I’d feel facetious and subject to accusation of being non-objectively biased if I did not acknowledge some serious security theatre I submitted an Android Issue on today. https://code.google.com/p/android/issues/detail?id=80335Documentation states, “There is no security enforced with these files. For example, any application holding WRITE_EXTERNAL_STORAGE can write to these files.” I understand files stored in the returned directory can be accessed by the user via explicit actions such as by connecting the device to a computer via USB or removing the SD storage card. Thus security can not be guaranteed in all cases for these files. However, there is a critically important scenario where security can and should be provided. Users may install an app and despite approving the WRITE_EXTERNAL_STORAGE permission, not realize they have just enabled that app to corrupt the data files of other apps that have stored external data files. Users are not programmers and thus do not think in terms of the implications of obscure logic. They may think that particular write permission gives that app permission to write date for itself to the external directory, but not presume it enables that app to corrupt the external data of other apps. Why should the user presume Android was designed stupid? In other words, the user likely views the write permission as a way for the user to get access to those data files with those aforementioned explicit actions, but not as permission to do unnecessary harm. The Unix design principles of least surprise and rule of silence apply: http://catb.org/~esr/writings/taoup/html/ch01s06.html#id2878339There is simply no reason to enable a trojan app to apply social engineering to trick the user into enabling something the user has no reasonable reason to assume would happen. For example, I would like to store an SQLite database on the removeable media because it enables the user to be sure that data has no traces even after being deleted. And because it enables the user to instantly remove that data from the system in a heartbeat in an emergency. And I think this is a very piss poor Android design that the user could unwittingly enable a trojan that would corrupt their data. Also note that many or most users are oblivious to the meaning of security permission prompts and confirm them always. In other words, WRITE_EXTERNAL_STORAGE permission should only apply to Environment.getExternalStoragePublicDirectory) directories. Since Kitkat it is no longer required for writing to the app’s own private external directory. |
|
|
|
P.S. if the ‘no’ votes are pertaining to the rise of the global police state and the need for anonymity, I can only sigh again soon. I was watching the NBA (i.e. Rome’s bread and circus, or the Roaring 1920’s socialite glitter & glee) and realized why most people today would again think it is ludicrous to claim such horrific outcomes as we approach the cliff.
|
|
|
|
|
Wow 9 ÷ 11 = 82% voted ‘no’ thus far (or 90% if exclude my vote).
The ubiquity of Dunning–Kruger ignorance needs to be culled by action in the market place. This vast preponderance of ignorance means there is a huge opportunity here because most do not realize the paradigm shift yet.
I suspect it escaped the logic of readers that stateless content can increase (even in proportion) and yet orthogonality of transport and content can proliferate.
P.S. if the ‘no’ votes are pertaining to the rise of the global police state and the need for anonymity, I can only sigh again soon. I was watching the NBA (i.e. Rome’s bread and circus, or the Roaring 1920’s socialite glitter & glee) and realized why most people today would again think it is ludicrous to claim such horrific outcomes as we approach the cliff.
|
|
|
|
Remember I [AnonyMint] was telling everyone in 2013 that Tor was not anonymous because of timing analysis due to being a low latency network and Sybil attacks on the relay nodes by national security agencies. And everyone thought I was crazy. And now we see new research that says 81% of the users can be identified. Sigh.
The title and content of the OP is not about the death of all stateless content, rather I think it quite explicitly says death of the Stateless Web. This salient distinction is that the content and rending model (e.g. HTML) shouldn’t have a monopoly over the transport model (e.g. HTTP). The Web is becoming more general and the transport layer is detaching from market dominance by the rendering layer. This enables new opportunities and possibilities. I wonder what the No voters are thinking? Is my presentation too abstracted? Perhaps I need to incorporate the above summary.
Update: done. The title and content of this epistle is not about the death of all stateless content, rather I think it quite explicitly says death of the Stateless Web. This salient distinction is that per the Unix design principles of least presumptions, orthogonality, and separation-of-concerns, the content and rending model (e.g. HTML) shouldn’t have a monopoly over the transport model (e.g. HTTP). The Web is becoming more general, stateful, and the transport layer is detaching from market dominance by the rendering layer. This creates new opportunities and possibilities. |
|
|
|
http://blog.mpettis.com/2014/11/china-europe-and-optimal-currency-zones/#comment-97452What he seems to be saying, if particular market coincided with his ECM model, then it is a proof that the model is correct. And if it did coincide? Well, the model is correct, it just means we are not looking at the “correct” market. Real estate was the thing being pushed into a bubble by the government (Fannie Mae, Fed, etc). And this ECM is in a Private wave against government. You have to understand that in order to know which market to expect to coincide with the turn date[1].
Now Armstrong is speculating that Private assets such as gold and collectibles will also include USA real estate and stocks and they will continue to rise after the 2015.75 turn in the ECM model. He is observing for evidence of this “phase shift” as ithe calls it.[1]
|
|
|
|
Kimosabe, get a clue of how the world really works. The internet (i.e. the free market which is why you have it today) is the only free press remaining in the USA. You are an young idealistic liberal idiot with a functioning vocabulary and extremely discombobulated illogic (you put the cart before the horse w.r.t. internet and free media) because your political religion does not allow you to understand the logic of the asymmetric power of political capture and why collectives always fail in a heap of vested interests corruption. The ONLY way to avoid that is do not form collectives and enable the free market to prosper. Hey what happened to your threat to put me on ignore?  |
|
|
|
Why am I nearly always correct? Because I am an accomplished senior level programmer which means I have extremely accurate logic skills. I am also an accomplished bug finder and fixer, so it means I know how to hunt through complex data sets even when I don’t have the entire situation revealed to me. Also because (except in the recent years past where I tried to become a short-term speculator in precious metals), I generally discern what I can’t know and thus do not try to claim things I can not know with high certainty. Meaning I am humble and also do readily admit when someone points out a flaw in my logic or research. As I argued to Martin Armstrong in email some months ago which is quoted on this forum, there is proof that Russia’s motive was not to annex countries and Armstrong is wrong and the Ukraine revolution and problem was instigated by the USA (skip to 14min in linked video and see Bush promised Gorbachev “NATO will not move 1 inch east of the former Berlin wall”) and Dick Cheney (with John Kerry) is still running foreign policy in Ukraine (skip to 10min in linked video). This is the geographic pathway that Russia had been attacked throughout history such as Napoleon. This is why Russia is now angry at the legacy of Gorbachev with Putin’s popularity rising to 80% since the start of the Ukraine crisis. Armstrong misses this key point in his analysis. Thus, Bush and Cheney are driving us towards World War 3. The smoking gun audio of Assistant Secretary of State explaining our manipulation in Ukraine. 35 year CIA Analyst Ray McGovern: Obama Will Lead US Into Nuclear Holocaust. USA is an extra-constitutional state now and we no longer have a free [mainstream] press (skip to 8min 30seconds in linked video). |
|
|
|
The Movie Trailer is Out (about Armstrong) http://vimeo.com/112432439https://www.youtube.com/watch?v=iJNEjq7I5Is | I arrived in Amsterdam. It has begun. As I have stated, this film is not about my life, but about my battle against the market manipulators who have blackmailed government into bailing out their losses while they keep all the gains. When I objected to the seizure of the tapes I had made documenting all the market manipulations since they began they said that was absurd. NY banks did not manipulate markets. That was 1999. Today, the CFTC has been forced into investigating Goldman, Morgan Stanley and JP Morgan for a Commodity Manipulation. I believe this film is causing some scrambling. It has reached blockbuster level in Germany. It will be appearing in 80 cities simultaneously next year.
The takeover of Wall Street began with the takeover of Salomon Brothers by the commodity house that made all the money against the Hunt Brothers back in the Crash of 1980. Within just 10 years, Salomon got caught with their hand in the cookie jar manipulating the US Treasury Auctions. Warren Buffet then comes to the rescue and his marketing firm has done a fantastic job in putting forward an image of a knight in shining armor.
From that takeover of Wall Street by the Commodity trading industry, Wall Street was assimilated into a very different trading culture. From that event onward, the real downside of this takeover of Wall Street has been the fact that it transformed the big money center banks into aggressive traders. Profits trading were instant – while lending money for long-term to further economic expansion became the less lucrative bet, even though that is what creates jobs (not government Hillary). Trading makes money which is instant, but lending long-term creates and economy. The banks quickly learned how to hand the losses to government threatening them with the inability to sell their bonds unless they were bailed out. That was the beginning of the end.
This film is about the battle I found myself in with the “club”. The schemes kept getting bigger and bigger. Takeover government and repeal Glass-Steagall was just the start. Take over Russia and control commodities was the lofty goal. Everything became a strategy and a game – the combination of monopoly and chess. They saw me as influential and if they could get me to join, they saw the dollar signs in their dreams. Get me to put out fake analysis and we will all get rich. That was not something that interested me. But they did this for the Dot.COM bubble and paid fines for putting out bogus research. That was why they kept trying to get me involved – eliminate the independent research and control the flow of info as does government.
The world was becoming just a pawn of finance. The fate of nations no longer mattered. Every single thing became just a trade and the way to create the “perfect trade” was to control everything – not figure out how to actually trade.
I was interested in figuring out what made the world tick. You cannot spend billions of dollars. That is for power-plays, it does not change your lifestyle. The most expensive house sold was just under $150 million. Even if you filled it with rare art, you would be hard pressed to spend $1 billion. So making billions is for playing the game of monopoly – not lifestyle. So I was just never interested in such nonsense. I needed mental stimulation. It was more challenging to figure out the game than to just play it mindlessly without purpose. I had more than enough to come and go as I pleased and it came from trading and analysis I could be proud of.
I have witnessed the demise of the industry and how it has taken us to the brink of total chaotic destruction that has resulted in a G20 meeting that shifts the burden of bank losses to the people without NOTICE. This culture then infected all banks as victims as well as government. Literally, the takeover of Salomon Brothers by PhiBro opened the Gates of Hell. Goldman Sachs then took over J.Aaron to compete. Life has never been the same ever since. This proprietary trading has now threatened the entire world economy and the future of everyone for its irresponsibility. That is why I agreed to do this film – nothing else. I too have a family and I will not be here forever to take defend them against this insanity. |
|
|
|
|
Are you sure you want to get into an abstract semantic debate with me given I am programmer who makes my living programming in higher level semantics?
Please stop wasting my time. I am busy programming for profit and don't have time for your ignorant bliss.
Bahahaha! Don't argue with ME, I'm a super important programmer so I can't be wrong about anything ever. Fucking hilarious! Yes that is the way it works. I am correct, you are incorrect. Remember I was telling everyone in 2013 that Tor was not anonymous because of timing analysis due to being a low latency network and Sybil attacks on the relay nodes by national security agencies. And everyone thought I was crazy. And now we see new research that says 81% of the users can be identified. Sigh.
You fuckers lost the logic debate so now you predictably resort to ad hominem trolling. And you can't even do that convincingly. I doubt you could even find your way out of a wet brown paper bag. Typical socialist idiots with 10 thumbs. Cull fuckers! Cull yourselves! |
|
|
|
phillipsjk, good to hear.
Looks like we agree on we are headed towards convergence?
I hope not. As I said, I believe there should be a clear distinction between data and code. I was using lynx as my primary browser at least until 2005. It really stopped adapting to new HTML revisions after HTML 3.2. HTML 4 introduced style-sheets, which were never really implemented by lynx. I edited my post to explain I mean convergence via orthogonality and separation-of-concerns. If you are programmer (especially if you understand the Unix design philosophy) then you know the value of these concepts instead of trying to have one monolithic thing do everything you need. Then you can mix-n-match to retain the flavor you desire. HTML should not be a dominating force on how I can distribute apps as seamless content to my users. You may prefer a strict static content model without JavaScript, but other users have other preferences such as for some HTML is just a rendering engine that is used in some contexts within their stateful app. Developers should be allowed to serve all users well, including you (if there are enough of you, else you can roll your own). P.S. You are conflating the issue of good semantic design with the orthogonal issue of security. I fought against Daniel Glazman's spaghetization of the orthogonality between code and data with XBL (because CSS was not the correct semantic layer to bind code!). I was for registering events instead of embedding them in the HTML file. Etc.. But I don't think you can build a dynamic web page and not have any code manipulating the page. We are talking only about good semantic programming, not about security unless it is just security theatre. The broader the scope of your sandbox, the less fined grained permissions you need to ask the user about. Because users have no fucking clue and just click "yes" any way, so then you don't have security. Android is trying to design to reduce the need to ask the user for permissions. |
|
|
|
phillipsjk, good to hear. Yeah I would prefer the web browser be a rendering (android.app.)Activity or Fragment and provide an HTTP ContentProvider which can be hooked into it (or substituted) and not try to be the OS. Orthogonality and separation-of-concerns. Looks like we agree on we are headed towards convergence? P.S. In the transposed direction of misuse or incorrect design, I was listening to this masscan developer explain (how to scan the entire internet in 3 minutes with commodity hardware) in his C10M video about how web servers shouldn't move packet processing into the OS by using threads, because Linux was not designed to be real-time OS but rather optimized to be a multi-user OS. And instead do the logic in user mode. |
|
|
|
|
In Android, your application’s Activities, ContentProviders, etc have a Uri. Thus, I can envision when you type the app Uri (or its abbreviation) in a browser, you run the installed or install the app. So it can become as seamless as the web. It appears disjoint for now and the web appears to be easier and more readily accessed, but it doesn’t have to remain this way. Then web sites could also be placed as favorite icons on your desktop (which you can do now but not so easy or readily achieved as installing an app and seeing its icon appear there).
|
|
|
|
I am still unconvinced that HTTP is going to die - IMO it is going to *change* (perhaps too gradually for the OPs liking) and things like CIYAM Open are starting to show just how far it can change (to become a "secure" and stateful protocol).
I am not convinced it needs to die. For example I think perhaps it can even sit on top of an high latency network anonymity layer as it does on Tor now, just sans the exit nodes. My point is HTML5 is no longer in control. The web browser stranglehold is evaporating finally! Yahoo! So we are free to innovate on prior assumptions of low latency. Apps can more intelligently deal with high latency if the incentive is worth it (true anonymity). Users will drive the demand.
That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this).
I think the goal there is cross-platform support. The difficulty is that many of those "web apps" are just ActiveX programs, negating any cross-platform capability beyond Ms Windows iterations. I suppose easy updating is a benefit as well. Businesses are conservative (with their internal apps) because maximizing adoption is not their goal (a category error unless they get push back from employees but web apps aren’t that far behind yet). So they want the most accessible and most ubiquitous platform. I’m ecstatic that most of the votes are No. This means I am still (even 10 years hence) far ahead of most people. I assume most people haven’t quite yet grasped why HTML (static documents, a 100% immutable declarative language) was a special case that would not apply forever into the future. Humans are like that. They project the present into the future, without thinking about what made the present and what changed.
Well, that is obviously where we disagree. I believe that there should be a separation between code and data. I will be sticking with HTML 4.01 Strict, despite the W3C making HTML5 a recommendation. IMO, you simply can not have a secure web-browser if it runs arbitrary code. (HTML5 got rid of the DTD declaration: meaning that changes to the standard can be implemented without updating the standard changing the version number) You suffer the same myopia that the W3C did when I tried to explain to them that cross-site script injection was a non-security hole, but rather the holes in the outer sandbox were the problem. And by limiting what code sites could load, we were not increasing security but decreasing functionality and creating kafkaesque, security theatre. Android finally got it correct and each app runs in an process sandbox, so bad code can’t do anything external to the app. The app can only write to its private section of the file system, unless the user has authorized other permissions. W3C had effectively moved an operating system concern into user mode. What a fucking load of unnecessary tsuris! The same myopia I was battling 10 years ago on W3C discussion lists. I gave up! It is like an irrational religion. Despite it's history of security vulnerabilities, (and the run-time being bundled with browser tool-bars), I think JAVA (including applets) is a better approach to running untrusted code in a sand-box. Leave HTML to serve up static web-pages. The problem is that developers do not like it because the users get fine-grain control over what the software can actually do. For example, the user can prohibit network or disk access.
Separation of code and layout+static content is a good programming paradigm for semantic reasons, but it is orthogonal to the security sandbox issue. And this is how it is done by default on Android with XML resources and code. On Android, I can choose from dozen languages that run on the JVM, including Jython (Python), Java, Scala, etc.. The entire web page should be sandboxed in its own process and let the developer do what ever he wants. For static web pages, you don't need to spend a process on each one. It is as if the W3C never made the fundamental categorical distinction between a long-lived (stateful) app and a stateless static web page. You know why? Because they (just the EU beaucrats) didn’t want to lose control and give up their importance and power. Also because they believed in some religious purity of a declarative (immutable) nirvana paradigm (where everything is so purely defined, semantic, and contained, etc). The top-down, oppressive, religious micro management by the W3C was really a drag on my creativity. |
|
|
|
hamiltino, yes (from your Youtube slander) ignorance is bliss and you are suffering from it. The slick salesmanship marketing videos you linked to did not address the technical issues in my second reply to herzmeister. Specifically afaics MaidSafe has no designed ability to deal with the bandwidth economics. Please don’t post more redundant noise (herzmeister already posted one of those slick marketing videos that lack sufficient technical details) in this thread until you've done your homework. This is a moderated thread and I will delete obnoxious or excessive noise. High signal-to-noise ratio content is always welcome, most especially if it teaches me something I didn’t already know, changes my mind on some issue, or helps me to see how others are thinking about things.
Update: I see he edited his message to remove the links to the marketing videos and he instead inserted a link to some vague forum post that doesn't address the bandwidth economics issue at all. Here are the links he deleted from his post: https://www.youtube.com/watch?v=Jnvwv4z17b4&list=UUhDck5R_C9i6XTrS66tbwOwhttps://www.youtube.com/watch?v=txvKSeCaEP0&list=UUhDck5R_C9i6XTrS66tbwOwAlso I see David Lavine confirms my assertion that MaidSafe doesn't provide IP anonymity: https://www.youtube.com/watch?list=UUhDck5R_C9i6XTrS66tbwOw&feature=player_detailpage&v=_NBrIJrULaM#t=177Because you only need to compromise the 4 nodes closest to you (i.e. analogous your entry guard nodes in Tor). Also he never answers the question as to how consensus is reached: https://www.youtube.com/watch?list=UUhDck5R_C9i6XTrS66tbwOw&feature=player_detailpage&v=fmW9feSp0xMHe side-steps the issue of how disagreements within the local set are resolved. Shrinking the set to any membership larger than 1 means you still need a consensus mechanism. Yet another example of him being vague. |
|
|
|
I had an inkling with the "agree or disagree with OP" poll; but dismissed it.
I’m ecstatic that most of the votes are No. This means I am still (even 10 years hence) far ahead of most people. I assume most people haven’t quite yet grasped why HTML (static documents, a 100% immutable declarative language) was a special case that would not apply forever into the future. Humans are like that. They project the present into the future, without thinking about what made the present and what changed. Remember I was telling everyone in 2013 that Tor was not anonymous because of timing analysis due to being a low latency network and Sybil attacks on the relay nodes by national security agencies. And everyone thought I was crazy. And now we see new research that says 81% of the users can be identified. Sigh. |
|
|
|
However there are always things developers would like to do which fit within a security sandbox model (e.g. Android OS‘ s sandbox) but which can‘t be done with the standard features provided by slow moving web standards. For example, tighter integration with other apps. On Android OS, I can write an Activity, Service, ContentProvider, or Intent which can interact with other apps in the system within the security model. I explained some the ramifications of this more deeply. Okay - I read that (thanks for the link) - but am still not really convinced that we are talking about something that is much more than what MIME already allows you to do (i.e. I could use a different PDF viewer in my browser if I plugged it in so I am not *stuck* with any particular one and the same for any other MIME type of content). There are features you can do on an app today that you can’t do yet in HTML5. This will also be the case in the future, because the web standards will always be moving too slow because they are top-down managed (e.g. by such as my old nemesis Ian Hickson and Daniel Glazman of Apple). For example, the ability to control the entire screen space or the Activity queue for the hardware back button on Android, etc.. Being able to access the external SD card. Not being limited to 5MB for the SQL database, etc, etc, etc.. I was trying since 10 years ago to get them over at W3C to make the web standards with a more open and orthogonal security model like Android has and more flexibility so we could write apps (that is how far into the future I was able to see, way before anybody thought of smartphones I was already envisioning it). I got tired of arguing with them. My name is listed on the CSS2 standard for example for my contribution on the discussion lists.Yeah eventually the web browser can standardize popular features that apps do, but they will always be several years behind the innovation. And thus apps will win. Decentralization scales faster than top-down. 10 years of lost time is proof of that! The web browser won for static documents because there wasn’t that much you could do with them that would be so much more awesome in an app. Thus lack of fragmentation and the ability to "write once, run every where" was a more important consideration. But the dissatisfaction with the browser ever since DHTML (e.g. the move to Flash) has been rising in a pressure cooker and now apps have been the release valve and there is no turning back! And with Android taking 50 - 80% marketshare globally, soon it will be a no brainer. You will write to the web browser when you can get by with it and it is easier. You will write an app when you need the best user experience. Once we tack on high latency network anonymity, the pressure to move to apps will increase. I am no iOS fan btw (in fact I have a Samsung Galaxy S3) so let's not get bogged down in iOS vs Android (I am more interested in why you think HTTP is going to end up being scrapped).
Living in China I can tell you that HTTP is about the *only* protocol that doesn't get *blocked* here (I cannot view HTTPS from numerous overseas websites without going via a proxy).
And also I would never trust anything on Android in China (nor iOS).
We might still be able to run the traffic over HTTP, we can probably just wrap the high latency functionality around it. I was thinking a little about the tradeoffs, but not too in depth yet. Spend some time on mobile in a web browser versus an apps so you can experience the reason user’s prefer apps for things they access everyday. For the odd website they access infrequently they won’t bother with an app, but we developers can make app installation more seamless with visiting a website to overcome this.
That could be argued for any OS - yet web apps have become more and more predominant (especially in business - if you don't have a web version of a business app now you are *dead* and you just need to look at any major ERP system to see this). Yup that is what I would expect even though I don’t have any experience in those markets. In the future, users won’t even be able to discern whether they are in web browser or an app, and thus apps will have won.
I'd agree - except turn it around the other way - you won't be able to tell a web browser app from an app - so apps will have lost.  My implied unstated reason is because apps have more functionality and the app innovation will be leading the web standards which follow, e.g. if apps popularly and successfully move to adopting a high latency network anonymity model, then web standards will be forced to follow. Thus apps won. Writing apps for web is *much easier* and with tools like CIYAM it will soon be hundreds of times easier than writing using some normal app framework (please look into Software Manufacturing http://ciyam.org/docs/methodology.html which I have been working on for many years). I agree getting started writing an Android app took even me (a very accomplished programmer) several days. And I am about 2 weeks into it with only about 1000 lines of code accomplished. But I lost of lot of time perfecting my use of Scala to develop on Android with. But it should be possible to entirely emulate everything you can do in a web page or web app, and add hooks to more things that can be accessed via JavaScript interface to the native system. Perhaps you can explore this for your framework at the opportune time. As always, paradigm shifts open up a lot of new opportunities. Not one size fits all, which is the whole point. So rapid development environments that provide the best of HTML5 with some benefits of app-side, might be popular, but I am not signing up for thinking that marketing out. |
|
|
|
Among the possible reasons that did not prosper are because it was too narrowly focused on rich media, there were not these hardware features of smartphones that required breaking out of the web sandbox to fully leverage, and web browser vendors in cohorts with the W3C were eager to keep developers inside a restrictive sandbox. The difference is Android has already displaced the web browser on mobile, so this isn’t conjecture. Now it is just the PC and laptop yet to conquer. If I want to receive SMS message notifications on Android, I need to program for Android OS not a web app (or maybe there is or will be a web standard hook for it, but there will always be new things for which there are not). For example Facebook recently required everyone to install their mobile app so they could give uniformly better chat features to all on the network. Spend some time on mobile in a web browser versus an apps so you can experience the reason user’s prefer apps for things they access everyday. For the odd website they access infrequently they won’t bother with an app, but we developers can make app installation more seamless with visiting a website to overcome this. In the future, users won’t even be able to discern whether they are in web browser or an app, and thus apps will have won. |
|
|
|
Cross-posting this math discussion about anonymity from another thread... I request we continue to delete our upthread posts on each reply as I have done, at least for as long as this sub-thread is of reasonable length. Hopefully we can reach agreement now. I kindly request you to delete your prior posts upthread on this sub-thread of discussion as I have done also. So as to not clutter the thread, our entire discussion is quoted in this one post below. anonymity is a myth
someone somewhere always knows
Actually as an expert computer scientist, I assert that is not true. I have explained that a high-latency redesign of Tor would be anonymous: Anonymity: Death of the Stateless Web (a.k.a. “Tor Is Not Anonymous—Web Paradigm Shift Underway”)You would be correct if you instead wrote, “if someone could correlate all the data in the world for infinite time, they could always know”. being a mathematician i know full well there are no secrets, if it is anonymous it would not be long before it is not. it is the same as saying the code is unbreakable as the recent news on tor proves as well http://betanews.com/2014/11/19/new-report-claims-81-of-tor-users-can-be-identified/You did not read the link I provided to you. In that link I explain that the reason Tor is vulnerable is because it is a low latency design. That exploit you linked to is well known to be caused by traffic analysis (confirmation) because of the low latency design. I have proposed how to make an improved Tor that is high latency and truly anonymous. Please write down some math that you are using to justify your claim, so I can discuss with you in your mathematical perspective where we differ. I have some math capability also. done deleted posts read your post did not say much about the encryption tor is vulnerable because it is mathematically encrypted ergo it can be mathematically unencrypted not much to go into really, anonymity is achieved via encryption, encryption can be broken, yes a lot of resources required but it can still be done. so if someone really wanted to see what was going on all they need is the resources, usually government/military. the current project I am excited about at the moment is where electrical signals from the brain are being translated e.g. if i think food the receiver reads the electrical brain signals I have at the time and translates this into the word food This would defeat anonymity completely unless you are wearing funny hats. I've done extensive thinking about the breakage of the encryption and that is why I favor Lamport signatures, Mceliece public key cryptography, and not using public key (i.e. using symmetric cryptography) as much as possible. There is no reasonable quantum computing resistant Diffie-Hellman key exchange, so I am thinking we can eliminate it from an improved Tor by sending a Nonce to the prospective relay encrypted with its public key, then the encrypted (in our public key) reply must include the Nonce. The entire reason Diffie-Helman is needed in Tor is because the prior relay hop could inject its only symmetric key instead. All encryption will eventually be broken and I made this point in a long discussion (READ THIS LINKED POST!) on this forum with smooth about how all anonymity can eventually be broken ex post facto. But as I stated in my first reply to you, this requires the adversary save all the data. For example, a global national security PRISM adversary can’t save the data mixes we do offline. This is why I am arguing to use only quantum resistant encryption for anonymity aspects and to use much larger key lengths than we think are necessary. Note I will be cross-posting our excellent discussion to that thread I linked in my first reply to you. Being able to read the brain’s thoughts could indeed make anonymity much more challenging, but we are at least a decade from that being something the authorities can realistically deploy and even then it will probably require they get proximity to your brain. Our physical bodies are going to become a burden. Hopefully by that time we can upload our brain to a computer, put our body into zombie state, continue thinking there on the computer, then download it back to biological brain copy later. In that way, we could side-step the authorities anew. You see technology is not asymmetric in support of socialism. We just have to be willing to find the solutions for liberty. I hope I have inspired some libertarian readers! Outstanding I agree completely, anonymity can be achieved as outlined above and should be, but not at the expense of user acceptance that it is a fail safe and completely anonymous to all giving a false sense of security. This has been an excellent enlightening discussion on the road to complete anonymity thank you You reminded we need to inform the user as to limitations of anonymity. Tangentially I note this thread is about to attain 40,000 Views.  |
|
|
|
|
Show Posts
