What are some interesting or exciting technologies that you have heard about recently which you think may be important for online privacy/security in the future?

As title says, are there any interesting developments technology-wise that you think may help protect online privacy and security in the coming years?

You constantly read about how new technologies are being used to erode online privacy so I’d love to learn about the other side of the coin for a change to keep myself sane lol. Does anything look promising?

One thing i have been pondering recently is the future of open-source LLMs and such. I know they lag behind chatGPT/Bard, but as they improve over the years and get much more advanced at coding, they may help create new software or be able to audit code and check for vulnerabilities etc. Thoughts?

1 Like

A trustworthy, controllable (but not abusable) digital wallet/ID system for providing your personal info would be great.

Imagine you want to prove you’re 18 to a website. Instead of uploading a photo of your state ID card, you tell your digital ID to export a unique token proving your birth date or just year. Better yet, it could simply provide a “yes” to the “over 18” question.

The same could be done to provide your residence area, citizenship, or any other bit of information you currently rely on state ID’s to provide. With a trusted system like this, you wouldn’t have to provide any more information than necessary.

I heard about a project like this a while ago. It was in the earliest stages of development. I don’t recall its name.

3 Likes

I would like to see widespread adoption of Encrypted Client Hello and Oblivious DNS over HTTPS

These already exist, just need to get more adoption.

1 Like

Passkeys, of course.

1 Like

Stable AOSP desktop mode

People in the GrapheneOS Matrix space have hinted at this, and this recent reply by the official GrapheneOS account gives me a lot of anticipation.

being able to use other operating systems in virtual machines including Windows 11 and desktop Linux distributions is a planned feature for GrapheneOS

3 Likes

Isn’t that just Qubes (in terms of functionality)? While I love GrapheneOS, it does not satisfy my needs for a desktop OS.

I think this sells short how game-changing this feature could be, since it would presumably inherit the hardware security of Pixels and the security hardening of GrapheneOS.

There’s Web 3.0 that is better for security and privacy. It’s not in the future, though. It’s now. For example, you can log in to Sound with a randomly generated crypto wallet (preferably, a browser’s built-in - Brave Wallet) instead of an email. Another good example is Mirror where anyone can write their blog anonymously with just a random crypto wallet.

Unfortunately, decentralization and crypto related technologies are often disregarded, even in a privacy community like PG :joy:

Out of curiosity, what makes a random (uniquely identifiable) crypto wallet, any better than a random (uniquely identifiable) e-mail address or some other unique identifier?

(I do agree about the counterproductive bias in parts of the privacy community towards crypto. It feels like there is no space for reasonable discussion and exploration between the pro-crypto and anti-crypto hyperbole

2 Likes

A random crypto wallet is created locally. A random email is not created locally, unless you’re running your own email server, which I don’t think it is very practical to do so, or it’s in the same level of convenient that the crypto wallet offers. Maybe, the complexity nature of maintaining an email server is probably prone to user’s error also.

If you are using an email from an email service provider, that’s one chain of trust. Your local crypto wallet requires zero trust.

For example?

I agree about this, too. However, I don’t think it’s only related to crypto. For example, Firefox vs the rest topic seems to be totally biased toward political opinion more than technical opinion :joy:

A username and password with no email or crypto wallet

1 Like

Assuming I understand what you are referring to, it could be anything.

A reddit username is the first thing that comes to mind, or a randomly generated code, etc, but it could literally be anything if we are just talking about a unique account identifier for logging into some accounts.

I think we just use email by convention, and for convenience because everyone has one, and because it also serves the purposes of (1) spam reduction (2) account recovery (3) 2fa (4) some other reasons

A random crypto wallet is created locally. A random email is not

I’m trying to think through the pros/cons of this. What would be a practical advantage to this in the context of signing up for an online account?


off topic

Firefox vs the rest topic seems to be totally biased toward political opinion more than technical opinion

We’ll have to agree to strongly disagree on this one. But it would be off topic to get into that here.

2 Likes

Unfortunately, most websites require more than that to create an account. Even PG requires more than that.

Since we’re talking about an account creation, it couldn’t be something, it should be a thing in reality and in general, unless you are denying that most websites around the world are not working like that.

On the other hand, in crypto world, the connect wallet button in the top-right corner is the norm.

These reasons are not relevant, as we’re not talking the reason behind email usage for account creation on websites. We’re talking about the anonymous aspect of the account creation, email vs crypto wallet.

As I explained, one more/less chain of trust.

Moreover, if you’re using an email to create an account, basically, that’s one important slot, as email is a username most of the time. And you’re putting both the email and the password that’s used to access your account to the website owner. Contrary to the account creation from a crypto wallet that you aren’t putting your wallet seed/passphrase on the website. Therefore, even the website owner has no access to your account.

True, and I understand why email solves that problem, but I don’t understand how a crypto wallet solves that.

Most websites require an e-mail to signup, not because its the only unique identifier they could imagine but because it helps with spam prevention, cuts down on bots, and other reasons. Does using a randomly generated crypto wallet help solve that problem? If not, I don’t imagine website operators will be any more likely to use this option than they are likely to use any other random identifier.

These reasons are not relevant

They absolutely are relevant because they are a very large part of the reason why many website operators require email, phone number, or SSO, for signup. If not for those other reasons, we could just use any random unique identifier (including a crypto address).

Contrary to the account creation from a crypto wallet that you aren’t putting your wallet seed/passphrase on the website. Therefore, even the website owner has no access to your account.

This sounds incorrect, but it’s possible I am misunderstanding what you mean or missing something.

Regardless of whether you sign up for a website using an email or crypto address you don’t share the secret that protects those accounts (email password/wallet seed). In either case, the website owner can’t access the crypto or email account you used for signup.

And as to the hypothetical website/service you signed up for, I don’t see what added protection you would gain by signing in with a crypto wallet address. If the service were E2EE the service operator should have no access to your account either way, and if the service is not E2EE you would not be protected from the operator of the service in either case, right?

2 Likes

???

What? Any website worth using is going to hash and salt your inputted password so no, they don’t know your username and password, they just have a hash stored in a database and every time you log in, it hashes your inputted password and compares it to the stored hash in the database.

As @xe3 also notes, if the service is E2EE then there is no access to your account anyway (assuming you hold the keys yourself and they aren’t given to the website in some way).

Assuming it isn’t a service with E2EE and it’s just TLS, then regardless of whether you use user+pass, crypto wallet, or unicorn farts to log in, the person in control of the website has full control of what happens on the website

3 Likes

This made my day!

2 Likes

This could be the reasons they use a less anonymous identifier/email. But it’s not relevant in the comparison between an email and a crypto wallet in anonymous aspects.

Either you got it totally wrong, or I didn’t communicate the point correctly. Nevertheless, I didn’t mean that the website owner can access your email account and view your email. I tried to say that the website owner can access your account that you created with them.

Yes, if it’s E2EE, AND you are able to verify that they’re using E2EE for your account creation.

Nope, since the wallet seed/passphrase is created locally, even with no E2EE, they have no way to access/use your account in your place. Only the public instances are exposed to the website, in which they would also need you to sign the connection.

I am not talking about what is a good or a bad website. It’s pointless/bad practice to assume that any website is a good one. I am talking about what’s possible and what’s not. Therefore, your point is totally unrelated to my point.

For the usual Web 2.0, this would be true. However, for Web 3.0, this is incorrect. Otherwise, no one would buy an NFT/mint, as the website owner can just modify your account however they want. In fact, this is the main difference between Web 2.0 and 3.0. In Web 2.0 you don’t own anything, for Web 3.0, you are able to own something.

You might want to read the article below to understand more before further discussion:

Okay but have you considered what happened with the Ethereum split? Or the various splits of other currencies? Enough people were like “oh we don’t like [thing that happened] so we’re going to fork the chain and undo it/do our own thing” and when that has enough backing, oops you just lost control of your wallet/monkey jpegs/online identity. Web3 (not Web 3.0, crypto/blockchain fluff is not Semantic Web) is a meme

2 Likes

What do you think is the number of the enough people you’re talking about?

If you’re worrying about this, it seems you’re out of touch with the reality and still don’t understand how this actually works.

There are various forks all the time, people usually called those forks shit coins. Currently, Ethereum is sitting at #2 coin by market cap, which translated to around $272.71 billions USD. Do you think this is an easy feat that some random group of people can do in their backyard? By saying enough people, it’s not about the people who make the forks, but it’s the people who will invest their money on the coin, hence translated to the coin’s market cap.

First, how could I lose control of my wallet? There’s no one that could take control of my wallet. Even if there’s a million of successful forks, I can still use my wallet as long as the chain is still running.

Second, if you’re talking about ETH here, the chance of it to go completely extinct would be far more less than likely compared to your usual Web 2.0 account that you have no control of and usually depends on a few people that you might be able to count with your fingers.

Should you have more concerns regarding to your account/asset management on Web 2.0?

I don’t know what do you get it from that Web 3 is a meme. Some people might argue that Web 3 and Web 3.0 are not the same, but neither of them is a meme. Currently, Web 3.0 infrastructure is solely based on Web 3 technologies. So, some people might use the names interchangeably. Or are you saying that Web 3.0 is building on a meme???

edit: this is referring to the announcement that GrapheneOS might get a desktop mode and run virtual machines

Hmm that’s pretty cool. Not so much because of the whole security benefits, but because it revive the dream of the “convergent device” - like Ubuntu was dabbling with a decade ago. Plug in your phone into your dock (connected to monitor, keyboard, mouse) and it turns into a desktop computer. In this case you could basically just live in a full-screen VM running a “real” OS like desktop Linux or Windows.

If only the Pixel’s CPU weren’t so mediocre, it could theoreticaly replace having a laptop.