On 17/04/14 19:11, Zwiebelcode wrote: > hi developers, > > some time ago I wrote about OpenIdent. The core of OpenIdent is now > finished. > > > .- How it can help freenet -. > > OpenIdent can solve the problem, that an attacker can log into the > freenet network with thousands of ip adresses. > > > .- Introduction -. > > In the internet, there are some problems, that have not been fully > solved, yet. Spam can still not be controlled. Fraud only can > be fighted in a limited way. In the internet, democratic decision > processes are only possible with some limitations. All of these > problems have one point in common: The problems could be solved, > if the participants would identify themselves, but that > would reduce their privacy. OpenIdent wants to solve this problem > and provide an identification mechanism without reducing > the privacy. > > > .- OpenIdent -. > > OpenIdent is a Server-Client-Software that allows people > to provide their unique identity without exposing them. So, > users are unique and can be blocked in case of fraud or spamming > for a long time. With that, the problems pointed above could be > solved. > > OpenIdent contists of two parts. The first parts handles the > identification of users. The second part handles the pseudonymization > of users. The pseudonymization is realized with the use of blind > signatures. > > The repository of OpenIdent is: > https://gitorious.org/openident/openident/ > > used libraries: > - Bouncycastle > - sqlite-jdbc-3.7.2 > - myjipc - https://gitorious.org/myjipc/myjipc/ > > The command line language is german at the moment. This will be changed > soon. > > An information file can be found at: > https://gitorious.org/openident/openident/source/doc/info.txt Potentially very interesting. The fact that it's centralised doesn't necessarily mean we can't use it on opennet.
From his page: # .- Ways of identification -. # # For the identification of users there are some different ways. Examples # are: E-Mail address, telephone number, scanned passports, electronic # passports and fingerprints. Because E-Mail addresses can be created # too easily, their use case is very limited for secure identifications. Gmail etc accounts are worth more than email accounts in general; Tor uses them for e.g. bridges. I have no idea how you would verify scanned passports, I would imagine it would involve human labour or at least some nonzero financial cost? Mobile numbers are the basis for gmail accounts, but are probably fairly easy to obtain in bulk; how much does it cost to buy 10,000 SIMs, register their numbers, and then sell them on? I would be surprised if there weren't companies who did this already to supply the spam industry, just as there are companies that provide bulk CAPTCHA solving. It's great to see somebody looking into a generic solution for this anyway! I have no idea whether any of this will have sufficient user acceptability. Like darknet, it contravenes users' expectations and misconceptions about "anonymity". But it's definitely worth trying. Especially if you can get some user acceptability outside of Freenet in e.g. forums. Sorry I don't have time to review the source at the moment... :|
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
