this post was submitted on 10 Nov 2023
765 points (95.7% liked)

Memes

45966 readers
1751 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago (1 children)

For government documents you need nothing but a plain old certificate to create a digital signature. If there is a single instance of trust (such as a government) there absolutely no point in using a blockchain.

Decentral NFTs for concert tickets would only make sense if you were looking for a solution to liberate the second market, i.e. people selling tickets to other people without involvement of the host of the concert. Such a model is neither beneficial for the hosts (as they wouldn't benefit from the second market sales) nor the visitors (as the second market typically leads to even higher prices). If you meant a way to return/trade tickets on a platform controlled by the host / the original issuer of the tickets, then there's again no need at all for crypto aside plain old, stupid certificates.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (2 children)

Even in single instances of trust there can be advantages to using blockchain for those applications:

  • Decentralization can give you better uptime/availability of those documents. If the DMVs website or authentication service goes down, documents can still be authenticated since they and/or their signatures stored in a distributed manner. The internet can go down at your bar but if you have a recent copy of a chain, you can still verify somebody's ID.
  • It can make them easier to transfer between parties, and creates a digital "paper trail" which can conform to whatever requirements one might have. For example, you could easily require several parties to sign off any time the document is moved or assigned to a new person.
  • You can use those documents and their signatures with smart contracts or other decentralized apps. For example, you could sign up for an account at a bank or a platform like eBay using your NFT'd digital ID and the bank could accept it would needing to manually verify if the id "looks fake" or if your blurry phone picture is going to cut it. They don't have to call up the government and ask them to verify it or pay some third party to match your address against their database of known people, etc.
  • Maybe you need better transparency in how many documents are issued and (potentially) to whom. Voting systems, for example, are a use case for this. It could be used for shareholder governance structures, etc.
  • Blockchains can enforce rules which centralized entities can't, which is important to consider. An example of how this is useful: imagine the government has a digital ID system and it's run in a centralized fashion, which makes sense, because they are the issuing authority right? Now imagine that centralized system gets hacked and an attacker starts printing and authenticating a bunch of fake ID requests. In the time between when this attack happens and when somebody figures it out, which could be hours to days, banks and other entities could be relying on those fake documents and potentially lose millions. An example of a rule a blockchain can enforce is "this ID issuing authority cannot issue in a single day more than 10% above it's daily average of issuances over a six month period", limiting the scope of an attack. One may say "Well, but blockchain can be hacked too!" which is true, but it's less likely because the software for these networks has thousands of eyes on it whereas there may only be a couple system admins approving changes to your state-run ID database. Open source software is more secure than proprietary for this reason. Additionally, a security flaw needs to effect 51% of the network which isn't likely to happen when you have a diversity of software versions.
  • Many smart contracts need ways to protect against sybil attacks (ie one person pretending to be multiple). Quadratic funding being used for charity fundraising is a perfect example. By using credentials issued on chain by centralized authorities, they can verify a person is not multiple people. Quadratic funding is an awesome way to fund public goods.
[–] ElectricCattleman 2 points 1 year ago (2 children)

There are some fringe benefits for blockchain but massive issues with normal human issues like:

  • Scams/theft: person has the wallet lost through scam or left, how do you invalidate the lost credentials or tickets.

  • Wallet loss: loss through any number of means: fire, incompetence, computer being destroyed, loss of account to cloud backup etc

  • Issuer need to invalidate: if tickets/credentials were purchased by fraud or an issue occurs where they need to invalidate

How does blockchain handle these common situations?

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago)

Scams/theft: person has the wallet lost through scam or left, how do you invalidate the lost credentials or tickets.

In these examples, we are talking about credentials issued by a central authority. That authority can re-issue new credentials and invalidate old ones. Easy peasy.

If we're talking about the risk that people have their crypto stolen in general, yes it does carry that risk same as cash. There are several strategies to mitigate this: people can park larger amounts at institutions if they want or they can use things like multi-sig wallets. You have one smaller pot of money which is your everyday spending wallet which you (or somebody who gains access to it) can spend from whenever you want, and one which is "multi-sig" meaning at least one of your trusted friends/family members/etc also has to sign off if money moves out of that account. You can have multiple people on the multi-sig wallet and set the rules for example 2 of 5 friends or what have you. You wouldn't leave $10,000 in your phone's mobile wallet just like you wouldn't carry a briefcase with $10,000 in cash on the subway. Small money in your spending wallet, big money in your multi-sig.

This is similar to how one stores money normally. You have some cash in your wallet and you put the rest in a bank. In order to withdraw significant money from your bank account, the bank is going to undertake some kind of investigation to make sure it's actually you. This might be checking your ID at the teller for example. They might also include some type of fraud guarantees where they will cover any losses you experience. That kind of a system is not incompatible with blockchain and I expect with time industries will appear to mitigate these kinds of risks from an insurance perspective.

Also, generally speaking, no system is going to completely eliminate theft and fraud. 99% of the fraud and theft committed over human history has been done using traditional currency, including the kinds of fraud that aren't even called fraud because the "right people" are doing them like bank bailouts or market manipulation. Even highly-credentialed systems like Paypal are rife with fraud, ask any ebay seller. So we can't expect crypto or any other technology to eliminate it either, there will always be some. The best we can do is try to find technological, social, and educational methods for reducing it.

Wallet loss: loss through any number of means: fire, incompetence, computer being destroyed, loss of account to cloud backup etc

Same risks as cash, multi-sig or institutional holdings as explained above can solve this.

Issuer need to invalidate: if tickets/credentials were purchased by fraud or an issue occurs where they need to invalidate

Same as answer 1

[–] [email protected] 1 points 1 year ago

The downtime issue for identities is already solved with a government certificate and distributed certificate revocation list. As long as multiple independent parties are mirroring the government’s list, taking down the government servers would not affect identity verification. Certificate Transparency solves the CA compromise problem since you have a log of all issued certs.