[email protected]: > On Monday, November 04, 2013 01:17:49 PM Jonathan Wilkes wrote: >> On 11/04/2013 05:28 AM, [email protected] wrote: >>> On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote: >>>>> On Nov 3, 2013, at 3:30, "[email protected]" <[email protected]> >>>>> wrote: >>>>> >>>>> I don't see how "pasting over" a QR code in a way that's not easily >>>>> detectable is somehow harder than pasting over a domain/email, or >>>>> printing a real-looking fake ad and pasting it over the real one. >>>> >>>> A QR code is already isolated in an opaque white square. It's single >>>> color, and moreover, that color is black. And it's smaller than a >>>> billboard. >>>> >>>> By contrast, a textual URL or email address will be in a specific >>>> typeface, >>>> probably matched to the rest of the billboard. It's also likely >>>> size-matched to other text. Most importantly, it's likely printed right >>>> over a patterned and colored background. >>>> >>>> While you're correct that you can address, to some degree, all of those >>>> issues by wheatpasting over the entire billboard, provided you're at >>>> least >>>> as competent a visual designer as the person who executed the original >>>> ad, >>>> which is easier to print and transport? A full-color billboard, or a >>>> black-on-white sheet of tabloid-sized paper? >>>> >>>> To put this all in more practical terms, since these issues were not >>>> apparent to you, you're a less-skilled visual designer than anyone who >>>> would be paid to produce an advertisement. Therefore, you would not be >>>> capable of covertly coopting their advertisement. Yet you'd still be >>>> perfectly capable of successfully pasting over their QR code without >>>> anyone >>>> being the wiser. >>> >>> I can't talk about others, but I'd be quite suspicious if I saw a second >>> layer of paper exactly where the qr code is located. If such attacks >>> gained momentum, I guess people would be more careful. >> >> Now you are climbing up on a billboard and inspecting the QR code >> personally as a way to prove human readable addresses are a solution >> looking for a problem? > > Can you name a specific attack which actually happened, and which involved > altering an ad url in any way or posting a fake physical ad? Are we talking > about something that actually exists? It's not like an ad by microsoft can't > point to a legitimately-looking domain name which isn't microsoft.com eg > getthefacts.com > >> You already mentioned the idea of domain names that aren't "as >> widely-known" as others. "Widely-known" is a feature-- that feature >> doesn't exist with QR codes so you clearly understand the issue. I'm not >> saying that issue cannot be solved, nor that the current domain name >> system is immune to exploits. But if you don't understand the benefits >> of human readable addresses you're likely to end up with a less secure >> system to replace it. > > I understand also that: > * these benefits exist for maybe top 100 domains > * it's usual for well-known entities to use campaign-specific domain names > * even if you know the entity name to be $NAME, the domain can still be > $NAME.com, $NAME.org, $NAME-project.org, get$NAME.com etc > > The "security" of physical ads is pretty much about the cost/benefit, and > that's why we don't see such attacks in the first place. > >> (Especially when the smartphones people must use >> to read the QR code in the first place are almost all locked down and >> not under the user's own control.) > > There are gateways like tor2web.org and onion.to, and these can be encoded > into the QR code for compatibility purposes since there's 1:1 mapping beween > darknet and gateway urls. > > For all practical purposes, the DNS replacement is already available in the > form of tor hidden services, tested and known to be quite reliable. > > The status-quo is: > 1) you pay money to get a DNS record which: > a) can be revoked at will by a number of entities > b) requires you to identify yourself, unless you're willing to play spy > games(and noone know for how much longer the loopholes will exist, see (a)) > c) requires you to be able to pay, which may exclude "children" who can't > get the bank account/card, residents of sanctioned countries. > > 2) you get a ssl cert, with MITM-by-advanced-adversary as an inherent > "security feature". This also may come with random and potentially ridiculous > hops to jump thru, the list is subject to change > > 3) wait for hours/days for payments to complete and records to propagate. > > Tor hidden service: > 1) add 2 lines to torrc, or use vidalia to do the same > 2) grab the service address from tor's dir > 3) the service goes online in 5-10 minutes, with encryption and > authentication always on. > > HTTP gateway is available for legacy platforms. > > Bookmarking and address book features are widely available thus making the > appearance of the url itself not that important. > > Both client and service can opt to drop their half of the circuit, which > turns > it into a more or less direct tcp connection, with nat traversal > capabilities. > Yes there are caveats, yes tor devs are spending their effort on making tor > hide users, rather than optimizing "we don't want no anonymity" use cases, > but > the foundation is solid. > > The only known issue that bothers me is that tor doesn't let you keep the > root > keys for the service offline. A 2-level setup would be really nice, tor devs. > pretty please? > > > For all I care, the solution has been available for several years.
I strongly agree with you. Tor hidden services are awesome. Their concept is great. The implementation need some love [1], but there aren't any conceptual issues. Just no one is working on it. - no need to trust a registrar - can't be taken away without physically owning the server - free registration - free end-to-end encryption without relying on the CA cartel Just too awesome. > It works well, but I'm afraid that getting it adopted would require the > current gatekeepers to step up abuses by a couple orders of magnitude. I am afraid, you're probably right. Unless you can manage to advocate those advantages? Do you think the FreedomBOX developers know about your "use non-anonymous Tor hidden services for DNS" idea? > The only known issue that bothers me is that tor doesn't let you keep the root > keys for the service offline. A 2-level setup would be really nice, tor devs. > pretty please? Not sure, but perhaps there was a feature request of this. Probably conceptually possible as well. Just no one working on it. [1] https://blog.torproject.org/blog/hidden-services-need-some-love -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
