Digital IDs Are More Dangerous Than Thought(wired.com)
wired.com
Digital IDs Are More Dangerous Than Thought
https://www.wired.com/story/digital-ids-are-more-dangerous-than-you-think/
8 comments
It is too late, the current path has been chosen and none of the individual players in this game is able to change the rules of this game, every player is keeping all others hostage.
Humankind has passed the treshold of self destruction in slowmotion and there is no way back.
Be very thankful if you are still able to die by natural causes, coming generations will not be granted this gift.
They will live and die under much worse conditions than we are.
You will oppose my view of this but in your heart you know I am right, the door chosen by our forefathers was the wrong one, we are not able to cope with our own weak mind that is playing tricks on us and enable the most poweful of us to do things that are not healthy for our species.
Try to debate me, but remember, you know I am right.
It is going to be weirder than that. Much that is hidden or implicit will be exposed. HIV accelerated gay rights. Humankind destroying itself with overuse of digital indentifiers could accelerate human rights, digital rights, or help to clarify what intellectual property actually is and what boundaries should it obey.
Deniable authentication [1] should be incorporated in all possible protocols where coercion could be employed or the messages have intrinsic value.
Didn't see that concept mentioned explicitly, but the article stayed pretty non-technical.
[1] https://en.wikipedia.org/wiki/Deniable_authentication
Didn't see that concept mentioned explicitly, but the article stayed pretty non-technical.
[1] https://en.wikipedia.org/wiki/Deniable_authentication
Is advanced bio-authentication the most solid path to "true" digital identities? i.e. some way to convert/verify dna to a digital id.
Absolutely not. Biometrics, unlike most other methods of authentication, cannot possibly be changed. This makes it impossible to change it in the event of a compromise. Also, most biometric identifiers are pretty easy to collect from someone in person without their knowledge. We leave DNA and fingerprints on everything we touch.
The problem isn't the "correctness" of current authentication systems. In the US an SSN is already correct for the person to who (whom?) it is assigned. Tax payer IDs in other countries behave similarly.
Essentially biometrics represent the same kind of thing, although possibly less secure as you definitely cannot hide your biometrics from other people.
The problem with existing IDs, and biometrics especially, is that they cannot be changed (biometrics definitely can't be, at least not without surgery). Part of the problem (and what makes it particularly powerful in the US) is that there are a number of widely spread IDs where simply knowing the number/id is sufficient evidence that you are that person (still bizarre after more than a decade here). In the event of compromise (if it becomes a powerful, that is pretty much guaranteed) you /must/ be able to change it. In the US you are ostensibly able to change your SSN, but if you do you get royally screwed for a very long time...
Essentially biometrics represent the same kind of thing, although possibly less secure as you definitely cannot hide your biometrics from other people.
The problem with existing IDs, and biometrics especially, is that they cannot be changed (biometrics definitely can't be, at least not without surgery). Part of the problem (and what makes it particularly powerful in the US) is that there are a number of widely spread IDs where simply knowing the number/id is sufficient evidence that you are that person (still bizarre after more than a decade here). In the event of compromise (if it becomes a powerful, that is pretty much guaranteed) you /must/ be able to change it. In the US you are ostensibly able to change your SSN, but if you do you get royally screwed for a very long time...
Digital systems should require auth via public-key crypto rather than global IDs but keys can be correlated too. Whenever possible we should build systems with technical and economic incentives to preserve privacy, but I wish we had better ways to do that.