What he did wast the equivalent of going to closed library, smashing smashing in the window, and then throwing books out the window.
We can quantify the damage done when a window is smashed. Books that are removed from a library must be replaced or they will be unavailable to patrons; that can be quantified as well.
Can you quantify the damage Aaron did? I suspect it is somewhere around "13 cents in electricity costs."
Advertisers sound like they were willing to play along if W3C was up for some compromise
DNT is a compromise. If we were unwilling to compromise, we would build ad-blockers into browsers as a default, much like pop-up blocking ten years ago. It was because of people like you who would not stop whining about how important advertiser dollars are to keep the web alive that we even considered something like DNT. It was because advertisers promised that they really do respect our wishes, that ad blockers and legal restrictions on tracking are not needed, that DNT was ever considered by anyone.
The advertisers showed their true colors. They never wanted a compromise, they just wanted a facade that allows them to pretend they respect us while continuing to do what they have done all along.
SPAM is unsolicited email sent on your dollar, consuming your resources.
When my CPU is spinning because of your Javascript-super-fancy-tracks-all-the-things advertisement, you are consuming my resources. When I have to download a megabyte of Javascript/Flash/whatever to see your ads, you are consuming my resources. When I have to spend time trying to navigate around annoying hover ads, you are consuming my resources.
At least when I receive spam, I know the spammer has no idea who I am or whether or not I opened their message. Website advertisers try hard to track everything, even when you are very clearly trying to stop them; that is what DNT has demonstrated.
Ads are implicitly requested when you visit an ad-supported site
No, the page is what is requested. My browser is not obligated to do anything at all with the webpage your server sends it. There is no implicit request; you explicitly asked my browser to request ads from the advertisers you choose to do business with.
People making a big deal about this should perhaps rethink why they are entitled to someone else's work (the website) without respecting their terms (the ads).
You put your work on the open web. You did not put it behind a paywall. You did not force me to view your ads before seeing your page.
Nobody wrote an ad blocker because they were angry about textual ads or banner ads. Ad blockers exists because the advertisers have no respect for anyone's desire to not be tracked, to not have hover ads, pop-ups, pop-unders, Flash, Java, and other adware annoyances. Advertisers have shot themselves in the foot with their own greed, and if your website is not saying, "No, I do not want you to piss off my users with these antics" then your website is part of the problem.
Careful, advertisers like Google have paid Adblock Plus to whitelist their ads
Sure, but ABP has an easy-to-find checkbox to enable/disable whitelisted ads. There are also many other ad blockers out there that can be used if ABP ever stops working effectively (and being easy to configure).
You are acting like tracking and advertising are inseparable. They are not, you can advertise without tracking people and you can make money doing so. I do not want to be tracked, and the only technical solution at this point is to block advertisements -- because even loading a static image from an advertiser will be used as a data point to track me.
If a website wants me to view its ads, it should refuse the business of advertisers that create privacy-invading ads. If websites were standing up for their users they would not be at risk of becoming collateral damage in this fight.
DNT is not more challenging for technical reasons. Today's ad blockers remove almost all advertising. The real challenge is politics: the popular browser makers are all in bed with the advertisers.
"Do Not Track" is pretty clear. It means "do not track," without exceptions, without room for debate.
This fiasco has basically proved what everyone knew from the beginning, which is that advertisers do not give a damn about people who do not want to be tracked. Luckily, we have a technical solution to the problem: ad blockers. Much like spam filters and pop-up blockers, ad blockers are the solution to advertisers who have no respect and who cannot be trusted.
DNT had exactly one use: to determine whether or not advertisers respect the wishes of people who do not want their browsing habits tracked. The verdict is in, and to nobody's surprise advertisers have no respect for anyone. Now we know that we are justified in using ad-blocking plugins and building browsers that block ads by default.
That said, why would I want to use Tor for no other reason than to "protect" people who are using it to cover up their misdeeds?
What if those misdeeds include such crimes as participating in a peaceful antiwar rally or blowing the whistle on criminal activity occurring within the government? Just because someone has something to hide does not mean that they are doing something evil.
But it is not a "secure multiparty computation", so immaterial to your argument, and not in anyway relevant to my first post, or the link you posted.
...so I guess we are in agreement?
Digital cash has a security definition
Yeah, and as you yourself admitted, that security definition is based on the existence of a central authority. It is not possible to apply such a definition to a system without a central authority, which means that security definition is irrelevant to Bitcoin. This is not just a slight variation, it is a fundamental departure from the definition of security for digital cash. If you think I am wrong, write a proof of security for Bitcoin using the definition of digital cash, or a variant that accounts for the lack of a central bank.
Public key cryptography has a security definition
Which is irrelevant to Bitcoin, because Bitcoin is not an encryption system nor is it a signature system. It is also false to claim that there is a security definition for public key cryptography, since the definition for encryption is not the same as the definition of signatures, and there are several definitions for each that cover different notions of security (e.g. chosen plaintext attacks, adaptive chosen ciphertext attacks, etc.).
Hashing algorithms have a security definition
Bitcoin is not a hash function, so this is irrelevant too.
Secure multiparty computation has a security definition
No, it does not, because it is a subfield of cryptography that encompasses several related classes of protocols and security models. There are notions of security that are generally applicable to all those protocols -- semihonest, malicious, adaptive malicious, universal composability, etc. Again, you can read the background material yourself if you do not believe me, which apparently you don't.
Look, I'll just reiterate my challenge from above. If you think I am wrong, prove rigorously that Bitcoin is secure, the same way that cryptographers prove that other systems are secure. Leave no room for argument or doubt, and then you can call yourself a winner.
Bitcoin does not employ 'secure multiparty computation' in any part of its design
Bitcoin is a multiparty computation system. The fact that it does not build on previous work does not change what Bitcoin is, nor how it can be analyzed.
the concept of digital cash in cryptography this is also well defined
Yeah, and guess what? The security definitions of those systems assume a central bank that issues the money. You do not have to believe me; here, you can read the actual work on it:
In this scenario there is no compromise of the cryptography in any way at all.
What exactly do you think it is a compromise of? Bitcoin is not a signature system, nor is it a hash function, nor is it a cipher. Bitcoin is at least a multiparty computation system, which is also cryptography:
Also, "lack of security definition" has no meaning in this context so I'm at a loss for what you are trying to say there.
What is the definition of "security" for Bitcoin? What would it mean to successfully "attack" Bitcoin? In cryptography, we usually define security rigorously, then design systems that meet our definitions.
The fact that a polynomial time algorithm can violate key properties of the system -- enabling double spending, preventing others from spending their money, killing the mining reward -- is fatal, at least from a cryptography standpoint. If it took half the users of Bitcoin to collude, that might be acceptable; but the fact that one user with lots of computing power can do this calls Bitcoin's value as a secure system into question.
Of course, the lack of a security definition for Bitcoin makes this point moot anyway.
The point, I would expect, is that by removing the channel by which it circulates puts a barrier between the demand and the source, and hence reduces the incentive to make it.
That, in fact, was the judicial reasoning on the constitutionality of child pornography laws. At this point, though, I have my doubts that this sort of economic argument is valid; I doubt that the consumers of child pornography are paying for it in any way. After all, we are supposed to believe that the Internet has ruined the MPAA's and RIAA's business, and child pornography is obviously not subject to copyrights.
I suspect that mass refusal to enter the body scanners would result in the use of metal detectors. The TSA is not going to punish more than a tiny minority of people, because they know that they are unpopular. They know that libertarian politicians want to ax their entire agency. They know that respected researchers like Bruce Schneier have nothing but bad things to say about their approach to security. They know that they are less popular than the IRS. Their actions now are about public relations, trying to keep the amount of negative press to a minimum.
I had a similar experience. I opted out, and then they noticed the line getting too long -- so they just let people through metal detectors. I was still waiting for my pat-down until I demanded that I be allowed through and accused them of punishing me for exercising my rights.
My experiences with the TSA's airport security have led me to conclude the following:
They hire the least intelligent people they can find. People who do not ask questions, because they lack the intelligence needed to do so.
They are terrified of any further resentment by the public. They are more concerned about their image than about keeping us safe (but we knew that anyway).
On the one hand, I would prefer if wars were always soldier-versus-soldier. On the other hand, I would rather see a robot on the battlefield making automatic decisions about what to attack than a bomb dropped from an airplane -- at least a robot can be programmed not to kill civilians or needlessly destroy civilian infrastructure (e.g. schools, hospitals).
Where I see a problem is with robots being programmed to recklessly kill -- a genocide could be committed rapidly by robots, which would require no indoctrination and would not refuse to target a particular group. I also see an issue akin to the problem with landmines, where robots might remain hidden, armed, and active long after a war ends. There is also the issue of robots recording or not recording their actions, which might be a concern during a war crimes trial (soldiers can testify that they were ordered to shoot children or deploy nerve gas; robots might not record such details).
Robots should find an empty field somewhere and self-destruct after some period of time without receiving commands. We do not want to wind up with the same situation we have with land mines -- dangerous leftovers from wars that ended decades ago. Imagine an autonomous robot getting lost during a war, only to get uncovered 10 years after the war ends and going on a rampage (say, killing every armed police officer it finds)...
If an infected application can affect other applications, it is an OS issue. Your infected web browser should not be able to read your GPG keys, but right now most GNU/Linux distros do nothing to stop that from happening.
I suppose of Bitcoin anonymity you could say you can keep track of the contractor you paid the BTC to, but you can't tell where his employees buy their groceries.
Unless you bother to examine the public record of all Bitcoin transactions.
This implies that you need another agent to complete a Bitcoin transaction which is not the case.
Except that you need to broadcast the transaction to the Bitcoin network, which must then confirm that the transaction is valid. What I said is that most people rely on another agent to complete their transactions for them -- because most people want fiat currency, not Bitcoin currency, and they usually do not want to wait for confirmations (nor do they want to accept payments without confirmations) or deal with an ever-fluctuating exchange rate.
Most fascinating about Bitcoin is that you can have it in a sense that applied to gold more than say bank notes
Let's put it this way: try to use gold to buy a car, or even to buy something as simple as a single meal.
Bitcoin has never been anonymous. There is a public record of transactions. You have to rely on a separate mixing service, which almost nobody does.
Most important, though, is this: very few people actually want to use Bitcoin. Most view it as a way to make an electronic transfer of government-backed fiat currencies, so they rely on services that do the Bitcoin transfers for them and exchange Bitcoin currency for fiat currency. Those services are going to comply with the law and require things like identification. To put it another way, cash is anonymous too -- but large numbers of people use credit and debit cards, which are not anonymous.
Slashdot Mirror
What he did wast the equivalent of going to closed library, smashing smashing in the window, and then throwing books out the window.
We can quantify the damage done when a window is smashed. Books that are removed from a library must be replaced or they will be unavailable to patrons; that can be quantified as well.
Can you quantify the damage Aaron did? I suspect it is somewhere around "13 cents in electricity costs."
It was not checking out too many books
Right, because Aaron being in possession of them did not stop anyone else from reading them.
He deliberately went into the library, where he didn't have access
He did have access, MIT's network is open and anyone who has access to MIT's network can access JSTOR.
took books which the library had which could only be checked out under strict controls
So strict that they give them out in PDF form to anyone who asks.
Advertisers sound like they were willing to play along if W3C was up for some compromise
DNT is a compromise. If we were unwilling to compromise, we would build ad-blockers into browsers as a default, much like pop-up blocking ten years ago. It was because of people like you who would not stop whining about how important advertiser dollars are to keep the web alive that we even considered something like DNT. It was because advertisers promised that they really do respect our wishes, that ad blockers and legal restrictions on tracking are not needed, that DNT was ever considered by anyone.
The advertisers showed their true colors. They never wanted a compromise, they just wanted a facade that allows them to pretend they respect us while continuing to do what they have done all along.
SPAM is unsolicited email sent on your dollar, consuming your resources.
When my CPU is spinning because of your Javascript-super-fancy-tracks-all-the-things advertisement, you are consuming my resources. When I have to download a megabyte of Javascript/Flash/whatever to see your ads, you are consuming my resources. When I have to spend time trying to navigate around annoying hover ads, you are consuming my resources.
At least when I receive spam, I know the spammer has no idea who I am or whether or not I opened their message. Website advertisers try hard to track everything, even when you are very clearly trying to stop them; that is what DNT has demonstrated.
Ads are implicitly requested when you visit an ad-supported site
No, the page is what is requested. My browser is not obligated to do anything at all with the webpage your server sends it. There is no implicit request; you explicitly asked my browser to request ads from the advertisers you choose to do business with.
People making a big deal about this should perhaps rethink why they are entitled to someone else's work (the website) without respecting their terms (the ads).
You put your work on the open web. You did not put it behind a paywall. You did not force me to view your ads before seeing your page.
Nobody wrote an ad blocker because they were angry about textual ads or banner ads. Ad blockers exists because the advertisers have no respect for anyone's desire to not be tracked, to not have hover ads, pop-ups, pop-unders, Flash, Java, and other adware annoyances. Advertisers have shot themselves in the foot with their own greed, and if your website is not saying, "No, I do not want you to piss off my users with these antics" then your website is part of the problem.
Careful, advertisers like Google have paid Adblock Plus to whitelist their ads
Sure, but ABP has an easy-to-find checkbox to enable/disable whitelisted ads. There are also many other ad blockers out there that can be used if ABP ever stops working effectively (and being easy to configure).
You are acting like tracking and advertising are inseparable. They are not, you can advertise without tracking people and you can make money doing so. I do not want to be tracked, and the only technical solution at this point is to block advertisements -- because even loading a static image from an advertiser will be used as a data point to track me.
If a website wants me to view its ads, it should refuse the business of advertisers that create privacy-invading ads. If websites were standing up for their users they would not be at risk of becoming collateral damage in this fight.
DNT is not more challenging for technical reasons. Today's ad blockers remove almost all advertising. The real challenge is politics: the popular browser makers are all in bed with the advertisers.
Why spend the effort on the courts? Ad blockers take under a minute to install.
"Do Not Track" is pretty clear. It means "do not track," without exceptions, without room for debate.
This fiasco has basically proved what everyone knew from the beginning, which is that advertisers do not give a damn about people who do not want to be tracked. Luckily, we have a technical solution to the problem: ad blockers. Much like spam filters and pop-up blockers, ad blockers are the solution to advertisers who have no respect and who cannot be trusted.
DNT had exactly one use: to determine whether or not advertisers respect the wishes of people who do not want their browsing habits tracked. The verdict is in, and to nobody's surprise advertisers have no respect for anyone. Now we know that we are justified in using ad-blocking plugins and building browsers that block ads by default.
What is more likely? A hundred and forty legislators voting to ban computers, or a bogus lawsuit with a silly premise?
Is this a job interview question?
That said, why would I want to use Tor for no other reason than to "protect" people who are using it to cover up their misdeeds?
What if those misdeeds include such crimes as participating in a peaceful antiwar rally or blowing the whistle on criminal activity occurring within the government? Just because someone has something to hide does not mean that they are doing something evil.
But it is not a "secure multiparty computation", so immaterial to your argument, and not in anyway relevant to my first post, or the link you posted.
Digital cash has a security definition
Yeah, and as you yourself admitted, that security definition is based on the existence of a central authority. It is not possible to apply such a definition to a system without a central authority, which means that security definition is irrelevant to Bitcoin. This is not just a slight variation, it is a fundamental departure from the definition of security for digital cash. If you think I am wrong, write a proof of security for Bitcoin using the definition of digital cash, or a variant that accounts for the lack of a central bank.
Public key cryptography has a security definition
Which is irrelevant to Bitcoin, because Bitcoin is not an encryption system nor is it a signature system. It is also false to claim that there is a security definition for public key cryptography, since the definition for encryption is not the same as the definition of signatures, and there are several definitions for each that cover different notions of security (e.g. chosen plaintext attacks, adaptive chosen ciphertext attacks, etc.).
Hashing algorithms have a security definition
Bitcoin is not a hash function, so this is irrelevant too.
Secure multiparty computation has a security definition
No, it does not, because it is a subfield of cryptography that encompasses several related classes of protocols and security models. There are notions of security that are generally applicable to all those protocols -- semihonest, malicious, adaptive malicious, universal composability, etc. Again, you can read the background material yourself if you do not believe me, which apparently you don't.
Look, I'll just reiterate my challenge from above. If you think I am wrong, prove rigorously that Bitcoin is secure, the same way that cryptographers prove that other systems are secure. Leave no room for argument or doubt, and then you can call yourself a winner.
Bitcoin does not employ 'secure multiparty computation' in any part of its design
Bitcoin is a multiparty computation system. The fact that it does not build on previous work does not change what Bitcoin is, nor how it can be analyzed.
the concept of digital cash in cryptography this is also well defined
Yeah, and guess what? The security definitions of those systems assume a central bank that issues the money. You do not have to believe me; here, you can read the actual work on it:
http://rd.springer.com/chapter/10.1007%2F11889663_20
http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.44.8279
https://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5443458&tag=1
In this scenario there is no compromise of the cryptography in any way at all.
What exactly do you think it is a compromise of? Bitcoin is not a signature system, nor is it a hash function, nor is it a cipher. Bitcoin is at least a multiparty computation system, which is also cryptography:
https://en.wikipedia.org/wiki/Secure_multiparty_computation
Also, "lack of security definition" has no meaning in this context so I'm at a loss for what you are trying to say there.
What is the definition of "security" for Bitcoin? What would it mean to successfully "attack" Bitcoin? In cryptography, we usually define security rigorously, then design systems that meet our definitions.
The fact that a polynomial time algorithm can violate key properties of the system -- enabling double spending, preventing others from spending their money, killing the mining reward -- is fatal, at least from a cryptography standpoint. If it took half the users of Bitcoin to collude, that might be acceptable; but the fact that one user with lots of computing power can do this calls Bitcoin's value as a secure system into question.
Of course, the lack of a security definition for Bitcoin makes this point moot anyway.
The point, I would expect, is that by removing the channel by which it circulates puts a barrier between the demand and the source, and hence reduces the incentive to make it.
That, in fact, was the judicial reasoning on the constitutionality of child pornography laws. At this point, though, I have my doubts that this sort of economic argument is valid; I doubt that the consumers of child pornography are paying for it in any way. After all, we are supposed to believe that the Internet has ruined the MPAA's and RIAA's business, and child pornography is obviously not subject to copyrights.
"Something must be done. This is something. Therefore, it must be done!"
I suspect that mass refusal to enter the body scanners would result in the use of metal detectors. The TSA is not going to punish more than a tiny minority of people, because they know that they are unpopular. They know that libertarian politicians want to ax their entire agency. They know that respected researchers like Bruce Schneier have nothing but bad things to say about their approach to security. They know that they are less popular than the IRS. Their actions now are about public relations, trying to keep the amount of negative press to a minimum.
My experiences with the TSA's airport security have led me to conclude the following:
On the one hand, I would prefer if wars were always soldier-versus-soldier. On the other hand, I would rather see a robot on the battlefield making automatic decisions about what to attack than a bomb dropped from an airplane -- at least a robot can be programmed not to kill civilians or needlessly destroy civilian infrastructure (e.g. schools, hospitals).
Where I see a problem is with robots being programmed to recklessly kill -- a genocide could be committed rapidly by robots, which would require no indoctrination and would not refuse to target a particular group. I also see an issue akin to the problem with landmines, where robots might remain hidden, armed, and active long after a war ends. There is also the issue of robots recording or not recording their actions, which might be a concern during a war crimes trial (soldiers can testify that they were ordered to shoot children or deploy nerve gas; robots might not record such details).
Robots should find an empty field somewhere and self-destruct after some period of time without receiving commands. We do not want to wind up with the same situation we have with land mines -- dangerous leftovers from wars that ended decades ago. Imagine an autonomous robot getting lost during a war, only to get uncovered 10 years after the war ends and going on a rampage (say, killing every armed police officer it finds)...
If an infected application can affect other applications, it is an OS issue. Your infected web browser should not be able to read your GPG keys, but right now most GNU/Linux distros do nothing to stop that from happening.
I suppose of Bitcoin anonymity you could say you can keep track of the contractor you paid the BTC to, but you can't tell where his employees buy their groceries.
Unless you bother to examine the public record of all Bitcoin transactions.
This implies that you need another agent to complete a Bitcoin transaction which is not the case.
Except that you need to broadcast the transaction to the Bitcoin network, which must then confirm that the transaction is valid. What I said is that most people rely on another agent to complete their transactions for them -- because most people want fiat currency, not Bitcoin currency, and they usually do not want to wait for confirmations (nor do they want to accept payments without confirmations) or deal with an ever-fluctuating exchange rate.
Most fascinating about Bitcoin is that you can have it in a sense that applied to gold more than say bank notes
Let's put it this way: try to use gold to buy a car, or even to buy something as simple as a single meal.
Bitcoin has never been anonymous. There is a public record of transactions. You have to rely on a separate mixing service, which almost nobody does.
Most important, though, is this: very few people actually want to use Bitcoin. Most view it as a way to make an electronic transfer of government-backed fiat currencies, so they rely on services that do the Bitcoin transfers for them and exchange Bitcoin currency for fiat currency. Those services are going to comply with the law and require things like identification. To put it another way, cash is anonymous too -- but large numbers of people use credit and debit cards, which are not anonymous.