Hacker News new | past | comments | ask | show | jobs | submit login

> If you have to prove your identity any time you want to do anything, nobody can be anonymous anymore, which is Very Bad.

No one would have to prove anything. But why would I accept calls from any entity claiming to be a legally registered business which doesn't present a government issued certificate proving that? I already verify businesses by looking up business number registries. But this should be automatic to the communication even happening.

Same question with personal contacts: why would I blindly accept calls from people I don't know and who don't want to present any confirmation of their identity to me?




Now you're talking about something else. Whether the entity calling you and claiming to be your bank is, in fact, your bank is a separate issue from whether it's an AI or a human. It could be a robocall from your bank trying to upsell you on some financial product and it would still be from your bank. It could be a live human being claiming to be your bank when they're not.

And we know how to solve that one. If you get an email from bank.com, your email server knows how to verify that it was actually from the servers of bank.com, using certificates and DNS records etc. This is technology we could also apply to phone calls, notwithstanding that we haven't, and do so without any government action. Google and Apple could implement this right now if they cared to.

But that doesn't prevent spam. Because the spammer doesn't have to claim to be bank.com in particular. They can go register somethingthatsoundslikeabank.com and send their spam from there. Then you receive their spam/calls because you want to be able to receive legitimate ones from people without whitelisting them individually and the spam domain hasn't been spamming long enough to get blacklisted yet.

Real solutions look something like this: To send mail from a.example.com to user@b.example.com, a.example.com has to generate a computationally expensive hash containing their domain name and the target email address. Or transfer a few cents worth of cryptocurrency to the target in exchange for a signature of that pairing. New mail servers then have to do a lot of initial computation but once they've computed/bought hashes of 99% of the people their users communicate with they can cache the results and they're done. Spammers have to keep redoing the expensive computation every time one of their domains gets blacklisted.

Then you can AI generate all the spam you like, but if the recipients don't want it, your domains are going to get blocked, which would be expensive.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: