Bootstrapping Trust

The first question a rationalist asks herself is “why do I believe what I believe?” The answers are often surprising!

As someone who lives in the modern world, you trust your computer — for example, you log into your bank web site with your computer, most probably. Why do you trust it? If you are paranoid, or just eccentric, you might have installed an operating system yourself. When you downloaded the OS, how did you verify that what it was running was authentic? Did you check the signature against an HTTPS site? Well, what if the HTTPS was forged? Well, presumably the browser in your old OS only had trust-worthy certificates. So regardless, you did assume the old OS was authentic.

Why? Because of where you bought it?

I’m using a computer I bought at Fry’s, physically. But maybe you bought yours on Amazon. How did you log-in into Amazon? How do you know you didn’t log in into a forged web site, that pretended to be Amazon? Do you trust your previous computer?

Where does Fry’s store the computers before they bought them? Who had access to tamper with the built-in OS? I don’t know, but Fry’s speciality is definitely not security (stores usually assume that a small amount of employee theft will occur and treat it as a financial risk). Who made the computer? Probably some factory in China. How did they get the OS onto the hard drive? Did they download it from a secure source? Did they have the Golden CD physically mailed? Could someone have switched CDs in the mail? What about the Chinese government?

How do you know your computer is authentic? Something to think about!

Advertisements

2 Responses to Bootstrapping Trust

  1. Eulores says:

    Please read the essay about the Ken Thompson Hack (1984)
    http://c2.com/cgi/wiki?TheKenThompsonHack

  2. Miki Tebeka says:

    It’s not just computers. How do you know the person who built your car/house/the bridge your on did their work properly? How do you know the food you eat is OK? ….

    Modern society has trust baked in at every level.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: