Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Perhaps there needs to be a new open standard for authenticating physical products.

Put a unique key on each item- added cost, I know- that validates against a public key for the company and product. At each sale of the product or passing of possession from a supplier to a vendor, the keys would register a transfer. Anyone in the supply chain could use the company's public APIs to say "I have this item, does that make sense? Or did someone already sell this one?".

Companies could sue anyone selling unverified goods. Border police could easily identify fakes. Customers could confirm authenticity. Sellers could prove they are or are not selling fakes.



And every physical good you ever purchased would be tracked and accounted for until you die.

Don't you think it would be far easier to just enforce the laws we already have?


How? The problem is that it's hard to enforce these laws. I'm proposing that we need to make it easier to enforce them.


This exists under the name bitmarks.

Bunnie Huang wrote a blog post about this just a couple of weeks ago: https://www.bunniestudios.com/blog/?p=4981


This person's suggestion is to replace serial numbers with a blockchain code? When will the madness end?

/edit mistakenly used UPC instead of serial number.


UPC is a product code (what it is).

Bunnie's blockchain code is a serial number that is (theoretically) impossible to guess or fake. This prevents scammers from guessing/faking serial numbers to scam him out of product.


Sorry, I didn't mean UPC, I meant serial number. You can generate unique, nearly impossible to guess serial numbers using all kinds of methods without any need for a blockchain.


A UUID would work fine. Every product gets a UUID and it goes into a public DB hosted by the manufacturer (or a 3rd party that verifies who is publishing the data).

Then anyone can query against that database to verify if a product is legitimate.


Wouldn't counterfeiters scrape that database for legitimate UUID's? You could allow consumers to "claim" a UUID as theirs (and when I get a product with the same UUID, I can assume it's a dupe), but that requires every consumer to actually do this...


Make it difficult to scrape?

At the end of the day... we know these things get leaked anyway...


The proposed blockchain solution also requires users to register.


Yes. I did not think it through well enough.


Except that a blockchain is the exact wrong technology to use here.

Look at Bitcoin, for example. That blockchain is entirely controlled by manufacturers in China. How would this blockchain viably guard against manufacturers in China?

Besides, the blockchain or other storage mechanism is irrelevant. All the counterfeiter needs to do is copy the serials or other numbers from the blockchain or wherever they are stored.

These methods all make it easier to pass-off a counterfeit as legitimate.


From Bunnie's blog:

Disclosure: I am a technical advisor and shareholder of Bitmark.


A counterfeiter could simply duplicate a valid proper key.

This is an exact analogue for client-side validation, which doesn't work in the presence of active malicious counterfeiters.


You mean like https://www.amazon.com/b?node=16049037011


Or more simple way from china

https://www.mi.com/verify/#secur_en


There already was such a standard. Physical good stores. A large chain will not risk their reputation by selling you a dud, or counterfeit item. They're also easier to sue in your local jurisdiction than some random online seller, etc etc. People have made their choice, and they would rather save money by shopping online.


Yes, and encourage consumers to file chargebacks for products that fail authenticity.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: