cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Blockchain (yet again, and again, and again ...)

A consortium of Asian companies wants to create a blockchain-based mobile ID system.

 

Why blockchain?  They aren't saying.

 

What kind of blockchain, and how implemented?  You guessed it: they aren't saying.

 

(Anybody remember PGP?  The Web of Trust model?  That worked, and you didn't need some giant corporation holding all the data, either ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
4 Replies
AppDefects
Community Champion


@rslade wrote:

A consortium of Asian companies wants to create a blockchain-based mobile ID system.

 


That is just a bad, bad, idea from a privacy perspective. Stop the use of immutable device identifiers now! How will I be able to use my burner phone? Keep Google from tracking me? And stop those pesky Ads?

Caute_cautim
Community Champion

Digital Identifiers DIDs, the answer is Blockchain, say the vendors and developers simply said and done - say they.   Just because they want to flog their own product on the market and make some profit, and hope that a bigger organisation then buys them out.   This is where the technologists take over the world, until people and organisations wake up and realise (if they do) all the hype.  

 

Must be very interesting for psychologists, simply analysing watching and observing human behaviour.  I wonder what results they would obtain, if they fed the results through data science and augmented intelligence systems?

 

Regards

 

Caute_cautim 

rslade
Influencer II

 

blockchain

 


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
CraginS
Defender I


@rslade wrote:

...

(Anybody remember PGP?  The Web of Trust model?  That worked, and you didn't need some giant corporation holding all the data, either ...)


 

Really? You think the PGP web of trust worked? No, while the structural theory of the web of trust was well implemented from a technological standpoint, the overall PGP infrastructure failed due to implementation that only deep tech geeks could understand well enough to follow and comply with. Key signing parties? Jeeez ... after three levels you have built in a multi-step transitive trust structure that you have no idea whether you should be trusting signatures far removed from your trusted acquaintances.One bad actor at one party and you may be in trouble.

 

Finally, for the full story on the abomination of PGP/GPG user interface / user interaction / user experience, go read all the papers that start with Why Johnny Can't Encrypt from back in 1999 and falling forward from there. AS Matt Blaze, and others, have said, tha paper should be required fundamental reading for everyone in our field (and for everyone in software design, architecture, coding, or documentation).

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts