| HN Mirror

Y	Hacker News new \| ask \| show \| jobs

by AnthonyMouse 4 days ago

> Critical data is always better in the hand of a few (trustable) than in the hands of many.

Centralizing identity so that your ID number becomes "crucial data" is worse than not doing this so that the "crucial data" doesn't exist. This is the natural conclusion of your own logic -- having it in the hands of zero entities is better than having it in the hands of one.

Case in point:

> That is currently the exact reason why you are using Paypal instead of giving your credit card number to everybody.

The reason this is happening is that credit cards use the card number as a secret, which is insane.

Imagine a payment system that works like this: The merchant gives the client a request for payment, which is only the amount of the bill and the deposit routing number of the merchant -- specifically a number that can only be used to make deposits, not withdrawals. The buyer's device, using a standard protocol, then tells the buyer's bank to transfer that amount of money to the merchant. The buyer's device receives a random UUID for the transaction from their own bank and provides the UUID to the merchant.

First, notice that this would be extremely decentralized. All you need is for each financial institution to use its own prefix in its routing numbers and then the centralization is strictly to prevent different financial institutions from using the same routing prefix as one another and publish the entirely non-secret mapping from routing prefixes to depository institutions.

Second, notice that the merchant receives no information about the buyer. All they get is a random UUID that allows them to confirm with their own financial institution that the bill was paid and there is now money in their account, and even their financial institution only knows the UUID and which financial institution transferred the money to them, not which individual.

If the only thing the intermediary could discover is which bank you use and absolutely nothing that could allow them to steal your money, who needs Paypal? The fact that it doesn't work like that is the scam.