Fix paragraph formatting. Update Conclusion section.
This commit is contained in:
parent
21867b5902
commit
85da8fe17a
@ -37,7 +37,7 @@ be reset if the user can prove they are the owner of the account via some<br>
|
||||
form of identification; this is where the trust issue of decentralisation<br>
|
||||
occurs.</p>
|
||||
<br>
|
||||
In the decentralised model, keys are kept on the users' devices, in their<br>
|
||||
<p>In the decentralised model, keys are kept on the users' devices, in their<br>
|
||||
possession. While this soveriegnty is welcomed, it indroduces a critical<br>
|
||||
flaw in the security of communicating with anyone via a decentralised<br>
|
||||
platform; should a user's device be lost, stolen, or otherwise compromised,<br>
|
||||
@ -63,7 +63,7 @@ offline? Only by thinking logically and tactically can you solve both the<br>
|
||||
issue of centralisation and decentralisation. Often, one size fits all is<br>
|
||||
never the correct approach, nor does it typically work.</p>
|
||||
<br>
|
||||
In order to avoid the issue of loss of trust due to lack of root of trust,<br>
|
||||
<p>In order to avoid the issue of loss of trust due to lack of root of trust,<br>
|
||||
all users' keys must be stored in a centralised location where all contacts<br>
|
||||
are able to go to in case of compromise or to periodically check the state<br>
|
||||
of keys and to see if they have changed. This centralised location requires<br>
|
||||
@ -73,7 +73,7 @@ trust-on-first-use (TOFU) model, which isn't much different than what<br>
|
||||
today's centralised platforms are already doing; the only difference is who<br>
|
||||
is controlling the location; trust is still present and required.</p>
|
||||
<br>
|
||||
In order to have a root of trust, I have posted my keys to my website,<br>
|
||||
<p>In order to have a root of trust, I have posted my keys to my website,<br>
|
||||
which is protected by multiple layers of security:<br>
|
||||
<br>
|
||||
1. I have provided identification to my domain name registrar, to ensure I<br>
|
||||
@ -98,29 +98,31 @@ most secure implementation currently available to me. While the domain<br>
|
||||
name registrar or virtual private server host could tamper with my domain<br>
|
||||
and data, they are the most trustworthy parties available.<br>
|
||||
In its current form, decentralisation would make this impossible to<br>
|
||||
implement in any form.<br>
|
||||
implement in any form.</p>
|
||||
<br>
|
||||
<h4>Conclusion</h4>
|
||||
<p>Do not demand anonymity; demand privacy and control of your own data.<br>
|
||||
It is possible for someone else to hold your keys, without them taking<br>
|
||||
control of them and dictating what you can and cannot do (Twitter's<br>
|
||||
misinformation policy comes to mind). If a platform is not listening to<br>
|
||||
your or other people's concerns about how it is run, show those platforms<br>
|
||||
that you will not stand for it, and move to a different one. This may not<br>
|
||||
be ideal, but it's not different to moving from one decentralised platform<br>
|
||||
to another. Centralisation isn't what is evil, the people in control of the<br>
|
||||
platforms are what is potentially evil. Carefully, logically, and<br>
|
||||
tactically, choose who to trust. Decentralisation doesn't do much for trust<br>
|
||||
when you must still trust the operator of the decentralised platform, and<br>
|
||||
are still subject to the possibly draconian policies of that decentralised<br>
|
||||
platform. If government is what you are trying to avoid, there is no<br>
|
||||
denying it is feasibly impossible to avoid it; a government could always<br>
|
||||
take down the decentralised platform, forcing you to move to another,<br>
|
||||
and they could also take down the centralised key storage site mentioned<br>
|
||||
earlier in this article. A government is not something you can so easily<br>
|
||||
avoid. Decentralisation does not solve the government issue. In order to<br>
|
||||
live a happy, fun, and fulfilled life, while protecting yourself against<br>
|
||||
logical threats, there are only two words you must live by: Threat model.</p>
|
||||
Complete anonmyity makes it impossible to have a root of trust, and is<br>
|
||||
typically never necessary. It is possible for someone else to hold your<br>
|
||||
keys, without them taking control of them and dictating what you can and<br>
|
||||
cannot do (Twitter's misinformation policy comes to mind). If a platform<br>
|
||||
is not listening to your or other people's concerns about how it is being<br>
|
||||
run, show those platforms that you will not stand for it, and move to a<br>
|
||||
different one. This may not be ideal, but it's not different to moving from<br>
|
||||
one decentralised platform to another. Centralisation is not what is evil,<br>
|
||||
the people in control of the platforms are what is potentially evil.<br>
|
||||
Carefully, logically, and tactically, choose who to trust. Decentralisation<br>
|
||||
doesn't do much for trust when you must still trust the operator of the<br>
|
||||
decentralised platform, and are still subject to the possibly draconian<br>
|
||||
policies of that decentralised platform. If government is what you are<br>
|
||||
trying to avoid, there is no denying it is feasibly impossible to avoid it;<br>
|
||||
a government could always take down the decentralised platform, forcing you<br>
|
||||
to move to another, and they could also take down the centralised key<br>
|
||||
storage site mentioned earlier in this article. A government is not<br>
|
||||
something you can so easily avoid. Decentralisation does not solve the<br>
|
||||
government issue. In order to live a happy, fun, and fulfilled life, while<br>
|
||||
protecting yourself against logical threats, there are only two words you<br>
|
||||
must live by: Threat model.</p>
|
||||
<br>
|
||||
<br>
|
||||
<br>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user