-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am 18.04.2014 23:22, schrieb Matthew Toseland: > On 18/04/14 20:27, Zwiebelcode wrote: >> Am 18.04.2014 01:04, schrieb Matthew Toseland: >>> On 17/04/14 19:11, Zwiebelcode wrote: >>>> hi developers, >>>> >>>> some time ago I wrote about OpenIdent. The core of OpenIdent >>>> is now finished. >>>> >>>> >>>> .- How it can help freenet -. >>>> >>>> OpenIdent can solve the problem, that an attacker can log >>>> into the freenet network with thousands of ip adresses. >>>> >>>> >>>> .- Introduction -. >>>> >>>> In the internet, there are some problems, that have not been >>>> fully solved, yet. Spam can still not be controlled. Fraud >>>> only can be fighted in a limited way. In the internet, >>>> democratic decision processes are only possible with some >>>> limitations. All of these problems have one point in common: >>>> The problems could be solved, if the participants would >>>> identify themselves, but that would reduce their privacy. >>>> OpenIdent wants to solve this problem and provide an >>>> identification mechanism without reducing the privacy. >>>> >>>> >>>> .- OpenIdent -. >>>> >>>> OpenIdent is a Server-Client-Software that allows people to >>>> provide their unique identity without exposing them. So, >>>> users are unique and can be blocked in case of fraud or >>>> spamming for a long time. With that, the problems pointed >>>> above could be solved. >>>> >>>> OpenIdent contists of two parts. The first parts handles the >>>> identification of users. The second part handles the >>>> pseudonymization of users. The pseudonymization is realized >>>> with the use of blind signatures. >>>> >>>> The repository of OpenIdent is: >>>> https://gitorious.org/openident/openident/ >>>> >>>> used libraries: - Bouncycastle - sqlite-jdbc-3.7.2 - myjipc >>>> - https://gitorious.org/myjipc/myjipc/ >>>> >>>> The command line language is german at the moment. This will >>>> be changed soon. >>>> >>>> An information file can be found at: >>>> https://gitorious.org/openident/openident/source/doc/info.txt >>> >>>> Potentially very interesting. The fact that it's centralised >>> doesn't necessarily mean we can't use it on opennet. >> >>> From his page: >> >>> # .- Ways of identification -. # # For the identification of >>> users there are some different ways. Examples # are: E-Mail >>> address, telephone number, scanned passports, electronic # >>> passports and fingerprints. Because E-Mail addresses can be >>> created # too easily, their use case is very limited for secure >>> identifications. >> >>> Gmail etc accounts are worth more than email accounts in >>> general; Tor uses them for e.g. bridges. >> >>> I have no idea how you would verify scanned passports, I would >>> imagine it would involve human labour or at least some nonzero >>> financial cost? >> >>> Mobile numbers are the basis for gmail accounts, but are >>> probably fairly easy to obtain in bulk; how much does it cost >>> to buy 10,000 SIMs, register their numbers, and then sell them >>> on? I would be surprised if there weren't companies who did >>> this already to supply the spam industry, just as there are >>> companies that provide bulk CAPTCHA solving. >> >>> It's great to see somebody looking into a generic solution for >>> this anyway! >> >>> I have no idea whether any of this will have sufficient user >>> acceptability. Like darknet, it contravenes users' >>> expectations and misconceptions about "anonymity". But it's >>> definitely worth trying. Especially if you can get some user >>> acceptability outside of Freenet in e.g. forums. >> >>> Sorry I don't have time to review the source at the moment... >>> :| >> >> Yes, the project requires human labour for verification. I plan >> to organize people who verify identities in reallife. > So it's limited to some small community? Do they federate? How do > they maintain mutual trust? ... Or you have to pay for an > identity, bringing us back to square one? >> Next step for me is to find helpers for the software, because >> the software needs to be connected so other software. And I also >> need some tips and feedback. If it is ok, i would like to use >> this mailinglist to ask some question about coding stuff that I >> am still unsure. > I don't see why that would be a problem in the short run. In the > long run I should join your mailing list... I won't be following > this list much during term time though (i.e. tomorrow until mid > June). > > > > _______________________________________________ Devl mailing list > Devl@freenetproject.org > https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >
I prefer to have more than one entity that is doing the verifications stuff. Maybe it will be a bit chaotic. Every service (forum, blog) can decide, which Identity Provider / Pseudonym Provider is needed. Maybe some require the user to be registered on several identity providers. Some providers may charge a small fee, others are free. All provide different level of security. I have no own mailinglist. I have my mail address and my gitorious account. Nothing more right now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJTUZ7TAAoJEFCTkZ2uNzgr20EH/R5nc5evZRXNRBJENdkWGMrM WqKIqrYqhB5lC17cghFwVHVatZRoYIcKCVJaq/1Fb8oKoBuGupAdNAArMq8oJdyz wXHc6bxxi29qENHF1YfQyKgN6KtB7FAmRMtwxJI7wI4Cmoq0RIy4KGInv8fdt30J XG9eGLPqTLyIY+A8WG54owJBQfmyCSnEUWx8i+af2lO2eQWi6iInmrdWVga8zfcp XffZP+6mFN/vrv6iGe5+5QgIbregOf7sYZBAyDLtK+S2YJtBR+UCnVVeBvJeNHYa ZkbQjbl0heaQqDFRsm52u1GN51li02VzV+ieOld1uhkZ9d3T/YQUEqUVWFKakT4= =RA94 -----END PGP SIGNATURE----- _______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
