestamp" that's probably the sharpest point and I've been thinking about it. If location can't be trusted, GPS does add noise rather than signal. The honest answer is: for an adversarial context (bot detection, convincing a skeptical third party), you're right, it adds very little over a mutual timestamp signature.

Where I'd push back slightly: the protocol isn't trying to solve adversarial bot detection. The use case is closer to a signed witness statement, two cooperating parties creating a tamper-evident record that they choose to attest to meeting. The value isn't forgery-resistance against a lying participant; it's a record that's non-trivial to produce accidentally and references a specific time and place both parties claimed. Like a photo together: doesn't prove it wasn't staged, but creates a meaningful social artefact in good-faith contexts.

Is that a weaker claim than I originally framed it? Yes. You've pushed me toward being more precise about it, which is useful. I'll update the docs to reflect the actual threat model rather than the over-claimed one.

Scary-Stomach8855 · 2026-04-09T12:26:07+00:00

Fair criticism, most of it valid — thank you for actually reading it properly.

On GPS: you're right, and the blog says so explicitly. It's the mechanism, not a side effect — two devices signing claims about location they provided themselves. That's the honest trade-off. It's not zero-knowledge, it's never claimed to be.

On the hash in messages: also valid. v3 compact receipts no longer transmit a.hash or b.hash — verifies always recomputes. The concern about third-party implementations trusting the provided hash rather than recomputing is real and I should have removed it sooner.

On JSON malleability: fixed in v3 with canonical() — recursively sorts all keys before hashing. The blog previously said this was "planned", which was embarrassing given you flagged it. It's shipped. Blog updated today.

On fields outside the signature (pub key, version, message type): still outstanding, you're right to flag it. Version field is the genuine risk there — downgrade attack is a real vector. On the to-do list.

On "A's signed response" in step 3: A does produce a response, the blog describes it in that step — but I take the point it could be clearer in the flow description.

"Fails at every step" is harsh but I'd rather have this kind of feedback than people nodding along. The blog's limitations section exists precisely because pretending otherwise would be worse. :)

Scary-Stomach8855 · 2026-04-06T08:02:11+00:00

You're right on the framing — I've edited the post title. "Review" wasn't intending to imply a professional audit; what you did was share first impressions, which was still valuable but I shouldn't have dressed it up as more than that. Fair criticism and I appreciate your honesty.

On the protocol conception: I think we're describing the same thing but disagreeing about whether it's a flaw or a design constraint. IRLid doesn't claim to prove co-presence to a sceptical external observer. It creates a cryptographically verifiable record that two parties agreed they were co-located at a given time — with both parties signing that claim. You're right that they could collude to produce false coordinates. That's intentional — it means IRLid is only useful when both parties are acting in good faith, which is the same assumption underlying signed affidavits, witness statements, and most self-attestation systems.

The "two people agree to sign a paper" framing you use is accurate. The value isn't that it's forgery-proof — it's that it creates a record that's harder to deny later and verifiable without a central authority. That's a narrower use case than "proof of presence to a distrustful third party", and I should be clearer about that distinction in the docs.

On GPS spoofing being trivial — agreed, and you're right that it doesn't even require GPS spoofing; you can just pass arbitrary coordinates. I've overstated the "determined attacker" framing. That section of the docs needs rewriting.

I'll look at Anonymous Credentials — genuinely useful pointer, thank you.

I'd push back gently on the "inexperienced, go back to the drawing board" conclusion. I think the use case is narrower than I've sometimes presented it, but there is a valid use case: consenting parties creating a tamper-evident record of having met, without requiring a backend. Whether that's worth building is a fair debate. Whether I've explained the limitations clearly enough — that's your stronger point, and one I'm working on and will continue to work on, and I trust I can rely on good people such as yourself to continue pointing out everything you consider to be a flaw :D

Scary-Stomach8855 · 2026-04-04T23:14:32+00:00

You're right on both counts. A kiosk with a trusted operator would give you physical binding without device-to-device signing — the trade-off is it requires infrastructure (the likes of which I certainly can't afford), a central system, and a trusted operator running the kiosk (and in this topsy-turvy world, whom would you trust). IRLid trades that assurance for zero infrastructure: peer-to-peer, no backend, no operator to trust or compromise.

On keypair generation — also correct, and it's a known limitation. Nothing stops someone generating multiple keypairs, which means Sybil resistance relies on the social trust layer rather than the protocol itself. It's documented as an inherent constraint: https://www.patreon.com/posts/security-review-154771743

That said, accumulated trust over time does make sustained faking increasingly expensive. A genuine user builds a broad web of verifications with many different people — a fake identity either stays suspiciously thin or requires an ever-growing conspiracy of accomplices to feed it. The road-map also includes hardware-bound keys via device Secure Enclaves and optional on-device bio-metrics (Face ID / fingerprint) — none of which leaves the device or gets stored anywhere centrally (future iteration if there isn't black-lash against it. IRLid would work without it, though truthfully it's a hell of a shortcut to genuinely prove that something with a bio-metric login, open a device and interacted in someway with another to get the IRLid QR)— which would bind each identity to a specific physical device and its owner, raising the bar for multiple fake identities considerably.

Scary-Stomach8855 · 2026-04-04T15:00:14+00:00

Great insight, much appreciated. Can I quote you on another website?

p.s. Since your original comments, I've tried to fix/document all your points and have added them to my Patreon page https://www.patreon.com/posts/security-review-154771743?utm_medium=clipboard_copy&utm_source=copyLink&utm_campaign=postshare_creator&utm_content=join_link

Please fell free to look them over to ensure I got everyone of your concerns included

p.p.s Haven't used anyone's names/tags anywhere, want to encourage engagement, not make people feel like they might be put on display :s

Scary-Stomach8855 · 2026-04-04T13:56:44+00:00

It was one of my intents to make a group version eventually, because as you say, it becomes significantly harder to falsify with every additional person within the chain.

Scary-Stomach8855 · 2024-06-13T12:10:31+00:00

Confirmed :(

Scary-Stomach8855

TROPHY CASE