this post was submitted on 24 Jan 2024
703 points (98.5% liked)

Technology

59219 readers
3314 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

They warned you: Someone allegedly used a politician's cloned voice to interfere with an election | It will most assuredly not be the last time this happens::undefined

you are viewing a single comment's thread
view the rest of the comments
[–] Pxtl@lemmy.ca 63 points 9 months ago* (last edited 9 months ago) (11 children)

I keep saying: none of this will end until we get a clean, cryptographically secure, government-backed way to ID who is sending us something, and it becomes an expectation to use it all the time for anything important. Which is why I have conspiracy theories about the conspiracy theories about government ID.

[–] RobotToaster@mander.xyz 27 points 9 months ago (3 children)

a clean, cryptographically secure, government=backed way to ID who is sending us something, and it becomes an expectation to use it all the time

sounds dystopian.

[–] Pxtl@lemmy.ca 33 points 9 months ago* (last edited 9 months ago) (2 children)

sounds dystopian.

So does the total death of objective fact.

An end to internet anonymity isn't great, but given the alternative I'll take it.

[–] afraid_of_zombies@lemmy.world -3 points 9 months ago

So does the total death of objective fact.

That ship has sailed a long long time ago.

[–] fidodo@lemmy.world 7 points 9 months ago (1 children)

I already have to send photos of my id or passport for all kinds of services, so it wouldn't really be that different from doing that, just less inconvenient. Like, delivery services ask for a photo of your id.

[–] Alexstarfire@lemmy.world 2 points 9 months ago (1 children)

I have never had them ask for one. I could see them doing that if I went to pick up a package they were holding but I haven't had to do that.

[–] fidodo@lemmy.world 1 points 9 months ago

Maybe it's because I get alcohol delivered at some point. I think it's the same thing though, when something needs online verification the workaround right now is to just send a photo of id.

[–] evatronic@lemm.ee 6 points 9 months ago (1 children)

The "government backed" part is ostensibly about a government setting up the framework and like, requiring it be used for official documents.

It wouldn't be too hard to stick a private signing key on say, your driver's license / ID / passport, for instance.

It's a complex issue, though, that sits on how much you trust whoever runs the system at some point.

[–] Electricblush@lemmy.world 3 points 9 months ago* (last edited 9 months ago)

Didn't know where in the tread to reply.

This is being worked on from multiple angles.

In the us apple, Google, Microsoft ++ are working on a common framework for this. (Shocking who are working on this in the us)

The EU has a citizens digital wallet program for the same purpose. These programs are also collaborating so that certificates and proof of personhood/citizenship etc can be exchanged between various actors.

The EU model leans heavily into privacy and user control of data, where you as an individual decides with whom to share your credentials, proof of personhood, etc.

This would lead to many possibilities, like for instance being able to confirm digitally prescriptions for medicine across borders, so you can easily get your medication even if you are traveling in another country, without having to spend time and energy getting signed paperwork send back and forth.

The most simple form of this would be that the system simply verifies that yes, you are indeed a human individual. But can be expanded to confirm citizenship, allow you to share your medical data with institutions, confirm diplomas and professional certification etc.

[–] CriticalMiss@lemmy.world 16 points 9 months ago (1 children)

PGP already exists 🤷‍♂️

[–] doylio@lemmy.ca 0 points 9 months ago (2 children)

PGP isn't tied to a specific person though.

I'm starting to come around to the idea of gov't backed crypto ID, but I am very worried about the potential abuse of that system

[–] afraid_of_zombies@lemmy.world 6 points 9 months ago

I am fine thanks.

[–] CriticalMiss@lemmy.world 1 points 9 months ago (1 children)

It’s tied to an identity. You can sign your message with your PGP key.

[–] doylio@lemmy.ca 1 points 9 months ago

Yes, but it's not Sybil resistant. Anyone can make as many PGP Keys as they want.

What is really needed is the ability to sign messages proving:

  • that I am a specific person ("I am John Smith")
  • that I am a unique person without revealing my ID ("I only have one account here")
  • attributes about me without revealing my ID ("I am 18+", "I am a French Citizen", etc)

This is all possible with ZK cryptography today if you have a trusted data source for the key storage. Governments might be able to set something like this up, but that comes with a lot of privacy concerns. There are other projects like WorldCoin, Idena, and Proof of Humanity that attempt to do this in a decentralized way, but they've all had issues with adoption

[–] SkybreakerEngineer@lemmy.world 16 points 9 months ago (2 children)

How about we find whoever did this and throw them in jail for fraud? You know, deterring crime like the law is supposed to do?

[–] NoSpiritAnimal@lemmy.world 4 points 9 months ago (1 children)

Laws do next to nothing to deter crime

[–] Nommer@sh.itjust.works 1 points 9 months ago (1 children)

So that means we shouldn't have any?

[–] drislands@lemmy.world 0 points 9 months ago (1 children)
[–] fidodo@lemmy.world 3 points 9 months ago

Dunno if this is domestic or not. Would be hard to do anything if it's a foreign attack.

[–] Randelung@lemmy.world 12 points 9 months ago

Yeah, we have all the tech already. PKI exists. Just issue a white house certificate and use that to sign official stuff - documents, press releases, videos. They CAN control their narrative if they wanted to. It just takes someone near the top who understands technology.

Wouldn't have stopped the fake phone call, though...

[–] RGB3x3@lemmy.world 6 points 9 months ago

There's already a system for it. But to roll that out to everyone would be an administrative nightmare. And tbf, the system of digital certificates is not exactly "clean." There are always issues.

I agree that it would be great to have that, but it just doesn't seem feasible. Perhaps a different system needs to be created.

[–] Virulent@reddthat.com 6 points 9 months ago

The people who fall for shit like this don't know what any of that means or would understand it if you tried to explain it to them

[–] A_Random_Idiot@lemmy.world 2 points 9 months ago

Sure, that works.. If you either change the entire american telecommunication system, and cut it off from the rest of the world.. or change the entire worlds telecommunication system.

But you're not going to get any of those, Which means your cryptographic phone system will have to be backwards compatible, which means skeevy fucks can continue to do this shit.

[–] daltotron@lemmy.world 2 points 9 months ago

cryptographically secure

Isn't this the only part of this that's really important? If you can see me in real life, if I can give you a cryptographically secure way to check whatever I'm sending you in the future, badda bing, mission success. It's only a problem if my code becomes compromised on my end, leaked or something. It requires faith that your friends won't get compromised, but that's pretty much going to be true of any system you might devise there. That's not the job of cryptography, or some document the government has, that's just the job of your own personal security practices to make sure you're not giving around codes and passwords willy nilly. I don't understand why this really needs to be tied to the government or to specific people at all.

[–] SendMePhotos@lemmy.world 1 points 9 months ago

Doesn't MFA already work? Don't we have a shared code system?

[–] supercriticalcheese@lemmy.world 1 points 9 months ago

Well then you will have conspiracy theorists to tell you that government backed IDs are fake cause reptilians are controlling them...

Newspapers l, specially tabloids feeds on sensational crap like this

[–] kibiz0r@midwest.social 1 points 9 months ago

You don’t even need to ID who is sending it, just that the content itself can provide some grounding in an authentic source.

Like if a picture can say that it derives from an original photo captured by a camera signed with Canon’s credentials, and was changed in Photoshop in these specific ways and signed by Adobe…

There is a group working on exactly this. It’s called C2PA.