This just made me ponder again—where does the assumption that the Internet should allow unconstrained anonymity come from, other than that’s how it used to be for some time? The real world doesn’t allow that. It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust. Why should the Internet be different?
If the only analogy you can think of removes the challenge of the problem your facing to be applicable, it's not an appropriate analogy.
The entire difference is that from my mobile phone I can send more traffic in an hour than most services will ever see legitimate traffic in their entire lifetime, and the cost to me is minimal.
The comparison is as invalid as comparing piracy to theft - piracy isn't theft, it's piracy, and understanding the difference between them is the key to dealing with the problem.
What does the number/second have to do with 'It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust.'?
There are very few places in the real world which can handl 1,000 people per second.
In the real world I rarely need to identify myself. I can see a movie, visit the library, buy groceries, go to a restaurant, and more.
> What does the number/second have to do with 'It’s hard to remain anonymous in the real world. The real world largely runs on identity and (identity) trust.'?
Hobest question, are you being serious here? The sxale of fraud and automated traffic is disproportionately large, and has a significantly lower barrier to entry than other forms of abuse. That's the entire reason.
> There are very few places in the real world which can handl 1,000 people per second.
Exactly, and if someone started sending thousands of people per second there, they would make it significantly more difficult to do so.
I honestly don't understand how your point is relevant.
Most of the real world does not require identity, so how does "The real world doesn’t allow that" make any sense?
Yes, some parts of the real world require you to identify yourself, and the same for some places on the internet.
Is that really the point? That if you have to use your real identify to log into your bank's web site that you don't have "unconstrained anonymity"?
Because I don't think even the cryptopunks of the 1990s required that sort of anonymity.
> and if someone started sending thousands of people per second
So, 100/second is okay but 1,000/second not okay?
I ask because it looks like 100 people per second enter Manhattan during the peak morning commute time, and I don't see massive calls to make it harder for commuters to enter the borough. (Go to http://manpopex.us/ , go to statistics, "Estimated Pop. for Wednesday, 9 AM: 2,888,116", for "10 AM: 3,284,591" gives 110 people per second.)
And these people aren't all required to identify themselves.
Question for you: does the internet currently have more anonymity than the real world?
Question #2: how much fraud is done on the internet vs. fraud in the real world, measured by dollars?
And when you do show ID, to buy booze for example, it’s checked and immediate forgotten by a human. Computers don’t forget, and any attempts to make companies do so (GDPR) are met with massive pushback from the players in the industry
I have no problem with Joan over the road curtain twitching. It doesn’t scale. I have a massive problem with the 24/7 surveillance from ring though.
In the us, I noticed that grocery stores increasingly scan your drivers license (my state has bar codes). I think it's probably a way to keep clerks from passing someone through who is not quite 21 (a different captcha!).
I have wondered if they keep the scan or does the state? I asked and the random hourly worker there said they don't.
And that’s the problem. It’s not the ID checks, it’s the ability to scale. Check it at the door? Fine. Scan it and keep it forever (perhaps selling it on at a later date)? Not fine.
Personal Data has to be treated as a liability, but too much of the economy treats it as an asset.
Eh, what's worse is these stores are likely scanning your face and keeping it in a database. There was some mall a few years back scanning license plates and keeping the info.
But yea, so many people are nieve of what the authoritarian types would do with data like that (looking at you Texas with your civil laws on abortion now).
Yes it does? Especially in a dense city vs small village (which is more comparable to the internet at large) - go for a walk, see some advertisement billboards, buy a newspaper (esp. with cash), read the news, who knows who I am?
Plus, think of how difficult it is to match a person to the physical envelope.
At best there could be a distinctive envelope.
Otherwise, yes, you can get a list of people who use the box. But for that to be useful, the mail from different boxes can't simply be jumbled together into the same pickup bag as that would broaden the number of suspects.
I believe that the question should be the other way around:
Why is it that you have to lose your anonimity when you are on the internet? The real world always allowed that until it became dependent on surveillance capitalism. Of course you need to prove you're yourself for some things, but that should be the exception.
You could always look things up at your local library while being anonymous (for checking out you'd need a card), you could call from a payphone while being anonymous, you could use coins (cash in general) while being anonymous.
Anonimity was the rule and should still be the rule
Theoretically you don't need to reveal your identity to prove that you're human. You can use a zero knowledge proof instead, likely attached to something like an EU Digital ID, which would allow you to remain anonymous and also prove that you're human.
A simple zero-knowledge credential system isn't sufficient. It would need to embed some kind of protections to limit how often it could be used, to detect usage of the same credential from multiple (implausibly far apart) IP addresses. There would need to be extremely sophisticated reputation scoring and blocklisting to quickly catch people who built fake identities or stole them. And even with every one of those protections, a lot of them will still be stolen and abused.
Yes, I wonder how feasible it is to do that while still protecting state of being anonymous.
And what if you develop this very sophisticated system of reputation score, what if bad actors find a way to still perfectly abuse it, e.g. they pay for desperate people for the IDs and then stay just within the limits ever so slightly.
Would you be able to easily iterate on the system when that happens to make it more secure?
But if you also track IP addresses then doesn't that already mean loss of anonymity?
And ultimately with something like IP address, a bad actor could offer you to download an app where they could simply use your IP address to post content/propaganda from under your ID and IP.
It would be more expensive for bad actors, but also I think there was period when Facebook accounts were bought and sold, and there was very active market for that. I imagine teenagers for example are really easily tricked into selling their creds etc.
Also Reddit and other social media accounts are being sold a lot, so definitely there would be market for that.
There are a lot of risks here and I think it’s very challenging to build something anonymous that can deal with (say) Google’s current level of fraudulent behavior, let alone what we’re likely to see in the future.
Regarding the IP address question, I’d assume you could decouple the IP address verification portions from the “know who the person is” portions with some clever multi-party computation. Someone always has to know your IP address, but it doesn’t have to be the same person you’re talking to. (Think of Tor as an inspiration here.)
