We have better authentication methods, we are just not bothering to deploy them. How many times do passwords have to fail before we acknowledge that they do not provide the sort of security that we need?
According to whom? I do not need to look any further than my own field to know this is untrue: the Diffie Hellman patents were patents on the idea of public key cryptography, and cryptography patents in general are patents on math, not implementations of that math.
Except that a compromise of both remailers would kill the system, and the FBI has demonstrated that compromising two remailers is not all that difficult. Ideally, there would be hundreds of remailers and many nym servers, so that a single remailer being compromised would be no big deal; unfortunately, there are not enough people in the world willing to run a remailer.
Unless you want to make offline payments, in which case it is useless and will take a back seat to government issued currencies.
decentralized exchange
Which David Chaum published work on over a decade before the Bitcoin hype got off the ground. Chaum's system, of course, was based on the idea that currency is a tool of governments and banks, and not just something that materializes on its own, so it received less hype (hint: there was no get-rich-quick scheme with Chaum's systems).
totally anonymous
Except that there are anonymity-breaking attacks on Bitcoin.
no central body to print it out of existence
Thus no central body to give it value. Money without a strong source of demand is worthless; Bitcoin has a moderate source of demand arising from hype and promises of secure electronic payments, but government-issued currency has a much stronger source of demand: taxes and the legal structure that surrounds the money. When a court instructs on person to pay damages to another person using government issued money, that creates demand for that money. If courts were handing out judgements in Bitcoin, if governments were accepting Bitcoin tax payments, Bitcoin might have a chance in the real world, if it could overcome the offline payments problem (but there is every reason to think it cannot, since the amount of data that needs to be stored and transmitted will grow in the depth of the transaction chain, and there is no central authority to exchange used-up currency for fresh currency).
Would I want to store all of my wealth in bitcoin? No.
Thus creating another obstacle for Bitcoin: people are willing to store all their wealth in other currencies.
Do I like the idea of being able to convert my money into an exchange medium that is untraceable? Of course.
We already have one: paper money. What you really want is one that is electronic, so that you can spend your money securely on the Internet and not have to worry about being tracked or having your bank account raided (the latter being far more important in terms of economic security). That problem was solved a long time ago, with robust systems that go beyond what Bitcoin is capable of:
Factorization is most likely not NP complete. Rather, it is in the intersection of NP and coNP, and it is widely believed that no NP complete problems are in coNP, for reasons similar to the reasons it is believed that no NP complete problems are in P. It is also unlikely that there is a "complete" class for the intersection of NP and coNP, which casts some doubt on the hardness of integer factorization.
Of course, if P=NP, integer factorization is definitely a theoretically feasible problem; this does not mean that it can be easily solved in practice, though. Maybe the best algorithm for integer factorization runs in O(n^100) time -- polynomial but still beyond the reach of any reasonable computer. P=NP would not imply that cryptography is impossible; rather, it would require some new definitions of security and entirely different approaches to cryptography.
To the best of my knowledge (IANAL), if you were to buy goods and services with Bitcoin, you would be obligated to assess the value of goods and services in terms of dollars and pay the appropriate taxes. This is not any different from barter, which is practiced here in America and which can be taxed (in dollars, of course).
Money (most currencies anyways) has a value because people want it to have a value
Government back currencies have value because the government creates demand for those currencies through taxes. The US dollar has value because millions of Americans have to pay their taxes, and they cannot use Bitcoins, gold bars, or Tulips to do so -- they have to use US dollars to do so. Governments also create demand by charging for various services, assigning damages in court, etc. -- people are compelled to pay in government issued currency.
Bitcoin, on the other hand, has nobody creating demand for it, just a lot of hype and promises of secure and anonymous payments.
So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.
It also gives other remailer operators a chance to reissue their keys and destroy the old keys -- which is basically what needs to happen when you have an agency going around demanding disc images like this. I am not aware of this happening, though.
include could the FBI briing a rogue remailer online using the image?
How would the image help them? The FBI can set up a honeypot remailer any time they want, with or without the secret keys of another remailer.
why wasnt full disk encryption used in this case to store the private keys?
Elsewhere in the thread the operator stated that had WDE been in use, he would still have given the police his key. Why would a remailer operator allow himself to be arrested just to protect strangers?
in my opinion everything from the case fans to the bolts in the mounting rails on this server are now tainted. Sell it on ebay and build a new one.
That is why the system cannot just be rebuilt overnight; parts must be procured, software must be obtained from a trusted source, etc.
Which is why people typically send messages through remailer chains, to make that sort of attack harder. Yes, they could just compromise the whole system, which is why the low number of remailers in operation is so troubling.
Making forensic copies of remailer disks, seizing remailers, etc. are not going to help them catch the guy who is sending these messages. Look at TFA -- the remailer operator simply reissued the keys. Taking a remailer offline is even more useless -- the FBI misses the opportunity to log messages travelling through the remailer, and to work their way backward through the remailer chain.
If the FBI were serious about catching this guy, they would not be making such a public spectacle -- the sender is going to stop using the remailer system, or else the sender is already relying on more than just remailers (e.g. Remailing through Tor from an open Wifi access point). The point of these high-profile raids is to attack the remailer system head-on; law enforcement agencies generally want to shut down anonymity systems, and these bomb threats present the perfect opportunity to attack the system with legal justification.
If I send them an email, asking them to resend it somewhere else, and they don't log who sends them email, isn't that enough to provide anonymity?
What if your connection is being watched?
In practice, people will chain two or more remailers, so that no single remailer knows both the sender and the recipient of a message. Encrypting the messages with each remailer's key is fundamental to this, so that the commands send to one remailer cannot be recorded by another.
Read the post; they did have access to the live system. The operator does not think it is likely that a backdoor was installed, but as a security precaution has indicated that the system will eventually be rebuilt (probably with new keys issued).
part of that community is made up of idealists and professional bitchers who think everything should be open source and free
This may come as a shock, but GNU is maintained by the Free Software Foundation, so in some sense the entire point of GNU/Linux is to be free/libre.
Really though, there are more than just philosophical reasons for proprietary software in GNU/Linux being a bad thing. If I compile my program in Ubuntu, will you be able to run it in Gentoo? There are an enormous number of incompatible distributions out there, and I doubt that Steam will be available on all of them. In practical terms, proprietary software for GNU/Linux is difficult to push for this very reason, so there are two outcomes:
Whatever distros popular proprietary software is available for become the distros that people use, thus allowing proprietary software vendors to exert control over the community. This already happens with some packages; we really do not need more.
Steam becomes irrelevant on GNU/Linux because it does not work everywhere, and then the short-lived experiment dies. This has also happened with other software in the past.
Isn't one of the primary functions of a journal to facilitate the peer review process?
Which is done by volunteers. We do not need publishing companies to recruit volunteers for us, and then to profit from the work of those volunteers. The institutions those volunteers work for can just as easily cooperate to publish a journal and give incentives to the researchers who currently volunteer their time for the peer review process.
No, it is not, but the question is why the telecoms would oppose this bill; I believe the answer is that they have a cozy relationship with law enforcement right now, and they do not want to upset that.
Someone did not read everything I wrote. That's OK, I can just reiterate the point: telecoms would be vulnerable to lawsuits if they continued to provide law enforcement agencies with the sort of warrantless, no-court-order assistance that they have been providing so far.
Right now, and for a long time now, law enforcement agencies have had special privileges among telecoms, more than the law itself requires. In exchange, telecom companies get to have a nice, easy-going relationship with the government, and everyone except the citizens of this country wins.
Requiring telecoms to only provide assistance when presented with a court order puts that friendly relationship at risk. It also leaves telecoms vulnerable to lawsuits, should they continue to play by the old rules of the game.
I don't agree with the War on Some Drugs, but it does bear reminding that most of those incarcerated chose to do what they did knowing it was illegal.
Your point being what? That people are free, as long as they do not knowingly break the law? What happens when the law is so complex that nobody can live their life without breaking laws?
You go on and on talking about how free we are, because reforms have been made in some areas. Yet there are more ways to be a criminal now than at any other point in history, and that list keeps expanding.
The cops could ALWAYS run you in for giggles
Not for giggles; for breaking the law. Try this as an exercise: record everything you do in a typical day, then check all the applicable local, state, and federal laws. Are you sure that you are not breaking the law in your daily life?
Public discourse is MUCH FREER now.
Unless you advocate the wrong things. If you say that people should join a foreign Jihad, for example, you can be found guilty of being a terrorist. The government recently introduced as evidence the fact that an excused terrorist watched videos produced by Al Qaeda for the purpose of reinforcing his political views. Vocal critics of the war on terror have found themselves harassed at airports, and even targeted by raids on their homes.
It is not just terrorism; people who advocate any use whatsoever of illegal drugs are targeted. Alexander Shulgin was harassed and lost his research license (basically killing his ability to do his work) because of the books he published. Doctors who advocate medical use of illegal drugs have had their offices raided.
You're right though, the things you used to be harassed for talking about have changed. You can advocate for workers rights without being harassed. That does not mean we are any more free, just that how our freedom is being attacked has shifted a bit.
Religious prejudice...
...is alive and well; you hear anti-Islam statements all the time, and Muslims are routinely equated with terrorists.
(Having the world's biggest prison population is) Not entirely a bad thing.
Right, having millions of prisoners is not entirely bad. Neither is the fact that the police have become a paramilitary force, nor the fact that thousands of innocent people have been killed by that force. Your explanation for why this is good? Basically, fascism:
Oh, you mean Bush? You do realize that the champion of gutting FISA and effectively clearing the way for legalizing the Bush administration's actions was Senator Barack Obama, right?
At the end of the day, you can choose between Republicans who are honest about wanting to dismantle civil rights and liberties, or Democrats who dishonestly claim they want to protect your rights but then turn around and attack those very rights, or you can vote third party. You are not going to get a substantially different outcome with Democrats or Republicans, they both represent the same people and philosophy.
We're doing it for the right reasons, and they are doing it for the wrong reasons. See, when we do it, it is to catch people who do not support our government or who might try to start a revolution, or to track and arrest people who do things the government declares to be immoral. When they do it, it is to stay in power and promote state sponsored religion.
Slashdot Mirror
Except that mathematics was never supposed to be patentable, regardless of how hard someone worked on it.
Did I say it was easy? Yes, it will take work, but we are not even trying right now. Does your bank offer anything better than passwords?
We have better authentication methods, we are just not bothering to deploy them. How many times do passwords have to fail before we acknowledge that they do not provide the sort of security that we need?
you can patent implementation, not the idea
According to whom? I do not need to look any further than my own field to know this is untrue: the Diffie Hellman patents were patents on the idea of public key cryptography, and cryptography patents in general are patents on math, not implementations of that math.
Except that a compromise of both remailers would kill the system, and the FBI has demonstrated that compromising two remailers is not all that difficult. Ideally, there would be hundreds of remailers and many nym servers, so that a single remailer being compromised would be no big deal; unfortunately, there are not enough people in the world willing to run a remailer.
Bitcoin is an incredible idea
Unless you want to make offline payments, in which case it is useless and will take a back seat to government issued currencies.
decentralized exchange
Which David Chaum published work on over a decade before the Bitcoin hype got off the ground. Chaum's system, of course, was based on the idea that currency is a tool of governments and banks, and not just something that materializes on its own, so it received less hype (hint: there was no get-rich-quick scheme with Chaum's systems).
totally anonymous
Except that there are anonymity-breaking attacks on Bitcoin.
no central body to print it out of existence
Thus no central body to give it value. Money without a strong source of demand is worthless; Bitcoin has a moderate source of demand arising from hype and promises of secure electronic payments, but government-issued currency has a much stronger source of demand: taxes and the legal structure that surrounds the money. When a court instructs on person to pay damages to another person using government issued money, that creates demand for that money. If courts were handing out judgements in Bitcoin, if governments were accepting Bitcoin tax payments, Bitcoin might have a chance in the real world, if it could overcome the offline payments problem (but there is every reason to think it cannot, since the amount of data that needs to be stored and transmitted will grow in the depth of the transaction chain, and there is no central authority to exchange used-up currency for fresh currency).
Would I want to store all of my wealth in bitcoin? No.
Thus creating another obstacle for Bitcoin: people are willing to store all their wealth in other currencies.
Do I like the idea of being able to convert my money into an exchange medium that is untraceable? Of course.
We already have one: paper money. What you really want is one that is electronic, so that you can spend your money securely on the Internet and not have to worry about being tracked or having your bank account raided (the latter being far more important in terms of economic security). That problem was solved a long time ago, with robust systems that go beyond what Bitcoin is capable of:
http://www.springerlink.com/content/ft361212m4256246/
http://blog.koehntopp.de/uploads/chaum_fiat_naor_ecash.pdf
To me bitcoin is the currency equivalent of TOR and shouldn't be hated on.
No, digital cash is the equivalent of Tor; Bitcoin is one attempt at digital cash, which has more shortcomings than benefits.
Factorization is most likely not NP complete. Rather, it is in the intersection of NP and coNP, and it is widely believed that no NP complete problems are in coNP, for reasons similar to the reasons it is believed that no NP complete problems are in P. It is also unlikely that there is a "complete" class for the intersection of NP and coNP, which casts some doubt on the hardness of integer factorization.
Of course, if P=NP, integer factorization is definitely a theoretically feasible problem; this does not mean that it can be easily solved in practice, though. Maybe the best algorithm for integer factorization runs in O(n^100) time -- polynomial but still beyond the reach of any reasonable computer. P=NP would not imply that cryptography is impossible; rather, it would require some new definitions of security and entirely different approaches to cryptography.
To the best of my knowledge (IANAL), if you were to buy goods and services with Bitcoin, you would be obligated to assess the value of goods and services in terms of dollars and pay the appropriate taxes. This is not any different from barter, which is practiced here in America and which can be taxed (in dollars, of course).
You don't understand the nature of fiat currency
Money (most currencies anyways) has a value because people want it to have a value
Government back currencies have value because the government creates demand for those currencies through taxes. The US dollar has value because millions of Americans have to pay their taxes, and they cannot use Bitcoins, gold bars, or Tulips to do so -- they have to use US dollars to do so. Governments also create demand by charging for various services, assigning damages in court, etc. -- people are compelled to pay in government issued currency.
Bitcoin, on the other hand, has nobody creating demand for it, just a lot of hype and promises of secure and anonymous payments.
So yes, busting down a door and taking the remailer keys gives them 100% access to 100% of the traffic that has been sent by that remailer at ANY point in the past where it crossed through a US ISP.
It also gives other remailer operators a chance to reissue their keys and destroy the old keys -- which is basically what needs to happen when you have an agency going around demanding disc images like this. I am not aware of this happening, though.
include could the FBI briing a rogue remailer online using the image?
How would the image help them? The FBI can set up a honeypot remailer any time they want, with or without the secret keys of another remailer.
why wasnt full disk encryption used in this case to store the private keys?
Elsewhere in the thread the operator stated that had WDE been in use, he would still have given the police his key. Why would a remailer operator allow himself to be arrested just to protect strangers?
in my opinion everything from the case fans to the bolts in the mounting rails on this server are now tainted. Sell it on ebay and build a new one.
That is why the system cannot just be rebuilt overnight; parts must be procured, software must be obtained from a trusted source, etc.
Which is why people typically send messages through remailer chains, to make that sort of attack harder. Yes, they could just compromise the whole system, which is why the low number of remailers in operation is so troubling.
Making forensic copies of remailer disks, seizing remailers, etc. are not going to help them catch the guy who is sending these messages. Look at TFA -- the remailer operator simply reissued the keys. Taking a remailer offline is even more useless -- the FBI misses the opportunity to log messages travelling through the remailer, and to work their way backward through the remailer chain.
If the FBI were serious about catching this guy, they would not be making such a public spectacle -- the sender is going to stop using the remailer system, or else the sender is already relying on more than just remailers (e.g. Remailing through Tor from an open Wifi access point). The point of these high-profile raids is to attack the remailer system head-on; law enforcement agencies generally want to shut down anonymity systems, and these bomb threats present the perfect opportunity to attack the system with legal justification.
If I send them an email, asking them to resend it somewhere else, and they don't log who sends them email, isn't that enough to provide anonymity?
What if your connection is being watched?
In practice, people will chain two or more remailers, so that no single remailer knows both the sender and the recipient of a message. Encrypting the messages with each remailer's key is fundamental to this, so that the commands send to one remailer cannot be recorded by another.
Read the post; they did have access to the live system. The operator does not think it is likely that a backdoor was installed, but as a security precaution has indicated that the system will eventually be rebuilt (probably with new keys issued).
part of that community is made up of idealists and professional bitchers who think everything should be open source and free
This may come as a shock, but GNU is maintained by the Free Software Foundation, so in some sense the entire point of GNU/Linux is to be free/libre.
Really though, there are more than just philosophical reasons for proprietary software in GNU/Linux being a bad thing. If I compile my program in Ubuntu, will you be able to run it in Gentoo? There are an enormous number of incompatible distributions out there, and I doubt that Steam will be available on all of them. In practical terms, proprietary software for GNU/Linux is difficult to push for this very reason, so there are two outcomes:
Isn't one of the primary functions of a journal to facilitate the peer review process?
Which is done by volunteers. We do not need publishing companies to recruit volunteers for us, and then to profit from the work of those volunteers. The institutions those volunteers work for can just as easily cooperate to publish a journal and give incentives to the researchers who currently volunteer their time for the peer review process.
Now can we switch back to a sane version numbering system, so that extensions do not mysteriously stop working after a silent update?
No, it is not, but the question is why the telecoms would oppose this bill; I believe the answer is that they have a cozy relationship with law enforcement right now, and they do not want to upset that.
Someone did not read everything I wrote. That's OK, I can just reiterate the point: telecoms would be vulnerable to lawsuits if they continued to provide law enforcement agencies with the sort of warrantless, no-court-order assistance that they have been providing so far.
Right now, and for a long time now, law enforcement agencies have had special privileges among telecoms, more than the law itself requires. In exchange, telecom companies get to have a nice, easy-going relationship with the government, and everyone except the citizens of this country wins.
Requiring telecoms to only provide assistance when presented with a court order puts that friendly relationship at risk. It also leaves telecoms vulnerable to lawsuits, should they continue to play by the old rules of the game.
I don't agree with the War on Some Drugs, but it does bear reminding that most of those incarcerated chose to do what they did knowing it was illegal.
Your point being what? That people are free, as long as they do not knowingly break the law? What happens when the law is so complex that nobody can live their life without breaking laws?
You go on and on talking about how free we are, because reforms have been made in some areas. Yet there are more ways to be a criminal now than at any other point in history, and that list keeps expanding.
The cops could ALWAYS run you in for giggles
Not for giggles; for breaking the law. Try this as an exercise: record everything you do in a typical day, then check all the applicable local, state, and federal laws. Are you sure that you are not breaking the law in your daily life?
Public discourse is MUCH FREER now.
Unless you advocate the wrong things. If you say that people should join a foreign Jihad, for example, you can be found guilty of being a terrorist. The government recently introduced as evidence the fact that an excused terrorist watched videos produced by Al Qaeda for the purpose of reinforcing his political views. Vocal critics of the war on terror have found themselves harassed at airports, and even targeted by raids on their homes.
It is not just terrorism; people who advocate any use whatsoever of illegal drugs are targeted. Alexander Shulgin was harassed and lost his research license (basically killing his ability to do his work) because of the books he published. Doctors who advocate medical use of illegal drugs have had their offices raided.
You're right though, the things you used to be harassed for talking about have changed. You can advocate for workers rights without being harassed. That does not mean we are any more free, just that how our freedom is being attacked has shifted a bit.
Religious prejudice...
(Having the world's biggest prison population is) Not entirely a bad thing.
Right, having millions of prisoners is not entirely bad. Neither is the fact that the police have become a paramilitary force, nor the fact that thousands of innocent people have been killed by that force. Your explanation for why this is good? Basically, fascism:
there must be IMPOSED discipline to keep order
Oh, you mean Bush? You do realize that the champion of gutting FISA and effectively clearing the way for legalizing the Bush administration's actions was Senator Barack Obama, right?
At the end of the day, you can choose between Republicans who are honest about wanting to dismantle civil rights and liberties, or Democrats who dishonestly claim they want to protect your rights but then turn around and attack those very rights, or you can vote third party. You are not going to get a substantially different outcome with Democrats or Republicans, they both represent the same people and philosophy.
I still don't think it rises to the level of shelling cities which house resistance.
Too many rich Americans in cities. Now, a small farming commune is another story...
https://en.wikipedia.org/wiki/Waco_siege
I guess that is totally different from the situation in Syria though. After all, the Branch Davidians were religious extremists.
We're doing it for the right reasons, and they are doing it for the wrong reasons. See, when we do it, it is to catch people who do not support our government or who might try to start a revolution, or to track and arrest people who do things the government declares to be immoral. When they do it, it is to stay in power and promote state sponsored religion.
The difference is as clear as day.