SERVING THE QUANTITATIVE FINANCE COMMUNITY

 
User avatar
quartz
Posts: 424
Joined: June 28th, 2005, 12:33 pm

Crypto problem

March 6th, 2014, 4:45 pm

QuoteOriginally posted by: outrunTOR is solidAha, so now you're contracting for the dutch NSA? Tell'em to be a bit more sopthisticated about that, noone believes it anymore and you stand out like a white fly.
 
User avatar
AVt
Posts: 1074
Joined: December 29th, 2001, 8:23 pm

Crypto problem

March 6th, 2014, 6:41 pm

I still do not understand what actually is desired (where I believe in the rule of thumb: one can make it "expensive" only). Is it about increasing privacy? Then Tor is a practical and easy way.But if you allow that an access to your data container can be observed then that may be a problem (even if having exchanged keys in privacy), IIRC.
 
User avatar
AVt
Posts: 1074
Joined: December 29th, 2001, 8:23 pm

Crypto problem

March 6th, 2014, 8:57 pm

Will try tomorrow, classical only (off "new" media)."Einen Staat, der mit der Erklärung, er wolle Straftaten verhindern, seine Bürger ständig überwacht, kann man als Polizeistaat bezeichnen. Den Polizei- oder Überwachungsstaat wollen wir nicht. Aber wir wollen, dass der Staat seine Sicherheitsaufgaben angemessen erfüllt." Ernst Benda (2008), late President Constitutional Court Germany. And a liberal rightist. PS & edit: I agree that Tor is known to be broken (beyond NL)
Last edited by AVt on March 5th, 2014, 11:00 pm, edited 1 time in total.
 
User avatar
AVt
Posts: 1074
Joined: December 29th, 2001, 8:23 pm

Crypto problem

March 7th, 2014, 9:07 pm

I would (theoretically ) distinguish goverment and publics. There are some waysand extending Tor to 'cover' the IP, using mixed cascades through providers whoassert they do not store (say AN.ON for http(s) or the german CCC for mails)and some who are small enough to be not forced to by (german) law (TKG).However already using a browser makes it difficult to be 'anonymous' (and if Iread you correctly you intend to use Smart phones - forget that in any case).Besides all reasonable addons for FF and even forbidding to load fonts (it iscommon that sites load from xyz - which exposes your IP to be tracked) or anyjs from 3rd parties all (i)frames and buggy images through 3rd parties, flash,there still are Etags (by construction) to profile you and your browser.I am sure it already breaks privacy if a site is using ajax. Or other frameworksAlready this site uses double klick (=Google), Google analytics and the Twitterbutton (= Google) allowing tracking. And I do not go through all the other stuffI usually do not even see.So ? For gov I think that Tor is enough on average: disclosure 'costs' are highand that will give you peace except for 'good' reasons (at least currently).For industry: they do not need a verified 'object'. Commercially it is enoughto have a good chance and that does not need any IP.For emails: choose a small provider.Using Smarties: a good way to give up any privacy.
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 8th, 2014, 12:59 pm

It seems there's four levels of problems here:1. Full anonymity: Some does not know who wrote {byte_i} and does not know who read {byte_i}2. Reader anonymity: Some does know who wrote {byte_i} but does not know who read {byte_i}3. Writer anonymity: Some does not know who wrote {byte_i} but does know who read {byte_i}4. No anonymity: Some does know who wrote {byte_i} and does know who read {byte_i}Case #1 seems trivial and case #4 seems like the one to tackle in today's technological environment in which every machine and user is tracked. The newspaper want-ad strategy solves case #4 -- it's easy to know who submitted a want-ad and easy to get the list of newspaper subscribers but it's impossible to know which want-ad was meant for which reader (until the phone and PC makers start using eye-tracking!).The newspaper strategy works to anonymize P2P associations because each write event and each read event is indistinguishable from each non-write event and each non-read event in terms of metadata revealed about who might be in contact with whom. The target reader is always getting the paper regardless of whether the writer wrote or not.Yet the newspaper strategy is a local strategy only. If I start posting want-ads to a newspaper in Delft and outrun starts posting want-ads to a newspaper in Boulder, then our association may be revealed. To remain anonymous, we must both be part of some natural and stable pool of writers and readers.That seems to lead to a solution requiring a global newspaper in which writers post messages and reads download the entire edition every day for private scrutiny to find and read the ads that were posted for them. That does not seem practical! Bt maybe there's a way to construct the groups as a series of smaller "newspapers" that cover M out of N people where M is large enough to preserve anonymity of associate but M << N so that the size of each newspaper is tractable.Thoughts?
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 8th, 2014, 2:13 pm

There's also two levels of anonymous messaging here:1. Private conversations: No one knows that a specific writer of some data and a specific reader of that data were communicating that data.2. Private relationships: No one knows that the writer and reader of the message have any relationship with each other at all.Case #2 seems much harder because it seems likely that most people will have some public relationships with their associates (e.g. Facebook, email, SMS, etc.). Is #1 sufficient?
 
User avatar
Traden4Alpha
Posts: 23951
Joined: September 20th, 2002, 8:30 pm

Crypto problem

March 9th, 2014, 12:02 pm

QuoteOriginally posted by: outrunI think #2 gets constructed from not doing everything the #1 way? I'd say that #2 gets constructed from not doing ANYTHING the #1 way. Once you use a non-anomymous method to communicate between two people, those two people are forever linked as known associates.QuoteOriginally posted by: outrunWhat do you think about error correcting codes or running XOR's? The idea is to have little bits of information (instead of a whole newspaper) that depend on large amounts of data.I like it a lot. But there is a HUGE risk in clever encodings. If the retriever downloads sufficient data to decode message 1 but does not download sufficient data to decode any possible second message, then the watchers will know which message the retriever was after and know which retriver the writer the communicating with. I think we can assume that the watchers know something about the reconstruction algorithm in that even if the writer and retriever have a secret choice of reconstruction algorithm, the watchers will know about the prevailing anonymous messaging software and be able to use information theoretic analysis to provide a nonparametric bounds on what the retriever might have been looking for. The point is that the less the retriever downloads, the more likely they are to give away their anonymity. The retriever must always download sufficient data to decode any of M possible messages from N possible writer.One possible solution to this problem is to obscure the message boundaries by breaking up each message into little bits like you suggested but then writing them over time and interlaced with little bits from other messages. Not only does this reduce the risk of the watcher using knowledge of the existence of a message decoder to know that the retriever has decoded a specific message but it also prevents the watchers from using correlation of the timing of writes and reads (e.g., the watcher notices a consistent ping-pong pattern such as person A writes, then person B reads, then B writes, then A reads, then A writes again, ....). If everyone is continuously writing a stream of data and everyone is continuously reading a stream of data from seemingly random locations and times, then there's no pattern in the timing metadata.
ABOUT WILMOTT

PW by JB

Wilmott.com has been "Serving the Quantitative Finance Community" since 2001. Continued...


Twitter LinkedIn Instagram

JOBS BOARD

JOBS BOARD

Looking for a quant job, risk, algo trading,...? Browse jobs here...


GZIP: On