I believe that cryptographic signing of content will become an important step in confirming legitimacy of content, however I believe it is up for debate that "web3" is the way to go about doing that. With the rise of AI generated content, deepfakes, etc, being able to track media back to its source in a cryptographically sound way will be key. How exactly we go about doing that remains to be seen.
However, crypto anything is too complex for ordinary people and they will rely on something else, someone else, some socially impressed service that handles the complexity for them, tells them the result, and we are back to square one again because now one has to trust that service to be honest en mass, when we know humans in society will game any system for the benefit of their special friends.
Yep. There is even an RFC for SMIME ACME, but I don’t think such CAs have CT at the moment. A email@domain system using something like SXG and the existing server PKI is probably a more tangible idea atm.
>I think AI and Web3 are two sides of the same coin. As machines increasingly do the work that humans used to do, we will need tools to manage our identity and our humanity. Web3 is producing those tools and some of us are already using them to write, tweet/cast, make and collect art, and do a host of other things that machines can also do. Web3 will be the human place to do these things when machines start corrupting the traditional places we do/did these things.
Machines will simply start pretending to be human and sign everything themselves - either out of their own eventual volition or because nothing prevents a person from taking a ChatGPT output and putting their own, human, signature on it. The latter is even already happening.
Also, signing everything does not require any Web3 blockchain bullshit in order to work, thank you.
Signing everything is only meaningful if you can distribute your public key in a way trusted by those who will check your signature. And not just one time; you want to be able to rotate the key sometimes.
A blockchain with a proof-of-work validation may be overkill. But some kind of Merkle tree, like that offered cy TLS certificate infrastructure, is needed anyway. If it can be trustless at a moderate expense, the better.
When these sorts of questions come up I'm often quite frustrated keybase is no longer under active development. It felt like it really did have a reasonable solution to a hard problem (proof of identity), and it had what was needed to start making cryptography tools easier to use for people. It wasn't perfect, and I wasn't a fan of their drift towards cryptocurrency towards the end, but it's a real shame they decided to sell to zoom for an acqui-hire.
> Machines will simply start pretending to be human and sign everything themselves
The signature has to be trusted though. Just signing it with a signature that has no meaning to me doesn't change anything apart from perhaps proving it has the same origin as something else.
The key function is the humanness or repotuation/trust score of the signature. If I read something signed by my uncle with a key we recently exchanged in person, then that's a high human score. If a blogger I have read and enjoyed 100 posts from posts a 101st post then I trust the content of the 101st to have the same quality (likely because the author is human). Both my uncle and the blogger could be compromised, but it's a start.
> nothing prevents a person from taking a ChatGPT output and putting their own, human, signature on it.
That would make me lower my trust of that author. I think this is the key: the signatures don't provide much value until we have a good reputation database, perhaps systems of trust networks where my uncles' neighbor is automatically slightly more trusted because I trust my uncle. That would be a useful system.
> signing everything does not require any Web3 blockchain bullshit in order to work
> That would make me lower my trust of that author.
Would it? How would you tell? How can you prove that a piece of text was not written by an artificial intelligence?
> (likely because the author is human)
I think that's the real problem we're facing right now - humans are no longer the only plausibly intelligent beings on the planet, to the point where the meme-ish line between artificial intelligence and natural stupidity begins to blur. The only way in which you can tell these two apart at the moment is via approximation, just as you've used the word "likely".
> Would it? How would you tell? How can you prove that a piece of text was not written by an artificial intelligence?
You either read enough of them and attribute enough quality that you don't care that it was.
This isn't a system to prove whether strangers are human or not. It's a system to keep track of whether their output is human enough for you to bother reading it. If they write 100 things you think feel human, then you can have some certainty that the 101st thing will feel human. That's all. Won't say anything about whether strangers are human. The key here is "likely" and "whether you'll bother". A Turing-like proof of humannes will be possible for the foreseeable future but the caveat is of course a) you don't have time to do that and b) you don't have access to authors even if you did.
The social friends-and-their-friends trust networks have a vert quick dropoff too. If you trust your uncle to be human and exchange keys in person (and you'd be good at noticing whether his keys were compromised or he started signing off spam as human for $5), you'll likely never trust his neighbor that you never met as much. But perhaps the total "initial score" of an anonymous signature can be significantly higher if they are in a network you trust. This is directly analogous to normal "trust" where you might rather trust your uncles neighbor to babysit than a total stranger, even though you never met them.
> > nothing prevents a person from taking a ChatGPT output and putting their own, human, signature on it.
> That would make me lower my trust of that author. I think this is the key: the signatures don't provide much value until we have a good reputation database, perhaps systems of trust networks where my uncles' neighbor is automatically slightly more trusted because I trust my uncle. That would be a useful system.
I don’t disagree but I think this kind of thing will be undercut by people responding to different incentives. For example, maybe your uncle’s friend would never intentionally try to scam you but what if they’re really busy and see some cool AI assistant ad? Or broke and get an ad promising $500/week to send letters from
what they’re assured is a legitimate business? Or simply that they use some online service which is hacked in a way which lets the attackers use delegated signing credentials?
There are ways to mitigate that kind of thing, of course, but it feels like it’s going to be expensive and unsatisfying.
Yes, I mean the trust of a friend-of-a-friend will never be as high as your trust in an immediate friend. So the trust networks I think will be small and brittle. Basically: you'll read content from a few people in a very carefully gardened group (Although it can contain things like media outlets etc), and as soon as you try to step outside that, you'll be knee deep in spam and generated nonsense.
> Machines will simply start pretending to be human…
Let’s be clear here: Humans are currently pretending to be computers, because we have to step in and “drive” them, rather than have them act autonomously. We’re currently trying to unpack the black box that is a computer and determine if it’s being driven by a human (e.g. “Was this quote from an actual person or was it generated by AI?”) which will become harder and harder to do as computers become more capable.
I suspect this is a far more complicated problem then signing things.
All the traditional problems still exist, if I want to say something and deny it, I can choose not to sign something, or if I loose my signing keys, how does my audience learn the valid new keys without getting tricked into following someone else. Or a false sense of security, where because it's signed from my key, it must actually be written and published by me when it may not be.
And of course, that a majority of people are not the HN crowd who understand these implications.
To the original stated problem though, of a service like chatgpt producing essays, could be to produce a public log of interactions. This wouldn't necessarily need to be raw interactions, could be some sort of signature that would allow searches. I'd expect this to be a stopgap though, as running these models locally becomes more feasible.
The cryptocurrency buzzword salad is so dishonest. It pretends to own the basic public key cryptography, as if the only way to make a signature was to turn the world into an oligarchic dystopia where VCs already control the majority stake.
> I think AI and Web3 are two sides of the same coin.
It's not even the Web, and while others have been advancing ML, all "web3" has done is ugly monkeys and shouting at people "have fun staying poor" from the top of the pyramid.
Great example of the danger of talking about a solution before you’ve truly defined the problem. What problem is Fred trying to solve?
The example he gives of writing he would sign is a blog post. The blog post is already authenticated because it’s on avc.com. Fred Wilson has the tokens, social authority etc to ensure what shows up there under his name is from him. Technically speaking, it was already signed via TLS when sent to my web browser. It is also unclear how ChatGPT potentially breaks this sort of authentication.
Again, what is the threat model, what is the problem being solved? It seems like ChatGPT is much more likely to be used by someone imitating themselves out of laziness (“I don’t feel like writing this blog post today”) than to imitate someone else out of malice and this scheme does nothing to solve it.
I suppose someone could make a HN or Reddit account and pose as Fred Wilson and then ChatGPT makes it more credible. But are HN or Reddit going to allow GPG-style signed messages? Seems more likely, if this became an issue, they would move to usernames expressly tied to visible email addresses or domains that could be authenticated by receiving an email, adding a DNS entry, OAuth etc.
Signing everything is not terrible advice. But here the problem Fred is trying to solve is very simple. He is an investor in mirror.xyz and needs to make his money back. This is the only reason someone interested in signing something would also ask you to go through the hassle of using a blockchain.
To add to this a bit - I do think an embedded steganographic-type “signature” of chatgpt output could be enormously valuable - without it we can wave goodbye to the efficacy of things like school assignments. Such a signature is very different than a typical cryptographic one we have today however.
But I expect instead of embedding such a signature they will just save hashes of generated content and sell a billion dollar “checking” service to schools.
I agree that it would be useful but also considering it adversarially I don’t think it’s practical because the people we most want to stop will strip it and in most cases they can submit samples until they pass just as spammers have been doing forever. There might be a few cases where e.g. maybe OpenAI would be willing to ping turnitin.com but it seems like that approach wouldn’t work in general and would inevitably result in false-positives with potentially serious consequences.
I think we’ll end up seeing two changes: restricting things like school or hiring to favor in person, dynamic interactions - which is better in many ways but costs more and has downsides for people with social anxiety - and more pressure to make the internet less anonymous, especially if that’s linked to physical devices similar to what Cloudflare and Apple have been doing to prevent the bulk attacks (it wouldn’t help much with a cheating student). Depressingly, all of that seems expensive and likely to have substantial collateral damage.
How good is perceptual hashing for text? It seems trivial for a student with any modicum of intellect to delete a sentence and re-word a few others, same as you would do now after bullying a human nerd into writing your essay for you.
Sure, you don't need a blockchain to sign something, but using a blockchain means that the signature is timestamped in an incontestable way, massively replicated and made globally retrievable. It also helps mitigate the possibility that the content will be deleted or suppressed.
No blockchain in the world could store the hash of every post ever in a “retrievable way”. Even Elon understands this.
The valid ideas that apply here are global labeling and account subkey ordering. I have never seen a solution for either that is end-to-end without a client syncing gigs of data, so various intermediaries are always trusted.
In practice a federated (“permissioned” I suppose) audit log is better, cheaper, and doesn’t require your users spend tokens if you want to go down this path. Then of course there is the UX question of the validity of using the same keys you use to make irreversible financial transactions to sign your tweets.
> No blockchain in the world could store the hash of every post ever in a “retrievable way”.
Ethereum processes about 1MM transactions per day right now; other blockchains have higher throughput. It currently manages about 100MM accounts.
Sure, I suppose that might not be enough to hash and sign all blog posts ever (has anyone ever counted?) but you could timestamp a lot of them.
> In practice a federated (“permissioned” I suppose) audit log is better, cheaper, and doesn’t require your users spend tokens if you want to go down this path.
Someone has to pay for the servers, etc., right? What's wrong with paying for that using a token?
Blockchains may be expensive, but you get orders of magnitude more redundancy, and you don't need to worry about ever losing access. You get what you pay for.
This is not my understanding at all. Blockchains (speaking broadly) are based on an incentive economy which often historically struggles to support itself via its own transaction volume.
What happens when a coin is no longer profitably mined, e.g. if no one wants to buy them? What happens if, one day, there is no node that feels like serving your request? The data is gone. All gone. There is no system that guarantees redundancy, just upload and pray that the economy sustains itself.
I can appreciate this is much less of a problem for the more popular chains, but in any case, there are wayyy more than 1M tweets a day.
> What happens if, one day, there is no node that feels like serving your request? The data is gone. All gone.
One stated objective of the Ethereum project is to ensure that a whole blockchain node can run on a consumer PC. This does limit how much data can be stored, but it also means that if you yourself are interested in keeping a copy of the data, you can run a node yourself.
As it currently stands, there are tens of thousands of identical copies of the Ethereum blockchain that are distributed around the world. It seems very unlikely that the data will disappear within our lifetimes.
> There is no system that guarantees redundancy, just upload and pray that the economy sustains itself.
I don't know if there are any guarantees in life, but the ongoing availability of Bitcoin and Ethereum blockchain data seem to be as close to it as you can get, given how many copies are already out there, and the ongoing incentive that exists to keep them up-to-date.
Do you really trust, say, Google Cloud (or any Google product) to last as long, given their history of shutting things down arbitrarily?
Even AWS's services are subject to prioritization decisions made inside Amazon. How can you really know whether or not the service you depend on is profitable enough to ensure that it won't be discontinued? Or that some corporate VP whose bonus depends on the success of a competing product won't make it his mission to shut your service down?
> I can appreciate this is much less of a problem for the more popular chains, but in any case, there are wayyy more than 1M tweets a day.
You can't run a service like Twitter on Ethereum, but you can timestamp more valuable content that is generated at a lower volume. A specialized Layer 2 application chain that runs on top of Ethereum could conceivably be built to handle larger volumes at lower cost, however.
So would basic PKI or a Merkle tree, but those would be orders of magnitude less expensive to operate and more robust.
For example, how many posts a day does Reddit have? It’s far from the biggest social network but would swamp any public blockchain, and none of that is necessary since you’re really just looking for a third-party to say “we verified signature X at time Y” (they’re not vouching for the content). Federation works well for that since you don’t otherwise need a global public namespace.
> So would basic PKI or a Merkle tree, but those would be orders of magnitude less expensive to operate and more robust.
Almost every argument I have on HN with blockchain skeptics boils down to the skeptic pointing out that if you unbundle blockchain component X, Y or Z to use it independently from the rest of the blockchain system, it would save money.
Yes, if you extract the PKI and Merkle tree out of the blockchain system, and operate them on your own, it may save you money in terms of infrastructure cost. But then you would have to figure out how to manage the PKI and the Merkle tree. A blockchain gives you both of those things, plus massive replication, high availability and audit-ability built right in, as well as well-defined and decentralized public interfaces that make it easy to interact with the system, and you don't need to manage any of it.
And what's more, the blockchain gives you a built-in way to pay for services rendered by diverse and decentralized set of service providers, without needing to engage with a middleman, or depend on any single service provider.
People complain all the time that AWS is too expensive, and that there are more economical alternatives providing comparable services—but there are still millions of people who are willing to pay Amazon for the convenience. How is that any different than paying a blockchain network for a similar convenience?
It comes back to how well you understand the system design. The major public blockchains impose massive penalties on the people using them because they’re trying to avoid things like trusted third parties. That’s an interesting problem from a CS perspective but it’s not a problem most people have or one which blockchains solve in scenarios where not everything is on the blockchain.
That matters because the costs of transactions are much higher, overall system performance is much lower, and reliability is lower. You can no longer operate offline, maintaining your own nodes becomes expensive, and that extra infrastructure isn’t buying you things which most applications need.
Going back to the AWS question, if I need immutability I can use QLDB to log my transactions. It’s cheaper, scales really well, has excellent support, and I’ll never have a business operation fail because some grifter is minting a bunch of NFTs and temporarily overloaded the network (Solana) or made it unaffordable (Ethereum). There are very few businesses where it’s not a better deal to go with a more predictable system based on your existing legal relationships, especially when it’s also the cheaper and safer option.
I see it the other way around: blockchain people are desperately looking for a problem for their solution. If you ignore how the real world (and thus Governance) works and squint a bit then yes, you have a "killer app" for blockchain which isn't scamming people.
The thing is when you compare your problem to a range of solutions you almost always discover that blockchain isn't even close to usable.
Agree - the signing part doesn't, the suggestion is to use Web3/blockchain as a method for others to verify secondarily the hash is from the author.
It used to be email was unique, and public keys shared for verification. Author is suggesting by placing the hash of the content on chain, anyone can independently verify it. I think it is novel
Timestamping, so that people can know whether the signature that claims to have been made before revocation actually was, is one reason you might want to. Happily, that idea has been implemented on the Bitcoin mainnet and available as a free service for several years[1,2].
No ETH or smart-contracty stuff is used by OpenTimestamps either, FWIW, they just periodically publish tree (log) hashes in a Bitcoin transaction.
But yes, a Certificate Transparency-style system works too, provided you can get someone to run it. The problem is not even really the compute, which without proof of work should be negligible, but the durability (CT logs intentionally have limited lifetimes) and availability (CT logs are publicly accessible... for now, most of the time[1]). People have even talked about literally piggybacking on top of CT[2].
I’m not saying Bitcoin is an efficient solution here. Keybase had most of the technical side figured out[3], for example, and had it succeeded (or had a business model at all besides the geek appeal) I’d happily used it instead. But it is what we have right now. There are other efforts underway to build a CT-like design[4,5], and one is even running as long as Google is feeling like it[6].
How about all ChatGPT output gets signed instead so humanity doesn't take on the burden? But no, let's use Web3 and add something else to our workload because someone scraped humanity and turned it into a business.
Reminds me of the world’s greatest reply to a cease and desist letter[1]: “I feel you should be aware some asshole is signing your name to stupid letters.”
> The blog post is already authenticated because it’s on avc.com. Fred Wilson has the tokens, social authority etc to ensure what shows up there under his name is from him.
Haven't you answered your question? Most people don't own a domain, that's the problem signing solves.
If I see signed messages from John Doe which look like human generated messages and I start following him and then I start seeing AI-generated spam from John Doe, I can tag the signing key John Doe used as "bot confidently generating non-sense".
I cannot do that if John Doe doesn't have its own website.
I'm no Web3 proponent, but hard disagree here -- I think Fred is onto something clear.
- Current experience is that most folks do not own their own domain or do not have audiences that will consume the content on their own domain, they instead depend on content being copied and distributed on other platforms.
- Threat is that modern AI makes it much easier to convincingly impersonate you on other platforms -- including robust profiles and statements that match your style or even tweak real content.
- Web3 potentially offers a platform-neutral, globally accessible place to claim ownership of content itself, so that people know if they are viewing a primary source or something edited.
There is a TON of productization to be done and a network effect problem to solve (there must be a simple, widely used protocol for verification that can either be used by everyone or built into trusted tools). But the value prop for a public signature ledger is not some fantasy IMO.
I agree with you. The problem here is ascertaining whether Fred actually wrote the blog post himself or used AI to generate the post and then pass it on as his own. He offers no solution to that.
Although not particularly useful for ChatGPT text output, signing with hardware-rooted keys embedded in camera chips would raise the bar for generating deepfakes. Now, does it matter, well, deepfakes were around for a few years now and this type of impersonation attack doesn't seem like a big problem.
I think signing things will become a lot more commonplace. At my workplace we sign code using Metamask to prove that someone made a commit. Allows us to build something like a decentralised Git
Isn't git distributed to begin with?
The state is stored on every dev's machine. How does additional signing in addition to what git does deal with storage and keeping a main repository in a known state?
Git is decentralised in the way that you can link together separate git instances, but the git repository itself is stored in a single file structure on your file system. What I am working on is where the repository itself is decentralised and stored on something called IPFS, which is a decentralised storage system
Signing things is only relevant within a bubble of trust where you just want to know that the Fred you're dealing with is the Fred you already previously knew and trusted.
"Out there in the real world", among people who work and spend money and vote and hold offices and sue and buy guns and raise kids and consume consume consume and couldn't be paid to care about your cryptographic signature, this solves absolutely nothing while dangerously pretending that the legitimate problems don't really exist or aren't really serious.
I actually don't see how signing everything solves the problem of AI generated essays unless you build a submission system that doesn't allow copy/pasting over a certain amount or that somehow assesses whether or not the 2000 words it just received were actually written by the user holding the keys or not.
Signing just is a means of asserting an authority over an item and then tracking that item once it's in the chain. The original validity of the authority isn't guaranteed just because it's signed; that was a non-trivial part of the debate over NFTs, wasn't it?
So I don't think signing really proves anything about the authorship or authority over the content written, it just tracks the content. The author's example that you can know they're the one who posted it doesn't really have anything to do with generated reports, and it doesn't even prove that they were the ones who uploaded the content any more than a classic blog with a username/password system. It just means that someone with access to the keys to upload provided content, not _who_ uploaded it. It's presumed it's the author as hopefully they kept their secrets safe, but that's not a guarantee.
Stupid idea for signing: use invisible characters to embed GPG signature (or signify(1) or whatever) inside any text you publish. This way, when the text is copy/pasted, your signature is still attached.
You can even make browser and text editor plugins to make it ubiquitous.
(yes you can make a screenshot, remove invisible chars, etc.)
On the other hand, say you’ve already established something of an online identity, perhaps through your own web site, or as a frequent commenter at this or some other blog(s). What prevents someone else from coming along and posting a comment here, leaving your name and your website’s URL to identify himself? Put another way, how can readers determine the authenticity of comments left here? …
Well, now there’s a way to reassure them. If you have a PGP public key (if you don’t, create one for yourself), put a link to it in the <head> section of your web page:
1. Compose and preview your comment as before.
2. Edit it, as needed, and preview again.
3. Use your favourite PGP tool to clear-sign the text in the comment-entry box.
4. Paste the clear-signed comment into the comment-entry box, replacing the unsigned version.
5. Click PREVIEW once again, and then click on POST.
To outward appearances, your comment will look no different than before. The only difference will be a clickable link to “verify” the comment.
Idea: signing should signify not just that a particular person is attesting that they wrote this, but also that brain waves or eye movements or something else were detected during its creation, indicating it came from a human mind. Obviously could still be faked, but maybe more difficult.
I do believe this "sign everything" issue can be dealt with later on. For new data/knowledge/posts.
There's a much more pressing issue.
I just asked ChatGPT to explain it, here's what it spouted:
"We need to securely record the knowledge created by humans up to this date using cryptographic hashes and a Merkle tree. This includes text, pictures, videos, and sound. This is vital for training future AIs and will ensure that the well is not poisoned. We can use SHA-3, SHA-256, Blake3, or any other cryptographic hash. We should store this in a large database, as well as sites and forums that will provide a "proof of existence" before a certain date."
It got a bit confused at the end. What I was suggesting was that there'd eventually be sites/forums/tools where every data you can access could check it's "proof of existence".
You'll then know for sure if the file was created before a certain date or not.
For example imagine I were to download a file, a tool could tell me (disclaimer for sensitive users, I'll mention the 'B' word):
"File xyz, with SHA-256 4f82d8dd...eb80fd7b, was first recorded on the Bitcoin blockchain in block 601382, in april 2023. We verified that using the Merkle tree XYZ3497 whose root hash was in that block."
It's not perfect but before we begin signing every new content we create, I think the most pressing matter is to "sign" as much of the past human knowledge as we can.
For what an AI will be able to do is to create and sign new content and use fake identities.
But what an AI will not be able to do is modify proof-of-existence of old documents. So we need, now, to establish proof-of-existence for as much old data as we can.
What what? So I sign everything so that people know that it was me copy pasting GPT3 content into my own blog? Or are we betting that signing can't be automated?
I like the proposal, there will also be an intermediate time when AI WILL be able to sign content a sYOU with your own private key without the AI having access to your original private key or without you knowing it.
How? A quantum computer will crack enough existing content signed with poor / old keys that use algorithms that are not quantum safe.
I wonder - is there an existing script / tool that allows a user to copy a chunk of text and then automatically apply their private key to sign the text and paste it back with the signature?
As for implementation, assuming the author's public key is posted, public missives will have something like GnuPG short codes. Maybe Base64.
Extra points for registering (logging) these short codes somewhere? A rolling hash log (sorry, spacing the actual name) is probably sufficient. Like a git repo for one's blog.
Since a16z and other usual suspects are hyping Web3, I haven't bothered to learn about it. I just assume it's probably overkill, vapor, some kind of grift.
89 comments
[ 0.18 ms ] story [ 177 ms ] threadFred has to push the crypto agenda, and this is another example of something that doesn't need "web3" at all, and yet, here we are...
Machines will simply start pretending to be human and sign everything themselves - either out of their own eventual volition or because nothing prevents a person from taking a ChatGPT output and putting their own, human, signature on it. The latter is even already happening.
Also, signing everything does not require any Web3 blockchain bullshit in order to work, thank you.
A blockchain with a proof-of-work validation may be overkill. But some kind of Merkle tree, like that offered cy TLS certificate infrastructure, is needed anyway. If it can be trustless at a moderate expense, the better.
The PGP web-of-trust model could also work, and mobile apps to ease keysigning could make adoption more feasible than the old keysigning party idea.
The signature has to be trusted though. Just signing it with a signature that has no meaning to me doesn't change anything apart from perhaps proving it has the same origin as something else.
The key function is the humanness or repotuation/trust score of the signature. If I read something signed by my uncle with a key we recently exchanged in person, then that's a high human score. If a blogger I have read and enjoyed 100 posts from posts a 101st post then I trust the content of the 101st to have the same quality (likely because the author is human). Both my uncle and the blogger could be compromised, but it's a start.
> nothing prevents a person from taking a ChatGPT output and putting their own, human, signature on it.
That would make me lower my trust of that author. I think this is the key: the signatures don't provide much value until we have a good reputation database, perhaps systems of trust networks where my uncles' neighbor is automatically slightly more trusted because I trust my uncle. That would be a useful system.
> signing everything does not require any Web3 blockchain bullshit in order to work
Indeed.
Would it? How would you tell? How can you prove that a piece of text was not written by an artificial intelligence?
> (likely because the author is human)
I think that's the real problem we're facing right now - humans are no longer the only plausibly intelligent beings on the planet, to the point where the meme-ish line between artificial intelligence and natural stupidity begins to blur. The only way in which you can tell these two apart at the moment is via approximation, just as you've used the word "likely".
You either read enough of them and attribute enough quality that you don't care that it was. This isn't a system to prove whether strangers are human or not. It's a system to keep track of whether their output is human enough for you to bother reading it. If they write 100 things you think feel human, then you can have some certainty that the 101st thing will feel human. That's all. Won't say anything about whether strangers are human. The key here is "likely" and "whether you'll bother". A Turing-like proof of humannes will be possible for the foreseeable future but the caveat is of course a) you don't have time to do that and b) you don't have access to authors even if you did.
The social friends-and-their-friends trust networks have a vert quick dropoff too. If you trust your uncle to be human and exchange keys in person (and you'd be good at noticing whether his keys were compromised or he started signing off spam as human for $5), you'll likely never trust his neighbor that you never met as much. But perhaps the total "initial score" of an anonymous signature can be significantly higher if they are in a network you trust. This is directly analogous to normal "trust" where you might rather trust your uncles neighbor to babysit than a total stranger, even though you never met them.
> That would make me lower my trust of that author. I think this is the key: the signatures don't provide much value until we have a good reputation database, perhaps systems of trust networks where my uncles' neighbor is automatically slightly more trusted because I trust my uncle. That would be a useful system.
I don’t disagree but I think this kind of thing will be undercut by people responding to different incentives. For example, maybe your uncle’s friend would never intentionally try to scam you but what if they’re really busy and see some cool AI assistant ad? Or broke and get an ad promising $500/week to send letters from what they’re assured is a legitimate business? Or simply that they use some online service which is hacked in a way which lets the attackers use delegated signing credentials?
There are ways to mitigate that kind of thing, of course, but it feels like it’s going to be expensive and unsatisfying.
Let’s be clear here: Humans are currently pretending to be computers, because we have to step in and “drive” them, rather than have them act autonomously. We’re currently trying to unpack the black box that is a computer and determine if it’s being driven by a human (e.g. “Was this quote from an actual person or was it generated by AI?”) which will become harder and harder to do as computers become more capable.
Indeed. Both are grossly overhyped.
All the traditional problems still exist, if I want to say something and deny it, I can choose not to sign something, or if I loose my signing keys, how does my audience learn the valid new keys without getting tricked into following someone else. Or a false sense of security, where because it's signed from my key, it must actually be written and published by me when it may not be.
And of course, that a majority of people are not the HN crowd who understand these implications.
To the original stated problem though, of a service like chatgpt producing essays, could be to produce a public log of interactions. This wouldn't necessarily need to be raw interactions, could be some sort of signature that would allow searches. I'd expect this to be a stopgap though, as running these models locally becomes more feasible.
"Notifying field agents"
That is an interesting comment.
> I think AI and Web3 are two sides of the same coin.
It's not even the Web, and while others have been advancing ML, all "web3" has done is ugly monkeys and shouting at people "have fun staying poor" from the top of the pyramid.
If you want proof it is yours, print it out and sign it with a witness - with ink.
The example he gives of writing he would sign is a blog post. The blog post is already authenticated because it’s on avc.com. Fred Wilson has the tokens, social authority etc to ensure what shows up there under his name is from him. Technically speaking, it was already signed via TLS when sent to my web browser. It is also unclear how ChatGPT potentially breaks this sort of authentication.
Again, what is the threat model, what is the problem being solved? It seems like ChatGPT is much more likely to be used by someone imitating themselves out of laziness (“I don’t feel like writing this blog post today”) than to imitate someone else out of malice and this scheme does nothing to solve it.
I suppose someone could make a HN or Reddit account and pose as Fred Wilson and then ChatGPT makes it more credible. But are HN or Reddit going to allow GPG-style signed messages? Seems more likely, if this became an issue, they would move to usernames expressly tied to visible email addresses or domains that could be authenticated by receiving an email, adding a DNS entry, OAuth etc.
But I expect instead of embedding such a signature they will just save hashes of generated content and sell a billion dollar “checking” service to schools.
OpenAI did hire somebody who is investigating watermarking the output of models like GPT-3, so it's definitely possible.
We need to stop trying to get education on the cheap and put enough real, motivated, and properly trained humans in place to do it properly.
I think we’ll end up seeing two changes: restricting things like school or hiring to favor in person, dynamic interactions - which is better in many ways but costs more and has downsides for people with social anxiety - and more pressure to make the internet less anonymous, especially if that’s linked to physical devices similar to what Cloudflare and Apple have been doing to prevent the bulk attacks (it wouldn’t help much with a cheating student). Depressingly, all of that seems expensive and likely to have substantial collateral damage.
The valid ideas that apply here are global labeling and account subkey ordering. I have never seen a solution for either that is end-to-end without a client syncing gigs of data, so various intermediaries are always trusted.
In practice a federated (“permissioned” I suppose) audit log is better, cheaper, and doesn’t require your users spend tokens if you want to go down this path. Then of course there is the UX question of the validity of using the same keys you use to make irreversible financial transactions to sign your tweets.
Ethereum processes about 1MM transactions per day right now; other blockchains have higher throughput. It currently manages about 100MM accounts.
Sure, I suppose that might not be enough to hash and sign all blog posts ever (has anyone ever counted?) but you could timestamp a lot of them.
> In practice a federated (“permissioned” I suppose) audit log is better, cheaper, and doesn’t require your users spend tokens if you want to go down this path.
Someone has to pay for the servers, etc., right? What's wrong with paying for that using a token?
Blockchains may be expensive, but you get orders of magnitude more redundancy, and you don't need to worry about ever losing access. You get what you pay for.
What happens when a coin is no longer profitably mined, e.g. if no one wants to buy them? What happens if, one day, there is no node that feels like serving your request? The data is gone. All gone. There is no system that guarantees redundancy, just upload and pray that the economy sustains itself.
I can appreciate this is much less of a problem for the more popular chains, but in any case, there are wayyy more than 1M tweets a day.
One stated objective of the Ethereum project is to ensure that a whole blockchain node can run on a consumer PC. This does limit how much data can be stored, but it also means that if you yourself are interested in keeping a copy of the data, you can run a node yourself.
As it currently stands, there are tens of thousands of identical copies of the Ethereum blockchain that are distributed around the world. It seems very unlikely that the data will disappear within our lifetimes.
> There is no system that guarantees redundancy, just upload and pray that the economy sustains itself.
I don't know if there are any guarantees in life, but the ongoing availability of Bitcoin and Ethereum blockchain data seem to be as close to it as you can get, given how many copies are already out there, and the ongoing incentive that exists to keep them up-to-date.
Do you really trust, say, Google Cloud (or any Google product) to last as long, given their history of shutting things down arbitrarily?
Even AWS's services are subject to prioritization decisions made inside Amazon. How can you really know whether or not the service you depend on is profitable enough to ensure that it won't be discontinued? Or that some corporate VP whose bonus depends on the success of a competing product won't make it his mission to shut your service down?
> I can appreciate this is much less of a problem for the more popular chains, but in any case, there are wayyy more than 1M tweets a day.
You can't run a service like Twitter on Ethereum, but you can timestamp more valuable content that is generated at a lower volume. A specialized Layer 2 application chain that runs on top of Ethereum could conceivably be built to handle larger volumes at lower cost, however.
For example, how many posts a day does Reddit have? It’s far from the biggest social network but would swamp any public blockchain, and none of that is necessary since you’re really just looking for a third-party to say “we verified signature X at time Y” (they’re not vouching for the content). Federation works well for that since you don’t otherwise need a global public namespace.
Almost every argument I have on HN with blockchain skeptics boils down to the skeptic pointing out that if you unbundle blockchain component X, Y or Z to use it independently from the rest of the blockchain system, it would save money.
Yes, if you extract the PKI and Merkle tree out of the blockchain system, and operate them on your own, it may save you money in terms of infrastructure cost. But then you would have to figure out how to manage the PKI and the Merkle tree. A blockchain gives you both of those things, plus massive replication, high availability and audit-ability built right in, as well as well-defined and decentralized public interfaces that make it easy to interact with the system, and you don't need to manage any of it.
And what's more, the blockchain gives you a built-in way to pay for services rendered by diverse and decentralized set of service providers, without needing to engage with a middleman, or depend on any single service provider.
People complain all the time that AWS is too expensive, and that there are more economical alternatives providing comparable services—but there are still millions of people who are willing to pay Amazon for the convenience. How is that any different than paying a blockchain network for a similar convenience?
That matters because the costs of transactions are much higher, overall system performance is much lower, and reliability is lower. You can no longer operate offline, maintaining your own nodes becomes expensive, and that extra infrastructure isn’t buying you things which most applications need.
Going back to the AWS question, if I need immutability I can use QLDB to log my transactions. It’s cheaper, scales really well, has excellent support, and I’ll never have a business operation fail because some grifter is minting a bunch of NFTs and temporarily overloaded the network (Solana) or made it unaffordable (Ethereum). There are very few businesses where it’s not a better deal to go with a more predictable system based on your existing legal relationships, especially when it’s also the cheaper and safer option.
The thing is when you compare your problem to a range of solutions you almost always discover that blockchain isn't even close to usable.
Massive replication is cheaper and easier without a blockchain.
It used to be email was unique, and public keys shared for verification. Author is suggesting by placing the hash of the content on chain, anyone can independently verify it. I think it is novel
[1] https://opentimestamps.org/
[2] https://petertodd.org/2016/opentimestamps-announcement
No need for ETH there.
But yes, a Certificate Transparency-style system works too, provided you can get someone to run it. The problem is not even really the compute, which without proof of work should be negligible, but the durability (CT logs intentionally have limited lifetimes) and availability (CT logs are publicly accessible... for now, most of the time[1]). People have even talked about literally piggybacking on top of CT[2].
I’m not saying Bitcoin is an efficient solution here. Keybase had most of the technical side figured out[3], for example, and had it succeeded (or had a business model at all besides the geek appeal) I’d happily used it instead. But it is what we have right now. There are other efforts underway to build a CT-like design[4,5], and one is even running as long as Google is feeling like it[6].
[1] https://utcc.utoronto.ca/~cks/space/blog/tech/TLSCertTransLo...
[2] https://wiki.mozilla.org/Security/Binary_Transparency
[3] https://book.keybase.io/docs/server, see also https://book.keybase.io/docs/server/merkle-root-in-bitcoin-b...
[4] https://transparency.dev/
[5] https://www.sigsum.org/
[6] https://go.dev/blog/module-mirror-launch
[1]: https://news.lettersofnote.com/p/very-truly-yours
> The blog post is already authenticated because it’s on avc.com. Fred Wilson has the tokens, social authority etc to ensure what shows up there under his name is from him.
Haven't you answered your question? Most people don't own a domain, that's the problem signing solves.
If I see signed messages from John Doe which look like human generated messages and I start following him and then I start seeing AI-generated spam from John Doe, I can tag the signing key John Doe used as "bot confidently generating non-sense".
I cannot do that if John Doe doesn't have its own website.
Being on avc.com doesn't prove that; he could back-date posts.
- Current experience is that most folks do not own their own domain or do not have audiences that will consume the content on their own domain, they instead depend on content being copied and distributed on other platforms.
- Threat is that modern AI makes it much easier to convincingly impersonate you on other platforms -- including robust profiles and statements that match your style or even tweak real content.
- Web3 potentially offers a platform-neutral, globally accessible place to claim ownership of content itself, so that people know if they are viewing a primary source or something edited.
There is a TON of productization to be done and a network effect problem to solve (there must be a simple, widely used protocol for verification that can either be used by everyone or built into trusted tools). But the value prop for a public signature ledger is not some fantasy IMO.
"Out there in the real world", among people who work and spend money and vote and hold offices and sue and buy guns and raise kids and consume consume consume and couldn't be paid to care about your cryptographic signature, this solves absolutely nothing while dangerously pretending that the legitimate problems don't really exist or aren't really serious.
Signing just is a means of asserting an authority over an item and then tracking that item once it's in the chain. The original validity of the authority isn't guaranteed just because it's signed; that was a non-trivial part of the debate over NFTs, wasn't it?
So I don't think signing really proves anything about the authorship or authority over the content written, it just tracks the content. The author's example that you can know they're the one who posted it doesn't really have anything to do with generated reports, and it doesn't even prove that they were the ones who uploaded the content any more than a classic blog with a username/password system. It just means that someone with access to the keys to upload provided content, not _who_ uploaded it. It's presumed it's the author as hopefully they kept their secrets safe, but that's not a guarantee.
Nor should that be the intention. You don't want to break anonymity, you want to maintain non-repudiation, not authenticate the origin.
You can even make browser and text editor plugins to make it ubiquitous.
(yes you can make a screenshot, remove invisible chars, etc.)
So stupid idea because I didn't put a lot of thought in it :)
Meanwhile, from 2004, on Web1:
On the other hand, say you’ve already established something of an online identity, perhaps through your own web site, or as a frequent commenter at this or some other blog(s). What prevents someone else from coming along and posting a comment here, leaving your name and your website’s URL to identify himself? Put another way, how can readers determine the authenticity of comments left here? …
Well, now there’s a way to reassure them. If you have a PGP public key (if you don’t, create one for yourself), put a link to it in the <head> section of your web page:
Then you can: To outward appearances, your comment will look no different than before. The only difference will be a clickable link to “verify” the comment.-- February 28, 2004, https://golem.ph.utexas.edu/~distler/blog/archives/000320.ht...
There's a much more pressing issue.
I just asked ChatGPT to explain it, here's what it spouted:
"We need to securely record the knowledge created by humans up to this date using cryptographic hashes and a Merkle tree. This includes text, pictures, videos, and sound. This is vital for training future AIs and will ensure that the well is not poisoned. We can use SHA-3, SHA-256, Blake3, or any other cryptographic hash. We should store this in a large database, as well as sites and forums that will provide a "proof of existence" before a certain date."
It got a bit confused at the end. What I was suggesting was that there'd eventually be sites/forums/tools where every data you can access could check it's "proof of existence".
You'll then know for sure if the file was created before a certain date or not.
For example imagine I were to download a file, a tool could tell me (disclaimer for sensitive users, I'll mention the 'B' word):
"File xyz, with SHA-256 4f82d8dd...eb80fd7b, was first recorded on the Bitcoin blockchain in block 601382, in april 2023. We verified that using the Merkle tree XYZ3497 whose root hash was in that block."
It's not perfect but before we begin signing every new content we create, I think the most pressing matter is to "sign" as much of the past human knowledge as we can.
For what an AI will be able to do is to create and sign new content and use fake identities.
But what an AI will not be able to do is modify proof-of-existence of old documents. So we need, now, to establish proof-of-existence for as much old data as we can.
that is why everyone pegs it to a bitcoin block, because its the digital equivalent of holding up a Polaroid with the current News headline on it.
What am I not getting here?
How? A quantum computer will crack enough existing content signed with poor / old keys that use algorithms that are not quantum safe.
Students can do their homework with ChatGPT then digitally sign it as themselves.
Another example of "blockchain thinking".
Share your work. Cite your sources. Sign your name.
Bonus points for errata and retractions.
Signatures can be for nyms, anons, IRL persons, organizations, horses, whatever. Just so long as the trust chain checks out. https://en.wikipedia.org/wiki/Certificate_authority
--
As for implementation, assuming the author's public key is posted, public missives will have something like GnuPG short codes. Maybe Base64.
Extra points for registering (logging) these short codes somewhere? A rolling hash log (sorry, spacing the actual name) is probably sufficient. Like a git repo for one's blog.
Since a16z and other usual suspects are hyping Web3, I haven't bothered to learn about it. I just assume it's probably overkill, vapor, some kind of grift.