consensus
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU/consensus] [SocialSwarm-D] Map of Projects / Sessions at 30C3

From: Guido Witmond
Subject: Re: [GNU/consensus] [SocialSwarm-D] Map of Projects / Sessions at 30C3
Date: Sat, 16 Nov 2013 23:01:08 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9 
On 11/16/13 21:29, carlo von lynX wrote:
> On Sat, Nov 16, 2013 at 07:19:47PM +0100, Guido Witmond wrote:



> I do banking over Tor, but I know the certs my bank uses.

You are exceptional that you know your banks' certificate. I asked
people at a security conference and most had to admit they didn't know
nor verify. And that is security people...


> Exactly, you are providing a neat alternative to X.509 but it doesn't
> change anything about the entire rest of the architecture. I think that's
> okay for banking or for Tor hidden services apps, but I don't like it for
> a communications and messaging system as I won't accept that my naked
> teenager pics are on your server's hard disk.

Eccentric is not the holy grail in cryptography. It has its strong
points and weaknesses.

The strong point is that it's easy to implement and get quite a lot of
communication encrypted. A weak point is that it is still vulnerable to
traffic analysis. It needs Tor for that. Another weak point is that if
you lose a private key, you're out of that account forever. Unless you
can prove identity to the site some other way.

It also has a very simplistic repudiation model: delete the private key
of an account securely and never mention that it was you.

Eccentric has either unsigned or signed public messages, or encrypted
private messages. To get your naked teenager pics in clear-view on my
server, you need to publish it. If you send it to a specific person,
whose public key you've learned somehow, it is encrypted and my site
can't decrypt it. All private messaging is end-to-end. Guaranteed. I
don't know if Snapchat can offer that guarantee. :-)

I expect sites make it clear when you are publishing to the world or
sending a private message. Anyway, the user agent should always show
which of the two actions it is doing, signing a public message or
encrypting a private message.

You may still not like it but it is quite an improvement over the
current http-internet. Or Dropbox, or Google drive or ... I hope that
once people get used to this model they can search for other systems
that offer even more privacy. We crypto-designers have to lead them. The
hardest part is not designing, it is selling.


> So the server has the complete social graph. The tools I am recommending
> as best current practice try to protect the social graph.

That is one other weakness but it is not so bad as you imagine. The
server sees all traffic (not contents) between its users. As soon as two
people have verified that there is no mitm, they can send this message:
        Hi User2@@guido's-site,
        Please connect to <protocol://my-ip:port/url>
        Use your certificate to authenticate, I use mine.
        Regards: User1@@guido-s-site
User 1 opens the port on his computer and awaits if user2 connects.

Here we bootstrap a new channel based upon an existing channel. The
protocol can be anything, xmpp, zrtp, maybe even psyc. My site acts as
an introducer to people, like a mutual friend that arranges a blind
date, only with cryptography.

As the message is encrypted, my server doesn't learn of this new
channel. All the server learns is that after a few message, the
communication ceased. There is nothing that I can do to prevent this new
channel from opening. And once established, my server that has signed
the certificate is not needed anymore. It can be nuked from orbit.

When User2 has previously established a private channel with User3,
User2 can introduce User3 to User1 over their private channel. Again,
the server cannot learn of this. The new channel between User1 and User3
is invisible to the site. The site learns only about a partial social
graph, not the full graph. The users, of course will learn the whole graph.

That message from User1 to User2 can even be published as wide as
possible by User1. The whole world will learn that 1 is trying to
contact 2 but only they have the matching private keys to validate each
others' public key. It can be used in case my server is gone. Success
depends on User2 learning of the contact request and willingness to
connect. If either uses Tor, the world won't learn if they ever get
connected.

That's the power of pseudonymous authenticated connections.


I hope it sparked your interested.

Regards, Guido.

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]