Zero-Knowledge Proof

[labbe5]

https://bravenewcoin.com/insights/zero- ... a-security

Identity verification poses a challenge to businesses. Confirming that customers are who they say they are by implementing 'Know Your Customer' ( KYC) processes is an accepted way to serve customers, limit fraud and comply with anti-money laundering regulations. At the same time, collecting personally identifiable information creates new headaches as data privacy regimes such as GDPR and CDPR come into force. Moreover, rich sets of personal data are targets for hackers and increase business risk.

The solution to these challenges may require a counterintuitive approach: stop collecting information altogether. Significantly, both Privacy-by-Design and the GDPR are driving data minimalization. Blockchain-based digital identity systems that apply a technique called zero-knowledge proof let businesses verify information about a customer without ever receiving that information. With zero-knowledge proof, businesses can minimize the collection of personal data and reduce both the burden and the risks that holding personal data creates.

Further reading :
The problem with Facebook’s sorry campaign
https://venturebeat.com/2018/09/29/sorr ... -campaign/
Alternatives to Google Products – the Complete List
https://restoreprivacy.com/google-alternatives/

[musher0]

But seriously...

What's wrong with the old standards?

-- phone check: On initial contact, by e-mail or otherwise, the seller and
the customer could agree on a certain word, say a color. On second
contact, this time by phone, the seller asks: "What's the color?"

-- mail check: paypal does it. They send a password to your physical
address, that you must then enter on-line, within a time frame, to confirm
your new account.

-- buying the merchandise in person, in a store? I mean... actual
shopping?! It forces you to get off your cushion and do some exercise,
as well as dusting off your civility skills, talking / negotiating with the
merchant or his employee.

BFN.

[Flash]

How does Zero-Knowledge Proof work?

To continue our analogy, let's assume the vineyard is already connected to an identity system that verifies personal information...

The whole scheme depends on a trusted and uncrackable source of personal information. Count me out.

[nosystemdthanks]

The whole scheme depends on a trusted and uncrackable source of personal information.

does it? im not sure a particular implementation will work, but the idea itself doesnt sound like that at all. outside of the particular example, it sounds more like an extra layer of abstraction, similar to something like:

1. a master account number + password pair

2. which can be abstracted via cryptographic process (blockchain) to additional account numbers + password pairs

3. which can probably be traced back to 1 (in terms of privacy) because blockchains arent as anonymous as people think-- but--

4. if at least 1 is anonymous, then so are 2 and 3 within a certain scope, until a transaction strips that.

i have no proof of this, i might be way off. this is how i am reading it. i am curious how certain you are that this gives you less control of information / security than say-- your name and credit card number and pin.

im neither a fan or a sceptic, and i dont think of blockchain technology as anonymous, since it often isnt. but having less of your personal information exposed is the entire point of this concept-- and youre saying it doesnt do that.

[nour]

https://bravenewcoin.com/insights/zero- ... a-security

Identity verification poses a challenge to businesses. Confirming that customers are who they say they are by implementing 'Know Your Customer' ( KYC) processes is an accepted way to serve customers, limit fraud and comply with anti-money laundering regulations. At the same time, collecting personally identifiable information creates new headaches as data privacy regimes such as GDPR and CDPR come into force. Moreover, rich sets of personal data are targets for hackers and increase business risk.

The solution to these challenges may require a counterintuitive approach: stop collecting information altogether. Significantly, both Privacy-by-Design and the GDPR are driving data minimalization. Blockchain-based digital identity systems that apply a technique called zero-knowledge proof let businesses verify information about a customer without ever receiving that information. With zero-knowledge proof, businesses can minimize the collection of personal data and reduce both the burden and the risks that holding personal data creates.

Further reading :
The problem with Facebook’s sorry campaign
https://venturebeat.com/2018/09/29/sorr ... -campaign/
Alternatives to Google Products – the Complete List
https://restoreprivacy.com/google-alternatives/

The server will exchange data with the clients so there will be always breaches.
And societies who collect data aren't doing it for authentication reasons but to sell personal data so a new validation approach is not the real solution here.

[rufwoof]

I'm with Virgin for ISP. One thing that really P's me off is when the call me and then say for security reasons would I confirm x, y, z. To which I always reply ... you called me, so you verify what x,y,z might be so that I know you are who you say you are. Always leads to the same end, a waste of both of our times as their "systems don't work that way".

[bigpup]

That is like your bank calling you and they cannot tell you the account number.

Virgin ISP, their "systems don't work that way".

How do they know what to put on the bill you get for service and know your phone number to call

I would say those calls are fake and someone trying to get info from you!

I have never gotten that kind of call from anyone that provides service to me.
A real call, just starts talking about, whatever they are calling about.

[greengeek]

The whole scheme depends on a trusted and uncrackable source of personal information. Count me out

does it? ....

i have no proof of this, i might be way off. this is how i am reading it. i am curious how certain you are that this gives you less control of information / security than say-- your name and credit card number and pin.

I could be wrong but I think Flash was suggesting that if the system depended on accumulating a database of personal information that was pretending to be "uncrackable" then he didn't feel it was that trustworthy.

I agree. I would prefer to trust my own choice of password (prefereably 2FA) and handle my own authentication than let a distant party accumulate personal identifiers and tell me when I am authorised to their satisfaction.

(Apologies to Flash If i have misunderstood his comment)

[Burn_IT]

The whole point of site security is that only you and the site concerned know the access key.
Giving the key to someone else to look after immediately destroys that security.

Would you give your neighbour your wallet to look after and maintain??

[Flash]

(Apologies to Flash If i have misunderstood his comment)

No apology necessary, you got it exactly right.