[Cryptography] Dan Geer: nothing can make online trustworthy

iang iang at iang.org
Tue Jan 7 09:12:32 EST 2020 

On 11/12/2019 14:29, John Young wrote:
> Dan Geer, legendary cyber-pro, claims nothing can make online 
> trustworthy. Users should forego cyber addiction exploited by 
> predators through inherent tech weaknesses.


I demur. I suspect this view is based on (a) assuming that a thing is 
either completely trusted or it is not. That is a misuse of the word 
trust. And (b) that a thing can be trustworthy.

(a) Trust is a risk analysis informed by many things - experience, 
memory, rewards & punishment, reputation, recommendations, etc.  Some 
would say it is the essence of childhood.  E.g., learning how to trust 
is growing up. It is a risk, always, and therefore a negative outcome is 
always possible. For that potential cost there needs to be a reward, 
which pays out most times. The outcome of trust is never binary, always 
uncertain, should be profitable, but always a risk.

Eg, trust is like gambling when you are the house.

(b) Hence, it is ideally suited to person to person interaction, and 
trust is something that shines when people use it on people. When people 
trust machines like "online" it is a form of animism - pretending the 
object is like a person, in order to analyse the risk. This kind of 
works in some settings and contexts but not in others. Eg machines break 
trust because statistically they break; companies break trust because 
the deceive.

So, applying trust and its associated things like trustworthiness or 
trustlessness to a machine like net or blockchain is not how the brain 
was designed. Necessarily, in an adversarial world, this will not work 
out so well.

OTOH, we do know how to connect persons to persons online. If we ignore 
the "online" part and make sure the persons are trusted, then we can do 
that trust of the other person, only online.

But, people online are (often) untrustworthy. The problem therefore 
isn't how to make online trustworthy, it's how to make people 
trustworthy. And for that, looking at tech is the wrong place. Go back 
to RAH's old writings and look at anthropology. Ask where there is 
trust, and look at that.


> Source: "Sandworm: A New Era of Cyberwar and the Hunt for the 
> Kremlin's Most Dangerous Hackers," Andy Greenberg


A book?


(trust me, I'm) iang

More information about the cryptography mailing list