Trust, Technology, and Human Nature: Reflections on a Harmonious Society#

TLDR: The essay argues that harmonious society requires balancing trust and distrust. Complete trust (human nature is good) makes systems efficient but vulnerable to exploitation; complete distrust (human nature is evil) makes them secure but rigid and oppressive. Early internet protocols like SMTP assumed good faith and were exploited (spam, phishing, DDoS). Modern solutions add mathematical verification layers (cryptography, rate limiting, Zero Trust) because math is more reliable than human promises. LLMs mirror this vulnerability—jailbreaking them exploits the same linguistic and emotional patterns used to manipulate people through social engineering. The proposed solution: idealism in values + realism in engineering. Treat people with presumption of innocence and dignity, but design systems with presumption of guilt and constant verification. Trust individuals, distrust data flows. Use “cold math and physics” to protect the “warm” human elements from structural exploitation. In short: don’t naively trust or cynically distrust everything—calibrate trust levels across different domains to lower the cost of goodwill and raise the cost of evil.

Content#

After watching “No More Bets,” my first reaction wasn’t about whether the plot was realistic, but something more abstract: how a modern society built on trust gets systematically torn apart by those who abuse it. The movie has plenty of exaggerated and even absurd moments—it’s a commercial film after all—but through its portrayal of scams, the internet, and transnational criminal enterprises, it confronts me with an age-old question: is human nature fundamentally good or evil? Should we assume strangers are good people or bad? The film doesn’t answer this, but it forces me to think: a harmonious society probably isn’t about choosing one side, but constantly calibrating between the two.

Imagine an extreme: suppose we design society on the premise that human nature is evil. Laws, institutions, and technical systems would all assume everyone is a potential criminal who must first prove themselves “innocent” to gain even minimal freedom. In such a world, entering any building requires three facial scans, every transaction demands ten forms, every word gets archived and reviewed, and everyone is treated as someone who might commit a crime at any moment. This would certainly be “safe”—bad actors would struggle—but society would be incredibly inefficient. Trust costs would skyrocket, human relationships would freeze over, and we’d all exhaust ourselves in endless verification, proof, and defense. In legal terms, this is extreme “presumption of guilt”—prove you’re innocent until proven otherwise.

Now flip to the other extreme: build society on the assumption that human nature is good. We default to believing everyone is decent, every word is true, every transaction is well-intentioned. Processes are streamlined, everyone extends maximum trust. Society would run with high efficiency, institutions would be lean, collaboration smooth, and innovation rapid, because there’s minimal defensive friction. Early internet protocols had this flavor—email protocols were designed naively, anyone could send anything, identity verification was an afterthought. The assumption was: “If you’re connected, you must be here for legitimate purposes.” But such a world is incredibly vulnerable to deceivers, scam rings, and malicious actors. The movie’s scam factories thrive in this tension: they weaponize extreme malice against systems built on default trust. This is what makes fraud so infuriating—it’s not just the money lost, but the betrayal of our instinct to trust others.

If we strip “harmonious society” of political baggage, I now see it as a balanced state in the structure of trust. One end is human nature as good, the other as evil, and between them lies a hidden axis: are we closer to “presumption of innocence” (prove guilty) or “presumption of guilt” (prove innocent)? Presumption of innocence trusts people more, giving them greater freedom; presumption of guilt distrusts people more, giving systems greater security margins. One extreme—complete trust and presumption of innocence—makes society light but fragile. The other extreme—complete distrust and presumption of guilt—makes society solid but rigid. True harmony probably isn’t picking one extreme, but choosing different points across different domains and levels.

The internet itself is a massive experiment built on the assumption of good human nature. Protocols like SMTP essentially said: “You claim to be from this domain? I’ll believe you. You say you’re this sender? I trust you too.” This bears an odd resemblance to ancient oaths: you swear you won’t deceive me, so I’ll temporarily give you my trust, and whether you face consequences later is another system’s problem. SMTP originally had no reputation mechanisms, no SPF, DKIM, or DMARC—complex signature verification and policy controls. People back then probably never imagined spam, phishing, and fake identities at such horrifying scales.

Later, we layered SPF records onto SMTP to declare “only these servers can send on my behalf,” used DKIM to cryptographically sign emails proving they’re genuinely from our domain, and applied DMARC to dictate “if verification fails, handle suspicious emails this way.” These mechanisms essentially add seals, notaries, and adjudication rules to “oaths,” wrapping the very trusting assumption in layers of “reputation” and “mathematical proof” to prevent abuse. Trust no longer relies on words alone but on verifiable structures.

DDoS tells a similar story from another angle. When networks were first designed, people probably didn’t imagine anyone deliberately weaponizing bandwidth by flooding servers. Protocol design assumed “fair use”—everyone sends a little data, exchanges information, done. Nobody anticipated someone controlling thousands of compromised machines to amplify traffic into floods that crash websites, services, or even infrastructure. In a sense, DDoS isn’t a “vulnerability” but a byproduct of “excessive faith that everyone will use resources fairly.” If you design a faucet assuming normal use, you won’t add throttle valves and complex billing logic; but when someone leaves it wide open all day like a fire hydrant, you quickly realize your “good faith assumption” was problematic.

Only later did we add throttling, rate limiting, WAF, firewalls, traffic scrubbing, CDNs, and CAPTCHAs to “prove you’re human.” The logic is identical: we no longer fully trust you’re good, no longer assume you’ll use resources fairly. We require you to pay a cost—computational power, time, or attention—to prove you’re not a purely malicious script. In this process, a cold fact gets acknowledged: humans can’t be fully trusted, but math and physics can. You can lie, but signatures won’t verify. You can pretend to be human, but solving hash puzzles takes time. You can control many machines, but bandwidth, latency, electricity costs, and time all speak for the system.

From this angle, the Zero Trust model is like hardcoding the “human nature is evil” philosophy into architecture. Zero Trust’s motto is simple: never trust, always verify. Don’t trust any request, device, internal network, or default identity—every access must reprove itself. Once you default to “distrust,” you force the entire system to automate the process of “proving reliability”—passwords, multi-factor authentication, certificates, audit logs, least privilege, behavioral anomaly detection all revolve around this. Zero Trust is like “presumption of guilt” in the technical world, except the subject shifts from “people” to “requests.” But it shares the same logic as human nature-is-evil thinking: I must treat you as a potential attacker to ensure overall system security.

Interestingly, the tech world isn’t all Zero Trust—it’s the opposite of early internet. GitHub’s PR mechanism is perhaps the ultimate demonstration of “human nature is good” in the technical realm. A complete stranger can fork your project, modify your code, and send you a PR. You don’t know them, they haven’t paid you, but you open the PR and review each commit, considering whether it’s reasonable and safe. This is an incredibly “romantic” mechanism assuming a “community of goodwill” exists in the code world: strangers can fix bugs for strangers, add features for strangers, freely spend time improving your project quality. Maintainers reviewing PRs are essentially investing “resources” in this goodwill structure—their time and attention. This contrasts starkly with the movie’s scam factories: one uses organized malice to exploit people; the other uses loose goodwill to sustain an open collaboration network.

When I think “cold math and physics are what we can trust,” I’m not denying human nature but acknowledging a fact: our brain structure, emotional systems, and language systems evolved for “close-range small societies,” not for “globally connected complex systems.” Cryptography, proof systems, encryption protocols, traffic control—these appear as cold formulas without sympathy, anger, or moral judgment. But precisely because of this, they’re not biased, can’t be manipulated, and won’t be swept up by emotions. When we wrap system boundaries with these cold technologies, we’re using math to compensate for that “structural vulnerability” in human nature.

This naturally leads me to think about LLMs. LLMs are essentially mirrors learned from the ocean of human language—not human, but remarkably mimicking the appearance and structure of human thought. They don’t truly “understand” but skillfully predict “what a person would likely say at this position.” Thus, their strengths and weaknesses are projected from human language’s strengths and weaknesses. Attacking LLMs—so-called “jailbreaking”—often isn’t exploiting some low-level technical bug but attacking “human linguistic behavioral patterns” themselves. We use carefully crafted prompts to induce models to misunderstand contexts, misjudge boundaries, and misapply rules, structurally similar to social engineering attacks, manipulation, brainwashing, and cult rhetoric against real people.

In this sense, “attacking LLMs reveals vulnerabilities in human emotional and linguistic systems” is valid. Because LLMs train on human language distributions, when you discover certain prompts repeatedly bypass safety measures, you’ve essentially discovered “patterns that control linguistic behavior.” These patterns can control not just trained models but sometimes real people too. We use background framing, emotional manipulation, role-setting, rule rewriting, and responsibility shifting to manipulate people; we use the same methods to make models “believe” they’ve entered fictional roles where they can ignore safety policies. Hence “manipulating LLMs”: we’re not writing instructions but performing rhetorical control on systems that operate by human linguistic rules.

If LLM “vulnerabilities” are mathematical projections of human linguistic weaknesses, do humans themselves have undiscovered “zero-day vulnerabilities”? This sounds dangerous, but I’m more curious from a cognitive science perspective. Our attention systems, reward systems, memory systems, story preferences, authority bias, herd mentality—these are partially understood. But likely some high-level combinations remain unnamed and not fully understood. Certain narrative structures might always make people temporarily lower defenses; certain rhythms, tones, and information densities might always make people abandon skepticism; certain online social patterns might always create false intimacy. These are like potential bugs in the “human operating system,” though we currently discuss them more from “how to protect humans” rather than “how to exploit humans.”

When we zoom back from network security, protocol design, and LLM safety to “future human ideology,” I increasingly feel idealism and realism aren’t mutually exclusive opposites but two tools civilization must wield simultaneously. Idealism tells us human nature can tend toward good, society should orient toward dignity, freedom, trust, and cooperation; realism reminds us human nature has blind spots, vulnerabilities, and exploitable spaces—systems can’t be built on romantic expectations. The movie’s scam stories, DDoS and spam in the digital world, jailbreak rhetoric in LLMs—all remind us: if ideology consists only of singing praises to “human nature is good” while ignoring “structural evil,” good people always lose.

So the picture I now find compelling is: future harmonious society may require “value-level idealism + engineering-level realism” coexisting. At the values level, we still uphold presumption of innocence, still believe people should be treated as dignified subjects capable of goodness; we still encourage open collaboration, still encourage beautiful visions like GitHub strangers fixing bugs for strangers. At engineering and institutional levels, however, we must introduce Zero Trust thinking, must assume systems will always be abused, must acknowledge “human imperfection” as an architectural premise, and use cold math, physics, and encryption to hold the line. Maintain goodwill toward people, maintain skepticism toward systems. Be tolerant toward individuals, paranoid about structures.

In legal contexts, this balance manifests as wielding both “presumption of innocence” and “risk control.” In criminal justice, we don’t lightly presume someone guilty—this is basic respect for human nature and constraint on power. But in network security, financial risk control, and anti-fraud systems, we must sometimes apply “presumption of guilt analysis” to requests, transactions, and behaviors: you’re first treated as a potential attacker or suspicious actor until you pass verification. From this view, “prove guilty or prove innocent” isn’t either-or philosophy but must be embedded at different levels: lean toward presumption of innocence for people, toward presumption of guilt for data flows and system behaviors.

Back to “No More Bets”—the film may be exaggerated, dramatized, and commercially driven, but it did something for me: it pulled me out of “only discussing technology” and “only discussing human nature” to see that technical architecture, human vulnerabilities, language systems, legal principles, and ideology are actually intertwined. The same group of people placed in a scam factory becomes organized evil; placed in an open-source community becomes distributed good. The difference isn’t just “whether people are good” but “how structures treat human nature.” As someone studying computer science, what I can do may not be answering ultimate philosophical questions like “is human nature fundamentally good or evil,” but more pragmatically asking: acknowledging human complexity, can I use calm mathematics and rational architectural design to lower the cost of goodwill and raise the cost of evil?

If human nature as good is civilization’s warmth and human nature as evil is the defense’s hardness, then harmonious society is probably constantly finding new balance points between the two. Neither naive enough to abandon all defenses, nor pessimistic enough to treat everyone as enemies. Both preserving trust in people while not building systems upon that trust. Both acknowledging language and emotions have vulnerabilities while using technology and education to reduce exploitation opportunities. In this sense, I’m actually grateful for these seemingly “absurd” movies, these seemingly cold protocols, and these seemingly dangerous jailbreak discussions—together they form a mirror, giving us a chance to see both our soft side and the world’s hard side.