[Cryptography] Dan Geer: nothing can make online trustworthy
iang
iang at iang.org
Tue Jan 7 09:12:32 EST 2020
On 11/12/2019 14:29, John Young wrote:
> Dan Geer, legendary cyber-pro, claims nothing can make online
> trustworthy. Users should forego cyber addiction exploited by
> predators through inherent tech weaknesses.
I demur. I suspect this view is based on (a) assuming that a thing is
either completely trusted or it is not. That is a misuse of the word
trust. And (b) that a thing can be trustworthy.
(a) Trust is a risk analysis informed by many things - experience,
memory, rewards & punishment, reputation, recommendations, etc. Some
would say it is the essence of childhood. E.g., learning how to trust
is growing up. It is a risk, always, and therefore a negative outcome is
always possible. For that potential cost there needs to be a reward,
which pays out most times. The outcome of trust is never binary, always
uncertain, should be profitable, but always a risk.
Eg, trust is like gambling when you are the house.
(b) Hence, it is ideally suited to person to person interaction, and
trust is something that shines when people use it on people. When people
trust machines like "online" it is a form of animism - pretending the
object is like a person, in order to analyse the risk. This kind of
works in some settings and contexts but not in others. Eg machines break
trust because statistically they break; companies break trust because
the deceive.
So, applying trust and its associated things like trustworthiness or
trustlessness to a machine like net or blockchain is not how the brain
was designed. Necessarily, in an adversarial world, this will not work
out so well.
OTOH, we do know how to connect persons to persons online. If we ignore
the "online" part and make sure the persons are trusted, then we can do
that trust of the other person, only online.
But, people online are (often) untrustworthy. The problem therefore
isn't how to make online trustworthy, it's how to make people
trustworthy. And for that, looking at tech is the wrong place. Go back
to RAH's old writings and look at anthropology. Ask where there is
trust, and look at that.
> Source: "Sandworm: A New Era of Cyberwar and the Hunt for the
> Kremlin's Most Dangerous Hackers," Andy Greenberg
A book?
(trust me, I'm) iang
More information about the cryptography
mailing list