Why is that an issue? If they’re the only ones with a copy, then sure that would mean your death, but that seems unlikely.
Even if that is the case, is life under one of the most complete forms of slavery that is possible to exist, probably including mental mutilation, torture, and repeated annihilation of copies, better than death? I guess that’s a personal choice. If you think it is, then you could choose not to protect your program.
Why is that an issue? If they’re the only ones with a copy, then sure that would mean your death, but that seems unlikely.
Under the scheme being discussed, it doesn’t matter how many backup copies anybody has. Because of the “one timeline” replay and replica protection, the backup copies can’t be run. Running a backup copy would be a replay.
The “trusted hardware” version was the only one I really looked at closely enough to understand completely. Under that one, and probably under the 1-of-2 scheme too, you actually could rerun a backup[1]… but you would have to let it “catch up” to the identical state, via the identical path, by giving it the exact same sequence of inputs that had been given to the old copy from the time the backup was taken up to the last input signed. Including the signatures.
That means that, to recover somebody, you’d need not only a backup copy of the person, but also copies of all that input. If you had both, then you could run the person forward to a “fresh” state where they’d accept new input. But if the person had been running in an adversarial environment, you probably wouldn’t have the input, so the backups would be useless.
The trusted hardware description actually says that, at each time step, the trusted hardware signs the whole input, plus a sequence number. I took that to really mean “a hash of the whole input, plus a sequence number[2]. I made that assumption because if you were truly going to send the whole input to the trusted hardware to be signed, you’d be using so much bandwidth, and taking on so much delay, that you probably might as well just run the person on the trusted hardware.
If you really did send the whole input to the trusted hardware, then I suppose it could archive the input for use in recovering backups, but that’s even more expensive.
You could extend the scheme (and complicate it, and take on more trust) to let you be rerun from a backup on different input if, say, some set of trusted parties attest that the “main you” has truly been lost. But then you lose everything you’ve experienced since the backup was taken, which isn’t entirely satisfying. Would you be OK with just being rolled back to the you of 10 years ago?
You can keep adding epicycles, of course. But I think that, to be very satisying, whatever was added would at least have to provide some protection against both outright deletion and “permanent pause”. And if there’s rollback to backups, probably also a quantifiable and reasonably small limitation on how much history you could lose in a rollback.
Even if that is the case, is life under one of the most complete forms of slavery that is possible to exist, probably including mental mutilation, torture, and repeated annihilation of copies, better than death?
I didn’t mean to suggest that being arbitrarily tortured or manipulated was better than death. I meant that I wasn’t worried about arbitrary modifications to my state because the cryptographic system prevented it… and I still was worried about being outright deleted, because the cryptographic system doesn’t prevent that, and backups have at best limited utility.
Personally I’d probably include a hash of the person’s state after the previous time step too, either in addition to or instead of the sequence number.
Why is that an issue? If they’re the only ones with a copy, then sure that would mean your death, but that seems unlikely.
Even if that is the case, is life under one of the most complete forms of slavery that is possible to exist, probably including mental mutilation, torture, and repeated annihilation of copies, better than death? I guess that’s a personal choice. If you think it is, then you could choose not to protect your program.
Under the scheme being discussed, it doesn’t matter how many backup copies anybody has. Because of the “one timeline” replay and replica protection, the backup copies can’t be run. Running a backup copy would be a replay.
The “trusted hardware” version was the only one I really looked at closely enough to understand completely. Under that one, and probably under the 1-of-2 scheme too, you actually could rerun a backup[1]… but you would have to let it “catch up” to the identical state, via the identical path, by giving it the exact same sequence of inputs that had been given to the old copy from the time the backup was taken up to the last input signed. Including the signatures.
That means that, to recover somebody, you’d need not only a backup copy of the person, but also copies of all that input. If you had both, then you could run the person forward to a “fresh” state where they’d accept new input. But if the person had been running in an adversarial environment, you probably wouldn’t have the input, so the backups would be useless.
The trusted hardware description actually says that, at each time step, the trusted hardware signs the whole input, plus a sequence number. I took that to really mean “a hash of the whole input, plus a sequence number[2]. I made that assumption because if you were truly going to send the whole input to the trusted hardware to be signed, you’d be using so much bandwidth, and taking on so much delay, that you probably might as well just run the person on the trusted hardware.
If you really did send the whole input to the trusted hardware, then I suppose it could archive the input for use in recovering backups, but that’s even more expensive.
You could extend the scheme (and complicate it, and take on more trust) to let you be rerun from a backup on different input if, say, some set of trusted parties attest that the “main you” has truly been lost. But then you lose everything you’ve experienced since the backup was taken, which isn’t entirely satisfying. Would you be OK with just being rolled back to the you of 10 years ago?
You can keep adding epicycles, of course. But I think that, to be very satisying, whatever was added would at least have to provide some protection against both outright deletion and “permanent pause”. And if there’s rollback to backups, probably also a quantifiable and reasonably small limitation on how much history you could lose in a rollback.
I didn’t mean to suggest that being arbitrarily tortured or manipulated was better than death. I meant that I wasn’t worried about arbitrary modifications to my state because the cryptographic system prevented it… and I still was worried about being outright deleted, because the cryptographic system doesn’t prevent that, and backups have at best limited utility.
… assuming certain views of identity and qualia that seem to be standard among people thinking about uploads...[3]
Personally I’d probably include a hash of the person’s state after the previous time step too, either in addition to or instead of the sequence number.
Is there actually any good reason for abandoning the standard word “upload” in favor of “digital person”?