Should we develop a biometric-based alternative to HTTPS?

Question

While this would undoubtedly invade our privacy more than current advertising companies like Google and Facebook, it could potentially eliminate or significantly reduce the wholesale theft of AI scrapers.Obviously, there's a risk of your biometric information being stolen or spoofed. However, if combined with a government-issued ID, this could make it nearly impossible for AI to acquire and resell your intellectual property.

PaulHoule · Accepted Answer

I don&rsquo;t get it. Https is about privacy and integrity. Biometrics is about verifying who you are. I can see them working together but one doesn&rsquo;t substitute for the other.

LinuxBender · Answer

Today that is somewhat addressed using client certificates. That is how one at very least validates the identity of the machine a request is coming from. I've used them in a large company but scaling that out to the entire internet would be quite a challenge. Then to meet your requirement there would have to be a daemon that uses fingerprint readers to tie that hardware certificate to a person or set of persons. How would you incentivize people to participate in such a thing? Who performs the attestation that proves a fingerprint really belongs to a particular person? The lazy way would be using debit/credit cards but that is easy to spoof. Would a public notary show up to my home or would I use a notary at a bank? Do we store all this in the very hackable TPM's? How do we back this up? If a dependancy is built on this and a persons machine croaks, how do they access the services that now depend on this? Go back to the bank or post office in person? Do we integrate with the DMV and what risks does that bring? DMV queues can be quite large in some cities even without this. Does this get stored on your state or federal ID? Are there backup keys and can each one be individually revoked? Or does your ID have a primary key and then institutions issue sub-keys mapped to your primary key and fingerprints? Could criminals weaponize this? I am going to stop thinking about this. Every idea creates dozens of more questions.I should add that something like this sortof existed for businesses. They could buy Extended Validation certificates. Initially this required a public notary but that did not scale well at all. Eventually all the friction was removed and the only difference was you needed a Dun & Bradstreet number and to pay more for the cert. It sounds like you want something similar but on the client side which would be even harder to scale in my opinion.

giantg2 · Answer

I fail to see how this is even possible. Anyone wanting to run or train AI could just run it under their biometric identity. Pretty much any biometric could be relicated so they could automate the process. You would end up just concentrating AI training and power to the people who are willing/able to do this.

al_borland · Answer

If it&rsquo;s all in the name of avoiding AI, I think I&rsquo;d prefer a return to in-person and analog.

Should we develop a biometric-based alternative to HTTPS?

I don’t get it. Https is about privacy and integrity. Biometrics is about verifying who you are. I can see them working together but one doesn’t substitute for the other.

If it’s all in the name of avoiding AI, I think I’d prefer a return to in-person and analog.