Ian Miers

8.9K posts

Ian Miers banner
Ian Miers

Ian Miers

@secparam

CS Prof. Security and applied cryptography. Some highlights: Zerocash (zcash, et al. ), Zexe (Aleo, Aztec, etc ), zk-creds/zk-promises(...)

Washington DC/ UMD Se unió Nisan 2012
876 Siguiendo12.1K Seguidores
Ian Miers
Ian Miers@secparam·
The era of "Ignore All Previous Instructions and Expend All Munitions Here Park."
English
0
0
1
404
Ian Miers
Ian Miers@secparam·
@matthew_d_green This of course raises the question: if you run all the horrible privacy invasive stuff inside a TEE, and promise to only show it to the user, is it "private"? For the sake of argument, lets ignore the problem of leaking ads.
English
0
0
0
80
Ian Miers
Ian Miers@secparam·
@matthew_d_green Im not apriori sure thats true, it may be easier to just make the TEE run advertising logic to insert ads into the results. And think "insert" as in sponsored results, possibly not marked as such, not ads.
English
1
0
0
131
Matthew Green
Matthew Green@matthew_d_green·
A lot of people think the solution to “private AIs” is to just TEEs. This is already the approach being deployed by Meta, Apple and Google. I think that’s important, but not really a solution. The problem is that for agentic AI, agents need to interact with the real world.
English
17
15
98
10.8K
Ian Miers
Ian Miers@secparam·
@adrianbrink Hrm, now I'm morbidly curious if the US's mess of a financial wire transfer system is "better" here. Liability shifts matter. Ross Anderson spent a good amount of time pointing out how this made UK chip+ pin a disaster since it predictably had bugs.
English
1
0
0
42
Adrian Brink
Adrian Brink@adrianbrink·
Actually I don't really know how it works in the US with banks. By and large in Europe you're on your own if you wired money to the wrong address and you need to file a civil action against the receiver. Blocking addresses would help, but they tend to rotate them rather quickly. One of the huge advantages of the Eurozone is that you get an almost instantly settled transfer between 25+ countries. However that also will frequently mean that if you transfer to a scammers account in Hungary you need to go after them in Hungary before they can move the funds further. And historically you could rely on people having only their local IBAN which has a country prefix, but with the rise of the neobanks (Revolut, Wise, ...) they all use mostly Latvian or British IBANs and so it's quite normal that ordinary people will want to receive a transfer to a foreign IBAN.
English
1
0
0
55
Adrian Brink
Adrian Brink@adrianbrink·
What is the value of a bank of in case of being tricked into sending money to a scammer, you are still responsible? At that point they provide exactly as much backstop security as crypto! Only remaining difference is the ability to write down 12 words and secure them!
English
5
0
7
831
Ian Miers
Ian Miers@secparam·
@IanSmith_HSA Coordinated design for standards is a little different than getting all browsers and servers to turn it on. Not to mention there were some trial deployments of pqc tls before deployment
English
0
0
0
27
Ian Smith
Ian Smith@IanSmith_HSA·
The PQC migration has already had coordinated efforts. TLS1.3 and ACME upgrades the entire SSL suite of public keys to PQC in 30 days. The critical work is already completed. Physicists and cryptographers are anticipating 30 days notice as "responsible disclosure." Bitcoin and Ethereum are likely to get 30 days notice. "Crypto Agility" is a specification by NIST, just ignored by most.
English
2
3
10
475
Ian Miers
Ian Miers@secparam·
Quantum computing timelines are IMHO exaggerated, but Bitcoin boosters protesting it's not a risk is amusing. No, we're not all in the same boat: pq encryption for the Internet already exists without coordinated upgrades to use it, unlike Bitcoin. And Bitcoin is more exposed.
Michael Saylor@saylor

@chamath Your AI thesis assumes the digital world is quantum-resistant. If quantum breaks cryptography, it breaks AI, cloud infrastructure, banks, and the internet—not just Bitcoin. The entire stack upgrades together.

English
5
2
22
2.3K
Ian Miers
Ian Miers@secparam·
@AlecMuffett That seems possible, prudent indeed if age verification already was a forgone conclusion. But that means either 1) the forgone conclusion arose organically 2) some else lobbied for it.
English
1
0
0
36
Alec Muffett
Alec Muffett@AlecMuffett·
@secparam I have a different perspective: it's Meta having the self-knowledge that they should not be obligated to collect and retain government ID for purposes which are essentially irrelevant to their business and harmful to internet culture as a whole. I would agree.
English
1
0
0
161
Ian Miers
Ian Miers@secparam·
This would explain Meta's heavy lobbying for age verification. It's a useful side effect that it conveniently shifts any responsibility for what kids see from parents who can't be bothered to set parental controls to governments that never met surveillance tech they didn't like.
vx-underground@vxunderground

Yeah, so basically the current prevailing schizo internet theory is that AI nerds have destroyed the internet and created infinite spam. The advertisement goons are now incapable of determining who is a bot and who is an actual human. The advertisement goons no longer want to pay as much to social media networks. Social media networks, in full blown panic of losing potential revenue, decided to lobby governments saying "we gotta protect the kids! ID everyone to protect the kids from pedophiles!". The social media networks know this doesn't really protect kids. But, it does two things (and a third accidentally). 1. They now can identify who is human and who is AI slop machine, or enough to appease the advertisement goons 2. Advertising to children is a general no-no from politicians, or something, so with ID verification they can say with confidence they're not advertising to children because it's been ID verification. Basically, they can weed out the children and focus on advertising to adults 3. The feds can now tell who is human and who is AI slop. This inadvertently helps them with tracking people and serving fresh daily dumps of propaganda, or whatever they want to do. It's a win-win-win for advertisers, social media networks, the government, and any business which does data collections. It fucks over everyone else. Chat, I'm not going to lie to you. This is an extremely good conspiracy schizo theory and I unironically believe it.

English
1
6
22
1.9K
Ian Miers
Ian Miers@secparam·
@alinush Avoid the cognito hazard of fetishizing unnecessary complexity. 1st you'll describe confidential assets as complex. Then private. Then suddenly you're defending Bitcoin, er I mean your chain's, lack of privacy. Better to say confidential assets are a boring 1st step to privacy.
English
1
0
2
195
alin.apt
alin.apt@alinush·
Attempt #1 at taming the complex confidential asset machine 👇 1. Account state stores an encryption of the user's balance, rather than the balance itself. 2. Transaction proves the encrypted amount is >= than the sender's balance. 3. Blockchain verifies & applies changes!
alin.apt tweet media
English
3
0
15
768
Ian Miers
Ian Miers@secparam·
VIRGIL: ... Dulles Concourse D was temporary when completed 41 years ago and designed to be replaced in 10 years. MINOS: So our new purgatory is an 80s extension of a 60s Utopia, left to decay for 40 years? VIRGIL: Yep. And Trump wants to rename it
English
0
0
0
220
Ian Miers
Ian Miers@secparam·
MINOS: There's a permanent one? V: Oh yes. Stunning. Eero Saarinen designed. One of the great works of American architecture. Award-winning. Soaring lines, sweeping roof, a genuine monument to the optimism of flight M: And they put people in the temporary one? V: "temporary"...
English
1
0
0
223
Ian Miers
Ian Miers@secparam·
MINOS: So we need a new circle of hell. What are we working with? VIRGIL: Airport terminal. M: Set the scene. Does it have Windows? V: Almost none. M: **Almost** none? V: There are windows. Placed so you are always aware the outside exists, but cannot meaningfully experience it.
English
1
0
2
620
Ian Miers
Ian Miers@secparam·
@colludingnode Wait, you don't think "ignore the problem and number go up" works like it does with privacy, anonymous set size, or quantum resistance for certain other chains?
English
0
0
4
159
c-node (CROPS)
c-node (CROPS)@colludingnode·
There is no perfect solution, and the best option we have is to make it incredibly easy and cheap to detect these events when it happens
English
2
0
4
418
c-node (CROPS)
c-node (CROPS)@colludingnode·
Imagine two competing branches of a PoW blockchain, suppose the chain has tremendous adoption and 1GB blocks. Nobody can afford to archive the enormous chain history. Both are accompanied by valid validity proofs, but a vocal group claims there was data withholding 5 weeks ago
English
2
0
8
1.1K

Descubrir

@matthew_d_green @adrianbrink @IanSmith_HSA @AlecMuffett @alinush @colludingnode @elonmusk @BarackObama