That is why Bitcoin includes transaction fees. As the block rewards get lower, transaction fees will become a larger part of the incentive for miners to keep mining. Eventually there will be no new bitcoins, at which point 100% of the money from mining will come from transaction fees.
Every Bitcoin transaction has an optional "transaction fee" that you can include as an incentive to miners to include your transaction in the block chain. The idea is that eventually miners will make their money not from the block rewards but from transaction fees.
You could look at the same chart and say why do we keep making excuses for men that commit murders? They are 10x more likely to be perpetrators compared to women. That seems to be a much bigger differential than race. But hey, nobody says anything about that. Just mention it and you are some kind of reverse sexist. The real picture is more complicated than simple statistics can portray.
Do you think they will get hundreds of millions of dollars in ad revenue from mining your instant messages, compared with what they already get mining your profile, news feed, likes, etc.? Unlikely. I think they probably would get very little money from your messages and so they decided to add this encryption as a feature to entice people to use their platform.
Sure but that is not mutually exclusive with providing an end-to-end encrypted messaging service. Do you really think they are mining your instant messages for data anyway? They get what they want from your profile/news feed. It was an easy place they could provide security to entice people to use their platform, without losing them anything.
In the 80's, the Philadelphia police dropped two bombs from a helicopter onto the headquarters of a black liberation group. It destroyed 65 houses and killed 10 people, including 5 children. The police shot at people trying to escape the resulting fire. So no, this is not a new thing. The police have always been in the business of reckless killing.
We care about all of them. The difference is that when a police officer kills an unarmed white person, the department has the decency to fire them and sometimes they go to jail. If it's a black person, they get a paid vacation and a bunch of racists raise half a million dollars for their legal defense on gofundme.
If they did lie, someone would figure it out eventually and it would be devastating in terms of PR. It's not worth it for them. Just like researchers have torn apart iMessage and know exactly how it works, the same will happen to this.
You can be sure that researchers will poke, prod and decompile the Facebook app searching for implementation mistakes. You don't have to trust Facebook.
You don't have to trust anything, it is cryptographically verifiable. But whatever, just keep posting your memes. Very constructive to the conversation.
You don't have to trust them. They publish the protocol, people will audit it. There is a specific mechanism for verifying session keys to be sure that no MitM attacks are happening.
This is actually not strictly true. Their protocol will likely be based on WhatsApp (since they developed that as well), and it currently uses rotating keys for each conversation and key exchange that provides perfect forward secrecy. If you delete the conversation from your phone it cannot be recovered even if someone recorded it over the wire and later obtains your master private key.
That's true, but you do need some "anchor" device for this to work or else there is nothing to bind together the many browser you may have across many devices. Without of course just giving Facebook the key like you said. In practice, most people have the phone's on and connected to cellular internet most of the time. I have used WhatsApp a lot and it really isn't an issue.
The difference is that your average Facebook user doesn't have a TLS certificate signed by a trusted CA. Without PKI infrastructure, which frankly would not work in this scenario, manual verification is the best you can do. The point of this type of system is that you don't need every user to do the check, you only need a few people to do it to keep them honest. If anyone catches a MitM attack, even once, it will be a huge PR nightmare for Facebook.
It is pretty easy to make a protocol that is tamper evident, and it has already been done with other messaging platforms. https://www.whatsapp.com/faq/e...
The same way WhatsApp currently does it, your phone has the key and the web app creates an encrypted communication channel between your phone and browser. The phone is actually sending and receiving the messages, then forwarding them to your browser.
What are you talking about, none of what you wrote makes any sense. He was responding to the comment saying that Alton should have declared the existence of his gun at the start by linking to the other incident where the guy did exactly that and was shot anyway. Nothing you say refutes that.
That is actually slightly less scary than a fast factorization algorithm. If you could factor, then you could calculate the root CAs private keys from their certificates, but also you could retroactively decrypt any communication that was intercepted in the past and decrypt it. If the CA private keys were released alone, it would not allow you to retroactively decrypt anything because Diffie-Hellman key exchange provides perfect forward secrecy that ensures retroactive decryption is not possible even if you later learn the private key.
Why shouldn't Google care equally about this threat
Because they have no power to defend against that threat, no matter how much money they throw at it. Post-quantum cryptography just takes a handful of engineers to work on. It is basically free for a company the size of Google, and the benefits are potentially large.
Merely selecting algorithms OTHERS created is hardly what I would consider to be research.
Read the linked paper. That is not what they do. They optimize and improve security bounds on an existing scheme, making it more practical for real-world applications. Many of the most recent encryption schemes developed by academia are wildly impractical in terms of the exotic mathematical operations they require and the huge parameter sizes you need to meet currently understood security requirements.
I don't know how it works but sometimes it shows that a bill was passed by both the house and senate but not presented to the president for another few days or a week. So some of them have 2-3 weeks between passing and being signed. But anyway my point was that none of them (that I could see) were passed and signed within 5 days.
Slashdot Mirror
That is why Bitcoin includes transaction fees. As the block rewards get lower, transaction fees will become a larger part of the incentive for miners to keep mining. Eventually there will be no new bitcoins, at which point 100% of the money from mining will come from transaction fees.
Every Bitcoin transaction has an optional "transaction fee" that you can include as an incentive to miners to include your transaction in the block chain. The idea is that eventually miners will make their money not from the block rewards but from transaction fees.
You could look at the same chart and say why do we keep making excuses for men that commit murders? They are 10x more likely to be perpetrators compared to women. That seems to be a much bigger differential than race. But hey, nobody says anything about that. Just mention it and you are some kind of reverse sexist. The real picture is more complicated than simple statistics can portray.
Do you think they will get hundreds of millions of dollars in ad revenue from mining your instant messages, compared with what they already get mining your profile, news feed, likes, etc.? Unlikely. I think they probably would get very little money from your messages and so they decided to add this encryption as a feature to entice people to use their platform.
Sure but that is not mutually exclusive with providing an end-to-end encrypted messaging service. Do you really think they are mining your instant messages for data anyway? They get what they want from your profile/news feed. It was an easy place they could provide security to entice people to use their platform, without losing them anything.
In the 80's, the Philadelphia police dropped two bombs from a helicopter onto the headquarters of a black liberation group. It destroyed 65 houses and killed 10 people, including 5 children. The police shot at people trying to escape the resulting fire. So no, this is not a new thing. The police have always been in the business of reckless killing.
https://en.wikipedia.org/wiki/...
We care about all of them. The difference is that when a police officer kills an unarmed white person, the department has the decency to fire them and sometimes they go to jail. If it's a black person, they get a paid vacation and a bunch of racists raise half a million dollars for their legal defense on gofundme.
That doesn't contradict anything he said. The "offending rate" is based off convictions. There is no such thing as ground truth in this case.
If they did lie, someone would figure it out eventually and it would be devastating in terms of PR. It's not worth it for them. Just like researchers have torn apart iMessage and know exactly how it works, the same will happen to this.
You can be sure that researchers will poke, prod and decompile the Facebook app searching for implementation mistakes. You don't have to trust Facebook.
You don't have to trust anything, it is cryptographically verifiable. But whatever, just keep posting your memes. Very constructive to the conversation.
You don't have to trust them. They publish the protocol, people will audit it. There is a specific mechanism for verifying session keys to be sure that no MitM attacks are happening.
This is actually not strictly true. Their protocol will likely be based on WhatsApp (since they developed that as well), and it currently uses rotating keys for each conversation and key exchange that provides perfect forward secrecy. If you delete the conversation from your phone it cannot be recovered even if someone recorded it over the wire and later obtains your master private key.
That's true, but you do need some "anchor" device for this to work or else there is nothing to bind together the many browser you may have across many devices. Without of course just giving Facebook the key like you said. In practice, most people have the phone's on and connected to cellular internet most of the time. I have used WhatsApp a lot and it really isn't an issue.
It's called key exchange. https://en.wikipedia.org/wiki/...
No they haven't, read the description of their implementation.
End-to-end means user-to-user. Even Facebook will not be able to read the messages.
The difference is that your average Facebook user doesn't have a TLS certificate signed by a trusted CA. Without PKI infrastructure, which frankly would not work in this scenario, manual verification is the best you can do. The point of this type of system is that you don't need every user to do the check, you only need a few people to do it to keep them honest. If anyone catches a MitM attack, even once, it will be a huge PR nightmare for Facebook.
It is pretty easy to make a protocol that is tamper evident, and it has already been done with other messaging platforms. https://www.whatsapp.com/faq/e...
The same way WhatsApp currently does it, your phone has the key and the web app creates an encrypted communication channel between your phone and browser. The phone is actually sending and receiving the messages, then forwarding them to your browser.
End-to-end specifically means that Facebook can't read it, if it is implemented as they say. The ends in question are both users.
What are you talking about, none of what you wrote makes any sense. He was responding to the comment saying that Alton should have declared the existence of his gun at the start by linking to the other incident where the guy did exactly that and was shot anyway. Nothing you say refutes that.
That is actually slightly less scary than a fast factorization algorithm. If you could factor, then you could calculate the root CAs private keys from their certificates, but also you could retroactively decrypt any communication that was intercepted in the past and decrypt it. If the CA private keys were released alone, it would not allow you to retroactively decrypt anything because Diffie-Hellman key exchange provides perfect forward secrecy that ensures retroactive decryption is not possible even if you later learn the private key.
Why shouldn't Google care equally about this threat
Because they have no power to defend against that threat, no matter how much money they throw at it. Post-quantum cryptography just takes a handful of engineers to work on. It is basically free for a company the size of Google, and the benefits are potentially large.
Merely selecting algorithms OTHERS created is hardly what I would consider to be research.
Read the linked paper. That is not what they do. They optimize and improve security bounds on an existing scheme, making it more practical for real-world applications. Many of the most recent encryption schemes developed by academia are wildly impractical in terms of the exotic mathematical operations they require and the huge parameter sizes you need to meet currently understood security requirements.
I don't know how it works but sometimes it shows that a bill was passed by both the house and senate but not presented to the president for another few days or a week. So some of them have 2-3 weeks between passing and being signed. But anyway my point was that none of them (that I could see) were passed and signed within 5 days.