this post was submitted on 29 Aug 2023
53 points (98.2% liked)
Technology
37800 readers
82 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No, this is already solved without scam shit tied in.
Eh, I wouldn't go as far as calling distributed ledger tech a scam. Sure, 99% of the current ecosystem is at best digital tulip trading if not an outright scam, but that doesn't mean everything blockchain-related is a scam.
There's valid use cases for what's essentially a distributed database with immutable history (or a "smart contract" system which is essentially a distributed singleton VM with immutable state history), but NFTs etc ain't it. Fintech will probably incorporate some of the stuff that came out of the blockchain craze, but I figure that at best it'll be like Linux; most people who use the internet interact with Linux systems pretty much all the time, and of course Android is a Linux-based phone OS, but very few actually run Linux or even care about the whole concept. It's just part of the infrastructure, which in my assumption some kinds of blockchain-ish technologies might be. Probably just not the public networks people associate with it now, but private / internal ones with limited validator sets etc
People keep saying there’s a valid use case for this but what is it? Basically any distributed ledger would actually perform better, be more secure, and be easier to use as a centralized database.
Performance is relative to what your goals are (extremely high transaction volume isn't always something you need to handle, and also isn't guaranteed to be impossible with a DLT either), and centralized databases / services aren't always the best fit for every problem. Regarding security, well, I really don't see how you came to that conclusion. Guess it depends on what exactly you mean with security?
Real estate is pretty commonly seen as the prime example of a field where a DLT is a better fit than a more "traditional" centralized service. As an example let's say we want a system that could be used to record changes in property ownership, so you need auditable state changes and an immutable history, and you want some sort of guarantees that generally someone who's not authorized to do something to a property isn't going to be able to do it by just issuing a state change (ie writing to the DB.) Your stakeholders are probably going to be the local government, licensed real estate brokers (if that's a thing in your jurisdiction), possibly all private property owners who want to sell their property etc. etc. You absolutely could build this with a "traditional" centralized service that eg. the GOBERMENT (or whoever trusted stakeholder) runs and operates, but then you have a single bottleneck that's entirely dependent on a single stakeholder, and you still need to implement eg. audit trails for state mutations, access control, etc. etc. As I said it's absolutely doable, but many of the things you'd do to build it are essentially just reinventing some sort of DLT but in a monolithic package and without any of the benefits. Take state immutability for example; you'd probably be building some sort of hash tree or chain anyhow but now you have to do both the hashing and the verification and validation manually instead of the infrastructure doing it for you, and it's nontrivial to do right so the attack surface here is not going to be small in a home-grown solution. You'll probably want to require that all state changes (transactions) are signed by a known trusted actor, so you'll need to build that too, so here's yet more attack surface. Also you probably don't want to run literally just a single instance of your database so you're going to want some sort of replication, which may need some legwork depending on the database system used. Compare this (non-exhaustive) list to what your average DLT framework like Hyperledger guarantees "out of the box", where the infrastructure itself gives you guarantees about the immutability of history and who is allowed to make state changes to which parts of the state (in our fictional case you'd want a Proof of Authority consensus mechanism, so anyone making state changes would have to have a valid X.509 cert issued by some trusted CA, but with public reads as property ownership is a matter of public record), which is by default distributed so there's no single point of failure, and is eventually consistent within known parameters and known behavior.
Distributed systems definitely do require more skill to operate so the benefits need to outweigh the costs (and they often do, which is why we eg. tend to use microservices for high volume systems), but I honestly fail to see how for example a project using Hyperledger tools (and there's more than just the DLT Fabric), which are specifically built around privacy and security, would automatically be less secure than a centralized system where you have to build the same features yourself, meaning you just have to trust that you did everything right.
Real estate is a terrible example of where to use a blockchain. Someone gains access to your private key and you just... don't own your house anymore? There's not really a recourse here since it's controlled by the distributed system. On the other hand, the government which is entrusted with the authority to enforce laws can hold onto the this information in a more secure way than the average person. And if something does happen they have the ability to fix problems without issue. I read all these stories online about wallets getting compromised and contents stolen with very little recourse and am confused why I would want the largest purchase that I will ever make in my life tied up in that. Doubly so because that purchase is explicitly tied into the central authority of your government. It's not like cryptocurrency where it can exist externally to the current legal system. Real estate MUST be tied to government in some way.
Your point about how building a secure, central database will have so many technical hurdles to overcome is... odd. I mean, sure it's tough to make a secure database. Your answer is that some blockchain framework has certain security characteristics while ignoring that literally every secure data store that currently exists is running on a central database and just fine at that. Like, what do you think that your bank is using at this very moment? There are multiple companies with well-audited solutions selling and running secure databases RIGHT NOW. You just hand wave away the ability to make secure databases while ignoring that they already exist while expecting us to buy into the promises of some new, unproven framework like Hyperledger. The only thing that blockchain adds is immutability, which is something that I think would be a poor idea anyway.
Lastly, blockchains only work by having users with a financial stake and incentive. With proof-of-work you're staking the cost of the electricity you're spending, with proof-of-stake the crypto you're staking. The point is, they have this whole weird financial structure to keep people running this distributed ledger. How would that even work for real estate? Do you want people with perverse financial incentives muddling with the system that controls your ownership OF YOUR HOUSE? Or the government which is empowered by the people to serve them. And if it fails those leaders face expulsion? I know where my answer is.
I just want to hammer this point home one more time. This is a false comparison. You do not have to build these features yourself. Like, have you heard of this tiny company called "Oracle"? Or maybe this really obscure one "Microsoft"? They both make exactly this product.
Depends on a) what keys you have, b) who even gets to make mutations and c) if the system has provisions for "edit" transactions (which don't change history but say – to put it very simplistically – that eg. "previous transaction x is invalid"). Also it's unclear why you think this is different from a database password being stolen.
I wasn't saying to throw away existing systems or that banks aren't running secure databases. Jesus christ you seem more intent in just being indignant about me daring to have a differing view about something than actually reading what I said.
You also clearly don't understand what Proof of Authority means and didn't bother to read my explanation, since PoW / PoS are completely different consensus mechanisms and the problems with them don't apply to PoA systems.
Remind me which Oracle or Microsoft database solution gives you signed state mutations, a guaranteed immutable and tamper proof history out of the box.
Honestly your whole argument relies on you not bothering to read what I wrote and then answering with sarcastic comments based on what you assumed was said. I know you don't agree with me, but try not to act like a twat just because you don't.
Under the current system you don't even have a private key. In some countries it's fairly common for someone to lose their home because someone bribed the official to change the title records.
I think that key management is blockchain's Achilles Heel, but there are some interesting potential solutions
If the state, with its monopoly on force, says that you don't own land, what difference does it make if it's a piece of paper, a record in a traditional relational database, or a transaction on the blockchain?
Title ownership of a piece of land is only as good as the enforcement mechanism of that title mechanism. Changing from recorded paper deeds to PDFs in a centralized database made sense (and was backwards compatible). Changing from PDFs in a centralized database to a blockchain doesn't actually change the enforcement mechanism, and makes it less efficient. So what's the point?
Obviously if the state doesn't enforce the titles they're useless. Sure if the president of a corrupt country decided he wants your house he's gonna get it. But a DLT would prevent lower level corruption that relies on the benefit of the doubt.
If a corrupt official uses their access to change the PDF title of your house to be in his name, he could take that to court to take your house from you. A ledger would prevent that change from happening, or at least leave a permanent record of the change
Yes. That's why most western land ownership systems moved to written ledgers in continuous, sequential books since, like, the slow collapse of feudalism 400-600 years ago. Let anyone add to the record but store those records in a way that they can't be tampered with or removed after the fact, and let basically the entirety of the county's land ownership records be tied up in one ledger that all land owners have an interest in properly preserving integrity.
Basically, blockchain doesn't actually help any more than simple/regular digitization does. Which already happened in most places 25-50 years ago.
This is not worth our time to keep arguing. I hope you have a nice day! :)
A trust less system also can aid in stymieing wire fraud in real estate transactions which is shockingly common. Today, someone doesn't even have to have your private key to pretend to be you and steal your escrow funds - just a spoof email, good timing, and a paralegal that makes a mistake
So before anyone comes forward and claims that their innovative solution will improve on the status quo, I generally expect them to be able to describe the status quo. And here, you haven't done so.
In the U.S., county recorders allow for anyone to record to the centralized ledger (and this is literally paper technology that long predates computers), and the transactions themselves are validated when necessary to resolve a dispute: one can only sell what they already own, and if they sell something they no longer own it. The law allows for certain types of involuntary transactions: foreclosures, execution, inheritance (where the owner can voluntarily prescribe some rules but doesn't get to control the timing of when those rules get executed, and the failure to affirmatively write stuff into a will means that the inheritance falls back to defaults), divorce, partition, adverse possession, reverter, and then a bunch of special rules that apply to governments like tax foreclosures or eminent domain. And no matter what the actual papers say, ownership of land still must be enforced by a sheriff.
Which portions of this status quo should be decentralized? Or centralized? What would the benefit be?
In my opinion, real estate is the worst candidate for decentralizing the ledger.
Personally I wouldn't be replacing any of that with any cool woo woo blockchain tech; my point was more that the infrastructure used to support the status quo could benefit from some of the features common to DLTs
Electronic voting, maybe? But for most cases a transparently ran centralized ledger should work better.
electronic voting is a bad idea regardless of any blockchain integration
Voting on a blockchain is a great way to enable outright purchasing of elections. If I can prove I voted a certain way, I can sell my vote.
Well... Banking. I'm not going to write a long explanation like other commenters, but each bank having their independent ledger and syncronizing them each X time, with lots of manual intervention is not optimal. Ditributed Ledgers allow for banks to share the information with each other and for transactions to be done instantly, without dispute issues. This technology is already being used internally within the financial industry, and it's going to stay since it facilitates a lot of internal work to the beenfit of the users.
Edit: As an extra point, these distributed ledgers are not really distributed between everyone, banks store them in secured environments and share them with other partner banks, in a controlled environment.
The use case is people who are worried that the centralized database will become inaccessible.
Well, not a regular blockchain: you don't want individual votes to be public and easily linked to the person making the vote.
Blockchains are possibly the worst way to implement voting at least in a "public" / governmental setting. You need to be able to do zero-knowledge votes, meaning that you want it to be impossible to look at a "vote transaction" and say who did the voting and who they voted for, but also know with (practically) absolute certainty that the vote was done by a valid voter and isn't a duplicate, and then finally you want to be able to tally the votes per candidate even though you can't look at an individual vote and say who it was for. So any sort of "classic" blockchain is almost the literal opposite of all that, with public transactions that are tied to public identities and where everyone can tell what happened. What you need is something that either allows or is based on zero knowledge proofs, but I honestly dunno if any current project can do this out of the box, haven't kept up to date that much lately
Without some sort of zk mechanism, the machines "bundling" local votes still know the votes. If you have a small district, then it may be possible to figure out who voted for who.
Trust me, there's been a lot of research into doing electronic voting and generally the consensus is that a "regular" blockchain would be a terrible choice.
Personally I don't trust electronic voting at all and think paper ballots are the way to go
Yeah it seems like people are generally inclined to trust electronic voting more than paper ballots, when the reality is that the vast, vast majority of electronic voting systems are so utterly borked that it's possible to pretty trivially change election results, often without leaving any trace of the tampering.
The Hursti Hack is the classic example, and by no means the only one. Incidentally the person that hack's named after, Harri Hursti, is a family friend. He caught me trying to crack passwords on his UN*X shell box (with a dictionary cracking tool, probably
Crack
) in the early 90's when I was a teenage nerdlet with too much free time and not enough brains 😅If you need the person to walk somewhere, physically show a voter ID to someone to be let into a private area where they receive their private key in a machine for them to then vote remotely, wouldn't it be easier just to remove the entire technology part of the equation and just make them put a piece of paper inside an envelope in that private area, so that they can then put that piece of paper into a public ballot box right after?
Electronic voting is a bad idea in general, blockchain isn't going to fix that.
That’s entirely what you would want a centralized database for; so you can put an authority you trust in charge of it, to ensure it’s fair and auditable.
Using a blockchain would give a bunch of people very strong incentives to perform a 51% attack, find a flaw in the protocol and exploit it, or just bribe, threaten, or cajole the programmers who created the chain to patch it to do what they want.
… you don't want to use a centralized database for votes exactly for the same reasons you don't want to use a blockchain for votes, unless you're doing some sort of zero-knowledge stuff in the background and what gets written to the DB doesn't allow the system operators to tell who exactly voted for who while still being able to tally the votes correctly. Even having a request increment a counter in the DB would mean it'd be possible to look at logs or traffic between the db, backend and frontend, and tell that when request X came in, candidate Y's counter was incremented. This is why most if not all electronic vote systems right now are completely fucked and a terrible security risk, there's way too many possible options for manipulating them. Centralizing the vote db wouldn't fix the problem, it'd just, well, centralize it.
Why would you want a zero-knowledge database? You want the exact opposite: you want to be able to tie the vote to a person, which is why ballots are associated strongly to your identity and why counting physical ballots remains so important.
The whole point with voting at least in a civic context is that your vote isn't tied to you, ie. nobody can actually tell who you voted for; they need to know that each vote is valid but not who cast each vote. You do need to have ID (or whatever the process is in your specific country) to be able to vote, but at least here the foldable piece of paper you actually put your candidate's number in has absolutely no identifying information on it, it just gets stamped by an election official when you go to put it in the ballot box.
A well financed actor would find it much easier to hack a centralized database than to hack a modern blockchain
In what sense? There have been numerous hacks of existing blockchains even within the past few months. Also of smart contracts on those blockchains. Certainly way more than, say, bank databases.
Not a fair comparison. Bank databases have been running since the 70s on code that has barely changed in that time. They've been battle tested for decades, so it's unlikely a new exploit is going to be easy to find.
On the other hand, if you wanted to run an election on a centralized database, think about what that means. All the votes need to go to 1 server somewhere, which will tell us all who won the election. A server that is run by an IT team who will have root access and could be phished, or bribed, or threatened. A server that only gets a real-world test once every few years.
Users have no idea if their vote is in the database, if it's correct, if it got counted in the final vote or not.
Don't get me wrong, I don't trust the current crop of DLT tech more than the pen and paper method, but at least it's more transparent than a centralized system
I don't think running an election on a centralized database is a great idea. I do think it's a way better idea than doing it on a blockchain, which has all the problems a centralized database and several more besides.
We agree something! :)
I think you should re-evaluate your thinking on the second part. I know it's popular to bash on blockchains here, but blockchain isn't all ponzi schemes and libertatians, just like the internet isn't all phishing emails and troll farms
The research wing of the blockchain world is very interesting, at least from a nerdy, theoretical perspective
I dunno, I'm pretty technically versed on blockchains and I simply don't see the use. As I said they're vulnerable to basically everything a centralized database is, with the addition of 51% attacks, and suffer from poor usability and being monstrously inefficient on top of it. Maybe there is a mythical use for the tech out there, but if there is I haven't heard an argument for anything that wouldn't be better served by an actual database.
AFAIK if you don't trust the server and want to know exactly what code was run by it, there are only two options: a smart contract blockchain, or ZK Proofs (which came out of blockchain research)
It's a social technology. It allows outsiders to validate that the election tally code was run correctly. Elections are run every day on the Ethereum blockchain often that has financial implications for the voters. It doesn't mean they never get hacked, but it certainly gives the users more visibility and trust in their vote than a centralized black box
You will vote as we say or you will be fired from your job.
Voting requires anonymity.
Blockchain is a tool for scammers used for scamming, and has almost exclusively been used for such.