Re: [proposals] Why are multi-party computation solutions the only ones that should be considered? (#7)

For the kicks, let me try the following perspective. Say I am from a smaller country somewhere that is not North America. I am told that data is being sent from my browser but not to worry -- my privacy is protected by MPC magic. 
Then I learn that "MPC" means that my data gets sent to two US-based megacorporations who promise not to collude with each other when executing the MPC protocol. Why should I trust this to be the case? Why can't the US government secretly compel them to collaborate under the pretext of chasing terrorists or tax cheats or whatever? Why would they not colude if they have business incentives to do so? What if the parties are just careless and both get hacked?

From this angle, a TEE (or even plain old hardware) run by people I trust and understand beats a MPC being run somewhere far away by people I have a reason to be suspicious of. 

TL;DR: perhaps we should not get too hung up on the TEE vs MPC vs something else distinction -- the context matters.

-- 
GitHub Notification of comment by palenica
Please view or discuss this issue at https://github.com/patcg/proposals/issues/7#issuecomment-1036018114 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 11 February 2022 09:30:30 UTC