-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2013.06.29 01.52, Alireza Mahdian wrote: > I really hope all your other facts are not based on this link you > sent. as Matt rightfully put it we don't know the kind of cipher > that was used it could have been a very primitive one. you are > making a very bold statement based on a very incomplete data.
Of course not. Frankly, I'm not worried about cryptanalysis. If the easiest way into a system is by breaking crypto, we've succeeded beyond our wildest expectations. Snowden said, in passing, that strong crypto does in fact work; he also said that the terrible state of host security means that this is almost never a problem for NSA. > As for your recommended approach of not releasing research > softwares to regular users you have to know that MANY of the > current technologies that are being used have their roots in > research projects. You mention Tor and so many other applications > and ALL of them have started as a research project in academia. Yes, they have. The accepted standard of care in this community is that software should not be recommended to real users for use with real data if it is targeting high-risk use cases (which an intentionally privacy-preserving social network designed for the Iranian context necessarily is) until it has undergone community review and focused security analysis from professional analysts. Not everything in the community is at that point yet, but we're working on getting there. Releasing code that's clearly marked as alpha and likely dangerous is fine, as long as you make it clear to users that this code may not, in fact, provide any of the properties it claims to provide until such point as it's had an appropriate degree of review. While we can't do anything about projects coming from outside academia, I'd love to see IRBs start to enforce this for academic projects. It'd likely save lives. > My claim is that MyZone is privacy preserving and I stand by it. I > never claimed that it is providing anonymity and in fact I have > pointed out that it does not even aim for it. As the creator of > MyZone I did not felt the need for unlinkability as deniability is > provided to a needed degree. And what I'm telling you is that on the basis of what we've seen coming back from the field, not to mention the documents we've seen confirming things in the past few weeks, THERE IS NO SUCH THING AS PRIVACY WITHOUT UNLINKABILITY. The game is in traffic analysis. Most of what's interesting about a conversation comes from traffic analysis. Post-hoc deniability of specific messages is not a useful property in evading negative security outcomes, because the suspicion of being part of the set of people who could have sent a message is more than sufficient to justify picking someone up in high-risk scenarios, and in lower-risk scenarios is likely insufficient to convince a judge. We as a community have a fundamentally backwards idea of what privacy means (or so we now see). Privacy does not mean confidentiality, it means confidentiality and unlinkability at a minimum, and in many regimes, it means confidentiality, unlinkability, and undetectability (because if you live somewhere where using crypto gets you killed, Tor can't help you). By the standards that we've been applying as a community previously, while I stand by my comments on research software, you're not doing bad (although the devil is in the details); the problem is those standards were wrong. > You probably are not going to give my app even a try but I would > certainly give your "Bullet proof" solution if it ever sees the > light of the day a try and read its documentation in full before > criticizing it. I don't know where this "bullet proof" nonsense comes from -- that's not a claim I'd make; it's childish, like talking about "military-grade encryption"; we can do better. I've seen a dozen architectures proposed this week for different kinds of privacy-preserving systems. I'm not going to install all of them and read all of their documentation; I have work to do. I'm happy to provide feedback on some of them when I have time. I'm taking the time to provide more detailed feedback on this one because I think we need to, as a community, have a conversation around the properties that we design solutions for. > I have tried SO MANY of these solutions that you mentioned in a > very restrictive environment (I come from Iran and I have first > hand experience on whatever you are mentioning here) and trust me > they are often so slow (you have to consider dial up bandwidth) > that you prefer to avoid them in the first place. I understand the bandwidth limitations of many connections in a place like Iran. I know Tor is too slow right now. I'm not trying to excuse it. What I'm saying is that we should be working on building systems that can compose with it and working on making it faster, or working on building alternate systems that provide the same unlinkability with different performance tradeoffs. Sadly, we don't get to make the problem that needs solving the one we know how to solve. > I will consider any "constructive" criticism of my work and > appreciate it very much but telling me that I have solved the > "wrong" problem is just your opinion. I certainly wouldn't consider > my self such expert enough in the field to make a blunt statement > like that towards anybody's work. I've been doing architectural security work for a decade. As principal security engineer at OpenITP, it's my job to understand what the right problems to be solving in the circumvention space are. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlHOhFsACgkQQwkE2RkM0woxeAD/Ud2yNSgvvqy6v407jgpfU4Ex 9/rP141kqIl1G6SLsv0A/i7DGr0X6uEL6HAjVS4abNhEMMUKBmj0EnzXxxiYvyn6 =K1UK -----END PGP SIGNATURE----- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
