undefined | Better HN

0 pointsMattPalmer10869mo ago0 comments

Any well designed privacy system does not rely on the server components doing the right thing. Servers and providers and governments are the main threat actors to be defended against. There should be no way for third parties to compromise that, by design. Almost certainly involving advanced cryptography.

Unlinkabilty and anonymity is not that hard to demonstrate in the design. At it's core it just means each proof or token is unique each time it is presented, and having no mathematical relation to others (and therefore not tied to any persistent identity either).

Client implementations may need auditing of course to make sure they are doing the right thing. But this is not really different to any other advanced technical system which we rely on every day (e.g. TLS).

As you say though, most of the public don't massively care about privacy (unless you mean their visits to porn sites I guess). But they do seem happy to accept crypto coin security assurances without being crypto experts.

As for "the purpose can change" well - so? That is also true or anything else, it does not seem like a reason to avoid having good protection now. Any change that could compromise that would not be undetectable - the fundamental crypto should not allow it. We would know if it happened.

0 comments

_Algernon_9mo ago

All your arguments are technical. It's the social layer that is the problem.

>Any well designed privacy system does not rely on the server components doing the right thing.

This is more expensive than just throwing everything into a centralized database. The extra costs needs to be justified when explaining the price to the voters.

>Servers and providers and governments are the main threat actors to be defended against.

Agreed. And they are the ones implementing the system. Clear conflict of interest.

>As for "the purpose can change" well - so? That is also true or anything else, it does not seem like a reason to avoid having good protection now. Any change that could compromise that would not be undetectable - the fundamental crypto should not allow it.

Introducing an age-verification system requires a lot of political capital (as seen by the repeated failures of introducing it so far). Nudging an existing age verification system to cover new purposes requires far less political capital.

>We would know if it happened.

Only if every technical decision goes the right way, despite all incentives and conflicts of interests pointing the other way. I wouldn't bet on it.

j / k navigate · click thread line to collapse