285
Dropbox dropped the ball on security, haemorrhaging customer and third-party info.
(www.theregister.com)
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 03 May 2024
285 points (96.4% liked)
Technology
58150 readers
3642 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
It's almost like the cloud isn't the answer to everything...
Back when "cloud computing" was the latest buzzword, I had the same feeling that I have about LLMs now: Sure, it's neat and has many uses... but it doesn't solve everything.
It's worth noting that I had the same feeling about block-chain, but I still don't know about a practical use cases for a public write-only database.
Write-only meaning it can't be read...?
They probably meant append-only meaning existing entries can't be changed (for some value of "can't").
Ye, it's just a fancy
/dev/nullas a servicehttps://devnull-as-a-service.com/
I can give you one really quickly, birth and death certificates, which would establish, based on history, exactly where you were born and when you died, so you could always prove your identity by saying, hey, look here, it's available globally.
until i pay a doctor in some rogue country $200 to put me in the system as dead when i'm not
I mean I can't personally see why you would wish to do this because if you were reported to be dead then you would be a non-person and therefore would not be eligible for things like the Geneva Convention or basic human rights because you don't exist. So, like, in that case, if I killed you, it wouldn't be murder because you were already dead.
it stresses me out that techbros exist out there who are this utterly clueless about the space they're trying to revolutionize
It's the same with machine learning.
People persuading ChatGPT to spit out some code, then getting offended when coders point out that you can't rely on GPT enough to use it blind.
I'm not trying to revolutionize this space. Other people are, but I'm not one of them. I was using it as an example.
You managed to learn about block chain and the internet but not faking your own death and stealing an identity?
I mean, I know it's obviously possible to do so.
Alright, I'm going to be a real pain in the arse here and throw some edge cases at that idea - not because I'm trying to be a cockwaffle (I can manage that all by myself), but trying to straighten out my understanding of these things...
In short, what criteria does the data have to meet to make it immutable, and can that be changed in future?
Birth certificates are brilliant for establishing time dates and places, but what if someone changes their name or gender partway through life? Is there a function to amend the original blockchain entry, or is a new one created that supersedes an old entry in the ledger?
By design nothing in the chain can be altered. But of course you could have a block indicating "person X is now person Y". But you can always read that Y was at some point X (and at what point the change happened). That would not be good, as it would be a public ledger of all trans people. It would also make things like witness protection impossible because inserting a block "today in 2024, person W was born in 1974" is very suspicious
Awesome, thank you for the insight!
Same with corrections.
These are actually very good questions. As far as when it's immutable, that's almost immediately because of the hash power of the network. After about 60 minutes, you can really trust that it cannot be reversed. As some other comments mentioned, you would update the database throughout time rather than modifying the original entry. So you could still trace it back. I saw some comments about witness protection programs and trans protection. And I think that would come down to data management with things like fully homomorphic encryption, allowing for checking whether something is valid, even an encrypted format without having to decrypt it and know the contents. So someone could tell you they exist and then they could point you to their entry on the blockchain and you can see that indeed they exist without knowing anything about them.
A simple test would be something like, I want to order a drink, so I go into a bar. I sit down and the bar person asks me for ID. I give them my entry on the blockchain, and then they check to make sure that the entry was created at least 21 years ago. Since I did not hand over my ID, they don't know my name unless I give it to them. They don't know my street address and other details that would be on a currently government issued ID.
revolutionizing the underage drinking industry
literally all they need now is a qr code
they can even all share the same one
That's really cool, thank you for the explanation and example!
But the accuracy of this information would still depend on external institutions or persons that you have to trust, right? I have admittedly never dived too deep into the whole block chain topic, but that seems to go against the underlying idea.
I mean, if it's the blockchain, I assume that you're trusting the parents who would register their child when they were born, since the child can't really register themselves. My thought would be maybe due on-chain signatures for the parents saying that their child was born and then some number of family friends who also physically see the child and can verify that they exist would also sign.
As said, i am not really that knowledgable in the whole blockchain topic, so anyone feel free to correct me where i am wrong:
Why should i trust those parents/friends (or doctors if present)? Presumably this would be a global system? So why should i trust a group of random people from idk Somalia? I probably don't even fully trust any institutions there. My understanding (simplyfied) is that with bitcoin the coins themself are mined by finding solutions to hard math problems that once found can be easily verified by anyone. So at the base you have something i myself can verify to be true. Whoever finds the right number first gets the coin and after that you only need to keep track of trades and this is where the blockchain helps.
What data would be stored on this block chain? Honestly seems like a bit of a privacy nightmare. I wouldn't want all family history and identifiable information to be public, so it can serve as an ID.
To go along with the point above, how would you verify that a specific certificate on the chain belongs to you? Similar to a password for a crypto wallet? So that it can be lost without ability to be recovered, that your parents have control over it from the start, and that people who gain access to it can abuse it? Basically all issues similar to the US social security number? Or by having a passport or similar do the job, which kind of defeats a lot of the purpose of that blockchain being the source of ID.
It wouldn't be enough to make a birth/death certificate. You would still need a system to change/add information. Like what if somebody changes their names? Also not every child will be added from the start, so you will need to handle late additions (that e.g. make date of birth even more unsure). What if someone goes missing or dies and it isn't reported? Also a small number of people might also require new identities for security purposes (think victims of abuse), how do you handle the need for an institution having the ability to create such fictional new identities?
I could probably find more issues.
So imo truth ultimately has to come from somewhere in the real world. And at places that might benefit from some system that is seperated from institutions (because they are poor, authoritarian, oppressive or have unstable governments for example) will at the same time have more difficulties providing something you can trust.
And in reverse regions that might have an easier time like the EU don't really seem to need it. Also as far as electronic IDs go the EU is planning that with eIDAS 2.0 and the EUID. Don't think it invloves a blockchain at any stage.
100% right
However, it is absolutely the answer for needs like those Dropbox, Google Drive, Nextcloud, etc. were designed to address.
Do you think online document sharing/signing is a bad idea?