this is analogeous to one of my first lessons that I learned on freenet -
you're not anonymous if someone can work out who you are by reading your
freesite, and that's not as difficult to work out as you think ;)
(hey, how was I to know she'd get a freenet node setup? :-p)
- fish
On Tue, 19 Nov 2002, Ian Clarke wrote:
> On Tue, Nov 19, 2002 at 06:31:13AM -0600, Mark J Roberts wrote:
> > fish:
> > > we all know why anonymity and a distributed network is needed for that,
> > > right? :)
> >
> > Constantly inserting predictable keys is a great way to throw away what
> > little anonymity you have.
>
> It is really tiresome to hear this kind of commentary.
>
> It is analagous to me saying:
>
> "Given sufficient resources, I can break RSA encryption".
>
> This statement is perfectly true, and like MJR's comment, perfectly
> useless. What would be useful is to give an indication of what resources
> it might take for me to break RSA encryption.
>
> By the same token, MJR - if you would like to make yourself useful, why
> not figure out what it would take for someone to compromize someone's
> anonymity, and that would actually give us a better idea of how they
> might take advantage of repeated insertions - and then perhaps help us
> to make it more difficult for them. This is called "Constructive
> Criticism".
>
> And while I am ranting, it isn't uncommon to hear comments analogous to:
>
> "Hey, [Security architecture X] is so powerful that even if someone had
> the ability to torture and extract information from anyone in the world,
> they wouldn't be able to decrypt your message".
>
> This is an extreme example, but it highlights the point. Clearly, if
> someone had the ability to extract information from anyone, they
> *wouldn't need* to decrypt my message, they could simply rubber-hose the
> information out of me.
>
> Security is like a chain, in that it is only as strong as its weakest
> link, and that weakest link is often not where most people focus their
> attention. Typically they put all of their energy into strengthening
> one link in the chain, which of-course becomes energy wasted (and false
> sense of security created) as soon as that is no-longer the weakest
> link.
>
> Yet another good example of this would be people who go through
> extraordinary lengths to encrypt their emails, where it would be
> relatively cheap for someone to break into their home, and tap their
> keyboard.
>
> The last, and definitely the one that offers the best snide response, is
> the biometrics sales rep who gleefully proclaims that "someone would
> need to cut your finger off to circumvent this security system!". The
> obvious response being "Why the hell would I want to give someone an
> incentive to cut off my finger?!".
>
> Ok, rant over.
>
> Ian.
>
> --
> Ian Clarke ian@[freenetproject.org|locut.us|cematics.com]
> Latest Project http://cematics.com/kanzi
> Personal Homepage http://locut.us/
>
_______________________________________________
devl mailing list
devl at freenetproject.org
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
