Comment by Terr_
1 year ago
Ooof. The idea--or reality--that humans' accounts would be hijacked by site-owners to make impersonating slop (presumably to bring in ad-revenue) is somehow both infuriating and energy-sapping-depressing.
Issues of trust and attribution have always existed for the web, but for many reasons it feels so much worse now--how bad must it get before some kind of sea-change can occur?
I'm not sure what the solution would be here.
* Does one need to establish a friggin' trademark for their own name/handle [0], just so they can threaten to sue using money they probably don't have?
* Is it finally time for PKI and everybody signs their posts with private keys and wastes CPU cycles verifying signatures to check for impersonation?
* Is there some set of implied collective expectations which need to be captured and formalized into the global patchworks of law?
[0] Ex: By establishing a small but plausible "business" selling advice and opinions under that name, and going after the impersonator for harming that brand.
Impersonating somebody to make it look like they said something they didn’t really ought to be considered defamation or something.
Also there’s something really uncomfortable about the phrasing of a lot of those answers. I mean, even as somebody with an engineering degree, I try not to ever answer a question “as a <field> engineer” because when screwing around online I haven’t done the correct amount of analysis to provide answers “as an engineer” ethically (acknowledging the irony of using the phrase here, but, clearly this is not a technical statement so I think it is fine). The bot doesn’t seem to have this compunction.
This ravenprp guy was an engineering student a couple years ago. I guess it’s less of a thing because he wasn’t commenting under his real name. But it seems like this site, given the type of content it hosts, could easily end up impersonating somebody “as an engineer” in the field they work and have a professional reputation in. And the site even has a historical record of them asking and answering questions through their education, so it does a really good job of misleading people into thinking an engineer is answering their questions.
I know the idea of an individual professional reputation has taken a beating in the modern hyper-corporate world. But the more I think of it, the more I think… this seems incredibly shitty and actually borderline dangerous, right?
It is sad. I have been putting a copyright notice on my resume at the bottom to prevent some nonsense.
I have always wondered if people could attach some sort of cryptographic marker to their posts, that could link to an archive somewhere. Mostly I was thinking of backups of posts to yelp that couldn't be taken down, but I wonder if it would work that posts someone never made.
> I have been putting a copyright notice on my resume at the bottom to prevent some nonsense.
I expect the bad-actors will feed it into an LLM and say: "Rephrase this slightly", and they will get away with it because the big-money hucksters will have already convinced courts to declare it transformative or fair-use.
Shouldn't we invent a protocol that keeps the content you produce under your control so that places like forums or facebook are only discovery devices and interaction facilitators, but not custodians of all communication? Being able to independantly reach the source of piece of information is increasingly important.
That's what ATProto is trying to solve, funny enough.
I exchange public keys with close friends in person. A large scale solution would be very Orwellian. You would need a national ID that is a smart card to connect to an ISP and possible biometric verification.
We already have e-passports and zero knowledge proofs to show you have one without revealing who you are.
If all else fails, there is always the web of trust (i think web of trust has a lot of issues, but establishing soneone is human seems like a much lower bar than establishing identity)
Web of trust would be interesting if phones could automatically trust other phones they spend enough time nearby.
I hadn't though of zero-knowledge proofs. That is an interesting idea.
1 reply →
Could I buy a physical device like RSA SecurID from my bank branch or post office and log into a closed VPN-like network where all the servers are run by verified users? I know there are problems with that idea.
Do you exchange public keys with your non-computer-toucher close friends?
if you convince them to use signal that's close enough...
Don't sign your posts!
Are you saying nothing should be key-signed because you want some kind of deniability later?
Or do you mean people should avoid using an pseudonym in favor of posts that are anonymous, so that there's never any created identity to exploit/defend?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Sorry, it was a bad joke, there's a phrase "don't sign your posts" used when someone ends one with an insult. I support signing your posts with digital signatures if you want.
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQQC37hdRRO1LtrTQY8AXxvbqjG5KgUCZ5QRXwAKCRAAXxvbqjG5 Kth4AQCccNygglcSyEiMAqQyw6cXH54fnqBT9rJO9TSIqH14rgEAyUwxiQlV05XV Du2ftMk3DwiUZLKDxVI+ODCn4osf2wM= =XZhX -----END PGP SIGNATURE-----