managing and protecting nyms...
I should have asked this years ago when there was more traffic/users on this list (and I was using a different nym[1]) ... but years ago there was not such established proof of data correlation in "anonymized" data sets (netflix, "anonymized" medical data, etc.) So, in the post-netflix, post-aol-user-data[2] world, I am doing the following to sanitize my online nyms: - establishing a distinct user account, on a different provider, for each topic I discuss. For instance, this nym only discusses encryption/"yro"/tor subjects. - Scrubbing my language of certain idiosyncratic phraseology or blatant aspects of "style" ... favored slang, etc. Perhaps even purposefully bad grammar in finer points of grammar that most people get wrong - so as to keep the "correct" forms from being identifiable. - Forged user agent / email agent headers - Never referencing my own _actual_ published works or comments, or linking to myself or my work product in even a second-hand manner. These actions are probably not robust. My thought is that it can lower my common profiles below the noise threshold that a particular aggregator might have. What do _you_ do to sanitize/de-correlate your nyms ? [1] obnymleakage [2] http://en.wikipedia.org/wiki/AOL_search_data_scandal
On Thu, 2009-11-05 at 23:05 +0000, John Case wrote:
I should have asked this years ago when there was more traffic/users on this list (and I was using a different nym[1]) ... but years ago there was not such established proof of data correlation in "anonymized" data sets (netflix, "anonymized" medical data, etc.) [...] These actions are probably not robust. My thought is that it can lower my common profiles below the noise threshold that a particular aggregator might have.
What do _you_ do to sanitize/de-correlate your nyms ?
I don't. I only use a nym for things that need to appear to have been done by a third party, or for other reasons should not be traceable back to Shawn K. Quinn. Someone who I am currently not on speaking terms with once "clarified" his/her position by stating her online and in-person personas were different; his/her online persona made it appear he/she was more approachable than he/she actually was. I simply don't play that game. I do follow cypherpunk topics, I use PGP/GnuPG, Tor, Mixmaster, Freenet, GNUnet, etc. from time to time, but for the most part, I'm not nearly as paranoid as I used to be. For better or for worse. Hell, I quit channeling my Google queries through Tor some time ago (I still only accept session cookies from Google, and that's only to make the services work that require a Google account). -- Shawn K. Quinn <skquinn@speakeasy.net>
I thought you needed to de-correlate the anonymous data sets. Say that the database entries of a medical record are nym, age, location, type_of_disease. For e.g. Mickey, 43, Madison area, chance_for_don't_insure_him_disease. Now, it doesn't matter they may not find your actual name or address-they can correlate across databases to put up a red flag when someone matching the remaining fields except for the first one(nym)requests a health insurance policy. Note: The nym can be anything-in the above case it is just a nickname. Sarad. --- On Fri, 11/6/09, Shawn K. Quinn <skquinn@speakeasy.net> wrote:
I should have asked this years ago when there was more
this list (and I was using a different nym[1]) ... but years ago there was not such established proof of data correlation in "anonymized" data sets (netflix, "anonymized" medical data, etc.) [...] These actions are probably not robust. My
common profiles below the noise threshold that a
From: Shawn K. Quinn <skquinn@speakeasy.net> Subject: Re: managing and protecting nyms... To: "John Case" <case@sdf.lonestar.org> Cc: cypherpunks@al-qaeda.net Date: Friday, November 6, 2009, 6:45 AM On Thu, 2009-11-05 at 23:05 +0000, John Case wrote: traffic/users on thought is that it can lower my particular aggregator
might have.
What do _you_ do to sanitize/de-correlate your nyms ?
I don't. I only use a nym for things that need to appear to have been done by a third party, or for other reasons should not be traceable back to Shawn K. Quinn.
Someone who I am currently not on speaking terms with once "clarified" his/her position by stating her online and in-person personas were different; his/her online persona made it appear he/she was more approachable than he/she actually was. I simply don't play that game.
I do follow cypherpunk topics, I use PGP/GnuPG, Tor, Mixmaster, Freenet, GNUnet, etc. from time to time, but for the most part, I'm not nearly as paranoid as I used to be. For better or for worse. Hell, I quit channeling my Google queries through Tor some time ago (I still only accept session cookies from Google, and that's only to make the services work that require a Google account).
-- Shawn K. Quinn <skquinn@speakeasy.net>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case <case@sdf.lonestar.org> writes:
... I am doing the following to sanitize my online nyms:
- establishing a distinct user account, on a different provider, for each topic I discuss. For instance, this nym only discusses encryption/"yro"/tor subjects.
Are you suggesting that you're not using a nym server [3] for your nyms?! What's your threat model again?
- Scrubbing my language of certain idiosyncratic phraseology or blatant aspects of "style" ... favored slang, etc. Perhaps even purposefully bad grammar in finer points of grammar that most people get wrong - so as to keep the "correct" forms from being identifiable.
A worthy but difficult thing to do. [3] http://en.wikipedia.org/wiki/Nym_server -- StealthMonger <StealthMonger@nym.mixmin.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFK84T8DkU5rhlDCl4RAulWAJ9CtUx1pG6rogf1xyFbkQp/t5wAxQCcC9R2 8fmdZprydcICKX/uRRlD8NA= =4AD3 -----END PGP SIGNATURE-----
On Fri, 6 Nov 2009, StealthMonger wrote:
- establishing a distinct user account, on a different provider, for each topic I discuss. For instance, this nym only discusses encryption/"yro"/tor subjects.
Are you suggesting that you're not using a nym server [3] for your nyms?!
What's your threat model again?
I don't use a nym-server. Usually. There are other ways to get comparable anonymity. Cardinal Richelieu: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." My threat model is an unknown future adversary with unpredictable motivations.
- Scrubbing my language of certain idiosyncratic phraseology or blatant aspects of "style" ... favored slang, etc. Perhaps even purposefully bad grammar in finer points of grammar that most people get wrong - so as to keep the "correct" forms from being identifiable.
A worthy but difficult thing to do.
I imagine it's like that weird random sand-walking the Fremen do. It becomes second nature after a while. Wait, was that nym-leakage ?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case <case@sdf.lonestar.org> writes:
I don't use a nym-server. Usually. There are other ways to get comparable anonymity.
Please explain other ways to be practically untraceable. -- StealthMonger <StealthMonger@nym.mixmin.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFK880SDkU5rhlDCl4RAt0WAJ9ZVnYEQlFz3g0FFERdDPeq+t7WlQCgtg+p +BBdCCOrIHaKTGcNivRpqpQ= =hSJZ -----END PGP SIGNATURE-----
On Fri, 6 Nov 2009, StealthMonger wrote:
I don't use a nym-server. Usually. There are other ways to get comparable anonymity.
Please explain other ways to be practically untraceable.
Shell providing and VPS providing is a cut throat business. It might take a few contacts (with a throwaway yahoo email you create through Tor) but you _will_ find someone to take your money (in cash). Lifetime or multi-annual payments in advance usually do the trick. The previously mentioned Simon gift cards could fit into this, but why bother. Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor). @ John Young:
Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive.
Recall repeated warnings here to never disclose in a public forum an ultimate protection scheme. Spread copious FUD, hope it sticks. Could be that is what this thread is about.
I don't know that this even rises to the level of a "protection methodology" - it's more along the lines of "survey the current landscape and choose an available, and obvious route". As for robustness, either Tor is broken/vulnerable or it's not. @ Eugen Leitl:
My threat model is an unknown future adversary with unpredictable motivations.
Weird. I can think of many current adversaries with very simple motivations I can do very little to nothing about. This assymmetry will only grow further in future, since the concentration of smarter, more vulnerable hardware will only get larger, and the delta between my and their capabilities will only grow wider.
Sorry - I was obtuse there. What I meant was, in addition to the technical unknowns that grow over time, and the predictable and visible social pressures, there are also the acute unknowns - like french revolutions and bolsheviks and "year zero" folks. Those are the unknowns who could just as easily be after anyone that advocated net neutrality, or supported Tor or spoke on behalf of anonymity as they are after obvious bozos who blatantly threaten public figures. That's why _I_ keep a firewall between my real self and my nyms - year zero types don't need a good reason, they just need fuel, period.
My only protection is that I'm not doing anything which could draw their (not meaning flatfeet or gumshoes here) attention.
Of course. Goes without saying. But I think there is actually a lot less distance (in terms of danger) between assassination politics and "just talking about Tor". Or maybe the future revolutionary just fat-fingers the database query. Either way, your name comes up.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case <case@sdf.lonestar.org> writes:
On Fri, 6 Nov 2009, StealthMonger wrote:
Please explain other ways to be practically untraceable.
[...]
Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor).
Tor is not practically untraceable. The Tor documentation itself asserts the contrary: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf In contrast, the "obfuscation" attained with a nym server is attributable precisely to the high random latency and traffic mixing of the anonymizing remailers through which the nym is operated. -- StealthMonger <StealthMonger@nym.mixmin.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFK9UJwDkU5rhlDCl4RAkthAKCzG9+lzLAzI+CFIFYaQdP9r01+2gCeJmSy cYvfqqeB96SQ5La51GM1WrQ= =5+Ix -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case <case@sdf.lonestar.org> writes:
On Fri, 6 Nov 2009, StealthMonger wrote:
Please explain other ways to be practically untraceable.
[...]
Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor).
Tor is not practically untraceable. The Tor documentation asserts: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf Use of a nym server is practically untraceable because of the high random latency and mixing with other traffic provided by the anonymizing remailers through which a nym server is controlled. -- StealthMonger <StealthMonger@nym.mixmin.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFK9197DkU5rhlDCl4RAvjsAKCd/5ZeWkQcvkW0Mdd7mlrUa867cACgp0IO Lpg9t5oGP7n9AWm0v+VQd6g= =nNjJ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Case <case@sdf.lonestar.org> writes:
On Fri, 6 Nov 2009, StealthMonger wrote:
Please explain other ways to be practically untraceable.
[...]
Never touch the account, save through Tor. So it's the same model you use with a nym-server, but whereas all of your obfuscation is after your email account, all of this obfuscation is prior to the email account (through Tor).
Tor is not practically untraceable. The Tor documentation asserts: ... for low-latency systems like Tor, end-to-end traffic correlation attacks [8, 21, 31] allow an attacker who can observe both ends of a communication to correlate packet timing and volume, quickly linking the initiator to her destination. http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf Use of a nym server is practically untraceable because of the high random latency and mixing with other traffic provided by the anonymizing remailers through which a nym server is controlled. -- StealthMonger <StealthMonger@nym.mixmin.net> -- stealthmail: Scripts to hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net Finger for key. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/> iD8DBQFK9197DkU5rhlDCl4RAvjsAKCd/5ZeWkQcvkW0Mdd7mlrUa867cACgp0IO Lpg9t5oGP7n9AWm0v+VQd6g= =nNjJ -----END PGP SIGNATURE-----
Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive. Recall repeated warnings here to never disclose in a public forum an ultimate protection scheme. Spread copious FUD, hope it sticks. Could be that is what this thread is about. It might be impossible to have anonymity and reputation outside your skull and even the brain has evolved its separate agenda to survive the body's fuck-ups. That is why mind was invented, to escape into corporeal nothingness. Can mind win over matter, hard to prove, but proof is a mind's ploy to assure victory, and triumphy serves as an intoxicating possibility. Consider like those drunk on moneygrubbing that wealth is what mind has invented to buy avoidance of pain and suffering by overloading that on the unwealthy condemned to servitude. The wealthy are condemned to try to hide their resources and insist on more privacy for them and less for others. Governments have learned that rewarding lesson: secrecy above all for it but not for the taxpayers. Yes, there are rewards for reporting to secretkeepers what is revealed here.
On Fri, 6 Nov 2009, John Young wrote:
It might be impossible to have anonymity and reputation outside your skull and even the brain has evolved its separate agenda to survive the body's fuck-ups. That is why mind was invented, to escape into corporeal nothingness.
I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...
There have been several anonymous contributors here who have developed pretty good reputations by the quality of their contributions, technical, philosophical, literary, even occasionally, fair-minded wisdom. Some have been subsquently identified -- by self-revelation or by leaks -- others remain unknown. Fortunately their contributions endure (where are the archives these days, if any?). As established here over numerous years, reputations might well be more solid if contributors are not identified, instead contributions have to stand on their own and not be colored by personally-identified reputation -- the latter highly subject to spin and fabrication, not to say plagiarism, vanity, pride and braggardy. Anonymous reputation comes close to the saw that there is no limit to what you can accomplish if you don't fret getting credit for it. To be sure, it will be hard to avoid wanting credit, so deeply embedded is that aspiration in societies based on prizes and praise, egos and salaries. Some say the greatest cause of neuroticism and pathological behavior among spies is secrecy from the public about who has accomplished what. And the agencies' piddling certificates and stars on the wall are salt in the wounds of insufficient recognition. No wonder the murders, rapes, burglaries and other high crimes of secret operatives are TS, no, not those committed against enemies, those done in-house. FWIW, the spy agencies do not act on anonymous accusations against themselves, way too dangerous, but eagerly spread those against others. So, following the lead of the best and brightest criminals in the world, it is probably a good idea to have multiple personas, some anonymous, some not. Insist that others identify themselves, and rat on those who refuse. Thus, the increase in calls for Internet IDs.
At 09:52 AM 11/6/2009, John Young wrote:
There have been several anonymous contributors here who have developed pretty good reputations by the quality of their contributions, technical, philosophical, literary, even occasionally, fair-minded wisdom.
Some have been subsquently identified -- by self-revelation or by leaks -- others remain unknown. Fortunately their contributions endure (where are the archives these days, if any?).
Where are the archives?? We thought *you* had them! With anonymous contributors, we don't know if it's one or many, and it's hard to give any reputation except to individual postings, though I suppose somebody could assert that he/she is the poster of a previous article. On the other hand, Pseudonymous contributors can acquire reputation rather more easily. Some actually show up in person - Lucky Green and Black Unicorn are notable, and "Lawrence from Boulder" once came to a meeting without anybody commenting out loud about whether he was L.Detweiler until after he'd left (it was fun watching Eric Hughes do a double-take when he realized who it had probably been.) Detweiler was an especially valuable person to have had on the lists - he raised questions about what identity is really about and how to deal with rabid trolls several years before the September That Never Ended and before spam was really widespread, and while I can't say we really came up with good enough methodology, it was a good warmup.
We have pieces of the CP archives, but little before 1994. The pre-1994 wad used to be available online. TCM used it to write the bible. So it is in somebody's heap of disks which must never be discarded. We'll archive-offer the total collection if it can be assembled, despite the few insurgents gone legit hoping their errors will vanish forever. The collection should be in a stable public institution to counter the secret holdings. 1990s cpunk-who's shows hundreds of pseudonyms. Who who.
On Nov 10, 2009, at 9:06 AM, John Young wrote:
The pre-1994 wad used to be available online.
Ryan Lackey had the cypherpunks archives on venona.com for a while. Doesn't look like it's there now. I expect if you ask nice he'll send you all of it on a DVD, John, since you have the most persistent archive of cypherpunkinalia out there. Cheers, RAH
On Tue, Nov 10, 2009 at 09:51:24AM -0400, R.A. Hettinga wrote:
Ryan Lackey had the cypherpunks archives on venona.com for a while. Doesn't look like it's there now.
I expect if you ask nice he'll send you all of it on a DVD, John, since you have the most persistent archive of cypherpunkinalia out there.
I'll be more than happy to host a mirror. Planned to resurrect cryptome.at sometime anyway. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Just like that, GH provided cypherpunks archives from Sept 1992 to the end of 1998. Appear to be from Venona. These are packaged by year, the messages chronological, in txt-format. Raw messages, no index by date, subject or author. http://cryptome.org/cpunks/cpunks-1992.zip (790KB) http://cryptome.org/cpunks/cpunks-1993.zip (7.4MB) http://cryptome.org/cpunks/cpunks-1994.zip (11.8MB) http://cryptome.org/cpunks/cpunks-1995.zip (10MB) http://cryptome.org/cpunks/cpunks-1996.zip (21.6MB) http://cryptome.org/cpunks/cpunks-1997.zip (20.7MB) http://cryptome.org/cpunks/cpunks-1998.zip (10.9MB) All: http://cryptome.org/cpunks/cpunks-92-98.zip (83MB) Some are large files, up to 60MB unzipped (1996). A cypherpunks who from October 1996 (a peak year): http://cryptome.org/cpunks/cpnkwho-102296.txt Archives of 1999-present most welcome.
John Case wrote:
I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...
I don't think so. Anonymity means having no traceable connection to an identity. Reputation requires that a series of communications be traceable back to some unique entity. This is the classic Detweiler 'nymity' argument. Reputation not tied to a meatspace identity must be tied to a persistent pseudonym. Otherwise, no reputation capital accrues. Hey, it's great to relive the classics! :) -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com
On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:
John Case wrote:
I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...
I don't think so. Anonymity means having no traceable connection to an identity. Reputation requires that a series of communications be traceable back to some unique entity. This is the classic Detweiler 'nymity' argument. Reputation not tied to a meatspace identity must be tied to a persistent pseudonym. Otherwise, no reputation capital accrues.
Hey, it's great to relive the classics! :)
And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original! [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Ted Smith wrote:
On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:
Hey, it's great to relive the classics! :)
And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original!
Second-generation? Man, do I feel old! Detweiler's rantings may not be fully accurate, but they do serve to outline the basic ideas of pseudonymity. They're worth a visit, if only for some historical perspective. http://sattlers.org/mickey/culture/humor/items/Geekish/theoryOfNymity.html As well, Tim May's Cyphernomicon has some good info about reputation capital. https://www.cypherpunks.to/faq/cyphernomicron/chapter15.html Cory Docterow calls reputation capital "Whuffie", and goes into some detail on how it might work (assuming a slightly sci-fi infrastructure in the bargain). http://en.wikipedia.org/wiki/Whuffie Even without Docterow's Whuffie meter, repcap exists today. There are quite a few nyms that I trust to be reputable, even though I've never met them in person and don't know their True Names. Welcome to the Other Plane. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com
Late reply I know. But as I like to repeat, in the credit card world there's little or no reference to meatspace per se. In the vast majority of card defaults no real-world collateral is taken: It's more often than not written off, but one's reputation is damaged for seven years. Commercial cards are the same, even more so: They are 'uncollateralized' short term loans. As the population increases and physical world collateral goes to zero, seems to me the only thing many humans will "own" is their reputation: Their physical world assets will be uninteresting or negligible. Is this the same thing as anonymity? Of course, many folks will have many reputations and will choose to burn one every now and then to cash in or take a big risk. But even now it's possible to detect when a reputation is about to blow and so any loans are quickly ramped down. -TD
Date: Sat, 7 Nov 2009 08:36:40 -0500 From: roy@rant-central.com To: teddks@gmail.com CC: cypherpunks@al-qaeda.net Subject: Re: managing and protecting nyms...
Ted Smith wrote:
On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:
Hey, it's great to relive the classics! :)
And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original!
Second-generation? Man, do I feel old!
Detweiler's rantings may not be fully accurate, but they do serve to outline the basic ideas of pseudonymity. They're worth a visit, if only for some historical perspective.
http://sattlers.org/mickey/culture/humor/items/Geekish/theoryOfNymity.html
As well, Tim May's Cyphernomicon has some good info about reputation capital.
https://www.cypherpunks.to/faq/cyphernomicron/chapter15.html
Cory Docterow calls reputation capital "Whuffie", and goes into some detail on how it might work (assuming a slightly sci-fi infrastructure in the bargain).
http://en.wikipedia.org/wiki/Whuffie
Even without Docterow's Whuffie meter, repcap exists today. There are quite a few nyms that I trust to be reputable, even though I've never met them in person and don't know their True Names.
Welcome to the Other Plane. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com
_________________________________________________________________ Windows 7: It works the way you want. Learn more. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLM... AGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2
Tyler, the truth is worse than that. The credit fraud system is an entrapment system for "we, the people" to believe what you just wrote are the reasonable limits of the universe of what is possible or lawful. http://www.rayservers.com/blog/generating-power-from-stupidity---the-harsh-t... What is to come is highly predictable. http://www.rayservers.com/blog/the-dow-gold-ratio---the-most-reliable-progno... Cheers, ---Venkat. On 11/29/09 13:02, Tyler Durden wrote:
Late reply I know. But as I like to repeat, in the credit card world there's little or no reference to meatspace per se. In the vast majority of card defaults no real-world collateral is taken: It's more often than not written off, but one's reputation is damaged for seven years. Commercial cards are the same, even more so: They are 'uncollateralized' short term loans.
As the population increases and physical world collateral goes to zero, seems to me the only thing many humans will "own" is their reputation: Their physical world assets will be uninteresting or negligible. Is this the same thing as anonymity?
Of course, many folks will have many reputations and will choose to burn one every now and then to cash in or take a big risk. But even now it's possible to detect when a reputation is about to blow and so any loans are quickly ramped down.
-TD
Date: Sat, 7 Nov 2009 08:36:40 -0500 From: roy@rant-central.com To: teddks@gmail.com CC: cypherpunks@al-qaeda.net Subject: Re: managing and protecting nyms...
Ted Smith wrote:
On Fri, 2009-11-06 at 15:59 -0500, Roy M. Silvernail wrote:
Hey, it's great to relive the classics! :) And it's great to have a front-row seat to the replay, for us second-generation cypherpunks who never saw the original! Second-generation? Man, do I feel old!
Detweiler's rantings may not be fully accurate, but they do serve to outline the basic ideas of pseudonymity. They're worth a visit, if only for some historical perspective.
http://sattlers.org/mickey/culture/humor/items/Geekish/theoryOfNymity.html
As well, Tim May's Cyphernomicon has some good info about reputation capital.
https://www.cypherpunks.to/faq/cyphernomicron/chapter15.html
Cory Docterow calls reputation capital "Whuffie", and goes into some detail on how it might work (assuming a slightly sci-fi infrastructure in the bargain).
http://en.wikipedia.org/wiki/Whuffie
Even without Docterow's Whuffie meter, repcap exists today. There are quite a few nyms that I trust to be reputable, even though I've never met them in person and don't know their True Names.
Welcome to the Other Plane. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT http://www.rant-central.com
_________________________________________________________________ Windows 7: It works the way you want. Learn more. http://www.microsoft.com/Windows/windows-7/default.aspx?ocid=PID24727::T:WLM... AGL:ON:WL:en-US:WWL_WIN_evergreen:112009v2
On Sun, 29 Nov 2009, Tyler Durden wrote:
As the population increases and physical world collateral goes to zero, seems to me the only thing many humans will "own" is their reputation: Their physical world assets will be uninteresting or negligible. Is this the same thing as anonymity?
The population may very well increase, and the true value of physical collateral may indeed go to zero (how much is that big circa-2006 flat panel and that big luxury SUV wih a chevy truck under the body pieces actually worth ?) But that does not mean that the average reputation will be worth anything, or that physical goods (of substance) are worthless. It just means that a lot of people are poor.
Of course, many folks will have many reputations and will choose to burn one every now and then to cash in or take a big risk. But even now it's possible to detect when a reputation is about to blow and so any loans are quickly ramped down.
Or a no-knock raid is quickly ramped up. A reputation can be "about to blow" in all kinds of ways.
John Case wrote:
I suspect there is a Zookos-Triangle-like constraint on having anonymity and reputation simultaneously. Which is to suggest that I think it is possible, but that there will be some kind of limiting or inconveniencing factor...
A good Nym has a life of its own, and the reputation is attached to THAT life - almost impossible to transfer unless you are willing to compromise the Nym by linking it to somewhere else. No reason why the Nym-identity can't build a good reputation though, and I know of several that have done so.
John Young wrote:
Cypherpunks should be the last place to disclose a protection methodology except, perhaps, only perhaps, as a ploy to deceive.
Isn't that the procedural equivalent though of saying "you should always keep your cryptographic algorithm secret and only disclose an algorithm as a ploy to deceive"? Any good methodology, be it technological, cryptographic, or procedural, consists of elements which *must* be kept secret (the fewer the better), and elements which need not be. Disclosing the latter makes it easier to get peer review, encourages other people to use the same methodologies (which at worst increases the value of a break to an attacker, and at best allows the original poster's traffic to be "lost in the noise" amongst a larger amount of similar) and allows other people to build on that base and present different (and potentially better) methods. as Schneier has said repeatedly, any idiot can design something he can't figure how to break himself. Getting peer review of anything you might end up betting your life on, has to be worth its cost.
Peer review is necessary to assure blunders are not overlooked. However, there has been no demonstration that peer review is all that is needed for the superior protection. This is not an argument for obscurity, only a caution that peer review is not necessary sufficient. Peers miss stuff too, as amply demonstrated by holes and bad implementation later discovered. Betting you life on peer review, or open disclosure is probably not very smart. Instead, expect some shrewd peer(s) to see something that will serve a private purpose by keeping quiet. Competiton, betrayal, disinfo, venality, play a role as well as search for truth through open discourse. Comsec is a swamp, quicksand, punji trap, and comsec experts are never trustworthy about each other or about systems. The open source methodology, call it snakeoil, works well for the inexpert to gain a limited education, but behind that stage the usual shit goes on. Keeping quiet about crypto cracks, holes, trojans, backdoors, is extremely rewarding. Concealing deep faults with shallow ones is SOP. Note that wide crypto use has become a stimulus to intercept, store forever (NSA policy), crack when possible and to continue trying to crack indefinitely (NSA policy), with successful deep cracks seldom revealed. "NSA policy" is that of deeply embedded contractors and researchers as well. Publicly-availalbe encryption and other currently usable comsec protection are satisfactory for ordinary communications but not for more than that if you are up to extraordinary renditions, say, making a bundle peddling natsec-grade counter-threat assurances. Yep, natsec-grade is what the telecoms and like critical infrastructure dealers claim they are providing. Nothing pays better.
--- On Sun, 11/8/09, John Young <jya@pipeline.com> wrote:
From: John Young <jya@pipeline.com> Subject: Re: managing and protecting nyms... To: cypherpunks@al-qaeda.net Date: Sunday, November 8, 2009, 11:01 PM Peer review is necessary to assure blunders are not overlooked. However, there has been no demonstration that peer review is all that is needed for the superior protection. This is not an argument for obscurity, only a caution that peer review is not necessary sufficient. Peers miss stuff too, as amply demonstrated by holes and bad implementation later discovered.
Since it is discovered later, isn't that called peer review? Sarad.
Sarad: <Since it is discovered later, isn't that called peer review? Indeed it is "peer reviewed," just delayed to an unpredictable future, and still not clear just when the fault was discovered nor why it was revealed -- as a helpful contribution, a ploy, a deceit, or a lure. Peer review is an unending process, and beyond that is prolonged usage of a system under a slew of conditions and challenges. It is hard to believe that all cracks and weaknesses are publicly reported when there are such great rewards for keeping them quiet and letting believers continue in ignorance. Cracks unfold not always at once, some are faked, some are the result of a deliberate weaknesses inserted into code to create a malodor of suspicion. Nothing unusual about any of those. Comsec is nothing if not obfuscation about capabilities. Jim <jim@indomitus.net> <Thanks, John, for a trip inside the mind of a maniac. Secure crypto believers get riled by unlocking their protective cage. No question these issues have been examined here and elsewhere in the past and present, but nothing better than to see updates which don't get dismissed because "this has all been covered before, so shut the fuck up."
--- On Mon, 11/9/09, John Young <jya@pipeline.com> wrote:
From: John Young <jya@pipeline.com> Subject: Re: managing and protecting nyms... To: cypherpunks@al-qaeda.net Date: Monday, November 9, 2009, 5:11 AM Sarad:
<Since it is discovered later, isn't that called peer review?
Indeed it is "peer reviewed," just delayed to an unpredictable future, and still not clear just when the fault was discovered nor why it was revealed -- as a helpful contribution, a ploy, a deceit, or a lure.
Peer review is an unending process, and beyond that is prolonged usage of a system under a slew of conditions and challenges. It is hard to believe that all cracks and weaknesses are publicly reported when there are such great rewards for keeping them quiet and letting believers continue in ignorance.
Cracks unfold not always at once, some are faked, some are the result of a deliberate weaknesses inserted into code to create a malodor of suspicion. Nothing unusual about any of those. Comsec is nothing if not obfuscation about capabilities.
Thank you for pointing out some of the pitfalls with peer review. Sarad.
The cost of breaking even bad crypto can be quite high. If you just take, for example, DES, and change all S boxes to different random values, then provide these values as pre-arranged secret key to the other party, and use them only with this single correspondent, and keep your algorithm secret, while using a single 1-character key "a" through "5" depending on the day of month, how long do you think it will take someone to break the cipher and how much would it cost? First they have to get enough text for correlation and differential attacks. Then they are starting with quite long 2K-bit S boxes that need to be inferred. It would take a brilliant analyst more then few days to break this. Few days of a brilliant analyst at Ft. Mead are very expensive, when you include all the overhead. Say $0.1-0.5M. Compare this cost to the cost of breaking a massively used crypto algorithm with a backdoor.
Isn't that the procedural equivalent though of saying "you should always keep your cryptographic algorithm secret and only disclose an algorithm as a ploy to deceive"?
On Mon, 9 Nov 2009, Morlock Elloi wrote:
The cost of breaking even bad crypto can be quite high.
If you just take, for example, DES, and change all S boxes to different random values, then provide these values as pre-arranged secret key to the other party, and use them only with this single correspondent, and keep your algorithm secret, while using a single 1-character key "a" through "5" depending on the day of month, how long do you think it will take someone to break the cipher and how much would it cost?
First they have to get enough text for correlation and differential attacks. Then they are starting with quite long 2K-bit S boxes that need to be inferred. It would take a brilliant analyst more then few days to break this. Few days of a brilliant analyst at Ft. Mead are very expensive, when you include all the overhead. Say $0.1-0.5M.
Compare this cost to the cost of breaking a massively used crypto algorithm with a backdoor.
All well and good, but who among us is running a straight "a.out" compilation of _only_ DES (or AES or whatever) such that our threat model is simply the validity of the pure algorithm ? I sure am not. Whether it be SSH or SSL or duplicity or Tor, we're all using cryptosystems that most certainly receive far too much credit simply by virtue of being "open source". Open source is only useful if _you_ open it - and maybe not even then. Youngs point is, what do you know about who is writing or reading or proofing it ? Open source should indeed be a requirement - nobody here would argue against it. But it's never an assurance - especially not with a big project like OpenSSH and so on ...
On Mon, Nov 09, 2009 at 06:58:51PM +0000, John Case wrote:
All well and good, but who among us is running a straight "a.out" compilation of _only_ DES (or AES or whatever) such that our threat model is simply the validity of the pure algorithm ?
I sure am not. Whether it be SSH or SSL or duplicity or Tor, we're all using cryptosystems that most certainly receive far too much credit simply by virtue of being "open source".
Open source is only useful if _you_ open it - and maybe not even then. Youngs point is, what do you know about who is writing or reading or proofing it ?
Open source should indeed be a requirement - nobody here would argue against it. But it's never an assurance - especially not with a big project like OpenSSH and so on ...
When figuring out things, you'll typically take the path of least resistance. So you typically don't have to deal with breaking the cryptosystem. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
On Sun, Nov 08, 2009 at 04:22:06PM +0000, Dave Howe wrote:
as Schneier has said repeatedly, any idiot can design something he can't figure how to break himself. Getting peer review of anything you might end up betting your life on, has to be worth its cost.
Disclosing that your security involves tripwires or passive infrared wired to a flamethrower is potentially sensitive information which can result in considerably different approaches if that information would not be available. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
On Fri, Nov 06, 2009 at 06:51:36AM +0000, John Case wrote:
My threat model is an unknown future adversary with unpredictable motivations.
Weird. I can think of many current adversaries with very simple motivations I can do very little to nothing about. This assymmetry will only grow further in future, since the concentration of smarter, more vulnerable hardware will only get larger, and the delta between my and their capabilities will only grow wider. My only protection is that I'm not doing anything which could draw their (not meaning flatfeet or gumshoes here) attention.
I imagine it's like that weird random sand-walking the Fremen do. It becomes second nature after a while. Wait, was that nym-leakage ?
Here's hoping you'll never have to find out. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
At 03:05 PM 11/5/2009, John Case wrote:
What do _you_ do to sanitize/de-correlate your nyms ?
Heh. There's so much subversive low-quality crap out there from that Bill Stewart person that there's no chance of cleaning up my act; better to stay employed at $TPC so I don't have to explain to a new employer about why my mis-spent middle age should be viewed as an asset and not a liability :-) As it is, I've got a couple of sources of privacy - Googling "Bill Stewart" gets you half a million hits, mostly for a jazz drummer. If you've heard me drumming, you know that's not me :-) - I've changed ISPs or email addresses every decade or two, plus some people decorrelate when some addresses have a . in the name and some don't. At one point Eric Hughes or Tim May suggested that what you need to do to protect your reputation on line (whether you're using a pseudonym or Ostensibly True Name) is to have some kind of service constantly slandering you, so any real accusations just get lost in the noise. Of course, all of the Too Many Erics in the Eric Conspiracy were really just pseudonyms, tentacles of Tim May with actors playing the part when a physical body was needed, and it's well known that Tim's father was a hamster and his mother smelled of elderberries. Other than that, it's hard enough to keep all my Yahoo/Flickr/Google/YouTube accounts decorrelated, since they keep buying each other and trying to squish your separate identities together. And occasionally even those efforts run into problems - my zip code is 90210 for almost anybody who doesn't need to know my actual zip code, and various vendors start telling me about the specials they're running at their store in Beverly Hills or events in Greater LA. Bill
participants (14)
-
Bill Stewart -
Dave Howe -
Eugen Leitl -
John Case -
John Young -
Morlock Elloi -
R.A. Hettinga -
Rayservers -
Roy M. Silvernail -
Sarad AV -
Shawn K. Quinn -
StealthMonger -
Ted Smith -
Tyler Durden