Publius 68
Ukiah writes: "Publius is a Web publishing system that is highly resistant to censorship and provides publishers with a high degree of anonymity. Publius was the pen name used by the authors of the Federalist Papers, Alexander Hamilton, John Jay, and James Madison." Check out the system's home page or a Washington Post story. I just volunteered to host a server, so be sure to load up the system with bootleg Metallica mp3's - your chance to send a Slashdot author to jail, not something you get to do every day...
Re:Why encrypt? (Score:1)
hmm, looks interesting, (Score:1)
Anyway, from a quick read of it, it looks pretty interesting. It's using cryptography and some other smarts based on random file splitting to make sure that the content online is tamperproof, well, close, i think.
It's a unique idea, i wouldnt try putting one on the network at my work though. Kudos to the guy's who invented it, its creative.
I wonder if theres going to be any huge freedom of speech rants about this topic.
Re:Don't you mean Virgil? (Score:1)
Heck, I caught the public interest reference, too, but they didn't even say that. And Virgil was quite the writer.
...and even the Apache Project knows how to provide a link for those curious about the Apache people...
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Don't you mean Virgil? (Score:1)
I'm sure there were many other people named "Publius" at some point in time, but I would venture to say that he is probably the most well-known one, as well as being far older than the others you cite.
(So why didn't they use "Virgil" as their pen-names? Too obvious? Or "Publico"? Was that the image they wanted?)
---
pb Reply or e-mail; don't vaguely moderate [ncsu.edu].
Re:It should have been formulated like this: (Score:1)
I always wondered about this myself. I usually ended up using <TT> instead. Of course, that still required me to use breaks.
--
files vs: words (Score:1)
there are plans for some form of freenet "browser",
whereby you can read a document on freenet,
with links in it to other freenet keys/files.
If the concept is taken to completion,
you could develop an entire www-type feel to it,
while maintaining encrypted files and anonymity,
as in not knowing where the files you're reading are located.
There is no difference between serving "files,"
and serving "words." The only difference may be
an ascii vs: binary file, and even binary files
can have readable portions.
My only gripes with freenet's goal are the
potential slow links (me right now, on isdn),
and the unique-key system.
OT: definition of equality (Score:1)
Define equal as you use it here. Do you suggest that in every way, every black man/woman is equal to every white, japanese, hispanic, etc., etc., etc., man/woman? That obviously is not the case, as even two siblings can be of differing intelligence. More likely, you suggest that the racial averages of intelligence quotient, physical ability, etc., given equal oppurtunity, would be equal across the board. While I honestly doubt this would be true, given more than enough evidence to show that races are not genetically equal (hence that whole issure of color of the skin), here we really have NO evidence. It's difficult to find two people of precisely the same oppurtunity within the same racial group, not to mention across them. Hence our difficulty in defining just how a child should be raised. We really can't claim any physical/mental equality without more information.
Re:Freenet encryption, not yet (Score:1)
This is probably a good thing. (Score:1)
Barring the file size limitation, I would say that this system would end up filled with two things:
- Unauthorized copies of otherwise available material (i.e. mp3 and pron).
- Rants from cranks and kooks.
On top of that, you'll get paranoid people (and kids) sending things like the bad things they said about so-and-so, or what they did at the Christmas party, or the love poem for the girl they have a crush on.Personally, I'd rather see secret CIA reports, or troop movements in Chechnya, or IRA communiques -- but you know that anonymous or not, this stuff is few and far between, compared to the literal junk that kooks, cranks, trolls, and spammers can generate.
If we can a) manage to get those who have access to sensitive material also access to such a network, and b) manage to overcome their understandable fears, then we could see some good things come out of it. But the mechanism is really the least of our problems.
And besides, if no encryption is 100% uncrackable, and no system is 100% secure, (and no cruise ship is 110% unsinkable, etc.), then it follows that no publishing system will be 100% anonymous.
(Shame.)
--
Re:New Slashdot Poll Topic... (Score:1)
Re:Not again... (Score:1)
-Dave Turner.
Re:Not again... (Score:1)
URL;URL;...;URL
The mail bot downloads the files at these URLs, XORs them together, and mails them out to the requestor.
So, a mailto URL (a link) is enough to get the files.
-Dave Turner.
Re:Not again... (Score:1)
WRT: "Outlaw the system that did this, as it is subversive (which it is!). "
If we assume a police state, there's no hope for *any system*. If this is illegal, then encryption is illegal, and we're screwed anyhow. Let's focus on finding security holes in the existing legal system, and improving our system when they fix the holes. This hole is, IMHO, unfixable without destroying the presumption of innocence - and then we might as well move to Sweden
-Dave Turner.
3 guys != megacorp (Score:1)
An NYU grad student + a couple of bored AT&T Lab guys != Megacorp
Re:DeCSS (Score:1)
//rdj
Re:Some Centralization (Score:1)
Freenet has a lot to offer. But it's also a different sort of thing, IMHO.
I see this split as similar to the difference between ftp servers and web servers. Freenet is designed to serve up files without anyone being able to stop it. Publius is intended to serve up words (web pages, in this case) without anyone being able to tell who wrote them.
I believe there are enough niches for Freenet, Publius, and whole host of other privacy/anonymonity-guaranteeing ideas to coexist.
Jonathan David Pearce
Re:Publius? Enigma? (Score:1)
Bootleg Mp3s? (Score:1)
its the studio recordings they don't want you trading
Re:Lincoln said a lot of things (Score:1)
<p>
--
Ececheira
delay times while loading (Score:1)
Some part of that's gotta be deliberate!
Re:Not again... (Score:1)
Burris
Re:Don't you mean Virgil? (Score:1)
yeah, those pols are pretty gutless, aren't they? I can't stand people who will accept anything as right and good if you can make even a tenuous link to a "founding father".
IMHO annonimity is respectable only for expressing your own opinions or artistic work. Your own, because people who annonymously "provide" other people's work are screwing the actual authors/creators and opinions because facts provided annonymously are useful only as tips - an idea point for you to launch your own investigation.
Thought - why exactly was Publis used by the FFs? I can think of a few possible reasons, most of which aren't really related to modern "privacy" concerns.
-kahuna Burger
Re:Megacorps != freedom (Score:1)
Besides, what is important is Does the concept work?, not what is the source of the idea. The concept has been published, if it looks good implement it. The only attack is ATT patenting it, in which case it does us no good for a number of years.
Re:DeCSS (Score:1)
Re:New Slashdot Poll Topic... (Score:1)
True, but... (Score:1)
Technically, that is true. But I doubt anyone is going to go through the time and trouble to split up their collection of, say, 100 MP3s into (figuratively) 300 zip files when they can just share them via Napster or Gnutella and be done with it.
--
Re:DeCSS (Score:1)
The rights of the people as outlined in the US Constitution are very limited. The Bill of Rights was a compromise between those who wanted guarantees of rights written into the document, and those who didn't want to imply that the rights not explicitly granted were denied. As such, they wrote two Amendments which explicitely state the (hopefully) obvious: government only has the right to do what it is explicitely ordered to do, and the people have rights to do anything not explicitely disallowed. Those Amendments (listed below) seem to have been ignored this century, except for rare cases when it seemed to serve some other purpose.
Louis Wu
Thinking is one of hardest types of work.
Re:Not again... (Score:1)
pink floyd (Score:1)
(maybe a little off topic, but interesting anyway)
Anyone remembers the Publius - Pink Floyd story at the net, some years ago? Anyone has something new?
If you want to know what I am talking about, look at Introduction to Publius and the Enigma [www.uio.no].
Fh
This means WAR (literally) (Score:1)
Something similar happened with rail-road and factory technology just before the economic presures of plantations trying to expand and factories trying to get labor boiled over into an outright disaster. There were a lot of smart, rich, and educated people who never saw it comming then - and I doubt they will see it now, but with so much at stake it is bound to happen and there really isn't any turning back. And unfortunately in this case there is no defined north and south - if all hell breaks loose it will be much more localized and much more confusing.
The best thing to do is just to understand how bad copyrights and patents really are and aviod them whenever you can.
Metallicrap mp3s? (Score:1)
of them.
Salute on the server! God knows that free publication in the modern world is
starting to get scarce...
Re:Don't you mean Virgil? (Score:1)
Re:Megacorps != freedom (Score:1)
A first? Usable? Metallica? (Score:1)
Once again there will be hundreds of 56K modem users signing up and making the service unusable at most times?
As for getting my Metallica collection........... Go and >
Nard
Re:I don't get it.... (Score:1)
It should have been formulated like this: (Score:1)
Specify the set of bit flags that determines the contents and behavior of the scene:
0x00001 CmdrTaco
0x00002 Hemos
0x00004 michael
0x00008 Jon Katz
0x00010 Roblimo
0x00020 Janet Reno
0x00040 Bill Gates
0x00080 everyone at Intel
0x00100 Jack Straw
0x00200 Metallica
0x00400 Hemos' new wife
0x00800 CmdrTaco's gf
0x01000 Natalie Portman
0x02000 Cowboy Neal
0x04000 Whalen Smithers
0x10000 in a prison shower scene like in "Caged Heat"
0x20000 in a prison shower scene like in "Cellblock Cumpanions"
0x40000 in a scene like final of "Red Heat"
Last three choices seem to be mutually exclusive.
P.S. Why I'm unable to use <pre> tag here?
Why encrypt? (Score:1)
Everyone who wants to use the data runs a server (there is no separate client, like gnutella). You publish data on your own server, if you are a publisher. Data leaving the server (being read by another person on the network) recieves a lifespan by the original server. The file will die when this time has passed. But once it has left the original server, it can either be downloaded from that server, or from whomever downloaded the data. This way, data is distributed on many sources but is still updatable (web content for example could be given a lifespan of 24 hours or less, as a book could be given infinite lifespan, since it doesn't need to be updated).
This network would be virtually impossible to shut down (like gnutella is) since no one source can be targetted (there is no need to tag data so that the data knows where it is coming from, it only needs to know how old it is and when it dies).
Re:I don't get it.... (Score:1)
I don't get it.... (Score:1)
Re:Freenet solution (Score:2)
Re:Not again... (Score:2)
That's pretty standard for most any country, with the exception being that maybe they won't label it "subversive" in the US - they'll call it a national security risk instead. :\
The system needs to ensure that brute-forcing the database cannot occur, otherwise interested parties would take that information to the judge and get it removed, and possibly have the service shut down. If, OTOH, brute-forcing wasn't possible, then they could only remove data on an as-discovered basis - making the database a hundredfold more resistant to attack.
Re:Not again... (Score:2)
First some background..
If you take a stream of random data, and XOR it with your
plaintext, and then delete the plaintext, it's still possible
to recover the plaintext by doing this:
A ^ B = C - encrypt
B = A ^ C - decrypt
Given that, let's assume you create a server filled with
XOR'd 'packets' - files of a preset size, we'll say 1MB.
These packets are each assigned a key. Every packet has
a unique key.
The system works by allowing you to check in an arbitrary
number of packets. Once those packets are in the system,
they begin to be propagated through the network. Important
point - the network is protocol agnostic - it'll happily
run over http, ftp, or even finger if you're masochistic.
Since each packet is identified only by a GUID it's
impossible to know who created it, or which other piece
of data it needs to be XOR'd with to recover the plaintext.
And this is the math problem. In computing, it isn't
hard to simply brute-force something, and this system is
no different, except in how the brute force occurs. In
this case, we would download a complete copy of the database
and then grab one piece of the data and then sequentially
XOR it with every other piece of data on the system until
you find something that looks like plaintext.
Since each piece of data should, in theory, have a counter-
component, how many packets need to be in a system before
decryption via brute-force becomes not feasible? Not
feasible would be somewhere in the neighborhood of 2^64
operations, or about 1.8*10^20.
Unfortunately, I've realized that if someone knows that
one piece is half of the plaintext, you only need to
download and XOR every other file in the database once
to recover the plaintext. So if I had 20GB of data,
this would amount to a mere 20,480 operations.
very strong! In order to make it so that 2^64
operations would only exhaust
it is necessary to have 3.6*10^20 packets in the
system!
Doesn't this require about 3,518,437,208,883,200 terabytes
of storage? I hate math. It shot down a perfectly
good idea.
sure this is the right conclusion?
--
Signal 11
The makers may make and the users may use, but
the fixers must fix with but minimal clues
Re:Not again... (Score:2)
Re: (Score:2)
Lincoln said a lot of things (Score:2)
Perhaps you've read the following little ditty from the Lincoln-Douglas debates:
Not too sure I'd be taking any of his prognostication as gospel...
Cheers,
ZicoKnows@hotmail.com
Publius v Freenet PR (Score:2)
Not to dis the usefulness of this type of service, but the press Publius is receiving as opposed to the extremely negative and unresearched press FreeNet has gotten really torques me off.
Freenet encryption, not yet (Score:2)
I run the linux "file" command on anything on my server,
and decide what I may want to look at for myself.
The key is hashed, and while there are plans for it,
no data is yet modified.
Even then, if the data is stored locally, any
system-wide encryption can be broken,
and there will be a mehtod to read locally stored files.
Great! But one problem (Score:2)
Re:Lincoln said a lot of things (Score:2)
Hmm, Michael in Jail? (Score:2)
But I'm conflicted here, since you and I are fellow Censorware Project Members [censorware.org], and I'd hate to see a CWP colleague in jail.
Besides, since IAAL, you'd probably just try to mooch legal services from me, so I guess I'll pass on the opportunity. ;-)
Re:Don't you mean Virgil? (A bit OT) (Score:2)
So Publius Virgilius Maro would have been called Publius, or Publius Virgilius. His father's name would have been Maro Virgilius and whatever Maro's father's name was.
If Publius Virgilius had any sisters, they would have all had the same name - Virgilia. Yep - the female form of the family name. If there were more than one, they would have had nicknames of some sort, but technically...well...let's just say Roman women didn't have much in the way of name choice.
Here's another example, from one of the textbooks used in my Latin classes - Quintus Horatius Flaccus. The fifth son of the flabby man. You're probably familiar with 'Horace', right? Same guy. We know he had four older brothers (else why the 'Quintus'?). And any female siblings he had would have all been named 'Horatia'.
What I don't understand is why people feel they have to shorten or mutilate the Romans' names... I mean, sure, I can understand referring to a person by their surname/family name. But why change it?
And don't even let me get started on the butchery done to Latin poetry when it's 'translated' into English. So much is lost and changed that reading it in the original Latin is a completely different experience.
Related links (Score:2)
Only if you're slick about it (Score:2)
Of course, there's nothing stopping someone from splitting an MP3 into several files, a la Usenet pr0n.
---
Zardoz has spoken!
Re:Not again... (Score:2)
I have the noble and heroic story of the noble hero (Y) and the constituition of the contitutional country (Z).
Y is encrypted with B to give C. Z is encrypted with A to give D.
The secret society seeks to ban X. Obviously they can't ban A. A isn't part of X. A is an important part of the constitution (Z). They can't ban B. B isn't part of X. B is part of a piece of famous legend (Y). C and D have nothing to do with X, so they're safe. It simply means that no data can be removed because all data is dependent on all other data. Of course, by XORing everything with everything you could find everything thats hidden. But so what? What can you do with it?
Distributed Hosting Problem (Score:2)
In order to fully protect the hosts, the system would need to perform some form of redundant striping across the entire network. That way, I would only have a useless portion of a file along with symbolic links to the locations where the remainder of the file could be downloaded. If I only have part of a file, that is useless without the other portions, then I am doing nothing illegal.
How Publius' enemies will try to destroy it (Score:2)
Re:Don't you mean Virgil? (Score:2)
The Romans had a very, very limited number of first names, only about 30 in fact. Some of them were stunningly unoriginal; Quintus and Sextus, for instance, literally meant fifth son and sixth son. That means that there were a truly massive number of Romans who were named Publius, like Publius Cornelius Scipio Africanus. In fact, there was a terribly severe degeneracy of full, proper names among the Romans so that many famous Romans wound up with four or even five names in order to be uniquely identified.
It was very popular in the Revolutionary and post-Revolutionary period to draw deliberate parallels between the colonies/U.S. and Republican Rome. There was a popular comparison between George Washington and Cincinnatus, for instance. The name Publius was probably chosen by the writers of the Federalist papers because of the obvious Roman connotation and because of the similarity between the name Publius and the idea of being in the public interest.
The people who created the Publius project are the ones who mentioned the use of the name by the writers of the Federalist papers, not the folks at Slashdot. I think that it's a pretty clever idea, as it does a good job of pointing out the need for anonymous publication. After all, it will be very tough for some politician in Washington to come down against an anonymous publishing system that deliberately evokes the Founding Fathers' own belief in the occasional need for anonymity.
Re:Freenet encryption (Score:3)
There is one drawback to splitting files--if you have all the pieces on your machine, it's pretty likely that you intentionally retrieved or posted the file. From a deniability perspective it might be better to have a number of standard sizes for whole files.
Re:Not again... (Score:3)
Something as simple as planning for secure tunnels through HTTP is not going to work because those accesses will stick out like a sore thumb among normal network traffic in restrictive environments. The presumption will simply be that if you use any such mechanisms, you must be doing something bad.
One way I see to address this problem is to design protocols such that everybody accesses the Web in a way that content is encrypted and distributed. But unless we can engineer a very good business reason for that, it won't happen because it's more expensive and more complex than the simple-minded plain-text HTTP approach being used right now.
Publius? Enigma? (Score:3)
http://www.tapscott.com/~robp/enigma.html
A hoax, maybe, but there are a few odd sound cues in the "Division Bell" album ("the cave" snd the odd counting during "Lost for words"). And during "Another Brick in the Wall pt.2" (from a ealier album) there are sound effects near the end of the song of kids yelling. At 3.47, one kids yells something that sounds like "Enigggggma!". It's wacky, man....
DeCSS (Score:3)
Some Centralization (Score:4)
From my quick read of the article, it appears that although the data is copied onto numerous servers, there is still some list of central servers.
If, like the gnutella system, it can be total distributed, and no central server(s) (to attack), then it is a good thing(tm). However if like napster or IRC servers, there are a specific list of central servers, which doesn't change often, then there can be points of attack (legal attacks I'm meaning).
Freenet is (afiak) totaly distributed, and the data is spread accross many many servers (run by clients, like gnutella), which in my opinion is a good thing(tm). Each server can only see that a client is downloading some random chunk, and never sees the entire file. So I can download mp3s without any of the servers I'm getting them from knowing what I'm getting.
I'm not sure if the content on freenet servers are encrypted at all, so it might be obivous if you have a chunk of a file on your server that has an MP3 header in it, that people getting that chunk are getting an mp3.
If this system works like freenet, but offers encryption of the content, then that would be a very very good thing(tm).
The sort of system I'd be looking for is something where:
Files are split in small chunks, and the chunks are distributed to many servers, with many duplicates (eg serverA and M may host the same chunk of the same file).
Files stored on the server are encrypted. The key is stored in part with the server. (eg to get the whole key, you need to get the whole file, from different servers
Its impossible to tell what the name/url of the chunks you have on your server are.
Totaly distributed (like gnutella), with enough redundancy that almost all files are available online right now.
May be a pretty difficult system, but as I said, AFIAK, FreeNet is something close to this.
---
Re:Not again... (Score:4)
I believe you're missing the point. After reading the Publius paper [nyu.edu], I have these points to offer:
So, Publius can't defend against that sort of attack, but assuming the publisher does indeed manage to get his data published anonymously, perhaps through the use of anonymizers (which is what Crowds is) or encryption like SSL, his anonymonity cannot be broken. That is the point of this system.
There's a lot more in this 14 page paper--it's very rich. It particular, it examines the attacks that an adversary could make against Publius and what safeguards could be put in place.
The most important thing, and I can't emphasize this enough, is that these guys have a system. This is not some theoretical, pie-in-the-sky wouldn't-it-be-nice dream, like the XOR business was. They have the details and mechanics of publishing, retrieval, and updating worked out. You may read the paper yourself if you don't believe me.
Unfortunately, I'm in no position to evaluate the strength of the crypto here. I would very much like to see someone with knowledge in this area come forward with an opinion after having read the paper.
Jonathan David Pearce
Take Privacy into your own hands... (Score:4)
"The internet was not, and still is not designed for privacy. Your privacy is your problem, so YOU take care of it."
And he's right. Anonymity, and Privacy go hand in hand. Want to be anonymous? It can be done through YOUR actions. Want privacy? Don't plug in a computer you store your SSN on to the 'net.
The issue of censorship, and free speech, especially on the internet, is easily remedied. First, know that by posting something on the internet, you create LOGS. And with LOGS, YOU can be found out. As long as you are who you say you are...
Authors of yesteryear who published anonymously, or under assumed names did so knowing that what they wrote, and stated could possibly be traced back to them. For them, it was a way to express their ideas, without blatantly telling someone who wrote the article.
The resoures available on the internet today are far greater than those of yesteryear. (Unfortunately, the techniques used to track someone down are better too) Privacy an Anonymity can be obtained through careful planning, thinking, and actions.
If you want the "net-life" of a spec op, you better damn well start acting like one.
krystal_blade
Re:Not again... (Score:5)
This is the vulnerable point in every such scheme I've seen. The "recipe" which gives you the decrypted data has to be held in an identifiable location, and that location is therefore vulnerable to being shut down. Whilst the law seems pretty undecided on whether HTML linking is equivalent to publication, I'm pretty certain that this much more specialised kind of link is going to be counted as the publication. A better way of describing it might be as the "key" to the data. Either way, thats the weak link in the whole scheme.
On the subject of the various forms of abuse, any system which can withstand the unfriendly attentions of a dictatorship will be wide open to this kind of abuse, because our police have to abide by civil liberties while those in a dictatorship can ignore them. Hence if you can use it to publish banned data in a dictatorship then you can always use it to publish banned data in a democracy.
The real way around this problem is to site the servers in democracies and then design protocols to make it very difficult to block access from the dictatorships short of shutting down foreign access altogether. This is probably best done through proxy servers that tunnel secure data through HTTP.
Paul.
Not again... (Score:5)
Remeber the last anti-censorship system on
Alice wants to share scientology secrets with the world. Alice looks around, finds Bob's chunk of random data, and XORs the scientology secrets with Bob's data. (In a real situation, she would also use Barry's, Bonnie's, and Billy's, but let's keep it simple). Then she gets her friend Christine to publish to usenet (or whatever) "Hey look: Alice xor Bob = Secrets!"
Helena Kobrin (scientology lawyer) drags Alice and Bob. Alice says "I put random data up, Bob XORed Scientology secrets with my data." Bob says "I put random data up, Alice XORed Scientology secrets with my data." Mathematically, there's no way to tell who did it. There's also an easy way for both Alice and Bob to show that their data is innocent - just have Charlene and Darlene xor bits of the bible with Alice's and Bob's data, respectively, and say "We were just (independently) trying to get the bible into Iran/China/Libya..."
Anyway, this "Eternity service" doesn't have anything like that. Here, Kobrin will say "Is there anything else that this data could have been?" and "Could these have been key shares to any other data?" Alice will have to say "No."
At best, Alice is an ISP - and under the DMCA, she'll have to take it down until it's proved non-infringing (never). In the XOR system, all she needs is Charlene to prove it's innocent.
That's my 2 cents, anyhow.
-Dave Turner.
No, this can't store mp3s (Score:5)
(emphasis mine)
It looks like this was designed to specifically avoid mp3s and pr0n. Probably, they wanted this to be more similar to the original, anonymous federalist papers in that it is more intended for writings that may be offensive to the government of the writers' respective countries. Of course, in the U.S. it will probably just fill up with instructions for bombs and drugs. But one of the prices you pay if you host anonymously is that you take the chaff together with the wheat.
New Slashdot Poll Topic... (Score:5)
Who would you most like to see in jail?
1) CmdrTaco
2) Hemos
3) michael
4) Jon Katz
5) Roblimo
6) Janet Reno
7) Bill Gates
8) everyone at Intel
9) Jack Straw
10) Metallica
11) Hemos' new wife, CmdrTaco's gf, and Natalie Portman, in a prison shower scene like in "Caged Heat"
12) Cowboy Neal and Whalen Smithers, in a prison shower scene like in "Cellblock Cumpanions"
Of course, poor Jon Katz would win, even though in our hearts we all know we want that prison shower scene with the girls. Except for the ten percent of us who studies say would want to see the Cowboy Neal/Smithers scene...