Hacker News new | ask | show | jobs
by someguy7250 1038 days ago
IMO, the meat of this paper is in section 4.3 and 4.4.

And I cannot say for sure, but the formal proof of 4.4 basically summarizes the same points pointed out in 4.3.

Most of these are not inherently mathematical problems but a social one.

> Verifying sentience is a fuzzy concept. While they can be bound together momentarily as we see in [66 ], the binding is very easily decoupled.The verified user might choose to sell off their uniqueness identifier at time period 𝑡 + 1 if the verification which binds sentience with uniqueness ends at 𝑡.

Basically, people can sell identities

----

What really concerns me though, is how much and how often this paper discusses DRM, or in their own words, a "trust anchor"

> With the assumed threat model in our case, the lack of inherent trust in the user only compounds the unreliability of the model without any trust anchor.

> Assuming a proof of location is for a mobile device, rather than a particular human being, then associating the proof of uniqueness obtained under such a condition, i.e., without the involvement of a trust anchor, is unreliable.

I know that the authors aren't directly calling for more centralized trust. But given recent development at Google, we all know how the readers would think
3 comments
zer8k 1038 days ago
> Verifying sentience is a fuzzy concept. While they can be bound together momentarily as we see in [66 ], the binding is very easily decoupled.The verified user might choose to sell off their uniqueness identifier at time period 𝑡 + 1 if the verification which binds sentience with uniqueness ends at 𝑡.

It's a use-after-free for real life!

Calm down Rust people...nothing we can do here.

link
intended 1037 days ago
I got half way (up to the proof). After that they seemed to be describing the regular biometric identity program any country would set up. (Aadhar for India is the easiest comparison).

I felt that this was suggesting that Meta/Google/Platforms, need to start creating Account Recovery Offices.

If your account is compromised, then recovery means you have to prove you are the legitimate owner of the account. You are the real person, not the adversary.

Right now, this must be happening online, with some mix of captcha/image/ ID / Device verification.

But one part of this trilemma is that you need location as well to determine uniqueness.

Maybe you can get it from IP, but the stronger form would be in person verification.

——-

This is so big brother. Prove to me you are who you say to be.

link
MichaelZuo 1038 days ago
> > Verifying sentience is a fuzzy concept. While they can be bound together momentarily as we see in [66 ], the binding is very easily decoupled.The verified user might choose to sell off their uniqueness identifier at time period 𝑡 + 1 if the verification which binds sentience with uniqueness ends at 𝑡.

> Basically, people can sell identities

I can see why Sam Altman believes iris scans are the future, it's definitely much more cumbersome to 'sell off' your iris. Especially if it needs to be rescanned on a daily basis or sooner.

link
wmf 1038 days ago
But Worldcoin isn't doing that. They scan your eyes once and issue you a private key that you can then sell. Maybe one day they can give away scanners CueCat-style but I haven't seen any discussion of that.
link
MichaelZuo 1038 days ago
I can see it since Apple managed to popularize face ID which is almost as good except for identical twins and so on.
link