this post was submitted on 29 Aug 2023
60 points (91.7% liked)
Technology
39856 readers
354 users here now
A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.
Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.
Subcommunities on Beehaw:
This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Performance is relative to what your goals are (extremely high transaction volume isn't always something you need to handle, and also isn't guaranteed to be impossible with a DLT either), and centralized databases / services aren't always the best fit for every problem. Regarding security, well, I really don't see how you came to that conclusion. Guess it depends on what exactly you mean with security?
Real estate is pretty commonly seen as the prime example of a field where a DLT is a better fit than a more "traditional" centralized service. As an example let's say we want a system that could be used to record changes in property ownership, so you need auditable state changes and an immutable history, and you want some sort of guarantees that generally someone who's not authorized to do something to a property isn't going to be able to do it by just issuing a state change (ie writing to the DB.) Your stakeholders are probably going to be the local government, licensed real estate brokers (if that's a thing in your jurisdiction), possibly all private property owners who want to sell their property etc. etc. You absolutely could build this with a "traditional" centralized service that eg. the GOBERMENT (or whoever trusted stakeholder) runs and operates, but then you have a single bottleneck that's entirely dependent on a single stakeholder, and you still need to implement eg. audit trails for state mutations, access control, etc. etc. As I said it's absolutely doable, but many of the things you'd do to build it are essentially just reinventing some sort of DLT but in a monolithic package and without any of the benefits. Take state immutability for example; you'd probably be building some sort of hash tree or chain anyhow but now you have to do both the hashing and the verification and validation manually instead of the infrastructure doing it for you, and it's nontrivial to do right so the attack surface here is not going to be small in a home-grown solution. You'll probably want to require that all state changes (transactions) are signed by a known trusted actor, so you'll need to build that too, so here's yet more attack surface. Also you probably don't want to run literally just a single instance of your database so you're going to want some sort of replication, which may need some legwork depending on the database system used. Compare this (non-exhaustive) list to what your average DLT framework like Hyperledger guarantees "out of the box", where the infrastructure itself gives you guarantees about the immutability of history and who is allowed to make state changes to which parts of the state (in our fictional case you'd want a Proof of Authority consensus mechanism, so anyone making state changes would have to have a valid X.509 cert issued by some trusted CA, but with public reads as property ownership is a matter of public record), which is by default distributed so there's no single point of failure, and is eventually consistent within known parameters and known behavior.
Distributed systems definitely do require more skill to operate so the benefits need to outweigh the costs (and they often do, which is why we eg. tend to use microservices for high volume systems), but I honestly fail to see how for example a project using Hyperledger tools (and there's more than just the DLT Fabric), which are specifically built around privacy and security, would automatically be less secure than a centralized system where you have to build the same features yourself, meaning you just have to trust that you did everything right.
Real estate is a terrible example of where to use a blockchain. Someone gains access to your private key and you just... don't own your house anymore? There's not really a recourse here since it's controlled by the distributed system. On the other hand, the government which is entrusted with the authority to enforce laws can hold onto the this information in a more secure way than the average person. And if something does happen they have the ability to fix problems without issue. I read all these stories online about wallets getting compromised and contents stolen with very little recourse and am confused why I would want the largest purchase that I will ever make in my life tied up in that. Doubly so because that purchase is explicitly tied into the central authority of your government. It's not like cryptocurrency where it can exist externally to the current legal system. Real estate MUST be tied to government in some way.
Your point about how building a secure, central database will have so many technical hurdles to overcome is... odd. I mean, sure it's tough to make a secure database. Your answer is that some blockchain framework has certain security characteristics while ignoring that literally every secure data store that currently exists is running on a central database and just fine at that. Like, what do you think that your bank is using at this very moment? There are multiple companies with well-audited solutions selling and running secure databases RIGHT NOW. You just hand wave away the ability to make secure databases while ignoring that they already exist while expecting us to buy into the promises of some new, unproven framework like Hyperledger. The only thing that blockchain adds is immutability, which is something that I think would be a poor idea anyway.
Lastly, blockchains only work by having users with a financial stake and incentive. With proof-of-work you're staking the cost of the electricity you're spending, with proof-of-stake the crypto you're staking. The point is, they have this whole weird financial structure to keep people running this distributed ledger. How would that even work for real estate? Do you want people with perverse financial incentives muddling with the system that controls your ownership OF YOUR HOUSE? Or the government which is empowered by the people to serve them. And if it fails those leaders face expulsion? I know where my answer is.
I just want to hammer this point home one more time. This is a false comparison. You do not have to build these features yourself. Like, have you heard of this tiny company called "Oracle"? Or maybe this really obscure one "Microsoft"? They both make exactly this product.
Under the current system you don't even have a private key. In some countries it's fairly common for someone to lose their home because someone bribed the official to change the title records.
I think that key management is blockchain's Achilles Heel, but there are some interesting potential solutions
A trust less system also can aid in stymieing wire fraud in real estate transactions which is shockingly common. Today, someone doesn't even have to have your private key to pretend to be you and steal your escrow funds - just a spoof email, good timing, and a paralegal that makes a mistake