...this project is less than a week old and consists of some theories bandied about by a developer and he's friend (who is providing the crypto knowledge).

Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.

PS: That said, I wish them luck. :)


What kind of Flame Warrior are you? [ Reply to This | Parent ]

Re:Don't Want To Be A Spoilsport But... (Score:4, Insightful) by phil reed (phillipcreed@yahoo.com) on Monday July 10, @10:34AM EDT (User Info) What better way to attract attention and get some serious development effort aimed at it? For those of us who don't want solutions handed to us on a silver platter, this is the best time to get involved. ...phil "For a list of the ways which technology has failed to improve our quality of life, press 3."

[ Reply to This | Parent ]

Re:Don't Want To Be A Spoilsport But... (Score:3, Insightful) by PD (pdrap@startrekmail.com) on Monday July 10, @10:41AM EDT (User Info) http://slashdot.org I'm going to paraphrase the movie about Larry Flynt's life starring Woody Harrelson here. He said that he was a scumbag, the lowest of the lowlifes, and if the law protected his right to say what he wanted to say, then you be certain that the law would also protect fine upstanding citizens like ourselves. Well, we're not really willing to simply *trust* that the law will protect us. We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored.

[ Reply to This | Parent ]

Re:Don't Want To Be A Spoilsport But... (Score:3, Insightful) by bmetzler (email@bmetzler.org) on Monday July 10, @10:54AM EDT (User Info) http://www.geeky.org We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored. Gun control laws prevent law-abiding citizens from owning guns. Not scumbags. So, even though scumbags will always be assured of having guns, upstanding citizens will not. I guess that theory is wrong. -Brent -- Are you a geek?

[ Reply to This | Parent ]

• 4 replies beneath your current threshold.

Re:Don't Want To Be A Spoilsport But... (Score:3, Interesting) by PD (pdrap@startrekmail.com) on Monday July 10, @11:03AM EDT (User Info) http://slashdot.org I don't think anyone can define what a scumbag is. It's more difficult than some people think. It's just as difficult as defining pornography. There's some people that know it when they see it. Funnily enough, to those people, nipples and clitorae are pornographic. To me, when I see guns, violence, and Microsoft Windows, those things look like pornography. Without defining what a scumbag is, you cannot hope to censor them. If you misdefine what a scumbag is, then you'll certainly censor a person who doesn't deserve it. The only solution is to allow all people to transmit, without censorship. We don't live in a safe society. The world is dangerous. Boo Hoo! All in all, I'd rather use my intellect to avoid or combat messages that I don't like. Every other animal has to use their feet to avoid a wolf's teeth that they don't like. What chance do the sheep have of ever "censoring" the actions of the wolves? None at all. The choice is clear: We can act like humans, using our brains to fight ideas we disagree with in an absolutely free forum, or we can act like animals and hope the wolf doesn't like the taste of woolly fleece.

[ Reply to This | Parent ]

• 2 replies beneath your current threshold.
• 2 replies beneath your current threshold.

Re:Don't Want To Be A Spoilsport But... (Score:3, Insightful) by Harri on Monday July 10, @10:55AM EDT (User Info) Do we really need a way for people to pass around child pornography without having a way to find out who they are (so we can stop them)? In a word: Yes. We do. For the simple reason that there _is no way_ for any of us to exert our simple right to anonymity without having a way to pass round child porn too. This is one of those circumstances where people will have to choose between a greater evil and a lesser evil. At risk of making myself very unpopular, I would suggest the evils that can come from denial of freedom of speech could be an awful lot worse than the evils coming from the hampering of one of the ways the police use to track down a class of particularly unpleasant criminals. Put it this way: would you like every tiny piece of data about yourself in big government database, even though this would clearly help to catch many criminals, probably including some child pornographers? Supposing you didn't mind this. Now would you make it compulsory for _everyone_ to be in this database? That's what you're asking. Supposing the goverment could identify the profile of a child pornographer with 90% accuracy from this data. So they imprison all the people with these characteristics. This is another way the government could reduce child porn, but few would argue that the benefits outweighed the drawbacks.

[ Reply to This | Parent ]

• 1 reply beneath your current threshold.
• 10 replies beneath your current threshold.

One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.

I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.

Just a thought - I could, of course, be completely wrong!

Davis

MidnightRyder.Com

Boulder Panic! 2 - The Challenge [ Reply to This | Parent ]

• 2 replies beneath your current threshold.

There's no way to prevent man-in-the-middle attacks with a truly anonymous protocol as there is no way to verify the authenticity of the server.

In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.

The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!

The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!

Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.

-o Disclaimer: My employer doesn't even agree with me about C indentation style. o- [ Reply to This | Parent ]

• 6 replies beneath your current threshold.

The author's justifications are very much anti-tax (he appears to be a serious Randian). One of the unstated reasons that the U.S. government was believed to be anti-crypto was exactly that the widespread distribution of unbreakable crypto would allow the development of an underground untaxable economy. It's interesting that this web site's author comes right out and says pretty much the same thing.


...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3." [ Reply to This | Parent ]

• 1 reply beneath your current threshold.

We now have the classic conflict generated by criminal thought on both sides of the issue.

Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.

What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves"
[ Reply to This | Parent ]

Falacies

Glancing through the web page quickly I note a few things:

1. He's basically just adding a seperate data routing layer over the top of the standard IPv4 addressing space. Hence, data doesn't get routed only based on the IPv4 routing tables, but gets routed fairly randomly around above this. This has 2 problems:
   1. You still know the IPv4 address of the destination (regardless of weather or not DNS is protected) and hence can still trace the ownership of that address.
   2. Since data is no longer taking the shortest path, it'll get routed many times around the network and hence will increase the overall traffic level of the network at large (possibly sending the data over a given physical segment multiple times).
2. He's assuming that by routing things around the network using different paths that it'll be harder to pick up all the traffic by way of a sniffer. This may be true if the physical internet truly had different physical routes. I suspect most sniffers you have to worry about are the ones at the end points, not the ones in the middle. It's the box next to mine thats more likely to be sniffing my traffic and hence that this protocol won't help. Now, it will encrypt it multiple times with possibly multiply different keys, but it won't prevent the majority of that traffic being sniffed.
3. Root domain name ownership is not based on a pricing model. Hence I can:
   • for i in `cat /usr/dict/words`; do register $i; register $i.$i; done
   And the internet is hereby mine!!! Muhahahaa.
4. Protocols designed by a few people quickly, possibly inexperienced in the world of security, will certainly run into security related implecations they hadn't thought of. I hope that something like this would go through a lot of peer review by cryptologists before being trusted.

I feel things like zeroknowledge and this are not good. Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.

That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.

There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?

If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.

Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.

-o Disclaimer: My employer doesn't even agree with me about C indentation style. o- [ Reply to This | Parent ]

• 1 reply beneath your current threshold.

Great! Not giving away your IP address is a fantastic idea! As long as we don't need to get information back from the server, it'll work for sure! Exclamation points can make the suckiest idea sound good if used right!

Seriously, though, you need to reveal your IP address so the server can send back the information you requested. That's what servers do.


Big Brother doesn't care about you [ Reply to This | Parent ]