image

August 8, 2012

Solutions to Security, Privacy, Identity and Censorship

Filed under: Uncategorized — admin @ 12:06 pm

A couple days ago I came across The Digital Imprimatur, an article from 2003 warning about the dangers of restoring user identity on the internet. Not realizing it was nearly 10 years old, it aroused some serious concerns in me about the possibility of requiring every user to be authenticated. But then I sat down, and thought about the technology of it, as well as the economics.

FUD had clouded my thinking. Here is what the founder of AutoCad, who wrote that document in 2003, was missing: both users and networks have a choice. Once again, the solution is decentralization. And that is largely what happened — in nature, as in human affairs, centralization is very hard to maintain.

Here are my positions:

  • For one thing, I like that there is a dichotomy of users and servers. For many things, this is important. But I would rather say that there are users, and there are networks.
  • I don’t like anonymity for everything because it has serious drawbacks (spam, people can create unlimited accounts, engage in illegal trafficking etc.)
  • But at the same time I don’t like the possibilities that arise from everyone being forced to use some officially issued certificate.

And here are the conclusions I arrived at:

1. Eliminating Spam: Any network, which is concerned about user account spam, simply needs to tie them to something expensive (e.g. a cell phone line that can receive SMS). But it doesn’t have to be traceable — for example, it can be tied to bitcoins or some other currency based on solving difficult mathematical problems with a finite solution space. Anonymity of the account’s owner can still be preserved while eliminating spam.

2. Reputations: A user can still create fake accounts (e.g. for the purposes of anonymity), but each account will have a reputation and be traceable throughout the network where the account exists. So the cost to this user of ruining their reputation (by trolling, or being dishonest, or a myriad of other drawbacks of untraceability) would rise the more the user invested into their account.

3. Verification: A user account on a network can be marked as “verified as who this user is” — for example Twitter’s verified accounts, or Reddit’s IAMA. The network declares the user’s identity, and can store other private things about the user (such as their gender, medical history, etc.) with various degrees of certainty. Internally, the network can use this information about the user. For external consumers, the network may have a privacy policy that the user would rely on when voluntarily divulging private information, such as their identity or medical history.

** HERE, by the way, we should have law enforcement for demonstrable breaches of privacy and security policies. Notice that privacy and security is closely tied to identity. For example, Apple and Amazon recently had major security problems stemming from their policies about identity … I say we need law enforcement rather than merely just some anarchist idea of reputations because small, fly-by-night companies may not care about their reputation and may violate their privacy policies more frequently than large corporations like Apple **

4. Certificates: It is the networks that should have certificates, so the users know who they are connecting to.

Any network could obtain its certificate from an agency that the USERS TRUST. This is already happening with e-commerce. It doesn’t have to be a government, necessarily. At the end of the day, though, the more people trust the agency that issues the certificate, the more people will trust the certificate.Networks such as google that become well-known enough can issue their own identity certificate, acting as their own certificate authority.

Networks would use their certificates to sign information they believe to be true at the time of signature, so that anyone can verify this information without having to query the network, even years later.

5. User certificates: All the verification described in step 3 can be exported by the network to others using certificates. The user can download a certificate showing that they are indeed “Bill Gates according to Google’s verification” or that their medical history is indeed “verified by hospital X at some Y point in time.”

In fact, these signatures can verify entire histories from various different users on various different networks — with entries such as “doctor X saw medical history at point Y and made diagnosis Z.” At point Y, the doctor trusted your medical history from other networks / institutions they respected. They signed not only their diagnosis but the fact that they are doctor X, and they saw your medical history at point Y, etc.

6. Signed software: Certificate holders would be able to sign software that they release. Operating systems and browsers would be able to revoke trust in the software if it is found to be malicious or contain serious security bugs. There would be accountability for software writers who write viruses, have irresponsible security etc. proportional to the cost of obtaining another identity in a trusted network.

In the App Stores (pioneered by Apple, and now cropping up everywhere), software is signed before being “put on the shelf”. This is just the beginning, but in the future, there could be lots of competing app stores and networks certifying software for every platform. Antivirus companies would have a valuable role in testing for security / malicious software and recommending revoking this or that certificate that the software is safe.

Revoking the certificate of certain software does not mean that the users have to lose all confidence in the vendor. In fact, the app store or security company or white hat hacker can contact the vendor with the vulnerability, and allow them to quietly fix it if they believe the vendor to have made a good-faith mistake and did not intend to write a virus / spyware. A responsible time frame for an update can be set before the security flaw is publicized. If the vendor releases the update in time, then all users will see is that version X has a security flaw (and threat level), but there is already a newer version submitted by the vendor. Thus, the vendor’s reputation may actually increase because of their responsiveness, and software will not need to be “pulled off the shelf”.

7. Software on the web: Currently, the way web browsers work, we have to trust whatever is delivered to our web browser by the server. Browsers should start being able to verify the signature of web resources they download. If the server claims that a given resource has been verified by some network, the browser should be able to verify it with that network’s certificate.

In addition, users can be tricked into providing their credentials (such as passwords) to any malicious web site, which simply emulates an interface from their trusted site (such as a facebook login). Right now, this is solved with popups, but a much more elegant solution would be to allow some iframe to have the highest z-order (i.e. “be on top of everyting”) so nothing can hijack the user’s input into it.

I make both proposals here in more detail:
http://news.ycombinator.com/item?id=2024164

In fact, right now entire operating systems like the MacOS have the same problem. Any application can spoof the system’s administrator credentials dialog and capture the user’s root password, using it to take over the system. This can be easily fixed by having the system ask you to enter some favorite phrase of yours when you first install it, and then showing it back to you in the credentials dialog. All Apple would have to do is make sure the dialog is on top of everything, and apps can’t capture a screenshot of what’s inside — just like they do for DRM movies.

An aside: I once emailed Steve Jobs about this, but didn’t hear back… if there was a security company for operating systems, I would report it there and Apple would have a time frame in which to fix this exploit before it was publicized 🙂

8. Patents and Governments: Well, since things are decentralized, and patents/copyright rely on centralized systems (governments) and agreements between them (treaties, etc.) the situation is a toss up. I would say that, in general, since in any given system ultimately trust is usually concentrated in at most a few popular entities that have the resources to actually verify the software (e.g. all competing App Stores for mac), it won’t be tough for a government to intimidate these entities into revoking a software’s certificate.

Unless, of course, we combine part 2. untraceable accounts with reputations, with part 6. signing software, and get “shadow organizations with reputation for verifying software for security holes” … which might be useful for verifying things like whether freenet or perfectdark is still secure. Then, governments wouldn’t be able to stop the distribution of the software, nor force these untraceable organizations to revoke the certificate — fooling the users — and yet the software can still be audited in a meaningful way by the community.

In any case, all these things are side effect of centralizing trust in people/companies with good reputations — whether they are traceable or not. In the future, we may figure out better ways to distribute trust across the entire network. Bitcoin is an early step in that direction, I think.

In Conclusion

When I first read the The Digital Imprimatur, I thought was a recent article. It certainly could seem that way, given the concerns we have today, almost 10 years later. With today’s discussions about government spying on its citizens with drones and other things, the right of the people to peaceably assemble must be protected, and indeed some non-democratic governments were overthrown as people used the internet to organize. In repressive regimes, darknets can be used by people to communicate freely, and the same tools are used by people for notorious purposes such as trafficking drugs. Suppose human trafficking took place and we couldn’t find out who was doing it. How much anonymity should a system allow? These are difficult questions.

When copyright gets involved, the USA and other parties to the Berne Convention sometimes propose (and pass) draconian regulations, or simply take down websites irresponsibly or take down entire businesses before a trial has taken place. Technology such as DRM certainly has some legislative muscle behind it.

But as long as there are alternatives available to people, as long there are decentralized choices, we should be fine.

I hope that some of the suggestions in this article are ultimately implemented, because I think good things await us if we move in those directions.

– Gregory Magarshak

24,475 Comments »

  1. After going over a number of the blog posts
    on your website, I really appreciate your way of blogging.
    I book-marked it to my bookmark website list and will
    be checking back soon. Please check out my website as well and let me know
    what you think.

    Comment by bangalore call girls — October 28, 2020 @ 8:43 am

  2. online casinos casino online casino real money online slots

    Comment by IllilmCex — October 28, 2020 @ 8:56 am

  3. Hey I know this is off topic but I was wondering if you knew of
    any widgets I could add to my blog that automatically tweet my newest twitter updates.
    I’ve been looking for a plug-in like this for quite some time
    and was hoping maybe you would have some experience with something like this.
    Please let me know if you run into anything. I truly enjoy reading your
    blog and I look forward to your new updates.

    Comment by Poolleiter, — October 28, 2020 @ 9:00 am

  4. Right here is the right site for anybody who really wants to understand this topic. You understand a whole lot its almost tough to argue with you (not that I personally will need to…HaHa). You certainly put a fresh spin on a topic which has been discussed for many years. Excellent stuff, just wonderful!

    Comment by Irvin Rayyan — October 28, 2020 @ 9:01 am

  5. Its not my first time to pay a visit this website, i am browsing this
    site dailly and get good data from here daily.

    Comment by info — October 28, 2020 @ 9:01 am

  6. casino online slots free casino games slots for real money casino bonus codes

    Comment by invoincAnnuaph — October 28, 2020 @ 9:06 am

  7. Its like you read my mind! You appear to know so much about this, like you wrote the book in it or something. I think that you can do with a few pics to drive the message home a little bit, but instead of that, this is great blog. A great read. I will definitely be back.

    Comment by Wesley Shala — October 28, 2020 @ 9:06 am

  8. I like reading an article that can make people think.

    Also, many thanks for allowing for me to comment!

    Comment by Mabel — October 28, 2020 @ 9:14 am

  9. although websites we backlink to below are considerably not related to ours, we really feel they are basically really worth a go by means of, so have a look

    Comment by Buy cocaine online — October 28, 2020 @ 9:29 am

  10. Mixed results with antidepressants have led researchers to explore other
    treatments for depression, including electromagnetic
    pulses to stimulate the brain. wowviaprice where to buy viagra

    Comment by wowviaprice.com — October 28, 2020 @ 9:30 am

  11. It’s very effortless to find out any topic on web
    as compared to textbooks, as I found this article at this website.

    Comment by freesexcams.biz — October 28, 2020 @ 9:35 am

  12. It’s in fact very complex in this full of activity life to listen news on TV, therefore
    I only use web for that purpose, and get the latest news.

    Comment by How To Get 20000 Instagram Likes — October 28, 2020 @ 9:38 am

  13. Have you ever considered about adding a little bit more than just
    your articles? I mean, what you say is valuable and everything.
    However think of if you added some great photos or video clips to give your posts more, “pop”!
    Your content is excellent but with images and clips, this
    blog could certainly be one of the best in its niche.

    Fantastic blog!: https://gumroad.com/annabiolcbdoils/

    Comment by annabiol cbd oil — October 28, 2020 @ 9:42 am

  14. It’s wonderful that you are getting thoughts from this article as well as
    from our argument made at this time.

    Comment by Layla — October 28, 2020 @ 9:48 am

  15. Hi there i am kavin, its my first occasion to commenting anywhere, when i read this paragraph i thought
    i could also create comment due to this good
    paragraph.

    Comment by un careers unchannel — October 28, 2020 @ 9:50 am

  16. I am extremely impressed with your writing skills and also with the
    layout on your blog. Is this a paid theme or did you customize
    it yourself? Either way keep up the excellent quality writing, it is rare to see a
    nice blog like this one nowadays.

    Comment by unchannel — October 28, 2020 @ 9:57 am

  17. Thanks, I’ve just been looking for info about this subject for ages and yours is the greatest I’ve came upon till now. However, what concerning the conclusion? Are you positive in regards to the source?

    Comment by Lashaunda Kaighn — October 28, 2020 @ 10:01 am

  18. Excellent post. I absolutely appreciate this website.
    Keep writing!

    Comment by ฝาก10รับ100 — October 28, 2020 @ 10:12 am

  19. Hello there I am so thrilled I found your web site, I
    really found you by mistake, while I was browsing on Google for something else, Anyhow
    I am here now and would just like to say kudos for a marvelous post and a all round thrilling blog (I also
    love the theme/design), I don’t have time to go through
    it all at the minute but I have bookmarked it and also added your RSS feeds, so when I have time I will be back to read a great deal more,
    Please do keep up the excellent job.

    Comment by best boston seo agencies — October 28, 2020 @ 10:17 am

  20. Post writing is also a excitement, if you be familiar with then you can write otherwise it is difficult to write.

    Also visit my site; best erectile dysfunction pill

    Comment by best erectile dysfunction pill — October 28, 2020 @ 10:19 am

  21. Good web site you’ve got here.. It’s difficult to find high-quality writing like yours these days. I seriously appreciate individuals like you! Take care!!

    Comment by Randall Salois — October 28, 2020 @ 10:26 am

  22. Your style is really unique in comparison to other people I have read
    stuff from. Many thanks for posting when you have the opportunity,
    Guess I will just bookmark this site.

    Comment by Joinitu Daftar Agen Poker Android — October 28, 2020 @ 10:50 am

  23. Post writing is also a excitement, if you be familiar with after that you can write otherwise it is
    difficult to write.

    Comment by online casino — October 28, 2020 @ 10:53 am

  24. Hi! This post couldn’t be written any better! Reading through this post reminds me of my good old room mate!
    He always kept talking about this. I will forward this
    article to him. Fairly certain he will have a good read.
    Thank you for sharing!

    Comment by Login slot joker388 — October 28, 2020 @ 11:10 am

  25. I think everything wrote made a great deal of sense. However, what about this?
    what iif you composed a catchier title? I mean, I don’t want to tell you how to run your blog, however suppose yyou added a post title that
    grabbed a person’s attention? I mean Solutions to Security, Privacy, Identity and Censorship « My
    Life and Ideas is a little vanilla. You might peek at Yahoo’s front pge and note how they write article titles to grab viewers to open the links.
    Youu might try adding a video or a pic or two to get readers interested abvout
    what you’ve gott to say. In my opinion, it would make
    your posts a little biit more interesting.

    Comment by delhi escort service — October 28, 2020 @ 11:17 am

RSS feed for comments on this post. TrackBack URL

Leave a comment

image