* * * Original: Liu Jiaolian * * *
Extra: Today , "Internal Reference: Micro-Strategy CEO: BTC market share may rise to 80%+" was published on " Liu Jiaolian Internal Reference". Welcome to pay attention to the public account "Liu Jiaolian Internal Reference" and read it.
---
Chatting with friends, I talked about the fact that Colonel Feng Yanghe, a well-known command and control and artificial intelligence expert of our army, died in a serious car accident on the way to take a taxi at night on July 11. Although there are different opinions on the Internet, it is impossible to prove that it was really an accident. , or a hostile organization infiltrating and murdering, but we discussed it further. There are a large number of such experts and key people in our country. Complicated and even potentially infiltrated Internet platforms, cleverly taking advantage of the country's real-name system requirements on Internet platforms, intensified their demands for users' private information, including ID card information, mobile phone numbers, and mobile phone location. This kind of privacy exposure allows people or organizations with ulterior motives to easily retrieve big data through the Internet platform, locate the identity and location of specific experts, activity patterns, and even travel plans, so as to carry out targeted killing operations.
A large number of netizens expressed angrily, why not equip these senior experts with special safeguards. But if you think about it carefully, first of all, the cost of security prevents us from covering all experts, and secondly, experts are also human beings who must have a normal life, and they cannot be completely isolated from society just for their safety. Traveling is equipped with a special car and a professional driver who has passed the political review. What about eating? What about eating at home? What about a dinner with friends? As long as the real names of experts are exposed on the Internet platform, then the enemy is in the dark and I am in the open, and it is impossible to guard against.
Maybe we will think that it would be good to let the real-name system of the Internet platform, and then strictly manage the Internet platform, just like we manage telecom operators. However, we must adopt a realistic attitude and see the differences between different things. Acknowledge the difference and adjust your strategy accordingly. Telecom operators are monopolistic state-owned enterprises, so they can naturally take strict precautions; Internet companies are innovative enterprises in full bloom, with complex capital composition and flexible and diverse businesses behind them, so it is impossible to strictly control them across the board. It's not that we haven't tried to build an Internet national team, but it turns out that we can't do it well. Safety is the foundation, innovation is development, and we should not give up because of choking.
Internet companies "communicate with each other". If you like a short video of steamed buns on platform A, you will receive product information recommending flour, steamed buns in bags and even steamers when you go to platform B. More inferior platforms will even directly buy and sell user information and data, which is called "big data realization". More advanced ones, under the banner of "academic exchange", will use the data collected by their own platform to train so-called AI models on other platforms in the name of cooperation. Such a variety, how can the supervision be able to understand and manage it?
Therefore, the real-name system of Internet platforms needs to be reformed. The direction of the reform is very clear: Internet platforms are strictly prohibited from collecting any user real-name or private information (such as face information, etc.).
The logic is very simple and plain: the best way to prevent a person from misappropriating your money is not to put it in his hands; the best way to prevent a platform from abusing your private data is not to allow it to collect and store any of your personal data. private data.
Rather than relying on the self-restraint of human nature, or the after-the-fact accountability of the law. Even if the law can pursue responsibility afterwards, the consequences have already been caused, and the Sri Lankan is dead, how can it be recovered?
Of course, Internet platforms and many experts may say that without mastering user information, we cannot avoid fraud, and we cannot better serve users. There are countless reasons for this. This is all sophistry.
We just need an identification of user credibility. The platform does not need to touch user privacy at all, as long as there is a way to tell the platform that this user is a good citizen of the People's Republic of China, you should serve him well, and that is enough. As for the user's name and where he lives, your platform has no right to know.
The specific method is to have a unified real-name system managed by the Ministry of Public Security, and the Internet platform can request the system to obtain a user's certification information. Simpler, it can be a hash signature; more advanced, it can be zero-knowledge proof and the like, these are specific technical issues, not important, the important thing is to make the platform not touch the user's private information Under the circumstances, know that this user is a normal user, not a fraudster.
In this way, when I use any Internet platform, such as Pin XX, I don't want Pin XX to know my mobile phone number or even my ID number. Instead, I have applied for a hash of an identity fingerprint at the Ministry of Public Security in advance, and then I The fingerprint is encrypted and signed on the client side (in order to prevent the platform from stealing my fingerprint, I need to do local secondary encryption), and submit it to Pin XX. After receiving the signed encrypted fingerprint, Pin XX can use the verification algorithm to verify that the encrypted fingerprint I submitted has indeed been certified by the Ministry of Public Security, so I know that I am a legal citizen. Allow my user name (the registered user name given to me by spelling XX) to log in to the system, start browsing products, place orders, and so on.
Similarly, when I use XX to take a taxi, I use the same fingerprint to encrypt differently for XX taxi, and then send it to the platform after signing. The platform did some verification, allowed me to log in, and provided me with services. The XX taxi-hailing platform does not know who I am, what my mobile phone number is, let alone my identity information. What if I do something bad, such as robbing the XX driver? The platform can submit my encrypted fingerprints when reporting to the police, and the police can find out all my real-name information in the Ministry of Public Security system through the background system.
Since the encrypted fingerprints received by the XX platform, the encrypted fingerprints known by XX taxis, and the encrypted fingerprints stored by Xdong are all my encrypted fingerprints, they are different, so they cannot collude with each other. I provide so-called "personalized recommendation" services, or combine my behavioral data on various platforms to conduct "big data analysis", so as to conduct "profiling" of me through behavioral analysis and outline my personal profile .
Weeding out the ability of the platform to make user portraits is to prevent XX from taking a taxi and collating XX’s data. Knowing that fingerprint A has received express deliveries from Expert Feng’s office many times, and fingerprint A is frequently in Expert Feng’s unit and home. There is a taxi track in between, and it is deduced that the person behind fingerprint A is Expert Feng himself. Therefore, this level of prevention is also crucial.
As for the authentication system of the Ministry of Public Security, if the traditional Internet API method is used to provide interfaces for so many Internet platforms or enterprise IT systems, it must be difficult to provide them. Registration, verification, and opening of interfaces are very heavy tasks. , the access pressure will be very high; the solution is to consider using the blockchain system to upload the verification data (without any sensitive information) to the chain, open it to any enterprise to build a read-only synchronization node, and fully synchronize the ledger data. When verifying, it is enough to directly read the verification data from the local synchronization node ledger for verification, which greatly reduces the access pressure of the centralized system of the Ministry of Public Security and eliminates the cumbersome work of registration and activation.
The above is a simple conception of the reform of the real-name system on the Internet today. Whether it is from the perspective of platform regulation or national security, this matter is imperative. And this idea of breaking the traditional privacy model of "giving private data to a trusted third party (platform)" and adopting a new privacy model of "not handing over private data to a third party (platform)" originated from Satoshi Nakamoto Subsection 10 "Privacy" of the Bitcoin White Paper paper published on October 31, 2008. Interested friends can move to the Liu Jiaolian public account 2022.11.1 "Bitcoin White Paper Chinese Version (Liu Jiaolian Translation)" .
The teaching chain people are soft-spoken, have limited ability, and are far away from the legal proposal channel. I am humble and dare not forget to worry about the country. I wrote this article first to criticize it, and wait for people with lofty ideals to continue to propose and promote it.
* * * Produced by Liu Jiaolian * * *
Liu Jiaolian official account related articles to read:
Original English version of the Bitcoin white paper
Chinese version of Bitcoin white paper (translated by Liu Jiaolian)
(Public account: Liu Jiaolian. Knowledge Planet: Reply to "Planet" from the public account)
(Disclaimer: The content of this article does not constitute any investment advice. Cryptocurrency is a very high-risk product, and there is a risk of zeroing at any time. Please participate carefully and be responsible for yourself.)