- From: Filip Kolarik <filip26@gmail.com>
- Date: Sat, 25 Jan 2025 18:51:54 +0100
- To: Merul Dhiman <me@merul.org>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>
I believe there is no purely technology-based solution that can completely prevent scams relying on false claims of authenticity, identity, or emotional exploitation. These tactics tap into human psychology, making them difficult to counter with tools alone. A good historical example is the medieval "True Cross" scam. During and after the Crusades, churches, monasteries, and relic dealers claimed to have fragments of the True Cross from the Holy Land. These relics were sold as sacred objects that could bring blessings, heal illnesses, or forgive sins. Theologian John Calvin mocked this practice, saying that if all these fragments were combined, they’d form a whole shipload. No matter how many protective measures are in place, the final decision lies with the individual. The most effective approach is to focus on education and fostering healthy skepticism. By staying informed and questioning claims, people can better protect themselves against scams. I support a softer, more decentralized approach rather than creating strict systems that depend on central authorities. While scams mostly harm individuals, too much control and centralization can have wider impacts, threatening freedoms and affecting society as a whole. At this early stage of adoption, an organic approach to trust frameworks feels natural. As noted, it’s up to the verifier and the use-case to decide which trust framework is best to use. This organic approach lets trust systems evolve gradually, using solutions like community-driven verification, blockchain, industry-specific registries, and collaborative governance. These methods create flexible systems where trust develops naturally from real needs rather than being imposed from above. By staying adaptable and focusing on empowering people, this approach allows trust frameworks to grow in a way that fits specific needs, avoids over-centralization, and builds transparency, inclusion, and resilience. Best, Filip On Sat, Jan 25, 2025 at 6:17 PM Merul Dhiman <me@merul.org> wrote: > > Manu, you make a very interesting point with whether any identity document would have helped her, I believe scams like this are less about integrity of data and more about human nature, it's more about the psychology of the victim and how these scammers prey on their weaknesses. > > I personally know someone who was duped by a similar pigbutchering scam. People can be vulnerable at times, and vulnerable people are gullible. What really stands out in this story in particular is how the scammer used information available on the victim on social media and weaponized it to gain fake sympathy in her eyes. > > I do want to add a comment though, although privacy preserving identity technology could have helped this poor woman, but I believe the failure was truly at the part of her bank allowing these transfers to go through, the bank should have flagged these unusual transfers to a random account in Turkey, especially if the user doesn't have a history of making such large transactions to international accounts. > > Although I do believe that Identity technology would have perhaps made it simpler to verify an individual there's a more "human" element here which cannot be simply solved with cryptography. A lot of these scams are engineered to prey on vulnerable people, people who are too trusting and too kind for this world. > > There need to be UX warnings which could be added at the application layer for various services which warn users for common types of scams, scammers and tech prevent scammers will always be a game of whack-a-mole, you take one down another method pops up, I think this particular issue needs to be solved with education and more stringent flagging which takes into account new scams in the market. > > Best Wishes, > > Merul > > > > On Sat, Jan 25, 2025 at 10:21 PM Manu Sporny <msporny@digitalbazaar.com> wrote: >> >> On Sat, Jan 25, 2025 at 11:05 AM Brian Richter <brian@aviary.tech> wrote: >> > Here’s the article >> > https://www.bbc.com/news/articles/ckgnz8rw1xgo >> >> Ooof, how heartbreaking, that poor woman! >> >> I presumed it was going to follow a standard scam with relatively >> small and/or recoverable financial damage. Instead, this person lost >> their entire life savings while in her 50s. Sure, she got scammed, but >> society has also failed her -- all because she couldn't verify the >> person on the other end of the line, and then because the banks didn't >> have proper controls, and now because the authorities might not be >> able to recover her money. >> >> Julien's point is well made in that story. Lots of lessons in there >> about building fraud-resistant and unphishable systems; we need to do >> better as a society. >> >> Would any of these things have helped? >> >> 1. Asking the scammer for a VP of a selectively-disclosed identity document? >> 2. Setting up a communication channel w/ continuous identity verification? >> 3. The bank requiring VPs for sender and receiver of funds in that >> amount? Exposing that information to the victim? >> 4. The bank/money transfer app providing an AI that goes through a >> safety checklist (which includes providing documentation for the >> transfer)? >> >> What else could we build/deploy that would have helped in this case? >> >> -- manu >> >> -- >> Manu Sporny - https://www.linkedin.com/in/manusporny/ >> Founder/CEO - Digital Bazaar, Inc. >> https://www.digitalbazaar.com/ >>
Received on Saturday, 25 January 2025 17:52:10 UTC