Phishing and impersonation attacks are the most harmful side-effects of digitizing our identities, our work, and our relationships. It is the inevitable consequence of a central name list where anyone can present any name and picture to everyone. How can we build systems that are resistant to these attacks? How (and in what context) is this system best integrated into collaboration software? How can we best balance simplicity, security, and usability?
In this talk, we offer an alternative data model for structuring identities and relationships that is resistant to phishing, impersonation, and machine-in-the-middle attacks — without sacrificing usability. Instead of "I authenticate, therefore I am," we posit that "We collaborate, therefore we are." In other words, users exist in a collaborative application only in the context of a relationship with another user. We encode these "trust loops" into a distributed data storage layer that is synchronized between devices.
We will a prototype called Backchannel which is a local-first address book that puts these new distributed systems primitives into practice. We used an iterative human-centered design process to improve the security of the system without sacrificing usability. Backchannel users can offer strong proof that their collaborators are who they say they are, even over long periods of time and across multiple devices.
Karissa McKelvey
Ink & Switch
@okdistribute
from Strange Loop 2021 in St. Louis
[ Ссылка ]
