On 18/04/14 20:27, Zwiebelcode wrote: > Am 18.04.2014 01:04, schrieb Matthew Toseland: > > On 17/04/14 19:11, Zwiebelcode wrote: > >> hi developers, > >> > >> some time ago I wrote about OpenIdent. The core of OpenIdent is > >> now finished. > >> > >> > >> .- How it can help freenet -. > >> > >> OpenIdent can solve the problem, that an attacker can log into > >> the freenet network with thousands of ip adresses. > >> > >> > >> .- Introduction -. > >> > >> In the internet, there are some problems, that have not been > >> fully solved, yet. Spam can still not be controlled. Fraud only > >> can be fighted in a limited way. In the internet, democratic > >> decision processes are only possible with some limitations. All > >> of these problems have one point in common: The problems could be > >> solved, if the participants would identify themselves, but that > >> would reduce their privacy. OpenIdent wants to solve this > >> problem and provide an identification mechanism without reducing > >> the privacy. > >> > >> > >> .- OpenIdent -. > >> > >> OpenIdent is a Server-Client-Software that allows people to > >> provide their unique identity without exposing them. So, users > >> are unique and can be blocked in case of fraud or spamming for a > >> long time. With that, the problems pointed above could be > >> solved. > >> > >> OpenIdent contists of two parts. The first parts handles the > >> identification of users. The second part handles the > >> pseudonymization of users. The pseudonymization is realized with > >> the use of blind signatures. > >> > >> The repository of OpenIdent is: > >> https://gitorious.org/openident/openident/ > >> > >> used libraries: - Bouncycastle - sqlite-jdbc-3.7.2 - myjipc - > >> https://gitorious.org/myjipc/myjipc/ > >> > >> The command line language is german at the moment. This will be > >> changed soon. > >> > >> An information file can be found at: > >> https://gitorious.org/openident/openident/source/doc/info.txt > > Potentially very interesting. The fact that it's centralised > > doesn't necessarily mean we can't use it on opennet. > > > From his page: > > > # .- Ways of identification -. # # For the identification of users > > there are some different ways. Examples # are: E-Mail address, > > telephone number, scanned passports, electronic # passports and > > fingerprints. Because E-Mail addresses can be created # too easily, > > their use case is very limited for secure identifications. > > > Gmail etc accounts are worth more than email accounts in general; > > Tor uses them for e.g. bridges. > > > I have no idea how you would verify scanned passports, I would > > imagine it would involve human labour or at least some nonzero > > financial cost? > > > Mobile numbers are the basis for gmail accounts, but are probably > > fairly easy to obtain in bulk; how much does it cost to buy 10,000 > > SIMs, register their numbers, and then sell them on? I would be > > surprised if there weren't companies who did this already to supply > > the spam industry, just as there are companies that provide bulk > > CAPTCHA solving. > > > It's great to see somebody looking into a generic solution for this > > anyway! > > > I have no idea whether any of this will have sufficient user > > acceptability. Like darknet, it contravenes users' expectations > > and misconceptions about "anonymity". But it's definitely worth > > trying. Especially if you can get some user acceptability outside > > of Freenet in e.g. forums. > > > Sorry I don't have time to review the source at the moment... :| > > Yes, the project requires human labour for verification. I plan to > organize people who verify identities in reallife. So it's limited to some small community? Do they federate? How do they maintain mutual trust? ... Or you have to pay for an identity, bringing us back to square one? > Next step for me is to find helpers for the software, because the > software needs to be connected so other software. And I also need some > tips and feedback. If it is ok, i would like to use this mailinglist > to ask some question about coding stuff that I am still unsure. I don't see why that would be a problem in the short run. In the long run I should join your mailing list... I won't be following this list much during term time though (i.e. tomorrow until mid June).
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
