I've added some deposit penalties to the POI system. Two separate ones.

Protect against small-scale attacks

First, unverified users loose their deposit, and it is given to all verified POI users that month.

This protects against small scale attacks. The pseudonym events has a point system, 3 nyms always win over 2 nyms, so that an attacker would have to control at least 3 accounts in a pseudonym group. Since the groups are random, for every 3 account group an attacker controls, there would be lots of 1 and 2 account groups that they would loose their deposit in.

When I first designed the system, I did not include the point-system thing, so an attacker there would only have to control 2 accounts to verify one another. With the point system, having to control at least 3 accounts to scam the system, then deposit penalties make more sense since that adds a bigger cost to an attacker relative to a nym being ostrasized by the others which is the down-side of deposit penalites and the reason I chose to exclude it.

The point system works so that each nym gets to portion out 5000 NYM, and -1500 NYM, and each nym needs at least 4000 NYM to be verified. This way, 3 nyms always win over 2 nyms, and 2 nyms can still verify one another if for some reason the 3 others do not show up for the pseudonym event.

Protect against large-scale attacks

Second, if 30% of all previous POI holders vote to cancel the current round, then the current rounds POIs are made invalid, and 30% of all deposits are taken from the current round, and redistributed to holders of POI in the previous round.

This protects against large-scale attacks where someone might have put in 3-5 * total number of registered users * depositSize and control a majority of the pseudonym groups. Since such an attack would cost 1/3 of those deposits, and the POIs would be useless, that would mean there is less of an incentive to attack.

In case of a continued large-scale attack the next round, the previous POI holders from the round before the round that was compromised, the same POI holders who stopped the attack, could vote to dissolve the next one.

What are POIs ?

The idea is that the POIs are pseudo-anonymous, each nym receives a new POI every month that is not traceable to their previous one, on a new private key, making them a bit like a currency, like how Bitcoins are digital cash. So it's not an identity in the traditional sense, but specifically a proof-of-human. I designed them for use with Swam Redistribution. They are disposable, sort of like how a SnapChat snap is a throw-away.

Below is a new UI concept from yesterday,

Try it out the Ethereum Ropsten test net

This version on the test net includes most of these deposit features. I've not debugged it so its possible that there are bugs. https://testnet.etherscan.io/address/0xde3ac1e32853be0a8a259f5b39011e22de6afc68#code

The previous POI system, without deposit penalties, runs well and is on https://testnet.etherscan.io/address/0xe6e65461701548e3b4bc06ccce146b08ff3fd998#code

How does the POI system scale at the moment ?

The Ethereum state-computer currently does 10 transactions per second. The pseudonym events last for 15 minutes, 900 seconds, so that's 9000 transactions per pseudonym event. Since each nym might give out rewards a couple of times, it might currently scale to around 3000 people, which could potentially be a test group for different crypto basic income projects, including Swarm Redistribution.

Vlad Zamfir and other Ethereum researchers have mentioned that Ethereum 4.0 could support millions of transactions per second (video), and so this is not a limitation in the long run.