Brainstorm!

Feb. 10th, 2009 08:33 pm
maradydd: (Default)
[personal profile] maradydd
Prompted by a discussion with [livejournal.com profile] bunnykitteh, who's good at prompting these kinds of things:

Imagine a Facebook and/or MySpace application aimed at organising flash mobs for political action (e.g., the kind of thing Anonymous might use to quickly notify members of imminent $cientology activity in a particular location). What features should it have? (Twitter gateway?)

(Note that with Facebook, especially, there are all kinds of interesting concerns with respect to privacy...)
  • Current Mood: curious
  • Current Music: Pet Shop Boys - Integral
Tags:
Flat | Top-Level Comments Only

(no subject)

Date: 2009-02-10 09:13 pm (UTC)
michiexile: (Default)
From: [personal profile] michiexile
The central question here probably is _why_ do you want PGP, or strong encryption?

What is it that the crypto is supposed to provide?

Depending on the answers you'll want completely different solutions:
- is it keeping eavesdroppers out before the flashmob happens? Short timespan, go for some sort of session key handling and AES or something like that.
- is it keeping eavesdroppers out afterwards as well? This will get tricky, depending on your paranoia levels and the timespans involved.
- is it verifying identities? Now we're talking the entire trustweb infrastructure. And here the Javascript key-generation will not do any good.

(no subject)

Date: 2009-02-10 09:20 pm (UTC)
From: [identity profile] maradydd.livejournal.com
I'm rather skeptical of the whole notion of the web of trust these days, but yeah, these are all good points. Thus the open "what features are desired?" question to start with.

(no subject)

Date: 2009-02-11 12:53 am (UTC)
ext_74: Baron Samadai in cat form (Default)
From: [identity profile] siliconshaman.livejournal.com
Hmm..I think the primary need would be have some means of preventing the flashmob from being hijacked or monitored by the authorities. This has happened at least once to my knowledge. There was protest about Tibet in London recently that the police 'jacked and changed the route so the protesters marched into a trap.

Which, upon reflection, seems to be about 80% social engineering and less network security. The problem is, how do you identify who's a legitimate user?

(no subject)

Date: 2009-02-12 01:16 pm (UTC)
From: [identity profile] bigby.livejournal.com
FlashMobs require people. one alternate is a twitter/*chan hybrid with no security other than everything being wide open. (remove the persistence of messages to prevent snooping?) Handshaking becomes a social and content function as does any persistent identity for Anon.

Maybe a two layer system where you can consume information with a nominal login if any (keeps you and your devise Anon and not identified for prosecution) and a posting layer with much higher security?

(no subject)

Date: 2009-02-12 03:36 pm (UTC)
From: [identity profile] maradydd.livejournal.com
I can do sender/receiver unlinkability to twitter/*chan no problem. Cf. Matthias Bauer, "New Covert Channels in HTTP", WPES 2003. The more I think about it, the more I think that trusting the sender ends up being a social problem, but I'm going to keep chewing on it.

Also got pointed earlier today at Heydt-Benjamin/Serjantov/Defend, "Nonesuch: a Mix Network with Sender Unobservability", WPES 2006, which I need to read more thoroughly but also looks promising.

(no subject)

Date: 2009-02-11 03:50 am (UTC)
From: [identity profile] bunnykitteh.livejournal.com
Political activists in some parts of the world are being tortured to get their Facebook passwords, if that tells you anything.

(no subject)

Date: 2009-02-11 03:57 am (UTC)
michiexile: (Default)
From: [personal profile] michiexile
Yeah, I respect the need to establish security around political protest. My point was that PGP is NOT a magic wand that you wave and automatically get Teh Securitee! - you need to actually figure out WHAT you want to do, which specific functions you want your crypto to do, and first when you have a clear idea of all your requirements it's useful to discuss specific program packages, specific protocols and specific algorithms.

Besides - if people are being tortured to divulge their Facebook passwords - what prevents The Authorities to request their secret keys while they're at it?

(no subject)

Date: 2009-02-11 04:09 am (UTC)
From: [identity profile] bunnykitteh.livejournal.com
LOL oh totally.

And I think our coder in question is focused more on American protests where torture is (somewhat?) less of a concern.

I can haz securitee?

(no subject)

Date: 2009-02-11 04:13 am (UTC)
From: [identity profile] maradydd.livejournal.com
I am focused more on America, true, but that's no reason not to do it right the first time. Happily, this LJ is a good convergence point for some of the brightest minds in computer security today...

(software engineering lesson #1: figure out what the project requirements are first!)

(no subject)

Date: 2009-02-11 04:24 am (UTC)
From: [identity profile] bunnykitteh.livejournal.com
Mai project requirez a full buffet and dancing boyz!

(no subject)

Date: 2009-02-11 04:32 am (UTC)
michiexile: (Default)
From: [personal profile] michiexile
/me pulls off a decent solo charleston routine

(no subject)

Date: 2009-02-11 04:38 am (UTC)
From: [identity profile] bunnykitteh.livejournal.com
iLOLed
Flat | Top-Level Comments Only

Profile

maradydd: (Default)
maradydd

September 2010

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
26 27282930  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags