Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 11 12 [13] 14 15 ... 249
181
Security / Re: Disabling images as a reasonable security precaution
« on: September 05, 2013, 11:10 am »
you can disable the ability for websites to set a font as well. Doing these things protects you from various hacking attempts, but it does make your sessions very linkable as well. Probably close to 0% of Tor users disable loading images, so if you are the only person to do it don't be surprised when every single thing you do can be linked to a single entity. But you do protect yourself from image based exploits, or javascript based exploits, or font based exploits, etc. I think javascript being disabled is a no brainer, enough people do it that you will not really stick out horribly bad and it substantially protects you from hackers. On the other hand, it is less cut and dry with disabling images or fonts, because in this case you really will stick out like a sore thumb. If you are only using Tor to visit SR then it is probably best to disable images though, no need to have more attack surface than required and if you only go to one website and are always logged in when visiting it you don't need to worry about linkability between sessions because you are inherently linkable between sessions anyway.

182
Off topic / Re: If the coalition wins they will sensor the internet
« on: September 05, 2013, 11:04 am »
pretty sure the internet in Australia is already censored

183
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 10:23 am »
Quote from: isallmememe on September 05, 2013, 09:46 am
Quote from: kmfkewm on September 05, 2013, 05:55 am
Essentially Bob acts as the filter between Alice and his other friends. Bob's friends have whitelisted Bob already, and Bob can rebroadcast Alice's public marked messages to them if he so chooses to. If Alice is posting some dumb shit or spam, not only will Bob remove her from his whitelist but he will never rebroadcast her messages. And if he does rebroadcast her spam, the friends he rebroadcasts it to are going to remove him from their Whitelists. And it can keep going outward as well, because Bob's friends can then introduce Alice to their other friends after learning about her via Bob. So it is like a massive group managed whitelist, you can only GET messages from people who you whitelist, but they can send you messages from people you have not whitelisted if they choose to do so and the messages are marked public.

yeah that's called facebook. we got that already.

Facebook users friends point them to relevant messages made by arbitrary posters, allowing high quality posts to propagate through the entire community, and high quality posters to expand their social networks, while spam is filtered by users and spammers are cut out by whitelists? I didn't realize that.

184
Off topic / Re: Best way to cap molly?
« on: September 05, 2013, 09:40 am »
with a sniper rifle

185
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 08:49 am »
Sorry for so many posts in a row, but just one more thing to point out if it is not clear:

Whitelisted people can point you to posts to download, but you can still download posts made by people who you have not whitelisted, provided a whitelisted person points you to the post. People who are not whitelisted cannot point you to posts, and this means the only way you can see their posts is if somebody you have whitelisted points you to them. But after you are pointed to the post of someone you have not whitelisted and you obtain it, you can whitelist that person directly from the post by clicking a button. If they also whitelist you, then you can point each other to messages, and easily communicate with each other. If somebody points you to spam, you can just remove them from your whitelist.

186
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 08:32 am »
Also, Bob doesn't even need to rebroadcast Alice's public message for his friends to get it, he just needs to share the key for it as well as point them to it. As long as the messages in the PIR-like cache do not get wiped extremely quickly as new messages come in, this will require much less bandwidth. Since Alice's 50 KB message is already encrypted and stored/indexed by the PIR-like servers, Bob can just send to his friends the index tag that points to Alice's message, as well as the encrypted symmetric key to decrypt it.

Here is the rough idea right now:

Alice makes a public message for Bob. This is broken into two parts, the metadata and the actual payload.

Metadata:

A. An Emphemeral ECDH Key
B. A shared secret contact tag
C. The symmetric key that decrypts the payload
D. The tag that the payload is indexed by

Payload:

The payload is the actual encrypted message, it is indexed by the index tag included in the metadata (so that is the keyword people search for to get it).

A. Suggested title
B. Private/public
C. Introduce/hide
D. Message, signed
E. Senders contact details (if message is public or introduce is set)
F. Information allowing the people who obtain the message to determine which of their other contacts have been pointed to the message

First Bob engages in the keyword based PIR like system (whatever that ends up being, PSS and OWI both are options right now, EKS actually isn't as it allows the storage server to see the document returned just not the keyword searched for or the plaintext of the returned document) searching for any metadata packets that are tagged with the shared contact tag between him and any of his contacts. This allows Bob to obtain all metadata packets for all messages anybody points him to. We need to take care to protect from traffic analysis during this process, but because of the PIR-like system no third party or the server itself can tell which metadata packets Bob searched for or obtained.

Next Bob uses the included ECDH ephemeral public key and his private ECDH key to derive a shared secret.  He uses this shared secret to decrypt the index tag of the message he is pointed to as well as the key used to decrypt it.

Next Bob engages in the PIR-like protocol again in order to obtain the payload data (now that he knows the tag it is indexed under). Again, the server cannot tell the tag of the message he searches for or the message returned, but we need to take care to protect from traffic analysis.

Next Bob uses the key from the metadata packet to decrypt the message. He then checks who the message is from (he knows Alice pointed him to it, but not if she wrote it). If the message is from one of his contacts, then he verifies this by signature verification. Bob's client then uses the metadata from the message to ask him some questions. Perhaps it compares the suggested title of the message (that Alice picked) to content Bob already has in his local cache, and asks him if he would like to *perceptually* merge this post into an existing thread or keep it independent. Since the message is talking about the effect of a certain drug, and because Bob is already engaging in a coversation about this drug in another thread with twenty of his friends, the software suggests that Bob *perceptually* merges this new post with his current thread, and he does so.

Now at this point if Bob replies to Alice's post in the thread, only Alice will see the message (since Alice wrote the message it in addition to pointing Bob to it). But since the message is marked public, and since Bob likes the content of the message, he decides to *socially* merge it into the thread in such a way that all participants can see it. He does this by making metadata packets for each of his twenty friends as follows:

A. An Emphemeral ECDH Key

B. A shared secret contact tag between Bob and one of the twenty posters in the thread

C. The symmetric key that decrypts Alice's message, which is itself encrypted with the shared secret derived by Bob's ephemeral public key and his contacts private ECDH key

D. The tag that Alice's message is indexed by.

He also does the same thing for each of the other public posts in the thread for Alice, so she can see the previous posts as well. Now Bob's contacts engage in the PIR-like protocol and obtain the metadata packets that Bob pointed them to. At this point they download and decrypt Alice's message, but since they don't know who Alice is they cannot verify her signature. At this point they can select to whitelist Alice, which entails loading the contact information her message has included in it. This allows them to generate shared secret contact tags between them and Alice, so they can tag messages for Alice. Since Alice also is introduced to them, she also gets their contact information, which allows her to generate the shared contact strings for them as well. If they whitelist each other they now have a dynamic (per message), secret contact string that they can use to point each other to metadata that itself points to message content. 

Keep in mind that this is a rough protocol, but something like this is what I am picturing. We are just now starting on the PIR-like part of the system as we just finished forward anonymity and wrapping all the crypto and networking and database , etc, stuff up.

187
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 06:06 am »
Quote from: astor on September 05, 2013, 05:02 am
Quote from: kmfkewm on September 05, 2013, 04:21 am
Right now a few people are working on coding a system like this with me. I think we should go public with the code that is already done and show it to people here, and invite people like Astor, SS, ECC_ROT13 etc to participate and audit what is done. We still have unanswered questions, we still have parts to code. Would anybody be interested in seeing the code that is done so far and helping contribute to the project in an organized fashion? What we are working on is not illegal and is not being built for illegal communities, it is merely software for use by those who like the features. But I personally see nothing wrong with including people from this forum, although some others working on it may be hesitant for it to have any apparent connection to illegal activity (because why make something that is not illegal linked to criminals). Unfortunately I already kind of fucked that up by being involved with it and having the original idea for it :P.

Fuckin A, absolutely! Could we invite other people over time, like get a few invites per week, to see how the system scales?

Oh well, I guess we'll worry about that later.

BTW, is this the system that could evolve into a market with bitcoin/zerocoin integration?

Well what would happen is we would setup a github page or a website for it and just make the code public as it is evolving, but point people here to it so they can look at what is done and contribute if they want to. Pretty sure this is going to happen pretty soon I just need to talk with some others, maybe in a bit over a week I will post a link to the project.

Also, yes a market could easily be built on top of this. After we have forward anonymity (via mixing) and receive anonymity (via PIR) and the encryption and networking etc all wrapped up, we can use this infrastructure for anything. It doesn't need to be specific to a forum, it could be used for file sharing of small files, for E-mail like messaging, for a market, whatever. In this way it will be more similar to Freenet and even I2P, where there is the foundational software (mixes, PIR, etc) but then the other systems that are built on top of it (forum, e-mail, market). And the systems built on top of it will all be so similar that they can really be a single program, or at least be managed from a single GUI. 

188
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 05:55 am »
Essentially Bob acts as the filter between Alice and his other friends. Bob's friends have whitelisted Bob already, and Bob can rebroadcast Alice's public marked messages to them if he so chooses to. If Alice is posting some dumb shit or spam, not only will Bob remove her from his whitelist but he will never rebroadcast her messages. And if he does rebroadcast her spam, the friends he rebroadcasts it to are going to remove him from their Whitelists. And it can keep going outward as well, because Bob's friends can then introduce Alice to their other friends after learning about her via Bob. So it is like a massive group managed whitelist, you can only GET messages from people who you whitelist, but they can send you messages from people you have not whitelisted if they choose to do so and the messages are marked public.

189
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 05:43 am »
Quote
I think that mixing private and group messages too closely in any interface is dangerous, via user mistakes if nothing else.   

Well, the software would prevent a user from rebroadcasting a private message to unauthorized users. And if users want to circumvent the software in order to do so, well, we cannot prevent leaks.

Quote
While behind the scenes, they're probably the same thing at a storage/transport level, they probably should be treated as separate from a user experience.  I assume they'll be encrypted differently.

The encryption is the same for either.

Quote
If Carol sends Alice a private message, it should be encrypted so only Alice can read it.

Indeed, it will be. But I take the concept of private messaging to mean more than one on one. Carol can send a private message for Alice and Bob to read and respond to. In such a case it will be encrypted for both of them.

Quote
If she wants to send it on to Bob, she should RE-send the decrypted text, possibly with commentary, encrypted so only Bob can see it.  At that point, if Alice has betrayed Carol's trust, that's on Alice.  And since she's only sending Carol's alleged text, Carol has full repudiation, "Alice made that shit up.  Bob, I don't know what she's talking about.".   Private messages shouldn't ever thread with group messages. 

Right now we are not planning to include deniable signatures, although I suppose that isn't a bad idea. Currently all messages are signed with a private key and impossible for the author to deny having written. This is also how identity is managed, a user essentially is their private ECC key. The threading is entirely up to the user. A user could have one giant thread consisting of all private and public messages if they wanted to, although it wouldn't be very well organized I imagine. The organization of the messages is entirely up to the user, with support from the software. It is up to the user to organize the information into their own perception of a forum, however the software should help them not shoot themselves or others in the foot.

Quote
If you want to win the UI contest, maybe you insert a red placeholder (like a comment bubble) at that point in the group thread for context, but I think the bubble takes you obviously to PrivateMessageLand.  And the private message content shouldn't be quotable to group via GUI.   Make them paste it in if they want to quote private messages into group discussion.

Yes, certainly. The issue I am thinking of is this: Alice wants to talk about a subject and she doesn't really care who reads what she has to say. Similar to how people posting here obviously don't care who reads what they say here. But Alice only has five contacts on her buddy list. So she can send them each her message, but that is the extent to which her message propagates. The idea I had is that Alice can mark the message as public, in which case her five contacts can choose to propagate her message to their contacts as well, and to introduce their contacts to Alice via the message. So Alice writes a message and marks it as public, the message is sent to her only contact Bob. The message is about the effects of a certain drug, and Bob happens to be having a conversation about this very same topic with twenty of his other friends. So Bob adds the message from Alice to this thread. Now nobody else Bob is talking with can see the post from Alice or any responses Bob makes to it, even though to Bobs perception they are part of the same thread. But since Alice marked the message as public, Bob decides that it is a good idea to make the other people he is talking about the subject with aware of Alice's post, so they can see the information Alice has to contribute. So Bob presses a button and it merges Alices post into his original conversation with the twenty others, when this happen Bob rebroadcasts Alice's message and contact information to his twenty other friends. He also rebroadcasts the previous messages and contact information in the thread from his other twenty friends to Alice, provided that their messages are marked public as well. Now Bob's peers see the new message from Alice rebroadcast from Bob, and if they like the content of the message they can click a button to whitelist Alice so they can see future posts from her on this or other subjects. The same happens with Alice, she sees the posts from the others and can whitelist them as well. Now all of them can continue to talk with each other about the subject at hand, and also Alice has added new people to her contact list and Bobs friends have all added Alice to their contact list. But let's say one of Bob's friends said something he only wanted the original 20 people (including Bob) to be able to read. So he marked his message private. In this case, Bob does not rebroadcast this specific message to Alice, and if it is the only message from that poster in the thread, alice is never introduced to him, although he is introduced to Alice as her post was public. But as whitelisting needs to be 1:1 this means neither of them will be able to carry out a conversation with each other or see each others posts in the thread, which is not totally ideal as maybe Bob's friend wants to be introduced to Alice but doesn't want her to see the message he marked as private. So perhaps two settings would be the best option, public/private for posts and introduce/hide for the thread in general (public = share this post with your friends, private = this post is just for you, introduce = tell others I am in this thread and help us communicate with each other, hide = don't tell anyone I am in this thread). But the actual thread itself is actually the composite of several base threads. So we could call one a Weave and the other a Thread.

190
Off topic / Re: The final one and only debate about CP thread, to avoid cluttering all others
« on: September 05, 2013, 05:10 am »
Wow times sure have changed in the UK huh? Up to 2003 some of your newspapers with national distribution regularly featured pictures of naked 16 year olds on page 3! https://en.wikipedia.org/wiki/Page_3

Quote
Before 2003, British tabloids could legally feature 16- and 17-year-old girls as topless models. Samantha Fox, Maria Whittaker, Debee Ashby, and others began their topless modelling careers in the Sun when they were 16, while the Daily Sport was even known to count down the days until it could feature a girl topless on her 16th birthday, as it did with Linsey Dawn McKenzie in 1994. In 2003, the Sexual Offences Act 2003 raised the minimum legal age for topless modelling to 18.

So, 2003 count down to when you can see pictures of 16 year old girls flashing on page 3 of your newspaper, 2013 castrate and shoot the men who want to look at pictures of naked 16 year olds. WTF happened over those ten years?!

191
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 04:21 am »
Quote
It's not a perfect world, and the weirdest part is that everyone would have to get used to NOT making the assumption that everyone can see every message in a thread.    But, completely without ANY central administration of any sort, it's pretty damned close.    Obviously, you'd probably want more granularity than -10 to +10 in a real system, but it's very doable.

Ideally the concept of a thread would be some loose and dynamic thing decided by individual posters. For example, I send a message to fifty of my friends talking about a certain topic. Later I get a message from someone else talking about the same subject with 50 other people. To aide in my own organization of information, I merge the two threads together into one, but a response to a message from one thread only goes to the people who started participating in that thread to begin with. The different posts could be color coded based on which base thread they are a part of, although if somebody is part of both it would be problematic. We could have a color that represents a person who is part of every base thread, but then it is still problematic if there are three base threads and a person is only part of two of them. What if we want to merge the thread into a single base thread where everybody can see the entire discussion? How would that be managed? We probably shouldn't let Alice decide that Bob should see a message Carol sent her, even if Alice and Bob and Alice and Carol are talking about a similar topic. Maybe Carol can mark her posts as 'open' or 'private' and an open post could be merged by Alice into a conversation with Bob and all of the history of the thread becomes available to all participants. But a private message is marked as something that someone only wants viewable by the people they selected to view it, ever. Or maybe there can be some other system that decides this.

These details are largely not to do with the underlying cryptography of the system. A lot of them are GUI problems (how do we represent the interweaved threads? color coded posts?). A lot of them are organizational problems. Most of them are higher level issues that don't need to be worried about a whole lot until we have the fundamental cryptographic components taken care of. But they are still important and substantially unanswered problems.

Right now a few people are working on coding a system like this with me. I think we should go public with the code that is already done and show it to people here, and invite people like Astor, SS, ECC_ROT13 etc to participate and audit what is done. We still have unanswered questions, we still have parts to code. Would anybody be interested in seeing the code that is done so far and helping contribute to the project in an organized fashion? What we are working on is not illegal and is not being built for illegal communities, it is merely software for use by those who like the features. But I personally see nothing wrong with including people from this forum, although some others working on it may be hesitant for it to have any apparent connection to illegal activity (because why make something that is not illegal linked to criminals). Unfortunately I already kind of fucked that up by being involved with it and having the original idea for it :P.

192
Security / Re: Interesting research
« on: September 05, 2013, 01:05 am »
But there are two sorts of attack to keep in mind. Take PIR for example. PIR allows a client to download an item from a server without the server or any third party being able to determine the item obtained. At face value this means receive anonymity is automatically perfect with PIR. But these systems are still weak to traffic analysis. Let's say that the network consists of 100 people. One day Alice sends Bob 500 messages. Alice can watch the entire network externally. She notes that only one node obtained 500 messages for a given cycle, all other nodes obtained 1 or less messages. Now Alice cannot break the PIR to determine who Bob is, and even the server doesn't know who downloaded the messages sent to Bob. But due to the fact that only one node downloaded 500 messages, Alice can have a pretty damn good idea of who Bob is. So even though the PIR protects from some attacks (hell I don't even know what to call this class of attacks? cryptographic attacks?) it doesn't inherently protect from traffic analysis. But using PIR-like systems as a base allows us to focus on the remaining traffic analysis issues. Some of them are probably impossible to solve with pseudonymity. DC-nets are information theoretical perfect anonymity but even they can be broken by long term intersection attacks if the users are pseudonymous and the ideal conditions are not maintained indefinitely.

193
Security / Re: Interesting research
« on: September 05, 2013, 12:57 am »
Quote from: ECC_ROT13 on September 04, 2013, 05:52 pm
Quote from: kmfkewm on September 04, 2013, 07:44 am
This attack still applies to hidden services. Connections to hidden services are not magically protected from timing correlation attacks.
No,  but I imagine you'd have to deanonymize them first before you had something to correlate to.

Quote
The writing is on the wall for VPN's, Tor , I2P and Proxies of all sorts. They are all dying technologies at best and dead at worst.
In terms of them providing any level of effective anonymity against a determined nation-state adversary?  Yeah, they're dead or dying.  And it's not fixable through a new setting or obsfuscation method.     

Tomorrow's anonymous network is going to have to look a lot more like Freenet.   Your request slowly moves its way from node to node until the content slowly works its way back to you.  Hopefully mixed in with everyone else's requests and content.   Traffic analysis is more difficult because it's both high-latency, and because nodes are actually caching content. 

What do you give up in that scenario?  Immediate gratification, I guess.  You will wait longer for content delivery.  But most things (marketplaces, message-based communities, email gateways) are perfectly doable.   You give up things requiring true dynamic content on the fly, but the upside is that you get a very multicast-like benefit to content distribution.

The biggest upside is that you actually get anonymity. In some cases it can be partially computationally based anonymity as well instead of probabilistic route selection based anonymity. So more like encryption than Tor. You are anonymous until the attacker solves this hard marth problem, instead of you are anonymous until the attacker watches these two locations. The reason Tor, VPN, Proxy and I2P are dead/dying is because it turns out that it actually isn't that hard for an attacker to watch two arbitrary locations, and some attackers like NSA solve the problem by watching all locations.

194
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 12:22 am »
Quote from: astor on September 04, 2013, 02:08 pm
Nobody is allowed to shout nonsense on my lawn. I have every right to censor them by kicking them off my property. Censorship is compatible with anti-statism, because it is subjugated by property rights. There are also perfectly legitimate laws that censor speech, particularly when it causes direct harm, such as yelling fire in a crowded theater and causing a stampede that causes physical injury to people, or libeling someone and destroying their life through false accusations. Yes, there many good reasons to censor, and the free speech absolutists have an childish understanding of free speech and censorship.

I am not a free speech absolutist, I think that you have the right to tell people not to scream stuff on your lawn. I think in the cyber environment though that it is better if we allow people to remove their own perception of people screaming on their lawn. It is more like someone is screaming on your lawn, but you and everybody else can block out all perceptions of them. So if you don't want them screaming on your lawn, you press a magic button and they vanish from your own perception without a trace, but other people can decide for themselves if they want to hear and see the screaming on your lawn or not. In the cyber environment we can give much more fine grained control to people and I think this is superior. I don't imagine a single forum with leaders and such, I imagine a shared forum-space where every user is the leader of their own perception.

195
Security / Re: Dissent: accountable anonymous group communication
« on: September 05, 2013, 12:19 am »
Quote from: astor on September 04, 2013, 01:53 pm
Quote from: kmfkewm on September 04, 2013, 12:11 pm
I agree the only person that should censor what you see is yourself.

Censorship is not antithetical to libertaraniasm or any other form of minarchism or anarchism, only to one brand of brainwashed American Libertarianism. I never once mentioned the government. Censorship can and should be applied by the person who owns the property. If I ran a forum, I would moderate it, and it would be a far healthier place than a forum run by anyone here who advocates no censorship at all (even though in practice there's all kinds of shit they would censor). Here it's spam, scams and doxing, but they let trolls ruin the place to some extent.

BTW, Tor relays are allowed to set their own exit policies. That's censorship! If anyone here hates censorship that much, they should get off Tor now, because it is a platform that allows censorship. In fact, you can set ExitPolicy reject *:*, so you don't have to allow anyone to access clearnet sites from your relay. The relay is your personal property, and I and the Tor developers advocate the right to do what you want with it, and not to subjugate yourself and your property to whatever other people want to shout on it.

Right now we are experiencing the fantastic merits of no censorship, because the Tor network is being crippled by a botnet that we can't stop. That is 2 million voices shouting without moderation. Fuck that noise. We must censor that botnet to keep the Tor network alive.

Well, censorship can be seen in two ways. If you have private property I agree you should be able to restrict what people do on it. SR can ban CP etc it is morally fine in my opinion they own the server. So I am fine with censorship in such cases. The censorship I am against is when a government tells people what they can or cannot say on their own property. And I think the best solution is volunteer community property that allows anyone to talk and say what they want, but nobody has to listen.

Astor why would your forum be healthier? Why do you even want to run a centralized forum? Wouldn't it be better if everybody networks with who they want to, and the only forum is the way the threads are organized by the individual user? You seem to advocate for a hierarchical system where some designated person is in charge of what can be said, I am advocating for a non-hierarchical system where every individual is in charge of what they see. I could outsource this to you and you censor spam, or I could just not select to listen to people who spam.

Pages: 1 ... 11 12 [13] 14 15 ... 249