Slashdot Mirror
Fling:Anonymous Protocol Suite
_endgame writes "Fling is a new suite of internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable. Fling protects clients from servers, servers from clients, and both from an eavesdropper in-between. The result is that anyone can serve or retrieve any data, without fear of censure."
While this is great, I believe that it'll just be a matter of time before this "secure" protocol is hacked/cracked and is again insecure.
Linux is so bad it's free and most people don't use it. But you have the source code, so it's your fault.
This will be great for projects like FreeNet, Gnutella, Napster, or any other form of data transferral that someone might want to prosecute you over.
"With sufficient thrust, pigs fly just fine." -- RFC 1925
...this project is less than a week old and consists of some theories bandied about by a developer and he's friend (who is providing the crypto knowledge).
:)
Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.
PS: That said, I wish them luck.
Metallica is entitled to receive payment for their work. You are not entitled to unlimited, unrestricted free access to their work. I like Internet privacy as much as the next guy but what you are advocating is theft. What needs to happen in my opinion is that some Napster kiddies need to be put on trial and jailed and made examples of. Then we could demonstrate exactly what could happen to people who choose to use the Internet to commit crimes instead of using it for positive purposes.
One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.
I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.
Just a thought - I could, of course, be completely wrong!
Davis Ray Sickmon, Jr - looking for something to read? Check out my three free novels at MidnightRyder.org
This may take the release early release often a little far... Still looks quite young. But on the other hand, it reduces the chances of the project (or sometimes the author) being snuffed out before the public ever gets a chance to kick the tires. If i could encrypt my way out of a paper bag i'd help out with this one...
Seriously though, i think there is a need for a more modern, updated secure way to do this sort of thing. I think it is helpful if people can read what they want without fear of being profiled by evil govenrments (or even worse persistant spammers...) and I think it will allow people a little more freedom to be themselves.
---
Play Six Pack Man. I
This is a great idea, but being the sceptic I am, I have no doubt that another technology would be invented to 'remove' the anonymity that this tries to preserve. It's all a bit like the arms race. I'll make an anti-missle-missile and then you can make something on your missile that jams my anti-missile missile.. etc.... I can't see this set of protocols being implemented, because it isn't in bu$inesses/governments interest to have total anonymity and whether we like to admit it or not, that's the driving force behind the internet these days. M.
In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.
The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!
The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!
Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.
But what it lacks are any suggestions of how the system would scale... will it be like gnutella which now has so many users that the average modem user is struggling just to connect to the network.
Plus if my PC ends up routing mp3 files for other people using my 128k connection I wont exactly be pleased.
Added to this I would expect that there will be quite a reasonable bandwidth overhead given all the layers of encryption.
Certainly as a system for trading textual data it's reasonably sound but then usenet probaly works just as well for most people.
Added to this for a user to keep information persistantly on the network they still must be permanantly connected... which isn't really an option for opressed tibetan monks is it..?
all the anonymous/freenet/ZKS/crypto&privacy projects could really use some convergence and working together. OTOH, I suppose that if there are many, the likelyhood of them all being shut down approaches zero. but. maybe just extreme interoperability....
Returned Peace Corps IT Volunteer
...or is 100% untraceable Internet communication the cyber equivalent of perpetual motion--it would be Very Cool to invent, everyone wants it for various reasons, but the nasty truth is that you just can't get there from here?
The author's justifications are very much anti-tax (he appears to be a serious Randian). One of the unstated reasons that the U.S. government was believed to be anti-crypto was exactly that the widespread distribution of unbreakable crypto would allow the development of an underground untaxable economy. It's interesting that this web site's author comes right out and says pretty much the same thing.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
This isn't really implemented yet.
Someone above said that RIAA and MPAA and AA and whatever would TRY to put the kibosh on this: WHY? Even if tried I doubt they could. Consider this: An IP is like a phone number. The web logs on a box are like caller id. So aren't we just developing something that blocks the caller ID info (like *??)? And that certainly hasn't been deemed illegal.
Also, I imagine, SOMEWHERE, there will be a log of our activities- even though we blocked our caller ID, the phone company still has that information of the call. I'm sure there could be found a "packet log" or some such somewhere.
A step in the right direction, I think, but I don't think it's the solution.
We don't need no Net Explorer We don't need no Thought control
Apart from the music and software industry people attacking this if it ever comes to fruition, wouldn't many systems and networks administrators be wary of it? It seems like something like this would make for some really nice DoS attacks even more untraceable than the current ones already are. So, unless I'm misunderstanding something, I'd expect opposition from a lot more fronts than just the entertainment groups.
It's sort of a hard question, should we introduce new technologies that make it easier for jerks to cause trouble if they're technically superior but don't really cause any huge huge problems? (I know this is a good idea, but how many people have really been censored or persecuted online who wouldn't have been if they used these protocols? From the cases I've seen I don't think this would actually help, but I could easily be wrong).
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Certainly, there are a lot of very interesting sounding projects (like this one). But, about 95% of them are in the "planning" stage, 4% are in "pre-alpha" and only 1% actually got somewhere. The most accomplished project I saw was a map viewer/editor for blackisle games.
Anyways I think my point is that posting stories about vaporware someone turns up on sourceforge is a bit silly. For example, have you checked out Arianne RPG since its slashdot debut? About the only thing they got done is a new webpage. That story was posted like 3-5 months ago.
---
I am the dot in slashdot.org
"Censorship is always bad" he says. "Regulations destroy trust" he says. "Redistribution is theft" he says.
Noble concepts, they might (or might not be), but it's not exactly well reasoned, defended or explained. It certainly isn't well demonstrated.
Good ideas? Good intentions? We could all come up with better sitting in the bar with a few cold ones.
What is it that they say about the road to hell?
--
"I do not speak for my employers, though they are controlled from my Teddy's huge pulsating brain."
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
So you don't have a license plate huh? And maybe the make of your car can change? God damn, you've got a freaking Bat Mobile.
PS. The Preview button is definitely there for a reason...
It's only when we've lost everything, that we are free to do anything...
Can you spell "fiber optic capacity doubling every six months?"
Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.
Who defines the right times? If it's the end user, then we allow abuse by end users. But if it's corporations or governments, we allow abuse by corporations or governments. I'd rather have end user abuse, myself.
Nothing more than something to incite all the mp3/warez fans and generate banner hits to make up for failing stock.
Only the State obtains its revenue by coercion. - Murray Rothbard
-- http://thegirlorthecar.com funny dating game for guys
I am reminded of Neil Stephenson's comment in Diamond Age about an untraceable communication protocol being the thing that made it impossible for tax collection agencies like the IRS to trace transactions and thereby bring down our current political/social model.
Sure this sounds great in theory, but considering the current state around the world, how would this be received?
The economy is globalizing quickly, and daily interaction across the globe is paramount. So considering China just recently picked Linux over Windows95/98 because it can examine the source code to make sure there aren't any caveats that the US could use to sabotage them in a crisis, and on the other hand, the US is so paranoid about other countries being super-secretive that they delayed the release of Apple's G4 machine because it could perform well in encryption/decryption. Would the US allow China to have this Fling technology? Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?
This project may be doomed to the "oh-that-was-a-neat-trick-but-where-is-it-now?" hall of fame from the start.
It's only when we've lost everything, that we are free to do anything...
No, what you're talking about is license plates - that's how you're discovered. Window tint would just make it harder for you to see the old ladies. Wear some glasses ala Clark Kent, and take off your license plates. Maybe stop at the car wash on the way home to wipe off the mess.
You're right about non-traceability being bad, though. I reject traffic coming to my machines if I can't tell who it's coming from in every case that it's possible. I'm not doing anything malicious with anyone's info, and the only reason to hide from me is if you're doing something you don't want me to find out about. Well, I'd better be able to find out if my equipment's being used to do it...
That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.
Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.
And people bitch about RMS's software being political. Not that I disagree with their politics or anything, but it won't bring good press. Not that the press matters, or anything.
But this sort of flagrant politicism kindof colors the project...a person who would have a use for the Fling suite and would like to contribute to it may not because they don't agree with the idealogy.
But then again, that hasn't stopped too many people from working in GPL'd projects. I mean, there have been developers working on projects under the GPL who don't neccessarily agree with RMS's rants that "Proporietary Software is Satan."
Its a cool idea, and I hope it works. I know jack shit about IP, but Fling looks like it has a bit more overhead then the normal protocols. Eh.
You mean the bit where he says "Here's my public key" and you encrypt your public key to it and send it back to him? Might be succeptable to a man in the middle attack (You need to take additional steps to verify the authenticity of the server) but you can't derive the keys when they're transferred automatically any more than you can derive them when I E-mail you my GPG key. And having my public key buys you nothing (Other than being able to send me encrypted data.)
Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it. Is that guy one hop down downloading a file or is he just acting as a proxy/cache for someone else?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Also, what's up with the new Slashdot icons? Bring back the crappy old photorealistic ones!
--
--
E2 IN2 IE?
Right. This has probably been said before in another discussion, but there will be a law enacted if this ( or gnutella, freenet, etc ) ever becomes mainstream. It will be a simple extension of being an accessory to a crime. You can run this software, but if you aid in the transmission of illegal data, you will be held accountable. So, the arguement, "I'm merely an unwitting conduit", will not hold water for long. If you use these apps/protocols, you will run the risk of violating the law.
This is not how I would like to see things happen, but I think it is inevitable.
The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets.
But, on the bright side, maybe if one of these ideas can be implemented and achieve a critical mass like Napster, it will make enforcement like this practically impossible.
Stupider like a fox! - H.S.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
A. That law varies state to state.
B. License plate anyone?
Finkployd
Just a thought - I could, of course, be completely wrong!
No you are completely right. Look at the comments above about censorship. The same idea applies here. How do HONEST (honest being a generic term here) people stay anonymous on the web, while not allowing the warez/mp3 doodz, child porn lovers, and the companies like you're talking about to enjoy the same anonymity? Sure I'd love to surf the web (even though this isn't what the protocols are for, its just an example) knowing that nobody knows who I am, but at the same time, I don't want some script kiddie cracking away at my box because he knows I'll never find him.
---
2) So ? If the company is based somewhere friendly to it, it may be paying taxes there, but not being taxed out of existance.
3) I get the impression that Fling is more interested in keeping 3rd parties from knowing what is going on between A and B, than keeping A and B from knowing about each other.
*click*
Hrm what an idiot, must be applying for his MCSE
*click*
Guess I could flame him, might give me a kick, work is pretty slow
*click*
"Dear sir, enclosed is my private statement FYEO. I like to make up acronyms (not unlike my boss, who I obtained this habit from) so that you must figure them out. I would just like to say you're an idiot, and that whenever I drive around hitting old ladies, somebody always seems to see this reflective metal plate attached to the front of my car, sometimes denoted as a Liscense Plate. I have my winshield tinted because, as everyone knows, the first thing after an accident is to look at the persons front winshield to get a good look at them, the liscense plate is utterly useless. Anyway, just wanted to say good comment, solid structure and grammatical flow, great use of interpretive HTML tags."
*click*
idiot.
"I wanna fuck the system.... AHHHHHHH#@%%#@" ATR
In an ideal world, producers and suppliers of goods and services would be able to know the needs of its customers as much as possible so that the products could be quickly optimized. If the companies could get this information directly from the consumer, then the rate of evolution could be faster than simply having one company wait until it realizes that its competitor is making more money from a modified version of the product.
It would also be nice if these direct customer queries were as unobtrusive as possible. Telephone surveys in the middle of dinner kinda suck.
These lead to a DoubleClick sort of idea. As I see it, the main problem with DoubleClick isn't that information is being gleaned from your private life, it's that the information can be directly traced back to you. They can claim that they will just use the information in aggregate, but we can't really believe them that they won't abuse the system.
But if they only used an anonymous version of TCP to transfer the data, then we could use technical means (personal firewalls, etc...) to make sure they're keeping their word. So we would get the best of both worlds: privacy, and better products and services.
--
The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets
Not quite with freenet. One of the design goals of freenet is you have no idea where the data is stored. I'm not sure how they implement it, have to read (as opposed to skim loosely) the docs again...
The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets
That would be the same as busting the companies that run routers over which you received the data, and thats obviously unworkable, here in the UK HMG are really screwing things up with the RIP bill which is almost as stupid, see Stand
Any sufficiently advanced man is indistinguishable from God
This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself...
Do you mean steganography? Or should we start working on an RFC for SHTP (Shorthand Transport Protocol)?
:)
Yo dawg, I heard you like the Ackermann function, so OH GOD OH GOD OH GOD
This poses a threat to our ability to Innovate(tm). The Microsoft collective cannot properly satisfy its customers needs without being able to analize its needs. If we cannot freelly embrace the ideas of others due to encryption we cannot extend and expunge them.
We are Microsoft. You will be Innovated(tm). Resistance it futile.
Get over it, tcp is *not* an anonymous protocol, and stuff running over it will allways bring some party under the axe.
-- dieman - Scott Dier
Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.
What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves"
"It is a greater offense to steal men's labor, than their clothes"
No it means that the various policing and government agencies will have to escalate the level of their prosecution. Rather than sending an email, they will have to break down your door. Instead of sending a letter they will send a swat team. It just doesn't make a lot of sense for the white collar, pseudo-thugs to continue to escalate their efforts if they don't want to the actual physical interactions to correspondingly increase.
We would never use such a protocol in our company because we work with Law enforcement to bring hackers to justice so we need to be able to track our customers back to thier original IP address. If the FBI comes to us with a log file of a customer of our hacking into someone elses system then we need to be able to call up our DHCP server and find out exactly how had that IP at that time so we could turn over the info to the Feds. Plus it's the law.
caller ID vs. IP numbers
Reasons why an IP address is nothing like a telephone number...
Okay, the reason this isn't doable as you described is because your telephone is, in the main, a switched connection and the Internet is a packet connection.
Internet connections get split up into little segments called packets which are then routed by the best means available at that time. The exact route can vary from day to day (or minute to minute!). Ergo it is important to have the IP number visible to everybody, otherwise nobody knows where to send the replies back to.
Telephone connections (well in theory anyway) are not split up into packets. They exist as a static single connection from end to end (okay purists at the back stop squabbling, yes modern exchanges do use packets, but they also reassemble them to reform the single logical connection). Ergo you can safely hide your telephone number because the connection is already tied down at both ends and, most importantly, doesn't disconnect until the call is over (unlike an Internet connection which is lots of little brief connections and disconnections as packets arrive).
With a telephone, you don't need to know the callers' number, because remote end just replies to whichever line is connected. This wouldn't work with the internet, because the remote end could be receiving packets from thousands of different hosts in a very short time- there is no concept of a one-to-one static connection (not at the transport layer anyway).
And like you said, caller ID is only withheld to the person you're calling. You can be damn sure your telephone company know your number, who you called, and when! Then all the police or GCHQ or whoever have to do is ask your company for a copy of the logfiles.
--
Andrew Oakley - www.aoakley.com
Gnutella works over a standard modem connection, but it's patently obvious that the protocol wasn't designed to run over such a connection. Dropped packets start appearing in droves after you get about 4 connections open, and at that point you're too busy routing packets to download anything at more than, say, 1 KB/sec. Napster, on the other hand, off-loads all this processing to a server so that modem users aren't burdened by constant packet routing.
For more information, click here.
This guy worries me. I definately do not share his political views (and that's alright) and I really am afraid that this Fling will do some real damage if it turns out to be of any value.
Don't get me wrong. I support anonymity. That is one part of democracy. But I strongly object this kind of stealthiness. If you blackmail your boss there is a (good) possibility to get caught. If you blackmail the President with assistance of this protocol, you're 100% safe.
I am afraid that this is something that anti-anonymity advocates will use against Free Speech. I can find no justified use for this kind of technology. That's perhaps because I live in a democratic society (Finland) in which one does not have to be afraid of getting killed for saying a wrong word. Everything I can think of has something to do with illegal activities. One can be anonymous enough with current technologies.
Please note that I have talked only of anonymity here. The fact that it prevents man-in-the-middle attacks is a good thing. Great. But that doesn't justify the damage it can cause.
There's been talks of two types of tinting for windshields that I've heard of so far. The first is the same as those automagic shading eyeglasses - dark in the sun light inside. The new materials do change rather quickly, the only problem can occur with the short runs of tunnels or other dark areas, where the material doesn't have time to clear up again. For eyeglasses, at least, this has improved miles from a few years ago. Quicker changing, less yellow color when it should be clear. The second method is an electronic shading system, similar to those crystal windows that are clear or opaque depending on whether or not a current is applied to them. This one gets expensive fast, and the durability and safety concerns are fairly high.
IIRC, in Arizona it is legal to have the tinted front windshield. A friend moved to NJ from there, and they had to get the windshield replaced before they could register the car. Pain in the @$$, that's for sure.
"It's tough to be bilingual when you get hit in the head."
- for i in `cat
/usr/dict/words`; do register $i; register $i.$i; done
And the internet is hereby mine!!! Muhahahaa.The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
I'm all for freedom and anonymity, but in my mind this flight into Randian dogmatism endangers the credibility of this project.
Sausage King of Chicago
microsoftword.mp3 - it doesn't care that they're not words...
I agree, but people will try to make a distinction.
Routing IP and routing gnutella, for example, are different. The only reason that "normal" routers aren't held accountable, is because there is no good way to do it without breaking the internet, which is why ISPs are not held liable for such things either. Being a gnutella "router", is not neccessary for anything but gnutella, squashing it only hurts gnutella, and that is their goal. Same fate for fling, and the rest of these implemenations.
Stupider like a fox! - H.S.
Can you spell i n e f f i c a n t, u s e, o f, b a n d w i d t h?
Can you spell inefficient ?
This announcement is very much premature. According to ESR you should have at least a base application developed before you can expect other programmers to pick it up and make improvements. There is no download section open on their web site. Doing encryption correctly is very difficult to do, so I've read. What are Morrison and Ragnarsson's credentials in the encryption area? I would have been more inclined to jump on the bandwagon if am actual wagon had been built.
zenray
Make a hole in your backyard fence that is just large enough for your chickens to get through and eat in your neighbors garden -- and just small enough that your neighbors chickens cannot get through to eat in your garden.
Once you have solved this, the Internet is easy.
When you are dancing with wolves, never limp
Secure protocols will have more overhead because they need certain things beyond simply getting the data to the target. To avoid traffic pattern analysis you try to pad packets to fixed lengths, split streams up and send some junk so that bursts don't stand out, send dummy packets when traffic is low, and so on.
You need secure low level protocols to give yourself a fighting chance at anonymous exchanges. Running such protocols at a higher level over something that is essentially an end-to-end protocol just points out the path used to route the `crypted data. At that point the unfriendly government steps in and has you blocked or arrested.
The same technologies taht allow you to publish your anti-government newspapaer in a totalitarian state allow the distribution of porn and information on controlled substances. Sorry, information is information; differing states have declared diffeerent bits of information "bad" at times, the tools to supress one type can supress all types of information
As for Fling specifically, I noticed that it uses IP4 addresses putting it behind current tech. I'd like it better if it's internal addresses were larger than IP6.
Instead of taking a very American-(as in USofA)-centric view of this, consider the fact that the Internet is a world-wide phenomenon. :-)
There are many countries out there where mere possession of text extolling the virtues of freedom and/or democracy would be heinous crime. (A certain country with a red flag comes to mind..
There are thousands upon thousands of people who are today rotting in prisons all around the world for just expressing certain views.
If technologies like this can help these brave souls stay out of prisons, I think they are worth the price of abuse by some other sections of the society.
Maybe you should read this guy's horror story about Gnutella before you cheer the idea of Gnutella doing this. If you couldn't trace and track who was doing what, you couldn't retaliate against people blatantly breaking the law. Fling could be a spammer's heaven if it does what it seems to be saying it does -- protecting servers and clients from each other. If you can't know who's screwing with you, you can't know how to stop them.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
I thought that security by obscurity was a closed source methodology. What I want is a technology that ensures that no transaction that I make can be spoofed by someone else. If you're a porn addict, you gotta get your fix using your bandwidth, not the bandwidth payed for by others. If you're parinoid, just don't do things that would attract attention. They can't read your mind...yet. 8O
- real hackers don't have sigs -
This is amazingly *not* new. There has been a method of emailing people that uses this *exact* same method for 2 years now. That method allowed transfer of files only through emailing them. This project seems to take it a little further (not much though). I cannot remember the name of the project, but Im sure someone will post it below somewhere. Additionally, the point here is not to say the data could not be unencrypted along the way. The primary focus here is to hide the sender and the reciever as much as possible. For all of you who are saying things like "this won't work" and "we need proof of concept" and "this is trivial to crack" you are incorrect. It *will* work. There *is* proof of concept (with the email network that is amazingly similar) and its almost impossible to crack without gathering information from each server along the route. You all need to think about the scale on which this could be done. Sure between 5 servers, no big deal. But you would inentionally create long routes in order to hide the reciever and sender. When your data goes through 200 servers each time, and is slightly decrypted for each step, then there is a good amount of peace of mind there. The web page does not describe what they are planning in very much detail. That is probably why there is so much confusion. After reading the web page I wonder if he knows what he is doing. The idea would work though -Kevin Kamel
Ushers will eat latecomers.
IP is just rude.
Is there any torture so subl
He's angrier than RMS!
I generally agree with arguments for no censorship except for pedophilia. Pedophilia involves mentally and physically abusing children, it is reviled most cultures and for good reason.
The existence of a market for pedophilia means that somewhere in the world a child is being abused to satisfy that market. Censorship reduces this market and frankly I will support it to my dying day.
A persons rights to express themselves should stop short of abusing another person's rights and pedophilia does abuse the rights of others.
Some more:
1) In cases of fraud, you have no proof. After all, if the company is hiding the fact that it's conducting business to commit tax evasion, it's not going to be easy to find evidence that they cheated you.
2) SPAM. How can you stop, filter, or track down SPAM if you don't know where it's coming from?
Also, as you point out, hiding the actual internet transactions themselves isn't going to magically make the IRS not know you're in business. Your physical distribution channels, employee benefits paperwork, and building rent should give you away. I completely disagree with the anti-tax rhetoric he's spewing, but the protocol is dangerous to its own users in ways that he obviously can't see through his extremist world-view. His stance on hard-core pornography and children shows that he also actively refuses to acknowledge some of these problems. I'd love to see what his takes on SPAM and fraud are.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
(Which doesn't mean that the conclusion - censorship is evil - isn't correct, just that the arguments used here to support it are full of holes.)
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
Protecting child pornography is protecting whom? No really, stating flakey opinions is one thing but I hope you don't mean to casualy pass over the harm that is to children. I don't want to pull at heart strings here but I also do not want an "After-School Movie" glossing over of something I have seen to be very destructive and painful to childrens lives.
I'm pretty sure you were simply expounding the importance of free speach of ideals and didn't mean to overlook it. I mean its something you already know, of course, that protecting the children in this matter means passing laws against it.
I am a libertarian after all, who is renouned for protecting personal freedoms, I even watched the convention on TV last week. But even my party recognises that to protect child pornography as free speach is putting lesser values as more important than greater ones. Kind of like protecting ones right to drive on both sides of the road, at the expence of protecting ones right to use roads safely.
i think there is only one thing to say, (at least, for as long as it lasts and the govment bumps in) and that is YEEEEHEEZZZZZ !
mvg,
Kris "dJOEK" Vandecruys
Exercise caution when modding this message up: the author acts like a jerk when his karma is excellent.
It strikes me that the onion routing idea is also
used by freedom (http://www.zeroknowledge.com)
What is the difference between the two? Is fling just a free GPL version of the same?
I love the reasons to make it..
#1 reason - to protect porn and sex wierdows.
Last reason - to protect those that really need it.
I think there is a priority system that is pretty screwed up from the beginning.. This guy, after reading everything make me feel as if he's a Porn addict/spammer that hates getting cought with his kiddie porn/ beastiality photos.
If you want to be a sick-o then you have to accept the risks...
granted, I like the idea of a built in anonomizer, but from all I read, this is a very misguided adventure that will fail in a forgotton puff of smoke.
Besides, i can see packet sniffers looking for this protocol, and killing it at routers, making the whole thing useless.
Do not look at laser with remaining good eye.
Why's the guy a kook exactly? His ideals seem quite sound to me, as they match mine almost exactly.
Look at the freemed project.
it's useable and very beta.
I think you need to look closer or at things that aren't "neato" to you.
Do not look at laser with remaining good eye.
Actually with freenet (as I understand it) you CAN tell where the data is stored. Or rather you can find out some subset of locations where it is stored.
:)
However...observation is not a passive act. Simply observing where the data is stored causes it to propagate to new locations. Thus it becomes like trying to nail jello to a tree...
aint replication a bitch?
"I opened my eyes, and everything went dark again"
Ramen
So here I am; The highpoint of my day.
Lunch-time.
No longer am I content with such concepts as female companionship, wealth or pleasure; I find all that I need in Ramen.
The ceremony commences. I enter the break-room. A medley of microfiche machines contrast the smooth curve of coffee pots filled with steaming liquid. I turn, facing the altar. I bow to my god Maruchan, the smiley face god, for he brings me ramen in such a pure form.
Cuidado: Caliente! screams out the sacred Japanese vessel in Spanish. I extend my hands, never taking, only receiving. Maruchan smiles upon me as he bestows the vessel upon me. I find it strangely cool. The delightful feel of a smooth woman's skin on my flesh. My Ramen.
I approach the fiery cauldron of water. Pure springs splash down into the pot, warming and bubbling. Steaming with cleanliness. My Ramen meets the water in a joyous union.
Maruchan smiles in heaven.
the real shiftaling has user number 5134
Karma: -43 and DROPPING!!!
It must be emphasized: Until everyone starts using encryption and anonymizing tools... those who do will be seen as guilty. Period.
The question is no 'why should I encrypt' but 'why shouldn't I encrypt'?
It is your right. Use it.
I'd say this chap is more of an anarchist than a libertarian.
- sigs are for wimps.
> Napster kiddies need to be put on trial and jailed and made examples of.
No matter how much you don't like Napster kiddies, script kiddies, whatever, it is necessary in a fair society that people get reasonable treatment under the law. Fines? OK. Sending a bunch of 12-year olds to jail for copying songs? When you want to "make examples" of people, you invite the fascist attitude - let's scare everybody enough to keep them in line for even minor things. Unless, of course, you don't mind being the one with the $10,000 speeding ticket because somebody got mad at the bad drivers in your area.
I agree that a censorship-proof internet can be permenant also, or at least I have no qualms with people trying to.
That is different than guaranteeing free speach in one very important aspect. On the internet you have the opportunity not to listen. That makes it different than say a crowded room. But, I agree with the origional poster that such a movement should not be associated with protecting child pornography and other things that in itself hurt people that are law abiding and punish those that aren't. In all practicality if someone wants to do it (or break any other law) they can already, a free internet changes very little. My only qualm with it is that specificaly protecting such pornography as free speach confuses the matter and doesn't properly treat it as the destructive and hurtful thing that it is. So yeah, I'll agree we are on different and not conflicting purposes here.
Anyway, I'm not restating myself here becuase I don't think you understand this, but just that I want to express what is and isn't my point for others monitoring this thread.
Fling destroys forever the ability of anyone to force the content of the information you share. That information will also include ecash - so fling will destroy anyone's ability to control or surveil online purchases, transfers, or holdings
Does the Fling system prevent finding the original sending IP of the message? Yes, but so does classic IP spoofing. Now, we all know that any real sysadmin can get around that by contacting other sysadmins on the packet's path.
The layered encryption is a waste of time --- any idiot with a copy of the Fling source can decrypt the message down to the final level --- and discover all the targeted computer on the path. Plain old PGP would accomplish the same (w/o revealing the 'allied' machines on the route).
And of course there is no server authentication, which makes the utterly useless for ecommerce.
All in all, Fling wastes bandwidth with uneccesary encryption, and offers no real increase in security. Sorry guys. No party today.
still more:
fraud will always be a problem, but a company's reputation capital is what will make this system usable. do you know what happens to drug dealers that sell bad shit? they don't stay in business long. this protocol will help users in ways your middle of the road, rock the vote, save the children, please tax me view doesn't realize.
Have you seen Ironstayn vs Supergovernment yet?
This protocol works on the same principle of the script-kiddie who hacks into several machines in a series fashion. Each time he hacks into a new computer and telnets out, his original source becomes one step harder to trace, but it's never really impossible.
Essentially, this protocol would continuously mask the previous step in the route. To trace it, one must obtain logs from each router (one at a time) back along the the packet route. It would be tedious, but not impossible.
It is worth mentioning, however, that the routing would not necessarily be any more complecated than the present IPV4 routing. With support for the protocol (and a public/private key pair) for each router, it could be routed along the shortest path.
Your comment is an excellent illustration of why Fling (or something like it) is both necessary and inevitable. No-one can stop the development of a bottom-up network of networks (like the Internet). Now that the tax-based network (i.e., developed with tax monies, primarily by U.S. Dept of Defense) has been taken over by the overblown commercial sector, and with processors and peripherals ever cheaper and more powerful, discontents will build a new network. For awhile (until the retailers finish dying off) the two systems will run in parallel, used by different persons or for different reasons. I.e., game-players, /.'ers, free speech enthusiasts, activists, and others (non-parents at home) will use the anonymous network; parents with children they don't trust, government approved or sponsored sites, and commercial sites will use the old Internet. How could you stop the spread of something like the old BBS networks from developing, and then interconnecting? You can't.
Something massive like the NSA could conceivably "crack" the proposed system (or something like it) by employing HUGE storage, taking a picture of the whole network every "instant" and tracking backwards. (I don't even want to think about how tiny an "instant" will be by then!). But it's unlikely they can keep up, as long as the new network keeps growing.
As to the philosophy, I was briefly intrigued by Ayn Rand-ism when I was 18, but rejected it. But I agree with the goals, if not the author's reasons: I agree that free speech is the safest way to guarantee good order in societies (in the long run -- and as someone who sat through a 4-hour Quaker business meeting yesterday, I agree it can take a very long time to reach consensus when everyone is free to speak!!!). I agree that truth is better than "political correctness." (After all, if it were "correct," the modifier would be unnecessary.) I agree that using the slow and awkward methods of preventing child (and other) sexual abuse, and other bad (really criminal) behavior, is preferable to enabling fast methods which inexorably tend to compromise the freedom of anyone "They" don't like.
I just finished reading the "Philosophy" section of Fling's Sourceforge site and I've got that same creepy feeling I always get whenever I see a Randroid running at full tilt. I get the feeling that many geeks latch onto Rand because she appeals to their revenge fantasies.
I have no disagreement with the personal responsibility aspects of Objectivism -- ultimately, each one of us has to sleep in the bed that he or she made. The "me first always" stance really bothers me though. The blanket assumption that the disadvantaged are that way because they earned it or are lazy and incompetent smacks of the purely greedy kind of thinking that may end up being our ultimate demise.
Want a nervous laugh? Go hit the Ayn Rand Institute's site and check out articles such as Sweatshop Opponents want to Violate Worker's Rights, Against Environmentalism, or my all-time favourite, Why Christmas Should Be More Commercial (Even if you're not religious, don't you think we really overdo that holiday's shopping aspect?).
Want some food for thought? Check out author Paulina Barsook and what she has to say about the kind of libertarianism that many people in high-tech are buying into these days.
Well I aint an expert either, but I did start writing my own gnutella client at one point and decided that each connection was cosuming about 2.4kbytes/sec of bandwidht (counting inbound and outbound) when i had 3 connections open.
Modem users could realistically only sustain one open connection, but because of the nature of gnutella every search request has to be transmitted to every host on the network... and therein lies the problem.
As the number of the users goes up, so the bandwidth requirement increases exponentially.
I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content? They're describing a bunch of complex shuffling, but don't indicate why they chose those methods and what attacks they're trying to protect against. Some of the earlier projects like Pipenet and Onion Routing found that there are theoretical weaknesses if you only send traffic when you have real traffic, or if you do anything that makes it possible for an eavesdropper to tell what the boundaries between messages are, because the eavesdropper can do enough correlation to identify reasonably accurately where the traffic is going. The alternative is to build connections between sites that always have constant traffic levels, using filler traffic when there's no real traffic. This has a major cost/performance impact that affects the willingness of servers to support this kind of application. By contrast, IPSEC gives you all the privacy you need by encrypting, but doesn't try very hard to block the user identification.
Privacy servers like this also depend on having lots of users - if there are only two people using it, it's easy to tell who's communicating with whom. It's nice to do technology, but you also need to work on a social or business model that encourages lots of people to run the client, and if it's got separate servers, to run servers as well. That's one of the cool things about Zero Knowledge - they've got a model that they hope will achieve this, though whether they succeed will depend on whether they implement it well enough for users to accept it and whether they can market it well enough to really take off. Some things are overnight successes - Hotmail, Napster - while others limp along at a low level for a long time, like the current remailer networks, mainly because they're annoying to administer and responding to complaints when they're abused is annoying. I wish the Fling folks good luck - but there's a lot of work they've got ahead of them to make it working and accepted.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Another 'secure' protocal. Eventually the internet will be 100% secure and nothing but proprietary technology will be able to access it. Yay!
====
Crudely Drawn Games
We have a constitutional right to anonymity? Just curious?
--
Peace,
Lord Omlette
ICQ# 77863057
[o]_O
It's funny you use the example of drug dealers when talking about trusted businesses. The only kinds of businesses which need to hide themselves from their customers and conduct business secretly are those that have something to hide, whether that be tax evasion or some other illegal dealings. Companies like Amazon.com and eBay will never have to use Fling. When you build a network dedicated to shady dealings, you're not going to have much in the way of people to trust.
If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
Your nurse example is not bad, except for the conclusion you draw, which is ludicrous.
The natural result of the "right" to healthcare with a shortage of nurses is not the forcing of people to be nurses against their will. The result is that while you have the right to healthcare, the quality and timeliness of that care suffers. Hopefully steps would be taken to correct this, such as recruiting programs, increased salaries for nurses -- much like the tech industry today, where supply of engineers is less than the demand.
You have the right to bear arms, but all this does is create a demand for weapons manufacture and sale in the private sector.
The fact is that quite often, the rights of individuals will be in conflict. The solution is not to favor one completely over the other, as should be obvious. The world is not perfect, which is why we have the concept of "compromise" (or "tradeoff", if you are of an engineering bent).
Which is of course what taxes are - a compromise. Things need to be done that no one wants to pay for, and while not everyone benefits from each expenditure the only sane thing to do is to charge everyone some amount and have a body that decides how to spend it. We can argue over the amount, and what form that body should take, but in the end it is necessary to an extent.
Should the poor man across town be denied the ability to walk outside without breaking his ankle in a 6" deep pothole filled with sewer overflow that he couldn't see because there are no street lights, just because you don't want to lose your right to control where all your money goes?
Which gets to my fundamental problem with all the anti-tax and libertarian thoughts out there -- elitism. Underneath the talk of unrestricted liberty and free societies is the unstated conclusion that liberty and rights are something only the wealthy can have. When you hear enough of it, you begin to think the message is that only the wealthy deserve. I hope I'm wrong.
Sumarizing, if someone truly believes in liberty, then they should be willing to sacrifice some of theirs so that others can have it as well.
Changing subject, if you are trying to tell me that you have the required level of knowledge to trust, without any assumption of law enforcement or regulation, all (or even a small fraction of ) the companies and products you come into contact with during the day (or even as you get ready for work), then I have no choice but to label you a liar. Frankly, I'm glad the FDA is there to regulate and enforce the levels of rat shit and human fingers that are allowed in the food I eat.
The enemies of Democracy are
I made it onto slashdot with Fling, and it's been less than a week...
Okay people, some cold hard facts.
One, fling is theoretical at the moment. I don't even have a byte complete protocol, although I expect to within days.
Two, I'm not throwing the doors open to developers until there's enough of a skeleton there for you to see where to put the flesh. Otherwise the project will mire into a mass committee blunderfest. Of course, once the protocol's up, you can make your own versions in parrallel, if you want. This may even be useful, if you're porting it to other OSes or languages.
That said, thanks for the attention, I intend to see this becomes big.
My current focus is on getting a the route ball as small as poss while staying secure. Experienced crypto designers would be welcome help right now.
1. The destination is unknown because it's only included within the very core of the route ball, and even then it's indistinguishable from any other hop, except to the intended recipient.
2. Fling is vulnerable to a "stuffed keyring" - where the bad guys own all the hosts in your keyring. In practise, this means you need to choose the point with care from which you start your key gathering, but from then on the inherent randomness of the key requests means that you should at most only get some, not all, bad guy hosts.
3. Yes, you can register many root domains. Your sevrer will then be carrying the bulk of the search traffic, and will likely slashdot instantly under the load. The NSP distributes load by usage.
4. If you or anyone else has holes in the Fling protocol I haven't thought of, please tell me and I'll fix them if poss.
I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content?
Partly protecting content, but that is mainly a side issue and a corollary of the primary purpose: to make a way to handle end to end the connection and data transfer between machines without anyone being able to physically locate (nad hence to censure) either the origin or the client.
Would you trust anyone who thinks that Ayn Rand had a single consistent argument to implement an encryption suite? It's even more ridiculous that this parrot of "self-interest" is making his creation available by open-source (or that it requires widespread adoption to be useful....) Rand is just what happens when you dumb down Nietzsche and add inconsistencies.
In any case, the "philosophy" link reminded me of Philip Greenspun's hilarious acknowledgements page for Philip and Alex's Guide to Web Publishing, which is available at http://photo.net/wtr/thebook, and which I reproduce in part here:
If he is trying to promote a free environment, why is he launching it from an idealogical point of view[?]
Simple enough: the project exists and has been designed specifically to meet a need, the need being the need for freedom. And the freedom in question being the freedom of thinkers and creators to think and create and live their own lives without being anyone's milch-cow, and without being bound by mindless regulations and prudery.
This is what most of us have been waiting for ... lets just say i don't believe it till I see it .. could this be true if so lot of worry is going to leave us ... but do you think it is possible ... harder for servers to track trespassing and vice versa ... too good to be true
"Before God we are all equally wise - and equally foolish." -Albert Einstein
(I'd like to get the above up where it can be seen and can answer some of folks' questions)
protect your box.
they all deserve anonymity.
if you suck at protecting your box, and some "script kiddy" (feel derisive tone) can break in, it's your fault.
on the other hand, even without these anonymous protocols, real hackers (yes i meant it in the breaking security sense, and i'll break the fingers of anyone who quibbles here) can get in your box. sorry. if you can't deal with that, take your box off the net.
it's even funnier that you missed my point. drug dealers don't hide from their customers. they do hide from law enforcement however because it is illegal to sell drugs. if it were legal, you could buy drugs on eBay...
as far as the trust thing goes, you have to to trust the people you deal with on an anonymous network because half the people are government agents fresh out of entrapment school. reputation capital is an interesting thing - you check check it out.
you seem to have your mind firmly made up on this issue, which is too bad, but don't forget "shady dealings" might be political free speech in an oppressive country. or maybe that's just libertarian rhetoric...?
Have you seen Ironstayn vs Supergovernment yet?
Actually, not only can I spot one, but I'm not above using one to make a joke. Apparently the Randroids aren't bright enough to determine that if you frame a clearly over-the-top statement with a jocular quote, it's probably in jest, not "a serious argument" like those espoused in the moronically laughable Virtue of Selfishness and others. Furthermore, it is a ludicrous stretch to see "parentage" of Nietzsche in Rand -- unless you count mis-appropriation and adulteration as "parentage".
I guess that's what I get for joking about the moronic, sheep-like nature of the Rand Collective -- judging from the whiny, knee-jerk reaction I got, I could probably have drawn less fire for writing something like this.
~wog
I think the world he is envisioning
is one where cash is digital, i.e. you
never turn it into real cash, just
store it on your harddrive and buy stuff
as you need it. To outside world this looks
like barter trade.
The problem of course is that this is not
realistic model. Someone has to administer
such a cash system, else I'll print as much
money as I want and we got a whole new way
to redistribute wealth. The administrator(s)
has to be trusted, i.e. public, so then
gov't can exert pressure on them to cease and
desist and in any case they wouldn't be trusted
anymore after dealing with gov't.
Further, the admin of cash system has to be able
to prevent counterfit ecash, so they must be
able to find its source, so they can't be using
Fling.
This guy is confusing anarchy with libertarianism.
Both are noble ideas but only the latter one is
practical.
well...
I noticed I scroll up a lil more before posting.
that was for the anonymous coward:
"Homosexuals were once looked at with the same level of disgust and contempt as the modern-day pedophile. If you could travel back to the 1950s and me..."
sorry Carp
Math is the weapon!!
All this hard work will simply be dismantled by governments that legislate against it's use, or otherwise used by those governments.
How can we trust their servers? What happens when the system or servers are cracked by the NSA, who will deny it and forever have full access to information that flows freely between people that beleive they are communicating securely.
Give me brute force big-bit crypto tunnels any day.
They can prove A is speaking to B all they like, is there a law against that! What they'll need to prove is the content, which is what is most important.
Fling could be a nice extra layer of privacy, but I would'nt put too much trust in it alone.
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
*COUGH*
L I S C E N S E
P L A T E
*COUGH*
lameness filter sucks
"I wanna fuck the system.... AHHHHHHH#@%%#@" ATR
It's a selfish, twisted, flawed philosophy, evident of weak thinking and small souls
Please tell me the logical path you took to get from "selfish philosophy" to "weak thinking and small souls".
I for one can't see the connection, and quite frankly, the last line of your post makes you sound quite similar to rabid fundamentalist Christians. I find your implication that people's souls can quantified, compared (and judgments derived), quite repugnant. Moreover, passing such a judgment on someone purely because they have a few noble but naive ideas about security is irrational .. some might even call it "weak thinking" .. your emotions have the better of you.
Actually, there isn't a direct one. I've addressed this elsewhere in this thread, but the Fling philosophy smacks of Randian Objectivsm, with which I have ethical, philosophical and personal issues.
Briefly, Rand proposes to produce a purely rational philosophical system and then proceeds to use as a postulate a weak basis and to orate about her system's perfection. So a> it has what I feel to be logical philosophical flaws and b> it seems to be grounded in an almost Scientological hypocrisy of claiming pure rationalism and then getting irrational about it.
Ethically, it denies any concept of debt to parents (for instance) or responsibilty to fellow people. Those two tenets are especially disturbing in my view.
Personally, every self-proclaimed Objectivist demonstrated themselves to be really upsetting people; of the sort who wouldn't rescue children from burning buildings etc. And I do get somewhat emotional about this because one in particular lied to me over a long period because it was better for them.
So, okay, yes, I am a touch emotional about this. But my objections to Objectivism are rational ones.
Fling partakes of Objectivism for the basis of its philosophy, or at least repeats portions of it verbatim by means of parellel evolution. (Although they quote Rand...)
Incidentally, I don't believe in souls as such, although people can have soul, or be soulless, or have small souls. I could just have easily said "heart" instead, if you prefer. (In fact, feel free to #ifdef Nyarly #define soul heart #endif.) Not quite the same, but if my use of the word "soul" upsets you so, have at.
Ushers will eat latecomers.
IP is just rude.
Is there any torture so subl