• JeffCraig@citizensgaming.com
    link
    fedilink
    English
    arrow-up
    40
    ·
    1 year ago

    Man, this makes me rethink my whole idea of online anonymity.

    There’s a lot of reasons why requiring identity verification could be a good thing, but holy shit now I realize how quickly something like that could slip into authoritarianism.

    I still think we need a identity verification service for things like online games and social media (to thwart ban evasion), but it has to be something decentralized.

    • mcgravier@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      It doesn’t have to be decentralized, it has to be anonymous. You want to have an online identity in the number of one per citizen, but not tied to the real identities.

      There’s a way to do this by using regular digital ID and anonymizing it with zero-knowledge cryptography, but AFAIK noone tried this yet

      • volodymyr@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        It may need to be in some way decetralized though, even if some kind of certification authority needs to be in some coherent trust chain.

        It makes me think of inrupt solid, although it’s not quite the same.

        Also I seem to remember some dutch (or used in there) online idenity management infrastructure which allows to make some authorithative claims without getting entire identity revealed. Sadly I can not find it now.

    • darthfabulous42069@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      🤔 A blockchain with a private key tied to your palm print would work. It would guarantee proving uniqueness in a way that no human could differentiate who is what, only the blockchain itself could, and because palm prints are extremely difficult for other people to fake, it would guarantee the ability for websites to actually enforce rules in a meaningful way.

      • QuaternionsRock@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        1 year ago

        While decentralized identity verification is a good idea, this approach is not.

        1. Your identity would be permanently compromised as soon as your palm print is stolen. It can also be stolen without you noticing, unlike well-kept passwords. Much less secure than, e.g., a memorable 30 character password.
        2. People lose parts of their palm print all the time. Touching a cast iron pan for a second shouldn’t lock you out of your accounts for a month.
        3. This requires quantizing the human palm print in a way that is not currently possible. Hashing algorithms require the “butterfly effect” to be effective at hiding the private key, meaning a small change in inputs should result in a large change in output. This is a problem for palm prints, where you’re unlikely to make the exact same measurements repeatedly.
        • VonReposti@feddit.dk
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Palm prints and fingerprints are actually produced at the absolute lowest levels of the skin so you’d have to fry your hand all the way to the meat to permanently damage your prints. Otherwise it’ll regenerate fine with time. The biggest risks to your fingerprints is actually aging.

          Not that I think basing such stuff on prints are a good idea, but I just wanted to clarify the resilience of them.

          • acockworkorange@mander.xyz
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 year ago

            People working in citrus orchards are known to temporarily lose their prints. Imagine having no digital access for over a month. It’s a huge contingent of people.

            Other people are known to lose limbs.🤷‍♂️

            Whatever we think of, it’s got to be some 3 or 4 possible systems to cover 99.9% of the cases. And then you’re still left with a lot of marginalized edge cases; and a system that can be exploited by creating multiple disconnected identities using the different systems in isolation.

            I hope I’m wrong and it’s just my own limitations in creativity, but I don’t see a light at the end of this tunnel.

            • VonReposti@feddit.dk
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Completely agree, I was just addressing the durability of prints as it was misrepresented in OPs comment. Burning yourself on a cast iron (or working with citrus and the like) would at most give you temporary problems with scanning the prints. But a severed finger is definitely impossible to read. For most people the problem though first occurs with aging which affects the elasticity of the skin, making prints hard to read.

          • QuaternionsRock@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            By “for a month” I meant to imply that it will grow back. it’s not very common for people to permanently lose their prints, but we have to consider things like cuts and burns here as well. You won’t be able to verify your identity through a system like this until it regrows, which is an obvious problem.