Author Topic: Don't Rush to Register Your Identity  (Read 2196 times)

0 Members and 1 Guest are viewing this topic.

Offline hrossik

  • Jr. Member
  • **
  • Posts: 38
    • View Profile
The point is that they would have to put something at risk which to you is of equal value to the information they possess.

What will happen if the value of the information changes? You have no way of restoring the equilibrium, unless the other party is willing to increase their stake, which might not be the case.
BTS: hr0550

Offline Thom

That said the only way to insure all aspects of my digital self remain in my control is to never release information to anyone, b/c as soon as you give information away you have lost control of it.
That isn't true. There are enforcement mechanisms within smart contracts such as collateral, reputation, etc. If there are leaks then the leaker is consequenced. They could lose both their security deposit as well as the most coveted thing they can own which is their reputation.

Just as there are non disclosure agreements there can be a distributed smart contract form. In fact I outlined how to do it somewhere on the Internet.

I beg to differ with you on this point luckybit, it is true. Sure you can establish incentives to minimize risk but the fact remains the only SURE way to keep information from spreading is to limit access, which starts at the source. Reputation means nothing to psychopaths and the disreputable, and game theory is based on self interest, of rationally motivated people not the irrational and sadistic. Consequences don't stop leaks they just deter them.

Assuming Snowden is telling the truth, how much control did the government have over the info he was trusted to keep secret? Don't you think the access control, consequences etc used by the government were about as strong as they come? DId they work? Obviously not.

The limitation of any access control methodology is the people that use it. There is always a way to provide a greater incentive to overcome fear of retribution, ostracism, spoiled rep or other consequences. Game theory fails for those following an irrational believe system, or those who's values my transcend their own safety or personal desires. People who don't care about their life or who may be terminal or who value a loved one more than their own life are tough to design disincentives for.

Life is risky. There is no way to remove all risk, nor should that be our goal, so perhaps sufficient incentives and disincentives could be used to reduce risk to acceptable levels. What is acceptable? That is highly subjective. As was pointed out in the Corbett Report video, that also changes over time as it did for social security numbers which were not to be used for ID purposes but look at their use today.

Many do confuse privacy and anonymity, that's quite true. They are very distinct and different. At our current place in history where many people and organizations exist that wish to do harm to others, both privacy and anonymity are useful tools.I don't see that changing in my lifetime.

Ideally the association between the name of each delegate and the IP address of the delegate servers they operate should be very difficult to determine. Knowledge of such associations provides additional attack vectors and weakens security. Does the VPS host company need to know the real world identity of the operator? Wouldn't it be better for the delegates and for the security of BitShares if the delegates were anonymous VPS users that pay their bill on time?

Quote
That is the simple fact. No technological tools can be used to guarantee information only goes to the people you give explicit permission to have it. It leaks.

The operative word above is only applicable at the information's source, anywhere else you rely on the subjective actions and judgements of others and thus you loose the absolute guarantee.

Quote
Cryptography, smart contracts, reputation, and consequences. Of course you will have some people who don't care or who will choose to sarifice some property they own in order to release your information to the public. The point is that they would have to put something at risk which to you is of equal value to the information they possess.

This can all be mapped out through game theory. As long as there is equal risk taken by Alice and Bob then it would be mutual destruction if either one breaches the contract. On the other hand if Alice or Bob determine they don't care about what they would lose by being untrustworthy then you would have a point and all the game theory breaks down.

So ultimately you want the person who possesses your information to have more to lose by leaking it than by not leaking it. A security deposit is one way to do it so that they lose a lot of money if it can be proved that they leaked it but this might not be effective in a lot of cases. Reputation is also important to people and if a person has a reputation for leaking secrets they'll never again be trusted to keep secrets.

It's not perfect but I would think you'd have about as much ability to trust people decentralized as you do centralized, by similar mechanisms. As long as the average person has more to lose by breaking the contract than by following it. Isn't that why we trust delegates? The delegates have more to lose by not being honest than by being honest and as a result most delegates will choose to be honest for as long as possible.

So the question is, would you rather trust individuals you hand picked or trust random strangers working for big corporations or in government? I think at least when you pick them you can have more control than you have right now. You don't get to pick them right now.

Sure, if I pick ALL of my agents I would have the best possible (tho not absolute) control over information leakage. Ultimately the information must be put to use, be it my address, date of birth, income or whatever. Until automated vehicles can deliver my packages a human I didn't explicitly grant access to will need to know my address. That's the weak link in access control, where the info is "in the clear".

Whether identity registration would be best centralized vs. decentralized is a matter of how the information will be used and how access to it is controlled. I can see benefits to both approaches.
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech2 Witness Reports: https://bitsharestalk.org/index.php/topic,23902.0.html

Tuck Fheman

  • Guest
Why do you think Satoshi Yakamoto protected his / her / their real world identity from the get go?

So no one would find out they were really Satoshi Nakamoto?
=b

Offline BunkerChainLabs-DataSecurityNode

Privacy is about access control not secrecy. It's not important that we have secrets but it is important that we limit access to sensitive information about ourselves.

Limited access meaning you can programmatically select who can access what and under what circumstances. Secrecy on the other hand breeds corruption and allows for government agents to get away with bad deeds.

To protect ourselves we need transparency and privacy. The way to have both is programmable privacy (access control) instead of total secrecy (where you're the only one in the world with access). The same way multi-sig or split shared secrets are more secure than to give one person a private key to everything.

I want control. I think all participants should have control over their data. I don't think secrecy protects participants because no one trusts a person who keeps secrets from all but I do think if you selectively give access then you can both be trusted and private. In the situation where you want to rule yourself out as not being involved with terrorism wouldn't it be nice if you had an identity to link your transactions to? Wouldn't a receipt suddenly come in handy at that moment?

Quote
Before you rush to build an identity registration system, or, to submit your face, fingerprint or DNA to such a system, please, please please take a moment to think what your decision may do to your future, and that of the people in your life. I get a major chill when I think of VOTE and government involvement in identity registration.

Having an identity, a reputation, are good things. The problem with how it's done today is you're not in control of who can access your information. You don't own your digital self.

By giving people control and ownership back of their digital self then they can share themselves with the people they designated as trusted. If a person is anonymous with no reputation, no one anywhere knows their identity, no way to confirm they are who they say they are, what good is that? The person could easily be a terrorist or undercover corrupt government agent and we would have no way to know.

On the other hand if an entity of their choosing has their identity then that entity could verify them as a "stand up" person or a "legitimate" person.

To put it into perspective Alice and Bob seek to communicate pseudo-anonymously, privately, but they want to be able to know that they are dealing with a "stand up" / "legitimate" individual. To accomplish this Alice would register her identity with a peer to peer identity verifying DAC and Bob would also register his identity with a peer to peer verifying DAC. As long as that decentralized entity knows and verifies their identity then some people in the world are on record vouching for their authenticity.

Now why is this important? Let's say it's 2025 and now there are civil wars, terrorist attacks going on, and anonymous groups are abusing the technology we've helped to create. Wouldn't it be useful in that context to have an ability to have people know you're vouched for? This isn't the same as a government ID because in this case there might not need to be a centralized service which has your identity information.

This is good for your privacy because it means no one can attack the central identity service to hack everyone and steal their identities. But it also would give you the ability to have a reputation and identity when having that can come in handy. Anonymity is nice when you want free speech but if you want to be taken seriously, and you want to be trusted, then being anonymous may be in your detriment. Additionally in the situation of a conflict or war it would definitely be in your best interest to have an identity so long as you have complete control over who can access it.

Well said.. privacy is just that.. access control.. and the big issues we face is that we do not have that full control over our digital identifies.. there is the tendency in crypto circles to mix privacy with anonymity and secrecy.. its an unhealthy misconception.

Well stated  +5%
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit

That said the only way to insure all aspects of my digital self remain in my control is to never release information to anyone, b/c as soon as you give information away you have lost control of it.
That isn't true. There are enforcement mechanisms within smart contracts such as collateral, reputation, etc. If there are leaks then the leaker is consequenced. They could lose both their security deposit as well as the most coveted thing they can own which is their reputation.

Just as there are non disclosure agreements there can be a distributed smart contract form. In fact I outlined how to do it somewhere on the Internet.
Quote
That is the simple fact. No technological tools can be used to guarantee information only goes to the people you give explicit permission to have it. It leaks.

Cryptography, smart contracts, reputation, and consequences. Of course you will have some people who don't care or who will choose to sacrifice some property they own in order to release your information to the public. The point is that they would have to put something at risk which to you is of equal value to the information they possess.

This can all be mapped out through game theory. As long as there is equal risk taken by Alice and Bob then it would be mutual destruction if either one breaches the contract. On the other hand if Alice or Bob determine they don't care about what they would lose by being untrustworthy then you would have a point and all the game theory breaks down.

So ultimately you want the person who possesses your information to have more to lose by leaking it than by not leaking it. A security deposit is one way to do it so that they lose a lot of money if it can be proved that they leaked it but this might not be effective in a lot of cases. Reputation is also important to people and if a person has a reputation for leaking secrets they'll never again be trusted to keep secrets.

It's not perfect but I would think you'd have about as much ability to trust people decentralized as you do centralized, by similar mechanisms. As long as the average person has more to lose by breaking the contract than by following it. Isn't that why we trust delegates? The delegates have more to lose by not being honest than by being honest and as a result most delegates will choose to be honest for as long as possible.


So the question is, would you rather trust individuals you hand picked or trust random strangers working for big corporations or in government? I think at least when you pick them you can have more control than you have right now. You don't get to pick them right now.

« Last Edit: April 01, 2015, 11:08:34 pm by luckybit »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Thom

A most excellent reply luckybit, thanks for clearing the murky waters with clear distinctions and definitions.

I agree with your perspective, entirely.

That said the only way to insure all aspects of my digital self remain in my control is to never release information to anyone, b/c as soon as you give information away you have lost control of it. That is the simple fact. No technological tools can be used to guarantee information only goes to the people you give explicit permission to have it. It leaks.

Trust is a precarious thing in human affairs. Bob & Carol have been the best of friends for decades. They have grown in their trust and respect for each other. Carol is secretly addicted to gambling, a habit she hides from everyone including Bob. But Bob learns her secret and the debt Carol has accumulated and things she has done that jeopardize her family the extremes she goes through to avoid exposure, Bob regrets telling Carol about various business deals that if leaked would have serious financial ramifications.

Trust is not a forever thing. The foundation of trust may be solid and safe one day but that can change in an instant. Any organization can be compelled by law, even retroactively, to provide any and all information to government agents on demand. Do you trust such agencies to withhold their compliance to unjust / tyrannical laws?

You give your address to a shipper, but how can you insure the thief that works for the shipper won't have access to it? You can't. There are only so many safeguards you can put in place to control access to your information.

Government builds massive databases of information on people so they can control them That is the game the NSA loves, to get all that juicy info about the president or anyone else in power so they can hold it over their head, to blackmail them. J. Edgar Hover ran the FBI for a very long time by keeping tabs on the otherwise private habits of critical people in power.

The IRS goes for fishing expeditions in the data their victims supply, that otherwise they would not be aware of.

The 5th amendment will provide no protection if you made the information sought public. in the vast majority of court cases all of the evidence required to convict people come from their very own mouths.

Is it naive to think the solution is total transparency for everything, to eliminate all secrets? Something to think about as you get dressed in the morning.

« Last Edit: April 01, 2015, 09:45:14 pm by Thom »
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech2 Witness Reports: https://bitsharestalk.org/index.php/topic,23902.0.html

Offline luckybit

  • Hero Member
  • *****
  • Posts: 2921
    • View Profile
  • BitShares: Luckybit
Privacy is about access control not secrecy. It's not important that we have secrets but it is important that we limit access to sensitive information about ourselves.

Limited access meaning you can programmatically select who can access what and under what circumstances. Secrecy on the other hand breeds corruption and allows for government agents to get away with bad deeds.

To protect ourselves we need transparency and privacy. The way to have both is programmable privacy (access control) instead of total secrecy (where you're the only one in the world with access). The same way multi-sig or split shared secrets are more secure than to give one person a private key to everything.

I want control. I think all participants should have control over their data. I don't think secrecy protects participants because no one trusts a person who keeps secrets from all but I do think if you selectively give access then you can both be trusted and private. In the situation where you want to rule yourself out as not being involved with terrorism wouldn't it be nice if you had an identity to link your transactions to? Wouldn't a receipt suddenly come in handy at that moment?

Quote
Before you rush to build an identity registration system, or, to submit your face, fingerprint or DNA to such a system, please, please please take a moment to think what your decision may do to your future, and that of the people in your life. I get a major chill when I think of VOTE and government involvement in identity registration.

Having an identity, a reputation, are good things. The problem with how it's done today is you're not in control of who can access your information. You don't own your digital self.

By giving people control and ownership back of their digital self then they can share themselves with the people they designated as trusted. If a person is anonymous with no reputation, no one anywhere knows their identity, no way to confirm they are who they say they are, what good is that? The person could easily be a terrorist or undercover corrupt government agent and we would have no way to know.

On the other hand if an entity of their choosing has their identity then that entity could verify them as a "stand up" person or a "legitimate" person.

To put it into perspective Alice and Bob seek to communicate pseudo-anonymously, privately, but they want to be able to know that they are dealing with a "stand up" / "legitimate" individual. To accomplish this Alice would register her identity with a peer to peer identity verifying DAC and Bob would also register his identity with a peer to peer verifying DAC. As long as that decentralized entity knows and verifies their identity then some people in the world are on record vouching for their authenticity.

Now why is this important? Let's say it's 2025 and now there are civil wars, terrorist attacks going on, and anonymous groups are abusing the technology we've helped to create. Wouldn't it be useful in that context to have an ability to have people know you're vouched for? This isn't the same as a government ID because in this case there might not need to be a centralized service which has your identity information.

This is good for your privacy because it means no one can attack the central identity service to hack everyone and steal their identities. But it also would give you the ability to have a reputation and identity when having that can come in handy. Anonymity is nice when you want free speech but if you want to be taken seriously, and you want to be trusted, then being anonymous may be in your detriment. Additionally in the situation of a conflict or war it would definitely be in your best interest to have an identity so long as you have complete control over who can access it.



« Last Edit: April 01, 2015, 07:32:16 pm by luckybit »
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads


Offline yellowecho

For those of you that hang around here much you know where I stand on the idea of privacy, BM & I got into it over the changes in TITAN, where the "I" was changed from Invisibly to Instantly. BM also wrote a blog about the nature of privacy, which made several very important points, one being once lost, privacy is almost impossible to regain. Just ask any celebrity. Why do you think Satoshi Yakamoto protected his / her / their real world identity from the get go? Why do you suppose BM more or less gave up on trying to become anonymous? Most likely it's b/c he knew that "the cat was already out of the bag", and it would be nearly impossible to recapture it.

I have seen many threads here of people who echo the sentiment, "I've got nothing to hide, what's the big deal, so I'm in one more database". I urge you to open your mind, stop and think for a minute about the ramifications to the decisions you make about what you publicly disclose.

There a numerous reasons in our modern era that compel a casual attitude about information sharing. The Internet is an odd tool of irony with regard to freedom & privacy, government control and personal autonomy, reputation and anonymity.

Before you rush to build an identity registration system, or, to submit your face, fingerprint or DNA to such a system, please, please please take a moment to think what your decision may do to your future, and that of the people in your life. I get a major chill when I think of VOTE and government involvement in identity registration.

You've all heard of the "how to boil a frog" analogy, which is actually a "slippery slope" logical fallacy, but ask yourself, is there truth in it? Please do the same with this Corbett Report and act accordingly.

Quote
Half a century ago people had to be reassured their social security card was not bing used for identification. Now there are federally standardized and globally synchronized ID cards, government-sponsored online ID projects, DNA databases, and even secret databases of your newborn baby's genetic information and nobody bats an eyelid. How did we get here, and how can we break this conditioning? -- James Corbett


https://www.youtube.com/watch?v=p8SU3DSKSDU

I agree with with on all points made and glad you brought it up; however, I think it's important to distinguish private vs governmental registration/verification.  From what I've seen and read so far, all proposed verification methods are through third parties not a government which is no different than how banks operate.   With that said, I'm not verifying anything ! :P
696c6f766562726f776e696573

Offline Thom

For those of you that hang around here much you know where I stand on the idea of privacy, BM & I got into it over the changes in TITAN, where the "I" was changed from Invisibly to Instantly. BM also wrote a blog about the nature of privacy, which made several very important points, one being once lost, privacy is almost impossible to regain. Just ask any celebrity. Why do you think Satoshi Yakamoto protected his / her / their real world identity from the get go? Why do you suppose BM more or less gave up on trying to become anonymous? Most likely it's b/c he knew that "the cat was already out of the bag", and it would be nearly impossible to recapture it.

I have seen many threads here of people who echo the sentiment, "I've got nothing to hide, what's the big deal, so I'm in one more database". I urge you to open your mind, stop and think for a minute about the ramifications to the decisions you make about what you publicly disclose.

There a numerous reasons in our modern era that compel a casual attitude about information sharing. The Internet is an odd tool of irony with regard to freedom & privacy, government control and personal autonomy, reputation and anonymity.

Before you rush to build an identity registration system, or, to submit your face, fingerprint or DNA to such a system, please, please please take a moment to think what your decision may do to your future, and that of the people in your life. I get a major chill when I think of VOTE and government involvement in identity registration.

You've all heard of the "how to boil a frog" analogy, which is actually a "slippery slope" logical fallacy, but ask yourself, is there truth in it? Please do the same with this Corbett Report and act accordingly.

Quote
Half a century ago people had to be reassured their social security card was not bing used for identification. Now there are federally standardized and globally synchronized ID cards, government-sponsored online ID projects, DNA databases, and even secret databases of your newborn baby's genetic information and nobody bats an eyelid. How did we get here, and how can we break this conditioning? -- James Corbett


https://www.youtube.com/watch?v=p8SU3DSKSDU
« Last Edit: April 01, 2015, 03:28:50 pm by Thom »
Injustice anywhere is a threat to justice everywhere - MLK |  Verbaltech2 Witness Reports: https://bitsharestalk.org/index.php/topic,23902.0.html