- cross-posted to:
- hackernews@lemmy.bestiver.se
- cross-posted to:
- hackernews@lemmy.bestiver.se
What are the chances this will lead to online data privacy reform and corporate accountability for PII for all? or just…some?
What are the chances this will lead to online data privacy reform and corporate accountability for PII for all? or just…some?
You still have to have some kind of unique identifier. What do you propose phone numbers are replaced with because I can’t think of anything that isn’t basically just the same but with a different flavour or actually is actively worse.
Your device and account credentials are unique enough to identify you on the carrier-level, SIM/eSIM as well. Ultimately, every time you share your contact info, it should be a unique code (QR would be convenient enough) generated by your cell provider. If it’s ever leaked, you just notify your carrier to burn it, and give the contact a new unique code. No two people should be given the same contact, and all of the contacts are simply correlated to your device by the carrier. Additionally, when sharing contacts via QR, they could be modified on the device-level to include e2e encryption keys, thus further securing the transmitted information, not at the trust-me-bro carrier level, but at the user-verifiable device level. If the carrier gets hacked, reset the identifiers, associate the new one in your text app to keep conversations going, and move on like nothing happened. You’ll still be better off than if your phone number was leaked. It’s not perfect, but it’d be a hell of a lot more secure than what we have now.
In other words: What if a billion dollar company made Signal, but with cell towers, and not as good?
My friend, that is not convenient. Phone numbers need to be memorable, and need to be transmittable offline without relying on technology. Old people use phones…
Phone numbers need to be memorable. A disposable unique contact does not. You can print a QR code, easily save it to a device, transmit it via nearly anything with a connectible screen. Of course you would want to launch it with alongside phone numbers, not in place of it, but this is what should be the next ‘innovation’ in cellular communication.
That said, it does pose the problem of contacting someone with a phone that isn’t your own, perhaps from jail. I’m sure they would never suggest putting an emergency contact chip in your hand for your own health and safety. No government would ever suggest something so silly. /s
If I want to contact a business though I know I need to dial 555-123-4568, and I know that because there was a little jingle at the end of the advert. But if they just flash up a QR code then do I just have to wait until the ad is on TV again? There’s a reason they don’t really put QR codes on TV but they do on YouTube where you can pause it, and queue up the video whenever you wanted.
It’s not an awful idea but it needs a bit of refinement. That needs to be some kind of way to associate a human readable identifier to the contact.
We use QR codes all of the time for websites but eventually that still boils down to a URL in plain text.
usernames, like in signal. opt-in, customizable. maybe also add something automatically for the locality
The solution is simple then. Allow businesses to maintain a phone number for people who watch ads on TV. Not like businesses getting spam calls is that big an issue. Though I’m certain they’d be very enthusiastic to have the unique contact QR feature available for tracking in web ads.
Businesses are a separate use case. Phone companies already handle separate use cases, where they use very short memorable numbers for specific purposes. They just need something similar, whether it’s keeping phone numbers, or using something slightly different. Probably some sort of simple alias.
It’s the phone companies that need to innovate, and the solution isn’t very hard.
You say the solution isn’t very hard but what you are suggesting is basically just obfuscating phone numbers. Surely the actual solution is to just make spam calling illegal.
Oh and just cut Indias data connection, because those guys are never going to fix their scam call centre problem because the government and police are corrupt.
You could argue that cryptography is nothing but a type of obfuscation. I was trying to explain things so that the very average person could understand it.
People don’t stop doing things just because you make it illegal. You even know this because you mentioned India. However people actually do stop when you make it nearly impossible.
In Tox you have a code on the end of the Tox address. One can do similar, but have different codes for different levels of acceptance. Default - ignore. Some other code - add to the list of callers without notification. Some other - with notification. Some other - for SMS, but not calls, or the other way around. And so on.
The problem with things being memorable exists, yes. Computers can make calls, meaning that there’s no solution. A good secret required to call someone can’t be memorable.
Email should work similarly.
For those who ran their own mail servers it already did, via the +something notation.
Unfortunately the industry and the Internet in general went the other way.
EDIT: Oh, you mean temporary address. Easy. You have tracker nodes and receipt nodes. You publish on all tracker nodes you know your receipt node (by temporary address) every time you generate a temporary address. So those mailing you find it on trackers and post there. On that receipt node your temporary address is associated with some secret, allowing you to retrieve your incoming mail. The easiest way is that the temporary address is a pubkey and to confirm ownership you just need to sign a request for mail, or maybe it’ll be encrypted with it and no good for anyone else. Or both.
Agreed.
Sure you can have a unique identifier. That’s not the issue. The issue is that anyone can contact you via your phone number! This is not a problem with chat apps where people need permission to add you to their contact list. Why not have a system like that?
Same goes for credit cards. They should need to ask for permission to charge your credit card. Merely knowing your credit card info should not be enough.
But then you just get spammed with requests for connection. Just like spam email, the call coming through wouldn’t be the point anymore it would be the connection request.
For CCs 3DS does exactly this, though not implemented everywhere.