Slashdot Mirror
Publius
Ukiah writes: "Publius is a Web publishing system that is highly resistant to censorship and provides publishers with a high degree of anonymity. Publius was the pen name used by the authors of the Federalist Papers, Alexander Hamilton, John Jay, and James Madison." Check out the system's home page or a Washington Post story. I just volunteered to host a server, so be sure to load up the system with bootleg Metallica mp3's - your chance to send a Slashdot author to jail, not something you get to do every day...
Requests for files are sent from one node to the next, and the files themselves are sent back along the same path. Nodes have no way of knowing whether the machines that send them requests are the original requestors, or are just forwarding from elsewhere. Nodes that receive files have no way to determine whether the sending machine had the file or is just forwarding from elsewhere. Every machine that receives and forwards a file also caches it, so the fact that a machine has a file does not imply that the machine owner knew anything about it. All search keys are hashed with SHA, which becomes the filename, but encrypted by the plaintext searchkey, so the person requesting the file can decrypt it, but all the machines hosting the file have no way to determine the decryption key, other than by trying all possible searchkeys. Barring some pretty expensive types of attacks on particular nodes, you have plausible deniability the whole way.
That's pretty standard for most any country, with the exception being that maybe they won't label it "subversive" in the US - they'll call it a national security risk instead. :\
The system needs to ensure that brute-forcing the database cannot occur, otherwise interested parties would take that information to the judge and get it removed, and possibly have the service shut down. If, OTOH, brute-forcing wasn't possible, then they could only remove data on an as-discovered basis - making the database a hundredfold more resistant to attack.
I did some number crunching on a system like this, and the results aren't encouraging. Here's my (probably broken) math, enclosed in an e-mail to someone who actually knows how to do these kind of calculations...
:( Not .5% of the keyspace,
:) Can you double-check my numbers and make
First some background..
If you take a stream of random data, and XOR it with your
plaintext, and then delete the plaintext, it's still possible
to recover the plaintext by doing this:
A ^ B = C - encrypt
B = A ^ C - decrypt
Given that, let's assume you create a server filled with
XOR'd 'packets' - files of a preset size, we'll say 1MB.
These packets are each assigned a key. Every packet has
a unique key.
The system works by allowing you to check in an arbitrary
number of packets. Once those packets are in the system,
they begin to be propagated through the network. Important
point - the network is protocol agnostic - it'll happily
run over http, ftp, or even finger if you're masochistic.
Since each packet is identified only by a GUID it's
impossible to know who created it, or which other piece
of data it needs to be XOR'd with to recover the plaintext.
And this is the math problem. In computing, it isn't
hard to simply brute-force something, and this system is
no different, except in how the brute force occurs. In
this case, we would download a complete copy of the database
and then grab one piece of the data and then sequentially
XOR it with every other piece of data on the system until
you find something that looks like plaintext.
Since each piece of data should, in theory, have a counter-
component, how many packets need to be in a system before
decryption via brute-force becomes not feasible? Not
feasible would be somewhere in the neighborhood of 2^64
operations, or about 1.8*10^20.
Unfortunately, I've realized that if someone knows that
one piece is half of the plaintext, you only need to
download and XOR every other file in the database once
to recover the plaintext. So if I had 20GB of data,
this would amount to a mere 20,480 operations.
very strong! In order to make it so that 2^64
operations would only exhaust
it is necessary to have 3.6*10^20 packets in the
system!
Doesn't this require about 3,518,437,208,883,200 terabytes
of storage? I hate math. It shot down a perfectly
good idea.
sure this is the right conclusion?
--
Signal 11
The makers may make and the users may use, but
the fixers must fix with but minimal clues
All this Alice xor Bob = Secret scheme gets you is Alice and Bob both named equally culpable co-defendants. Is any judge or jury going to believe that Alice's data was just random and by some amazing coincidence, turned out to be the Secret when XOR'd with some other data? You can do a doubly linked list with a single pointer per node and xor tricks, and far from obscuring both nodes, the same data item reveals both pointers. By the time you're in court, you better have a stronger case than Alice's (and against Scientology, you have mountains of case law on your side)
I've finally had it: until slashdot gets article moderation, I am not coming back.
Oh god, I hope this doesn't mean DSharpe is going to start posting on slashdot :)
:)
If you know what I'm talking about, you spent too much time on amp-f years ago
Finkployd
Perhaps you've read the following little ditty from the Lincoln-Douglas debates:
Not too sure I'd be taking any of his prognostication as gospel...
Cheers,
ZicoKnows@hotmail.com
Publius, because it's be AT&T researchers, is only for free speech and protecting rights of chinese citizens, unlike of course FreeNet that is only useful to child pornographers and copyright violators. grumble
Not to dis the usefulness of this type of service, but the press Publius is receiving as opposed to the extremely negative and unresearched press FreeNet has gotten really torques me off.
Returned Peace Corps IT Volunteer
All that is changed so far is the name.
I run the linux "file" command on anything on my server,
and decide what I may want to look at for myself.
The key is hashed, and while there are plans for it,
no data is yet modified.
Even then, if the data is stored locally, any
system-wide encryption can be broken,
and there will be a mehtod to read locally stored files.
-Tannin Kal
Great! But a problem I see is that in a dictatorship like the US (jk sort of). It seems highly likly that simply having the client for a program like this could be punishable. So there needs to be some kind of system for someone to be able to anonymously use the program in the first place, which seems rather impossible. Maby a distrubuted java signed app? :)
But I'm conflicted here, since you and I are fellow Censorware Project Members, and I'd hate to see a CWP colleague in jail.
Besides, since IAAL, you'd probably just try to mooch legal services from me, so I guess I'll pass on the opportunity. ;-)
The Romans had an interesting way of structuring their names. For men, a name would be composed of individual name, family name, and father's name.
So Publius Virgilius Maro would have been called Publius, or Publius Virgilius. His father's name would have been Maro Virgilius and whatever Maro's father's name was.
If Publius Virgilius had any sisters, they would have all had the same name - Virgilia. Yep - the female form of the family name. If there were more than one, they would have had nicknames of some sort, but technically...well...let's just say Roman women didn't have much in the way of name choice.
Here's another example, from one of the textbooks used in my Latin classes - Quintus Horatius Flaccus. The fifth son of the flabby man. You're probably familiar with 'Horace', right? Same guy. We know he had four older brothers (else why the 'Quintus'?). And any female siblings he had would have all been named 'Horatia'.
What I don't understand is why people feel they have to shorten or mutilate the Romans' names... I mean, sure, I can understand referring to a person by their surname/family name. But why change it?
And don't even let me get started on the butchery done to Latin poetry when it's 'translated' into English. So much is lost and changed that reading it in the original Latin is a completely different experience.
reverend lola
the titanium sheep
provider of steel wool
I maintain a comprehensive list of related projects here.
Of course, there's nothing stopping someone from splitting an MP3 into several files, a la Usenet pr0n.
---
Zardoz has spoken!
Oper on the Nightstar
Doesn't quite work like that. Its about preventing data from being censored. Example: I have the top secret secrets of the secret society (X). Encrypted with random data A gives B.
I have the noble and heroic story of the noble hero (Y) and the constituition of the contitutional country (Z).
Y is encrypted with B to give C. Z is encrypted with A to give D.
The secret society seeks to ban X. Obviously they can't ban A. A isn't part of X. A is an important part of the constitution (Z). They can't ban B. B isn't part of X. B is part of a piece of famous legend (Y). C and D have nothing to do with X, so they're safe. It simply means that no data can be removed because all data is dependent on all other data. Of course, by XORing everything with everything you could find everything thats hidden. But so what? What can you do with it?
While I think that the distributed hosting concept could theoretically work, I am scared to set up a server because of the legal ramifications. Even though I have no idea what the system stores on my machine, one of the files could contain copyrighted material or child pornography, and I could theoretically be held responsible.
In order to fully protect the hosts, the system would need to perform some form of redundant striping across the entire network. That way, I would only have a useless portion of a file along with symbolic links to the locations where the remainder of the file could be downloaded. If I only have part of a file, that is useless without the other portions, then I am doing nothing illegal.
ByteMyCode.com: A Web 2.0 code sharing community.
I can see it now... the enemies of this system will simply dump HUGE amounts of meaningless data into it, overwhelming the given storage space.
Mod down people who tell people how to mod in their sigs
The Romans had a very, very limited number of first names, only about 30 in fact. Some of them were stunningly unoriginal; Quintus and Sextus, for instance, literally meant fifth son and sixth son. That means that there were a truly massive number of Romans who were named Publius, like Publius Cornelius Scipio Africanus. In fact, there was a terribly severe degeneracy of full, proper names among the Romans so that many famous Romans wound up with four or even five names in order to be uniquely identified.
It was very popular in the Revolutionary and post-Revolutionary period to draw deliberate parallels between the colonies/U.S. and Republican Rome. There was a popular comparison between George Washington and Cincinnatus, for instance. The name Publius was probably chosen by the writers of the Federalist papers because of the obvious Roman connotation and because of the similarity between the name Publius and the idea of being in the public interest.
The people who created the Publius project are the ones who mentioned the use of the name by the writers of the Federalist papers, not the folks at Slashdot. I think that it's a pretty clever idea, as it does a good job of pointing out the need for anonymous publication. After all, it will be very tough for some politician in Washington to come down against an anonymous publishing system that deliberately evokes the Founding Fathers' own belief in the occasional need for anonymity.
There is one drawback to splitting files--if you have all the pieces on your machine, it's pretty likely that you intentionally retrieved or posted the file. From a deniability perspective it might be better to have a number of standard sizes for whole files.
Something as simple as planning for secure tunnels through HTTP is not going to work because those accesses will stick out like a sore thumb among normal network traffic in restrictive environments. The presumption will simply be that if you use any such mechanisms, you must be doing something bad.
One way I see to address this problem is to design protocols such that everybody accesses the Web in a way that content is encrypted and distributed. But unless we can engineer a very good business reason for that, it won't happen because it's more expensive and more complex than the simple-minded plain-text HTTP approach being used right now.
I know this may be a bit off topic, but the first thing I thought of when I saw the name "Publius" where the postings to alt.music.pink-floyd a few years back. For those of you who don't know about that:
http://www.tapscott.com/~robp/enigma.html
A hoax, maybe, but there are a few odd sound cues in the "Division Bell" album ("the cave" snd the odd counting during "Lost for words"). And during "Another Brick in the Wall pt.2" (from a ealier album) there are sound effects near the end of the song of kids yelling. At 3.47, one kids yells something that sounds like "Enigggggma!". It's wacky, man....
I think this this kind of situation would suit a DeCSS mirror more than whole bunch'o' Metallica mp3s. I think the idea is to have documents (code?), not a whole bunch of mp3s and the ineviable fake britney spears porn pic. This way DeCSS will be 110% impossible to get rid of ;-) (short of the world exploding)
Buying a Dell computer is equivalent to dropping the soap in a prison shower.
From my quick read of the article, it appears that although the data is copied onto numerous servers, there is still some list of central servers.
If, like the gnutella system, it can be total distributed, and no central server(s) (to attack), then it is a good thing(tm). However if like napster or IRC servers, there are a specific list of central servers, which doesn't change often, then there can be points of attack (legal attacks I'm meaning).
Freenet is (afiak) totaly distributed, and the data is spread accross many many servers (run by clients, like gnutella), which in my opinion is a good thing(tm). Each server can only see that a client is downloading some random chunk, and never sees the entire file. So I can download mp3s without any of the servers I'm getting them from knowing what I'm getting.
I'm not sure if the content on freenet servers are encrypted at all, so it might be obivous if you have a chunk of a file on your server that has an MP3 header in it, that people getting that chunk are getting an mp3.
If this system works like freenet, but offers encryption of the content, then that would be a very very good thing(tm).
The sort of system I'd be looking for is something where:
Files are split in small chunks, and the chunks are distributed to many servers, with many duplicates (eg serverA and M may host the same chunk of the same file).
Files stored on the server are encrypted. The key is stored in part with the server. (eg to get the whole key, you need to get the whole file, from different servers
Its impossible to tell what the name/url of the chunks you have on your server are.
Totaly distributed (like gnutella), with enough redundancy that almost all files are available online right now.
May be a pretty difficult system, but as I said, AFIAK, FreeNet is something close to this.
---
I use to have a funny sig, but slash cut it off, and I forgot what the punchline was.
I believe you're missing the point. After reading the Publius paper, I have these points to offer:
So, Publius can't defend against that sort of attack, but assuming the publisher does indeed manage to get his data published anonymously, perhaps through the use of anonymizers (which is what Crowds is) or encryption like SSL, his anonymonity cannot be broken. That is the point of this system.
There's a lot more in this 14 page paper--it's very rich. It particular, it examines the attacks that an adversary could make against Publius and what safeguards could be put in place.
The most important thing, and I can't emphasize this enough, is that these guys have a system. This is not some theoretical, pie-in-the-sky wouldn't-it-be-nice dream, like the XOR business was. They have the details and mechanics of publishing, retrieval, and updating worked out. You may read the paper yourself if you don't believe me.
Unfortunately, I'm in no position to evaluate the strength of the crypto here. I would very much like to see someone with knowledge in this area come forward with an opinion after having read the paper.
Jonathan David Pearce
Jonathan Pearce jonathan@pearce.name
3EAAFB2A http://www.jonathan.pearce.name/
"The internet was not, and still is not designed for privacy. Your privacy is your problem, so YOU take care of it."
And he's right. Anonymity, and Privacy go hand in hand. Want to be anonymous? It can be done through YOUR actions. Want privacy? Don't plug in a computer you store your SSN on to the 'net.
The issue of censorship, and free speech, especially on the internet, is easily remedied. First, know that by posting something on the internet, you create LOGS. And with LOGS, YOU can be found out. As long as you are who you say you are...
Authors of yesteryear who published anonymously, or under assumed names did so knowing that what they wrote, and stated could possibly be traced back to them. For them, it was a way to express their ideas, without blatantly telling someone who wrote the article.
The resoures available on the internet today are far greater than those of yesteryear. (Unfortunately, the techniques used to track someone down are better too) Privacy an Anonymity can be obtained through careful planning, thinking, and actions.
If you want the "net-life" of a spec op, you better damn well start acting like one.
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
This is the vulnerable point in every such scheme I've seen. The "recipe" which gives you the decrypted data has to be held in an identifiable location, and that location is therefore vulnerable to being shut down. Whilst the law seems pretty undecided on whether HTML linking is equivalent to publication, I'm pretty certain that this much more specialised kind of link is going to be counted as the publication. A better way of describing it might be as the "key" to the data. Either way, thats the weak link in the whole scheme.
On the subject of the various forms of abuse, any system which can withstand the unfriendly attentions of a dictatorship will be wide open to this kind of abuse, because our police have to abide by civil liberties while those in a dictatorship can ignore them. Hence if you can use it to publish banned data in a dictatorship then you can always use it to publish banned data in a democracy.
The real way around this problem is to site the servers in democracies and then design protocols to make it very difficult to block access from the dictatorships short of shutting down foreign access altogether. This is probably best done through proxy servers that tunnel secure data through HTTP.
Paul.
You are lost in a twisty maze of little standards, all different.
This won't work. It won't work because there's no deniability.
/.? The XOR-based system? That had deniability. Consider:
Remeber the last anti-censorship system on
Alice wants to share scientology secrets with the world. Alice looks around, finds Bob's chunk of random data, and XORs the scientology secrets with Bob's data. (In a real situation, she would also use Barry's, Bonnie's, and Billy's, but let's keep it simple). Then she gets her friend Christine to publish to usenet (or whatever) "Hey look: Alice xor Bob = Secrets!"
Helena Kobrin (scientology lawyer) drags Alice and Bob. Alice says "I put random data up, Bob XORed Scientology secrets with my data." Bob says "I put random data up, Alice XORed Scientology secrets with my data." Mathematically, there's no way to tell who did it. There's also an easy way for both Alice and Bob to show that their data is innocent - just have Charlene and Darlene xor bits of the bible with Alice's and Bob's data, respectively, and say "We were just (independently) trying to get the bible into Iran/China/Libya..."
Anyway, this "Eternity service" doesn't have anything like that. Here, Kobrin will say "Is there anything else that this data could have been?" and "Could these have been key shares to any other data?" Alice will have to say "No."
At best, Alice is an ISP - and under the DMCA, she'll have to take it down until it's proved non-infringing (never). In the XOR system, all she needs is Charlene to prove it's innocent.
That's my 2 cents, anyhow.
-Dave Turner.
Become a FSF associate member before the low #s are used
(emphasis mine)
It looks like this was designed to specifically avoid mp3s and pr0n. Probably, they wanted this to be more similar to the original, anonymous federalist papers in that it is more intended for writings that may be offensive to the government of the writers' respective countries. Of course, in the U.S. it will probably just fill up with instructions for bombs and drugs. But one of the prices you pay if you host anonymously is that you take the chaff together with the wheat.
Friends don't let friends misuse the subjunctive.
You're on to something. This would make a great poll:
:-)
Who would you most like to see in jail?
1) CmdrTaco
2) Hemos
3) michael
4) Jon Katz
5) Roblimo
6) Janet Reno
7) Bill Gates
8) everyone at Intel
9) Jack Straw
10) Metallica
11) Hemos' new wife, CmdrTaco's gf, and Natalie Portman, in a prison shower scene like in "Caged Heat"
12) Cowboy Neal and Whalen Smithers, in a prison shower scene like in "Cellblock Cumpanions"
Of course, poor Jon Katz would win, even though in our hearts we all know we want that prison shower scene with the girls. Except for the ten percent of us who studies say would want to see the Cowboy Neal/Smithers scene...
"The more corrupt the state, the more numerous the laws."--Tacitus, *The Annals*