cypherpunks-legacy
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
real money)
From: Somebody at a Central Securities Depository :-)
Date: Wed, 13 Oct 2004 10:31:10 +0100
i buy the argument that transaction instantaneity is a solution to the
identity theft problem - my cash in your hands, at the same time (now) as
your goods in my hands, in a way that allows both of us to ensure we have
got what we wanted. But there's a trade-off; I have to use money, not
credit, now - your point about the buyer 'lending' the seller cash at 0%
interest. I'm not sure how "the system compensates" for that. It seems to
me it becomes a risk-cost trade-off for the individual: I can work out the
cost to me of using real money not credit; then I know what I am paying to
insure myself against identity theft. Of course I probably rely on the
credit people covering me against a lot of the risk of identity theft, and
I may not even pay them for that cost (if it is built into the APR they
charge and I can avoid interest by paying off the card quickly)... so to me
identity theft risk is almost costless. Why then would I choose to insure
myself explicitly by using cash instead of credit?
What is it that makes all the individuals start thinking about the best
interests of "the system" (which should be cheaper without all these hidden
insurance costs) instead of thinking about their own interests?!
David
"R.A. Hettinga" <rah(a)shipwright.com>
12/10/2004 15:52
To: John Kelsey <kelsey.j(a)ix.netcom.com>,
cryptography(a)metzdowd.com, cypherpunks(a)al-qaeda.net
cc:
Subject: Re: Financial identity is *dangerous*? (was re:
Fake companies, real money)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 9:49 AM -0400 10/12/04, John Kelsey wrote:
>Hmmm. I guess I don't see why this story supports that argument all
>that well.
More like the straw that broke the camel's back, admittedly.
A long time ago I came to the conclusion that the closer we get to
transaction instantaneity, the less counterparty identity matters at
all. That is, the fastest transaction we can think of is a
cryptographically secure glop of bits that is issued by an entity who
is responsible for the integrity of the transaction and the quality
of assets that the bits represent. Blind signature notes work fine
for a first-order approximation. In other words, an internet bearer
transaction.
In such a scenario, nobody *cares* who the counterparties are for two
reasons. The first reason is existential: title to the asset has
transferred instantaneously. There is *no* float. I have it now, so I
don't *care* who you were, because, well, it's *mine* now. :-).
Second, keeping an audit trail when the title is never in question
is, in the best circumstances superfluous and expensive, and, in the
worst, even dangerous for any of a number of security reasons,
depending on the color of your adversary's hat, or the color your
adversary thinks his hat is, or whatever. Keeping track of credit
card numbers in a database is an extant problem, for instance, with a
known, shall we say, market cost. We'll leave political seizure and
other artifacts of totalitarianism to counted by the actuaries.
> Clearly, book entry systems where I can do transactions in your
>name and you are held liable for them are bad, but that's like
>looking at Windows 98's security flaws and deciding that x86
>processors can't support good OS security.
I'm walking out on a limb here, in light of what I said above, and
saying that when there's *any* float in the process, your liability
for identity theft increases with the float involved. Furthermore,
book-entry transactions *require* float, somewhere. They are
debt-dependent. Someone has to *borrow* money to effect a
transaction. (In a bearer transaction, the shoe's on the other foot,
the purchaser is *loaning* money, at zero interest, but that's what
the buyer wants so the system compensates accordingly, but that's
another story.) Because the purchaser has to borrow money to pay, and
because you *cannot* wring the float out of a transaction (that is,
you can get instantaneous execution, but the transaction clears and
settles at a later date; 90 days is the maximum float time for a
non-repudiated credit-card transaction, for instance), I claim that
book-entry transactions will *always* be liable for "identity" theft.
Put another way, remember Doug Barnes' famous quip that "and then you
go to jail" is not an acceptable error handling step for a
transnational internet transaction protocol.
I would claim that enforcement of identity as a legal concept costs
too much in the long run to be useful, and that the cheapest way to
avoid the whole problem is to go to systems which not only don't
require identity, but they don't even require book-entry *accounts*
at all to function at the user level.
Financial cryptography has had that technology for more than two
decades now, so long that the patent's about expired on it, if it
hasn't already.
>The aspect of this that's generally spooky is not the existence of
>book entry payment systems, it's the ease with which someone can get
>credit (in one form or another) in your name, based on information
>they got from public records and maybe a bit of dumpster diving,
>some spyware installed on your machine, or a phishing expedition.
>How the payment systems are cleared isn't going to change that,
>right? (I know you've thought about this stuff a lot more than I
>have, so maybe I'm missing something....)
See above. When you use book-entry transactions, by definition, you
need identity. Biometric, is-a-person,
go-to-jail-if-you-lie-about-a-book-entry identity. With bearer
transactions, digital/internet or otherwise, you don't have identity.
You don't *need* identity to execute, clear, and settle the
transaction, primarily because all three happen at once. There's no
float between the three activities. You don't have to send someone to
jail if they lie, because the transaction never executes in the first
place if they do.
Now, there are tradeoffs. The first one is key management, which as
Schneier likes to point out, is a hard problem. Personally, I think
that if you don't have to associate a key with a flesh-and-blood body
in meatspace, a whole continent full of problems just disappears. In
a bearer transaction, it's orthogonal to the issue of security
anyway, and all it does is cost you money to do for no added benefit.
The second one is security of the digital bearer notes and coins
themselves, which, frankly, scares people in the finance business
most of all. However, I would claim that all organizations, and even
people :-), do their *database* and document backups already, and
that proper system hygiene will evolve, particularly if literal money
is involved. Frankly, there already is a market for distributed data
storage, and there are even working systems using m-of-n distributed
data storage, which would be the most secure way to solve the
problem. And, as we all know, digital bearer transactions are the
best *way* to pay for those kinds of m-of-n services anyway, so it
feeds on itself nicely.
I think that it's less of a chicken-and-egg problem than it used to
be, and I think that reality is catching up to all the theory we've
kicked around on these lists for more than a decade now. The
ultimate solution to the problem of identity theft is to not use
identity at all, and, frankly, not even to use book-entries at all.
Cheers,
RAH
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc
sc4xGjfFFKMysKjV2hRDjSsy
=C/Ar
-----END PGP SIGNATURE-----
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
This email is for the intended recipient only and is confidential. If you
are not the intended recipient, please inform the sender immediately and
delete this email and any copies, (including attachments), from your
system. You should not read, copy or make any use of this email if you have
received it in error.
You should take whatever measures you deem to be appropriate to ensure that
this email is virus free.
CRESTCo Ltd does not give any representation, guarantee or warranty
(whether expressed or implied) that this email has been securely
transmitted or is accurate, timely or complete and excludes all liability
in connection with this email or for any statements which are clearly the
senders own and do not represent the views of CRESTCo Ltd.
CRESTCo Ltd reserves the right to monitor the use and content of all emails.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
real money)
From: Somebody at a Central Securities Depository :-)
Date: Wed, 13 Oct 2004 10:31:10 +0100
i buy the argument that transaction instantaneity is a solution to the
identity theft problem - my cash in your hands, at the same time (now) as
your goods in my hands, in a way that allows both of us to ensure we have
got what we wanted. But there's a trade-off; I have to use money, not
credit, now - your point about the buyer 'lending' the seller cash at 0%
interest. I'm not sure how "the system compensates" for that. It seems to
me it becomes a risk-cost trade-off for the individual: I can work out the
cost to me of using real money not credit; then I know what I am paying to
insure myself against identity theft. Of course I probably rely on the
credit people covering me against a lot of the risk of identity theft, and
I may not even pay them for that cost (if it is built into the APR they
charge and I can avoid interest by paying off the card quickly)... so to me
identity theft risk is almost costless. Why then would I choose to insure
myself explicitly by using cash instead of credit?
What is it that makes all the individuals start thinking about the best
interests of "the system" (which should be cheaper without all these hidden
insurance costs) instead of thinking about their own interests?!
David
"R.A. Hettinga" <rah(a)shipwright.com>
12/10/2004 15:52
To: John Kelsey <kelsey.j(a)ix.netcom.com>,
cryptography(a)metzdowd.com, cypherpunks(a)al-qaeda.net
cc:
Subject: Re: Financial identity is *dangerous*? (was re:
Fake companies, real money)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 9:49 AM -0400 10/12/04, John Kelsey wrote:
>Hmmm. I guess I don't see why this story supports that argument all
>that well.
More like the straw that broke the camel's back, admittedly.
A long time ago I came to the conclusion that the closer we get to
transaction instantaneity, the less counterparty identity matters at
all. That is, the fastest transaction we can think of is a
cryptographically secure glop of bits that is issued by an entity who
is responsible for the integrity of the transaction and the quality
of assets that the bits represent. Blind signature notes work fine
for a first-order approximation. In other words, an internet bearer
transaction.
In such a scenario, nobody *cares* who the counterparties are for two
reasons. The first reason is existential: title to the asset has
transferred instantaneously. There is *no* float. I have it now, so I
don't *care* who you were, because, well, it's *mine* now. :-).
Second, keeping an audit trail when the title is never in question
is, in the best circumstances superfluous and expensive, and, in the
worst, even dangerous for any of a number of security reasons,
depending on the color of your adversary's hat, or the color your
adversary thinks his hat is, or whatever. Keeping track of credit
card numbers in a database is an extant problem, for instance, with a
known, shall we say, market cost. We'll leave political seizure and
other artifacts of totalitarianism to counted by the actuaries.
> Clearly, book entry systems where I can do transactions in your
>name and you are held liable for them are bad, but that's like
>looking at Windows 98's security flaws and deciding that x86
>processors can't support good OS security.
I'm walking out on a limb here, in light of what I said above, and
saying that when there's *any* float in the process, your liability
for identity theft increases with the float involved. Furthermore,
book-entry transactions *require* float, somewhere. They are
debt-dependent. Someone has to *borrow* money to effect a
transaction. (In a bearer transaction, the shoe's on the other foot,
the purchaser is *loaning* money, at zero interest, but that's what
the buyer wants so the system compensates accordingly, but that's
another story.) Because the purchaser has to borrow money to pay, and
because you *cannot* wring the float out of a transaction (that is,
you can get instantaneous execution, but the transaction clears and
settles at a later date; 90 days is the maximum float time for a
non-repudiated credit-card transaction, for instance), I claim that
book-entry transactions will *always* be liable for "identity" theft.
Put another way, remember Doug Barnes' famous quip that "and then you
go to jail" is not an acceptable error handling step for a
transnational internet transaction protocol.
I would claim that enforcement of identity as a legal concept costs
too much in the long run to be useful, and that the cheapest way to
avoid the whole problem is to go to systems which not only don't
require identity, but they don't even require book-entry *accounts*
at all to function at the user level.
Financial cryptography has had that technology for more than two
decades now, so long that the patent's about expired on it, if it
hasn't already.
>The aspect of this that's generally spooky is not the existence of
>book entry payment systems, it's the ease with which someone can get
>credit (in one form or another) in your name, based on information
>they got from public records and maybe a bit of dumpster diving,
>some spyware installed on your machine, or a phishing expedition.
>How the payment systems are cleared isn't going to change that,
>right? (I know you've thought about this stuff a lot more than I
>have, so maybe I'm missing something....)
See above. When you use book-entry transactions, by definition, you
need identity. Biometric, is-a-person,
go-to-jail-if-you-lie-about-a-book-entry identity. With bearer
transactions, digital/internet or otherwise, you don't have identity.
You don't *need* identity to execute, clear, and settle the
transaction, primarily because all three happen at once. There's no
float between the three activities. You don't have to send someone to
jail if they lie, because the transaction never executes in the first
place if they do.
Now, there are tradeoffs. The first one is key management, which as
Schneier likes to point out, is a hard problem. Personally, I think
that if you don't have to associate a key with a flesh-and-blood body
in meatspace, a whole continent full of problems just disappears. In
a bearer transaction, it's orthogonal to the issue of security
anyway, and all it does is cost you money to do for no added benefit.
The second one is security of the digital bearer notes and coins
themselves, which, frankly, scares people in the finance business
most of all. However, I would claim that all organizations, and even
people :-), do their *database* and document backups already, and
that proper system hygiene will evolve, particularly if literal money
is involved. Frankly, there already is a market for distributed data
storage, and there are even working systems using m-of-n distributed
data storage, which would be the most secure way to solve the
problem. And, as we all know, digital bearer transactions are the
best *way* to pay for those kinds of m-of-n services anyway, so it
feeds on itself nicely.
I think that it's less of a chicken-and-egg problem than it used to
be, and I think that reality is catching up to all the theory we've
kicked around on these lists for more than a decade now. The
ultimate solution to the problem of identity theft is to not use
identity at all, and, frankly, not even to use book-entries at all.
Cheers,
RAH
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc
sc4xGjfFFKMysKjV2hRDjSsy
=C/Ar
-----END PGP SIGNATURE-----
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
This email is for the intended recipient only and is confidential. If you
are not the intended recipient, please inform the sender immediately and
delete this email and any copies, (including attachments), from your
system. You should not read, copy or make any use of this email if you have
received it in error.
You should take whatever measures you deem to be appropriate to ensure that
this email is virus free.
CRESTCo Ltd does not give any representation, guarantee or warranty
(whether expressed or implied) that this email has been securely
transmitted or is accurate, timely or complete and excludes all liability
in connection with this email or for any statements which are clearly the
senders own and do not represent the views of CRESTCo Ltd.
CRESTCo Ltd reserves the right to monitor the use and content of all emails.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
real money)
From: Somebody at a Central Securities Depository :-)
Date: Wed, 13 Oct 2004 10:31:10 +0100
i buy the argument that transaction instantaneity is a solution to the
identity theft problem - my cash in your hands, at the same time (now) as
your goods in my hands, in a way that allows both of us to ensure we have
got what we wanted. But there's a trade-off; I have to use money, not
credit, now - your point about the buyer 'lending' the seller cash at 0%
interest. I'm not sure how "the system compensates" for that. It seems to
me it becomes a risk-cost trade-off for the individual: I can work out the
cost to me of using real money not credit; then I know what I am paying to
insure myself against identity theft. Of course I probably rely on the
credit people covering me against a lot of the risk of identity theft, and
I may not even pay them for that cost (if it is built into the APR they
charge and I can avoid interest by paying off the card quickly)... so to me
identity theft risk is almost costless. Why then would I choose to insure
myself explicitly by using cash instead of credit?
What is it that makes all the individuals start thinking about the best
interests of "the system" (which should be cheaper without all these hidden
insurance costs) instead of thinking about their own interests?!
David
"R.A. Hettinga" <rah(a)shipwright.com>
12/10/2004 15:52
To: John Kelsey <kelsey.j(a)ix.netcom.com>,
cryptography(a)metzdowd.com, cypherpunks(a)al-qaeda.net
cc:
Subject: Re: Financial identity is *dangerous*? (was re:
Fake companies, real money)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 9:49 AM -0400 10/12/04, John Kelsey wrote:
>Hmmm. I guess I don't see why this story supports that argument all
>that well.
More like the straw that broke the camel's back, admittedly.
A long time ago I came to the conclusion that the closer we get to
transaction instantaneity, the less counterparty identity matters at
all. That is, the fastest transaction we can think of is a
cryptographically secure glop of bits that is issued by an entity who
is responsible for the integrity of the transaction and the quality
of assets that the bits represent. Blind signature notes work fine
for a first-order approximation. In other words, an internet bearer
transaction.
In such a scenario, nobody *cares* who the counterparties are for two
reasons. The first reason is existential: title to the asset has
transferred instantaneously. There is *no* float. I have it now, so I
don't *care* who you were, because, well, it's *mine* now. :-).
Second, keeping an audit trail when the title is never in question
is, in the best circumstances superfluous and expensive, and, in the
worst, even dangerous for any of a number of security reasons,
depending on the color of your adversary's hat, or the color your
adversary thinks his hat is, or whatever. Keeping track of credit
card numbers in a database is an extant problem, for instance, with a
known, shall we say, market cost. We'll leave political seizure and
other artifacts of totalitarianism to counted by the actuaries.
> Clearly, book entry systems where I can do transactions in your
>name and you are held liable for them are bad, but that's like
>looking at Windows 98's security flaws and deciding that x86
>processors can't support good OS security.
I'm walking out on a limb here, in light of what I said above, and
saying that when there's *any* float in the process, your liability
for identity theft increases with the float involved. Furthermore,
book-entry transactions *require* float, somewhere. They are
debt-dependent. Someone has to *borrow* money to effect a
transaction. (In a bearer transaction, the shoe's on the other foot,
the purchaser is *loaning* money, at zero interest, but that's what
the buyer wants so the system compensates accordingly, but that's
another story.) Because the purchaser has to borrow money to pay, and
because you *cannot* wring the float out of a transaction (that is,
you can get instantaneous execution, but the transaction clears and
settles at a later date; 90 days is the maximum float time for a
non-repudiated credit-card transaction, for instance), I claim that
book-entry transactions will *always* be liable for "identity" theft.
Put another way, remember Doug Barnes' famous quip that "and then you
go to jail" is not an acceptable error handling step for a
transnational internet transaction protocol.
I would claim that enforcement of identity as a legal concept costs
too much in the long run to be useful, and that the cheapest way to
avoid the whole problem is to go to systems which not only don't
require identity, but they don't even require book-entry *accounts*
at all to function at the user level.
Financial cryptography has had that technology for more than two
decades now, so long that the patent's about expired on it, if it
hasn't already.
>The aspect of this that's generally spooky is not the existence of
>book entry payment systems, it's the ease with which someone can get
>credit (in one form or another) in your name, based on information
>they got from public records and maybe a bit of dumpster diving,
>some spyware installed on your machine, or a phishing expedition.
>How the payment systems are cleared isn't going to change that,
>right? (I know you've thought about this stuff a lot more than I
>have, so maybe I'm missing something....)
See above. When you use book-entry transactions, by definition, you
need identity. Biometric, is-a-person,
go-to-jail-if-you-lie-about-a-book-entry identity. With bearer
transactions, digital/internet or otherwise, you don't have identity.
You don't *need* identity to execute, clear, and settle the
transaction, primarily because all three happen at once. There's no
float between the three activities. You don't have to send someone to
jail if they lie, because the transaction never executes in the first
place if they do.
Now, there are tradeoffs. The first one is key management, which as
Schneier likes to point out, is a hard problem. Personally, I think
that if you don't have to associate a key with a flesh-and-blood body
in meatspace, a whole continent full of problems just disappears. In
a bearer transaction, it's orthogonal to the issue of security
anyway, and all it does is cost you money to do for no added benefit.
The second one is security of the digital bearer notes and coins
themselves, which, frankly, scares people in the finance business
most of all. However, I would claim that all organizations, and even
people :-), do their *database* and document backups already, and
that proper system hygiene will evolve, particularly if literal money
is involved. Frankly, there already is a market for distributed data
storage, and there are even working systems using m-of-n distributed
data storage, which would be the most secure way to solve the
problem. And, as we all know, digital bearer transactions are the
best *way* to pay for those kinds of m-of-n services anyway, so it
feeds on itself nicely.
I think that it's less of a chicken-and-egg problem than it used to
be, and I think that reality is catching up to all the theory we've
kicked around on these lists for more than a decade now. The
ultimate solution to the problem of identity theft is to not use
identity at all, and, frankly, not even to use book-entries at all.
Cheers,
RAH
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc
sc4xGjfFFKMysKjV2hRDjSsy
=C/Ar
-----END PGP SIGNATURE-----
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
This email is for the intended recipient only and is confidential. If you
are not the intended recipient, please inform the sender immediately and
delete this email and any copies, (including attachments), from your
system. You should not read, copy or make any use of this email if you have
received it in error.
You should take whatever measures you deem to be appropriate to ensure that
this email is virus free.
CRESTCo Ltd does not give any representation, guarantee or warranty
(whether expressed or implied) that this email has been securely
transmitted or is accurate, timely or complete and excludes all liability
in connection with this email or for any statements which are clearly the
senders own and do not represent the views of CRESTCo Ltd.
CRESTCo Ltd reserves the right to monitor the use and content of all emails.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
real money)
From: Somebody at a Central Securities Depository :-)
Date: Wed, 13 Oct 2004 10:31:10 +0100
i buy the argument that transaction instantaneity is a solution to the
identity theft problem - my cash in your hands, at the same time (now) as
your goods in my hands, in a way that allows both of us to ensure we have
got what we wanted. But there's a trade-off; I have to use money, not
credit, now - your point about the buyer 'lending' the seller cash at 0%
interest. I'm not sure how "the system compensates" for that. It seems to
me it becomes a risk-cost trade-off for the individual: I can work out the
cost to me of using real money not credit; then I know what I am paying to
insure myself against identity theft. Of course I probably rely on the
credit people covering me against a lot of the risk of identity theft, and
I may not even pay them for that cost (if it is built into the APR they
charge and I can avoid interest by paying off the card quickly)... so to me
identity theft risk is almost costless. Why then would I choose to insure
myself explicitly by using cash instead of credit?
What is it that makes all the individuals start thinking about the best
interests of "the system" (which should be cheaper without all these hidden
insurance costs) instead of thinking about their own interests?!
David
"R.A. Hettinga" <rah(a)shipwright.com>
12/10/2004 15:52
To: John Kelsey <kelsey.j(a)ix.netcom.com>,
cryptography(a)metzdowd.com, cypherpunks(a)al-qaeda.net
cc:
Subject: Re: Financial identity is *dangerous*? (was re:
Fake companies, real money)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 9:49 AM -0400 10/12/04, John Kelsey wrote:
>Hmmm. I guess I don't see why this story supports that argument all
>that well.
More like the straw that broke the camel's back, admittedly.
A long time ago I came to the conclusion that the closer we get to
transaction instantaneity, the less counterparty identity matters at
all. That is, the fastest transaction we can think of is a
cryptographically secure glop of bits that is issued by an entity who
is responsible for the integrity of the transaction and the quality
of assets that the bits represent. Blind signature notes work fine
for a first-order approximation. In other words, an internet bearer
transaction.
In such a scenario, nobody *cares* who the counterparties are for two
reasons. The first reason is existential: title to the asset has
transferred instantaneously. There is *no* float. I have it now, so I
don't *care* who you were, because, well, it's *mine* now. :-).
Second, keeping an audit trail when the title is never in question
is, in the best circumstances superfluous and expensive, and, in the
worst, even dangerous for any of a number of security reasons,
depending on the color of your adversary's hat, or the color your
adversary thinks his hat is, or whatever. Keeping track of credit
card numbers in a database is an extant problem, for instance, with a
known, shall we say, market cost. We'll leave political seizure and
other artifacts of totalitarianism to counted by the actuaries.
> Clearly, book entry systems where I can do transactions in your
>name and you are held liable for them are bad, but that's like
>looking at Windows 98's security flaws and deciding that x86
>processors can't support good OS security.
I'm walking out on a limb here, in light of what I said above, and
saying that when there's *any* float in the process, your liability
for identity theft increases with the float involved. Furthermore,
book-entry transactions *require* float, somewhere. They are
debt-dependent. Someone has to *borrow* money to effect a
transaction. (In a bearer transaction, the shoe's on the other foot,
the purchaser is *loaning* money, at zero interest, but that's what
the buyer wants so the system compensates accordingly, but that's
another story.) Because the purchaser has to borrow money to pay, and
because you *cannot* wring the float out of a transaction (that is,
you can get instantaneous execution, but the transaction clears and
settles at a later date; 90 days is the maximum float time for a
non-repudiated credit-card transaction, for instance), I claim that
book-entry transactions will *always* be liable for "identity" theft.
Put another way, remember Doug Barnes' famous quip that "and then you
go to jail" is not an acceptable error handling step for a
transnational internet transaction protocol.
I would claim that enforcement of identity as a legal concept costs
too much in the long run to be useful, and that the cheapest way to
avoid the whole problem is to go to systems which not only don't
require identity, but they don't even require book-entry *accounts*
at all to function at the user level.
Financial cryptography has had that technology for more than two
decades now, so long that the patent's about expired on it, if it
hasn't already.
>The aspect of this that's generally spooky is not the existence of
>book entry payment systems, it's the ease with which someone can get
>credit (in one form or another) in your name, based on information
>they got from public records and maybe a bit of dumpster diving,
>some spyware installed on your machine, or a phishing expedition.
>How the payment systems are cleared isn't going to change that,
>right? (I know you've thought about this stuff a lot more than I
>have, so maybe I'm missing something....)
See above. When you use book-entry transactions, by definition, you
need identity. Biometric, is-a-person,
go-to-jail-if-you-lie-about-a-book-entry identity. With bearer
transactions, digital/internet or otherwise, you don't have identity.
You don't *need* identity to execute, clear, and settle the
transaction, primarily because all three happen at once. There's no
float between the three activities. You don't have to send someone to
jail if they lie, because the transaction never executes in the first
place if they do.
Now, there are tradeoffs. The first one is key management, which as
Schneier likes to point out, is a hard problem. Personally, I think
that if you don't have to associate a key with a flesh-and-blood body
in meatspace, a whole continent full of problems just disappears. In
a bearer transaction, it's orthogonal to the issue of security
anyway, and all it does is cost you money to do for no added benefit.
The second one is security of the digital bearer notes and coins
themselves, which, frankly, scares people in the finance business
most of all. However, I would claim that all organizations, and even
people :-), do their *database* and document backups already, and
that proper system hygiene will evolve, particularly if literal money
is involved. Frankly, there already is a market for distributed data
storage, and there are even working systems using m-of-n distributed
data storage, which would be the most secure way to solve the
problem. And, as we all know, digital bearer transactions are the
best *way* to pay for those kinds of m-of-n services anyway, so it
feeds on itself nicely.
I think that it's less of a chicken-and-egg problem than it used to
be, and I think that reality is catching up to all the theory we've
kicked around on these lists for more than a decade now. The
ultimate solution to the problem of identity theft is to not use
identity at all, and, frankly, not even to use book-entries at all.
Cheers,
RAH
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc
sc4xGjfFFKMysKjV2hRDjSsy
=C/Ar
-----END PGP SIGNATURE-----
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
This email is for the intended recipient only and is confidential. If you
are not the intended recipient, please inform the sender immediately and
delete this email and any copies, (including attachments), from your
system. You should not read, copy or make any use of this email if you have
received it in error.
You should take whatever measures you deem to be appropriate to ensure that
this email is virus free.
CRESTCo Ltd does not give any representation, guarantee or warranty
(whether expressed or implied) that this email has been securely
transmitted or is accurate, timely or complete and excludes all liability
in connection with this email or for any statements which are clearly the
senders own and do not represent the views of CRESTCo Ltd.
CRESTCo Ltd reserves the right to monitor the use and content of all emails.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
![](https://secure.gravatar.com/avatar/4dcee6b681f0b6b1e3a31dce135bad68.jpg?s=120&d=mm&r=g)
Re: [liberationtech] iPhones/iPads secretly track 'scary amount' of your movements
by Frank Corrigan 06 Jul '18
by Frank Corrigan 06 Jul '18
06 Jul '18
More critical analysis of the original tracking claims has been posted
here:
"Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is."
http://www.theregister.co.uk/2011/04/22/apple_iphone_location_tracking_anal…
No, iPhone location tracking isn't harmless and here's why
Secret Apple database already being tapped by cops
By Dan Goodin in San Francisco b"
Posted in ID, 22nd April 2011 00:51 GMT
Analysis It didn't take long for the blogosphere to pooh pooh research
presented on Wednesday that detailed a file in Apple iPhones and iPads
unknown to the vast majority of its users that stored a long list of
their time-stamped locations, sometimes with alarming detail.
On Thursday, a forensics expert who sells software to law enforcement
agencies gave a first-hand account why scrutiny of the location-tracking
database is crucial. We'll get to that in a moment. But first, let's
take a sampling of the rampant naysaying.
The most common criticism was that the contents of the SQLite file,
which is stored on the phone and on any computer backups, were wildly
imprecise. Blogger and web developer Will Clarke, for instance, used the
researchers' freely available software to map the coordinates gathered
by his own iPhone during a recent round-trip bike tour he took from
Philadelphia to New Jersey. When he compared the results to the actual
route, he found that b almost all the points were way off.b
In an interview with The Reg, he said some of the points on the
resulting map were as much as 3,000 meters, or almost two miles, away
from his true location.
b The data that is exposed basically reveals which city you were in at a given time,b he concluded in a post that called the research b sensational.b b Nothing more specific than that. It can't tell what house you live in, it can't tell what route you jog on, nothing like that.b
He went on to conclude: b Apple is not storing the device's location,
it's storing the location of the towers that the device is communicating
with.b
Software analyst David b Leftyb Schlesinger found similar inaccuracies
when he used the database contents of his iPhone to plot a train ride he
took in July from Amsterdam to Den Haag, about 60 kilometers away. He
also found that the iPhone file showed he was in Santa Cruz, California,
on Christmas Day and traveled as much as 80 miles, when in fact he
stayed in the state's Central Valley, some 130 miles away, the entire
day.
Like several other bloggers, he also noted huge inconsistencies in the
time intervals that locations were logged. Sometimes iPhones and iPads
went days without updating the database, and on one occasion went almost
two weeks.
The critics make a valid point that the data stored in the
consolidated.db file hardly contains a historical record of a user's
real-time comings and goings, or a user's every move, as incorrectly
suggested in initial coverage from The Register and many other news
sites. Researchers Pete Warden and Alasdair Allan readily acknowledge
that they have yet to figure out what triggers iDevices to log location
details, but it's not unusual for hours or even weeks to occasionally
pass between entries.
They said they have noted one or two grossly inaccurate locations logged
in the database. One region that seems to regularly pop up in files
stored on multiple phones is an area just outside of Las Vegas. Allan
said the database extracted from his iPhone and the iPhones of several
people he knows logged that Nevada city even though none of the owners
were anywhere near it on the date indicated in the corresponding
timestamp.
Las Vegas also incorrectly showed up on the iPhones of Clarke and a
co-worker of his, suggesting the iOS code that logs locations may be
buggy.
b We both have the exact same data point in Vegas, and neither of us have been,b he said.
Warden and Allan said their reverse engineering exercise made it
impossible to learn the precise way the logging works, but they insist
the conclusion of their research is still correct: The contents of the
consolidated.db file stored on every iDevice and on any computer
containing a backup of its data contains a b scary amount of detail on
our movements.b
b By inspecting it, I can tell what part of downtown San Francisco I'm in, I can see that I'm in a particular neighborhood,b Warden said.
Added Allan: b It's a bit above block level, but it can certainly tell
that I'm in north east Manhattan, or south east Manhattan.b
They said the precise latitude and longitude plotted on a map is
accurate to about 500 meters in areas where there are many cellphone
nodes and as much as 4 kilometers with fewer nodes.
b It really does seem to be dependent on how good your cell coverage is,b Allan said. b If you're in a big city like downtown San Francisco, the positioning is going to be much better. If you're in the middle of London, the positioning is going to be much better. If you're in a rural or semi-rural area, your positions are going to be much rougher.b
They also refuted Clarke's assertion that the latitude and longitude
coordinates logged in the database referred to the position of cell
towers rather than the Apple devices themselves. Some of the extracted
databases they examined plotted literally thousands of unique
coordinates in a small part of a single city. It's almost impossible
that there could be that many corresponding nodes in such a confined
area, they said.
What's more, the geographic locations of cell towers is usually kept
secret by the carriers who own them, and there's no clear way an iPhone
would be able to detect its longitude and latitude anyway.
b Our current stance is that this is the position of the device,b Allan said. b There has to be now or very soon a big public debate about location data and privacy. This (research) might be something that helps kick that debate off.b
Cops already tapping consolidated.db predecessor
Chris Soghoian, a security and privacy researcher with no connection to
Warden and Allan's work, agreed.
b I don't think users had any idea that this information was being collected,b he said. b The fact that it doesn't detail the exact street corner you were on and merely deals with what neighborhood you were in, I donbt think that's going to be comforting to people.
He compared the the iPhone and iPad's tracking of location information
to the Google Street View debacle, in which roving vehicles throughout
the globe logged unencrypted Wi-Fi traffic and dumped it into a giant
database, contradicting previous assurances from the company. Google
later pledged to destroy the data, which may include passwords and other
sensitive information.
Soghoian said Apple had a responsibility to let customers know the type
and extent of the information their iPhones and iPads were collecting
about them.
b When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,b he said. b This is definitely something that people should be concerned about and I think what it points to is that Apple isn't taking privacy seriously.b
Indeed, Alex Levinson, a forensics expert specializing in mobile
devices, blogged here that b geolocational artifacts were one of the
single most important forensic vectors found onb the devices. As a
result, he wrote a proprietary program called Lantern that law
enforcement agencies use to actively examine the contents of the iPhone
location database.
b Within 24 hours of the iPhone 4's release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,b he wrote. b Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.b
Levinson also said iPhone location tracking has gone on much longer than
indicated by Warden and Allan, who claimed it began with the
introduction of Apple's iOS 4 in late June. In fact, said Levinson,
earlier iPhones contained a hidden file called h-cells.plist that
contained much of the same baseband radio locations that consolidated.db
has now.
b Through my work with various law enforcement agencies, we've used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,b wrote Levinson, who is a lead engineer for Katana Forensics.
Based on Levinson's account, it's hard to put much credence in critics
who cite bugs and a lack of geographic granularity to argue that the
undisclosed tracking of iPhones and iPads is harmless or inconsequential
to its millions of users. Inclusion of the database means that anyone
who ever loses his device risks exposing potentially large amounts of
information about where he was over months or years.
That could be devastating for people embroiled in messy lawsuits or
those whose whereabouts are closely guarded secrets, such as volunteers
who work with victims of abusive spouses.
Of course, none of this speculation would be necessary if Apple would
come clean about exactly how the location tracking it built into its
devices works and what precise information is collected. The company, in
keeping with its Jobsian obsession with privacy, has yet to utter a peep
despite widespread media coverage.
Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is.
Frank
----- Original message -----
From: "Rafal Rohozinski" <r.rohozinski(a)psiphon.ca>
To: "Liberation Technologies" <liberationtech(a)lists.stanford.edu>
Date: Wed, 20 Apr 2011 22:51:53 -0400
Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
amount' of your movements
It's not just iPhones that record vast amount of data that can be easily
geo-located and reconstruct person's movements, networks, and personal
communication - any cell phone going back 15 years stores data through
log files, message and SMS traffic that can be reconstructed and
retrieved to create pretty comprehensive profiles of usage and location.
Devices that do forensic extraction (UFED) are quite widespread and in
use throughout police forces intelligence agencies as well as most
cellular carriers around the world. For those of you for whom this is
a revelation, I'd advise you to take a look at this website of a leading
provider of UFEDs. There are some interesting videos, and once you're
done, take a look at where this company has it's permanent
representatives.
http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
Time for a reality check. Mobile phones are essentially digital dogtags
so if you're concerned about the ability they have to track your
movements and communications - do like Osama, use exclusively
off-line means through trusted intermediaries. Otherwise accepting
that cell phones are a risk to privacy is just the flip side of the
convenience that these devices bring. With or without Apple networks
are essentially spiderwebs - that's the essence of modern signals
intelligence.
It's worrisome that there are a lot of myths among the activist
community about cell phone security. True, you can "drive up the
negatives" and make it more difficult for a casual actor to scan or
obtain PII from your phone ( so I I agree with Nathan) - but if
you're up against well resourced opponents, most of these tools plain
ineffective and their very presence on your phone may be more of a
giveaway that actually makes you more of a a target of interest.
Unfortunately security is not a product or something you can buy
shrink-wrapped in code. Its practice and process and ultimately comes
down to the risks you're willing to take in the service of an objective
or cause. And if you want to play in the big tent, it's good
old-fashioned tradecraft and not better toys that make a difference.
Rafal
On Apr 20, 2011, at 5:43 PM, Frank Corrigan wrote:
>
> I am aware of the general principle of mobile phone tracking, it is just
> that most people assume this data is only accessible via cell tower
> providers or via a court order/lawful request, not recorded on the
> device itself and accessible in an easy to read format to anyone who has
> access and inclination or has impounded it for law enforcement purposes.
> I suppose it's a bit like the Windows IE index.dat files. Now of course
> anyone crossing a USA border can have such devices taken away and such
> location data easily copied for later in-situ analysis.
>
> Frank
>
> ----- Original message -----
> From: "Nathan Freitas" <nathan(a)freitas.net>
> To: "Frank Corrigan" <email(a)franciscorrigan.com>, "Liberation
> Technologies" <liberationtech(a)lists.stanford.edu>
> Date: Wed, 20 Apr 2011 16:20:13 -0400
> Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
> amount' of your movements
>
> On 04/20/2011 03:55 PM, Frank Corrigan wrote:
>> More reasons for activists/protesters in hostile (ordinary) environments
>> not to bring along their mobile phone, latest cell connected gizmo.
>
> ... and return to megaphones, flags, smoke signals, carrier pigeons and
> frantic arm waving instead? If our ordinary environments are truly
> hostile, then either we give up ever using a mobile phone, or we find
> some way to address the problem.
>
> Don't get me wrong, this latest revelation on mobile privacy is indeed
> scary, and Apple better fess up. I just think we can fix these issues,
> instead of allowing them to be disempowering.
>
> In this case at least, turning your phone into "airplane mode" would
> have stopped the phone from broadcasting its availability to and
> registering with mobile towers. This would stop the active triangulation
> of your location from being logged into the local iOS database.
>
> I have an "airplane mode" icon on my Android phone home screen. Anytime
> I am not expecting an important call, or am reachable by another means
> (email, IM, irc), I generally activate it. Not only does it reduce my
> location footprint data trail, but it also saves quite a bit of battery
> life!
>
> I also like Google's Latitude Dashboard which encourages user to really
> "own it" when it comes to mobile location data tracking. They have a
> really pretty UI, charts, etc, that can show you how many minutes a day
> you spend at home, the gym, work or your local pub. Their point is that
> if government and mobile phone operators already have this data, why
> shouldn't you (the user and human being tracked) also benefit from it?
>
> https://www.google.com/latitude/history/dashboard
>
> All in all, we shouldn't cede the advantage technology can bring to the
> movements and causes we care about because developers at Apple and Skype
> (see their recent issue with Android app data permissions) are clearly
> make very bad decisions about how they implement their closed-source
> software.
>
> Best,
> Nathan
>
> _______________________________________________
> liberationtech mailing list
> liberationtech(a)lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
You will need the user name and password you receive from the list
moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
![](https://secure.gravatar.com/avatar/4dcee6b681f0b6b1e3a31dce135bad68.jpg?s=120&d=mm&r=g)
Re: [liberationtech] iPhones/iPads secretly track 'scary amount' of your movements
by Frank Corrigan 06 Jul '18
by Frank Corrigan 06 Jul '18
06 Jul '18
More critical analysis of the original tracking claims has been posted
here:
"Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is."
http://www.theregister.co.uk/2011/04/22/apple_iphone_location_tracking_anal…
No, iPhone location tracking isn't harmless and here's why
Secret Apple database already being tapped by cops
By Dan Goodin in San Francisco b"
Posted in ID, 22nd April 2011 00:51 GMT
Analysis It didn't take long for the blogosphere to pooh pooh research
presented on Wednesday that detailed a file in Apple iPhones and iPads
unknown to the vast majority of its users that stored a long list of
their time-stamped locations, sometimes with alarming detail.
On Thursday, a forensics expert who sells software to law enforcement
agencies gave a first-hand account why scrutiny of the location-tracking
database is crucial. We'll get to that in a moment. But first, let's
take a sampling of the rampant naysaying.
The most common criticism was that the contents of the SQLite file,
which is stored on the phone and on any computer backups, were wildly
imprecise. Blogger and web developer Will Clarke, for instance, used the
researchers' freely available software to map the coordinates gathered
by his own iPhone during a recent round-trip bike tour he took from
Philadelphia to New Jersey. When he compared the results to the actual
route, he found that b almost all the points were way off.b
In an interview with The Reg, he said some of the points on the
resulting map were as much as 3,000 meters, or almost two miles, away
from his true location.
b The data that is exposed basically reveals which city you were in at a given time,b he concluded in a post that called the research b sensational.b b Nothing more specific than that. It can't tell what house you live in, it can't tell what route you jog on, nothing like that.b
He went on to conclude: b Apple is not storing the device's location,
it's storing the location of the towers that the device is communicating
with.b
Software analyst David b Leftyb Schlesinger found similar inaccuracies
when he used the database contents of his iPhone to plot a train ride he
took in July from Amsterdam to Den Haag, about 60 kilometers away. He
also found that the iPhone file showed he was in Santa Cruz, California,
on Christmas Day and traveled as much as 80 miles, when in fact he
stayed in the state's Central Valley, some 130 miles away, the entire
day.
Like several other bloggers, he also noted huge inconsistencies in the
time intervals that locations were logged. Sometimes iPhones and iPads
went days without updating the database, and on one occasion went almost
two weeks.
The critics make a valid point that the data stored in the
consolidated.db file hardly contains a historical record of a user's
real-time comings and goings, or a user's every move, as incorrectly
suggested in initial coverage from The Register and many other news
sites. Researchers Pete Warden and Alasdair Allan readily acknowledge
that they have yet to figure out what triggers iDevices to log location
details, but it's not unusual for hours or even weeks to occasionally
pass between entries.
They said they have noted one or two grossly inaccurate locations logged
in the database. One region that seems to regularly pop up in files
stored on multiple phones is an area just outside of Las Vegas. Allan
said the database extracted from his iPhone and the iPhones of several
people he knows logged that Nevada city even though none of the owners
were anywhere near it on the date indicated in the corresponding
timestamp.
Las Vegas also incorrectly showed up on the iPhones of Clarke and a
co-worker of his, suggesting the iOS code that logs locations may be
buggy.
b We both have the exact same data point in Vegas, and neither of us have been,b he said.
Warden and Allan said their reverse engineering exercise made it
impossible to learn the precise way the logging works, but they insist
the conclusion of their research is still correct: The contents of the
consolidated.db file stored on every iDevice and on any computer
containing a backup of its data contains a b scary amount of detail on
our movements.b
b By inspecting it, I can tell what part of downtown San Francisco I'm in, I can see that I'm in a particular neighborhood,b Warden said.
Added Allan: b It's a bit above block level, but it can certainly tell
that I'm in north east Manhattan, or south east Manhattan.b
They said the precise latitude and longitude plotted on a map is
accurate to about 500 meters in areas where there are many cellphone
nodes and as much as 4 kilometers with fewer nodes.
b It really does seem to be dependent on how good your cell coverage is,b Allan said. b If you're in a big city like downtown San Francisco, the positioning is going to be much better. If you're in the middle of London, the positioning is going to be much better. If you're in a rural or semi-rural area, your positions are going to be much rougher.b
They also refuted Clarke's assertion that the latitude and longitude
coordinates logged in the database referred to the position of cell
towers rather than the Apple devices themselves. Some of the extracted
databases they examined plotted literally thousands of unique
coordinates in a small part of a single city. It's almost impossible
that there could be that many corresponding nodes in such a confined
area, they said.
What's more, the geographic locations of cell towers is usually kept
secret by the carriers who own them, and there's no clear way an iPhone
would be able to detect its longitude and latitude anyway.
b Our current stance is that this is the position of the device,b Allan said. b There has to be now or very soon a big public debate about location data and privacy. This (research) might be something that helps kick that debate off.b
Cops already tapping consolidated.db predecessor
Chris Soghoian, a security and privacy researcher with no connection to
Warden and Allan's work, agreed.
b I don't think users had any idea that this information was being collected,b he said. b The fact that it doesn't detail the exact street corner you were on and merely deals with what neighborhood you were in, I donbt think that's going to be comforting to people.
He compared the the iPhone and iPad's tracking of location information
to the Google Street View debacle, in which roving vehicles throughout
the globe logged unencrypted Wi-Fi traffic and dumped it into a giant
database, contradicting previous assurances from the company. Google
later pledged to destroy the data, which may include passwords and other
sensitive information.
Soghoian said Apple had a responsibility to let customers know the type
and extent of the information their iPhones and iPads were collecting
about them.
b When you get stopped by the police and they arrest you for any crime, they can search your phone and get any data off of it,b he said. b This is definitely something that people should be concerned about and I think what it points to is that Apple isn't taking privacy seriously.b
Indeed, Alex Levinson, a forensics expert specializing in mobile
devices, blogged here that b geolocational artifacts were one of the
single most important forensic vectors found onb the devices. As a
result, he wrote a proprietary program called Lantern that law
enforcement agencies use to actively examine the contents of the iPhone
location database.
b Within 24 hours of the iPhone 4's release, we had updated Lantern to support forensic analysis of iOS 4.0 devices,b he wrote. b Within 36 hours, we had begun writing code to investigate consolidated.db. Once a jailbreak came out for iOS 4, I wrote a small proof of concept application to harvest the contents of consolidated.db and feed it to a server for remote location tracking.b
Levinson also said iPhone location tracking has gone on much longer than
indicated by Warden and Allan, who claimed it began with the
introduction of Apple's iOS 4 in late June. In fact, said Levinson,
earlier iPhones contained a hidden file called h-cells.plist that
contained much of the same baseband radio locations that consolidated.db
has now.
b Through my work with various law enforcement agencies, we've used h-cells.plist on devices older than iOS 4 to harvest geolocational evidence from iOS devices,b wrote Levinson, who is a lead engineer for Katana Forensics.
Based on Levinson's account, it's hard to put much credence in critics
who cite bugs and a lack of geographic granularity to argue that the
undisclosed tracking of iPhones and iPads is harmless or inconsequential
to its millions of users. Inclusion of the database means that anyone
who ever loses his device risks exposing potentially large amounts of
information about where he was over months or years.
That could be devastating for people embroiled in messy lawsuits or
those whose whereabouts are closely guarded secrets, such as volunteers
who work with victims of abusive spouses.
Of course, none of this speculation would be necessary if Apple would
come clean about exactly how the location tracking it built into its
devices works and what precise information is collected. The company, in
keeping with its Jobsian obsession with privacy, has yet to utter a peep
despite widespread media coverage.
Here's hoping Apple's location tracking isn't as big a threat as some
believe. But until those who know for sure speak up (Apple PR, are you
listening?), we think the prudent thing to do is assume it is.
Frank
----- Original message -----
From: "Rafal Rohozinski" <r.rohozinski(a)psiphon.ca>
To: "Liberation Technologies" <liberationtech(a)lists.stanford.edu>
Date: Wed, 20 Apr 2011 22:51:53 -0400
Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
amount' of your movements
It's not just iPhones that record vast amount of data that can be easily
geo-located and reconstruct person's movements, networks, and personal
communication - any cell phone going back 15 years stores data through
log files, message and SMS traffic that can be reconstructed and
retrieved to create pretty comprehensive profiles of usage and location.
Devices that do forensic extraction (UFED) are quite widespread and in
use throughout police forces intelligence agencies as well as most
cellular carriers around the world. For those of you for whom this is
a revelation, I'd advise you to take a look at this website of a leading
provider of UFEDs. There are some interesting videos, and once you're
done, take a look at where this company has it's permanent
representatives.
http://www.cellebrite.com/forensic-products/ufed-physical-pro.html
Time for a reality check. Mobile phones are essentially digital dogtags
so if you're concerned about the ability they have to track your
movements and communications - do like Osama, use exclusively
off-line means through trusted intermediaries. Otherwise accepting
that cell phones are a risk to privacy is just the flip side of the
convenience that these devices bring. With or without Apple networks
are essentially spiderwebs - that's the essence of modern signals
intelligence.
It's worrisome that there are a lot of myths among the activist
community about cell phone security. True, you can "drive up the
negatives" and make it more difficult for a casual actor to scan or
obtain PII from your phone ( so I I agree with Nathan) - but if
you're up against well resourced opponents, most of these tools plain
ineffective and their very presence on your phone may be more of a
giveaway that actually makes you more of a a target of interest.
Unfortunately security is not a product or something you can buy
shrink-wrapped in code. Its practice and process and ultimately comes
down to the risks you're willing to take in the service of an objective
or cause. And if you want to play in the big tent, it's good
old-fashioned tradecraft and not better toys that make a difference.
Rafal
On Apr 20, 2011, at 5:43 PM, Frank Corrigan wrote:
>
> I am aware of the general principle of mobile phone tracking, it is just
> that most people assume this data is only accessible via cell tower
> providers or via a court order/lawful request, not recorded on the
> device itself and accessible in an easy to read format to anyone who has
> access and inclination or has impounded it for law enforcement purposes.
> I suppose it's a bit like the Windows IE index.dat files. Now of course
> anyone crossing a USA border can have such devices taken away and such
> location data easily copied for later in-situ analysis.
>
> Frank
>
> ----- Original message -----
> From: "Nathan Freitas" <nathan(a)freitas.net>
> To: "Frank Corrigan" <email(a)franciscorrigan.com>, "Liberation
> Technologies" <liberationtech(a)lists.stanford.edu>
> Date: Wed, 20 Apr 2011 16:20:13 -0400
> Subject: Re: [liberationtech] iPhones/iPads secretly track 'scary
> amount' of your movements
>
> On 04/20/2011 03:55 PM, Frank Corrigan wrote:
>> More reasons for activists/protesters in hostile (ordinary) environments
>> not to bring along their mobile phone, latest cell connected gizmo.
>
> ... and return to megaphones, flags, smoke signals, carrier pigeons and
> frantic arm waving instead? If our ordinary environments are truly
> hostile, then either we give up ever using a mobile phone, or we find
> some way to address the problem.
>
> Don't get me wrong, this latest revelation on mobile privacy is indeed
> scary, and Apple better fess up. I just think we can fix these issues,
> instead of allowing them to be disempowering.
>
> In this case at least, turning your phone into "airplane mode" would
> have stopped the phone from broadcasting its availability to and
> registering with mobile towers. This would stop the active triangulation
> of your location from being logged into the local iOS database.
>
> I have an "airplane mode" icon on my Android phone home screen. Anytime
> I am not expecting an important call, or am reachable by another means
> (email, IM, irc), I generally activate it. Not only does it reduce my
> location footprint data trail, but it also saves quite a bit of battery
> life!
>
> I also like Google's Latitude Dashboard which encourages user to really
> "own it" when it comes to mobile location data tracking. They have a
> really pretty UI, charts, etc, that can show you how many minutes a day
> you spend at home, the gym, work or your local pub. Their point is that
> if government and mobile phone operators already have this data, why
> shouldn't you (the user and human being tracked) also benefit from it?
>
> https://www.google.com/latitude/history/dashboard
>
> All in all, we shouldn't cede the advantage technology can bring to the
> movements and causes we care about because developers at Apple and Skype
> (see their recent issue with Android app data permissions) are clearly
> make very bad decisions about how they implement their closed-source
> software.
>
> Best,
> Nathan
>
> _______________________________________________
> liberationtech mailing list
> liberationtech(a)lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click
above) next to "would you like to receive list mail batched in a daily
digest?"
You will need the user name and password you receive from the list
moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
_______________________________________________
liberationtech mailing list
liberationtech(a)lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders.
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
real money)
From: Somebody at a Central Securities Depository :-)
Date: Wed, 13 Oct 2004 10:31:10 +0100
i buy the argument that transaction instantaneity is a solution to the
identity theft problem - my cash in your hands, at the same time (now) as
your goods in my hands, in a way that allows both of us to ensure we have
got what we wanted. But there's a trade-off; I have to use money, not
credit, now - your point about the buyer 'lending' the seller cash at 0%
interest. I'm not sure how "the system compensates" for that. It seems to
me it becomes a risk-cost trade-off for the individual: I can work out the
cost to me of using real money not credit; then I know what I am paying to
insure myself against identity theft. Of course I probably rely on the
credit people covering me against a lot of the risk of identity theft, and
I may not even pay them for that cost (if it is built into the APR they
charge and I can avoid interest by paying off the card quickly)... so to me
identity theft risk is almost costless. Why then would I choose to insure
myself explicitly by using cash instead of credit?
What is it that makes all the individuals start thinking about the best
interests of "the system" (which should be cheaper without all these hidden
insurance costs) instead of thinking about their own interests?!
David
"R.A. Hettinga" <rah(a)shipwright.com>
12/10/2004 15:52
To: John Kelsey <kelsey.j(a)ix.netcom.com>,
cryptography(a)metzdowd.com, cypherpunks(a)al-qaeda.net
cc:
Subject: Re: Financial identity is *dangerous*? (was re:
Fake companies, real money)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 9:49 AM -0400 10/12/04, John Kelsey wrote:
>Hmmm. I guess I don't see why this story supports that argument all
>that well.
More like the straw that broke the camel's back, admittedly.
A long time ago I came to the conclusion that the closer we get to
transaction instantaneity, the less counterparty identity matters at
all. That is, the fastest transaction we can think of is a
cryptographically secure glop of bits that is issued by an entity who
is responsible for the integrity of the transaction and the quality
of assets that the bits represent. Blind signature notes work fine
for a first-order approximation. In other words, an internet bearer
transaction.
In such a scenario, nobody *cares* who the counterparties are for two
reasons. The first reason is existential: title to the asset has
transferred instantaneously. There is *no* float. I have it now, so I
don't *care* who you were, because, well, it's *mine* now. :-).
Second, keeping an audit trail when the title is never in question
is, in the best circumstances superfluous and expensive, and, in the
worst, even dangerous for any of a number of security reasons,
depending on the color of your adversary's hat, or the color your
adversary thinks his hat is, or whatever. Keeping track of credit
card numbers in a database is an extant problem, for instance, with a
known, shall we say, market cost. We'll leave political seizure and
other artifacts of totalitarianism to counted by the actuaries.
> Clearly, book entry systems where I can do transactions in your
>name and you are held liable for them are bad, but that's like
>looking at Windows 98's security flaws and deciding that x86
>processors can't support good OS security.
I'm walking out on a limb here, in light of what I said above, and
saying that when there's *any* float in the process, your liability
for identity theft increases with the float involved. Furthermore,
book-entry transactions *require* float, somewhere. They are
debt-dependent. Someone has to *borrow* money to effect a
transaction. (In a bearer transaction, the shoe's on the other foot,
the purchaser is *loaning* money, at zero interest, but that's what
the buyer wants so the system compensates accordingly, but that's
another story.) Because the purchaser has to borrow money to pay, and
because you *cannot* wring the float out of a transaction (that is,
you can get instantaneous execution, but the transaction clears and
settles at a later date; 90 days is the maximum float time for a
non-repudiated credit-card transaction, for instance), I claim that
book-entry transactions will *always* be liable for "identity" theft.
Put another way, remember Doug Barnes' famous quip that "and then you
go to jail" is not an acceptable error handling step for a
transnational internet transaction protocol.
I would claim that enforcement of identity as a legal concept costs
too much in the long run to be useful, and that the cheapest way to
avoid the whole problem is to go to systems which not only don't
require identity, but they don't even require book-entry *accounts*
at all to function at the user level.
Financial cryptography has had that technology for more than two
decades now, so long that the patent's about expired on it, if it
hasn't already.
>The aspect of this that's generally spooky is not the existence of
>book entry payment systems, it's the ease with which someone can get
>credit (in one form or another) in your name, based on information
>they got from public records and maybe a bit of dumpster diving,
>some spyware installed on your machine, or a phishing expedition.
>How the payment systems are cleared isn't going to change that,
>right? (I know you've thought about this stuff a lot more than I
>have, so maybe I'm missing something....)
See above. When you use book-entry transactions, by definition, you
need identity. Biometric, is-a-person,
go-to-jail-if-you-lie-about-a-book-entry identity. With bearer
transactions, digital/internet or otherwise, you don't have identity.
You don't *need* identity to execute, clear, and settle the
transaction, primarily because all three happen at once. There's no
float between the three activities. You don't have to send someone to
jail if they lie, because the transaction never executes in the first
place if they do.
Now, there are tradeoffs. The first one is key management, which as
Schneier likes to point out, is a hard problem. Personally, I think
that if you don't have to associate a key with a flesh-and-blood body
in meatspace, a whole continent full of problems just disappears. In
a bearer transaction, it's orthogonal to the issue of security
anyway, and all it does is cost you money to do for no added benefit.
The second one is security of the digital bearer notes and coins
themselves, which, frankly, scares people in the finance business
most of all. However, I would claim that all organizations, and even
people :-), do their *database* and document backups already, and
that proper system hygiene will evolve, particularly if literal money
is involved. Frankly, there already is a market for distributed data
storage, and there are even working systems using m-of-n distributed
data storage, which would be the most secure way to solve the
problem. And, as we all know, digital bearer transactions are the
best *way* to pay for those kinds of m-of-n services anyway, so it
feeds on itself nicely.
I think that it's less of a chicken-and-egg problem than it used to
be, and I think that reality is catching up to all the theory we've
kicked around on these lists for more than a decade now. The
ultimate solution to the problem of identity theft is to not use
identity at all, and, frankly, not even to use book-entries at all.
Cheers,
RAH
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQWvvMcPxH8jf3ohaEQK7sQCgv7HrWERRq8oJwZWq+6K/Ekiq4mMAoKCc
sc4xGjfFFKMysKjV2hRDjSsy
=C/Ar
-----END PGP SIGNATURE-----
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
This email is for the intended recipient only and is confidential. If you
are not the intended recipient, please inform the sender immediately and
delete this email and any copies, (including attachments), from your
system. You should not read, copy or make any use of this email if you have
received it in error.
You should take whatever measures you deem to be appropriate to ensure that
this email is virus free.
CRESTCo Ltd does not give any representation, guarantee or warranty
(whether expressed or implied) that this email has been securely
transmitted or is accurate, timely or complete and excludes all liability
in connection with this email or for any statements which are clearly the
senders own and do not represent the views of CRESTCo Ltd.
CRESTCo Ltd reserves the right to monitor the use and content of all emails.
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
--HAA17158.993817255/einstein.ssz.com--
1
0
Ian, p2p-hackers:
It's not my goal to quibble about etymology (except inasmuch as it is useful
to
preserve the historical record). My goals are:
1. Avoid ambiguity -- where some people think that word X denotes concept 1,
and others think that word X denotes concept 2. Especially if concepts 1
and 2 are related but not identical. Especially if one of them is
politically incendiary.
2. Make sure we have names for our useful concepts.
However, before I get to that I am going to go through the history one last
time in order to cast light on the current problem. I turned up some
interesting details.
Let's start with a Venn diagram:
_______ _______
/ \ / \
/ \ / \
/ \/ \
/ /\ \
/ / \ \
| | | |
| 1 |1^2 | 2 |
| | | |
| | | |
\ \ / /
\ \/ /
\ /\ /
\ / \ /
\_______/ \_______/
Let 1 be the set of networks which are used for illegal transmission of
information, and 2 be the set of networks which are built on f2f connections,
and 1^2 be the intersection -- the set of networks which are used for illegal
transmission of information and which are built on f2f connections.
[bepw2002] introduces "darknet" to mean concept 1. In their words darknet is
"a collection of networks and technologies used to share digital content",
and
they use it consistently within that meaning. They refer to concept 2,
starting in section 2.1, using the term "small-world nets", and they clearly
distinguish between what they call "small-world darknets" and
"non-small-world
darknets".
However nowadays some people in the mass media seem to think that a "darknet"
means primarily a network which is "invitation-only", i.e. a "small-world" or
"f2f" net [globe]. When did the meaning shift?
Ooh -- how interesting to examine the evolution of this word on [wikipedia]!
The original definition on wikipedia was written on 2004-09-30. It read in
full: "Darknet is a broad term to denote the networks and technologies that
enable users to copy and share digital material. The term was coined in a
paper from four Microsoft Research authors.".
The next change was that two months later someone redirected the "Darknet"
page
to just be a link to the "Filesharing page", with the comment "Just another
word for filesharing".
The next change was that on 2005-04-14 someone from IP 81.178.83.245 wrote a
definition beginning with this sentence: "A Darknet is a private file sharing
network where users only connect to people they trust.".
By the way, I should point out that I have a personal interest in this
history
because between 2001 and 2003 I tried to promulgate concept 2, using Lucas
Gonze's coinage: "friendnet" [zooko2001, zooko2002, zooko2003, gonze2002].
I would like to know for my own satisfaction if my ideas were a direct
inspiration for some of this modern stuff, such as the Freenet v0.7 design.
So much for etymology.
Now the problem is that in the current parlance of the media, the word
"darknet" is used to mean vaguely 1 or 2 or 1^2. The reason that this is a
problem isn't that it breaks with some etymological tradition, but that it is
ambiguous and that it deprives us of useful words to refer to 1 or 2
specifically. The ambiguity has nasty political consequences -- see for
example these f2f network operators struggling to persuade newspaper readers
that they are not primarily for illegal purposes: [globe].
My proposal to rectify the lack-of-words problem is to use "blacknet" to
refer
to 1 specifically and "f2f net" to refer to 2 specifically. I don't know if
there is any way to rectify the ambiguity problem.
Ian wrote:
>
> ...
> defining the term "darknet" as a f2f network that is designed
> to conceal the activities of its participants (this being, so far as I
> have seen, one of the main motivations for building an f2f network),
So you think of "darknet" as meaning 1^2.
That's an interesting remark -- that you regard concealment as one of the
main
motivations. I personally regard concealment as one of the lesser
motivations
-- I'm more interested in attack resistance (resisting attacks such as
subversion or denial-of-service, rather than attacks such as surveillance),
scalability, and other properties. Although I'm interested in the
concealment
properties as well.
Regards,
Zooko
P.S. Here's some obligatory link juice for Gonze's latest sly neologism:
lightnet!
[bepw2002] "The darknet and the future of content distribution" Biddle,
England, Peinado, Willman (Microsoft Corporation)
http://crypto.stanford.edu/DRM2002/darknet5.doc
http://www.dklevine.com/archive/darknet.pdf
(The .doc version crashes my OpenOffice.org app when I try to
read
it. Does this mean something? The .pdf version has screwed up
images when I view it in evince.)
[wikipedia] http://en.wikipedia.org/wiki/Darknet
[zooko2001] "Attack Resistant Sharing of Metadata" Zooko and Raph Levien
presentation, First O'Reilly Peer-to-Peer conference, 2001
http://conferences.oreillynet.com/cs/p2p2001/view/e_sess/1200
[zooko2002]
http://zooko.com/log-2002-12.html#d2002-12-14-the_human_context_and_the_fut…
e_of_Mnet
[zooko2003]
http://www.zooko.com/log-2003-01.html#d2003-01-23-trust_is_just_another_top…
ogy
[gonze2002] http://www.oreillynet.com/pub/wlg/2428
[globe] "Darknets: The invitation-only Internet" globeandmail.com
2005-11-24
http://www.globetechnology.com/servlet/story/RTGAM.20051007.gtdar
knetoct7/BNStory/Technology/
[lightnet] http://gonze.com/weblog/story/lightnet
_______________________________________________
p2p-hackers mailing list
p2p-hackers(a)zgp.org
http://zgp.org/mailman/listinfo/p2p-hackers
_______________________________________________
Here is a web page listing P2P Conferences:
http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0
>From: Travis Kalanick <travis(a)redswoosh.net>
...
>While operating my laptop he said that we was tasked with preventing
>illegal pornographic material from entering the United States
...
>He returned my laptop after this warrantless search saying I was free
Dave,
And to what end -- other than going through the motions -- is such
a search?
Given a quick check, the border agent would be unlikely to find a
cache of porn photos that was compressed and archived in a single
encrypted file named C:\WINDOWS\$NtUninstallKB911567 or some other
obscure name -- not a single JPG porn file to be found in a file
scan.
Perhaps what's really going on in such border cases is some sort of
"amateur test" -- since any pro who wanted to bring porn (or any
other data) into the U.S. on a laptop would never leave the data in
an easily discovered form. But then again, why bother using the
laptop? How about putting an innocuous looking file on that cute
keychain memory dongle? Or on an iPod? Porn could be easily rigged
to look like an mp3 file, that could even play properly. Or why not
use some spare cell phone memory area? Or how about that 2 Gig
memory stick in the camera, or a miniSD memory card inserted
into an electric razor or the binding of a book?
To quote the wonderful episode "OBIT" from the original '60s
television series "The Outer Limits": "The machines are everywhere!"
Anyone with half a brain who wants to bring data into the U.S. can
do so without meaningful detection, short of a full body cavity
strip search and prolonged forensic analysis -- and even then the
true nature of any data might well be undiscovered.
All of the rest is for show, and perhaps to cull the low hanging fruit.
--Lauren--
Lauren Weinstein
lauren(a)vortex.com or lauren(a)pfir.org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
-------------------------------------
You are subscribed as tfairlie(a)frontiernet.net
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-
people/
-------------------------------------
You are subscribed as eugen(a)leitl.org
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
1
0