Bitcoin Forum
November 05, 2024, 08:46:09 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 12 13 »  All
  Print  
Author Topic: Kim Dotcom Mansion: Press conference 2013-01-19 GMT  (Read 20489 times)
tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 03:00:31 AM
 #161

...
After many time-outs, I got on enough to get a test account.  After many time-outs on the e-mailed link, I got signed in.  Now I'm playing with it a bit, but my test upload has not gone through.  Understandable if this really is the most successful 'start-up' of all time, and I would not rule it out.
...
Update on Mega:  Tonight, from my satellite connection (and BSD box with chrome built from source) I got logged in after about 1/2 and hour.  This time I managed to get a 44 byte file uploaded.  Took about a minute at 1 byte per second.  So, it's 'working'.  Sorta.
...


Test/Update.  Things are working better today.  A long way from usable, but better.

If anyone is interested, here is a URL to an image with the key embeded.  Optionally, up to the bang could be given and the remainder (the decryption key part) could be sent via e-mail (or, say, single sideband radio for instance.)

https://mega.co.nz/#!Z8tQgbpC!Nv3Hlnxlh6p7tl3jGPU5Rlgsw4w7Cl4OOPdsMnkjDOQ

At the risk of (further) spamming the forum, I just want to see if I could make this an image:



edit: another test:

https://mega.co.nz/#!Z8tQgbpC!Nv3Hlnxlh6p7tl3jGPU5Rlgsw4w7Cl4OOPdsMnkjDOQ


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
tbcoin
Legendary
*
Offline Offline

Activity: 1022
Merit: 1000



View Profile WWW
January 22, 2013, 03:03:01 AM
 #162


Sorry for my bad english Wink
Bitcoin card for deposit and payment + Little POS
Donations:1N65efiNUhH6sEQg7Z6oUC76kJS9Yhevyf
Monster Tent
Full Member
***
Offline Offline

Activity: 238
Merit: 100



View Profile
January 22, 2013, 03:05:42 AM
 #163

Encryption is the new gun.

tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 03:36:41 AM
 #164

Encryption is the new gun.

Not really all that new though.  The magic will (hopefully) be making it easy, solid, and most importantly, default.  There was something of a push to try to get people to encrypt their mail and such when the big PGP brew-ha was going in the 90's.  It was to cumbersome and only a few people do it.  Alas, although encryption did take hold a long time later (and fairly recently) it did so in a way that was not protecting uses fully...and the US government is spending many billions of my tax dollars to exploit the situation.

I am really excited by the mega.co.nz thing insofar as it seems to be a model for how encryption should work...in a general sense.  If they can prove that it is workable it may be difficult for the competition to not follow suite.  I think that more and more people are getting a little bit fed up and suspicious about just how much they are being spied on these days and are starting to ask questions about why, exactly, it is so goddamned important to the powers that be that they are so anxious to be able to do this.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
January 22, 2013, 07:19:06 AM
 #165

Encryption is the new gun.

Not really all that new though.  The magic will (hopefully) be making it easy, solid, and most importantly, default.  There was something of a push to try to get people to encrypt their mail and such when the big PGP brew-ha was going in the 90's.  It was to cumbersome and only a few people do it.  Alas, although encryption did take hold a long time later (and fairly recently) it did so in a way that was not protecting uses fully...and the US government is spending many billions of my tax dollars to exploit the situation.

I am really excited by the mega.co.nz thing insofar as it seems to be a model for how encryption should work...in a general sense.  If they can prove that it is workable it may be difficult for the competition to not follow suite.  I think that more and more people are getting a little bit fed up and suspicious about just how much they are being spied on these days and are starting to ask questions about why, exactly, it is so goddamned important to the powers that be that they are so anxious to be able to do this.

+1, good analysis. I agree.

Maybe gmail could incorporate encryption.

Another big area is chat/videocall (skype). We need to move off this piece of shit, but the lock-in is tight. I can't help but think that M$ buying skype has had some gov. agency backing/pressure behind it.

EDIT: this goes in the right direction https://silentcircle.com/, but how to achieve widespread use?

EDIT2:

  • Freedom of economic interaction
  • Freedom of speech

I don't know which is more important.

Is there a right to encrypt? If not: we need that.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
2weiX
Legendary
*
Offline Offline

Activity: 2058
Merit: 1005

this space intentionally left blank


View Profile
January 22, 2013, 07:36:24 AM
 #166

gmail offering encryption goes against their business model.

you can use redphone for calls and text already.

silent suite looks good, tho - but i dont think a pay-solution will catch on.
herzmeister
Legendary
*
Offline Offline

Activity: 1764
Merit: 1007



View Profile WWW
January 22, 2013, 08:24:34 AM
 #167

Researchers Warn: Mega's New Encrypted Cloud Doesn't Keep Its Megasecurity Promises

just not do-able with javascript alone still these days i guess

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
molecular
Donator
Legendary
*
Offline Offline

Activity: 2772
Merit: 1019



View Profile
January 22, 2013, 08:40:51 AM
 #168

Researchers Warn: Mega's New Encrypted Cloud Doesn't Keep Its Megasecurity Promises

just not do-able with javascript alone still these days i guess

This is essentially the same problem blockchain or any other javascript-based wallet suffers from.

I'm guessing third-party plugins will pop up that verify the mega javascript code.

PGP key molecular F9B70769 fingerprint 9CDD C0D3 20F8 279F 6BE0  3F39 FC49 2362 F9B7 0769
tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 08:42:43 AM
 #169

Researchers Warn: Mega's New Encrypted Cloud Doesn't Keep Its Megasecurity Promises

just not do-able with javascript alone still these days i guess

The critiques I've seen so far strike me as mainly FUD and bunk.  If someone hacks into Mega's servers they can do a lot less damage than to almost anyone else's systems.  If people can attack https via mitm attacks and such, a lot of institutions have some big problems.  As for delivering javascript, seems to me that if this turns into a big problem Mega will be able to publish certified checksums or have some trusted third party do it which will make such an attack that much more difficult.

I personally am looking forward to accessing the service sans browser and javascript at all and as best I can deduce so far, this should be quite doable.  IOW, I think (hope) that delivery of the javascript in real-time is more of a convenience thing than a necessary function and the code could be implemented in a more simple, static, and auditable form.  I never had any confidence in browser plugins (for no particularly well researched reason though.)


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
pof
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
January 22, 2013, 09:15:25 AM
 #170



Test/Update.  Things are working better today.  A long way from usable, but better.

If anyone is interested, here is a URL to an image with the key embeded.  Optionally, up to the bang could be given and the remainder (the decryption key part) could be sent via e-mail (or, say, single sideband radio for instance.)

https://mega.co.nz/#!Z8tQgbpC!Nv3Hlnxlh6p7tl3jGPU5Rlgsw4w7Cl4OOPdsMnkjDOQ

At the risk of (further) spamming the forum, I just want to see if I could make this an image:



edit: another test:

https://mega.co.nz/#!Z8tQgbpC!Nv3Hlnxlh6p7tl3jGPU5Rlgsw4w7Cl4OOPdsMnkjDOQ


[/quote]

Why it doesn't ask me the key for decrypting? If the key is embedded in the link, how mega could act as it doesn't know the key?

hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
January 22, 2013, 01:01:06 PM
 #171

+1, good analysis. I agree.

Maybe gmail could incorporate encryption.


Not going to happen.

Just look at hushmail.com and how they were dealt with. As far as I know they did in fact offer actual embedded encryption meaning a user didn't need to do anything outside of merely logging in and sending an email to another hushmail user in order to have his correspondence encrypted. And while this still holds true for the contents of an email account they were since forced by LEAs (I believe at least that this is the case) to add algos that spy on emails in the moment before they are encrypted and sent out.

The only way this will become an industry standard is if some rouge companies around the world like Mega, not in anyway connected with the US, decide to take on and resist huge pressure by various states grasping for power and engage in a constant legal battle of survival and you can call me a pessimist but I don't see many people lining up to voluntarily seek a beating like Kim Dotcom is even though I sincerely wish there were..

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
hazek
Legendary
*
Offline Offline

Activity: 1078
Merit: 1003


View Profile
January 22, 2013, 01:05:35 PM
 #172

Researchers Warn: Mega's New Encrypted Cloud Doesn't Keep Its Megasecurity Promises

just not do-able with javascript alone still these days i guess

This is essentially the same problem blockchain or any other javascript-based wallet suffers from.

I'm guessing third-party plugins will pop up that verify the mega javascript code.

Are plugins once peer reviewed actually secure?

My personality type: INTJ - please forgive my weaknesses (Not naturally in tune with others feelings; may be insensitive at times, tend to respond to conflict with logic and reason, tend to believe I'm always right)

If however you enjoyed my post: 15j781DjuJeVsZgYbDVt2NZsGrWKRWFHpp
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1086


Ian Knowles - CIYAM Lead Developer


View Profile WWW
January 22, 2013, 02:07:45 PM
 #173

Are plugins once peer reviewed actually secure?

Of course there will always be problems even with this (and am going to be using the same approach as blockchain.info for CIYAM Open) but it is a starting point that can be worked on for improvement (setting up a whole new system of *trust* is not going to be anything easily solved).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
January 22, 2013, 02:27:29 PM
 #174

Why it doesn't ask me the key for decrypting? If the key is embedded in the link, how mega could act as it doesn't know the key?

I'm not an expert, but I think that when you share a link of your file, you are basically giving the recipient your public key , and he will decrypt the file using his own private key.

If you don't own the private keys, you don't own the coins.
TTBit
Legendary
*
Offline Offline

Activity: 1136
Merit: 1001


View Profile
January 22, 2013, 02:47:27 PM
 #175

Why it doesn't ask me the key for decrypting? If the key is embedded in the link, how mega could act as it doesn't know the key?

I'm not an expert, but I think that when you share a link of your file, you are basically giving the recipient your public key , and he will decrypt the file using his own private key.

You don't have to share the decrypt key in the link. You can provide just the link, and it will ask for the decrypt key (for that file). It is not publc/private keypair.

good judgment comes from experience, and experience comes from bad judgment
tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 06:01:38 PM
 #176

Why it doesn't ask me the key for decrypting? If the key is embedded in the link, how mega could act as it doesn't know the key?

I'm not an expert, but I think that when you share a link of your file, you are basically giving the recipient your public key , and he will decrypt the file using his own private key.

You don't have to share the decrypt key in the link. You can provide just the link, and it will ask for the decrypt key (for that file). It is not publc/private keypair.

Good clarification.

I would also add that Mega did not send the link.  I did.  The decryption key (again, NOT public/private keypair or 'asymetric' crypto) was generated by me on my own computer using javascript code which Mega delivered to me when I logged on.  Part of the input that this code needed was my password.  Mega could not have generated that key because they don't know my password.

So far, I have not been able to even download the file.  I either get the temporarily unavailable message, or things seemingly start and never complete.

I have played with things enough to figure out how folder sharing seems to work.  It seems that in order to share a hierarchy of files, one needs to input the recipient's e-mail addy (which, presumably, means the recipient needs a Mega account.)  I had hoped that there was some magic by which this was not necessary (like, say, encrypting all files within with a 'folder key' or something along those lines.)  Oh well.

---

I do share Hazek's pessimism that these guys will be attacked on all fronts by the state(s) who will and always have gone to great lengths to make sure that they at least can monitor all of their subjects.  The US has bumped 'can' up to the level of 'do' much much more than I am compfortable with.

I find it noteworthy that Mega has chosen as a centerpiece of their efforts a universal statement of human rights, and one that I believe in fiercely.

Cribbed from Mega's web page:  'Universal Declaration of Human Rights, Article 12'

  "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence. Everyone has the right to the protection of the law against such interference."

Bitcoin would do well to lean on this more than they already do IMHO.  Bitcoin, and crypto-currencies generally, are as much a moral thing to me as anything else.  To be honest, I was almost completely unaware of this 'universal declaration' thing until the Mega goings-on brought it to my attention but generally it is one of those things that one can just sense in their bones is 'right'.  Or at least it is to me.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
pof
Full Member
***
Offline Offline

Activity: 204
Merit: 100


View Profile
January 22, 2013, 06:35:48 PM
 #177

I would also add that Mega did not send the link.  I did.  The decryption key (again, NOT public/private keypair or 'asymetric' crypto) was generated by me on my own computer using javascript code which Mega delivered to me when I logged on.  Part of the input that this code needed was my password.  Mega could not have generated that key because they don't know my password.
Thanks, now i have understood!

tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 06:50:54 PM
 #178

I would also add that Mega did not send the link.  I did.  The decryption key (again, NOT public/private keypair or 'asymetric' crypto) was generated by me on my own computer using javascript code which Mega delivered to me when I logged on.  Part of the input that this code needed was my password.  Mega could not have generated that key because they don't know my password.
Thanks, now i have understood!

I might mention to anyone thinking about creating a Mega account to put more thought than normal into the password.  It is not just a typical web-site access thing (like bitcointalk.org, for instance.)

The password one chooses becomes an integral part of how access to all files that one stores.  I read somewhere that there is some protection against guessing attacks, but I don't know how it works and I am pretty sure that if one choose 'test123' that would render one's files readable by many many parties.

Currently the ability to change passwords is not implemented.  What one chooses one is stuck with.  I usually default to a non-trivial and unique password for anything I sign up for and did in this case, but had I realized how critical it was I would have been much more careful in choosing the Mega one.

That said, until the service becomes vaguely usable it's a bit of a moot point (unless one is silly enough to upload critical or important data in this early period where there are so many questions swirling around.)


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
herzmeister
Legendary
*
Offline Offline

Activity: 1764
Merit: 1007



View Profile WWW
January 22, 2013, 07:00:27 PM
 #179

and I am pretty sure that if one choose 'test123' that would render one's files readable by many many parties.

maybe that's the point  Smiley

https://localbitcoins.com/?ch=80k | BTC: 1LJvmd1iLi199eY7EVKtNQRW3LqZi8ZmmB
tvbcof
Legendary
*
Online Online

Activity: 4746
Merit: 1277


View Profile
January 22, 2013, 07:18:10 PM
 #180

and I am pretty sure that if one choose 'test123' that would render one's files readable by many many parties.

maybe that's the point  Smiley

"You can lead a horse to water, but you cannot make it drink" so they say.

If Mega were terribly interested in subverting their advertised inability to access user's files, or were in cahoots with other parties who had such an interest, a) this is not the most reliable way to do it, and b) we've got other more significant things to worry about.

That said, the appropriate way to deal with any security issue is always to assume the worst as a starting point.  It well could be that Dotcom has copped a plea to get him off the hook on his past indiscretions and has agreed to run a monster honey-pot or something of that nature.  Again, that should be assumed to be the case by anyone playing with the service.  As time goes by, evidence supporting or going against this hypothesis will crop up.


sig spam anywhere and self-moderated threads on the pol&soc board are for losers.
Pages: « 1 2 3 4 5 6 7 8 [9] 10 11 12 13 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!