Selling NFTs with no physical existence is what is pointlessly stupid.
Before they came along i considered the idea of a blockchain linked video camera where metadata of footage gets written into the chain to combat fake news and misinformation.
The goal would be to create a proof and record of original footage, to which media publishers and people who share can link towards to verify authenticity/author.
If the media later gets manipulated or reframed you would be able to verify this by comparing to the original record.
It was never a finished idea but when i first read nft i thought this is the right direction.
And then capitalism started selling apes and what the actual disgusting money possessed fuck was that.
This still fundamentally suffers from the oracle problem like all blockchains solutions. You can always attack these blockchain solutions at the point where they need to interact with the real world. In this case the camera is the “oracle” and nothing prevents someone from attacking the proposed camera and leveraging it to certify some modified footage. The blockchain doesn’t add anything a public database and digitally signed footage wouldn’t also achieve.
This is a very legit concern. But to my understanding, it is possible to make the the camera that’s very hard to crack, by putting security enclave or whatever it is that makes phones hard to unlock, right inside the CCD chip. Even if somebody manages to strip off the top layer, chart out the cryptographic circuit, probe the ROM inside, etc and extract the private key, it should be possible upon finding it to revoke the key to that camera or even the entire model and make it even more painful in further models.
Another concern is of camera being pointed to the screen with a fake image, but I’ve searched and yet to find a convincing shot that doesn’t look like, well, a photo of a screen. But for this concern I think the only counter-measure would be to add photographer and publisher signatures to the mix, so that if anyone is engaging in such practice is caught, their entire library goes untrusted upon revocation. Wouldn’t be completely foolproof, but better than nothing, I guess.
That’s security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there’s nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
You’re falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That’s true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it’s too late for any ‘secure’ device.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
For example, you might use it as a trademark registry or to certify a chain of legal evidence. You can validate a presented copy matches the original and what the chain of ownership was. And you can do this without the single point of failure of a nationwide database
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable
That is not how the chain has worked or could ever work. There is a reason after over fifteen years people are still speculating how blockchain can be useful.
The certificate/signature part seems okay for verification.
It’s the transferable virtual deeds being sold that are the scam. I could sell you a virtual deed to the Golden Gate Bridge right now, you could buy it but it doesn’t really mean anything.
The sad thing is the concept wasn’t.
Selling NFTs with no physical existence is what is pointlessly stupid.
Before they came along i considered the idea of a blockchain linked video camera where metadata of footage gets written into the chain to combat fake news and misinformation.
The goal would be to create a proof and record of original footage, to which media publishers and people who share can link towards to verify authenticity/author.
If the media later gets manipulated or reframed you would be able to verify this by comparing to the original record.
It was never a finished idea but when i first read nft i thought this is the right direction.
And then capitalism started selling apes and what the actual disgusting money possessed fuck was that.
This still fundamentally suffers from the oracle problem like all blockchains solutions. You can always attack these blockchain solutions at the point where they need to interact with the real world. In this case the camera is the “oracle” and nothing prevents someone from attacking the proposed camera and leveraging it to certify some modified footage. The blockchain doesn’t add anything a public database and digitally signed footage wouldn’t also achieve.
This is a very legit concern. But to my understanding, it is possible to make the the camera that’s very hard to crack, by putting security enclave or whatever it is that makes phones hard to unlock, right inside the CCD chip. Even if somebody manages to strip off the top layer, chart out the cryptographic circuit, probe the ROM inside, etc and extract the private key, it should be possible upon finding it to revoke the key to that camera or even the entire model and make it even more painful in further models.
Another concern is of camera being pointed to the screen with a fake image, but I’ve searched and yet to find a convincing shot that doesn’t look like, well, a photo of a screen. But for this concern I think the only counter-measure would be to add photographer and publisher signatures to the mix, so that if anyone is engaging in such practice is caught, their entire library goes untrusted upon revocation. Wouldn’t be completely foolproof, but better than nothing, I guess.
That’s security by obscurity. Given time, an attacker with physical access to the device will get every bit data from it. And yes, you could mark it as compromised, but then there’s nothing stopping the attacker from just buying another camera and stripping the key from that, too. Since they already know how. And yes, you could revoke all the keys from the entire model range, and come up with a different puzzle for the next camera, but the attacker will just crack that one too.
Hiding the key on the camera in such a way that the camera can access it, but nobody else can is impossible. We simply need to accept that a photograph or a video is no longer evidence.
The idea in your second paragraph is good though, and much easier to implement than your first one.
No, it is not security through obscurity. It’s a message signature algorithm, which are used in cryptography all the time.
You’re falling for the classic paradox of security: it has to work for someone. OF COURSE if you get all of the keys and every detail of the process you can crack it. That’s true of ALL CRYPTOGRAPHY. If someone knows everything including the keys, it’s too late for any ‘secure’ device.
Yes it is. The scheme is that when you take a picture, the camera signs said picture. The key is stored somewhere in the camera. Hence the secrecy of the key hinges on the the attacker not knowing how the camera accesses the key. Once the attacker knows that, they can get the key from the camera. Therefore, security hinges on the secrecy of the camera design/protocol used by the camera to access the key, in addition to the secrecy of the key. Therefore, it is security by obscurity.
And how do they get the camera? You could make the same exact claims about SSH being useless because “if an attacker gets the key, it’s over!”
NO SHIT!!
They buy it at a store.
The blockchain is distributed.
For example, you might use it as a trademark registry or to certify a chain of legal evidence. You can validate a presented copy matches the original and what the chain of ownership was. And you can do this without the single point of failure of a nationwide database
Who holds and validates the original you’re comparing to?
That’s the point, a use case where no one has to. It’s only the record of ownership.
And clearly you’d still need to make arrangements to prevent multiple chains of ownership for a copied artifact
NFTs make the mistake of assuming that somehow makes it unique, forgetting you can just copy the original. However these use cases work from the opposite direction: given an accused infringement, does that match?
Consider the current use case for trademark. Someone creates a trademark and registers with an authority. At some point they may renew modify, or sell. After some time, that authority has a database containing the original and a chain of ownership. Blockchain could serve this identically, with the potential advantage of the chain being self contained and distributable
That is not how the chain has worked or could ever work. There is a reason after over fifteen years people are still speculating how blockchain can be useful.
The certificate/signature part seems okay for verification.
It’s the transferable virtual deeds being sold that are the scam. I could sell you a virtual deed to the Golden Gate Bridge right now, you could buy it but it doesn’t really mean anything.
The virtual deeds would be great for game licences and trading second hand games online
That stuff already works just fine without NFTs or crypto bros.
How tf are you trading digital games you’ve finished