![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Entry tags:
Brainstorm!
Prompted by a discussion with ![[livejournal.com profile]](https://www.dreamwidth.org/img/external/lj-userinfo.gif)
bunnykitteh, who's good at prompting these kinds of things:
Imagine a Facebook and/or MySpace application aimed at organising flash mobs for political action (e.g., the kind of thing Anonymous might use to quickly notify members of imminent $cientology activity in a particular location). What features should it have? (Twitter gateway?)
(Note that with Facebook, especially, there are all kinds of interesting concerns with respect to privacy...)
bunnykitteh, who's good at prompting these kinds of things:Imagine a Facebook and/or MySpace application aimed at organising flash mobs for political action (e.g., the kind of thing Anonymous might use to quickly notify members of imminent $cientology activity in a particular location). What features should it have? (Twitter gateway?)
(Note that with Facebook, especially, there are all kinds of interesting concerns with respect to privacy...)
no subject
Oh, now that's a neat idea -- though, hrm, the first question that pops to mind is how to go about generating keys for folks who don't have 'em and don't know how to do so. Client-side implementation (e.g. in Javascript) that saves the private half of the keypair in a cookie or a text file? What about people who use more than one machine?
I suspect there's some primitive that would be more useful here than PGP proper; perhaps
no subject
What is it that the crypto is supposed to provide?
Depending on the answers you'll want completely different solutions:
- is it keeping eavesdroppers out before the flashmob happens? Short timespan, go for some sort of session key handling and AES or something like that.
- is it keeping eavesdroppers out afterwards as well? This will get tricky, depending on your paranoia levels and the timespans involved.
- is it verifying identities? Now we're talking the entire trustweb infrastructure. And here the Javascript key-generation will not do any good.
no subject
no subject
Which, upon reflection, seems to be about 80% social engineering and less network security. The problem is, how do you identify who's a legitimate user?
no subject
Maybe a two layer system where you can consume information with a nominal login if any (keeps you and your devise Anon and not identified for prosecution) and a posting layer with much higher security?
no subject
Also got pointed earlier today at Heydt-Benjamin/Serjantov/Defend, "Nonesuch: a Mix Network with Sender Unobservability", WPES 2006, which I need to read more thoroughly but also looks promising.
no subject
no subject
Besides - if people are being tortured to divulge their Facebook passwords - what prevents The Authorities to request their secret keys while they're at it?
no subject
And I think our coder in question is focused more on American protests where torture is (somewhat?) less of a concern.
I can haz securitee?
no subject
(software engineering lesson #1: figure out what the project requirements are first!)
no subject
no subject
no subject
no subject
I have no idea how to do that.
no subject
no subject
no subject
(You have an excuse, you're a topologist. I came at security from formal language theory, that's my problem.)
no subject
no subject
no subject
That is: there's a whole thread here which seems to be suggesting that there will be privacy guarantees and possibly identity verification measures...but nothing specific.
(Which is fine, this started out as you asking for possible features; I'm just suggesting that we may want to back up a bit.)
no subject
(I'm not being snarky, really. Actually I suspect that once we define "legitimate" we may be most of the way to a solution.)