Snippings

xxx

Fan Yifei, deputy governor of the People’s Bank of China recently wrote… that the central bank’s digital currency should adopt a double-tier delivery system.

From 范一飞：对央行数字货币加载智能合约应保持审慎态度-新华网

xxx

xxx

Given that the industrial-scale manufacturing of fake social media accounts is already widespread, you might wonder exactly who the fake accounts are for?

From Bots and pluggers | Consult Hyperion

xxx

xxx

When you don’t know who IS_A_PERSON and who IS_A_DOG and who is neither, you cannot interact online in a functional way.

From The Turing Wars have begun | Consult Hyperion

xxx

xxx

When my fridge negotiates with Waitrose to buy some more milk, what is really happening is that the virtual identity of my fridge is interacting with the virtual identity of Waitrose. That seems perfectly reasonable to me, and working out ways for the these virtual identities to transact is going to be part of the business strategy for a fair few of our clients over the next couple of years. The virtual identity of the fridge may have a number of attributes associated with its identifier, such as a credit limit for a delivery address or whatever, but the one attribute that it will not have is “IS_A_PERSON”. As I have claimed many times before, this might well turn out to be the most valuable attribute of all.

From On the internet, no-one knows you’re a fridge | Consult Hyperion

xxx

xxx

Although many transactions are still consummated on the basis of trust and truthfulness, this is done because these qualities are viewed as good for business, a way to make a profit.

From Autopsy of Cooperation: Diamond Dealers and the Limits of Trust-Based Exchange | Journal of Legal Analysis | Oxford Academic

xxx

As I mentioned when I was discussing crime a couple of weeks ago, I’m surprised that this sort of thing doesn’t happen more often. Armed robbers broke into a cryptocurrency trader’s house in England and threatened him and his family until he transferred his Bitcoin to a wallet under their control. Now, if robbers broke into my house and threatened my family and made me PingIt my overdraft to them, I’d have some hope that a combination of Barclays Bank and Surrey Police might do something about it.

xxx

Tether, in partnership with the Ethereum trading and information community hub Ethfinex, announced the launch of ERC20 Tether tokens on September 11th, allowing tokenized USD to be exchanged on the Ethereum network,

From You Can Now Trade “Tokenized” U.S. Dollars on the Ethereum Network

xxx

I think we are about to see some more unexpected consequences of government technology strategy. It starts with the new requirement for age verification for access to adult services. I mean services that grown up people might want to use that they do not necessarily want other people to know about: gambling, fantasy football leagues, Daily Mail comments, Dungeons and Dragons discussions groups and so on. The focus is naturally on porn, which is understandable, but in a way it is also useful. If we can fix the “identity problem” for porn then we can fix it for most other things. But let’s start at the beginning.

The government wanted age verification for adult services to start earlier in the year but announced a nine month delay in the proposed introduction because they are still consulting (not with me, incidentally) on how to do it. In fact they’ve never known how to do it. When the government first came up with the idea to require age verification, they had no real idea how to implement it. Ofcom’s guidance suggested option such as confirmation of credit card ownership to cross-checking a user’s details with information on the electoral register. 

These ideas are bad and are certain to lead to disaster, because they require the adult service provider to know who you are. This means that when they get hacked, as they inevitably will be, the personal details of the customers will be available to all. And, as actually happened in the case of the Ashley Madison hack, people will die. It’s not funny. Whether its adult web sites, or counselling services, or gay dating, or drug addiction helplines or whatever, where I go online is my business so long as I’m not breaking the law.

None of us would disagree with the need to protect children from the excesses of the online world and age verification is a good thing. But how you implement it makes a huge difference to outcomes, and having some knowledge of identity management, the internet and the real world can help to steer policy. The government seems short in these areas, with the consequence that in the Department of Culture, Media and Sport (DCMS) impact assessment report noted that “age verification solutions could increase the risk of online fraud…”

I’d assumed that banks would seize this opportunity to establish a modern, sophisticated version of the Nordic “Bank ID” to create a platform that would keep their customers safe and open up a revenue stream that is not based on payments. In essence, I was thinking that when you go to create an “Adult ID” you would get bounced to your bank where you would log in using the mandatory two-factor authentication (2FA) and the bank would then return a cryptographic token confirming that a) you exist, b) the bank knows who you are and c) you are over 18. They could add an optional d) you can charge against this token, but that’s not the focus of this discussion.

Since adult payments are lucrative, and since an effective privacy-enhancing age check would increase the use of such services, and since a tokenised approach would also reduce fraud and chargebacks, there are real incentives for the stakeholders to get out their and put something in place

From I’m entitled to adult services | Consult Hyperion

The banks haven’t developed anything to help their customers online, so as has so often been the case in the history of technology, the porn guys have stepped in to fix it for themselves (just as they did with credit card payments and video streaming). Mindgeek, the company behind PornHub is launching its own “AgeID” service in the UK and is anticipating 25 million users.

Their system will require users to sign up with an email address and password, provide their name, address, date of birth and telephone number. Mindgeek will then use a “third party mechanism” to determine whether the user is 18. Users will then use AgeID to access pornographic sites around the web. MindGeek will charge other pornography sites to use its solution. But because of its market dominance, campaigners fear it will end up the defacto age verification standard, handing even more power to the biggest porn provider around. The articles I’ve read don’t mention how AgeID will identify customers and establish that they are over 18, but given earlier comments on the topic by the then-minister for digital things, I assume that they will do stuff like ask you to show your passport. Since the Home Office are the only people who can check wether passports are valid, this means that they will know that you’ve been naughty. What they will do with foreign passports I’ve no idea. Given that in the famous case of Malaysian Flight 370 it turned out that two people were on board with stolen passports, I should imagine that the theft of passports will shoot up because if airport security can’t spot a stolen passport, I’m pretty sure that porn security won’t either.

You can see why Mindgeek is keen to do this. If they can establish themselves as the UK’s standard log in for adult services of all kinds, then they will amass a treasure trove of data on who has been visiting what and how often. 

 

When I was kindly invited to be part of the panel at Scotchain 17 in Edinburgh, I have to say I did not anticipate such a big, interesting and stimulating event. So, once again, well done to all of those involved. 

@dgwbirch takes the stage #ScotChain17 pic.twitter.com/6nd4U6XPa1

— Scottish Blockchain (@blockchain_scot)

October 13, 2017

My talk on the blockchain was recorded and you can watch it here. I was also invited to take part in a great panel session and I just want to pick up on one particularly interesting point that came up. During the panel, we were asked where blockchain might gain traction in a mass market. I said that I was sceptical about financial services being the first, for two reasons: most “blockchain” efforts I have seen involve shoehorning some form of shared ledger solution into the shape created by an existing (optimised) system and second because it is, thankfully, a heavily regulated sector and therefore marketplace participants will be naturally wary about betting the house on a radical new technology. Instead, I chose e-sports on the basis that it is a big business where the trading of virtual assets is core to the attraction. I wonder if that sounded a little outlandish to the audience. I hope not, because now I read that in-game assets won by elite e-sport “athletes” are about to become a very interesting kind of tradable memorabilia.

The logic for this is inescapable. These are wholly-digital assets, just the sort of thing that the blockchain is good at dealing with. And these assets are subject to the same double-spending discipline as Bitcoins are: that is, if you can double-spend them then they are worthless but it you can’t double-spend them they have huge value.

The system will utilize smart contracts and blockchain technology to provide a unique signature and history of any virtual item in-game item earned. For example, when elite esports athlete Michael “Flamesword” Chavez earns a flaming sword of mega-death in his latest league battle, that item will have the ability to become a valuable – and easily tradable – asset. In other words, you could be using the unique item your favorite player had equipped in their biggest matches.

From The esports memorabilia scene is big — and blockchain may make it huge | VentureBeat

xxx

xxx

“Facebook has confirmed to TechCrunch that it’s acquired… Confirm.io. The startup offered an API that let other companies quickly verify someone’s government-issued identification card, like a driver’s license, was authentic.”

From “Facebook acquires biometric ID verification startup Confirm.io – TechCrunch”.

xxx