> Can Amazon ship you products without knowing what you ordered
Well the whole point of not implicitly trusting third parties would be to remove Amazon from the equation altogether and instead be P2P with the shipper with just a protocol between us. If we need a third party, we can find another peer for that based on the intersection of our trust graphs. It doesn't have to be a global conglomerate with an IT department that we all have to trust implicitly. It could be Jimbob from down the road, who we both trust explicitly--this gets rid of high-value targets altogether.
Particl marketplace is pretty much this (no affiliation, I just like the idea).
Sure, I suppose there's still the possibility that the individual shipper was compromised, but like... Why? It's not exactly a juicy target. There would be no reason to really have a large database of addresses lying around. Print label, ship item, once receipt is acknowledged, delete address.
You replied to basically nothing I said, other than to say: It's better if everything is split up into smaller companies that are not interesting targets.
Nothing you said addressed the uselessness of encryption for this task.
PS. I hope you are aware that Amazon also sells things themselves, they are not just a shipper? And that even if Amazon sells for a 3rd party, you handle returns, etc, via Amazon? So even your singular example demonstrates exactly what I said: this idea would not work.
Not smaller companies. No companies. Individual people. That's a little different than "smaller".
As for returns and such, that's what the explicitly trusted third party is for: Jimbob. He can meditate disputes because both parties trust him in that domain (or they trust someone who...) Maybe that limits the scope somewhat, but global scale is overrated. Transitive trust ought to get you plenty far.
As for encryption, Jimbob need not know either address to fulfill his role. Encryption is for hiding such things from him (and from the operator of any nodes that are needed to for the protocol to function).
As for not having a design ready for every one of your examples. You've got me there. My point is merely that the space of solutions to these problems which do not require implicit trust of somebody's IT department is larger than you presume, and largely unexplored.
Well the whole point of not implicitly trusting third parties would be to remove Amazon from the equation altogether and instead be P2P with the shipper with just a protocol between us. If we need a third party, we can find another peer for that based on the intersection of our trust graphs. It doesn't have to be a global conglomerate with an IT department that we all have to trust implicitly. It could be Jimbob from down the road, who we both trust explicitly--this gets rid of high-value targets altogether.
Particl marketplace is pretty much this (no affiliation, I just like the idea).
Sure, I suppose there's still the possibility that the individual shipper was compromised, but like... Why? It's not exactly a juicy target. There would be no reason to really have a large database of addresses lying around. Print label, ship item, once receipt is acknowledged, delete address.