Slashdot Mirror
Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com)
An anonymous reader writes: David Chaum, father of many encryption protocols, has revealed a new anonymity network concept called PrivaTegrity. Chaum, on who's work the Onion protocol was based, created a new encryption protocol that works as fast as I2P and the Onion-Tor combo, but also has better encryption. The only downside, according to an interview, is that he built a backdoor into the darn thing, just to please governments. He says that he's not going to use the backdoor unless to unmask crime on the Dark Web. Here's the research paper (if you can understand anything of it).
1. Is anyone going to trust something with a backdoor?
2. who's ?
No way am I trusting Chaum. I'm no chump
When PrivaTegrity’s setup is complete, "Nine Server Administrators" in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.
If you can trace criminals you can trace dissidents and political opponents. Anonymity is difficult enough without it being broken by design.
Private citizens who care won't use this because they care about not having their communications intercepted.
Big bad government won't use this because they care about not having foreign intelligence intercepting their communications, but will happily spy on anything they can get.
Botnet operators rejoice at the birth of another avenue for hard to kill C&C.
Just telling everyone your software has a backdoor is the same spending all of your development time masturbating. No-one is going to use this crap.
Is he claiming he found a way to safely have backdoored communications?
"What you can do, your enemy can do". "Security" doesn't happen when you have backdoors, for anyone, period.
Oh yes! The world will be a better place when governments are aided by secure communications developers in fighting crimes like apostasy, being gay, etc., and whatever new "crimes" might be defined out of thin air in the future.
I'm sure the criminals that will be brought to justice, and hanged, shot and stoned will understand the wisdom of this move.
In other words, what a simpleton.
Simpler than that: Make all encryption is 100% secure. Only Alice and Bob can read the data.
If law enforcement wants access to the data for crime purposes, THEY GET A WARRANT for either Alice or Bob that demands they decrypt, and Alice and Bob have their normal rights to fight the demand in court, and failure to comply is risking contempt of court.
If Alice or Bob are not in your jurisdiction, then its none of your fucking business. Go ask the country they are in to do it.
See how simple that it?
As soon as you put a backdoor in, everyone is demanding full take access now. That British Snoopers Charter is a template, every country from USA to China, India to Nigeria will implement the same law, and force companies with subsidiaries in their country to hand over all their data to their spooks in secret.
Really we need to implement end to end encryption and urgently.
It's DiceDot now. Corporate probably has focus groups of soccer moms saying the site assumes too much knowledge.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.
It's DiceDot now. Corporate probably has focus groups of soccer moms saying the site assumes too much knowledge.
As amusing as that thought is, you don't need a focus group, just look at the anon coward posts in literally every single story that complain about not spelling out common 30 year old technical terms - like TCP or DOS.
They even bitch that a link to wikipedia is too much work for them.
Granted that just raises the question "Why are we listening to ACs?", but sadly these people are not made up boogiemen, and their numbers seem to be on the rise :/
With deep sorrow we announce the departure of another great security guy we once had. You will be missed.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Then anyone using would likely have to be coerced to use it. Then when some piece needed to be decrypted the likely result would be a message encrypted with another tool that the user has done their damnedest to ascertain has no back door.
Wow good job, we've found a way to bloat data packets even further. Up the bandwidth!
Mr. Chaum has clearly underestimate the resolve of governments around the world. If needed, they will coerce the holder(s) of the key(s) to get what they want. Anyone that has even part of the key to the backdoor is going to put a giant bull's eye on themselves and their loved ones.
a better idea would be to take the improvements made and upgrade the Tor protocol.
Anons need not reply. Questions end with a question mark.
Kudos to David or disclosing that but what was he thinking adding in a backdoor?
Sounds like he hoped to cash in on some government contracts (possibly some sales for CEOs looking to snoop in on employees) but the fact is companies selling equipment and software with back doors on balance are losing market share globally due to national security concerns (ask tech companies like Cisco that were in bed with the NSA how their sales are doing in China these days)
Over the long term communications software with backdoors in it has no future. With encrypted VOIP on the horizon the era of wiretap is coming to an end. Given an alternative, few want to adopt technology with backdoors other than those that want to snoop in to our communications.. aka government officials. (ironically both on the left and right... Bush and Obama... alleged "opposites"... but in practice birds of a feather when it comes to mass surveillance of private communication)
While many deluded megalomaniac politicians demand we all use equipment/software with back doors in t (trust them they won't illegally peek - see Snowden) the market is clearly moving in the opposite direction. This is especially true on a software front where it is near impossible to regulate due to the speed and ease of distribution. For all the talk of privacy versus security, what seems to be happening is that all the legislators in world are powerless against the programmers of the world!
Given current trends it seems inevitable software developers will l eventually provide us the means to have easy to use end-to-end encryption whether politicians and the police like it or not. They will make it open source for transparency.... distribute it around the world...and it will be free for all. No central point for the control freaks to regulate into submission. True power to the people.
There's a term for that in data security circles. That's what we call NOT PRIVATE, for fuck's sake.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
LOL, err, I mean, "NO".
Sorry, I don't know who he'll trust or what he'll use it for. I also don't know that Bad Guys(c) won't be able to break into it.
And by "Bad Guys" I mean the NSA/CIA/FBI as well as the friendly folks from the Russian Business Network or other criminal organizations.
Just cruising through this digital world at 33 1/3 rpm...
What are ACs?
Every spy agency, then, would see that they could monitor sensitive communications simply by collaborating with other spy agencies?
In this case, a former /. member that hasn't bothered using their login for the last couple of years.
Doctor Who's work on the onion planet of Spinthoz was limited to an unofficial visit, which means there were no welcome protocols involved.
http://tardis.wikia.com/wiki/O...
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Get a copy of the PrivaTegrity,
2. De-compile it
3. Analise product
4. Remove Back Door.
4.1 Put a new back door in it?(this part never gets old)
5. Miller Time.
It's fucking centeralized, no shit it has a backdoor. geniuses.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
So... my question would be... Quis custodiet ipsos custodes? who will appoint, monitor and document the decisions of these administrators and if necessary revoke their anointed status as the determiners of what is or isn't acceptable evil (e.g. is sharing a commercial movie evil enough to attract the attention of "the nine"... how about a casual statement calling for the non-constitutional overthrow of a government... clearly child porn would be considered evil, but what would the cut off age be, 16, 17 or 18... would planning to blow up a public facility in a western country be more evil than threatening to blow up a public facility in a country already mired in a civil war)? Will they be accuser, prosecutor, judge and jury? who will take cases to them and which legal system will apply... can they be sued in the event that they err? what will keep them beyond reproach and will their decisions be made public? will it be possible to appeal their decisions?
Lots of questions and no clear answers.
Why would anyone bother to use it instead of PGP?
Come on Slashdot. Get your shit together. One would think that you could find a way to implement new account creation by now!
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
... and > 9 "democratic countries" fell for the falsified "weapons of mass destruction evidence" the US presented to lure them into supporting the Iraq war.
Slashdot stole my unescaped "greater than" character.
You still have anonymity with an account.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I love the smell of satire in the morning.
Nine governments in agreement sounds like an unlikely scenario regardless what the topic is.
Except where there is something in it for them. Like when they say if you agree to open the door when I want something, then I will open the door when you want something. Maybe we just all agree to leave the door open all the time for convenience.
Yes. Psuedonymity is a form of anonymity. It isn't the strongest form, but it is a form. It seems you are the one who doesn't understand it.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Three Rings for the Elven-kings under the sky,
Seven for the Dwarf-lords in their halls of stone,
Nine for Mortal Men doomed to die,
One for the Dark Lord on his dark throne
In the Land of Mordor where the Shadows lie.
One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
...omphaloskepsis often...
The fact is there are a lot of people who wish to do as much harm as they can. We have always had well-poisoners in our midst but thanks to current and near-future technology, their ability to do great harm to great numbers of people is increasing dramatically. I've said this before but here it is again. Tell me I am wrong:
1) The number of technologies that can cause serious, deadly harm to humans and other living things is going up.
2) The number of substantively different or novel attacks that technology is capable of producing, each requiring its own custom defense, is going up more than arithmetically, possibly geometrically.
3) The number of people required to wield those technologies in order to create one of those attacks is going down, heading distressingly towards one.
4) The number of people which can be simultaneously harmed by such an attack is going up, distressingly, headed towards millions or billions.
5) Failure to thwart a plausible large and successful attack will result in a distressingly large expansion of the powers of the national security state and a distressingly large diminuation of civil liberties, individual freedoms and privacy, heading towards fascism.
So what do you want from the world's governments? To just not take any preemptive measures? If you read what he's suggesting, he's suggesting that no one government be able to decrypt traffic without the others' approval. It's not a bad as in evil idea - we have to give the government the powers it needs and as Enigma has shown, decrypting the enemies communication is crucial- it's just that it won't work for mundane reasons. But it's a start at the kind of crazy, out of the box thinking we need.
He's not shown any reason why the 9 governments (who have to all agree to decrypt transmission X using their collective keys or it can't be decrypted) wouldn't just engage in politicking of the worst sort. We already have the Five Eyes collaborating in secret -for decades- and we already have the 11 FISA judges absolutely positively rubber-stamping just anything that comes their way.
https://en.m.wikipedia.org/wik...
What more proof do we need that when the circle of power gets small enough, there are no good guys? Governments are good at convincing their own kind to cooperate and this would all just devolve into horse trading. You give me my dissidents and I'll give you yours and we'll stay fat n' happy in a world we like to call "Things As They Ought To Be".
It won't work. But I praise his attempt mightily. The basic issue is, we need a police force whose sole purpose is to monitor the police force (NSA CIA ETC.)
and whose authority is final barring a super-majority of both houses of Congress (say). None of those agencies are going to go for that, obviously. A real issue is this- once the oversight circle expands enough, you get traitors and leakers and spies. But is that truly worse than a nation whose agencies ARE corrupt or whose population BELIEVE they are corrupt and act on that belief?
The effect of being in member of a TLA on the human psyche is profound and negative. The human mind wasn't made to perpetually tread water in an horizonless sea of stress hormones. It changes your brain; it changes who you are and how you perceive people and the world. You become someone who fits the job, and that eventually makes you very very different from ordinary citizens, especially with respect to your value system. You might very well decide to "collect it all" even if that makes no logistical or operational sense, and you know it. You might very well come to devalue privacy to a degree that outsiders would find shocking, even demented. You might very well see the Constitution or some of its amendments as the biggest threat to the nation.
Here's my first idea. Part of our problem is, we lack a particular representational language. We need a language, a way of expressing
From the Wired article: "Chaum argues that PrivaTegrityâ(TM)s setup is more secure than Tor, for instance, which passes messages through three volunteer computers which may or may not be trusted."
...unlike this PrivaTegrity thing, which requires you to 100% trust a FIXED set of 9 volunteer computers (which apparently cannot be trusted not to collude against you). At least TOR's security model HAS into account the possibility of malicious nodes (which is the whole reason why messages are onion-encrypted) AND it lets you choose the hops (you're not forced to use the 9 "trusted" nodes).
*facepalm* yeah, this is totally going to work...
When you learn what it means to anonymize data get back to me (Hint: you apply psuedonymity.).
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
So you're saying that standing up to your government and overthrowing it is never possible? The government is always right even when it isn't?
Custom electronics and digital signage for your business: www.evcircuits.com
No, it is calling Alice by the name Bob, without knowing that fact. To hear you tell it, when people on TV have their face blacked out and voice modified, but have a subtitle "Bob", that somehow identifies the person as Alice. In other words, you are an idiot.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Your argument against psuedonymity appears to be anonymity is 100% or nothing at all, which ... again ... is not the case with anonymity. I can be anonymous to some without being anonymous to all. Of course, all of this is moot since when you post enough times from the same IP your identity can be discerned (Even with NAT). Ergo, by your definition, AC isn't anonymous either, especially if you are logged into an account and check the "Post as AC checkbox.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Again, this cuts to the core of your lack of understanding of anonymity. It isn't all or nothing. When I check the Post as AC I have increased anonymity. Slashdot still knows who posted it, but you don't. I am not anonymous to Slashdot and their affiliates, but I am anonymous to you. Until you get the idea that anonymity is all or nothing out of your head you will never understand it.
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
That shows, once again, how little you understand anonymity. How do you know my little sister didn't post using the same account, or maybe I posted the Slashdot user name and password for a number of different people to use?
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Holy shit, you are a fucking isiot. Off you go now ...
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
There's a ton of discussion elsewhere (ie, g+), and the Wired article completely misses that he's assuming we know about a classic (and cool) solved problem in computer science, "byzantine generals with collusion".
I suspect it will be attractive to anyone who could lose their master key of a sysadmin quits, and unattarctive to the security services, who don't want to ask for or honour court orders (:-))
davecb@spamcop.net
Now that the backdoor has been revealed, it certainly won't be considered as a TOR upgrade, and governments and individuals are now fully aware (or should be) of what a backdoor actually means will steer clear of it. We know of at least one government that will strong-arm the other 8 into doing whatever is asked of them. Let's hope Chaum's project dies an early death.
Yeah, your view isn't universal. There are people out there trying to trace dissidents and political opponents electronically because those dissidents know they'll be in jail for a long time or killed if caught. That law enforcement "should" only get involved when dissent becomes violent is a nice thought, but in China the police become involved if you happen to mutter that the local cops are corrupt, or if someone mentions that you practice meditation and believe that materialism isn't the bees knees.
So yeah, ideally this is how internet communication would work. But if that was how it worked, why in hell would we have needed to start encrypting dissent and opposition in the first place?