Fling:Anonymous Protocol Suite 223
_endgame writes "Fling is a new suite of internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable. Fling protects clients from servers, servers from clients, and both from an eavesdropper in-between. The result is that anyone can serve or retrieve any data, without fear of censure."
Fling (Score:1)
Kiss my ass Metallica! (Score:1)
Don't Want To Be A Spoilsport But... (Score:5)
Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.
PS: That said, I wish them luck.
Shaddap, you (Score:1)
Sounds Interesting - for possibly the wrong reason (Score:4)
One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.
I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.
Just a thought - I could, of course, be completely wrong!
Re:Don't Want To Be A Spoilsport But... (Score:3)
Early/Often bla bla... Looks neat though... (Score:2)
Seriously though, i think there is a need for a more modern, updated secure way to do this sort of thing. I think it is helpful if people can read what they want without fear of being profiled by evil govenrments (or even worse persistant spammers...) and I think it will allow people a little more freedom to be themselves.
Re:Don't Want To Be A Spoilsport But... (Score:5)
...phil
Re:Don't Want To Be A Spoilsport But... (Score:2)
yeah, looking at the little information that is available, i'm not sure anyone should be getting too excited yet. It doesn't seem like there is anything more than some descriptions of protocols that don't really exist. Not only that, I think credibility is hurt by what "Fling is deliberately designed to protect":
Porn and the sex trade
Political dissidents
Unpopular opinions
Free (libre) online traders answerable only to trustability guarantors
Sale of government-disapproved goods
Anonymous, unreported e-cash transactions
Anyone whose rights are being ignored or legislated away
To me, those aren't the REAL reasons anyonmous protocols are needed. I think the first one, "Porn and Sex Trade" should worry us. Do we really need a way for people to pass around child pornography without having a way to find out who they are (so we can stop them)?
This might have just been attempt to get some attention on slashdot....
---
Pissing Contest (Score:2)
Re:Don't Want To Be A Spoilsport But... (Score:2)
Indeed... Little specifics are given as to the details of the protocols, routing methods, etc. IMHO, the routing techniques he describes will incur significant overhead. I don't think this service would be useful to many people.
Better to check out existing services that provide anonymity, security, etc. There's a bunch out there that are already much better established and much better thought-through.
Afterthought: is it really a good idea to implement these ideas on the protocol level? I would think that abstraction principles would dictate that security and anonymity are better implemented in higher levels of abstraction...
Re:Don't Want To Be A Spoilsport But... (Score:1)
Two problems... (Score:3)
In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.
The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!
The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!
Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.
In principle it's cool (Score:3)
Plus if my PC ends up routing mp3 files for other people using my 128k connection I wont exactly be pleased.
Added to this I would expect that there will be quite a reasonable bandwidth overhead given all the layers of encryption.
Certainly as a system for trading textual data it's reasonably sound but then usenet probaly works just as well for most people.
Added to this for a user to keep information persistantly on the network they still must be permanantly connected... which isn't really an option for opressed tibetan monks is it..?
we need convergence (Score:2)
Is it my imagination... (Score:2)
Anti-tax philosophy (Score:3)
...phil
Re:Fling (Score:1)
javajawa# sleep
This is JUST a theory... (Score:1)
Someone above said that RIAA and MPAA and AA and whatever would TRY to put the kibosh on this: WHY? Even if tried I doubt they could. Consider this: An IP is like a phone number. The web logs on a box are like caller id. So aren't we just developing something that blocks the caller ID info (like *??)? And that certainly hasn't been deemed illegal.
Also, I imagine, SOMEWHERE, there will be a log of our activities- even though we blocked our caller ID, the phone company still has that information of the call. I'm sure there could be found a "packet log" or some such somewhere.
A step in the right direction, I think, but I don't think it's the solution.
a bit premature, but interesting (Score:2)
Apart from the music and software industry people attacking this if it ever comes to fruition, wouldn't many systems and networks administrators be wary of it? It seems like something like this would make for some really nice DoS attacks even more untraceable than the current ones already are. So, unless I'm misunderstanding something, I'd expect opposition from a lot more fronts than just the entertainment groups.
It's sort of a hard question, should we introduce new technologies that make it easier for jerks to cause trouble if they're technically superior but don't really cause any huge huge problems? (I know this is a good idea, but how many people have really been censored or persecuted online who wouldn't have been if they used these protocols? From the cases I've seen I don't think this would actually help, but I could easily be wrong).
SourceForge projects (Score:1)
Certainly, there are a lot of very interesting sounding projects (like this one). But, about 95% of them are in the "planning" stage, 4% are in "pre-alpha" and only 1% actually got somewhere. The most accomplished project I saw was a map viewer/editor for blackisle games.
Anyways I think my point is that posting stories about vaporware someone turns up on sourceforge is a bit silly. For example, have you checked out Arianne RPG [come.to] since its slashdot debut? About the only thing they got done is a new webpage. That story was posted like 3-5 months ago.
---
Re:Don't Want To Be A Spoilsport But... (Score:3)
Well, we're not really willing to simply *trust* that the law will protect us. We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored.
A fine manifesto (Score:1)
Noble concepts, they might (or might not be), but it's not exactly well reasoned, defended or explained. It certainly isn't well demonstrated.
Good ideas? Good intentions? We could all come up with better sitting in the bar with a few cold ones.
What is it that they say about the road to hell?
Re:First Paragraph... (Score:1)
So you don't have a license plate huh? And maybe the make of your car can change? God damn, you've got a freaking Bat Mobile.
PS. The Preview button is definitely there for a reason...
Re:First Paragraph... (Score:1)
Can you spell "fiber optic capacity doubling every six months?"
Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.
Who defines the right times? If it's the end user, then we allow abuse by end users. But if it's corporations or governments, we allow abuse by corporations or governments. I'd rather have end user abuse, myself.
banner hits (Score:1)
This is politically overboard. (Score:2)
Taxes (Score:2)
Re:Don't Want To Be A Spoilsport But... (Score:1)
I think you have a really good point here. I find myself not wanting to agree with you, because I think (and I'm sure most people do) that "scumbags" should be censored. But as you say, how can we censor them, without censoring ourselves? And if we could find a way to do so, then how do we go about determining who is a scumbag and who isn't?
Like I said, Good Point.
---
The rest of the world... (Score:3)
The economy is globalizing quickly, and daily interaction across the globe is paramount. So considering China just recently picked Linux over Windows95/98 because it can examine the source code to make sure there aren't any caveats that the US could use to sabotage them in a crisis, and on the other hand, the US is so paranoid about other countries being super-secretive that they delayed the release of Apple's G4 machine because it could perform well in encryption/decryption. Would the US allow China to have this Fling technology? Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?
This project may be doomed to the "oh-that-was-a-neat-trick-but-where-is-it-now?" hall of fame from the start.
Re:First Paragraph... (Score:1)
No, what you're talking about is license plates - that's how you're discovered. Window tint would just make it harder for you to see the old ladies. Wear some glasses ala Clark Kent, and take off your license plates. Maybe stop at the car wash on the way home to wipe off the mess.
You're right about non-traceability being bad, though. I reject traffic coming to my machines if I can't tell who it's coming from in every case that it's possible. I'm not doing anything malicious with anyone's info, and the only reason to hide from me is if you're doing something you don't want me to find out about. Well, I'd better be able to find out if my equipment's being used to do it...
Re:First Paragraph... (Score:2)
That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.
There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?
If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.
Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.
Re:Don't Want To Be A Spoilsport But... (Score:2)
DMCA sucks.
The therory is that if you control one part of the content on a network, you are responsible for all the content. This is prohibitively expensive for a university to keep squeaky clean.
In this way people who support censor legislation have in effect widdled a niche for child abusers to exist. No special (computer) protocal needed.
Wow... (Score:1)
And people bitch about RMS's software being political. Not that I disagree with their politics or anything, but it won't bring good press. Not that the press matters, or anything.
But this sort of flagrant politicism kindof colors the project...a person who would have a use for the Fling suite and would like to contribute to it may not because they don't agree with the idealogy.
But then again, that hasn't stopped too many people from working in GPL'd projects. I mean, there have been developers working on projects under the GPL who don't neccessarily agree with RMS's rants that "Proporietary Software is Satan."
Its a cool idea, and I hope it works. I know jack shit about IP, but Fling looks like it has a bit more overhead then the normal protocols. Eh.
Ah I don't think so... (Score:2)
You mean the bit where he says "Here's my public key" and you encrypt your public key to it and send it back to him? Might be succeptable to a man in the middle attack (You need to take additional steps to verify the authenticity of the server) but you can't derive the keys when they're transferred automatically any more than you can derive them when I E-mail you my GPG key. And having my public key buys you nothing (Other than being able to send me encrypted data.)
Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it. Is that guy one hop down downloading a file or is he just acting as a proxy/cache for someone else?
Re:A fine manifesto (Score:1)
It is paved with insert Political Leaning.
You can unpack this objectivist crap in about 20 minutes. Back to work...
Re:Don't Want To Be A Spoilsport But... (Score:1)
(OT) (Score:1)
Also, what's up with the new Slashdot icons? Bring back the crappy old photorealistic ones!
--
Re:Careful Boys (Score:1)
This is not how I would like to see things happen, but I think it is inevitable.
The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets.
But, on the bright side, maybe if one of these ideas can be implemented and achieve a critical mass like Napster, it will make enforcement like this practically impossible.
Re: (Score:1)
Re:Don't Want To Be A Spoilsport But... (Score:2)
Gun control laws prevent law-abiding citizens from owning guns. Not scumbags. So, even though scumbags will always be assured of having guns, upstanding citizens will not. I guess that theory is wrong.
-BrentRe:Ah I don't think so... (Score:1)
:) That wasn't quite what I meant...
Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it.
It's called zero knowledge [www.zerokn...argetblank]
Re:Sounds Interesting - for possibly the wrong rea (Score:1)
No you are completely right. Look at the comments above about censorship. The same idea applies here. How do HONEST (honest being a generic term here) people stay anonymous on the web, while not allowing the warez/mp3 doodz, child porn lovers, and the companies like you're talking about to enjoy the same anonymity? Sure I'd love to surf the web (even though this isn't what the protocols are for, its just an example) knowing that nobody knows who I am, but at the same time, I don't want some script kiddie cracking away at my box because he knows I'll never find him.
---
Re:Don't Want To Be A Spoilsport But... (Score:5)
In a word: Yes. We do. For the simple reason that there _is no way_ for any of us to exert our simple right to anonymity without having a way to pass round child porn too.
This is one of those circumstances where people will have to choose between a greater evil and a lesser evil. At risk of making myself very unpopular, I would suggest the evils that can come from denial of freedom of speech could be an awful lot worse than the evils coming from the hampering of one of the ways the police use to track down a class of particularly unpleasant criminals.
Put it this way: would you like every tiny piece of data about yourself in big government database, even though this would clearly help to catch many criminals, probably including some child pornographers? Supposing you didn't mind this. Now would you make it compulsory for _everyone_ to be in this database? That's what you're asking.
Supposing the goverment could identify the profile of a child pornographer with 90% accuracy from this data. So they imprison all the people with these characteristics. This is another way the government could reduce child porn, but few would argue that the benefits outweighed the drawbacks.
Re:Check out the philosophy page (Score:1)
2) So ? If the company is based somewhere friendly to it, it may be paying taxes there, but not being taxed out of existance.
3) I get the impression that Fling is more interested in keeping 3rd parties from knowing what is going on between A and B, than keeping A and B from knowing about each other.
Re:Don't Want To Be A Spoilsport But... (Score:2)
OT: Why does slashdot remove some articles and never keep them up on the site?
Re:First Paragraph... (Score:1)
Hrm what an idiot, must be applying for his MCSE
*click*
Guess I could flame him, might give me a kick, work is pretty slow
*click*
"Dear sir, enclosed is my private statement FYEO. I like to make up acronyms (not unlike my boss, who I obtained this habit from) so that you must figure them out. I would just like to say you're an idiot, and that whenever I drive around hitting old ladies, somebody always seems to see this reflective metal plate attached to the front of my car, sometimes denoted as a Liscense Plate. I have my winshield tinted because, as everyone knows, the first thing after an accident is to look at the persons front winshield to get a good look at them, the liscense plate is utterly useless. Anyway, just wanted to say good comment, solid structure and grammatical flow, great use of interpretive HTML tags."
*click*
idiot.
Acceptable DoubleClicking? (Score:2)
In an ideal world, producers and suppliers of goods and services would be able to know the needs of its customers as much as possible so that the products could be quickly optimized. If the companies could get this information directly from the consumer, then the rate of evolution could be faster than simply having one company wait until it realizes that its competitor is making more money from a modified version of the product.
It would also be nice if these direct customer queries were as unobtrusive as possible. Telephone surveys in the middle of dinner kinda suck.
These lead to a DoubleClick sort of idea. As I see it, the main problem with DoubleClick isn't that information is being gleaned from your private life, it's that the information can be directly traced back to you. They can claim that they will just use the information in aggregate, but we can't really believe them that they won't abuse the system.
But if they only used an anonymous version of TCP to transfer the data, then we could use technical means (personal firewalls, etc...) to make sure they're keeping their word. So we would get the best of both worlds: privacy, and better products and services.
--
Re:Careful Boys (Score:1)
Not quite with freenet. One of the design goals of freenet is you have no idea where the data is stored. I'm not sure how they implement it, have to read (as opposed to skim loosely) the docs again...
Re:Careful Boys (Score:1)
That would be the same as busting the companies that run routers over which you received the data, and thats obviously unworkable, here in the UK HMG are really screwing things up with the RIP bill which is almost as stupid, see Stand [stand.org.uk]
Um, don't you mean... (Score:2)
Do you mean steganography? Or should we start working on an RFC for SHTP (Shorthand Transport Protocol)?
:)
Re:Don't Want To Be A Spoilsport But... (Score:3)
It's more difficult than some people think. It's just as difficult as defining pornography. There's some people that know it when they see it. Funnily enough, to those people, nipples and clitorae are pornographic. To me, when I see guns, violence, and Microsoft Windows, those things look like pornography.
Without defining what a scumbag is, you cannot hope to censor them. If you misdefine what a scumbag is, then you'll certainly censor a person who doesn't deserve it.
The only solution is to allow all people to transmit, without censorship. We don't live in a safe society. The world is dangerous. Boo Hoo! All in all, I'd rather use my intellect to avoid or combat messages that I don't like. Every other animal has to use their feet to avoid a wolf's teeth that they don't like. What chance do the sheep have of ever "censoring" the actions of the wolves? None at all. The choice is clear: We can act like humans, using our brains to fight ideas we disagree with in an absolutely free forum, or we can act like animals and hope the wolf doesn't like the taste of woolly fleece.
Re:SourceForge projects (Score:1)
Re:Two problems... (Score:1)
So theoretically, the only way to crack this would be to compromise every server on the route you happen to pick. "Monitoring the beginning of the communication" won't do the attacker any good (and btw wouldn't even with Diffie-Hellman, unless attacker intercepted messages and replaced with his own). If you pick at least some well-known trusted servers, all in different jurisdictions, you should be fairly safe.
The main problem on a protocol like this, intended for real-time use, is traffic analysis. Message padding to all the same length helps, but to be really safe each server should hold messages for random lengths of time and send them out reordered. That's fine for email, but adds a lot of latency for generic TCP like Fling hopes to do.
Steganography is cool but no magic bullet--if everyone who requests a particular jpeg gets a copy with different low-order bits, a government can figure out that something's up.
Threat to our innovation (Score:2)
Re:Don't Want To Be A Spoilsport But... (Score:2)
This seems very irresponsable to me. This guy is targeting illegal markets ("Sale of government-disapproved goods", "Anonymous, unreported e-cash transactions"). He acknowledges that it could be a tool for money laundering, but then adds that it offers even more functionality. Money laundering and the Secure Assault Rifle eXchange Protocal (SARXP)? How could you not support it!?
In addition to the ethical concerns over enabling exchange of contraband and money laundering, I'm concerned that his idea of how to address disagreement with the policies of your local governing body is to hide your identity and disregard the law. I liked the article that was posted around the 4th about what happened to the signers of the Declaration of Independance in the US; it's a reminder that civil disobediance doesn't require anonimity. Using high ideals to justify being a punk and a thief does.
"Sweet creeping zombie Jesus!"
THIS IS NOT FRESHMEAT (Score:2)
Re:Don't Want To Be A Spoilsport But... (Score:1)
Guns are physical objects. Ideas are not. Ideas are therefore much more powerful than guns. You can't make a meaningful argument out of a forced analogy between the two.
Damned if you Do, Damned if you don't (Score:4)
Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.
What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves" [salon.com]
Anonymising: Hiding caller ID vs. hiding IP nums (Score:2)
caller ID vs. IP numbers
Reasons why an IP address is nothing like a telephone number...
Okay, the reason this isn't doable as you described is because your telephone is, in the main, a switched connection and the Internet is a packet connection.
Internet connections get split up into little segments called packets which are then routed by the best means available at that time. The exact route can vary from day to day (or minute to minute!). Ergo it is important to have the IP number visible to everybody, otherwise nobody knows where to send the replies back to.
Telephone connections (well in theory anyway) are not split up into packets. They exist as a static single connection from end to end (okay purists at the back stop squabbling, yes modern exchanges do use packets, but they also reassemble them to reform the single logical connection). Ergo you can safely hide your telephone number because the connection is already tied down at both ends and, most importantly, doesn't disconnect until the call is over (unlike an Internet connection which is lots of little brief connections and disconnections as packets arrive).
With a telephone, you don't need to know the callers' number, because remote end just replies to whichever line is connected. This wouldn't work with the internet, because the remote end could be receiving packets from thousands of different hosts in a very short time- there is no concept of a one-to-one static connection (not at the transport layer anyway).
And like you said, caller ID is only withheld to the person you're calling. You can be damn sure your telephone company know your number, who you called, and when! Then all the police or GCHQ or whoever have to do is ask your company for a copy of the logfiles.
--
Re:First Paragraph... (Score:2)
IIRC, in Arizona it is legal to have the tinted front windshield. A friend moved to NJ from there, and they had to get the windshield replaced before they could register the car. Pain in the @$$, that's for sure.
Falacies (Score:5)
- for i in `cat
/usr/dict/words`; do register $i; register $i.$i; done
And the internet is hereby mine!!! Muhahahaa.Re:This is JUST a theory... (Score:3)
Seriously, though, you need to reveal your IP address so the server can send back the information you requested. That's what servers do.
Re:Don't Want To Be A Spoilsport But... (Score:2)
You understand the difference between legality and morality, don't you? Right? Err... you do understand?
I'm concerned that his idea of how to address disagreement with the policies of your local governing body is to hide your identity and disregard the law.
I wouldn't put it this way, but now that you've formulated it, I would tend to agree with this. This is good advice, particularly with regard to hiding your identity.
it's a reminder that civil disobediance doesn't require anonimity.
Ahem. Where? How about civil disobedience in the (quite recently deceased) Soviet Union? Or, currently, in places like Serbia, Iran, Myanmar? Would you tell people who find themselves "in disagreement with the policies of their local governing body" that anonymity is unnecessary for them and bad for the political process?
Closer to home -- I assume you live in a Western developed country which has strong anti-drug legistlation -- let's say you smoke grass on a regular basis (and remember that laws do not determine morality). Would you proclaim this fact to all and sundry as an act of civil disobedience? Would you dare the cops to arrest you? Is it a useful thing to do?
Using high ideals to justify being a punk and a thief does.
You seem not to understand what "freedom" means. Think about it.
Kaa
An age old problem (Score:2)
Make a hole in your backyard fence that is just large enough for your chickens to get through and eat in your neighbors garden -- and just small enough that your neighbors chickens cannot get through to eat in your garden.
Once you have solved this, the Internet is easy.
Overhead and untraceable protocols (Score:3)
Secure protocols will have more overhead because they need certain things beyond simply getting the data to the target. To avoid traffic pattern analysis you try to pad packets to fixed lengths, split streams up and send some junk so that bursts don't stand out, send dummy packets when traffic is low, and so on.
You need secure low level protocols to give yourself a fighting chance at anonymous exchanges. Running such protocols at a higher level over something that is essentially an end-to-end protocol just points out the path used to route the `crypted data. At that point the unfriendly government steps in and has you blocked or arrested.
The same technologies taht allow you to publish your anti-government newspapaer in a totalitarian state allow the distribution of porn and information on controlled substances. Sorry, information is information; differing states have declared diffeerent bits of information "bad" at times, the tools to supress one type can supress all types of information
As for Fling specifically, I noticed that it uses IP4 addresses putting it behind current tech. I'd like it better if it's internal addresses were larger than IP6.
Re:Don't Want To Be A Spoilsport But... (Score:3)
This is one of the weirder things about
I've seen this happen many times now, where a headline states that something cool is *going* to happen, but no posts when the thing *actually* happens.
Re:The rest of the world... (Score:2)
And who is going to ask them?
Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?
Ahem. US tried to limit exports of hard crypto. The main result was that now a lot of crypto work is done outside of the US (and I have a nice RSA-in-Perl t-shirt). Hard crypto is out of the bag.
Kaa
Re:Don't Want To Be A Spoilsport But... (Score:2)
Read it, actually. He makes a number of points concerning why there are legitimate uses for these protocals. Great. However, he makes no provisions for dealing with or preventing misuse of them that is illegal or dangerous. It is one thing to say that there are plenty of existing things that can be misused that should not be regulated; it is another to introduce a new technoligy that is geared towards misuse without taking any precautionary measures.
As for the assault rifle exchange protocal, when I wrote that I was actually aware that one cannot move assault rifles through your normal modem connection. They are simply too wide. However, I am curious as to what the creators of Fling mean when they say that they want to aid the "sale of government-disapproved goods". That is goods mind you, not information. If they are talking about goods that can be converted into 1's and 0's, than they are talking about 1)copywriten works, 2)kiddie porn, 3)Classified documents, or 4)people's private records (health, credit, etc.). There are others, I am sure, and to be frank I feel we have enough distribution chanels for all of them as it stands.
And if they find a way to move AK-47's throguh a T3, I won't like that either.
"Sweet creeping zombie Jesus!"
Double-edged sword (Score:2)
Two issues (Score:5)
Ushers will eat latecomers.
Re:Don't Want To Be A Spoilsport But... (Score:2)
I believe what he is saying is that we have the right to free speech. Period.
If the government doesn't respect that right, we will need to take it back. Larry Flynt used the courts to take it back. Others are proposing that they use methods such as Fling.
Simple, really.
Re:Anti-tax philosophy (Score:2)
As Neal Stephenson has pointed out, the tax authorities will still get their bite even in a strong crypto world. If all else fails, they can fund everything with property taxes: try hiding your real estate on the net.
Pedophilia (Score:2)
The existence of a market for pedophilia means that somewhere in the world a child is being abused to satisfy that market. Censorship reduces this market and frankly I will support it to my dying day.
A persons rights to express themselves should stop short of abusing another person's rights and pedophilia does abuse the rights of others.
Re:Don't Want To Be A Spoilsport But... (Score:2)
I agree with you that total lawlessness would be a horrible thing to unleash on the internet. I'm a dedicated spam hunter, and have been for years now. With untraceable connections we will be deluged with spam advertizing from all directions. It would be absolutely horrible.
With the sheer horror of that to consider, I would embrace spam if it meant that total freedom of speech forever was guarenteed.
Censorship is the most horrible thing, because it prevents people from speaking about and organizing against injustice.
Re:Check out the philosophy page (Score:2)
1) In cases of fraud, you have no proof. After all, if the company is hiding the fact that it's conducting business to commit tax evasion, it's not going to be easy to find evidence that they cheated you.
2) SPAM. How can you stop, filter, or track down SPAM if you don't know where it's coming from?
Also, as you point out, hiding the actual internet transactions themselves isn't going to magically make the IRS not know you're in business. Your physical distribution channels, employee benefits paperwork, and building rent should give you away. I completely disagree with the anti-tax rhetoric he's spewing, but the protocol is dangerous to its own users in ways that he obviously can't see through his extremist world-view. His stance on hard-core pornography and children shows that he also actively refuses to acknowledge some of these problems. I'd love to see what his takes on SPAM and fraud are.
Re:THIS IS NOT FRESHMEAT (Score:2)
TCP is not anonymous, but you can perfectly well run truly anonymous protocols on top of it.
Basically people are trying to apply mixmaster-type technology to packets instead of emails.
[bizzare idea]
Build a packet-to-email gateway and route your packets through existing Mixmaster servers. Everything that times out is toast (Mixmaster introduces random delays into retransmission to foil traffic analysis) and you wouldn't believe how slow it will be, but in principle it should work, shouldn't it?
[/bizzare idea]
Kaa
Re:Don't Want To Be A Spoilsport But... (Score:2)
Yup. Everything that is illegal is not immoral. But not everything that you think ought to be legal is moral. The catagories of legality and morality are not the exact same thing, but they are not mutually exclusive. Some things that are illegal are rightly so. Not everyone who violates the law is following a "higher morality", no matter what they say.
You do have a point about anonimity in countries where politicol opposition is dangerous. And anonymous politicol opposition will probably be the best that most people can manage in such places. But many such countries don't have adequite internet infrastructure to take advantage of this. Secondly, I wasn't saying something about them "following politicol process". I was saying something about the impact of people that are willing to give their lives (and their names) to a cause. I wasn't saying that they should be happy to die after making themselves public as opposition to the powes that be. But people do not rally to the cause of Anonymous Coward. They have rallied to the causes of Mahatma Gandhi, Martin Luther King, George Washington, Nelson Mandela, and Aung San Suu Kyi. These are the people who have exposed themselves to the most danger, and they are the people leading the opposition. I was not critisizing people in danger for wanting to be anonymous; I was critisizing the assumption that you can only protest when anonymous.
As for the pot smoking- frankly, I can tell cops anything I want. If I confess to a murder, they'll probably look into it. If I tell them I smoke grass, but possess none at the time, they can't do anything. I have commited no offense. More relevantly, I can join an organization like NORML and agitate for the alteration of Marijuana laws across the US. Publicly, with the face I was born with. Wether it is a useful thing to do depends on your opinion of lobbying. But I wouldn't do that, because smoking weed seems like a waste of my time.
You seem not to understand what "freedom" means. Think about it.
What I meant by that is this: rhetoric, and even sincerity, do not equate with morality. There are always people willing to take up a banner to further their own status and position. And there are always people who believe very sincerely in causes that are detrimental to the people around them. Ask a Klansmen some day. They wear masks. Civil rights marchers didn't. I realize that anonymity can protect good people that need it because of their situation. The situation varies a lot from country to country. What distresses me is people in this country (the US) using complex rationalizations to justify their own greed. It happens. It isn't a reason to roll back everyone's freedom. But it is a reason to be a little wary when someone offers some handy dandy thing that will guarantee your freedom, but has the 'negligable' side effect of giving people a clean way to circumvent laws that may (but not always, yes I know) intersect with morality
"Sweet creeping zombie Jesus!"
philosophy of Fling (Score:2)
(Which doesn't mean that the conclusion - censorship is evil - isn't correct, just that the arguments used here to support it are full of holes.)
Re:Don't Want To Be A Spoilsport But... (Score:2)
The right to bear arms may or may not be noble. This is not the place to argue that point. What I am saying is that there is absolutely *no way* to permanently safeguard the right to bear arms.
But that doesn't matter because there will eventually be no way to censor ideas, and ideas are far more powerful than guns.
The ivory tower comment was ad homenem. Please argue with logic, not emotion.
Re:Pedophilia (Score:4)
Obviously kiddie porn inclus photos of 3 year olds involved in sex acts, but what about the other possible cases including:
*a 17 year old 45 year old man
* a 17 year old with an 18 year old man
* two 6 year olds holding hands
* a 4 year old swimming naked at the beach with his family
* a 6 month old taking a bath
* a 2 week old nursing at his mother's breast
You get the point. I remember how surprised I was when my very own grandmother demonstrated a suprising amount of anger at seeing a baby nursing at his mother's breast in a parenting magazing. She was absolutely of the opinion that it was pornographic - kiddie porn even.
So, how do you define those fringe cases? How can you reconcile your definition of kiddie porn with my grandmothers?
When I said that censorship should be absolutely banished, I meant it knowing the consequences. It means that kiddie porn will be uncensorable, and to prosecute it you'll have to actually catch people with it on their computers, or in production. You won't be able to catch it in transmission.
Freedom exacts a horrible price. The penalty in blood from wars and in cases like your example is very high. I am still of the opinion that the penalty of censorship is still higher.
Re:This is JUST a theory... (Score:2)
The sad part is, with the current state of the PTO, you probably could patent both of these if you wanted to spend the time and money.
Re:Careful Boys (Score:2)
However...observation is not a passive act. Simply observing where the data is stored causes it to propagate to new locations. Thus it becomes like trying to nail jello to a tree...
aint replication a bitch?
Re:Taxes (Score:2)
If other sorts of taxes become difficult to collect, the tax burden will just shift.
Re:Pedophilia (Score:2)
> banished, I meant it knowing the consequences.
> It means that kiddie porn will be uncensorable,
> and to prosecute it you'll have to actually
> catch people with it on their computers,
> or in production. You won't be able to catch it
> in transmission.
This may be a fine point but...I feel the need to state here that I do NOT think mere posession of kiddie porn should be punished.
Remember...Pedophiles are humans. A pedophile is not a child molseter. Child molestation is an ACT. Pedophilia is entirely a psycological thing.
A person has no control over what sexually arouses them. This type of "wireing" is setup very early in life. It is by no means a conscious choice.
Many, hell even most, child molesters may be pedophiles. That does NOT mean that most or even all pedophiles are child molesters.
If they are able to keep their urges under control, and keep a collection of pictures on their computer to help them satiate those urges when they arise...then i say more power to them. Frankly...I pity them, and am extremely thankful that I did not grow up to find myself craving something that is so incredibly verboten in our society.
I think we, as a society, should be expending our effort finding and dealing with those who ACT on these impulses and harm other people, rather than spend our energy condemming and ostracising those who merely HAVE these urges. I think alot would be gained by accepting them and allowing them to come "out of the closet".
To put it in perspective...If I am with a friend and his wife. I am a human male. I can find his wife sexually attractive. I can even fantasise about his wife. He knows I am a human male and I have those urges. As long as I don't make an issue of them or act upon them...there is no problem.
However...think of a pedophile. If his friend had a child, he would generally need to hide the fact that he has these urges...for if it was discovered, in most instances it would be considered a problem...whether he acted upon those fantasies or not.
These people, as much as any other group, need anonymity on the net. There are constantly witch hunts going on for them. The mere association of ones name with pedophilia can have devastating effects on ones life.
--Steve
who still mourns anon.penet.fi, even though he only used it once.
Re:Don't Want To Be A Spoilsport But... (Score:2)
Certainly. If I so choose, I should be able to manufacture and store a nuclear device in my garage. The real limiting factor here is the practicality of such a device.
I cannot afford the uranium/plutonium for such a device. Nor can I afford the machine tools for crafting such a device. There are safety issues with radiation and such that would seriously lessen my desire to own such a device. Therefore, even though I have the right to own and keep one, I will, in all likelihood, never do so.
Fertilizer bombs? Certainly, again. Granted, the materials are cheap and plentiful, and the technology doesn't require any special preparation, so it's available to anyone. The problem is again one of practicality. If I were to create one of these devices in my garage, chances are, it would blow up my house - that stuff is unstable. But, if it became necessary to use a fertilizer bomb to wipe out a platoon of invading soldiers (foreign or domestic), I would want to be able to have the material on hand to be able to build just such a device. To do so would be to stand up for my ideals and those that founded this nation - that tyranny should not go unchecked, and that the power to govern rests with the people, not with whomever can field a large army.
> The right to bear arms may or may not be noble. This is not the place to argue that point.
You are correct. A right cannot be said to be (or not to be) noble. It just _is_. There is, and can be, no argument to this point. I find myself having problems with those who, without honest and rational debate, want to preclude my rights secured to me by the Constitution. They cannot do so, anyway, and they are free to try, but that they are not simply laughed off their podiums is the most strikingly disgusting point of all. It makes me sick to be an American in this day and age - we've forgotten what we stood for.
> What I am saying is that there is absolutely *no way* to permanently safeguard the right to
> bear arms.
Ah, but you're wrong. Given the right to bear arms (which is not _given_, but _secured_ - and there is a _huge_ difference in mindset there, if you choose to examine it logically), that right will protect itself (and, not coincidentally, all the others besides)!
The only way we lose rights is when people don't take the time to rationally think about what they're giving up. People give up their rights in this country - they're not taken away. If people would simply stand up, en masse, and say one word, all this insanity would come to a grinding halt. That word is, "NO".
> But that doesn't matter because there will eventually be no way to censor ideas, and ideas
> are far more powerful than guns.
That's a very nice thought, but it doesn't seem to hold a lot of water. When it's YOU under the microscope of censorship, you will certainly wish you had a freer forum in which to say what you want. Without the means to secure that forum, deriving from the right to protect oneself from tyranny inherent in the Second Amendment, your wishes will do you no good. When a people can resist invasion, whether by foreign or domestic power interests, their freedom is more likely to be secured.
--Corey
Re:Don't Want To Be A Spoilsport But... (Score:2)
And that would be me....
I do realize that point. But, being a practical person I understand that the right to bear arms cannot be permanently guaranteed. The censorship-proof internet can be permanent. That quality makes freedom of speech much different in character than the freedom to bear arms. My argument is not about the merit of one right vs. another right. Your points are well taken, but that wasn't what I was talking about.
Re:THIS IS NOT FRESHMEAT (Score:2)
Re:Don't Want To Be A Spoilsport But... (Score:2)
>manufacture and store a nuclear device in my
>garage. The real limiting factor here is the
>practicality of such a device.
!!!!!!!!!!!!!!!!
Re:Don't Want To Be A Spoilsport But... (Score:2)
By "some things that are illegal are rightly so" I meant this: there are things that are illegal because they impinge upon other's rights. It is find for someone to be bound by their personal morality, but where it impedes another person's rights (as defined by law, typically), it is the role of the law to set boundaries that everyone abides by. Certainly, the law oversteps that guideline sometimes. But that is a whole other discussion.
I specified the US when I spoke of people justifying personal wants with high faluting rhetoric because you pointed out in earlier posts that the situation varies greatly in different countries, something that I agree with. I was certainly not implying that I thought that the phenomenon was unique to the US, or the West, or New Jersey. Obviously, such things happen everywhere. But the US is not Burma, it is not Serbia, it is not Tibet. Civil disobedience in this country is not so often the life-or-death issue that it is in other countries. This tends to greater abuse, as the stakes are not so high in the US. If you could be imprisoned for using secure communications like the ones being developed, as is the situation in restrictive regimes, you almost certainly would not use it to swap porn and MP3's. In the US, where we take for granted our right to basic communication, such tools are more likely to be abused.
Yes, you can use a telophone to commit a crime. I can use a hand saw to behead my in-laws. Any tool is subject to misuse. Again, this is obvious. But there is some responsability to protect against misuse. This needs not be legislated, by a conscientous and skilled tool-maker takes it into account. I was not saying that anything that can be misused should be banned or destroyed, but that the maker of such a tool should be responsable enough to take steps to safeguard their work, and at the very least to think through the consequences of their system. The fact that the creator acknowledges that the system is useful for money laundering but makes no effort to prevent it is, to me, a bit irreponsible. I'm not saying tap everyone's phone lines and take away their guns. I am saying take modest and reasonable steps to ward against abuses that you already know about.
"Sweet creeping zombie Jesus!"
You might as well just PGP the thing.... (Score:2)
Fling destroys forever the ability of anyone to force the content of the information you share. That information will also include ecash - so fling will destroy anyone's ability to control or surveil online purchases, transfers, or holdings
Does the Fling system prevent finding the original sending IP of the message? Yes, but so does classic IP spoofing. Now, we all know that any real sysadmin can get around that by contacting other sysadmins on the packet's path.
The layered encryption is a waste of time --- any idiot with a copy of the Fling source can decrypt the message down to the final level --- and discover all the targeted computer on the path. Plain old PGP would accomplish the same (w/o revealing the 'allied' machines on the route).
And of course there is no server authentication, which makes the utterly useless for ecommerce.
All in all, Fling wastes bandwidth with uneccesary encryption, and offers no real increase in security. Sorry guys. No party today.
Randroids! AIEEEE!!! (Score:2)
I just finished reading the "Philosophy" section of Fling's Sourceforge site and I've got that same creepy feeling I always get whenever I see a Randroid [aasp.net] running at full tilt. I get the feeling that many geeks latch onto Rand because she appeals to their revenge fantasies [astronet.com].
I have no disagreement with the personal responsibility aspects of Objectivism -- ultimately, each one of us has to sleep in the bed that he or she made. The "me first always" stance really bothers me though. The blanket assumption that the disadvantaged are that way because they earned it or are lazy and incompetent smacks of the purely greedy kind of thinking that may end up being our ultimate demise.
Want a nervous laugh? Go hit the Ayn Rand Institute's site [aynrand.org] and check out articles such as Sweatshop Opponents want to Violate Worker's Rights [aynrand.org], Against Environmentalism [aynrand.org], or my all-time favourite, Why Christmas Should Be More Commercial [aynrand.org] (Even if you're not religious, don't you think we really overdo that holiday's shopping aspect?).
Want some food for thought? Check out author Paulina Barsook and what she has to say about the kind of libertarianism that many people in high-tech are buying into [salon.com] these days.
Reinventing Onion Routing / Pipenet (Score:3)
I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content? They're describing a bunch of complex shuffling, but don't indicate why they chose those methods and what attacks they're trying to protect against. Some of the earlier projects like Pipenet and Onion Routing found that there are theoretical weaknesses if you only send traffic when you have real traffic, or if you do anything that makes it possible for an eavesdropper to tell what the boundaries between messages are, because the eavesdropper can do enough correlation to identify reasonably accurately where the traffic is going. The alternative is to build connections between sites that always have constant traffic levels, using filler traffic when there's no real traffic. This has a major cost/performance impact that affects the willingness of servers to support this kind of application. By contrast, IPSEC gives you all the privacy you need by encrypting, but doesn't try very hard to block the user identification.
Privacy servers like this also depend on having lots of users - if there are only two people using it, it's easy to tell who's communicating with whom. It's nice to do technology, but you also need to work on a social or business model that encourages lots of people to run the client, and if it's got separate servers, to run servers as well. That's one of the cool things about Zero Knowledge [zks.net] - they've got a model that they hope will achieve this, though whether they succeed will depend on whether they implement it well enough for users to accept it and whether they can market it well enough to really take off. Some things are overnight successes - Hotmail, Napster - while others limp along at a low level for a long time, like the current remailer networks, mainly because they're annoying to administer and responding to complaints when they're abused is annoying. I wish the Fling folks good luck - but there's a lot of work they've got ahead of them to make it working and accepted.
Re:Don't Want To Be A Spoilsport But... (Score:2)
The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.
Nobody gave us rights. The rights enumerated in the Constitition are rights we are born with. Your kind of thinking is exactly why the Framers of the Constitution felt it necessary to include the 9th Amendment.
I suggest you read the Constitution [loc.gov] and the Bill of rights [loc.gov].
Re:Check out the philosophy page (Score:2)
Whoah!!! (Score:2)
Okay people, some cold hard facts.
One, fling is theoretical at the moment. I don't even have a byte complete protocol, although I expect to within days.
Two, I'm not throwing the doors open to developers until there's enough of a skeleton there for you to see where to put the flesh. Otherwise the project will mire into a mass committee blunderfest. Of course, once the protocol's up, you can make your own versions in parrallel, if you want. This may even be useful, if you're porting it to other OSes or languages.
That said, thanks for the attention, I intend to see this becomes big.
My current focus is on getting a the route ball as small as poss while staying secure. Experienced crypto designers would be welcome help right now.
Re:Don't Want To Be A Spoilsport But... (Score:2)
> A well regulated Militia being necessary to the security of a free State, the right of the
> people to keep and bear Arms shall not be infringed.
Correct. It says "the right of the people to keep and bear Arms shall not be infringed ".
Now, these are the same people about whom it is said, "Congress shall make no law
These are the same people about whom it is said, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated
These are the very same people about whom it is said, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people".
It is that last phrase which turns the trick, you see. It is clearly the intent of the framers of the Constitution to separately address the freedoms of the people versus those of the state versus those of the United States. Looking back over historical documents to determine the intent of the founders as to the application of laws (a practice which has legal merit, and which is not uncommon when dealing with issues of protected rights), it is clear that they wanted the people armed in the same fashion as the armies of the day, so that proper resistance could be brought to bear against a tyrannical regime. They secured, in that document, our right to arm ourselves the same way as our military so that we could fight our military should it be necessary. That is the final check on the government assured by the Constitution - the sovereign right of the people to resist oppression. The Second Amendment was not put in place so that we could defend our home state or nation, exclusively. Remember, the revolutionaries of the day fought their own sovereign government - and won.
Now, I might be able to come up with a hypothetical case wherein a nuclear device would be necessary to further the cause of Liberty, if pressed hard enough.
--Corey
Re:anonymity (Score:2)
My take on this is, we have a Constitutional protection for Speech. If you feel that, in order to protect yourself from stigma attached to words you feel _must_ be said, you may do so anonymously.
It's the same principle followed by those who wrote "The Federalist Papers". There were several men who did that, and they all used a common pen name. In that way, they were able to put forth ideas into the going public debate without bringing the Redcoats to their homes to burn them down and kill them, their wives, and their children.
--Corey
Re:Pedophilia (Score:2)
Complete and utter bullshit. A total copout.
Anyone who has the control to hide their "affliction" from society, also has the control necessary to keep themselves from acting on those impulses, and over time, to change their own feelings.
The human mind is malleable, no matter what those assholes who use the "it's-not-my-fault" excuse say. They could change themselves if they wanted - they just don't give enough of a damn about anyone except themselves to want to.
While I'm not going to be witch-hunting for people who have child-rape pictures on their harddrives, if I discover someone has such fantasies, I'm sure as hell not going to trust them with anyone *I* care about!
Re:Pedophilia (Score:2)
Yes, yes & yes - with the proper "brainwashing" techniques (which is still brainwashing, even if it's self-imposed), anyone's mind can be "bent" to believe things they did not have any previous "natural" tendency to do - even more easily if they are actually cooperating.
And I believe this is bullshit rationalization - anyone who hasn't suffered brain damage causing total lack of inhibitions can control what they fantasize about - they just don't want to control it.
If I know someone is fantasizing about having sex with kids, I judge them as unsafe to be around children. I judge them this way because fantasizing about having sex with kids is a precursor to the act, placing them one step closer to being dangerous to my kids. Damn right I'll prejudge them, because the result of making a mistake the other way is too horrible to allow.