Comment by palata

Comment by palata 3 days ago

6 replies

View on Hacker News

> the same reason you won't sell/rent your real-world identity to other people today

If you sell your real-world identity to other people today, and they get arrested, then the police will know your identity (obviously). How does that work with a privacy-preserving scheme? If you sell your anonymous token that says that you are a human to a machine and the machine gets arrested, then the police won't be able to know who you are, right? That was the whole point of the privacy-preserving token.

I'm genuinely interested, I don't understand how it can work technically and be privacy-preserving.

cakealert 3 days ago

It would appear most of the people commenting on the subject don't even understand it.

With privacy preserving cryptography the tokens are standalone and have no ties to the identity that spawned them.

No enforcement for abuse is possible.

Reply View 5 replies
  • overfeed 2 days ago

    > With privacy preserving cryptography the tokens are standalone and have no ties to the identity that spawned them.

    I suspect there will be different levels of attestations from the anonymous ("this is an adult"), to semi-anonymous ("this person was born in 20YY and resides in administrative region XYZ") to the compete record ("This is John Quincy Smith III born on YYYY-MM-DD with ID doc number ABC123"). Somewhere in between the extremes is an pseudonymous token that's strongly tied to a single identity with non-repudiation.

    Anonymous identities that can be easily churned out on demand by end-users have zero antibot utility

    Reply View 2 replies
    • cakealert 2 days ago

      The latter attestation will be completely useless for privacy.

      Reply View 1 reply
      • overfeed 13 hours ago

        100% agree, but it will be necessary for any non-repudiation use cases, like signing contracts remotely. There is no one size fits all approach for online identity management.

        Reply View 0 replies
  • palata 3 days ago

    Right, that's my feeling as well

    Reply View 1 reply
    • overfeed 2 days ago

      While it's the privacy advocate's ideal, the politics reality is very few governments will deploy "privacy preserving" cryptography that gets in the way of LE investigations[1]. The best you can hope for is some escrowed service that requires a warrant to unmask the identity for any given token, so privacy is preserved in most cases, and against most parties except law enforcement when there's a valid warrant.

      1. They can do it overtly in thr design of the system, or covertly via side-channels, logging, or leaking bits in ways that are hard for an outsider to investigate without access to the complete source code and or/system outputs, such as not-quite-random pseudo-randoms.

      Reply View 0 replies