this post was submitted on 19 Jul 2024
450 points (99.3% liked)

Technology

59589 readers
2891 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Bots can now solve CAPTCHAs better than humans

https://www.youtube.com/watch?v=IWUHv3S8JVI

#tech #video

@technology@lemmy.world

you are viewing a single comment's thread
view the rest of the comments
[–] lauha@lemmy.one 13 points 4 months ago (26 children)

What prevents the adversaries from guafanteeing their bots that then guarantee more bots?

[–] lvxferre@mander.xyz 15 points 4 months ago* (last edited 4 months ago) (25 children)

The chain of trust being formed. If some adversary does slip past the radar, and gets guaranteed, once you revoke their access you're revoking the access of everyone else guaranteed by that person, by their guarantees, by their guarantees' guarantees, etc. recursively.

For example. Let's say that Alice is confirmed human (as you need to start somewhere, right?). Alice guarantees Bob and Charlie, saying "they're humans, let them in!". Bob is a good user and guarantees Dan and Ed. Now all five have access to the resource.

But let's say that Charlie is an adversary. She uses the system to guarantee a bunch of bots. And you detect bots in your network. They all backtrack to Charlie; so once you revoke access to Charlie, everyone else that she guaranteed loses access to the network. And their guarantees, etc. recursively.

If Charlie happened to also recruit a human, like Fran, Fran will also get orphaned like the bots. However Fran can simply ask someone else to be her guarantee.

[I'll edit this comment with a picture illustrating the process.]

EDIT: shitty infographic, behold!

Note that the Fediseer works in a simpler way, as each instance can only guarantee another instance (in this example I'm allowing multiple people to be guaranteed by the same person). However, the underlying reasoning is the same.

[–] ArmokGoB@lemmy.dbzer0.com 8 points 4 months ago (6 children)

I feel like this could be abused by admins to create a system of social credit. An admin acting unethically could revoke access up the chain as punishment for being associated with people voicing unpopular opinions, for example.

[–] skaffi@infosec.pub 4 points 4 months ago

Absolutely, but the chain of trust, in a way, doesn't start with the admin - only the explicit chain does. Implicitly, the chain of trust starts with all of us. We collectively decide if any given chain is trustworthy or not, and abuse of power will undoubtedly be very hard to keep hidden for long. If it becomes apparent that any given chain have become untrustworthy, we will cast off those chains. We can broke new bonds of trust, to replace chains that have broken entirely.

It's a good system, because started a new chain should be incredibly easy. It's really just a refined version of the web rings of old, presented in a catalogue form. It's pretty great!

load more comments (5 replies)
load more comments (23 replies)
load more comments (23 replies)