As more and more things are moving online, two problems became apparent to our collective consciousness:
- How do you know someone is really a person?
- How do you know someone is who they say they are?
Initially, the “person” thing wasn’t a big issue, the internet was used for low-stake amicable activities, and impersonation, bots, and alternative accounts weren’t a big deal. As for the second issue, well, we used usernames and passwords.
But now we use the internet for everything, banking, work, brokerage.
So how do you solve the issue?
Easy, a while ago smart mathematicians devised various schemes of public-private key encryption. A person simply generates a private key, sends their public key over to the authenticating entity, and can then get back a challenge, no matter where or on what device, to prove who they really are by decrypting said challenge with their private key.
Identity is also easy to solve, there are 3rd party identity verification services, that simply verify a private key’s possessor document once, and can make the information public to those transacting with them. Some are open source and distributed, other centralized, and there’s an ongoing argument about privacy, but the whole system work.
Security is also a big deal, but depending on how much is at stake various people can use various mechanisms. My grandma keeps her private key on her phone, she doesn’t use it for much besides email, I keep mine on a physical token with no internet access and a basic interface for encryption and decryption, and I have backups with two trusted friends. The president of the US keeps their token split between 3 devices, all of which are needed to form it, two entrusted to secret service members shadowing him at all times.
Wait, no? That’s not how we do it? Then how do we… ?
Oh, oh right
It’s mainly based on these little things called SIM cards and the phone numbers they represent, they receive challenges via…
An insecure network owned by a mixture of governments, international corporations, and small mom & pop companies
The number themselves are not bound to the tokens but rather assigned by…
Small and large for-profit corporations in the business of selling internet bandwidth and TV aren’t accountable for their security…