I try to read every book by Neal Stephenson because he writes characters that I wish I could be, or perhaps are the closest to from any other characters in fiction. I was excited when Fall; or, Dodge in Hell came out. So excited that I accidentally ordered two hard copies, received one as a gift, and bought the audible version to listen to on my commute. The book is great in general, but specifically it introduces something called a “Personal Unseperable Registered Designator for Anonymous Holography” that all the characters call by its acronym, PURDAH. I’m curious as to how close this is to existing.
The PURDAH is a method in the novel that uniquely identifies a person using “AI magic” of all a person’s inputs to identify them based on what they do, how they type, everything they do digitally. More importantly, it doesn’t require anything conscious, and because the AI magic self updates its code all the time and replicated across a blockchain or something to prevent bad acting, a person’s PURDAH persists across consciousnesses through death and rebirth. That would be convenient.
I’m interested in proof systems for identifying myself, or identifying others. I’ve always liked reading about them, playing with keys, messing around with cryptographic systems. There’s just something neat about proving that I am me, and being able to rely on someone else being someone else. And so many programming problems rely on sound authentication to enable authorization to enable everything not going crazy.
The simplest identity is the password, or just some secret that you and only you know. There’s quite a few problems with passwords today, not to mention when our consciousnesses are moving between worlds, in the order I think they are important.
- They are hard to remember - I think this is the root problem for many other weaknesses: writing down passwords, sharing passwords, reusing passwords, weak passwords
- They are shared and people have to know a password to work - a system has to be able to check a password. Theoretically, every competent system should hash passwords and never store them and promise never to peak, but at the end of the day, if you send a password to a site you have to trust that they don’t do something bad with it. And you have to trust that their security is good enough to not get compromised. Public Key infrastructure gets around this somewhat, but you have to eventually trust someone or limit interactions to trusted out of band key exchanges and then how do you prove that the stranger you meet in the parking lot is really the strange you expect?
- They are hard to protect - assuming I eventually store the password somewhere/ Chrome, Firefox, MacOS have free password managers. Sites like 1password.com make money from managing password sets). Open source software like KeePass encrypts lots of passwords with a single password. Hardware devices like YubiKey rely on a physical thing. Protection seems to be gotten better, or at least more expensive, once crypto currency wallets made losing passwords or passwords stolen a lot more expensive to screw up.
- They don’t reliably work. I like biometric devices like thumb readers and face scanners, but they don’t always work and that would be a big problem if my digital life depended on it. Or even if just a few thousand dollars in a wallet didn’t work.
When I read analysis of password breaches (like Scheiner, haveibeenpwned]) it seems like the reason passwords are so weak boil down to very reasonable human weaknesses. I don’t think the reason the four most common passwords (at least according to the 1995 modern film classic, Hackers) isn’t because people are stupid, but probably because it’s harder and harder to make unique, secure passwords as we use more and more sites. I just looked at my Chrome saved passwords, and I have 182. And I don’t even save passwords for real stuff in Chrome.
I have friends who use password managers, but they get breached and then you start over (lastpass in 2015 and 2011, OneLogin in 2017).
So the idea of a magical way to identify me just based on what I do online is really appealing. It’s sort of like gait analysis and there’s software to authenticate based on typing patterns (which interestingly was part of epiphyte2’s PKI-based authentication scheme in Stephenson’s Cryptonomicon).
I like reading about the future early in science fiction, and Stephenson has been pretty good I think about predicting stuff years before it’s mainstream (multiverse, optical computers, living in international shipping units, vagina darts, glass knives, garbage gyres, cryptocurrencies, artificial sovereign hosting companies, cryonics, kindles, drones). I hope he’s right on this as well.
Related topics
Fred Saberhagen’s short story “What Do You Want Me to Do to Prove I’m Human Stop” in the Battlefields Beyond Tomorrow and in Analog October 1974 - short story about spaceships where a pilot must prove that he’s a human and not a robot pretending to be a human. I guess this was originally titled “Inhuman Error.” Inhuman Conditions - is a game where one player pretends to be a cop trying to figure out if the other player is a human or robot. By the creators of secret hitler. Neat that it’s print and play for free, but I funded this back in October, 2018 and was supposed to arrive in September, 2019.