July 2018 - cypherpunks-legacy

Re: <nettime> Steve Coll: Leaks (The New Yorker)
by carl guderian 06 Jul '18

06 Jul '18

On 13-nov-2010, at 10:12, Patrice Riemens wrote: > Waiting for Wikileaks to 'disclose and expose' war crimes to start > this discussion appears to me to be singularly unhelpful, and > that in many respects. Wikileaks simply bridges the gap between > what we had every good reasons to believe - and has been quite > well documented elsewhere, if not to such an (alas basically > indigestible) extent - and what we now know for fact. I don't > consider this a giant leap forward. I'd say the leaks have been a very big help, though unfortunately not in leading to official acknowledgment, let alone dealing with, the activities cited therein. What it has done is further document how our (meaning US) "best and brightest" news organizations and opinion leaders abandoned their responsibiliities before, during and after the Iraq war. As they continue to do, in that and in other matters. Tellingly, one editorial response to the leaks, after flat-out denials and hysterical worries about security, was that this wasn't news because "everyone knew" about the events. That last was somewhat true. Some of the stories, even backed with evidence, had leaked out over the years. But if reported at all, they were most often buried deep within a long story. And if a government spokesmen bellowed "nonsense," there was no follow-up and it was back to horse-race political reporting, murdered blonde college girls and wardrobe malfunctions at the Super Bowl. So "everyone" did know about this stuff, but just didn't think it important enough share it with the rest of us. Those who did they damned as "unserious." (George W. Bush's memoirs show a man who perfectly embodied this emphasis on fluff over substance. Anguish not over federal bumbling over Katrina, but over rapper Kanye West saying Bush didn't care about black people. No regrets over attacking Iraq at all, but allowing that the "Mission Accomplished" photo op may have been premature.) Wikileaks is your friend who's sick of seeing those you thought were your friends lying to you. So he grabs you by the shoulders and lays it out for you. You're in all kinds of trouble but your "friends" kept you distracting from seeing it and often covered up for those responsible for some of it. And Wikileaks brings one piece of evidence after another until you can no longer ignore the bullshit. And it's necessary, because the lying continues. Three years after the financial collapse, there's a lot in the news about foreclosures and the op-ed pages are debating over whether or not it's shameful to squat one's own repossessed house or just walk away. There's nothing about bankers enjoying record bonuses while "losing" evidence of mis- and malfeasance. Ten percent (really higher) unemployment, possibly permanent, but only cutting the deficit matters, with "hard choices" to be made. Pundits saying gravely that Americans must face Social Security cuts to make America great again (though nothing about bankers giving up bonuses). And Americans will suck it up rather than demand justice or better health care because the 2010 elections US is a "center-right" nation (not that voters are despairing). But it sucks when you suspect you're being played, and it sucks even harder when it's proved to you and you can no longer pretend otherwise. It's the sort of enlightenment that doesn't bring comfort but instead removes it. When a person yanks off the blinders, thanking them isn't your first response and sometimes not even your second. The sooner Wikileaks destroys what's left of the official media's credibility, the better. But it's not something we'll thank them for, and I'm sure they know it. I don't think anyone's laughing over there. Carl # distributed via <nettime>: no commercial use without permission # <nettime> is a moderated mailing list for net criticism, # collaborative text filtering and cultural politics of the nets # more info: http://mail.kein.org/mailman/listinfo/nettime-l # archive: http://www.nettime.org contact: nettime(a)kein.org ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Handbook for bloggers and cyber-dissidents
by Thomas Sj?gren 06 Jul '18

06 Jul '18

Reporters Without Borders (Reporters sans fronti?res, RSF) has released a "Handbook for bloggers and cyber-dissidents": http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship >From the chapter "How to blog anonymously": "Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully "cloaked" by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested." -- ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

FC: Geeks want to "Free Dmitry" -- but Congress says keep him in jail
by Declan McCullagh 06 Jul '18

06 Jul '18

http://www.wired.com/news/politics/0,1283,45522,00.html Congress No Haven for Hackers By Declan McCullagh (declan(a)wired.com) 2:00 a.m. July 25, 2001 PDT WASHINGTON -- Even as the world's geeks march against the Digital Millennium Copyright Act, key legislators and lobbyists are dismissing concerns about the controversial law as hyperbole. The law that led to the arrest of Russian programmer Dmitry Sklyarov last week and an immediate outcry among programmers continues to enjoy remarkably broad support on Capitol Hill. No bill has yet been introduced in Congress to amend the DMCA for one simple reason: Official Washington loves the law precisely as much as hackers and programmers despise it. "The law is performing the way we hoped," said Rep. Howard Coble (R-North Carolina), chairman of the House Judiciary subcommittee on intellectual property. The FBI arrested Sklyarov last week in Las Vegas for allegedly "trafficking" in software that circumvents the copy protection techniques that Adobe uses in its e-book format. Under the DMCA, selling such software is a federal felony punishable by up to five years in prison and a fine of $500,000. "As far as I know there have been very few complaints from intellectual property holders," Coble, the chief sponsor of the DMCA, said in an interview Tuesday. "I am also encouraged by the Department of Justice's actions in this matter to enforce the law." When Congress approved the DMCA in October 1998 after about a year's worth of little-noticed debate and negotiations, it was hardly a controversial bill. The Senate agreed to it unanimously, and a unanimous House approved it by voice vote, then bypassed a procedural step that would have delayed the DMCA's enactment. Since the House procedure says attempts to rewrite copyright law must start in Coble's subcommittee, the odds of a DMCA rewrite in Congress' lower chamber seem remote. Coble's counterpart in the Senate, California Democrat Dianne Feinstein, feels the same way. "We need to protect copyrights and this law was designed to do that," said Howard Gantman, a spokesman for Feinstein, who chairs the Senate Judiciary subcommittee on technology. "She's not looking to change it." [...] But in the world of Washington politics, geektivists are woefully outnumbered by the natives who populate and influence confirmation hearings: Corporate, nonprofit and trade association lobbyists. "We believe that a careful effort was made by Congress to balance the rights of intellectual property owners and the rights of intellectual property consumers," says Allan Adler, vice president at the Association of American Publishers, which applauded Sklyarov's arrest last week. [...] The Free-Dmitry movement argues that programmers should not be prosecuted for creating software that can circumvent copyright protection -- since such tools have many legitimate uses, such as reading an e-book on another computer, as well. But DMCA aficionados say there are precedents for broad prohibitions on selling devices that can have both legitimate and illegitimate uses. Current federal law makes it a felony to own, distribute or advertise for sale bugging or wiretapping devices that are "primary useful for the purpose of surreptitious interception of wire, oral or electronic communications." That applies even to parents who might want to monitor what their young children are doing, or to other commonplace uses. You're also not allowed to possess hardware or software such as cell phone cloning devices that let you "obtain telecommunications service without authorization" -- even if your motives are pure. [...] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ----- End forwarded message -----

1 0

[>Htech] Game on: criminals set sights on virtual realities
by oxyryxo 06 Jul '18

06 Jul '18

Report to warn that the explosive growth of computer-generated worlds could lead to money laundering By Stephen Foley in New York Published: 31 December 2006 Virtual worlds that have become a second home to millions of computer users could come under the scrutiny of governments as fears grow that they are being used by criminals to launder money. A report due out next month from Deloitte, the consultancy firm, will say the nascent economies that have developed inside internet-based games such as Second Life and Entropia Universe could be exploited by criminal gangs. The report warns that the fast-growing popularity of these games could tempt organised criminals, as players can trade virtual property and convert profits back into real currency. Virtual realities have grown in sophistication since role-playing computer games migrated to the web and allowed players to interact with potentially unlimited numbers of people across the world. While games like World of Warcraft have concentrated on fantasy challenges, Second Life and Entropia have created worlds much like our own, where virtual property magnates, clothes designers and prostitutes offering virtual sex make hundreds of thousands of real US dollars a year. In Entropia, the virtual currency, called the PED, is pegged to the US dollar. Players can convert real money into PEDs and back again using an online payment system. Last year, one American entrepreneur paid $100,000 (#51,000) for a virtual space in Entropia that he planned to convert into a nightclub. The real-world value of transactions in virtual realities is rising steadily, and is likely to continue growing through 2007. One estimate places the value of commerce in Second Life at $265,000 a day, and it is estimated that average turnover is rising by up to 15 per cent a month. If these trends continue, Second Life's overall GDP could be close to $700m in 2007. The explosive growth has already attracted the attention of law makers in the US, who are worried about the tax implications of transactions going on inside the virtual world, away from the oversight of the Internal Revenue Service. A joint committee in Congress is finalising a report on the real-world implications of virtual economies, although its chairman has insisted the aim is to head off taxation of virtual transactions. Deloitte's report will argue that governments should look first at the potential for crime. "Governments may wish to focus more on identifying any attempts to exploit the mechanisms of virtual economies to undertake criminal activity," Deloitte will warn. "Money launderers may use trade in digital artefacts or the ability to withdraw cash from an ATM as a means of money laundering." A spokesman for Second Life's owner, Linden Labs, said the company was happy to co-operate with tax authorities and criminal investigators, but could not police such matters itself. "The nature of having built a highly participatory economy makes it very difficult, and Linden Labs has always tried to take a hands-off approach to regulation and in-world policing." Deloitte cautions that the economic influence of virtual worlds is still tiny in comparison with global GDP of $47 trillion. And the long-term sustainability of individual operations is in question. Second Life, for instance, has been plagued in recent months by technical glitches and has attracted the attention of malicious computer hackers. Separately, the Deloitte report will examine how corporations might make money from social networking sites. It will argue that instead of following MySpace and YouTube in targeting young users, new sites should reach out to older internet users and extended families or tight-knit groups, and begin charging for "privacy" - services that control the people who can access shared material. http://news.independent.co.uk/business/news/article2114404.ece Post message: transhumantech(a)yahoogroups.com Subscribe: transhumantech-subscribe(a)yahoogroups.com Unsubscribe: transhumantech-unsubscribe(a)yahoogroups.com List owner: transhumantech-owner(a)yahoogroups.com List home: http://www.yahoogroups.com/group/transhumantech/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/transhumantech/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/transhumantech/join (Yahoo! ID required) <*> To change settings via email: mailto:transhumantech-digest@yahoogroups.com mailto:transhumantech-fullfeatured@yahoogroups.com <*> To unsubscribe from this group, send an email to: transhumantech-unsubscribe(a)yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[liberationtech] How the Next Generation Diaspora* Should Be Built to Help High-Risk Activists
by Yosem Companys 06 Jul '18

06 Jul '18

How the Next Generation Diaspora* Should Be Built to Help High-Risk Activists<http://liberationtech.tumblr.com/post/13377461578/how-the-next-generation-d…> *I. Introduction* An online privacy activist recently asked me: Suppose you were to build the next-generation Diaspora* b i.e., a secure, private, and decentralized social network b how would you go about it? The question is an important one, especially considering that many projects preceded Diaspora* but failed to gain traction<http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/FSWS2010_-_Projects>, along with the skepticism with which Diaspora* has been met in hacker circles. Hacker News has been particularly vicious, with attacks on Diaspora*bs security and privacy code implementation from the get go<http://news.ycombinator.com/item?id=1718367> and with criticism of the Diaspora*bs team ability (or lack thereof) to implement its vision <http://news.ycombinator.com/item?id=1701542>. Criticism has also come from the mainstream media, where reporters have wondered b whatever happened to Diaspora*<http://blogs.wsj.com/tech-europe/2011/11/07/whatever-happened-to-diaspora-t…>b and b whatbs taking so long<http://tech.blorge.com/Structure:%20/2011/10/12/free-diaspora-begs-for-more…>,b as though building a secure, private, and decentralized social network were as easy as building a centralized alternative like Facebook. In this context, credit should be given to the Diaspora* founders for trying to advance the vision by learning from the mistakes past projects have made in this space. *II. What is the goal?* One of the first steps to undertake when answering the question posed by my online privacy activist friend is to determine what the goal of such a next-generation Diaspora* would be. For example, if the goal is to gain traction among mainstream users, as Diso creator Steve Ivy has suggested<http://www.monkinetic.com/2010/05/why-no-one-is-going-to-succeed-at-buildin…>, then the focus would not be so much on the merits of the technology at ensuring security and privacy, as it would be on its ability to use decentralization to overcome Facebookbs considerable network effects<http://en.wikipedia.org/wiki/Network_effect>. As one of Liberationtech <http://liberationtechnology.stanford.edu/>bs coordinators, Ibm much more interested in the former than the latter, for there are many people in the world who care about security, privacy, and decentralization for its own sake, and there is a very compelling reason for giving these people such a solution, i.e., their very lives depend on it. Before we delve into that topic, however, Ibd like to address the question of how one would overcome Facebookbs network effects. *III. How does one overcome Facebookbs network effects?* As you may recall from economics, a network effect<http://en.wikipedia.org/wiki/Network_effect> is the effect one user of a good or service has on the value of that product to other people. A network with a lot of people has more value than one that has fewer people. For example, if you are looking for a job, or searching for people who share your interests, you are more likely to find them in a larger network than in a smaller one. Since people will choose to join the larger network at the expense of the smaller one, one will ultimately end up with one giant network, as barring some kind of niche offering in smaller networks, one is unlikely to find any value in the smaller networks as the number of users on those networks dwindles. This process also illustrates how difficult it is to persuade one person to switch from one network to another. A person benefits from her participation in a social network because she has ties on that network. That personbs friends benefit from their participation in that network because of their ties. As such, to persuade someone to switch from one network to another, you must not only persuade that person to make the switch but also that personbs ties, thereby creating a chicken-and-egg problem <http://en.wikipedia.org/wiki/Chicken_or_the_egg>: That person will switch only if her friends switch, and the friends will switch only if that person switches. Thus, overcoming network effects is a group problem, not an individual one: You must create a social movement of sorts to encourage people to switch from one social network to another, or at the very least, create an information cascade<http://en.wikipedia.org/wiki/Information_cascade> orbandwagon effect <http://en.wikipedia.org/wiki/Bandwagon_effect%20> that encourages people to switch. For those who may be skeptical about the strength of Facebookbs network effects, consider the following: Polls<http://www.allfacebook.com/survey-seven-in-ten-facebookers-worry-about-priv…> regularly find that approximately 70% of users are concerned about their Facebook privacy and security, yet according to a proprietary Forrester study only 4% quit Facebook for this reason. In fact, nearly half of those who quit Facebook do so because they were bored with Facebook or found a better niche site elsewhere. These numbers suggest the strength of Facebookbs social network effect. Given the seriousness of peoplebs security and privacy concerns, one would expect a much larger number of people to quit. Yet they donbt do so because quitting would mean losing touch with your friends and other contacts on the Facebook network. You may immediately notice, however, that this economics story is one-sided: The assumption is that advantages in network size will create an inexorable trend towards consolidation, yet the disadvantages in network size that could create an equally strong or more powerful effect away from consolidation is left unexplored. We know, however, that such effects exist. Otherwise, how would MySpace have replaced Friendster in the first place? Or how would Facebook have replaced MySpace? The question that arises then is the following: How does one overcome Facebookbs network effect? There is less research on overcoming network effects than on their inevitability, but some possibilities immediately come to mind. *A. Deep Pockets* One obvious possibility is that a competitor may come along with pockets sufficiently deep enough to challenge the entrenched network. Such a competitor could spend considerable resources on marketing and advertising to attract users to switch from the dominant network to the competing one. Yet, as Google+bs experience has shown, this process may be neither immediate nor successful. The verdict is still out, but Google+bs recent experience<http://tech.slashdot.org/story/11/10/10/1624207/google-loses-60-of-active-u…>suggests that deep pockets may not be enough to counter a leading networkbs network effect. *B. People Discovery* A second promising alternative is people discovery, i.e., a social network that enables you to meet people you donbt know. Despite an extensive academic literature that suggests that people are distrustful at meeting strangers in real life, proprietary Mintel data suggests the opposite: Nearly 50% of those surveyed say they would like to meet strangers online, and many admit to b friendingb strangers on a regular basis, including women, who are generally assumed to be much more distrustful of strangers. Web inventor Tim Berners-Lee sees people discovery, or stretching onebs ties to meeting people who are different from us<http://www.wired.co.uk/news/archive/2011-04/19/tim-berners-lee-science-w3c>, as the next social networking frontier, and companies have heeded the call, as Altlybs transformation from a private social network to a people-discovery engine named BetaBeat<http://techcrunch.com/2011/09/13/upcoming-social-network-altly-is-now-anybe…> has shown. Itbs unclear, however, whether people discovery will be sufficient to overcome Facebookbs network effects, especially since Facebook has sufficient resources to copy any social network innovation in this area to its advantage. Moreover, by virtue of Facebookbs larger pool of users, the company should be in an ideal position to introduce people to others they do not know. As Twitter has shown, however, people discovery has the distinct advantage of circumventing Facebookbs network effect. If a new social network focuses on people who want to meet those they donbt know, then those people are also less likely to care whether their existing ties are on that new network, since by definition they donbt care as much about their existing ties as they do about establishing new ones. Twitter has capitalized on this insight, and Facebook has recognized it, as the latterbs ongoing transformation from a private, close-tie, college-based campus network to a public, weak tie, international network has shown<http://www.huffingtonpost.com/2011/09/16/facebook-subscribe-copies-twitter_…>. In economics, some<http://en.wikipedia.org/wiki/Open_Veins_of_Latin_America>have argued that countries pursue protectionism when they are poor and free trade when they are rich. Similarly, Facebook was for privacy as a small network and is now for openness as a large one. *C. Technical Superiority* A third possibility is to find a technical feature (or set of features) that are more valuable than those offered by the dominant network. In other words, one would focus on technical advantages that overcome the social advantages created through network effects. An example of this can be found in how Google overcame Yahoo at search<http://lowendmac.com/orchard/09th/google-history.html>. Google had a search algorithm that generated better results, and over time, people gravitated to Google over Yahoo. One example that comes to mind in the network space would be the application of natural language processing<http://en.wikipedia.org/wiki/Natural_language_processing> to enable users to get more benefits out of their social network ties. Facebook does this through filtering, albeit not as transparently as many would like, leading thinkers like Eli Pariser<http://en.wikipedia.org/wiki/Eli_Pariser> to complain about the dangers of b filter bubbles<http://www.ted.com/talks/eli_pariser_beware_online_filter_bubbles.html>.b In fact, there is a battle brewing betweenFacebook<http://www.zdnet.com/blog/facebook/facebook-using-natural-language-processi…> and Google+ <http://www.youtube.com/watch?v=Sx3Fpw0XCXk> in this area, as natural language processing is seen as the potential driver for a new wave of social network interactions. Nevertheless, just as Google did to Yahoo, it is entirely conceivable that a new network could come along with a proprietary algorithm in natural language processing that could give it a similar technical advantage over Facebook or Google+ in the social networking marketplace. Moreover, there are many unexplored innovations in this space: While computational researchers have made advancements in the study of syntax and semantics <http://en.wikipedia.org/wiki/Computational_linguistics>, pragmatics <http://en.wikipedia.org/wiki/Pragmatics> remains a relatively black box, despite media hype to the contrary. In fact, the most sophisticated research in this area comes not from computer science but from social network analysis<http://en.wikipedia.org/wiki/Social_network#Social_network_analysis> in the behavioral sciences. Surprisingly, however, programmers have yet to mine this extensive literature for behavioral insights with which to construct better social networking sites. *D. Total Institutions* One final possibility comes from the realm of total institutions<http://en.wikipedia.org/wiki/Total_institution>. A total institution can be defined as a place of work and residence where a great number of similarly situated people, cut off from the wider community for a considerable time, together lead an enclosed, formally administered round of life. Examples of total institutions include monasteries, the army, prisons, and psychiatric institutions, among many others. Total institutions are dense locations of activity, where ideas can spread quickly, and thus they are ideal locations for fostering the growth of social networking sites. Youbre probably thinking: b Thatbs crazy. Are you suggesting that we build a social network out of an insane asylum?b But before you discount the idea, remember that this is exactly one of the reasons why Facebook became a dominant player in social networking. Facebook, in fact, capitalized on the most influential total institution of Western society, i.e., the college campus. On college campuses, students work and live together, and they share similar values and engage in similar activities, cut off from the wider community for at least four years. Facebookbs strategy, as I have explained elsewhere<http://liberationtech.tumblr.com/post/13205628046/the-story-of-online-socia…>, focused on controlled growth and saturation from one college to the next. To the extent that female students had privacy fears about joining Facebook, these concerns were assuaged by the fact that Facebook only allowed people who had university email addresses to join, such that the number of potential whack jobs were limited to those that you knew on your college campus, not those that you did not. This may also help explain why Facebook, unlike other social networking and dating sites, is predominantly female, and why men b as even the Facebook founders themselves acknowledge b were so attracted to joining Facebook in the first place. This story raises the question: Can a new social networking site challenge Facebook by taking over college campuses again? The answer to that is unclear. Facebook remains strong among college campuses, though the bulk of its growth is now coming from older demographics, such that the proportion of college students in the network has fallen. You could say that Facebookbs strategy has now shifted from the campus as a total institution to the elderly home as a total institution. At the same time, college campus-specific social networks have been launched in recent years but have made scarcely a dent on Facebookbs college-age numbers. As such, a better question to ask is the following: Are there other total institutions out there that social networking entrepreneurs can tap into to challenge Facebookbs dominance? I donbt really have a good answer to this question, so it remains rhetorical. But to the extent that Diaspora* has gotten more traction than other social networking sites, it is because it has tapped into the free culture movement<http://en.wikipedia.org/wiki/Free_culture_movement> , hackerspaces <http://en.wikipedia.org/wiki/Hackerspace> and maker spaces<http://hardware.slashdot.org/story/11/11/21/1937243/are-maker-spaces-the-fu…>, and so on. Similarly, though Silicon Valley has an aversion to politics, a social networking site that is built out of movements such as Anonymous<http://en.wikipedia.org/wiki/Anonymous_(group)> ,WikiLeaks <http://en.wikipedia.org/wiki/WikiLeaks>, or the Occupy movement<http://en.wikipedia.org/wiki/Occupy_movement> may be able to attain significant traction, if timed properly. In short, while the number of pure total institutions in our society is limited, it is clear from Diaspora*bs experience that a group-based social networking recruitment approach may work better for social networking entrepreneurs than the traditional individual-based approach they have followed to date. *IV. Getting back to the task at hand* Overcoming Facebookbs network effect, however, only matter to the extent that you want to build traction to supplant Facebook. But suppose youbre not interested in traction. Suppose that what you care about is to create a secure, private, and decentralized Facebook alternative that protects high-risk activists fighting for freedom, democracy, and human rights in oppressive, dangerous environments <http://liberationtechnology.stanford.edu/>. Then, many of the mainstream usersb considerations drop out of the equation, and the problem becomes much more focused and manageable b albeit still difficult. At the same time, however, mainstream users who care about privacy and security can still use the solution, if they are so inclined. As a Stanford liberationtech <http://liberationtechnology.stanford.edu/> coordinator, you can see why I would be so interested in such a solution. The goal of our program is to conduct research and design of information and communication technologies to foster freedom, democracy, human rights, development, and effective governance. In other words, we want to figure out ways in which technology can support the dangerous work that activists conduct every day to create a better world. A secure, private, and decentralized communication platform would help support activist efforts to this end. And such a platform only needs traction among activists, not all mainstream users, to succeed. In other words, it needs to solve the activist problem, not the mainstream userbs problem, to be most effective. *A. Organizing versus broadcasting* But, you may ask, arenbt movements like the Occupy movement, theArab Spring<http://en.wikipedia.org/wiki/Arab_Spring>, or the *Indignados <http://en.wikipedia.org/wiki/2011_Spanish_protests> *more interested in spreading the word? As such, how can you give up on traction in pursuit of this goal? To answer these questions, it is important to differentiate between what activists do *before* a movement and what they do *during* a movement. As my doctoral dissertation shows, before a movement, an activist needs a private and secure platform to organize with a small group of people. These are the people who lay the groundwork for what the movement is to become. Authoritarian regimes understand this, which is why they seek to stamp out the early-movers, and why they immediately crack down on any signs of free assembly. When groups of people are able to assemble in such environments, thatbs when the regimebs days are numbered. If people are able to assemble, then the activistbs task changes from organizing to spreading the word. It is at this point that traction, or the broadcast capabilities of a social networking site, become important. But as we have seen, large mainstream social networking sites like Facebook and Twitter are more effective at doing this task. Once activists get to the broadcasting stage, what becomes more important to them is to protect their identities as they spread the movementbs message. But the organizing task is never completed. The organizing task continues. And it is this organizing task that I care about most. This critical organizing task is done by a small group of people that need to be able to maintain strong ties to one another in a secure and private fashion if they are to succeed. This explanation starts to draw the raw schematic of what a next generation Diaspora*-like private, secure, and distributed social network should look like, if it is to achieve Liberationtech<http://liberationtechnology.stanford.edu/> ends. The network should facilitate the communication of a small group of people seeking to organize social change and subsequently enable them to broadcast that message through larger mainstream social networking sites to generate the strength-in-numbers that can help movements grow and ultimately bring about political change. In other words, it must be a secure and private social networking site with HootSuite<http://en.wikipedia.org/wiki/HootSuite>-like capabilities that can protect the anonymity of the person broadcasting messages to the larger and more mainstream social networking sites. *B. Decentralization* So far, my emphasis has been on security and privacy alone. But decentralization is inextricably tied to security and privacy and equally important. What do we mean by decentralization? Decentralization means that instead of having to post a message to a central server like Facebook, and then wait for that server to transfer that message (or not, in the case of censorship) to your friend, you send that message to your friend directly. To achieve this, communication must be machine-to-machine, where the sender controls the first machine and the recipient controls the second, and the message that is transmitted is encrypted to ensure that only the sender and the recipient can read it. In other words, the sender and recipient must have an easy and fast means to install and manage the software on their machines b whether these machines are servers, computers, or phones, as in the FreedomBox <http://freedomboxfoundation.org/>vision. Furthermore, the sender and the recipient must have the ability to stop using their machines and seamlessly use new ones, should the original machines be compromised for whatever reason by an authoritarian regime. The software would need to have an easy b self-destruct mechanismb such that the data can be destroyed immediately in an emergency. At the same time, the b right to forget<http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html?pagewanted=all>b would have to be embedded from the get go, such that the data would self destruct after a certain period of time to prevent a trail of communication that would make it easy for an authoritarian regime to track down the activists. As such, the next generation of secure, private, and decentralized social networking site would create a one-click turnkey solution for activists that could easily be discarded if compromised and whose data could be destroyed automatically as the utility of the data diminishes while organizing unfolds. *C. Mobility* There is one final consideration. Activists are constantly on the move, such that the social networking site will need to be mobile from the get go and have the capability of synchronizing data on multiple machines simultaneously. Thus, if the activist needs to coordinate with others elsewhere, she must have the capability to access her data from the alternate location. Similarly, there will be times when the activist will attend a street protest, and the relevant social networking data will need to be accessible on her phone. Other times, the activist will need to go to a b safe house <http://en.wikipedia.org/wiki/Safe_house>b and access her data from there. Moreover, connectivity will vary greatly. At times the activist may have access to broadband Internet, but other times, she may need to connect via a 56K modem, a mobile connection, a mesh network<http://en.wikipedia.org/wiki/Wireless_mesh_network>, or perhaps even a satellite link. The social networking site will need to be accessible regardless of the connectivity, which means significant work on data compression <http://en.wikipedia.org/wiki/Data_compression> will be required to ensure that the softwarebs performance remains nimble under such disparate conditions. This creates difficult challenges for the developers of such an application that developers of mainstream applications would never have to encounter. *D. Cooperative* So how does one draw the necessary resources required to overcome the aforementioned challenges of security, privacy, decentralization, and mobility to build such a social networking site? Western society gives us two main legal-institutional vehicles for tackling the problem: i) a for-profit firm a la limited liability company<http://en.wikipedia.org/wiki/Limited_liability_company> or C corporation <http://en.wikipedia.org/wiki/C_corporation>; or ii) a non-profit firm a la private foundation<http://en.wikipedia.org/wiki/Private_foundation> or 501(c) organization <http://en.wikipedia.org/wiki/501(c)_organization>. (Another possibility is a hybrid for-profit/non-profit model a la WordPress<http://en.wikipedia.org/wiki/WordPress> or Mozilla <http://en.wikipedia.org/wiki/Mozilla>, but letbs set that aside for now.) In either case, a group of individuals b usually, the founders b become owners of the organization and raise the necessary resources needed to execute the organizationbs mission, implement its strategies, and reach its goals. A for-profit organization like a C-Corp is ideally suited for the task because the founders can sell an ownership stake in the firm in order to raise the requisite resources. But as the saying goes, therebs no such thing as a free lunch. The resources come at a cost in terms of the organization having to perform in a reliable and accountable fashion relative to the expectations of its shareholders. In the pursuit of profit, principle can easily be abandoned since, at the end of the day, all the shareholders care about is obtaining superior returns relative to what they could receive by investing elsewhere. If the firm is able to secure superior returns, however, other prospective investors will be attracted to the investment opportunity, thereby providing the organization with the resources to grow over time. In the end, shareholders matter more than customers b and for our purposes, the activists risking their lives for freedom, democracy, and human rights b for without the shareholders there is no business. On the surface, a non-profit organization looks better on principle grounds because the organization is not acting on the basis of profit alone. Nevertheless, a non-profit organization is still owned by a small group of individuals, and as in the case of a for-profit firm, controlled by its board of directors, which means all decisions with respect to the organization and its customers b or in this case, activists b are made by the board. This means that, in both the for-profit and non-profit cases, the product at the end of the day is determined by decisions resulting from the good will and discretion of a small group of individuals. Youbll probably be surprised to hear that itbs often also the case for open-source projects like Diaspora*. As Karl Fogelbs book b Producing Open Source Software: How to Run a Successful Free Software Project<http://producingoss.com/en/index.html>b teaches, most open-source projects are run by b benevolent dictators<http://producingoss.com/en/social-infrastructure.html#benevolent-dictator>b in whom b final decision-making authority restsb and b who, by virtue of personality and experience, is expected to use it wisely.b Even in the case where the project isAffero General Public License (or AGPL)<http://en.wikipedia.org/wiki/Affero_General_Public_License>, the benevolent dictator can make decisions that can prevent the right technologies from being implemented over the course of the project. The project may even create disincentives for open-source involvement by creating restrictive intellectual property (IP) assignment contracts that require developers to give up all rights to the code they produce. And worse, a non-profit organization cannot sell shares, which means that there are no financial incentives other than the generosity of donors to raise the resources required to develop it. So to summarize, on the one hand, therebs the for-profit firm that can sell shares to raise the necessary revenues to develop a product but in many cases may sell out principle in pursuit of profit, and on the other hand, therebs the non-profit firm that has to depend on donations but, as in its for-profit counterpart, still makes the activists beholden to the actions of a few individuals. Given this predicament, what are we to do to ensure that the organization is accountable to the activists it serves and can mobilize developers to contribute in an open-source manner to the project? One possibility is the cooperative<http://en.wikipedia.org/wiki/Cooperative>, a business organization owned and controlled democratically by its members for mutual benefit. The cooperative can range from for-profit to non-profit, depending on the projectbs ultimate goals. Thus, while the cooperative is not a magical solution to all of the aforementioned problems, it can help ameliorate many of them, when correctly designed and executed. The advantage of the cooperative for purposes of the task at hand is that it can ensure that the organization operates in a democratic and accountable fashion relative to the developers who contribute the code to solve the aforementioned technical challenges and relative to the activists who risk their lives using the technology to do their jobs on the field. The developers can transfer their IP rights to the cooperative, knowing that such rights will not be exploited for financial gain without them. Similarly, the activists can know that the organization has their best interest at heart and thus can trust that the solution will be built and subsequently developed with their needs and concerns in mind. *V. Conclusion* So in response to my online privacy activist friendbs question about how I would build the next-generation Diaspora*, my answer is this: I would create it first and foremost as a secure, private, distributed, and mobile platform with HootSuite <http://en.wikipedia.org/wiki/HootSuite>-like (but anonymous) broadcast capabilities and fast and reliable performance under rapidly changing conditions. But I would make sure to work within a cooperative legal-institutional framework to find the correct design that makes the organization accountable both to its developers and customers, i.e., the activists that the social networking site is meant to serve. _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

FC: Geeks want to "Free Dmitry" -- but Congress says keep him in jail
by Declan McCullagh 06 Jul '18

06 Jul '18

http://www.wired.com/news/politics/0,1283,45522,00.html Congress No Haven for Hackers By Declan McCullagh (declan(a)wired.com) 2:00 a.m. July 25, 2001 PDT WASHINGTON -- Even as the world's geeks march against the Digital Millennium Copyright Act, key legislators and lobbyists are dismissing concerns about the controversial law as hyperbole. The law that led to the arrest of Russian programmer Dmitry Sklyarov last week and an immediate outcry among programmers continues to enjoy remarkably broad support on Capitol Hill. No bill has yet been introduced in Congress to amend the DMCA for one simple reason: Official Washington loves the law precisely as much as hackers and programmers despise it. "The law is performing the way we hoped," said Rep. Howard Coble (R-North Carolina), chairman of the House Judiciary subcommittee on intellectual property. The FBI arrested Sklyarov last week in Las Vegas for allegedly "trafficking" in software that circumvents the copy protection techniques that Adobe uses in its e-book format. Under the DMCA, selling such software is a federal felony punishable by up to five years in prison and a fine of $500,000. "As far as I know there have been very few complaints from intellectual property holders," Coble, the chief sponsor of the DMCA, said in an interview Tuesday. "I am also encouraged by the Department of Justice's actions in this matter to enforce the law." When Congress approved the DMCA in October 1998 after about a year's worth of little-noticed debate and negotiations, it was hardly a controversial bill. The Senate agreed to it unanimously, and a unanimous House approved it by voice vote, then bypassed a procedural step that would have delayed the DMCA's enactment. Since the House procedure says attempts to rewrite copyright law must start in Coble's subcommittee, the odds of a DMCA rewrite in Congress' lower chamber seem remote. Coble's counterpart in the Senate, California Democrat Dianne Feinstein, feels the same way. "We need to protect copyrights and this law was designed to do that," said Howard Gantman, a spokesman for Feinstein, who chairs the Senate Judiciary subcommittee on technology. "She's not looking to change it." [...] But in the world of Washington politics, geektivists are woefully outnumbered by the natives who populate and influence confirmation hearings: Corporate, nonprofit and trade association lobbyists. "We believe that a careful effort was made by Congress to balance the rights of intellectual property owners and the rights of intellectual property consumers," says Allan Adler, vice president at the Association of American Publishers, which applauded Sklyarov's arrest last week. [...] The Free-Dmitry movement argues that programmers should not be prosecuted for creating software that can circumvent copyright protection -- since such tools have many legitimate uses, such as reading an e-book on another computer, as well. But DMCA aficionados say there are precedents for broad prohibitions on selling devices that can have both legitimate and illegitimate uses. Current federal law makes it a felony to own, distribute or advertise for sale bugging or wiretapping devices that are "primary useful for the purpose of surreptitious interception of wire, oral or electronic communications." That applies even to parents who might want to monitor what their young children are doing, or to other commonplace uses. You're also not allowed to possess hardware or software such as cell phone cloning devices that let you "obtain telecommunications service without authorization" -- even if your motives are pure. [...] ------------------------------------------------------------------------- POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ ------------------------------------------------------------------------- ----- End forwarded message -----

1 0

[>Htech] Game on: criminals set sights on virtual realities
by oxyryxo 06 Jul '18

06 Jul '18

Report to warn that the explosive growth of computer-generated worlds could lead to money laundering By Stephen Foley in New York Published: 31 December 2006 Virtual worlds that have become a second home to millions of computer users could come under the scrutiny of governments as fears grow that they are being used by criminals to launder money. A report due out next month from Deloitte, the consultancy firm, will say the nascent economies that have developed inside internet-based games such as Second Life and Entropia Universe could be exploited by criminal gangs. The report warns that the fast-growing popularity of these games could tempt organised criminals, as players can trade virtual property and convert profits back into real currency. Virtual realities have grown in sophistication since role-playing computer games migrated to the web and allowed players to interact with potentially unlimited numbers of people across the world. While games like World of Warcraft have concentrated on fantasy challenges, Second Life and Entropia have created worlds much like our own, where virtual property magnates, clothes designers and prostitutes offering virtual sex make hundreds of thousands of real US dollars a year. In Entropia, the virtual currency, called the PED, is pegged to the US dollar. Players can convert real money into PEDs and back again using an online payment system. Last year, one American entrepreneur paid $100,000 (#51,000) for a virtual space in Entropia that he planned to convert into a nightclub. The real-world value of transactions in virtual realities is rising steadily, and is likely to continue growing through 2007. One estimate places the value of commerce in Second Life at $265,000 a day, and it is estimated that average turnover is rising by up to 15 per cent a month. If these trends continue, Second Life's overall GDP could be close to $700m in 2007. The explosive growth has already attracted the attention of law makers in the US, who are worried about the tax implications of transactions going on inside the virtual world, away from the oversight of the Internal Revenue Service. A joint committee in Congress is finalising a report on the real-world implications of virtual economies, although its chairman has insisted the aim is to head off taxation of virtual transactions. Deloitte's report will argue that governments should look first at the potential for crime. "Governments may wish to focus more on identifying any attempts to exploit the mechanisms of virtual economies to undertake criminal activity," Deloitte will warn. "Money launderers may use trade in digital artefacts or the ability to withdraw cash from an ATM as a means of money laundering." A spokesman for Second Life's owner, Linden Labs, said the company was happy to co-operate with tax authorities and criminal investigators, but could not police such matters itself. "The nature of having built a highly participatory economy makes it very difficult, and Linden Labs has always tried to take a hands-off approach to regulation and in-world policing." Deloitte cautions that the economic influence of virtual worlds is still tiny in comparison with global GDP of $47 trillion. And the long-term sustainability of individual operations is in question. Second Life, for instance, has been plagued in recent months by technical glitches and has attracted the attention of malicious computer hackers. Separately, the Deloitte report will examine how corporations might make money from social networking sites. It will argue that instead of following MySpace and YouTube in targeting young users, new sites should reach out to older internet users and extended families or tight-knit groups, and begin charging for "privacy" - services that control the people who can access shared material. http://news.independent.co.uk/business/news/article2114404.ece Post message: transhumantech(a)yahoogroups.com Subscribe: transhumantech-subscribe(a)yahoogroups.com Unsubscribe: transhumantech-unsubscribe(a)yahoogroups.com List owner: transhumantech-owner(a)yahoogroups.com List home: http://www.yahoogroups.com/group/transhumantech/ Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/transhumantech/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/transhumantech/join (Yahoo! ID required) <*> To change settings via email: mailto:transhumantech-digest@yahoogroups.com mailto:transhumantech-fullfeatured@yahoogroups.com <*> To unsubscribe from this group, send an email to: transhumantech-unsubscribe(a)yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0

[liberationtech] How the Next Generation Diaspora* Should Be Built to Help High-Risk Activists
by Yosem Companys 06 Jul '18

06 Jul '18

How the Next Generation Diaspora* Should Be Built to Help High-Risk Activists<http://liberationtech.tumblr.com/post/13377461578/how-the-next-generation-d…> *I. Introduction* An online privacy activist recently asked me: Suppose you were to build the next-generation Diaspora* b i.e., a secure, private, and decentralized social network b how would you go about it? The question is an important one, especially considering that many projects preceded Diaspora* but failed to gain traction<http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/FSWS2010_-_Projects>, along with the skepticism with which Diaspora* has been met in hacker circles. Hacker News has been particularly vicious, with attacks on Diaspora*bs security and privacy code implementation from the get go<http://news.ycombinator.com/item?id=1718367> and with criticism of the Diaspora*bs team ability (or lack thereof) to implement its vision <http://news.ycombinator.com/item?id=1701542>. Criticism has also come from the mainstream media, where reporters have wondered b whatever happened to Diaspora*<http://blogs.wsj.com/tech-europe/2011/11/07/whatever-happened-to-diaspora-t…>b and b whatbs taking so long<http://tech.blorge.com/Structure:%20/2011/10/12/free-diaspora-begs-for-more…>,b as though building a secure, private, and decentralized social network were as easy as building a centralized alternative like Facebook. In this context, credit should be given to the Diaspora* founders for trying to advance the vision by learning from the mistakes past projects have made in this space. *II. What is the goal?* One of the first steps to undertake when answering the question posed by my online privacy activist friend is to determine what the goal of such a next-generation Diaspora* would be. For example, if the goal is to gain traction among mainstream users, as Diso creator Steve Ivy has suggested<http://www.monkinetic.com/2010/05/why-no-one-is-going-to-succeed-at-buildin…>, then the focus would not be so much on the merits of the technology at ensuring security and privacy, as it would be on its ability to use decentralization to overcome Facebookbs considerable network effects<http://en.wikipedia.org/wiki/Network_effect>. As one of Liberationtech <http://liberationtechnology.stanford.edu/>bs coordinators, Ibm much more interested in the former than the latter, for there are many people in the world who care about security, privacy, and decentralization for its own sake, and there is a very compelling reason for giving these people such a solution, i.e., their very lives depend on it. Before we delve into that topic, however, Ibd like to address the question of how one would overcome Facebookbs network effects. *III. How does one overcome Facebookbs network effects?* As you may recall from economics, a network effect<http://en.wikipedia.org/wiki/Network_effect> is the effect one user of a good or service has on the value of that product to other people. A network with a lot of people has more value than one that has fewer people. For example, if you are looking for a job, or searching for people who share your interests, you are more likely to find them in a larger network than in a smaller one. Since people will choose to join the larger network at the expense of the smaller one, one will ultimately end up with one giant network, as barring some kind of niche offering in smaller networks, one is unlikely to find any value in the smaller networks as the number of users on those networks dwindles. This process also illustrates how difficult it is to persuade one person to switch from one network to another. A person benefits from her participation in a social network because she has ties on that network. That personbs friends benefit from their participation in that network because of their ties. As such, to persuade someone to switch from one network to another, you must not only persuade that person to make the switch but also that personbs ties, thereby creating a chicken-and-egg problem <http://en.wikipedia.org/wiki/Chicken_or_the_egg>: That person will switch only if her friends switch, and the friends will switch only if that person switches. Thus, overcoming network effects is a group problem, not an individual one: You must create a social movement of sorts to encourage people to switch from one social network to another, or at the very least, create an information cascade<http://en.wikipedia.org/wiki/Information_cascade> orbandwagon effect <http://en.wikipedia.org/wiki/Bandwagon_effect%20> that encourages people to switch. For those who may be skeptical about the strength of Facebookbs network effects, consider the following: Polls<http://www.allfacebook.com/survey-seven-in-ten-facebookers-worry-about-priv…> regularly find that approximately 70% of users are concerned about their Facebook privacy and security, yet according to a proprietary Forrester study only 4% quit Facebook for this reason. In fact, nearly half of those who quit Facebook do so because they were bored with Facebook or found a better niche site elsewhere. These numbers suggest the strength of Facebookbs social network effect. Given the seriousness of peoplebs security and privacy concerns, one would expect a much larger number of people to quit. Yet they donbt do so because quitting would mean losing touch with your friends and other contacts on the Facebook network. You may immediately notice, however, that this economics story is one-sided: The assumption is that advantages in network size will create an inexorable trend towards consolidation, yet the disadvantages in network size that could create an equally strong or more powerful effect away from consolidation is left unexplored. We know, however, that such effects exist. Otherwise, how would MySpace have replaced Friendster in the first place? Or how would Facebook have replaced MySpace? The question that arises then is the following: How does one overcome Facebookbs network effect? There is less research on overcoming network effects than on their inevitability, but some possibilities immediately come to mind. *A. Deep Pockets* One obvious possibility is that a competitor may come along with pockets sufficiently deep enough to challenge the entrenched network. Such a competitor could spend considerable resources on marketing and advertising to attract users to switch from the dominant network to the competing one. Yet, as Google+bs experience has shown, this process may be neither immediate nor successful. The verdict is still out, but Google+bs recent experience<http://tech.slashdot.org/story/11/10/10/1624207/google-loses-60-of-active-u…>suggests that deep pockets may not be enough to counter a leading networkbs network effect. *B. People Discovery* A second promising alternative is people discovery, i.e., a social network that enables you to meet people you donbt know. Despite an extensive academic literature that suggests that people are distrustful at meeting strangers in real life, proprietary Mintel data suggests the opposite: Nearly 50% of those surveyed say they would like to meet strangers online, and many admit to b friendingb strangers on a regular basis, including women, who are generally assumed to be much more distrustful of strangers. Web inventor Tim Berners-Lee sees people discovery, or stretching onebs ties to meeting people who are different from us<http://www.wired.co.uk/news/archive/2011-04/19/tim-berners-lee-science-w3c>, as the next social networking frontier, and companies have heeded the call, as Altlybs transformation from a private social network to a people-discovery engine named BetaBeat<http://techcrunch.com/2011/09/13/upcoming-social-network-altly-is-now-anybe…> has shown. Itbs unclear, however, whether people discovery will be sufficient to overcome Facebookbs network effects, especially since Facebook has sufficient resources to copy any social network innovation in this area to its advantage. Moreover, by virtue of Facebookbs larger pool of users, the company should be in an ideal position to introduce people to others they do not know. As Twitter has shown, however, people discovery has the distinct advantage of circumventing Facebookbs network effect. If a new social network focuses on people who want to meet those they donbt know, then those people are also less likely to care whether their existing ties are on that new network, since by definition they donbt care as much about their existing ties as they do about establishing new ones. Twitter has capitalized on this insight, and Facebook has recognized it, as the latterbs ongoing transformation from a private, close-tie, college-based campus network to a public, weak tie, international network has shown<http://www.huffingtonpost.com/2011/09/16/facebook-subscribe-copies-twitter_…>. In economics, some<http://en.wikipedia.org/wiki/Open_Veins_of_Latin_America>have argued that countries pursue protectionism when they are poor and free trade when they are rich. Similarly, Facebook was for privacy as a small network and is now for openness as a large one. *C. Technical Superiority* A third possibility is to find a technical feature (or set of features) that are more valuable than those offered by the dominant network. In other words, one would focus on technical advantages that overcome the social advantages created through network effects. An example of this can be found in how Google overcame Yahoo at search<http://lowendmac.com/orchard/09th/google-history.html>. Google had a search algorithm that generated better results, and over time, people gravitated to Google over Yahoo. One example that comes to mind in the network space would be the application of natural language processing<http://en.wikipedia.org/wiki/Natural_language_processing> to enable users to get more benefits out of their social network ties. Facebook does this through filtering, albeit not as transparently as many would like, leading thinkers like Eli Pariser<http://en.wikipedia.org/wiki/Eli_Pariser> to complain about the dangers of b filter bubbles<http://www.ted.com/talks/eli_pariser_beware_online_filter_bubbles.html>.b In fact, there is a battle brewing betweenFacebook<http://www.zdnet.com/blog/facebook/facebook-using-natural-language-processi…> and Google+ <http://www.youtube.com/watch?v=Sx3Fpw0XCXk> in this area, as natural language processing is seen as the potential driver for a new wave of social network interactions. Nevertheless, just as Google did to Yahoo, it is entirely conceivable that a new network could come along with a proprietary algorithm in natural language processing that could give it a similar technical advantage over Facebook or Google+ in the social networking marketplace. Moreover, there are many unexplored innovations in this space: While computational researchers have made advancements in the study of syntax and semantics <http://en.wikipedia.org/wiki/Computational_linguistics>, pragmatics <http://en.wikipedia.org/wiki/Pragmatics> remains a relatively black box, despite media hype to the contrary. In fact, the most sophisticated research in this area comes not from computer science but from social network analysis<http://en.wikipedia.org/wiki/Social_network#Social_network_analysis> in the behavioral sciences. Surprisingly, however, programmers have yet to mine this extensive literature for behavioral insights with which to construct better social networking sites. *D. Total Institutions* One final possibility comes from the realm of total institutions<http://en.wikipedia.org/wiki/Total_institution>. A total institution can be defined as a place of work and residence where a great number of similarly situated people, cut off from the wider community for a considerable time, together lead an enclosed, formally administered round of life. Examples of total institutions include monasteries, the army, prisons, and psychiatric institutions, among many others. Total institutions are dense locations of activity, where ideas can spread quickly, and thus they are ideal locations for fostering the growth of social networking sites. Youbre probably thinking: b Thatbs crazy. Are you suggesting that we build a social network out of an insane asylum?b But before you discount the idea, remember that this is exactly one of the reasons why Facebook became a dominant player in social networking. Facebook, in fact, capitalized on the most influential total institution of Western society, i.e., the college campus. On college campuses, students work and live together, and they share similar values and engage in similar activities, cut off from the wider community for at least four years. Facebookbs strategy, as I have explained elsewhere<http://liberationtech.tumblr.com/post/13205628046/the-story-of-online-socia…>, focused on controlled growth and saturation from one college to the next. To the extent that female students had privacy fears about joining Facebook, these concerns were assuaged by the fact that Facebook only allowed people who had university email addresses to join, such that the number of potential whack jobs were limited to those that you knew on your college campus, not those that you did not. This may also help explain why Facebook, unlike other social networking and dating sites, is predominantly female, and why men b as even the Facebook founders themselves acknowledge b were so attracted to joining Facebook in the first place. This story raises the question: Can a new social networking site challenge Facebook by taking over college campuses again? The answer to that is unclear. Facebook remains strong among college campuses, though the bulk of its growth is now coming from older demographics, such that the proportion of college students in the network has fallen. You could say that Facebookbs strategy has now shifted from the campus as a total institution to the elderly home as a total institution. At the same time, college campus-specific social networks have been launched in recent years but have made scarcely a dent on Facebookbs college-age numbers. As such, a better question to ask is the following: Are there other total institutions out there that social networking entrepreneurs can tap into to challenge Facebookbs dominance? I donbt really have a good answer to this question, so it remains rhetorical. But to the extent that Diaspora* has gotten more traction than other social networking sites, it is because it has tapped into the free culture movement<http://en.wikipedia.org/wiki/Free_culture_movement> , hackerspaces <http://en.wikipedia.org/wiki/Hackerspace> and maker spaces<http://hardware.slashdot.org/story/11/11/21/1937243/are-maker-spaces-the-fu…>, and so on. Similarly, though Silicon Valley has an aversion to politics, a social networking site that is built out of movements such as Anonymous<http://en.wikipedia.org/wiki/Anonymous_(group)> ,WikiLeaks <http://en.wikipedia.org/wiki/WikiLeaks>, or the Occupy movement<http://en.wikipedia.org/wiki/Occupy_movement> may be able to attain significant traction, if timed properly. In short, while the number of pure total institutions in our society is limited, it is clear from Diaspora*bs experience that a group-based social networking recruitment approach may work better for social networking entrepreneurs than the traditional individual-based approach they have followed to date. *IV. Getting back to the task at hand* Overcoming Facebookbs network effect, however, only matter to the extent that you want to build traction to supplant Facebook. But suppose youbre not interested in traction. Suppose that what you care about is to create a secure, private, and decentralized Facebook alternative that protects high-risk activists fighting for freedom, democracy, and human rights in oppressive, dangerous environments <http://liberationtechnology.stanford.edu/>. Then, many of the mainstream usersb considerations drop out of the equation, and the problem becomes much more focused and manageable b albeit still difficult. At the same time, however, mainstream users who care about privacy and security can still use the solution, if they are so inclined. As a Stanford liberationtech <http://liberationtechnology.stanford.edu/> coordinator, you can see why I would be so interested in such a solution. The goal of our program is to conduct research and design of information and communication technologies to foster freedom, democracy, human rights, development, and effective governance. In other words, we want to figure out ways in which technology can support the dangerous work that activists conduct every day to create a better world. A secure, private, and decentralized communication platform would help support activist efforts to this end. And such a platform only needs traction among activists, not all mainstream users, to succeed. In other words, it needs to solve the activist problem, not the mainstream userbs problem, to be most effective. *A. Organizing versus broadcasting* But, you may ask, arenbt movements like the Occupy movement, theArab Spring<http://en.wikipedia.org/wiki/Arab_Spring>, or the *Indignados <http://en.wikipedia.org/wiki/2011_Spanish_protests> *more interested in spreading the word? As such, how can you give up on traction in pursuit of this goal? To answer these questions, it is important to differentiate between what activists do *before* a movement and what they do *during* a movement. As my doctoral dissertation shows, before a movement, an activist needs a private and secure platform to organize with a small group of people. These are the people who lay the groundwork for what the movement is to become. Authoritarian regimes understand this, which is why they seek to stamp out the early-movers, and why they immediately crack down on any signs of free assembly. When groups of people are able to assemble in such environments, thatbs when the regimebs days are numbered. If people are able to assemble, then the activistbs task changes from organizing to spreading the word. It is at this point that traction, or the broadcast capabilities of a social networking site, become important. But as we have seen, large mainstream social networking sites like Facebook and Twitter are more effective at doing this task. Once activists get to the broadcasting stage, what becomes more important to them is to protect their identities as they spread the movementbs message. But the organizing task is never completed. The organizing task continues. And it is this organizing task that I care about most. This critical organizing task is done by a small group of people that need to be able to maintain strong ties to one another in a secure and private fashion if they are to succeed. This explanation starts to draw the raw schematic of what a next generation Diaspora*-like private, secure, and distributed social network should look like, if it is to achieve Liberationtech<http://liberationtechnology.stanford.edu/> ends. The network should facilitate the communication of a small group of people seeking to organize social change and subsequently enable them to broadcast that message through larger mainstream social networking sites to generate the strength-in-numbers that can help movements grow and ultimately bring about political change. In other words, it must be a secure and private social networking site with HootSuite<http://en.wikipedia.org/wiki/HootSuite>-like capabilities that can protect the anonymity of the person broadcasting messages to the larger and more mainstream social networking sites. *B. Decentralization* So far, my emphasis has been on security and privacy alone. But decentralization is inextricably tied to security and privacy and equally important. What do we mean by decentralization? Decentralization means that instead of having to post a message to a central server like Facebook, and then wait for that server to transfer that message (or not, in the case of censorship) to your friend, you send that message to your friend directly. To achieve this, communication must be machine-to-machine, where the sender controls the first machine and the recipient controls the second, and the message that is transmitted is encrypted to ensure that only the sender and the recipient can read it. In other words, the sender and recipient must have an easy and fast means to install and manage the software on their machines b whether these machines are servers, computers, or phones, as in the FreedomBox <http://freedomboxfoundation.org/>vision. Furthermore, the sender and the recipient must have the ability to stop using their machines and seamlessly use new ones, should the original machines be compromised for whatever reason by an authoritarian regime. The software would need to have an easy b self-destruct mechanismb such that the data can be destroyed immediately in an emergency. At the same time, the b right to forget<http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html?pagewanted=all>b would have to be embedded from the get go, such that the data would self destruct after a certain period of time to prevent a trail of communication that would make it easy for an authoritarian regime to track down the activists. As such, the next generation of secure, private, and decentralized social networking site would create a one-click turnkey solution for activists that could easily be discarded if compromised and whose data could be destroyed automatically as the utility of the data diminishes while organizing unfolds. *C. Mobility* There is one final consideration. Activists are constantly on the move, such that the social networking site will need to be mobile from the get go and have the capability of synchronizing data on multiple machines simultaneously. Thus, if the activist needs to coordinate with others elsewhere, she must have the capability to access her data from the alternate location. Similarly, there will be times when the activist will attend a street protest, and the relevant social networking data will need to be accessible on her phone. Other times, the activist will need to go to a b safe house <http://en.wikipedia.org/wiki/Safe_house>b and access her data from there. Moreover, connectivity will vary greatly. At times the activist may have access to broadband Internet, but other times, she may need to connect via a 56K modem, a mobile connection, a mesh network<http://en.wikipedia.org/wiki/Wireless_mesh_network>, or perhaps even a satellite link. The social networking site will need to be accessible regardless of the connectivity, which means significant work on data compression <http://en.wikipedia.org/wiki/Data_compression> will be required to ensure that the softwarebs performance remains nimble under such disparate conditions. This creates difficult challenges for the developers of such an application that developers of mainstream applications would never have to encounter. *D. Cooperative* So how does one draw the necessary resources required to overcome the aforementioned challenges of security, privacy, decentralization, and mobility to build such a social networking site? Western society gives us two main legal-institutional vehicles for tackling the problem: i) a for-profit firm a la limited liability company<http://en.wikipedia.org/wiki/Limited_liability_company> or C corporation <http://en.wikipedia.org/wiki/C_corporation>; or ii) a non-profit firm a la private foundation<http://en.wikipedia.org/wiki/Private_foundation> or 501(c) organization <http://en.wikipedia.org/wiki/501(c)_organization>. (Another possibility is a hybrid for-profit/non-profit model a la WordPress<http://en.wikipedia.org/wiki/WordPress> or Mozilla <http://en.wikipedia.org/wiki/Mozilla>, but letbs set that aside for now.) In either case, a group of individuals b usually, the founders b become owners of the organization and raise the necessary resources needed to execute the organizationbs mission, implement its strategies, and reach its goals. A for-profit organization like a C-Corp is ideally suited for the task because the founders can sell an ownership stake in the firm in order to raise the requisite resources. But as the saying goes, therebs no such thing as a free lunch. The resources come at a cost in terms of the organization having to perform in a reliable and accountable fashion relative to the expectations of its shareholders. In the pursuit of profit, principle can easily be abandoned since, at the end of the day, all the shareholders care about is obtaining superior returns relative to what they could receive by investing elsewhere. If the firm is able to secure superior returns, however, other prospective investors will be attracted to the investment opportunity, thereby providing the organization with the resources to grow over time. In the end, shareholders matter more than customers b and for our purposes, the activists risking their lives for freedom, democracy, and human rights b for without the shareholders there is no business. On the surface, a non-profit organization looks better on principle grounds because the organization is not acting on the basis of profit alone. Nevertheless, a non-profit organization is still owned by a small group of individuals, and as in the case of a for-profit firm, controlled by its board of directors, which means all decisions with respect to the organization and its customers b or in this case, activists b are made by the board. This means that, in both the for-profit and non-profit cases, the product at the end of the day is determined by decisions resulting from the good will and discretion of a small group of individuals. Youbll probably be surprised to hear that itbs often also the case for open-source projects like Diaspora*. As Karl Fogelbs book b Producing Open Source Software: How to Run a Successful Free Software Project<http://producingoss.com/en/index.html>b teaches, most open-source projects are run by b benevolent dictators<http://producingoss.com/en/social-infrastructure.html#benevolent-dictator>b in whom b final decision-making authority restsb and b who, by virtue of personality and experience, is expected to use it wisely.b Even in the case where the project isAffero General Public License (or AGPL)<http://en.wikipedia.org/wiki/Affero_General_Public_License>, the benevolent dictator can make decisions that can prevent the right technologies from being implemented over the course of the project. The project may even create disincentives for open-source involvement by creating restrictive intellectual property (IP) assignment contracts that require developers to give up all rights to the code they produce. And worse, a non-profit organization cannot sell shares, which means that there are no financial incentives other than the generosity of donors to raise the resources required to develop it. So to summarize, on the one hand, therebs the for-profit firm that can sell shares to raise the necessary revenues to develop a product but in many cases may sell out principle in pursuit of profit, and on the other hand, therebs the non-profit firm that has to depend on donations but, as in its for-profit counterpart, still makes the activists beholden to the actions of a few individuals. Given this predicament, what are we to do to ensure that the organization is accountable to the activists it serves and can mobilize developers to contribute in an open-source manner to the project? One possibility is the cooperative<http://en.wikipedia.org/wiki/Cooperative>, a business organization owned and controlled democratically by its members for mutual benefit. The cooperative can range from for-profit to non-profit, depending on the projectbs ultimate goals. Thus, while the cooperative is not a magical solution to all of the aforementioned problems, it can help ameliorate many of them, when correctly designed and executed. The advantage of the cooperative for purposes of the task at hand is that it can ensure that the organization operates in a democratic and accountable fashion relative to the developers who contribute the code to solve the aforementioned technical challenges and relative to the activists who risk their lives using the technology to do their jobs on the field. The developers can transfer their IP rights to the cooperative, knowing that such rights will not be exploited for financial gain without them. Similarly, the activists can know that the organization has their best interest at heart and thus can trust that the solution will be built and subsequently developed with their needs and concerns in mind. *V. Conclusion* So in response to my online privacy activist friendbs question about how I would build the next-generation Diaspora*, my answer is this: I would create it first and foremost as a secure, private, distributed, and mobile platform with HootSuite <http://en.wikipedia.org/wiki/HootSuite>-like (but anonymous) broadcast capabilities and fast and reliable performance under rapidly changing conditions. But I would make sure to work within a cooperative legal-institutional framework to find the correct design that makes the organization accountable both to its developers and customers, i.e., the activists that the social networking site is meant to serve. _______________________________________________ liberationtech mailing list liberationtech(a)lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

[tt] Chinabs All-Seeing Eye
by Arlind Boshnjaku 06 Jul '18

06 Jul '18

China Unveils Frightening Futuristic Police State at Olympics By Naomi Klein, Huffington Post Posted on August 8, 2008 http://www.alternet.org/story/94278/ So far, the Olympics have been an open invitation to China-bash, a bottomless excuse for Western journalists to go after the Commies on everything from internet censorship to Darfur. Through all the nasty news stories, however, the Chinese government has seemed amazingly unperturbed. That's because it is betting on this: when the opening ceremonies begin friday, you will instantly forget all that unpleasantness as your brain is zapped by the cultural/athletic/political extravaganza that is the Beijing Olympics. B Like it or not, you are about to be awed by China's sheer awesomeness. B The games have been billed as China's "coming out party" to the world. They are far more significant than that. These Olympics are the coming out party for a disturbingly efficient way of organizing society, one that China has perfected over the past three decades, and is finally ready to show off. It is a potent hybrid of the most powerful political tools of authoritarianism communism -- central planning, merciless repression, constant surveillance -- harnessed to advance the goals of global capitalism. Some call it "authoritarian capitalism," others "market Stalinism," personally I prefer "McCommunism." B The Beijing Olympics are themselves the perfect expression of this hybrid system. Through extraordinary feats of authoritarian governing, the Chinese state has built stunning new stadiums, highways and railways -- all in record time. It has razed whole neighborhoods, lined the streets with trees and flowers and, thanks to an "anti-spitting" campaign, cleaned the sidewalks of saliva. The Communist Party of China even tried to turn the muddy skies blue by ordering heavy industry to cease production for a month -- a sort of government-mandated general strike. B As for those Chinese citizens who might go off-message during the games -- Tibetan activists, human right campaigners, malcontent bloggers -- hundreds have been thrown in jail in recent months. Anyone still harboring protest plans will no doubt be caught on one of Beijing's 300,000 surveillance cameras and promptly nabbed by a security officer; there are reportedly 100,000 of them on Olympics duty. B The goal of all this central planning and spying is not to celebrate the glories of Communism, regardless of what China's governing party calls itself. It is to create the ultimate consumer cocoon for Visa cards, Adidas sneakers, China Mobile cell phones, McDonald's happy meals, Tsingtao beer, and UPS delivery -- to name just a few of the official Olympic sponsors. But the hottest new market of all is the surveillance itself. Unlike the police states of Eastern Europe and the Soviet Union, China has built a Police State 2.0, an entirely for-profit affair that is the latest frontier for the global Disaster Capitalism Complex. B Chinese corporations financed by U.S. hedge funds, as well as some of American's most powerful corporations -- Cisco, General Electric, Honeywell, Google -- have been working hand in glove with the Chinese government to make this moment possible: networking the closed circuit cameras that peer from every other lamp pole, building the "Great Firewall" that allows for remote internet monitoring, and designing those self-censoring search engines. B By next year, the Chinese internal security market is set to be worth $33-billion. Several of the larger Chinese players in the field have recently taken their stocks public on U.S. exchanges, hoping to cash in the fact that, in volatile times, security and defense stocks are seen as the safe bets. China Information Security Technology, for instance, is now listed on the NASDAQ and China Security and Surveillance is on the NYSE. A small clique of U.S. hedge funds has been floating these ventures, investing more than $150-million in the past two years. The returns have been striking. Between October 2006 and October 2007, China Security and Surveillance's stock went up 306 percent. B Much of the Chinese government's lavish spending on cameras and other surveillance gear has taken place under the banner of "Olympic Security." But how much is really needed to secure a sporting event? The price tag has been put at a staggering $12-billion -- to put that in perspective, Salt Lake City, which hosted the Winter Olympics just five months after September 11, spent $315 million to secure the games. Athens spent around $1.5-billion in 2004. Many human rights groups have pointed out that China's security upgrade is reaching far beyond Beijing: there are now 660 designated "safe cities" across the country, municipalities that have been singled out to receive new surveillance cameras and other spy gear. And of course all the equipment purchased in the name of Olympics safety -- iris scanners, "anti-riot robots" and facial recognition software -- will stay in China after the games are long gone, free to be directed at striking workers and rural protestors. B What the Olympics have provided for Western firms is a palatable cover story for this chilling venture. Ever since the 1989 Tiananmen Square Massacre, U.S. companies have been barred from selling police equipment and technology to China, since lawmakers feared it would be directed, once again, at peaceful demonstrators. That law has been completely disregarded in the lead up to the Olympics, when, in the name of safety for athletes and VIPs (including George W. Bush), no new toy has been denied the Chinese state. B There is a bitter irony here. When Beijing was awarded the games seven years ago, the theory was that international scrutiny would force China's government to grant more rights and freedom to its people. Instead, the Olympics have opened up a backdoor for the regime to massively upgrade its systems of population control and repression. And remember when Western companies used to claim that by doing business in China, they were actually spreading freedom and democracy? We are now seeing the reverse: investment in surveillance and censorship gear is helping Beijing to actively repress a new generation of activists before it has the chance to network into a mass movement. B The numbers on this trend are frightening. In April 2007, officials from 13 provinces held a meeting to report back on how their new security measures were performing. In the province of Jiangsu, which, according to the South China Morning Post, was using "artificial intelligence to extend and improve the existing monitoring system" the number of protests and riots "dropped by 44 per cent last year." In the province of Zhejiang, where new electronic surveillance systems had been installed, they were down 30 per cent. In Shaanxi, "mass incidents" -- code for protests -- were down by 27 per cent in a year. Dong Lei, the province's deputy party chief, gave part of the credit to a huge investment in security cameras across the province. "We aim to achieve all day and all-weather monitoring capability," he told the gathering. B Activists in China now find themselves under intense pressure, unable to function even at the limited levels they were able to a year ago. Internet cafes are filled with surveillance cameras, and surfing is carefully watched. At the offices of a labor rights group in Hong Kong, I met the well-known Chinese dissident Jun Tao. He had just fled the mainland in the face of persistent police harassment. After decades of fighting for democracy and human rights, he said the new surveillance technologies had made it "impossible to continue to function in China." B It's easy to see the dangers of a high tech surveillance state in far off China, since the consequences for people like Jun are so severe. It's harder to see the dangers when these same technologies creep into every day life closer to home-networked cameras on U.S. city streets, "fast lane" biometric cards at airports, dragnet surveillance of email and phone calls. But for the global homeland security sector, China is more than a market; it is also a showroom. In Beijing, where state power is absolute and civil liberties non-existent, American-made surveillance technologies can be taken to absolute limits. B The first test begins today: Can China, despite the enormous unrest boiling under the surface, put on a "harmonious" Olympics? If the answer is yes, like so much else that is made in China, Police State 2.0 will be ready for export. B Naomi Klein's latest book is The Shock Doctrine: The Rise of Disaster Capitalism. _______________________________________________ tt mailing list tt(a)postbiota.org http://postbiota.org/mailman/listinfo/tt ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

1 0

Re: Face and fingerprints swiped in Dutch biometric passport crack (anothercard skim vulnerability)
by Jaap-Henk Hoepman 06 Jul '18

06 Jul '18

Actually, the international standards for the Machine Readable Travel Documents (passports, aka MRTDs) are written by the International Civil Aviation Organisation (ICAO). Both the US and EU passports comply to the ICAO standards. However, EU passports will be further protected by a so called Extended Access Control procedure. This procedure provides, among others, terminal authentication to the passport, to reduce the risk that biometric data is read by rogue readers. Also, there are many small details in which the passports from different countries may differ. For instance, the 'RFID' anti-collision identifier used when setting up a connection between the passport and the reader may either be fixed or generated randomly for each session. Or, as is indeed the case in the Dutch passport, the passport number may correlate with the issuing date, reducing the entropy of the key derived from the Machine Readbale Zone (MRZ). The "Riscure" attack is based on this correlation; they estimate the remaining entropy of the data on the MRZ to be roughly 2^35. This MRZ data is used to derive the symmetric session keys. Their attack works by recording (ie eavesdropping) a succesful communication session between a passport and a reader. Then, all possible combinations of the MRZ data can be tried off line to generate the corresponding session keys and check whether that succesfully decrypts the recorded session. Note that straighforward skimming, ie trying to access a passport with a fake terminal by trying all possible combinations of MRZ data is still impossible because the chip in the passport is slow to respond; even if you could try one MRZ access code every millisecond (totally unrealistic), you'd be busy half a year. This limits the usefulness of the attack a bit. Also note that an encrypted key exchange like protocol for deriving the session key from the MRZ access code would also have prevented this attack... Jaap-Henk On Thu, 2 Feb 2006 12:37:24 -0500 Adam Shostack <adam(a)homeport.org> writes: > On Wed, Feb 01, 2006 at 02:03:10PM -0500, vin(a)TheWorld.com wrote: > | Anne & Lynn Wheeler pointed out: > | > | > Face and fingerprints swiped in Dutch biometric passport crack > | > http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/ > | > | Didn't the EU adopt the same design that the US uses? > > Passport standards are written by the International Air Travel > Association (IATA). > > | Am I right to presume that the passport RFID chip used by the Dutch is the > | same -- or functions the same -- as the one used in the new US digital > | passports? > | > | >From what I've read, it seems that the sequential numbering scheme the > | Dutch use on their passports may have made this attack easier -- but it > | was already feasible, and will be against the passports of other nations > | which did not so helpfully minimize their obfuscation technique with > | sequential numbering? > | > | Anyone got more details than those offered in the Rinscure press release? > | Thoughts? > > The papers explain the attack in fair detail. I blogged every useful > linksI could find a few days ago at > http://www.emergentchaos.com/archives/002355.html, and there's more > links in comments. > > Adam > > | _Vin > | > | > | > > | > The crack is attributed to Delft smartcard security specialist Riscure, > | > which explains that an attack can be executed from around 10 metres and > | > the security broken, revealing date of birth, facial image and > | > fingerprint, in around two hours. > | > > | > .. snip .. > | > | > | --------------------------------------------------------------------- > | The Cryptography Mailing List > | Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com > > -- Jaap-Henk Hoepman | I've got sunshine in my pockets Dept. of Computer Science | Brought it back to spray the day Radboud University Nijmegen | Gry "Rocket" (w) www.cs.ru.nl/~jhh | (m) jhh(a)cs.ru.nl (t) +31 24 36 52710/53132 | (f) +31 24 3653137 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo(a)metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

1 0