but the transport authority in my country does not use blockchain. And yet I still know I’m the 13th owner of a classic car I own. It’s almost as if the type of database used to store the information doesn’t matter.
You are trusting the transport authority in this instance to always report the truth.
My understanding with NFTs is that the previous owner only needs to say it once as part of the sale. Now only you can transfer ownership. No central body needs to be trusted.
Maybe… pretty sure I’ve seen some articles of NFT chain creators having the ability to revert transactions (e.g., owner was phished). In that case yeah… just use a database.
yes, I am. how is that different than trusting some random dude minting nfts?
The issue is not what happens after they have been minted (what blockchains claim to solve), but if the data came from a trustworthy source in the first place (which blockchain doesn’t, and fundamentally cannot, tackle either)
That doesn’t change anything. How do I trust that the car company has entered valid data? How do I know they won’t pull a VW and fudge with data? (they can fudge the data before putting in on the blockchain, so immutability not only doesn’t help, but is actually detrimental, in this case) And that is just with one car company. So I have to build trust with each individual car company myself.
How about I outsource the job of verifying the trustworthiness to one single entity dedicated solely to this, whom I trust. That way, I have less work to do, while not changing the fact that I still had to put my trust somewhere in the first place.
And therefore, the transport authority.
pki verifies the originator of the data. It says absolutely nothing about the data itself.
pki does not solve the problem of establishing a solid root of trust. And neither do blockchain technologies
I don’t care about what happens after the data is written in the blockchain. I care that accurate data goes in in the first place. that part blockchain cannot solve. And if inaccurate data does make it in, I want it corrected. So I’d have to trust someone to make those changes.
besides, what do I do if it gets stolen? prove I own it? I can already do that.
and if you do want that immutability, that’s what digital signatures are for. We both sign the same copy of a document with our private keys. Then we both keep a copy of the signed document. There is no need for anyone to have a copy of it, nor do we need anyone else’s computing power for us to be able to show it has not been tampered with, since we don’t have each other’s private key. The blockchain is not needed.
I don’t care about what happens after the data is written in the blockchain. I care that accurate data goes in in the first place. that part blockchain cannot solve. And if inaccurate data does make it in, I want it corrected. So I’d have to trust someone to make those changes.
That’s unsolvable in general besides through consensus algorithms (which blockchain can facilitate).
Blockchain adds authenticity through proof of when it occurred, which is not available through signature chains.
There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
The point is, nobody can change their answer later with lots of independently operated data redundancy. The data is meant to be tamper proof. Its up to you to authenticate identities, delegate authentication, or blind trust the seller before trusting that data.
It’s not a one size fits all solution. A better example is if all the transport authorities in the world wanted to share one database. Who would all those transport authorities trust to operate it globally? Probably no organization would have the trust of all of them. With a blockchain, transferring that ownership from being managed by one authority to another would then go through that validation flow where the seller and receiver transport authorities sign off that they authenticated the other out-of-band and that they authorize this transaction as a matter of public record.
The NFT use case is dumb for digital art with the intent they hold value as if the resource is scarce.
The Matter DCL on the other hand I think is a great use case. Apple, Amazon, Google, and many more companies want to share a common database for certified IoT devices. They don’t trust each other enough to agree to one company operating this database. They can agree to a certifier, but its not the certifier’s role to certify devices and host the infrastructure to automate a device is certified during adoption by a customer. So the big companies built that infrastructure using a blockchain and made it easy for the certifier (account authenticated out-of-band when created) to post certification results. 67% of the companies verify the certifier’s identity on the chain matches who they previously authenticated every time a result is posted (automated using public key cryptography). Only then are the results authorized to be published. Since the data is tamper proof, everyone trust those published results.
The way this currently works is certifiers publish lists of what they certify. No block chain needed and if a certifier becomes untrustworthy, you can start ignoring what they say.
Rather than making a pachinko machine of keys, trust, and computational waste, you can simply ask certifiers you care about “is XYZ certified”.
There’s little value in making certifications immutable.
You already can’t modify my copy of a document digitally signed by you, which I can use to detect/prove that you have attempted to change your copy (because only you can use your private key)
And we already know that blockchains do not solve the root iof trust issue. Why would I suspect data if you tell me said data, but trust that exact same data if you put it in a blockchain and i read it from there? I’m not worried about you changing the words. I’m worried about your words being bullshit in the first place and not being able to have that rectified. Any solution to that involves me trusting some central authority to be able to make those changes, which defeats the purpose completely.
Tamper proof federated distribution. That’s it now that I’ve had a couple days to think on it. Why use Lemmy when Reddit or even old school forums exist? We (as a generalization) are here because we see value in accessing many forums under one UX and we do not trust Reddiit as a centralized distributer.
If some user here started posting they were a famous person, we wouldn’t trust that without some additional verification. Same with blockchain accounts/wallets.
Blockchains provide one possible mechanism that prevents any Lemmy instance from falsely distributing ActivityPub messages from a user that did not author them. False messages can be checked they didn’t come from that user since they were not signed with their private key. The rest of the federated distributors would detect the forgery and drop the message.
Sure we could all sign our messages with a PGP key. Blockchains just bake this feature into the distribution.
The last feature, which may or may not be desirable, is that these tamper proof federated distribution channels have a full audit log.
you don’t need blockchain for it to be baked into the distribution. you just need to implement it. You even said how yourself.
The only thing a distributed blockchain would achieve would be that now, every instance needs a full copy of everything on every instance, instead of only the stuff its users are subscribed to.
your proposal also assumes that instances post untanted data in the first place. You seem so focused on verifying who said what. What we need to verify is that what is said reflects reality.
this is not possible. it works with crgptocurrincies because there you’re just moving coins that already exist in the system. That way nobody can create coins out of thin air because you can always see where the coin was taken from. This is obviosly impossible with comments. You can’t just pre-create all comments and have users distributing those among themselves.
Totally agree you do not need a blockchain. Its just one class of implementations. There are others like Apache Zookeeper, or even just roll your own.
Also really appreciate you engaging with me on the topic. I’m currently working on a federated product (business to business). Blockchains have come up (private chain), so I’m trying to convince myself it brings something to the table as a framework by arguing from the other side.
Verifying who said what is the major concern we are trying to solve. Everyone having a copy of the data is also preferred so each business pays for their own read usage.
Verifying who is who is pretty much solved using traditional PKI with certificates. The what is said is less of a concern so long as we know who said it. The whats in our use case are not digital assets.
We are looking at it like pub/sub kafka-like framework with complete history intact that is immutable without needing to dedicate resources to rolling our own. Co-operators have something to gain by working together (long term) but can also gain by screwing each other over (short term).
Tendermint/Cosmos has been looking pretty attractive as a private chain with ~1s commits (no mining). 67% of the nodes must agree on who signed a message and the order the messages were seen to commit it to the next block. So far its seeming pretty convenient for what we are looking for.
There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
In other words, for blockchain technology to be applied to sales validation, there needs to be a central authority who everybody trusts, that can validate transactions.
You are trusting the transport authority in this instance to always report the truth.
If my car gets stolen, the police is going to be the one that needs the location data to track it. If I get stopped by cops, they will be the ones to look at the data to verify that it’s legally registered and that I legally own it. If I buy a stolen car, the police and the DMV are the organizations I’m going to get in trouble with.
Even if the registration itself is decentralized, it’s usage is centralized - it’s always the state that checks it. Even when I check the registration with the seller to make sure it’s legit, I do it because I know the police or the DMV is going to check the very same registration. I mean, there are some used TVs that cost more than some used cars, but I wouldn’t check their registration (which does not exist) because the police is not going to check my TV’s registration (I’m not from the UK 😜)
With that in mind - we don’t lost much when we trust the state to operate the centralized database. If they wanted to scam us they could do it just as easily when checking the blockchain. Sure, maybe having it decentralized will make it easier to prove in court (which - let me remind you - is also state operated) if they do decide to fake their own blockchain queries, but at this point it’s nowhere near worth the extra operation cost of the blockchain.
Same with things like tickets - the organizer is going to check your ticket anyway, and if they decide to scam you they can just not let you enter even if the blockchain says you really do own the ticket. Or even better - just mint NFTs for tickets for a fake event that is never going to actually happen. So why not just let the organizer run the centralized database?
Software activation too - let the developers run the keys database. If they wanted to scam you they could just block your login even if the blockchain says you own the NFT.
And note that in all these examples, the organization that could run the centralized database has much less incentive to scam you than some random seller (or scalper). Yes, an incentive to scam always exists, but its strength should be taken into account and compared to the cost of the scam-prevention mechanism suggested.
Decentralization works for JPEG NFTs because they are worthless. You don’t verify them to get anything useful - the closest thing to it is Twitter showing an octagon around verified NFT profile pictures - which is easy to bypass.
but the transport authority in my country does not use blockchain. And yet I still know I’m the 13th owner of a classic car I own. It’s almost as if the type of database used to store the information doesn’t matter.
You are trusting the transport authority in this instance to always report the truth.
My understanding with NFTs is that the previous owner only needs to say it once as part of the sale. Now only you can transfer ownership. No central body needs to be trusted.
Maybe… pretty sure I’ve seen some articles of NFT chain creators having the ability to revert transactions (e.g., owner was phished). In that case yeah… just use a database.
yes, I am. how is that different than trusting some random dude minting nfts?
The issue is not what happens after they have been minted (what blockchains claim to solve), but if the data came from a trustworthy source in the first place (which blockchain doesn’t, and fundamentally cannot, tackle either)
Because the original signer is the car manufacturer. Study existing pki systems a bit.
That doesn’t change anything. How do I trust that the car company has entered valid data? How do I know they won’t pull a VW and fudge with data? (they can fudge the data before putting in on the blockchain, so immutability not only doesn’t help, but is actually detrimental, in this case) And that is just with one car company. So I have to build trust with each individual car company myself.
How about I outsource the job of verifying the trustworthiness to one single entity dedicated solely to this, whom I trust. That way, I have less work to do, while not changing the fact that I still had to put my trust somewhere in the first place.
And therefore, the transport authority.
pki verifies the originator of the data. It says absolutely nothing about the data itself.
pki does not solve the problem of establishing a solid root of trust. And neither do blockchain technologies
The data can’t be fudged after the fact. If you say you sold a Nissan Nassina to Bob Jones on Aug 10 2023, that’s there forever.
I don’t care about what happens after the data is written in the blockchain. I care that accurate data goes in in the first place. that part blockchain cannot solve. And if inaccurate data does make it in, I want it corrected. So I’d have to trust someone to make those changes.
besides, what do I do if it gets stolen? prove I own it? I can already do that.
and if you do want that immutability, that’s what digital signatures are for. We both sign the same copy of a document with our private keys. Then we both keep a copy of the signed document. There is no need for anyone to have a copy of it, nor do we need anyone else’s computing power for us to be able to show it has not been tampered with, since we don’t have each other’s private key. The blockchain is not needed.
That’s unsolvable in general besides through consensus algorithms (which blockchain can facilitate).
Blockchain adds authenticity through proof of when it occurred, which is not available through signature chains.
There could be a “validator” you choose that has to sign off on the blockchain the seller’s claims are true as a condition to finalize the sale. Similar to buyers (in the US at least) selecting and paying for a home inspector when buying a property.
The point is, nobody can change their answer later with lots of independently operated data redundancy. The data is meant to be tamper proof. Its up to you to authenticate identities, delegate authentication, or blind trust the seller before trusting that data.
It’s not a one size fits all solution. A better example is if all the transport authorities in the world wanted to share one database. Who would all those transport authorities trust to operate it globally? Probably no organization would have the trust of all of them. With a blockchain, transferring that ownership from being managed by one authority to another would then go through that validation flow where the seller and receiver transport authorities sign off that they authenticated the other out-of-band and that they authorize this transaction as a matter of public record.
The NFT use case is dumb for digital art with the intent they hold value as if the resource is scarce.
The Matter DCL on the other hand I think is a great use case. Apple, Amazon, Google, and many more companies want to share a common database for certified IoT devices. They don’t trust each other enough to agree to one company operating this database. They can agree to a certifier, but its not the certifier’s role to certify devices and host the infrastructure to automate a device is certified during adoption by a customer. So the big companies built that infrastructure using a blockchain and made it easy for the certifier (account authenticated out-of-band when created) to post certification results. 67% of the companies verify the certifier’s identity on the chain matches who they previously authenticated every time a result is posted (automated using public key cryptography). Only then are the results authorized to be published. Since the data is tamper proof, everyone trust those published results.
This is a hammer in search of a nail.
The way this currently works is certifiers publish lists of what they certify. No block chain needed and if a certifier becomes untrustworthy, you can start ignoring what they say.
Rather than making a pachinko machine of keys, trust, and computational waste, you can simply ask certifiers you care about “is XYZ certified”.
There’s little value in making certifications immutable.
See UL certification.
You already can’t modify my copy of a document digitally signed by you, which I can use to detect/prove that you have attempted to change your copy (because only you can use your private key)
And we already know that blockchains do not solve the root iof trust issue. Why would I suspect data if you tell me said data, but trust that exact same data if you put it in a blockchain and i read it from there? I’m not worried about you changing the words. I’m worried about your words being bullshit in the first place and not being able to have that rectified. Any solution to that involves me trusting some central authority to be able to make those changes, which defeats the purpose completely.
so what’s the value add here?
Tamper proof federated distribution. That’s it now that I’ve had a couple days to think on it. Why use Lemmy when Reddit or even old school forums exist? We (as a generalization) are here because we see value in accessing many forums under one UX and we do not trust Reddiit as a centralized distributer.
If some user here started posting they were a famous person, we wouldn’t trust that without some additional verification. Same with blockchain accounts/wallets.
Blockchains provide one possible mechanism that prevents any Lemmy instance from falsely distributing ActivityPub messages from a user that did not author them. False messages can be checked they didn’t come from that user since they were not signed with their private key. The rest of the federated distributors would detect the forgery and drop the message.
Sure we could all sign our messages with a PGP key. Blockchains just bake this feature into the distribution.
The last feature, which may or may not be desirable, is that these tamper proof federated distribution channels have a full audit log.
you don’t need blockchain for it to be baked into the distribution. you just need to implement it. You even said how yourself.
The only thing a distributed blockchain would achieve would be that now, every instance needs a full copy of everything on every instance, instead of only the stuff its users are subscribed to.
your proposal also assumes that instances post untanted data in the first place. You seem so focused on verifying who said what. What we need to verify is that what is said reflects reality.
this is not possible. it works with crgptocurrincies because there you’re just moving coins that already exist in the system. That way nobody can create coins out of thin air because you can always see where the coin was taken from. This is obviosly impossible with comments. You can’t just pre-create all comments and have users distributing those among themselves.
Totally agree you do not need a blockchain. Its just one class of implementations. There are others like Apache Zookeeper, or even just roll your own.
Also really appreciate you engaging with me on the topic. I’m currently working on a federated product (business to business). Blockchains have come up (private chain), so I’m trying to convince myself it brings something to the table as a framework by arguing from the other side.
Verifying who said what is the major concern we are trying to solve. Everyone having a copy of the data is also preferred so each business pays for their own read usage.
Verifying who is who is pretty much solved using traditional PKI with certificates. The what is said is less of a concern so long as we know who said it. The whats in our use case are not digital assets.
We are looking at it like pub/sub kafka-like framework with complete history intact that is immutable without needing to dedicate resources to rolling our own. Co-operators have something to gain by working together (long term) but can also gain by screwing each other over (short term).
Tendermint/Cosmos has been looking pretty attractive as a private chain with ~1s commits (no mining). 67% of the nodes must agree on who signed a message and the order the messages were seen to commit it to the next block. So far its seeming pretty convenient for what we are looking for.
In other words, for blockchain technology to be applied to sales validation, there needs to be a central authority who everybody trusts, that can validate transactions.
If my car gets stolen, the police is going to be the one that needs the location data to track it. If I get stopped by cops, they will be the ones to look at the data to verify that it’s legally registered and that I legally own it. If I buy a stolen car, the police and the DMV are the organizations I’m going to get in trouble with.
Even if the registration itself is decentralized, it’s usage is centralized - it’s always the state that checks it. Even when I check the registration with the seller to make sure it’s legit, I do it because I know the police or the DMV is going to check the very same registration. I mean, there are some used TVs that cost more than some used cars, but I wouldn’t check their registration (which does not exist) because the police is not going to check my TV’s registration (I’m not from the UK 😜)
With that in mind - we don’t lost much when we trust the state to operate the centralized database. If they wanted to scam us they could do it just as easily when checking the blockchain. Sure, maybe having it decentralized will make it easier to prove in court (which - let me remind you - is also state operated) if they do decide to fake their own blockchain queries, but at this point it’s nowhere near worth the extra operation cost of the blockchain.
Same with things like tickets - the organizer is going to check your ticket anyway, and if they decide to scam you they can just not let you enter even if the blockchain says you really do own the ticket. Or even better - just mint NFTs for tickets for a fake event that is never going to actually happen. So why not just let the organizer run the centralized database?
Software activation too - let the developers run the keys database. If they wanted to scam you they could just block your login even if the blockchain says you own the NFT.
And note that in all these examples, the organization that could run the centralized database has much less incentive to scam you than some random seller (or scalper). Yes, an incentive to scam always exists, but its strength should be taken into account and compared to the cost of the scam-prevention mechanism suggested.
Decentralization works for JPEG NFTs because they are worthless. You don’t verify them to get anything useful - the closest thing to it is Twitter showing an octagon around verified NFT profile pictures - which is easy to bypass.
Cryptobros are the last persons I would trust with anything much less actual currency.