Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> I want my things protected by a human with a process to unlock/reset/.. given some kind of proof of identity.

Anytime you have a human in the loop you have the risk of human failings. I.e., that human forgets to follow critical step X in the protocol. Or that human falls for the attackers emotional sob story and takes pity on the attacker and lets the attacker unlock your account. Or that particular human is amenable to bribery to obtain the outcome the attacker wants.

In fact, many sim swaps have been reported to have occurred because of "human at cell phone store did not follow protocol" or "human at cell phone store was taking bribes".

So having a human in the loop is not an absolute solution to solving the problem.



> Anytime you have a human in the loop you have the risk of human failings. I.e., that human forgets to follow critical step X in the protocol

This is exactly my point. If the risk of an attack is X, the risk of me being that person who fails or forgets a critical step of the protocol (backup yubikey, whatever) is a hundred times higher. So this system of “flawed humans interacting” to me looks like the lesser evil.

I don’t want my things protected by foolproof protocols. I‘m the fool you see.


Bingo. This is why crypto currency won't take off without more humane tech being inserted into the process. People aren't robots. We want many many ways to un-screw ourselves when we inevitably screw ourselves.

That's why I'm bullish on things like Shamir's Secret Sharing and other social recovery tools.


It's an iron rule that the more automation, the more important are the humans that remain.

I'm not sure you get this. Google hasn't seemed to get this in the past. They have added some customer support though.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: