Discover more from Epistemink
As more and more things are moving online, two problems became apparent to our collective consciousness:
How do you know someone is really a person?
How do you know someone is who they say they are?
Initially, the “person” thing wasn’t a big issue, the internet was used for low-stake amicable activities, and impersonation, bots, and alternative accounts weren’t a big deal. As for the second issue, well, we used usernames and passwords.
But now we use the internet for everything, banking, work, brokerage.
So how do you solve the issue?
Easy, a while ago smart mathematicians devised various schemes of public-private key encryption. A person simply generates a private key, sends their public key over to the authenticating entity, and can then get back a challenge, no matter where or on what device, to prove who they really are by decrypting said challenge with their private key.
Identity is also easy to solve, there are 3rd party identity verification services, that simply verify a private key’s possessor document once, and can make the information public to those transacting with them. Some are open source and distributed, other centralized, and there’s an ongoing argument about privacy, but the whole system work.
Security is also a big deal, but depending on how much is at stake various people can use various mechanisms. My grandma keeps her private key on her phone, she doesn’t use it for much besides email, I keep mine on a physical token with no internet access and a basic interface for encryption and decryption, and I have backups with two trusted friends. The president of the US keeps their token split between 3 devices, all of which are needed to form it, two entrusted to secret service members shadowing him at all times.
Wait, no? That’s not how we do it? Then how do we… ?
Oh, oh right
It’s mainly based on these little things called SIM cards and the phone numbers they represent, they receive challenges via…
An insecure network owned by a mixture of governments, international corporations, and small mom & pop companies
The number themselves are not bound to the tokens but rather assigned by…
Small and large for-profit corporations in the business of selling internet bandwidth and TV aren’t accountable for their security, aren’t known for running 3-rd party security audits, and can switch them or disable them at will.
And they are tied to a person by…
Government regulation, which requires you to maybe present a photo of a passport to… a guy in the 24/7 you are buying from. This data is, oh, it’s not accessible, to anyone, including myself, and doesn’t exist for older phone numbers.
No worries though, serious companies use email accounts that are…
Also, not guaranteed to be secure, and not tied to individual identity.
These accounts can be accessed with an id and a password, but don’t worry if you lost it, you can recover the account using your phone numb…
Wait, doesn’t that make the extra security layer redundant?
At any rate, it is my sole belief that when the crypto people take over the world it won’t be because of some difficult problem they solved, or decentralization, or anything like that.
It will be purely because some of the communities have managed to solve coordination problems around not taking dumber-than-dumb tech decisions, where best practices that we’ve known about for half a century are ignored for the sake of, ahm, a few minutes worth of convenience.