Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Communications Encryption Government

Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor (softpedia.com) 179

An anonymous reader writes: David Chaum, father of many encryption protocols, has revealed a new anonymity network concept called PrivaTegrity. Chaum, on who's work the Onion protocol was based, created a new encryption protocol that works as fast as I2P and the Onion-Tor combo, but also has better encryption. The only downside, according to an interview, is that he built a backdoor into the darn thing, just to please governments. He says that he's not going to use the backdoor unless to unmask crime on the Dark Web. Here's the research paper (if you can understand anything of it).
This discussion has been archived. No new comments can be posted.

Crypto Guru David Chaum's Private Communications Network Comes With a Backdoor

Comments Filter:
  • two thoughts... (Score:2, Informative)

    by Anonymous Coward

    1. Is anyone going to trust something with a backdoor?

    2. who's ?

    • by arth1 ( 260657 ) on Sunday January 10, 2016 @12:06PM (#51272597) Homepage Journal

      1. Is anyone going to trust something with a backdoor?

      Everyone who doesn't know about it or have no clue what a backdoor is, or what it implies. That includes an awful lot of BAs with purchasing decisions.

      2. who's ?

      It's based on the Baba O'Riley protocol.

      • There's a ton of discussion elsewhere (ie, g+), and the Wired article completely misses that he's assuming we know about a classic (and cool) solved problem in computer science, "byzantine generals with collusion".

        I suspect it will be attractive to anyone who could lose their master key of a sysadmin quits, and unattarctive to the security services, who don't want to ask for or honour court orders (:-))

      • It the backdoor is immutable, it means that a first discovery of it's entrance is available to all.

        If there is to be a backdoor, then it must change with every encryption, and it must not be detectable because of a consistent pattern of access.

        Two successive encryptions of a same file should produce different results and different backdoors.

    • by Anonymous Coward

      Who decides what is a "crime"?

    • 1. That's what they want to find out.

      2. Anyones if no one cares.

  • by Anonymous Coward

    No way am I trusting Chaum. I'm no chump

  • Interesting - (Score:2, Interesting)

    by Anonymous Coward

    When PrivaTegrity’s setup is complete, "Nine Server Administrators" in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.

    • by Anonymous Coward

      If you can trace criminals you can trace dissidents and political opponents. Anonymity is difficult enough without it being broken by design.

    • by AmiMoJo ( 196126 )

      There are two possibilities:

      1. All countries friendly, so worthless to the users

      2. US court says yes, Russian court says no, so worthless for the government.

      Spot the common feature.

    • Re:Interesting - (Score:4, Interesting)

      by epyT-R ( 613989 ) on Sunday January 10, 2016 @06:44PM (#51274551)

      and this would protect against groupthink powered populist witchhunts how exactly? These days, most governments are more than willing to 'cooperate' when dealing with dissent in any one of their countries (eg: multilateral surveillance to get around civil protections). It would be relatively easy to put the squeeze on those nine people. It's hard enough to both design and implement crypto correctly as it is. It's a waste of time to bother implementing purposely compromised crypto.

    • by plover ( 150551 )

      Three keys for satellites up in the sky
      Seven for the hackers, in their mommies' homes
      Nine keys for sysadmins in collusion with the spies
      One for the Dark Lord, in his Oval Office.
      In the land of Bruce, where the Schneier lies.
      One key to crack them all, one key to find them
      One key to bring them all and in the HSM bind them.
      In the land of Bruce, where the Schneier lies.

  • Private citizens who care won't use this because they care about not having their communications intercepted.
    Big bad government won't use this because they care about not having foreign intelligence intercepting their communications, but will happily spy on anything they can get.

    Botnet operators rejoice at the birth of another avenue for hard to kill C&C.

    • The key requirement for a global communications system is interoperability. You need to be able to talk with anyone you want/need, without great difficulty. The traditional solution is a central command/control hub that is susceptible to spying. People are still working on a decentralized system that isn't.
  • by Anonymous Coward on Sunday January 10, 2016 @11:57AM (#51272545)

    Just telling everyone your software has a backdoor is the same spending all of your development time masturbating. No-one is going to use this crap.

  • Is he claiming he found a way to safely have backdoored communications?
    • by Skewray ( 896393 ) on Sunday January 10, 2016 @12:07PM (#51272605) Homepage

      Is he claiming he found a way to safely have backdoored communications?

      Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

      • by hawguy ( 1600213 ) on Sunday January 10, 2016 @12:27PM (#51272687)

        Is he claiming he found a way to safely have backdoored communications?

        Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

        Or, another way to put it, a government needs to compromise only those 9 users to gain unlimited access to all encrypted communications through the system.

        • by Anonymous Coward

          Or, to put it another way, it's got to be some seriously insanely important thing to get Russia and the US to agree.

      • Every spy agency, then, would see that they could monitor sensitive communications simply by collaborating with other spy agencies?

        • by Skewray ( 896393 )

          Every spy agency, then, would see that they could monitor sensitive communications simply by collaborating with other spy agencies?

          Not some of them, but all of them. No one trusts the USA, but if you had to get Norway on board, life as a spy might be more difficult.

      • by nbauman ( 624611 )

        That's like the UN Security Council. If China, France, Russian Federation, the United Kingdom, and the United States agree, they can do what they want.

        That would probably mean their police agencies deciding among themselves.

        Let's look at real cases.

        If you had a news service, like Wikileaks, that managed to annoy all of them (as a good news organization should do), they could agree to go after that news organization.

        And what are the politically-correct grounds for using the back door? Child pornography? Huma

        • by Skewray ( 896393 )

          That's like the UN Security Council. If China, France, Russian Federation, the United Kingdom, and the United States agree, they can do what they want.

          That would probably mean their police agencies deciding among themselves.

          Let's look at real cases.

          If you had a news service, like Wikileaks, that managed to annoy all of them (as a good news organization should do), they could agree to go after that news organization.

          And what are the politically-correct grounds for using the back door? Child pornography? Human trafficking? Tax evasion? Drug dealing? Bribery? Terrorism? Capital crimes? Weapons of mass destruction? Waging war?

          What if Miss "A" claims that Julian Assange raped her on one night, though she had enthusiastic sex the nights before and after?

          Yup. I think you summarized it pretty well. However, the point is to provide a channel of secure communication that requires a relatively high barrier to overcome. The alternative is for these same governments to ban secure communication completely. You make the call.

      • Re: (Score:2, Interesting)

        by negRo_slim ( 636783 )

        The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on.

        I can't believe you could be that naive.

        • by Skewray ( 896393 )

          The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on.

          I can't believe you could be that naive.

          Look up the definition of "probably."

      • Is he claiming he found a way to safely have backdoored communications?

        Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

        Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

        As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

        You place too much confidence in government doing the right thing.

        • by Skewray ( 896393 )

          Is he claiming he found a way to safely have backdoored communications?

          Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

          Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

          As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

          You place too much confidence in government doing the right thing.

          Actually I have absolute confidence that most governments will do the wrong thing. But if a system exists for which a diverse set of governments must agree, then doing anything, right or wrong, is more difficult. Not impossible, just difficult.

          • Is he claiming he found a way to safely have backdoored communications?

            Not sure what "safely backdoored" means. The system is spread out amongst many different countries in such a way that many different governments must agree to use the back door. If the USA, the Netherlands, and Russia can agree, for example, then it is probably criminal investigation and not spying going on. I reviewed many of the early drafts of this paper. It's pretty cool.

            Just because something is criminal does not mean it should be criminal per our system of morals and ethics. Free speech in China or Saudi Arabia, for example.

            As well, governments will cooperate on issues that may not be illegal but are inconvenient to them, for whatever reason.

            You place too much confidence in government doing the right thing.

            Actually I have absolute confidence that most governments will do the wrong thing. But if a system exists for which a diverse set of governments must agree, then doing anything, right or wrong, is more difficult. Not impossible, just difficult.

            Point taken - I just don't think it's going to be very difficult at all to find drivers for nine governments to agree on. I figure that for the majority of requests made by a particular government for information on a particular person, the other eight are most likely to not give a shit at all and will just provide the keys and say "you owe me one".

    • by dissy ( 172727 ) on Sunday January 10, 2016 @12:31PM (#51272705)

      Is he claiming he found a way to safely have backdoored communications?

      Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message.

      Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

      He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

      So far as the axiom holds that "technology can do nothing except enforce a policy" - he is correct.

      The question remains about those policies of course, not just at the time the nine servers are deployed and used but also for all time into the future.
      Something he states no opinion on, which is also probably wise. My own cynicism has great doubts about that as well.

      It's also worth pointing out that at least in the alpha stage of testing the protocol is currently in, this backdoor really is a "US backdoor", as for testing purposes all nine of those key servers are hosted within amazon cloud, so all under control of the same government.
      During development testing this is fine, but the people testing the protocol should be absolutely aware of this fact. Test the other aspects of the protocol, assure the protocol as implemented matches exactly the theory. Find and fix bugs. But it is not to be used for trusted communications yet.

      The next major hurdle of course is the very policies that need to be drafted and in place before the servers are codified to enforce them.
      You know how governments and policies can be some times. It very well may be the case the policies never actually make it to a state anyone agrees is worth using, making the protocol a bit useless, even if not at the fault of the protocol itself.

      • He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments, it would follow that all nine of those governments must then agree the message in question needs to be decrypted.

        What if one of those "democratic governments" is the U.S.? Then it is just one government sending eight agents overseas, each with a $5 wrench, to "persuade" the other operators to "agree" that the message must be decrypted. They don't need to go to those governments, they just need to get the guy sitting at the terminal.

        • by dissy ( 172727 )

          What if one of those "democratic governments" is the U.S.? Then it is just one government sending eight agents overseas, each with a $5 wrench, to "persuade" the other operators to "agree" that the message must be decrypted. They don't need to go to those governments, they just need to get the guy sitting at the terminal.

          Agreed.

          Maybe if all the people claiming to be the "good guys" actually followed the rule of law, that may not be a problem. But unfortunately that is not the case so we will never really know.

          It would be great if the US, and in fact all of the "5 eyes", were not included due to not being democratic, but I don't expect for a second that will be the case.

          A second best option would be for the "5 eyes" to count only as one, but that is still vulnerable to the lack of rule of law as you point out.

          The guy making

        • You haven't studied history, particularly regarding the Cold War or even the more recent NSA+Russia+Germany+UK+China intelligence exchanges. The governments do not need to agree on anything yet they come to an awful lot of agreements. Captured spies were continuously interchanged as did communication between the administrations. All the public ever saw was a "Cold War" where governments didn't talk or agree yet in the background they collaborated quite often to their mutual benefit. If governments control t

          • Today Russia and the US agree on nothing in private or in the public domain. Both sides have backed themselves into a corner where any maneuver towards a reconciliation in relations is nearly impossible. The Cold War era looks like a love and admiration festival when compared to today's international relationships.

            • by guruevi ( 827432 )

              Publicly perhaps. In 2010 they did a really large spy swap and more recently did Russia and Estonia (a close US ally).

      • How can we trust that there isn't a deal (perhaps made under duress) to give one of those countries access to all keys in secret?

        • by dissy ( 172727 )

          How can we trust that there isn't a deal (perhaps made under duress) to give one of those countries access to all keys in secret?

          Like I said, you can't trust that.

      • by Kjella ( 173770 )

        Nope. He is claiming he has implemented a method requiring multiple key servers to unanimously decide to work together to decrypt a message. Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

        So far so good. But there's only two ways this works, either it's closed source, black box and absolutely not to be trusted or you can do:
        // encryptForTheNine( decryptionKey )
        encryptForTheNine( someString() )

        At least I don't know any algorithm that can prove the correct decryption key is embedded without actually decrypting the message. So you go through nine jurisdictions, get a court warrant in each and find the decryption key is 0xDEADBEEF. Then what? It only works if you make tampering with the backdoo

        • by dissy ( 172727 )

          At least I don't know any algorithm that can prove the correct decryption key is embedded without actually decrypting the message.

          On the technical side this does exist and is quite possible.

          It is known as Secret Sharing [wikipedia.org]
          One example algorithm for this is called Shamir's Secret Sharing [wikipedia.org]

          Now I admit I didn't do more than speed-read the first bit of the linked paper for this protocol, but at first glance it looks to utilize three separate "encryption wrapper" stages, where having a known static key embedded would only defeat one of those three.

          I can't say if that is enough to do as you claim however maybe you're right.

          So you go through nine jurisdictions, get a court warrant in each and find the decryption key is 0xDEADBEEF. Then what?

          On the political side,

      • ... and > 9 "democratic countries" fell for the falsified "weapons of mass destruction evidence" the US presented to lure them into supporting the Iraq war.
      • Is he claiming he found a way to safely have backdoored communications?

        He then suggests in his opinion that if those nine servers are spread around the world such that one is in control of by different democratic governments

        I see a flaw right there. 'Democratic governments' tend to be in each others pockets.

        Make one of them in North Korea and then maybe we've got a workable system.

      • The next major hurdle is convincing people to actually use this. Regular users who have no clue will just stick to FB messenger etc, which doesn't have end-to-end encryption and isn't going to get it. And people who understand how it works and care about their privacy would never use something like this.

        The only way this would be even remotely useful is if governments actually start banning services with no backdoors. But if they do, I very much doubt they'll stop at "backdoor, but requires cooperation of o

      • Specifically there are nine servers, all of which must be used together. If 8 of the 9 wish to decrypt something but 1 chooses not to assist, the message can not be decrypted.

        Hello other Eight...I will decrypt whatever you want if you decrypt whatever I want.

        Also I have pictures of your family in compromising positions so let's just work together on this.

  • Worthless. (Score:1, Interesting)

    by Anonymous Coward
    "What you can do, your enemy can do". "Security" doesn't happen when you have backdoors, for anyone, period.
  • Oh yes! The world will be a better place when governments are aided by secure communications developers in fighting crimes like apostasy, being gay, etc., and whatever new "crimes" might be defined out of thin air in the future.

    I'm sure the criminals that will be brought to justice, and hanged, shot and stoned will understand the wisdom of this move.

    In other words, what a simpleton.

  • So basically.. (Score:4, Insightful)

    by Ostrich25 ( 544788 ) on Sunday January 10, 2016 @12:39PM (#51272737)
    What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.
    • by Skewray ( 896393 )

      What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

      So you would prefer to trust someone that promises that there is no back door (like, say, Juniper, AT&T, etc), or someone that states up front that there is one that requires multi-national agreement to use?

      • by Anonymous Coward

        No. Your jumping to a conclusion that there isn't also another solution which is freedom friendly and the sources/protocol is open/available. I'd rather have something that is not back-doored and is open and trustworthy.

    • Re:So basically.. (Score:5, Insightful)

      by swillden ( 191260 ) <shawn-ds@willden.org> on Sunday January 10, 2016 @06:14PM (#51274419) Homepage Journal

      What I'm taking away from this is that anything David ever has made or will make in the future should not be trusted.

      While I'll grant that the you're partially justified by the ridiculously bad summary, your takeaway is dead wrong.

      First, having just skimmed through the article and the (very interesting!) paper, let me point out why the summary is ridiculously bad. Chaum's protocol does not include a backdoor, and certainly not "just to please governments".

      What Chaum did was to describe a really cool anonymous routing and communications protocol, with a number of highly desirable properties. The biggest one is that his protocol is designed to be secure against nation state access, unlike Tor. It should also be quite a bit faster than Tor because communications require no public key cryptographic operations; everything is done with very-fast symmetric crypto, building on top of a precomputed homomorphic encryption. Making this scheme work, though, depends on the existence of a trusted third party (TTP).

      In general, relying on a TTP is problematic in contexts where there isn't any obvious person or organization who could be trusted. And for a global communications network that will be used by lots of people and which many governments might like to penetrate, and which in fact is specifically focused on trying to prevent penetration by nation states, there clearly exists NO such single party.

      Chaum's solution to the problem of how to trust when no one is trustworthy (a common problem in security design, actually) is to distribute the trust (a common solution, though Chaum's implementation is particularly clever). By arranging things so that the TTP role is spread across many different nations, each of which is fairly trustworthy except in particular areas, and selecting those nations so the areas in which they're untrustworthy are different, and designing the cryptography so that any abuse of the TTP role requires willing participation of 100% of said nations, it may be possible to construct a TTP which is trustworthy in the aggregate, even though no individual member is fully trustworthy.

      This is a very clever solution to what I would have said is a completely intractable problem.

      • His answer is the same as the founders of the U.S. Constitution: balance power with power, and RELY on actors to work only in their own self-interest. Competition among equals is a feature, not a bug.

      • by AmiMoJo ( 196126 )

        It's clever, but it has a huge weakness. Say you distribute the TTP over 9 severs in different countries. Sounds good, but what you really need is 9 administrators in different countries who are unlikely to collude. If they do ever collude, you are screwed. Also, if they all get hacked, you are screwed. Considering what we know of NSA/GCHQ hacking, that isn't an insignificant risk. They would be targeting any servers involved in something like this with zero day exploits, HUMINT and more.

        So while it might h

    • by mysidia ( 191772 )

      I would say look to his straight-up crypto work/research as useful/interesting, and he did much useful work there, but I think in terms of proposing technology for Consumer usage / addressing political issues I think he was out of his league.... E.g. Digicash failure.

      Not having the good sense to recognize that people concerned enough about privacy to encrypt their messages want end to end security of communications, not a backdoored communications network.

  • It's sad (Score:3, Insightful)

    by Opportunist ( 166417 ) on Sunday January 10, 2016 @12:53PM (#51272795)

    With deep sorrow we announce the departure of another great security guy we once had. You will be missed.

  • Then anyone using would likely have to be coerced to use it. Then when some piece needed to be decrypted the likely result would be a message encrypted with another tool that the user has done their damnedest to ascertain has no back door.

    Wow good job, we've found a way to bloat data packets even further. Up the bandwidth!

  • Mr. Chaum has clearly underestimate the resolve of governments around the world. If needed, they will coerce the holder(s) of the key(s) to get what they want. Anyone that has even part of the key to the backdoor is going to put a giant bull's eye on themselves and their loved ones.

    a better idea would be to take the improvements made and upgrade the Tor protocol.

    • by AHuxley ( 892839 )
      Yes the 1950-90's is filled with stories about 5 eye nations getting to complex hardware codes used by a lot of nations embassies.
      https://en.wikipedia.org/wiki/... [wikipedia.org]
      Within advanced factories in "neutral" nations the issue was worked on until the Western powers had plain text from every complex crypto device offered for sale.
      Western governments do not stop until they have the plain text from any product or service on the market as designed, sold, used and upgraded over any decade.
      The UK has its "Draft Com
  • Kudos to David or disclosing that but what was he thinking adding in a backdoor?

    Sounds like he hoped to cash in on some government contracts (possibly some sales for CEOs looking to snoop in on employees) but the fact is companies selling equipment and software with back doors on balance are losing market share globally due to national security concerns (ask tech companies like Cisco that were in bed with the NSA how their sales are doing in China these days)

    Over the long term communications software with

  • by jcr ( 53032 ) <jcr@NOSpAM.mac.com> on Sunday January 10, 2016 @01:05PM (#51272865) Journal

    There's a term for that in data security circles. That's what we call NOT PRIVATE, for fuck's sake.

    -jcr

  • LOL, err, I mean, "NO".

    Sorry, I don't know who he'll trust or what he'll use it for. I also don't know that Bad Guys(c) won't be able to break into it.

    And by "Bad Guys" I mean the NSA/CIA/FBI as well as the friendly folks from the Russian Business Network [wikipedia.org] or other criminal organizations.

  • Doctor Who's work on the onion planet of Spinthoz was limited to an unofficial visit, which means there were no welcome protocols involved.

    http://tardis.wikia.com/wiki/O... [wikia.com]

  • by LifesABeach ( 234436 ) on Sunday January 10, 2016 @02:25PM (#51273275)
    1. Get a copy of the PrivaTegrity,
    2. De-compile it
    3. Analise product
    4. Remove Back Door.
    4.1 Put a new back door in it?(this part never gets old)
    5. Miller Time.
    • by Skewray ( 896393 )
      PrivaTegrity does not attempt to guarantee endpoint safety. Only once the information enters the private network. Your device (eg phone) and the app running on it are always fair game.
    • by mysidia ( 191772 )

      My understanding is the so-called "backdoor" is inherent to the way the cryptography works --- it's not so much a backdoor, as it is a disclosure that if all the servers keys become known, a third party could break the privacy; "backdoor" is just a consequence of the design that is also what causes the performance improvement, and knowing what the "backdoor" is does not allow it to be removed (without you having to design a new protocol and altogether new system).

  • It's fucking centeralized, no shit it has a backdoor. geniuses.
  • by Flytrap ( 939609 ) on Sunday January 10, 2016 @02:39PM (#51273359)

    Chaum is also building into PrivaTegrity another feature that’s sure to be far more controversial: a carefully controlled backdoor that allows anyone doing something “generally recognized as evil” to have their anonymity and privacy stripped altogether.

    Whoever controls that backdoor within PrivaTegrity would have the power to decide who counts as “evil” - too much power, Chaum recognizes, for any single company or government. So he’s given the task to a sort of council system. When PrivaTegrity’s setup is complete, nine server administrators in nine different countries would all need to cooperate to trace criminals within the network and decrypt their communications.

    So... my question would be... Quis custodiet ipsos custodes? [wikipedia.org] who will appoint, monitor and document the decisions of these administrators and if necessary revoke their anointed status as the determiners of what is or isn't acceptable evil (e.g. is sharing a commercial movie evil enough to attract the attention of "the nine" [amazon.com]... how about a casual statement calling for the non-constitutional overthrow of a government... clearly child porn would be considered evil, but what would the cut off age be, 16, 17 or 18... would planning to blow up a public facility in a western country be more evil than threatening to blow up a public facility in a country already mired in a civil war)? Will they be accuser, prosecutor, judge and jury? who will take cases to them and which legal system will apply... can they be sued in the event that they err? what will keep them beyond reproach and will their decisions be made public? will it be possible to appeal their decisions?

    Lots of questions and no clear answers.

  • by Anonymous Coward

    Why would anyone bother to use it instead of PGP?

  • I love the smell of satire in the morning.
  • Nine governments in agreement sounds like an unlikely scenario regardless what the topic is.

    Except where there is something in it for them. Like when they say if you agree to open the door when I want something, then I will open the door when you want something. Maybe we just all agree to leave the door open all the time for convenience.
  • Three Rings for the Elven-kings under the sky,
    Seven for the Dwarf-lords in their halls of stone,
    Nine for Mortal Men doomed to die,
    One for the Dark Lord on his dark throne
    In the Land of Mordor where the Shadows lie.
    One Ring to rule them all, One Ring to find them,
    One Ring to bring them all and in the darkness bind them
    In the Land of Mordor where the Shadows lie.

  • The fact is there are a lot of people who wish to do as much harm as they can. We have always had well-poisoners in our midst but thanks to current and near-future technology, their ability to do great harm to great numbers of people is increasing dramatically. I've said this before but here it is again. Tell me I am wrong:

    1) The number of technologies that can cause serious, deadly harm to humans and other living things is going up.

    2) The number of substantively different or novel attacks that technolog

  • by Anonymous Coward
    From the Wired article: "Chaum argues that PrivaTegrityâ(TM)s setup is more secure than Tor, for instance, which passes messages through three volunteer computers which may or may not be trusted."

    ...unlike this PrivaTegrity thing, which requires you to 100% trust a FIXED set of 9 volunteer computers (which apparently cannot be trusted not to collude against you). At least TOR's security model HAS into account the possibility of malicious nodes (which is the whole reason why messages are onion-encrypt
  • Now that the backdoor has been revealed, it certainly won't be considered as a TOR upgrade, and governments and individuals are now fully aware (or should be) of what a backdoor actually means will steer clear of it. We know of at least one government that will strong-arm the other 8 into doing whatever is asked of them. Let's hope Chaum's project dies an early death.

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...