mirroring services, web accounts for ecash
Some meta-level thoughts on the eternity service document availability problem: Many of the problems with designing an eternity service are introduced by trying to build real time accessibility of data (with similar response times for documents to those offered by web servers). The BlackNet model can quite ably provide eternity like services with perhaps 24 hour turn around on documents. Everything is operated by digital dead drop (via say news:alt.anonymous.messages), or mixmaster remailers. This suggests that another approach would be to have two classes of services. Users of high risk documents can put up with 24 hour turn around, and lower risk documents can be served by an alternate service, intermediate risk documents can exist by using low risk resources until detection. The low risk document service could be just an automated mirroring service, and could for example explicitly state that illegal materials in server localities will be removed on the server operator becoming aware of this fact, or perhaps on receipt of court notification. This presents the kind of "we aim to discourage illegal materials" persona that commercial ISPs like to present to the police and spooks. It might also be useful to partially automate the differences in types of material which can be hosted in various jurisdictions. Scandinavian countries might be used for pornography in the 14 - 21 year old range; other jurisdictions useful for copyright music materials, where music royalties are collected by a blank media tax; the US might be useful for publication of materials critical of Islamic beliefs, and so on, in each case the materials being strictly legal in the server locality. The mirroring service could be offered by mirror site operators as a public service for locally controversial materials, or services could be charged for to improve long term availability. If the mirroring service is automated, it is likely that materials will slip through the gaps in the system (especially if it is designed with this property in mind), much like warez used to be traded in funny named directories on badly configured ftp servers, or world read and writeable ftp incoming directories. The operator says "darn warez pirates" and removes the offending warez when he is notified. But it might stay up for a few weeks, and URLs spread quickly, and there are lots of open access sites. Another less controversial "host" service which warez pirates might be likely to get away with abusing would be simple web space available for ecash. Lance Cottrell already offers this such anonymous web accounts. If many ISPs start offering this kind of service, the pirates will be more easily able to keep going by hopping from account to account, as accounts are closed for breach of policy, in a similar way that spammers treat accounts as disposable. A TAZ server could even offer a persistent virtual URL to a migrating warez file collection located either on mirroring sites, or on anonymous ecash paid web accounts. (TAZ servers just offer a layer of indirection, see Ian Goldberg and Dave Wagner's paper: http://www.cs.berkeley.edu/~daw/cs268/ ) Adam
At 7:14 PM -0800 1/12/98, Adam Back wrote:
Some meta-level thoughts on the eternity service document availability problem:
Many of the problems with designing an eternity service are introduced by trying to build real time accessibility of data (with similar response times for documents to those offered by web servers).
The BlackNet model can quite ably provide eternity like services with perhaps 24 hour turn around on documents. Everything is operated by digital dead drop (via say news:alt.anonymous.messages), or mixmaster remailers.
Ah, I just saw this message after already sending my last message, where I described several axes. I even cited the same estimate, of "~days," for the latency of Blacknet sorts of Eternity implementations. Adam and I are apparently thinking similar sorts of thoughts. A pity we waste so much time at Cypherpunks physical meetings getting "updates" on commercial (and boring, from an issues viewpoint) crypto products when some exciting seminars and brainstormings on these sorts of issues would be so much more fun. (Note: I shouldn't be criticizing Cypherpunks physical meetings too much. I suppose they serve a purpose, and the Bay Area community has moved away from "exotic" applications and ideas to more commercial issues. And why I basically don't go to meetings much anymore.) Back to Back:
This suggests that another approach would be to have two classes of services. Users of high risk documents can put up with 24 hour turn around, and lower risk documents can be served by an alternate service, intermediate risk documents can exist by using low risk resources until detection.
Here's a meta-question: Suppose one holds highly secret or sensitive data, for which one wants to use an Eternity service to ensure the information is not suppressed by some government or other actor. Why centralize the data at all? Why not just use the "pointer" to the data and offer to provide it? Which is what Blacknet was all about. Instead of focussing on a data base, focus instead on an untraceable market mechanism. (I admit that a system which can provide *A LOT* of data *VERY FAST*, and also untraceably or unstoppably, is an attractive goal. It would blow both Adam's "repost to Usenet" and my "Blacknet" approaches to hell and gone. The catch is that I can't see how such a system will get built, who will run the nodes, how payment will be made to pay for the nodes and work, and how traffic analysis will be defeated.) And I think implementing the slower-but-no-breakthroughs approach (Blacknet or variations) has some advantages. It may be many years before we need to be in the corner of the graph that is "large amounts of data--very fast retrieval--very secure." Most candidates for untraceable/secure storage and retrieval are NOT in this corner, yet. (Kiddie porn may be, but whistleblowing and scientific information are not.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 7:47 AM -0800 1/13/98, Adam Shostack wrote:
I think that a Silk Road system, where most of the money flows between neighbors, might be a useful model. Its also worth
A flaw here is that the Real Silk Road (tm) had merchants up and down the line knowing the value of what they were buying, the rugs, silks, spices, gold, etc. Extending this to a long series of "encrypted" items is much more problematic. If the "final buyer" in "Damascus" ends up with a worthless item, does he blame the seller in "Kabul" or the seller in "Tashkent" or the seller all the way back the line? I don't see a "Silk Road" chain as being any improvement over the direct broadcast offer of a conventional Blacknet system.
considering getting the US Government to build and operate most of Blacknet for us as a base for sting operations, much the way Arizona State police distributed $7m marijuana to get $3m in seizures. Lots of people got to smoke, courtesy of Uncle Sam.
Even less likely. (Though I did hear of some interest by the DoD in what Blacknet could mean for their ability to keep secrets.) And with full untraceability, it would hardly work for "stings." Unless they could cause participants to trip themselves up and make mistakes, revealing their true names. Unlikely after the first few publicized mistakes. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
-----BEGIN PGP SIGNED MESSAGE----- On Mon, 12 Jan 1998, Tim May wrote: [...]
And I think implementing the slower-but-no-breakthroughs approach (Blacknet or variations) has some advantages. It may be many years before we need to be in the corner of the graph that is "large amounts of data--very fast retrieval--very secure."
Most candidates for untraceable/secure storage and retrieval are NOT in this corner, yet. (Kiddie porn may be, but whistleblowing and scientific information are not.)
You know, I think we have been missing one use for eternerty services. Its a cheap reliable off site backup system. You simply encrypt your data, and throw it into the system. In addtion a large number of comperise useing the system like this will become a type of hostage against interference. - -- Please excuse my spelling as I suffer from agraphia see the url in my header. Never trust a country with more peaple then sheep. ex-net.scum and proud You Say To People "Throw Off Your Chains" And They Make New Chains For Themselves? --Terry Pratchett. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNLwHFKQK0ynCmdStAQE9MQP/WZitSpCzVnx/rYX9qvkf80ZapgE1bws4 MjSmkI5tVpEg5uJ2Rqq5lb6xBzMPUtJ9jgBsUyAcYOH07k8Ycg5NW3UYrnQVNiz4 /h7qENmAjmErONhIZBN+NYd69q/v7q+d3WyQTJif74k5T0cwrfHagnzbWcusNYYt 4iA/pO1SCHU= =oTNd -----END PGP SIGNATURE-----
At 4:30 PM -0800 1/13/98, ? the Platypus {aka David Formosa} wrote:
You know, I think we have been missing one use for eternerty services. Its a cheap reliable off site backup system. You simply encrypt your data, and throw it into the system.
Bandwidth. Think about it. Most of us are backing up on DATs or CD-ROMs. But our Net connections are running at 30-50 KB/sec. Do some quick calculations! Plus, Bandwidth Part II: When N people begin using Eternity for this kind of backup.... In any case, this was discussed a few years ago, so we're not "missing" this use. (Gelernter's Linda system touched on similar uses.) --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim May <tcmay@got.net>
Here's a meta-question: Suppose one holds highly secret or sensitive data, for which one wants to use an Eternity service to ensure the information is not suppressed by some government or other actor.
Why centralize the data at all?
Why not just use the "pointer" to the data and offer to provide it?
Which is what Blacknet was all about. Instead of focussing on a data base, focus instead on an untraceable market mechanism.
I am more and more seeing the similarities between BlackNet and Eternity USENET. The only real difference that I can see is that for E-USENET I have been talking about periodically broadcasting the data to allow very high security for the reader, and also the idea of keeping a local copy of the documents so that data is pre-fetched to speed up accesses. Both designs are relying heavily on the anonymity provided by remailers. For very high risk traffic, even using mixmaster remailers may be risky due to the various active attacks which could be mounted by a well resourced attacker with ability to selectively deny service. An eternity service or blacknet information provider could frustrate the active attacker by having many software agents with different network connectivity and using these resources unpredictably.
(I admit that a system which can provide *A LOT* of data *VERY FAST*, and also untraceably or unstoppably, is an attractive goal. [...] The catch is that I can't see how such a system will get built, who will run the nodes, how payment will be made to pay for the nodes and work, and how traffic analysis will be defeated.)
One big opportunity we have is to subvert protocols of new services. A distributed web replacement with ecash payment for page hits I think is plausible. Web pages could migrate to meet demand. You could have a hot-potatoe effect, where high risk documents are not kept for long -- bits move faster than government agents and lawyers -- hot data could migrate every 10 minutes. However distributed web replacements are complex to design, and whether it will be possible to deploy the system widely is an open question.
And I think implementing the slower-but-no-breakthroughs approach (Blacknet or variations) has some advantages. It may be many years before we need to be in the corner of the graph that is "large amounts of data--very fast retrieval--very secure."
Most candidates for untraceable/secure storage and retrieval are NOT in this corner, yet. (Kiddie porn may be, but whistleblowing and scientific information are not.)
What about large scale software piracy. This could consume serious amounts of bandwidth. This seems to be intermediate risk in that if one observes even 30 seconds of traffic in #warez, one observes lots of commercial software trading hands. Perhaps the new draconian US software copyright law which the large software corps purchased from the politicians will move software piracy towards the higher risk end. Would the world be better off without software copyright? I tend to think so. Adam
participants (3)
-
? the Platypus {aka David Formosa} -
Adam Back -
Tim May