Doomscroll News πŸ‡ΊπŸ‡Έ

Tag: verification

  • The Real Threat Isn’t AI, It’s Email and Things Like It

    The Real Threat Isn’t AI, It’s Email and Things Like It

    The panic over the Claude AI being used for cybercrime is misplaced. The AI isn’t the problem. The real threat is our ancient and fundamentally insecure communication platforms, with email being the worst offender.

    Email lacks the basic security verification, like the padlock on websites, that we should expect for critical communications. It was never built to be safe, which is why criminals find it so easy to fake identities and send fraudulent messages. The AI is simply a new tool that helps them exploit this old weakness more efficiently.

    This isn’t just about email. Even supposedly secure apps like Signal have shown major design flaws, proving we can’t just trust brand names or marketing.

    The mission is clear. America needs to stop patching these broken systems and lead the way in building secure replacements. These new systems must have real verification built in from the start.

    https://www.anthropic.com/news/detecting-countering-misuse-aug-2025

    https://archive.is/k1t6W

    David Gross

    Follow me at https://x.com/dgapps and https://davidgrossapps.com

  • Signal Chat’s Group Verification Blind Spot

    Signal Chat’s Group Verification Blind Spot

    Think of verification (V) as a required security check (like that special handshake) between any two members in a secure chat.

    1. One-on-One Chat: Let the chat be just between Alice and Bob. The set is S = {Alice, Bob}. Signal provides the mechanism (Safety Numbers) for Alice to verify Bob (V(Alice, Bob)) and for Bob to verify Alice (V(Bob, Alice)). For full trust, this verification should happen. Signal makes it possible and encourages it for this single pair (Alice, Bob).
    2. Group Chat (Signal’s Current Design): Let the group be the set G = {Alice, Bob, Charlie, … N}. Signal allows Alice to individually verify Bob (V(Alice, Bob)), or Alice to verify Charlie (V(Alice, Charlie)), and so on for any pair, optionally. Crucially: The group chat works even if these verifications haven’t happened. Alice can be in the group and talk to Bob and Charlie without the system forcing her to verify them, and without them having to verify her using the Safety Number check.
    3. Ideal Group Chat (Logical Requirement): Let the group be the set G = {Alice, Bob, Charlie, … N}. For this group G to have the same fundamental identity assurance as a verified chat between just Alice and Bob, the system design should require or enforce that verification V exists between all relevant pairs within the group. This means: For Alice to securely participate, the system should ensure that V(Alice, Bob), V(Alice, Charlie), and V(Alice, Y) for all other members Y in the group G are established (or at least flagged clearly if not). The same should apply to Bob verifying everyone else, Charlie verifying everyone else, and so on. Think of it like needing a “complete graph” of verification: Alice is securely linked to Bob, Alice to Charlie, Bob to Charlie, and so on for every pair.

    The baffling point is: Signal built the tool for Alice to verify Bob (V(Alice, Bob)), but didn’t make establishing these verification links across the entire group (G) a mandatory prerequisite for group operation. It treated security within the group G as a collection of optional one-on-one checks rather than a fundamental, required property of the group itself.

    Originally Posted on 𝕏 on April 19, 2025

    David Gross

    Follow me at https://x.com/dgapps and https://davidgrossapps.com