|
Title: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 19, 2014, 08:42:04 AM by UnunoctiumTesticles (http://unheresy.com/) To garnish more interest an apt title could have been, “Tor Is Not Anonymous—Web Paradigm Shift Underway”. I am referring to antithesis of the computer science term stateful—not to being without a nation-state. Googling “death of the web browser” returns many articles claiming smart phone apps are replacing the web browser1. For example, Facebook’s app provides a more optimized experience than browsing the web site on the phone. However, I posit that more content instances2 are being added to and accessed from the traditional web than are being solely accessed from apps; for example, the posts to blogs and forums. My assumption seems intuitively valid for at least two reasons. Two finger typing blog and forum posts on small screens is highly inefficient and error prone. Secondly, new web content instances are being added much faster than new apps because writing HTML is much easier than programming the Android OS or iOS. Even if there exists an app that facilitates authoring popular categories of stateless (https://en.wikipedia.org/wiki/Representational_state_transfer#Stateless) content, the data format of that stateless content would become a standard MIME type (https://en.wikipedia.org/wiki/MIME) (whether it was an open standard or reverse-engineered because of the content popularity), that app is a content browser, and web browsers could support the content MIME type. The balance will tip in favor of apps because:
Anonymity Requires Latency There are two fundamental types of anonymity (http://freehaven.net/anonbib/topic.html#Anonymous_20communication) mix networks: private information retrieval (https://en.wikipedia.org/wiki/Private_information_retrieval) (a.k.a. PIR or “everyone sees everything”) a la Bitmessage and Chaum mixes (https://en.wikipedia.org/wiki/Mix_network) such as onion routing (https://en.wikipedia.org/wiki/Onion_routing) a la Tor. PIR although low latency is not anonymous for any practical internet packet model because it would be impossible to dynamically adjust anonymity set groupings which balanced the traffic between all set members without revealing correlations that destroy the anonymity; also any practical design would not be entirely decentralized. Also PIR requires a high bandwidth burden on the clients since each client must receive all the server responses for all clients in the anonymity set. Onion routing is fully decentralized (https://en.wikipedia.org/wiki/Onion_routing#Routing_onions) and does not require a high bandwidth burden on the clients. Although it also suffers correlations (intersections) from servers which dynamically exit (https://en.wikipedia.org/wiki/Onion_routing#Weaknesses) the network, but if the persistent hidden services (https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Hidden_services) are the routing servers (which is not the case in Tor nor I2P) this will be a much less frequent event than the dynamically (constantly changing) balanced groupings required by PIR. The following frequent Tor attacks render Tor extremely unreliable, but could be fixed in an improved onion network.
Fixing #1 and #2 requires a high latency design. Fixing #2 - #7 requires clients paying per packet for (and to) the hidden services in order to incentivize them to be also the routing servers. If users select only hidden services they are familiar with for routing, this prevents a Sybil attack against the network. So a high latency design with pay-per-packet economics can be truly anonymous, but it will require a stateful web at the client provided by apps. Whereas, Tor was designed to work with the existing stateless web employing low latency, exit nodes (instead of exclusively hidden services), and the stateless web browser. As a result, research claims up to 81% of Tor users can be identified3. Latency Incompatible With Stateless Content Web content—even often when cached to check the current server file timestamp—requires HTTP retrieval from the host server. Network latency delays the user on every click in a stateless web browser, which could be on the order of double-digit seconds per click on a correctly designed, high latency, anonymous network. Even Tor’s slightly increased latency—albeit lower than required for true anonymity—can be maddening tsuris. Tor admits (https://blog.torproject.org/blog/hidden-services-need-some-love) latency is a problem for hidden services (with its still tiny anonymity set of only 6 hops) and that solutions will likely come from restructuring the paradigm (“protocol” or “JavaScript hacks”). And Tor admits (https://blog.torproject.org/category/tags/hidden-services) that supporting the “low latency web” is a “hard problem” that they “still don’t know how to do it correctly”. Demand for Anonymity Increasing Global police socialist nirvana (http://en.wikipedia.org/wiki/Nineteen_Eighty-Four#Ministries_of_Oceania) cometh3 6. The 1878 Posse Comitatus Act forbade the use of armed troops on USA soil, but now it is openly violated by the legal switcheroo shell game of reconstituting the “peace officers” (a.k.a. police) so they are now effectively paramilitary. Even in Europe for example Switzerland is increasing gun control (http://armstrongeconomics.com/2014/11/19/government-all-know-what-is-coming-they-want-to-disarm-the-people/) (oh grasshopper please understand why a lack of private arms means Putin’s ground forces can run over Europe like a hot knife through warm butter (https://bitcointalk.org/index.php?topic=365141.msg9592913#msg9592913)). The Stateful Web Strategies for minimizing the user’s perceived latency will vary and require client-side programming to be installed as client-side app. For example, a forum would persistently cache posts client-side, keep a persistent server-side record of cached posts for each client, and push new and edited posts to the client when the client is viewing a page which requires the updates. Note that latency doesn’t reduce throughput (https://en.wikipedia.org/wiki/Throughput), so clients might be optionally programmed to preload updates and other predictive strategies such as a search engine initiating loading of the top results before the user clicks to view each of them. Rarely updated content (e.g. images, videos) could aggregated by hidden service (https://en.wikipedia.org/wiki/Tor_%28anonymity_network%29#Hidden_services) hub servers which could continuously push7 updates to client caches. HTML5’s Offline Web Applications and Web Storage (https://en.wikipedia.org/wiki/HTML5#New_APIs) is moving in the direction of the stateful web, but it lacks the interfaces (http://source.android.com/devices/index.html), design (http://developer.android.com/design/index.html), programming (http://developer.android.com/guide/components/fundamentals.html#Components), and programming language (http://stackoverflow.com/questions/1994703/which-programming-languages-can-i-use-on-android-dalvik) flexibility of the Android OS which also has a superior security model (http://source.android.com/devices/tech/security/#the-application-sandbox). Android OS is coming to your laptop and PC8. App installation is normally as simple as clicking to confirm that approve of installing the app and the app’s requested permissions. Note most apps in the Android security model don’t need any special permissions at least those developed for the latest Kitkat version. The title and content of this epistle is not about the death of all stateless content, rather I think it quite explicitly says death of the Stateless Web. This salient distinction is that per the Unix design principles (http://www.catb.org/~esr/writings/taoup/html/) of least presumptions (http://www.catb.org/~esr/writings/taoup/html/ch01s06.html#id2879078), orthogonality, and separation-of-concerns, the content and rending model (e.g. HTML) shouldn’t have a monopoly over the transport model (e.g. HTTP). The Web is becoming more general, stateful, and the transport layer is detaching from market dominance by the rendering layer. This creates new opportunities and possibilities.
https://images.duckduckgo.com/iu/?u=http%3A%2F%2Fts1.mm.bing.net%2Fth%3Fid%3DHN.608005874419042764%26pid%3D15.1&f=1
Title: Re: Anonymity: Death of the Stateless Web Post by: herzmeister on November 19, 2014, 03:38:41 PM Time for Bitcloud / Storj / MaidSafe
Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 19, 2014, 06:12:13 PM I as an expert programmer with a reasonably deep understanding of the technical issues, assert that those who vote ‘No’ without posting any justification in the thread don’t have correct logic.
Note it is quite normal that I am usually 5 years ahead of most people in terms of seeing a budding trend. They are caught up in old paradigm thinking and can’t grasp my insight. If the ‘No’ voters aren’t willing to discuss their logic, then they are not likely correct. Time for Bitcloud / Storj / MaidSafe Those are not primarily trying to solve the anonymous networking problem, and certainly not general anonymous networking to any dynamic web site or service, e.g. a forum. You are comparing Apples and Oranges. They are to some degree trying to address the problem of anonymous hosting for the static resources of the web. But they have a fundamental design error or choice that most people don't realize. Their economic models are fundamentally (and apparently irrevocably) based on the quantity of storage, not the bandwidth transferred. Thus these are decentralized clouds for saving low traffic personal files, not for serving high traffic content of web sites. P.S. Returning readers note I have continued to edit the OP. In particular, note additions to the “Latency Incompatible With Stateless Content” section and footnote3. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 05:49:17 AM Some significant incoherence in the OP has been corrected. Please try re-reading it.
Title: Re: Anonymity: Death of the Stateless Web Post by: herzmeister on November 20, 2014, 12:07:53 PM It's not only about cloud storage, it can also replace the web and all the other use cases of the internet today (mail, messaging, media streaming, etc). It's just a question of time really until this "new web" goes viral and the old web will become pretty obsolete, much like the BBSs of yore, simply because it will be much easier and secure to use (first and foremost, no passwords and single-point-of-failure web-servers anymore). Conceptually, encrypted P2P clouds will abstract content and services away from location. This also will enable many use cases we can't even think of yet today. It's the next logical and necessary step in the evolution of networked computing. It'll also scale much better, and bandwidth and computation can be economically incentivized just as well. http://www.youtube.com/watch?v=Wtb6L7Bg3zY
Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 04:51:25 PM P.S. I see we have more n00bs voting No and understandably too timid to reveal their myopic or irrationally biased justification. Perfect. The record will be here for when they get to eat humble pie.
It's not only about cloud storage, it can also replace the web and all the other use cases of the internet today (mail, messaging, media streaming, etc). It's just a question of time really until this "new web" goes viral and the old web will become pretty obsolete, much like the BBSs of yore, simply because it will be much easier and secure to use (first and foremost, no passwords and single-point-of-failure web-servers anymore). Conceptually, encrypted P2P clouds will abstract content and services away from location. This also will enable many use cases we can't even think of yet today. It's the next logical and necessary step in the evolution of networked computing. It'll also scale much better, and bandwidth and computation can be economically incentivized just as well. http://www.youtube.com/watch?v=Wtb6L7Bg3zY Slick marketing has caused you to think these systems will be able to do things which they can not possibly do based on fundamental technical issues in their designs. I saw that video nearly a year ago. My point remains from my prior reply to you upthread that MaidSafe and Storj are based on minimizing the amount of duplicate hard disk space employed for redundancy and their economic unit is backed by hard disk space (https://en.wikipedia.org/wiki/MaidSafe#Storage_cost_and_credits). Afaik, they have no mechanism to charge for bandwidth used[1], rather only a quid pro quo exchange of equivalent proof-of-storage (http://www.youtube.com/watch?feature=player_detailpage&v=fLA77zxk-vA#t=14m50s) (via their verify algorithm I presume), thus they are not applicable for serving files to the public-at-large. They simply are not designed for hosting web sites. That is not their target market. Their design and target market is personal storage for your (or your enterprise’s) files (possibly shared with a few other people, but not the public-at-large) which you are access perhaps up to several times per day, but not 1000s of times per second. And afaics, they don’t solve the anonymity of the requesters IP address for data that is public to the public-at-large. You miss a fundamental economic point that bandwidth is orders-of-magnitude more costly than hard disk space at any scale above a few accesses per day on average, yet bandwidth is also amazingly inexpensive too (which means it is very hard to pay-per-packet as you need some form of sub-micro-payments system or to trade in kind bandwidth-for-bandwidth). The solution for anonymity for the requester of public files and for anonymity of the server is to make the improvements to onion routing that I have laid out in the OP, to build out the Stateful Web, and for the servers to be hidden services. For MaidSafe, I suppose clients could pay per access directly to nodes on the DHT, but the technical design for where the data is stored appears to be based on randomness combined with a ranking algorithm, that does not factor in incentives to compete for the greater orders-of-magnitude revenue from selling bandwidth or in the absence of payment-per-access as is the case in the current design, then the incentive to game the system to not store fragments that are accessed frequently. There is a very complex game theory analysis that needs to be made of the system. In short, I suspect MaidSafe’s model is too complex to fully model and characterize. They can’t be using a quid pro quo exchange of bandwidth because the reciprocal exchanges would not be fungible in real-time, i.e. the other party may not possess a data fragment that the counter party needs at that instant (due to the randomized requirement of the fragments that is the fundamental feature of the system, there is no way this could be made fungible). I suppose that since only the owner of the original data can determine the address of a fragment, then DDoS on a fragment will cause the fragment to get blocked. The concept of storing a file on multiple servers so we don’t have to depend on just one, is orthogonal, has always been the case with corporate scale servers, and such algorithms can be adapted to different architectures such as multiple hidden services or sitting behind one hidden service. MaidSafe’s self-encryption and splitting a file up into sand grain sized (in terms of DHT address space collision probability) fragments is useful because in theory it means even the server nodes have no way to know anything about—and thus can’t discriminate against—the content of the data it is serving. And in theory the user doesn’t have to evaluate the reputation of any server node as would be necessary for traditional server. In theory this feature could be very valuable for files shared to the public-at-large. But traffic analysis can be used to correlate these fragments for files that have high traffic public-at-large access. But I think that valuable portion of the system design can be split from the portion that tries to manage how many copies are stored on the system. So I think instead a flat economic model can be employed to incentivize multiple nodes to store the fragments. And put the decision of this choice and algorithm strategy in the hands of the client. This would be much less complex (easier to prove formally), much more decentralized, and much simpler. Then each node could sit behind a hidden service for sufficient IP address level anonymity. The technical specifics of MaidSafe’s design is very sketchy and vague at this point. I seriously doubt whether they can handle the complexity and deliver the reliability they claim. The MaidSafe MaidSafe system is a complex state machine (http://www.youtube.com/watch?v=fLA77zxk-vA) (layered on top of a DHT) and I have not seen a formal analysis of all possible states including DDoS and the game theory of attacks on it. To debate this would go into more technical detail than I care to enter right now on this forum. In terms of David Lavine’s analogy to an ant colony, note each ant has 250,000 brain cells of entropy to configure itself uniquely within the colony (not just the 4 categories Lavine wants to presume) and the collective state machine of the ant colony has the 10 million brain cells of a human brain. Also listening to David ramble on, he is not person who can hit directly to the generative essence of an algorithm with precision. Rather he rambles on vague analogies. He appears to be smart (salesman with some technical acumen) but appearing tousled and lacking of the eloquent sharp precision of a highly accomplished engineer. For example, never did he address any bandwidth economics which should be one of the first things out of his mouth in a presentation. Accomplished engineers can readily detect bullshit. I smell some but I think he believes in his work even if can’t quite pull it all together further than vague explanations. About a year ago I tried to read technical descriptions at their website and it was a maze of vagueness and technobabble without complete formalization and citations.
Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 20, 2014, 05:33:58 PM Epic OP, though it appears to drift off-topic at the end.
The solution for anonymity for the requester of public files and for anonymity of the server is to make the improvements to onion routing that I have laid out in the OP, to build out the Stateful Web, and for the servers to be hidden services. For some reason I was getting the opposite from the OP. Ie: the web is no longer stateless because it is being asked to run Applications that obviously need to store state. Cookies were invented as a way to store state without stupidly long URLs. However, since privacy-conscious people block such cookies, those long tracking URL are used anyway. The latency brings up an interesting point. if you want to be anonymous, maybe you should consider reading information months or years old. The Archive Team (https://archive.org/details/archiveteam) tries to extract useful information from these new 'apps' before they are shut-down and deleted. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 05:54:32 PM I do make the point in the OP that the web is already moving towards stateful because of the advantages applications can offer over a walled garden (meaning inflexibility or inability to change and extend some aspects of what is available by default) stateless or limited stateful HTML5 model. And my point is that provides an opportunity to do network anonymity correct with high latency, since Tor is ostensibly doomed by its low latency requirement as outlined in the OP.
Cookies are very limited form of state insufficient for the level of sophistication that apps are adding over the walled garden web browser. The OP is talking about IP address anonymity, which is Tor’s raison d’être. So I don’t know why you are conflating this aspect of network anonymity with the nonencryption of public data which was never intended to be private. Sorry if I may be blunt (in spite of your reply constituting praise by faint damning), your understanding of the issues is too limited to fully comprehend. But hopefully this reply will help move you along towards the next level of understanding. One could say the OP post is responsible for readers not getting it, because it is written in a modular generative essence style where not every instance of ramification and implication is spelled out and readers have to take the modular variables presented and formulate all the ramification permutations. But really if I tried to explain it to people are not yet up-to-speed, it would need to be about 10 pages long. And I don't have time for that right now. But I guess that is what this dicussion thread is for. P.S. No insult intended. Thanks for the feedback. Title: Re: Anonymity: Death of the Stateless Web Post by: CIYAM on November 20, 2014, 06:02:32 PM As you can use HTML 5 along with .js crypto to have encrypted stateful apps work over HTTP (such as CIYAM Open) I am not quite sure why you think that HTTP is going to disappear in favour of something like Android (or are you just a fan of Java or Android in general?).
Quite likely I've missed something in your "wall of text" so perhaps you could just focus on this one question in order to make it clearer to me what your point is. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 06:18:15 PM CIYAM, yeah you can do really cool apps even within the walled garden of what is provided by web standards. For example, as you may know Blockchain.info was upgraded and now their wallet is fully encrypted client-side instead of server-side.
However there are always things developers would like to do which fit within a security sandbox model (e.g. Android OS‘ s sandbox) but which can‘t be done with the standard features provided by slow moving web standards. For example, tighter integration with other apps. On Android OS, I can write an Activity, Service, ContentProvider, or Intent which can interact with other apps in the system within the security model. I explained some the ramifications (https://bitcointalk.org/index.php?topic=863306.0) of this more deeply. This transition to apps as a more general sandbox than the more limited web browser sandbox is epic and is underway in a massive paradigm shift. We could now leverage this to provide high latency network anonymity so we can do Tor correctly. Title: Re: Anonymity: Death of the Stateless Web Post by: Billbags on November 20, 2014, 06:25:11 PM @op
We heard these same things in 1997. Please view this 1997 wired magazine link...... http://archive.wired.com/wired/archive/5.03/ff_push.html Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 06:25:28 PM Cross-posting this math discussion about anonymity from another thread...
I request we continue to delete our upthread posts on each reply as I have done, at least for as long as this sub-thread is of reasonable length. Hopefully we can reach agreement now. I kindly request you to delete your prior posts upthread on this sub-thread of discussion as I have done also. So as to not clutter the thread, our entire discussion is quoted in this one post below. anonymity is a myth someone somewhere always knows Actually as an expert computer scientist, I assert that is not true. I have explained that a high-latency redesign of Tor would be anonymous: Anonymity: Death of the Stateless Web (https://bitcointalk.org/index.php?topic=864659.0) (a.k.a. “Tor Is Not Anonymous—Web Paradigm Shift Underway”) You would be correct if you instead wrote, “if someone could correlate all the data in the world for infinite time, they could always know”. being a mathematician i know full well there are no secrets, if it is anonymous it would not be long before it is not. it is the same as saying the code is unbreakable as the recent news on tor proves as well http://betanews.com/2014/11/19/new-report-claims-81-of-tor-users-can-be-identified/ You did not read the link I provided to you. In that link I explain that the reason Tor is vulnerable is because it is a low latency design. That exploit you linked to is well known to be caused by traffic analysis (confirmation) because of the low latency design. I have proposed how to make an improved Tor that is high latency and truly anonymous. Please write down some math that you are using to justify your claim, so I can discuss with you in your mathematical perspective where we differ. I have some math capability also. done deleted posts read your post did not say much about the encryption tor is vulnerable because it is mathematically encrypted ergo it can be mathematically unencrypted not much to go into really, anonymity is achieved via encryption, encryption can be broken, yes a lot of resources required but it can still be done. so if someone really wanted to see what was going on all they need is the resources, usually government/military. the current project I am excited about at the moment is where electrical signals from the brain are being translated e.g. if i think food the receiver reads the electrical brain signals I have at the time and translates this into the word food This would defeat anonymity completely unless you are wearing funny hats. I've done extensive thinking about the breakage of the encryption and that is why I favor Lamport signatures, Mceliece public key cryptography, and not using public key (i.e. using symmetric cryptography) as much as possible. There is no reasonable quantum computing resistant Diffie-Hellman key exchange, so I am thinking we can eliminate it from an improved Tor by sending a Nonce to the prospective relay encrypted with its public key, then the encrypted (in our public key) reply must include the Nonce. The entire reason Diffie-Helman is needed in Tor is because the prior relay hop could inject its only symmetric key instead. All encryption will eventually be broken and I made this point in a long discussion (https://bitcointalk.org/index.php?topic=789978.msg9135029#msg9135029) (READ THIS LINKED POST!) on this forum with smooth about how all anonymity can eventually be broken ex post facto. But as I stated in my first reply to you, this requires the adversary save all the data. For example, a global national security PRISM adversary can’t save the data mixes we do offline. This is why I am arguing to use only quantum resistant encryption for anonymity aspects and to use much larger key lengths than we think are necessary. Note I will be cross-posting our excellent discussion to that thread I linked in my first reply to you. Being able to read the brain’s thoughts could indeed make anonymity much more challenging, but we are at least a decade from that being something the authorities can realistically deploy and even then it will probably require they get proximity to your brain. Our physical bodies are going to become a burden. Hopefully by that time we can upload our brain to a computer, put our body into zombie state, continue thinking there on the computer, then download it back to biological brain copy later. In that way, we could side-step the authorities anew. You see technology is not asymmetric in support of socialism. We just have to be willing to find the solutions for liberty. I hope I have inspired some libertarian readers! Outstanding I agree completely, anonymity can be achieved as outlined above and should be, but not at the expense of user acceptance that it is a fail safe and completely anonymous to all giving a false sense of security. This has been an excellent enlightening discussion on the road to complete anonymity thank you You reminded we need to inform the user as to limitations of anonymity. Tangentially I note this thread is about to attain 40,000 Views. http://kwout.com/cutout/9/nm/en/ife_bor.jpg Title: Re: Anonymity: Death of the Stateless Web Post by: CIYAM on November 20, 2014, 06:26:22 PM However there are always things developers would like to do which fit within a security sandbox model (e.g. Android OS‘ s sandbox) but which can‘t be done with the standard features provided by slow moving web standards. For example, tighter integration with other apps. On Android OS, I can write an Activity, Service, ContentProvider, or Intent which can interact with other apps in the system within the security model. I explained some the ramifications (https://bitcointalk.org/index.php?topic=863306.0) of this more deeply. Okay - I read that (thanks for the link) - but am still not really convinced that we are talking about something that is much more than what MIME already allows you to do (i.e. I could use a different PDF viewer in my browser if I plugged it in so I am not *stuck* with any particular one and the same for any other MIME type of content). I am no iOS fan btw (in fact I have a Samsung Galaxy S3) so let's not get bogged down in iOS vs Android (I am more interested in why you think HTTP is going to end up being scrapped). Living in China I can tell you that HTTP is about the *only* protocol that doesn't get *blocked* here (I cannot view HTTPS from numerous overseas websites without going via a proxy). And also I would never trust anything on Android in China (nor iOS). Title: Re: Anonymity: Death of the Stateless Web Post by: herzmeister on November 20, 2014, 06:29:52 PM btw, welcome back Anonymint 8) (now I'm sure)
Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 06:31:43 PM @op We heard these same things in 1997. Please view this 1997 wired magazine link...... http://archive.wired.com/wired/archive/5.03/ff_push.html Among the possible reasons that did not prosper are because it was too narrowly focused on rich media, there were not these hardware features of smartphones that required breaking out of the web sandbox to fully leverage, and web browser vendors in cohorts with the W3C were eager to keep developers inside a restrictive sandbox. The difference is Android has already displaced the web browser on mobile, so this isn’t conjecture. Now it is just the PC and laptop yet to conquer. If I want to receive SMS message notifications on Android, I need to program for Android OS not a web app (or maybe there is or will be a web standard hook for it, but there will always be new things for which there are not). For example Facebook recently required everyone to install their mobile app so they could give uniformly better chat features to all on the network. Spend some time on mobile in a web browser versus an apps so you can experience the reason user’s prefer apps for things they access everyday. For the odd website they access infrequently they won’t bother with an app, but we developers can make app installation more seamless with visiting a website to overcome this. In the future, users won’t even be able to discern whether they are in web browser or an app, and thus apps will have won. Title: Re: Anonymity: Death of the Stateless Web Post by: CIYAM on November 20, 2014, 06:34:41 PM Spend some time on mobile in a web browser versus an apps so you can experience the reason user’s prefer apps for things they access everyday. For the odd website they access infrequently they won’t bother with an app, but we developers can make app installation more seamless with visiting a website to overcome this. That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this). In the future, users won’t even be able to discern whether they are in web browser or an app, and thus apps will have won. I'd agree - except turn it around the other way - you won't be able to tell a web browser app from an app - so apps will have lost. :) Writing apps for web is *much easier* and with tools like CIYAM it will soon be hundreds of times easier than writing using some normal app framework (please look into Software Manufacturing http://ciyam.org/docs/methodology.html which I have been working on for many years). Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 07:05:11 PM However there are always things developers would like to do which fit within a security sandbox model (e.g. Android OS‘ s sandbox) but which can‘t be done with the standard features provided by slow moving web standards. For example, tighter integration with other apps. On Android OS, I can write an Activity, Service, ContentProvider, or Intent which can interact with other apps in the system within the security model. I explained some the ramifications (https://bitcointalk.org/index.php?topic=863306.0) of this more deeply. Okay - I read that (thanks for the link) - but am still not really convinced that we are talking about something that is much more than what MIME already allows you to do (i.e. I could use a different PDF viewer in my browser if I plugged it in so I am not *stuck* with any particular one and the same for any other MIME type of content). There are features you can do on an app today that you can’t do yet in HTML5. This will also be the case in the future, because the web standards will always be moving too slow because they are top-down managed (e.g. by such as my old nemesis Ian Hickson and Daniel Glazman of Apple). For example, the ability to control the entire screen space or the Activity queue for the hardware back button on Android, etc.. Being able to access the external SD card. Not being limited to 5MB for the SQL database, etc, etc, etc.. I was trying since 10 years ago to get them over at W3C to make the web standards with a more open and orthogonal security model like Android has and more flexibility so we could write apps (that is how far into the future I was able to see, way before anybody thought of smartphones I was already envisioning it). I got tired of arguing with them. My name is listed on the CSS2 standard for example for my contribution on the discussion lists. Yeah eventually the web browser can standardize popular features that apps do, but they will always be several years behind the innovation. And thus apps will win. Decentralization scales faster than top-down. 10 years of lost time is proof of that! The web browser won for static documents because there wasn’t that much you could do with them that would be so much more awesome in an app. Thus lack of fragmentation and the ability to "write once, run every where" was a more important consideration. But the dissatisfaction with the browser ever since DHTML (e.g. the move to Flash) has been rising in a pressure cooker and now apps have been the release valve and there is no turning back! And with Android taking 50 - 80% marketshare globally, soon it will be a no brainer. You will write to the web browser when you can get by with it and it is easier. You will write an app when you need the best user experience. Once we tack on high latency network anonymity, the pressure to move to apps will increase. I am no iOS fan btw (in fact I have a Samsung Galaxy S3) so let's not get bogged down in iOS vs Android (I am more interested in why you think HTTP is going to end up being scrapped). Living in China I can tell you that HTTP is about the *only* protocol that doesn't get *blocked* here (I cannot view HTTPS from numerous overseas websites without going via a proxy). And also I would never trust anything on Android in China (nor iOS). We might still be able to run the traffic over HTTP, we can probably just wrap the high latency functionality around it. I was thinking a little about the tradeoffs, but not too in depth yet. Spend some time on mobile in a web browser versus an apps so you can experience the reason user’s prefer apps for things they access everyday. For the odd website they access infrequently they won’t bother with an app, but we developers can make app installation more seamless with visiting a website to overcome this. That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this). Yup that is what I would expect even though I don’t have any experience in those markets. In the future, users won’t even be able to discern whether they are in web browser or an app, and thus apps will have won. I'd agree - except turn it around the other way - you won't be able to tell a web browser app from an app - so apps will have lost. :) My implied unstated reason is because apps have more functionality and the app innovation will be leading the web standards which follow, e.g. if apps popularly and successfully move to adopting a high latency network anonymity model, then web standards will be forced to follow. Thus apps won. Writing apps for web is *much easier* and with tools like CIYAM it will soon be hundreds of times easier than writing using some normal app framework (please look into Software Manufacturing http://ciyam.org/docs/methodology.html which I have been working on for many years). I agree getting started writing an Android app took even me (a very accomplished programmer) several days. And I am about 2 weeks into it with only about 1000 lines of code accomplished. But I lost of lot of time perfecting my use of Scala to develop on Android with. But it should be possible to entirely emulate everything you can do in a web page or web app, and add hooks to more things that can be accessed via JavaScript interface to the native system. Perhaps you can explore this for your framework at the opportune time. As always, paradigm shifts open up a lot of new opportunities. Not one size fits all, which is the whole point. So rapid development environments that provide the best of HTML5 with some benefits of app-side, might be popular, but I am not signing up for thinking that marketing out. Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 20, 2014, 07:08:27 PM btw, welcome back Anonymint 8) (now I'm sure) I had an inkling with the "agree or disagree with OP" poll; but dismissed it. Missed the screen-shot of the mad-max thread. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 07:12:14 PM I had an inkling with the "agree or disagree with OP" poll; but dismissed it. I’m ecstatic that most of the votes are No. This means I am still (even 10 years hence) far ahead of most people. I assume most people haven’t quite yet grasped why HTML (static documents, a 100% immutable declarative language) was a special case that would not apply forever into the future. Humans are like that. They project the present into the future, without thinking about what made the present and what changed. Remember I was telling everyone in 2013 that Tor was not anonymous because of timing analysis due to being a low latency network and Sybil attacks on the relay nodes by national security agencies. And everyone thought I was crazy. And now we see new research that says 81% of the users can be identified. Sigh. Title: Re: Anonymity: Death of the Stateless Web Post by: CIYAM on November 20, 2014, 07:23:07 PM I am still unconvinced that HTTP is going to die - IMO it is going to *change* (perhaps too gradually for the OPs liking) and things like CIYAM Open are starting to show just how far it can change (to become a "secure" and stateful protocol).
Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 07:23:42 PM hamiltino, yes (from your Youtube slander) ignorance is bliss and you are suffering from it. The slick salesmanship marketing videos you linked to did not address the technical issues in my second reply to herzmeister.
Specifically afaics MaidSafe has no designed ability to deal with the bandwidth economics. Please don’t post more redundant noise (herzmeister already posted one of those slick marketing videos that lack sufficient technical details) in this thread until you've done your homework. This is a moderated thread and I will delete obnoxious or excessive noise. High signal-to-noise ratio content is always welcome, most especially if it teaches me something I didn’t already know, changes my mind on some issue, or helps me to see how others are thinking about things. Update: I see he edited his message to remove the links to the marketing videos and he instead inserted a link to some vague forum post that doesn't address the bandwidth economics issue at all. Here are the links he deleted from his post: https://www.youtube.com/watch?v=Jnvwv4z17b4&list=UUhDck5R_C9i6XTrS66tbwOw https://www.youtube.com/watch?v=txvKSeCaEP0&list=UUhDck5R_C9i6XTrS66tbwOw Think again https://www.maidsafe.org/t/safe-web-browsing/139/2? http://www.youtube.com/watch?v=SY7pM8k8moY&t=2m29s Also I see David Lavine confirms my assertion that MaidSafe doesn't provide IP anonymity: https://www.youtube.com/watch?list=UUhDck5R_C9i6XTrS66tbwOw&feature=player_detailpage&v=_NBrIJrULaM#t=177 Because you only need to compromise the 4 nodes closest to you (i.e. analogous your entry guard nodes in Tor). Also he never answers the question as to how consensus is reached: https://www.youtube.com/watch?list=UUhDck5R_C9i6XTrS66tbwOw&feature=player_detailpage&v=fmW9feSp0xM He side-steps the issue of how disagreements within the local set are resolved. Shrinking the set to any membership larger than 1 means you still need a consensus mechanism. Yet another example of him being vague. Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 20, 2014, 07:24:52 PM That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this). I think the goal there is cross-platform support. The difficulty is that many of those "web apps" are just ActiveX programs, negating any cross-platform capability beyond Ms Windows iterations. I suppose easy updating is a benefit as well. Quote I’m ecstatic that most of the votes are No. This means I am still (even 10 years hence) far ahead of most people. I assume most people haven’t quite yet grasped why HTML (static documents, a 100% immutable declarative language) was a special case that would not apply forever into the future. Humans are like that. They project the present into the future, without thinking about what made the present and what changed. Well, that is obviously where we disagree. I believe that there should be a separation between code and data. I will be sticking with HTML 4.01 Strict, despite the W3C making HTML5 a recommendation. IMO, you simply can not have a secure web-browser if it runs arbitrary code. (HTML5 got rid of the DTD declaration: meaning that changes to the standard can be implemented without Despite it's history of security vulnerabilities, (and the run-time being bundled with browser tool-bars), I think JAVA (including applets) is a better approach to running untrusted code in a sand-box. Leave HTML to serve up static web-pages. The problem is that developers do not like it because the users get fine-grain control over what the software can actually do. For example, the user can prohibit network or disk access. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 07:51:03 PM I am still unconvinced that HTTP is going to die - IMO it is going to *change* (perhaps too gradually for the OPs liking) and things like CIYAM Open are starting to show just how far it can change (to become a "secure" and stateful protocol). I am not convinced it needs to die. For example I think perhaps it can even sit on top of an high latency network anonymity layer as it does on Tor now, just sans the exit nodes. My point is HTML5 is no longer in control. The web browser stranglehold is evaporating finally! Yahoo! So we are free to innovate on prior assumptions of low latency. Apps can more intelligently deal with high latency if the incentive is worth it (true anonymity). Users will drive the demand. That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this). I think the goal there is cross-platform support. The difficulty is that many of those "web apps" are just ActiveX programs, negating any cross-platform capability beyond Ms Windows iterations. I suppose easy updating is a benefit as well. Businesses are conservative (with their internal apps) because maximizing adoption is not their goal (a category error unless they get push back from employees but web apps aren’t that far behind yet). So they want the most accessible and most ubiquitous platform. Quote I’m ecstatic that most of the votes are No. This means I am still (even 10 years hence) far ahead of most people. I assume most people haven’t quite yet grasped why HTML (static documents, a 100% immutable declarative language) was a special case that would not apply forever into the future. Humans are like that. They project the present into the future, without thinking about what made the present and what changed. Well, that is obviously where we disagree. I believe that there should be a separation between code and data. I will be sticking with HTML 4.01 Strict, despite the W3C making HTML5 a recommendation. IMO, you simply can not have a secure web-browser if it runs arbitrary code. (HTML5 got rid of the DTD declaration: meaning that changes to the standard can be implemented without You suffer the same myopia that the W3C did when I tried to explain to them that cross-site script injection was a non-security hole, but rather the holes in the outer sandbox were the problem. And by limiting what code sites could load, we were not increasing security but decreasing functionality and creating kafkaesque, security theatre (https://en.wikipedia.org/wiki/Security_theater). Android finally got it correct and each app runs in an process sandbox, so bad code can’t do anything external to the app. The app can only write to its private section of the file system, unless the user has authorized other permissions. W3C had effectively moved an operating system concern into user mode. What a fucking load of unnecessary tsuris! The same myopia I was battling 10 years ago on W3C discussion lists. I gave up! It is like an irrational religion. Despite it's history of security vulnerabilities, (and the run-time being bundled with browser tool-bars), I think JAVA (including applets) is a better approach to running untrusted code in a sand-box. Leave HTML to serve up static web-pages. The problem is that developers do not like it because the users get fine-grain control over what the software can actually do. For example, the user can prohibit network or disk access. Separation of code and layout+static content is a good programming paradigm for semantic reasons, but it is orthogonal to the security sandbox issue. And this is how it is done by default on Android with XML resources and code. On Android, I can choose from dozen languages that run on the JVM, including Jython (Python), Java, Scala, etc.. The entire web page should be sandboxed in its own process and let the developer do what ever he wants. For static web pages, you don't need to spend a process on each one. It is as if the W3C never made the fundamental categorical distinction between a long-lived (stateful) app and a stateless static web page. You know why? Because they (just the EU beaucrats) didn’t want to lose control and give up their importance and power. Also because they believed in some religious purity of a declarative (immutable) nirvana paradigm (where everything is so purely defined, semantic, and contained, etc). The top-down, oppressive, religious micro management by the W3C was really a drag on my creativity. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 08:50:02 PM In Android, your application’s Activities, ContentProviders, etc have a Uri. Thus, I can envision when you type the app Uri (or its abbreviation) in a browser, you run the installed or install the app. So it can become as seamless as the web. It appears disjoint for now and the web appears to be easier and more readily accessed, but it doesn’t have to remain this way. Then web sites could also be placed as favorite icons on your desktop (which you can do now but not so easy or readily achieved as installing an app and seeing its icon appear there).
Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 20, 2014, 08:51:44 PM On Android, I can choose from dozen languages that run on the JVM, including Jython (Python), Java, Scala, etc.. The entire web page should be sandboxed in its own process and let the developer do what ever he wants. For static web pages, you don't need to spend a process on each one. It is as if the W3C never made the fundamental categorical distinction between a long-lived (stateful) app and a stateless static web page. I don't think we strongly disagree on this point: just on the methods. Java applets were one such clear distinction. Of course, other than the fine-grained control, there was also the (dreaded) "loading Java..." message (and delay) that made the thing unpopular. Android largely follows the Java philosophy: to the point that they were sued over the use of the API. I believe that web-browsers have become too complex. Because, as you mention, they are being asked to operate as an OS in user-land. One thing Chrome gets right is leveraging OS services by spawning each web-page as its' own process. It is resource heavy for simple web-pages, but actually lets you track down which page is using all of your CPU time/memory. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 08:59:10 PM phillipsjk, good to hear. Yeah I would prefer the web browser be a rendering (android.app.)Activity or Fragment and provide an HTTP ContentProvider which can be hooked into it (or substituted) and not try to be the OS.
Orthogonality and separation-of-concerns. Looks like we agree on we are headed towards convergence? P.S. In the transposed direction of misuse or incorrect design, I was listening to this masscan developer explain (http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html) (how to scan the entire internet in 3 minutes with commodity hardware) in his C10M video about how web servers shouldn't move packet processing into the OS by using threads, because Linux was not designed to be real-time OS but rather optimized to be a multi-user OS. And instead do the logic in user mode. Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 20, 2014, 09:06:51 PM phillipsjk, good to hear. Looks like we agree on we are headed towards convergence? I hope not. As I said, I believe there should be a clear distinction between data and code. I was using lynx as my primary browser at least until 2005. It really stopped adapting to new HTML revisions after HTML 3.2. HTML 4 introduced style-sheets, which were never really implemented by lynx. Edit: I like CSS, just lynx does not. Edit2: I still try to avoid running client-side scripts as much as possible though. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 09:10:05 PM phillipsjk, good to hear. Looks like we agree on we are headed towards convergence? I hope not. As I said, I believe there should be a clear distinction between data and code. I was using lynx as my primary browser at least until 2005. It really stopped adapting to new HTML revisions after HTML 3.2. HTML 4 introduced style-sheets, which were never really implemented by lynx. I edited my post to explain I mean convergence via orthogonality and separation-of-concerns. If you are programmer (especially if you understand the Unix design philosophy (http://www.catb.org/~esr/writings/taoup/html/)) then you know the value of these concepts instead of trying to have one monolithic thing do everything you need. Then you can mix-n-match to retain the flavor you desire. HTML should not be a dominating force on how I can distribute apps as seamless content to my users. You may prefer a strict static content model without JavaScript, but other users have other preferences such as for some HTML is just a rendering engine that is used in some contexts within their stateful app. Developers should be allowed to serve all users well, including you (if there are enough of you, else you can roll your own). P.S. You are conflating the issue of good semantic design with the orthogonal issue of security. I fought against Daniel Glazman's spaghetization of the orthogonality between code and data with XBL (https://en.wikipedia.org/wiki/XBL) (because CSS was not the correct semantic layer to bind code!). I was for registering events instead of embedding them in the HTML file. Etc.. But I don't think you can build a dynamic web page and not have any code manipulating the page. We are talking only about good semantic programming, not about security unless it is just security theatre. The broader the scope of your sandbox, the less fined grained permissions you need to ask the user about. Because users have no fucking clue and just click "yes" any way, so then you don't have security. Android is trying to design to reduce the need to ask the user for permissions. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 20, 2014, 09:30:38 PM My favorite Mozilla kafkaesque, security theatre fuck-up for the ages (https://bugzilla.mozilla.org/show_bug.cgi?id=588292#c38). I warned there and exactly what I warned happened. And so he eventually closed the bug to further comments (https://bugzilla.mozilla.org/show_bug.cgi?id=588292#c116) after receiving 100 complaints over the next two years as I warned him.
Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 21, 2014, 07:11:31 AM Remember I [AnonyMint] was telling everyone in 2013 that Tor was not anonymous because of timing analysis due to being a low latency network and Sybil attacks on the relay nodes by national security agencies. And everyone thought I was crazy. And now we see new research that says 81% of the users can be identified. Sigh. The title and content of the OP is not about the death of all stateless content, rather I think it quite explicitly says death of the Stateless Web. This salient distinction is that the content and rending model (e.g. HTML) shouldn’t have a monopoly over the transport model (e.g. HTTP). The Web is becoming more general and the transport layer is detaching from market dominance by the rendering layer. This enables new opportunities and possibilities. I wonder what the No voters are thinking? Is my presentation too abstracted? Perhaps I need to incorporate the above summary. Update: done. The title and content of this epistle is not about the death of all stateless content, rather I think it quite explicitly says death of the Stateless Web. This salient distinction is that per the Unix design principles (http://www.catb.org/~esr/writings/taoup/html/) of least presumptions (http://www.catb.org/~esr/writings/taoup/html/ch01s06.html#id2879078), orthogonality, and separation-of-concerns, the content and rending model (e.g. HTML) shouldn’t have a monopoly over the transport model (e.g. HTTP). The Web is becoming more general, stateful, and the transport layer is detaching from market dominance by the rendering layer. This creates new opportunities and possibilities. Even in Europe for example Switzerland is increasing gun control (http://armstrongeconomics.com/2014/11/19/government-all-know-what-is-coming-they-want-to-disarm-the-people/) (oh grasshopper please understand why a lack of private arms means Putin’s ground forces can run over Europe like a hot knife through warm butter (https://bitcointalk.org/index.php?topic=365141.msg9592913#msg9592913)). Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 21, 2014, 07:55:06 AM Wow 9 ÷ 11 = 82% voted ‘no’ thus far (or 90% if exclude my vote).
The ubiquity of Dunning–Kruger ignorance needs to be culled by action in the market place. This vast preponderance of ignorance means there is a huge opportunity here because most do not realize the paradigm shift yet. I suspect it escaped the logic of readers that stateless content can increase (even in proportion) and yet orthogonality of transport and content can proliferate. P.S. if the ‘no’ votes are pertaining to the rise of the global police state and the need for anonymity, I can only sigh again soon. I was watching the NBA (i.e. Rome’s bread and circus, or the Roaring 1920’s socialite glitter & glee) and realized why most people today would again think it is ludicrous to claim such horrific outcomes as we approach the cliff. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 21, 2014, 11:31:47 AM I’d feel facetious and subject to accusation of being non-objectively biased if I did not acknowledge some serious security theatre I submitted an Android Issue on today.
https://code.google.com/p/android/issues/detail?id=80335 Quote from: me Documentation states, “There is no security enforced with these files. For example, any application holding WRITE_EXTERNAL_STORAGE can write to these files.” I understand files stored in the returned directory can be accessed by the user via explicit actions such as by connecting the device to a computer via USB or removing the SD storage card. Thus security can not be guaranteed in all cases for these files. However, there is a critically important scenario where security can and should be provided. Users may install an app and despite approving the WRITE_EXTERNAL_STORAGE permission, not realize they have just enabled that app to corrupt the data files of other apps that have stored external data files. Users are not programmers and thus do not think in terms of the implications of obscure logic. They may think that particular write permission gives that app permission to write date for itself to the external directory, but not presume it enables that app to corrupt the external data of other apps. Why should the user presume Android was designed stupid? In other words, the user likely views the write permission as a way for the user to get access to those data files with those aforementioned explicit actions, but not as permission to do unnecessary harm. The Unix design principles of least surprise and rule of silence apply: http://catb.org/~esr/writings/taoup/html/ch01s06.html#id2878339 There is simply no reason to enable a trojan app to apply social engineering to trick the user into enabling something the user has no reasonable reason to assume would happen. For example, I would like to store an SQLite database on the removeable media because it enables the user to be sure that data has no traces even after being deleted. And because it enables the user to instantly remove that data from the system in a heartbeat in an emergency. And I think this is a very piss poor Android design that the user could unwittingly enable a trojan that would corrupt their data. Also note that many or most users are oblivious to the meaning of security permission prompts and confirm them always. In other words, WRITE_EXTERNAL_STORAGE permission should only apply to Environment.getExternalStoragePublicDirectory) directories. Since Kitkat it is no longer required for writing to the app’s own private external directory. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 23, 2014, 10:13:57 AM I've gotten some feedback from at least one of my supporters that he is not able to quickly discern the significance of the OP (https://bitcointalk.org/index.php?topic=864659.0) (readers should also read the linked OP).
Until recently the majority of the user demand for traffic on the internet has been HTML over HTTP, i.e. what I refer to in the OP as the stateless Web. That traffic is required to be low latency, because the caching mechanisms are not typically smart enough especially with dynamically changing content (e.g. forums, social networking sites) to give a satisfactory user experience if the transport between server and client is high latency. Yeah there are other protocols on the internet, such as SMTP which delivers email and doesn't require low latency transfer. And even P2P over UDP versus TCP/IP. But the majority of the market has been focused on HTML over HTTP. Users become accustomed to the simplifying unification of accessing any content via the web browser. This provided some benefits for developers and content authors too as they could "code once, run every where". But this had the tradeoff of retarding innovation on those areas that would require stepping outside the web browser’s myopically designed security sandbox (https://bitcointalk.org/index.php?topic=864659.msg9605686#msg9605686) or require a different model of interaction that could interopt well with high latency transport. Many even myopically cheered that this security sandbox was a major advantage. There were some attempts such as Flash, ActiveX plugins, Silverlight, etc but these lacked the holistic purpose, demand, and system design that could cross the chasm to simplifying unification via sufficient market adoption. I am positing that mobile apps, and more likely Android apps in particular, is a paradigm which is crossing the chasm. And even migrating towards the desktop and laptop to bring further unification. This opens up new opportunities for fast moving innovation outside the confines of the slowly innovating (top-down standards driven, e.g. W3C.org) web browser. I posit one of those opportunities is to interopt with a hypothetical high latency transport, which would have the benefit of being truly anonymous because Tor and low latency ostensibly can not be anonymous. The innovations might be so far outside the paradigm of the web browser content platform, that the web browser might not be able to incorporate such innovations without ceasing to be any semblance of what it was. If the web browser becomes essentially Android or something closer to what Android is, then the W3C (top-down, stifling morass) lost control. If Android (or something like it) is a standard that runs every where, then we haven’t lost the "code once, run every where" advantage. What is really accomplished is making the content platform more programmable with more granularity of modularity of Android APIs instead of the "all or nothing" monolithic imposition of the web browser APIs (by for example having a more holistic security sandbox model). Title: Re: Anonymity: Death of the Stateless Web Post by: HCLivess on November 24, 2014, 02:38:32 PM No, web is simply developing faster than regulations.
Title: Re: Anonymity: Death of the Stateless Web Post by: 247casino on November 24, 2014, 02:46:57 PM The sheeple don't care about being anonymous and most of the world is still in 3rd world areas with no net access other than wifi on a cheap smart phone at the local wifi cafe.
The future net will be an AI network and people will have neural implants to put the net right into their optic nerve center, then the next generation will be that dna will be manipulated to have the human brain able to connect on an alpha wave like they do the akashic record now. There will be no anonymity, there is none now, the AI that created you tracks you through alpha waves now and that AI makes you do what that AI wants through alpha waves as well Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 24, 2014, 03:57:13 PM The sheeple don't care about being anonymous... They don't need to care. They only need to be aided by the paradigm shift I am describing, specifically the usurpation of the top-down morass of web standards by the viral diversity of a programmable, secure platform such as Android which is on 80% of their smartphones. ...and most of the world is still in 3rd world areas with no net access other than wifi on a cheap smart phone at the local wifi cafe. You see they need offline app solutions for their high latency network access. So extremely high latency in fact, sometimes they have to wait hours or days to reconnect to the net or connect over very slow GSM or overloaded 3G networks. The No votes come from neophytes who don't understand the issues. Title: Re: Anonymity: Death of the Stateless Web Post by: Soros Shorts on November 24, 2014, 04:29:13 PM I posit one of those opportunities is to interopt with a hypothetical high latency transport, which would have the benefit of being truly anonymous because Tor and low latency ostensibly can not be anonymous. What kind of high latency numbers are you talking about? 10 seconds? 30 seconds? More? In my experience important data more often than not is also time critical in nature. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 24, 2014, 05:25:32 PM I posit one of those opportunities is to interopt with a hypothetical high latency transport, which would have the benefit of being truly anonymous because Tor and low latency ostensibly can not be anonymous. What kind of high latency numbers are you talking about? 10 seconds? 30 seconds? More? In my experience important data more often than not is also time critical in nature. Data on the internet ranges in time criticality. For example, posting new Likes and photos to Facebook is not that time critical, but Facebook interactive chat or a stock quotes application are time critical. There are two components to the latency on a high latency variant of Tor: 1. The greater number of hops (onion layers or nodes) between the client and the server requires some additional latency for each hop. 2. The randomization of when to forward each packet at each hop increases latency at each hop by the time window over which that randomization occurs. As the volume of traffic increases, the time window can shrink because the anonymity mix (of packets forwarded by the node) per unit time has increased. Let's assume the system can have an algorithm that attempts to choose paths through the nodes of the network that keep latency below 50ms per hop[1]. If that can be achieved, then assuming #2 is reduced to negligible as traffic volume increases, then 10 hops would be 0.5 seconds on average latency. 100 hops would be 5 seconds. Since the client and hidden service server each get to decide half of the onion layer path (with a rendezvous node in the middle), they can choose a latency and anonymity tradeoff that matches their application.
Title: Re: Anonymity: Death of the Stateless Web Post by: 2112 on November 24, 2014, 08:52:48 PM Users become accustomed to the simplifying unification of accessing any content via the web browser. This provided some benefits for developers and content authors too as they could "code once, run every where". I think you are overstating the importance of the "user experience" and discounting the value provided by "robot experience" (by robot I mean the indexing and search engines). One of the most important factors of the growth of "web" was that HTML became some approximation of the lowest common denominator of information interchange. XML family of standards tried, but failed to improve on the HTML model with this regard.But this had the tradeoff of retarding innovation on those areas that would require stepping outside the web browser’s myopically designed security sandbox (https://bitcointalk.org/index.php?topic=864659.msg9605686#msg9605686) or require a different model of interaction that could interopt well with high latency transport. Many even myopically cheered that this security sandbox was a major advantage. There were some attempts such as Flash, ActiveX plugins, Silverlight, etc but these lacked the holistic purpose, demand, and system design that could cross the chasm to simplifying unification via sufficient market adoption. I am positing that mobile apps, and more likely Android apps in particular, is a paradigm which is crossing the chasm. And even migrating towards the desktop and laptop to bring further unification. I don't want to devalue your insight, but here is a recent example of "UX uber alles" problem: http://torrentfreak.com/fail-mpaa-makes-legal-content-unfindable-google-141122/ exhibited by the "overapplification" of the user experience. I'm sorry for the ugly, hastily coined word. I don't know the better term. But from my childhood I still remember a paper pop-up book for "Puss in boots" which could be animated by hands. It was very cute, but didn't meaningfully improve the classic text printed in the plain book. Edit: One more link from today that is tangentially related to the subject matter: http://news.slashdot.org/story/14/11/23/1714255/blame-america-for-everything-you-hate-about-internet-culture Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 25, 2014, 03:41:34 AM Users become accustomed to the simplifying unification of accessing any content via the web browser. This provided some benefits for developers and content authors too as they could "code once, run every where". But this had the tradeoff of retarding innovation on those areas that would require stepping outside the web browser’s myopically designed security sandbox (https://bitcointalk.org/index.php?topic=864659.msg9605686#msg9605686) or require a different model of interaction that could interopt well with high latency transport. Many even myopically cheered that this security sandbox was a major advantage. There were some attempts such as Flash, ActiveX plugins, Silverlight, etc but these lacked the holistic purpose, demand, and system design that could cross the chasm to simplifying unification via sufficient market adoption. I am positing that mobile apps, and more likely Android apps in particular, is a paradigm which is crossing the chasm. And even migrating towards the desktop and laptop to bring further unification. I think you are overstating the importance of the "user experience" and discounting the value provided by "robot experience" (by robot I mean the indexing and search engines). One of the most important factors of the growth of "web" was that HTML became some approximation of the lowest common denominator of information interchange. XML family of standards tried, but failed to improve on the HTML model with this regard. I don't want to devalue your insight, but here is a recent example of "UX uber alles" problem: http://torrentfreak.com/fail-mpaa-makes-legal-content-unfindable-google-141122/ exhibited by the "overapplification" of the user experience. I'm sorry for the ugly, hastily coined word. I don't know the better term. But from my childhood I still remember a paper pop-up book for "Puss in boots" which could be animated by hands. It was very cute, but didn't meaningfully improve the classic text printed in the plain book. Edit: One more link from today that is tangentially related to the subject matter: http://news.slashdot.org/story/14/11/23/1714255/blame-america-for-everything-you-hate-about-internet-culture I had thought of this, so it is good you raise the issue, so I can respond with my prior thoughts. 1. Those applications that require some advances in user experience does not eliminate those applications where standards for content make semantics more transparent. Both can continue to proliferate, i.e. we shouldn't prevent the former if requiring always the latter would make some applications not exist at all. 2. Those applications that require some advances in user experience could in many cases also publish stateless content (or any other standard for making semantics more transparent), e.g. an application for interacting with a forum offline or on high latency (for example to access it over a high latency truly anonymous network), could coexist with a website version of the forum. P.S. I hate pay walls and login walls when I am surfing the web for news or research. Title: Re: Anonymity: Death of the Stateless Web Post by: UnunoctiumTesticles on November 27, 2014, 05:19:36 AM Any reader who thinks we don't have a totalitarian police state in the USA, should try to explain away the following well documented, egregious case (https://bitcointalk.org/index.php?topic=365141.msg9666280#msg9666280). Don't forget that the USA can now legally send the military after you and "make you shut up" (https://www.youtube.com/watch?v=9ni-nPc6gT4) without any due process nor habeas corpus.
http://armstrongeconomics.com/2013/02/09/indefinite-detention/ Quote from: Armstrong So when the Supreme Court ordered the government to explain what the hell was going on, they realized they would lose. You have to at least charge someone. Now, there was not even a charge. Therefore, I was released to prevent the Supreme Court from ruling against them. What did they do then? They used the terrorist nonsense as the excuse to now indefinitely imprison anyone at any time without even charging them, lawyers, or a right to trial. The rumor is they used Lindsey Graham threatening him because he is gay and if he did not strip Americans of all rights, he would be exposed. http://www.youtube.com/watch?v=9ni-nPc6gT4 Now a journalist Chris Hedges and several others sued the Obama Administration on the grounds of it being unconstitutional to indefinitely hold citizens as they did to me without charges, lawyers, or a right to a trial. Judge Katherine Forrest agreed it was unconstitutional and issued an injunction to prevent the government from doing so. This was immediately appealed by the Obama Administration for they are really indistinguishable from George Bush when it comes to expanding government power and destroying the Constitution. The Obama Administration appealed to the higher court – where? Second Circuit Court of Appeals of New York. That court, naturally with the speed of a bullet, instantaneously issued a temporary stay on the injunction allowing the government to indefinitely detain anyone it desires. The notorious Second Circuit, perhaps the most anti-constitution court in the USA, will make the decision. The way this goes, if they side with the government, you can appeal to the Supreme Court but they take only perhaps 100 out of 10 thousand petitions. If the government lost, whenever they appeal, they are normally granted the right to be heard by the Supreme Court. So if the Second Circuit sides with government, the burden is then on the citizen to show why this case should be heard. First they came for the Socialists, and I did not speak out— Because I was not a Socialist. Then they came for the Trade Unionists, and I did not speak out— Because I was not a Trade Unionist. Then they came for the Jews, and I did not speak out— Because I was not a Jew. Then they came for me—and there was no one left to speak for me Title: Re: Anonymity: Death of the Stateless Web Post by: phillipsjk on November 28, 2014, 08:48:09 PM Apparently the Android permissions prompt is optional or something.
Uber's Android App Caught Reporting Data Back Without Permission (http://yro.slashdot.org/story/14/11/27/1451203/ubers-android-app-caught-reporting-data-back-without-permission) Title: Re: Anonymity: Death of the Stateless Web Post by: TPTB_need_war on June 15, 2015, 02:54:09 PM http://www.infoq.com/interviews/bracha-javascript-future
Quote from: Gilad Bracha @ co-author of the Java language spec talking with Gilad Bracha. He works at Google and he is currently working on Dart. He is best known as the co-author of the Java language specification. Gilad, your keynote today was called “Whither web programming”. Can you tell us a little bit about the title of your talk and summarize it? Sure. The title was a bit of a pun which I am sure nobody got which is the way I like my puns to be. Basically, the point is where is the web going or where it should go in the future and also the idea that there is a risk if it does not address these issues that it might not be as dominant or as popular as it should be as a programming platform in particular because of competition from app stores and things like that which have certain advantages, in particular with respect to the ability to reliably install an application. So, the web has this great advantage of zero install, but it actually does not have a way to reliably ensure that that application is there for you offline or when the network is slow or unreliable, etc, which is an added feature as it were that is one of the weaknesses that I was talking about. What direction is the web going in? What is the best-case scenario and what is the worst-case scenario? I guess the best – let’s start with the best – the best case scenario is that a series of missing primitives that would allow a great variety of programming languages to be implemented efficiently on the web, get standardized and put into all the browsers in a relatively quick manner. I mean it is a standard process and it does take time. There already is this flowering of all kinds of programming paradigms on the web and I think that is a good thing. I think that mono-lingual platforms either become multi-lingual or they die. Look at the JVM, for example. If we do that, then the web will evolve into something where you really have this ideal combination of the advantages of the network and the advantages of an independent client. So, things will work for you online and offline, your apps will synchronize transparently for you, wherever you go, for multiple devices, your data will synchronize transparently with collaboration and so forth. All these things that the network can enable will work well on the web, in an open fashion, in a standardized fashion. That is what we'd really like to see happening. The worst case scenario is that none of these things happen and instead you see developer energy focused more on mobile platforms and you get more of these walled garden kind of things like iOS frankly where your ability to innovate is limited but in some sense there are better primitives and they actually become more competitive with the web. Can you summarize then your vision for the future of the web and the web applications? Well, I think we want a world where applications can work online and offline as much as their functionality allows. Obviously, if you are accessing some giant database, you may need real access to the network. Or if you are communicating, obviously there is nothing that can be done. But there are many applications where it is plausible to store your data and the application locally and it will work for you offline and I think the platform should make it easy for you to do that. You should be able to synchronize when you are back online and synchronize your application and your data and again, it should happen in a very lightweight fashion, it should be handled as much as possible by the platform so that developers do not have to solve this rather hard problem over and over again. It should produce an experience that is as good or better than any native application does. Gilad Bracha and W. Cook, Mixin-based Inheritance (http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.128.8192&rep=rep1&type=pdf), Proceedings of ECOOP '90. |
