What are the tradeoffs, assuming an email encryption scheme based on self custodied private keys and publicly published public keys? I don't see any major disadvantages to using blockchain for this, and significant advantages. It's a big deal if no one can selectively remove/conceal previously published info. If associating a key with an email, and someone is trying to impersonate you, you'll know it, it's not going to be hidden from you and specifically shown to someone else. It just makes sense to do it that way. Yes, you have to trust something at some point, but this is a way to minimize how much trust you have to give.
chicken
joined 1 year ago
I understand why you’d want one
It’s an email that’s unrecoverable so not usable in many companies.
It doesn't sound like you understand why someone would want to do email with public key cryptography, it sounds like rather you do not like the idea of doing email with public key cryptography. Being unrecoverable is just the tradeoff there. Again, what do you think the problem described even is? For reference,
The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. "Maybe it's the NSA that has created a fake public key linked to you, and I'm somehow tricked into encrypting data with that public key," he told Fortune. In the security space, the tactic is known as a "man-in-the-middle attack," like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
I think if you actually acknowledge the problem of trust for propagating public keys as a real one that is worth being solved, it would be hard to argue that blockchain is a bad fit for that problem, because it is not. Trustless, verifiable propagation of data is one of the things it actually offers unique benefits for.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It might be useful to start by considering the idea itself and what it is saying, instead of looking for arguments to make against it.
Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?
Using private cryptocurrency is not illegal, at least in the United States, nor should it be. This is like worrying if it is legal to pay for things with cash.
You query the blockchain after you submit your data to confirm that it is what you intended it to be.
What do you think the problem even is? It sounds like you just don't understand why someone would want to use public key cryptography to begin with.
I think it would help me organize my thoughts to write that all out anyway even without a LLM.
Captchas are made to defeat AI logic, so sometimes it’s not the obvious thing. It could very well possibly be selecting all images that match the color tone, something a bot may not work out.
IMO the idea here is that most users are not thinking very hard, so they are going to see the word "warmer", think "snow = cold" and leave their analysis at that. AI on the other hand is going to put more effort into interpreting the specific meaning of the request in context of the images. The primary challenge for captchas now is to defeat AI, so the captcha ideas that get through probably did so because they gave the AI trouble in testing, but did not give most users trouble.
I think that going forward, people who put thought into following specific directions accurately are going to have a lot of trouble with captchas.
I think it's just asking you to pick the indoor pictures because they don't have snow in them. The confusing wording is to trick AI trying to get through captchas.
I wonder how many programmers out there have intentionally set out to subtly sabotage the system. Anyone doing that, good luck to you.
I just want owning a piece of software to be like owning a physical object again. It has its own look, it's own behaviors and quirks, and you choose it for those and come to rely on it for what it is and what it does. That this can all be pulled out from under you at any time without your say-so runs counter to user agency.
Also, as a developer I'm just lazy and want to be able to publish projects and then not have to keep updating them for 20 years.
I would announce my transition online and isolate myself for 6 months with no pictures so I can try to keep being identified by society as the same person and not become undocumented and lose everything I own etc. Nobody's going to believe a story about magic bullshit, they would just assume you're a different person.
But that is necessarily the case given what they are trying to do to begin with. Why don't you want to acknowledge that? What you're saying is not an argument that blockchain would not accomplish the goal set out here, it's an argument against using public key cryptography for email where the users hold the private keys.
What makes you think that? If an impersonator published an association between your name/email and their public key to a blockchain, everyone can necessarily see it, including you. You have the opportunity to let people know through various channels which records are or are not legitimate.
As for DMARC,
I'll admit I don't know a ton about the inner workings of DNS, but I know that DNS hijacking is very common in high stakes scenarios like cryotocurrency application frontend websites, and essentially out of the hands of the victim to be able to protect their control of a domain. With a system strictly requiring access to private keys, no hijacking is happening without stealing those keys from the user.