Not to be bullish on Hive when price is down or anything...
I stumbled upon a topic that comes up once and a while as it relates to old legacy infrastructure vs the new infrastructure we are building in crypto land. The main point of contention is that we've built up a perpetually loop-holed house of cards on top of the username/password system for proving identity online. Something has got to change eventually, but when will it?
Starts with a failed phishing attack that could have been devastating.
There was an "NPM" hack recently that I totally forgot about.
Hm NPM that sounds familiar...
Basically if you look up how to use Linux or install anything you're bound to stumble upon an NPM command to download a new program sooner or later... Hive devs use it a lot. Node.js gets used a lot just in general for running servers and such.
npm stands for Node Package Manager and is the default package manager for the JavaScript runtime environment Node.js.
Yeah so basically this was a huge hack...
It was noticed quickly so it was only able to steal like $50 worth of crypto before it was patched up... but what it did was basically change QR codes for crypto payments to the hacker's address. And all of this was caused by a phishing email on September 8th, tricking the single maintainer into changing 2FA on a critical account. Malware was added to 18 repositories that collectively get 2 billion downloads a week. Luckily the attack was sniffed out almost immediately.
MIT created usernames/passwords in 1960?
Obviously back in those days the Internet didn't even exist, so the only reason to have a username/password combination was so multiple people could use the same physical machine in public spaces. This way one user didn't have access to another user's data.
Today in the age of the Internet this idea of usernames/passwords has gone completely global and has become less and less optimal over time. Used to be 2FA was solely a military technology to prevent state secrets from being leaked. Now every single product has aggressive 2FA, often times we can't even opt out of this feature if we wanted to. Don't even get me started on CAPTCHAs and Sybil Attacks.
3:20
Proving who we are on the Internet involves handing over ALL of the critical information needed to screw us.
Even our payment systems work this way.
You give them your:
- credit card number
- expiration date
- secret code on the back
- name
- address
- everything
... so that they can TAKE money from your account... which they can take any amount that they want... and we're just hoping they take [the correct amount].
Wow that's very well spoken!
And it's crazy to think that the solution to this problem has existed long before Bitcoin was ever even invented, and yet continues to remain completely unimplemented. Why is that? Probably a combination of a couple of different factors:
- It's the way we've always done it and it's easier to patch up a solution that works rather than reinvent an entirely new system.
- End-users are already familiar and comfortable with this system.
- Not only does no financial incentive exist to make the switch, but rather the data that corporations would be giving up are worth money, so there's a financial incentive to not make the switch until we absolutely have to.
adopting a new system, even when it's this easy, is a monumental task
How many data breaches had we had over the last decade?
It seems as though corporations could care less about this. They know exactly how to fix it and choose not to on purpose. Clearly, the cost of the switch is greater than the benefit. It seems unlikely that this change happens suddenly due to some kind of cataclysmic event that forces it, but you never know.
A signature reveals no secret information.
The beauty of the public/private keypair system is that signing something with your private key and turning that into a publicly verifiably signature only proves one thing: that the user has access to the private key. It provides nothing else, although there are many databases full of chainalysis assumptions linking people and wallets together. However, that is quite irrelevant within a system that actually respects privacy, which is hopefully a place we are headed toward.
But Hive... already does this...
Not only does Hive do this, as do many other blockchains, but also Hive has readable alphanumeric abstracted usernames... which is a feature that is still shockingly uncommon. Add to that the recovery system, which is also shockingly uncommon, and we start to see where this could be headed.
Of course this is no excuse to be blindly bullish on Hive considering the lack of actual realistic adoption. Again, this problem of "digital ID" can be solved in numerous ways, including the tyrannical government way. But never before has the path been so clear as to how a slow WEB3 transition could occur rather than a forced apocalyptic one.
Right now anyone can create a service and allow anyone on the planet to log with secure public/private keypairs. It doesn't need to be cryptocurrency but it makes sense to tap into cryptocurrency communities that already exist. For example I am far more likely to log into a website that has access to Hive Keychain login than I would be to create yet another random public/private keypair that I'm expected to keep track of. Said website doesn't even need to necessarily use our network's tokens to access the network's community.
On a larger scale this has also proven to be a thing on EVM networks and the ability to log into random websites by signing in using wallets like Metamask and such. And while the public key isn't an alphanumeric username like Hive, it can still be linked to an abstracted readable username directly on the website in question. Thus the main advantage of unique Hive usernames is the ability to have the same unique name across multiple platforms; Certainly not nothing but also not required.
Conclusion
Clearly the future of WEB3 and internet security is simplifying this process of secure self-identification. Unfortunately WEB2 continues to dig their heels in and resist the change because they simply refuse to give up the honeypot of valuable data. Is this a bad thing? Perhaps not if it ends up giving us an edge right when we need it during the great transition to WEB3.
This is a perfect use case for hive and I been trying to get something like that going but much like my efforts on this chain it's like screaming into the void.
I'm in favor of this product or service.
Thanks!
People have been saying for a while now that HIVE could be the perfect identity management system. I just wish more people would stumble onto it.
Maybe it needs to be marketed more aggressively.
I think just the due recognition of WEB 3.0 as the main future (which in fact is already the present for many of us) will only happen massively after WEB 2.0 breaks down, completely (which may still take a long time to happen).
In the meantime, let's keep building the revolution (albeit at a "slow" pace and walking in the "shadows").
I read your comment with interest. Presumably, exactly what you say will happen: Web 2.0 will suddenly collapse. This, however, will happen in several years, when Web 3.0 has reached a critical mass that will bring down the entire Web 2.0. !BEER
View or trade
BEER.Hey @wiseagent, here is a little bit of
BEERfrom @stefano.massari for you. Enjoy it!Learn how to earn FREE BEER each day by staking your
BEER.View or trade
BEER.Hey @wiseagent, here is a little bit of
BEERfrom @stefano.massari for you. Enjoy it!Did you know that <a href='https://dcity.io/cityyou can use BEER at dCity game to buy cards to rule the world.
Hive already uses more advanced systems than traditional usernames and passwords. I agree that we already have solutions for a more secure and privacy-friendly internet, but the current system continues to prioritize user data because it's convenient for those who control it. Companies still have a strong need to manage our data and do our business. !LOLZ
Thank you for letting us know. Congratulations and best wishes.