No. Unless Stripe has also implemented the ZK protocol in their whitepaper (narrator: they haven’t) then whatever PCI stuff Stripe does is entirely unrelated to the privacy guarantees implied by phreeli’s new protocol.

If a payment processor implemented this (or some other anonymous payment protocol), and customers paid them on their website instead of on the website of the company selling the phone number, yeah, it could make sense.

But that is not what is happening here: I clicked through on phreeli’s website and they’re loading Stripe js on their own site for credit cards and evidently using their own self-hosted thing for accepting a hilariously large number of cryptocurrencies (though all of the handful of common ones i tried yielded various errors rather than a payment address).

So like, it’s a situation where the “lock” has 2 keys, one that locks it and one that unlocks it

Precisely :) This is called asymmetric encryption, see https://en.wikipedia.org/wiki/Public-key_cryptography to learn more, or read on for a simple example.

I thought if you encrypt something with a key, you could basically “do it backwards” to get the original information

That is how it works in symmetric encryption.

In many real-world applications, a combination of the two is used: asymmetric encryption is used to encrypt - or to agree upon - a symmetric key which is used for encrypting the actual data.

Here is a simplified version of the Diffie–Hellman key exchange (which is an asymmetric encryption system which can be used to agree on a symmetric key while communicating over a non-confidential communication medium) using small numbers to help you wrap your head around the relationship between public and private keys. The only math you need to do to be able to reproduce this example on paper is exponentiation (which is just repeated multiplication).

Here is the setup:

1. There is a base number which everyone uses (its part of the protocol), we’ll call it g and say it’s 2
2. Alice picks a secret key a which we’ll say is 3. Alice’s public key A is g^a (2³, or 2*2*2) which is 8
3. Bob picks a secret key b which we’ll say is 4. Bob’s public key B is g^b (2⁴, or 2*2*2*2) which is 16
4. Alice and Bob publish their public keys.

Now, using the other’s public key and their own private key, both Alice and Bob can arrive at a shared secret by using the fact that B^a is equal to A^b (because (g^a)^b is equal to g^(ab), which due to multiplication being commutative is also equal to g^(ba)).

So:

1. Alice raises Bob’s public key to the power of her private key (16³, or 16*16*16) and gets 4096
2. Bob raises Alices’s public key to the power of his private key (8⁴, or 8*8*8*8) and gets 4096

The result, which the two parties arrived at via different calculations, is the “shared secret” which can be used as a symmetric key to encrypt messages using some symmetric encryption system.

You can try this with other values for g, a, and b and confirm that Alice and Bob will always arrive at the same shared secret result.

Going from the above example to actually-useful cryptography requires a bit of less-simple math, but in summary:

To break this system and learn the shared secret, an adversary would want to learn the private key for one of the parties. To do this, they can simply undo the exponentiation: find the logarithm. With these small numbers, this is not difficult at all: knowing the base (2) and Alice’s public key (8) it is easy to compute the base-2 log of 8 and learn that a is 3.

The difficulty of computing the logarithm is the difficulty of breaking this system.

It turns out you can do arithmetic in a cyclic group (a concept which actually everyone has encountered from the way that we keep time - you’re performing mod 12 when you add 2 hours to 11pm and get 1am). A logarithm in a cyclic group is called a discrete logarithm, and finding it is a computationally hard problem. This means that (when using sufficiently large numbers for the keys and size of the cyclic group) this system can actually be secure. (However, it will break if/when someone builds a big enough quantum computer to run this algorithm…)

Much respect to Nick for fighting for eleven years against the gag order he received, but i’m disappointed that he is now selling this service with cryptography theater privacy features.

contradictory to existing laws (eg section 230).

Section 230 is US law; this article is about the EU and GDPR.

Operating in multiple countries often requires dealing with contradictory laws.

But yeah, in this case it also seems unfeasible. As the article says:

There is simply no way to comply with the law under this ruling.

In such a world, the only options are to ignore it, shut down EU operations, or geoblock the EU entirely. I assume most platforms will simply ignore it—and hope that enforcement will be selective enough that they won’t face the full force of this ruling. But that’s a hell of a way to run the internet, where companies just cross their fingers and hope they don’t get picked for an enforcement action that could destroy them.

Can someone with experience doing ZK Proofs please poke holes in this design?

One doesn’t need to know about zero-knowledge proofs to poke holes in this design.

SMS can have end to end encryption

in theory it can, but in practice i’m not aware of any software anyone uses today which does that. (are you? which?)

TextSecure, the predecessor to Signal, did actually originally use SMS to transport OTR-encrypted messages, but it stopped doing that and switched to requiring a data connection and using Amazon Web Services as an intermediary long ago (before it was merged with their calling app RedPhone and renamed to Signal).

edit: i forgot, there was also an SMS-encrypting fork of TextSecure called SMSSecure, later renamed Silence. It hasn’t been updated in 5 (on github) or 6 (on f-droid) years but maybe it still works? 🤷

a summary can be helpfull

No. LLMs can’t reliably summarize without inserting made-up things, which your now-deleted comment (which can still be read in the modlog here) is a great example of. I’m not going to waste my time reading the whole thing to see how much is right or wrong but it literally fabricated a nonexistent URL 😂

Please don’t ever post an LLM summary again.

Not really. The decision only states that a service that allows to publish advertisements with personal information must review these

Physically obtaining the devices is insufficient; they need ongoing software updates and other network services too.

The IDF could/would absolutely not be doing this if they did not trust that Apple is a very committed partner.

You can also observe from Apple’s job listings that they are.

Wtf. Why do Israeli tanks look like IRL Dall-E?

I rescind my remark.

no, you were right - even though it is based on an actual photo, it is also slop, because someone upscaled a low res version using a neural network.

compare the tank tracks in OP’s image with the high res original photo:

I have to ask: what’s with all the obsession with immutable distro?

I guess the promise of having updates JustWork™? I don’t currently use one but I see the appeal.

However FWIW, unlike its namesake ChromeOS, the “Nixbook OS” this post is about is not actually an immutable distro: the instructions are to install NixOS normally and then clone the nixbook repo into /etc/nixbook and run its install.sh. Among other things it installs an update service which runs git pull on that repo as well as running nixos-rebuild boot --upgrade and flatpak update --noninteractive --assumeyes etc.

Cheers to this guy for what he’s doing, but the name is a little confusing. This approach works but it is not nearly as robust as the immutable distro paradigm implied by the name.

I haven’t heard of academics and/or media from China advocating for applications of phrenology/physiognomy or other related racist pseudosciences. Have you?

one can also get the full paper directly from yale here without needing to solve a google captcha:

https://insights.som.yale.edu/sites/default/files/2025-01/AI Personality Extraction from Faces Labor Market Implications_0.pdf

I don’t have the time nor the expertise to read everything to understand how they take into account the bias that good looking white men with educated parents are way more likely to succeed at life.

i admittedly did not read the entire 61 pages but i read enough to answer this:

Plastic surgery would become more popular.

One of the paper’s authors had the same thought:

“Suppose this type of technology gets used in labor market screening, or maybe dating markets,” Shue muses. “Going forward, you could imagine a reaction in which people then start modifying their pictures to look a certain way. Or they could modify their actual faces through cosmetic procedures.”‌

She also bizarrely says that:

“we are very much not advocating that this technology be used by firms as part of their hiring process.”

and yet, for some reason:

The next step for Shue and her colleagues is to explore whether certain personality types are drawn to specific industries or whether those personality types are more likely to succeed within given industries.

i haven’t used it myself but https://jmp.chat/ looks good if you’re OK with a US or Canadian number.

there is a lemmy community about it here: [email protected].

cc @[email protected]

five consecutive posts in a single community is a bit much for what is essentially the same story. why not put them all in the body of a single post where they could be discussed together?

you made five posts about this just in [email protected]