Foresight News|Feb 23, 2026 02:02
[Vitalik: Security and User Experience Are Not Independent Domains, Aim to Minimize Deviations Between Intent and System Behavior]
Foresight News reports that Vitalik Buterin posted on Farcaster, stating that the goal of security is to minimize deviations between user intent and the system's actual behavior. 'User experience' can also be defined in this way, meaning security and user experience are not independent domains. Security focuses more on tail risks (high-cost deviations) and tail risks caused by adversarial behavior. Perfect security is impossible because 'user intent' itself is extremely complex, and users often struggle to express it clearly (e.g., in 'send 1 ETH to Bob,' Bob cannot be mathematically defined). More complex goals, such as 'protecting privacy,' are similarly difficult to define (metadata leakage far exceeds encryption itself). This is similar to early AI safety issues: goals are difficult to robustly specify.
Excellent security solutions should include the following features: users express intent in multiple, overlapping ways, and the system executes only when alignment is achieved from multiple perspectives. Examples include type systems in programming, formal verification, transaction simulation, post-transaction assertions, multi-signature/social recovery, spending limits, and anomaly confirmations, which reduce risks through redundancy. Additionally, LLMs can serve as intent simulators (general LLMs approximate human common sense, while user-fine-tuned LLMs approximate the user themselves), but they must never independently determine intent and should only act as a supplementary perspective to enhance redundancy effectiveness.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink