Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Censorship Your Rights Online

CFP2000 - Freedom and Privacy by Design 41

The organizers of the next Computers, Freedom and Privacy conference, to be held April 4-7, 2000, in Toronto, Canada, are issuing a Call for Participation in a workshop entitled "Freedom and Privacy by Design" - how to use technology to bring about strong protections of civil liberties against governments and businesses that would censor or snoop. I plan to attend: give me some ideas!
This discussion has been archived. No new comments can be posted.

CFP2000 - Freedom and Privacy by Design

Comments Filter:
  • It seems to me that this is what the whole open source movement is all about. If we can feel that we have the same technology as the governments and big business, then we have much less to fear. I hope to see lots of Oss developers at this one!
  • by pb ( 1020 ) on Sunday November 21, 1999 @09:49PM (#1513596)
    Don't use telnet, use ssh. Got any sensitive e-mails? Time for PGP or GPG. (GPGPGP? Ahh!)

    Why, you say? I don't have any data anyone would care about? Well, you might be right, but don't use that business e-mail account for personal reasons if you care about your job. And remember that the company might be logging your web access too, checking it against company policy. Chilling, isn't it? It's practically standard procedure nowadays.

    Also, if you encrypt your stuff, and you usually have nothing to hide, and others do the same, eventually it gets much harder for anyone to snoop on the internet. They'd generally want to attack people who send unencrypted streams of data... Sucks for them. :)

    Also, some common sense: Don't leave any encryption keys lying around if you care about your identity. In the future, I'm sure this can only get worse, and not just for Sandra Bullock. And saying "encrypt everything" might sound cool, but alas there are a few places where it isn't a good idea for everything. Like slashdot, for example. I wish my user account / password was secure, that would be nice... (the lesson here: have a throw-away password for the WWW, since much of the submissions are in plaintext, or a reasonable facsimilie) But I could care less about the actual content of my posts, they definitely don't need to be encrypted as they are being posted to a public forum! Like so.
    ---
    pb Reply or e-mail rather than vaguely moderate [152.7.41.11].
  • by Deosyne ( 92713 ) on Sunday November 21, 1999 @09:57PM (#1513597)
    While it probably doesn't need mentioning, encryption is the best use of technology to prevent snooping. The problem with this is twofold, however: 1) governments and large corporations have access to resources far beyond what most folks can muster up, and 2) we really have no realistic idea of what government agencies are truly capable of doing; I mean, who really knows if the NSA hasn't found a way to make PGP its bitch? Yes, the chances are that the large businesses and governments of the world don't have the capability to defeat the encryption that we have access to, but do you want to risk your freedom on a maybe?

    With all of the ways that your privacy can be compromised, I really can't think of any other uses for technology that would assist in protecting privacy, especially since technological advances always improve the capability for someone to invade the privacy of someone else; when there are huge companies and governments who can churn out things like spy satellites, wiretaps and shotgun microphones, technology only seems to widen the gap rather than even the playing field. Of course, maybe I'm just paranoid. :)

    Yet somehow I doubt it.

    Deosyne
  • I've noticed that many privacy issues completely ignore the evils of directed marketing. I feel as though some ads drain my soul by desperately trying to grab my consumer dollars... Marketing and advertizing become a Privacy issue when they "taylor" their ads to meet my specific needs. (Instead of tayloring the service or product like they should do in the first place) This way, a marketing company can bend or try to squeeze in a product that would not otherwise fit what I want- so i wouldn't probably buy it. This doesn't apply to the more classic forms of promotions... it's these slimy "hey you... great deal" - "rebate" ... promotions that I feel invates my privacy... and is plane disrespectful. (Almost as low as phone marketing - you know, those ones that call right during dinner, or just as your leaving for work...)
    Of course it is a double edged sword (as some entertaining ads I look forward to) - and it does support "psuto-free" entertainment. The biggest issue I have is with the ability for "customized" web sites to sell (and make loads of money) off my internet behavior. (Alladventage at lease tries to pay me for it) I really HATE all those SPAM-like messages that try to entice "get rich quick" schemes that I'm sure many people fall for.

    If there was some "tool" that could filter out unwanted marketing techniques (even if it "compensated" the commecial dependant medias for the lack of advertising some how)

    - I believe that that as marketing techniques become more advanced... us "privacy" finatics (what are we hiding anyway) are going to be paying alot more attention to who finds their way into our pocketbook through "targeted" marketing, and less attention to those peeping through our email or computer files.

    In an ideal world, Privacy should be maintained by the privatee, not the "higher power"
  • by Aleatoric ( 10021 ) on Sunday November 21, 1999 @10:19PM (#1513599)
    can be undone, as well.

    Not that we shouldn't still make use of technological solutions where practical, but technology isn't really going to make a dent in the real threats to privacy, i.e. the end points of the chain.

    Encrypting the transmission media (for example) won't do much good if the other end of the transmission has no scruples about the distribution of the information that they receive.

    Unfortunately, privacy isn't about technology, but about respect. By and large, technological solutions aren't much more than stopgap measures, and will ultimately fail, unless we address the fact that to have privacy, others need to respect that privacy (and we need to respect the privacy of others, as well).

    I tend to be loathe to suggest any kind of government intervention, but in some cases, only the force of law will address the worst of the issues.

    By all means, we should use all technical means at our disposal to help protect our rights to privacy, such as encryption, some kind of provable authentication that doesn't require your life history to prove your identity, etc., but without a proper social framework that provides for privacy, and meaningful penalties for those that violate it, technology will be of only limited use.
  • Ummm... I wasn't aware the government was developing software. And since when is it about what a small % of population (we) care about. A couple days ago at school I heard this: "I took a look at that Linux thing, and I don't understand it. They think it will beat windows and Im thinking yeah right."

    Face it, people still have little to know clue what Open Source is, they just now know that its there.
  • Well It's about time people got a clue. Privacy isn't about shame and vice. It's about being recognized as an individual (which newsjerks falsely equate with uniqueness). It's about having personal control over your time, lifestyle, and your FRREEDOM of ASSOCIATION. Laws are made to deal with exceptions, not to tell the whole world what to do.

    Consider the case of Harrison Bergeron (Vonnegut rules): He has an implant that prevents him from concentrating whenever he has illegal thoughts.

    Now say everything you do or say is monitored. Do you really think the game stops there? Remember we're talking about humans being the monitors. Paranoia doesn't die when a particular fear is resolved. Paranoia just shifts its focus.

    Sure, monitoring all phone calls will satisfy the majority of people working 40hrs a week completely detached scared to death of the world around them.

    It will satisfy them about a month, if the news stations could abstain from playing the fear card (NBC and Y2K ring a bell?). Most likely that'll be a week.

    Next you'll find that people are still afraid because the problem hasn't been solved and they know it. They know subconsciously that all that has happened is that they treated symptoms of fear and security agencies have made a killing.

    So what next? Speculative profiling. Gateway thoughts (similar to that farce the gateway drug).
    Attitude adjustment counseling.

    So what's wrong with checking up on people? IT'S RUDE. It doesn't merely show a lack of class, but also it shows a lack of respect. You are a permanent suspect from the day you're born. You have no dignity. But the worst part is this:

    IT IS DISRUPTIVE. Expressing an idea, producing a work, making a product, and being able to have stress-free periods to do so requires that you are not interrupted. It requires that you are not spending 90% of your time second guessing yourself wondering whether your work violates some vaguely defined votemagnet law.

    It gets so ridiculous that such harrassment can be used in place of actually infringing on people other rights because it is so disruptive it hindrance in the same way as actually infringing on their rights.
    "Computers should be ... tools... (siglim 120 chars)" Like cars... to the office no more no less.
  • Might be time to set up that Cryptomiconon-style offshore anonymizing data haven .... and run everything thru there

    Seriously though I think there's going to be a need for anonymized access to web sites and other net resources - so we can give away our email address without getting spam, our credit card information without getting ripped off, our home address to get something shipped without getting paper spam, our IP address so we're not being tracked around the net, use our SSN without it being being passed around, use our DNA without it affecting our medical insurance rates etc etc

    And it has to be done a way that's proactive from our point of view - ie we don't depend on other people that we have to business with, (like the medical insurers, or the retailers or ....) who don't put our best interest ahead of theirs, to be nice to us and respect our confidentiality - gotta start using protocols (net, commercial, social, ...) that don't give them any option

    These are difficult technical and social problems.

    I suspect that what it comes down to is that we're going to need some reputable 3rd parties (those datahavens) to proxy our transactions for us.

    At some levels we already have these - the big companies that sell financial (credit) and medical information about us - today they don't have our interests at heart either - somehow we have to find a way to take back ownership of our data.

    I know Europe has stricter privacy laws than the US - anyone want to enlighten us on how they work?

  • can be undone, as well.

    Fool! hehe.

    I have just added several signed values that equal 10 (note signed means may include signs).

    Find the values to decrypt a message that you're not to open till xmas.
    "Computers should be ... tools... (siglim 120 chars)" Like cars... to the office no more no less.
  • As others have already said, encrpyt, encrypt and encrypt.

    May I also suggest some personal firewall type software, such as the late Atguard. (Now another part of Symantec)

    Cheers


  • by Paul Crowley ( 837 ) on Sunday November 21, 1999 @11:06PM (#1513605) Homepage Journal
    We have to make crypto easier to use, even if we sacrifice some security in doing so. Sure, for my most private communications I'd rather verify the public key myself or through a PGP-like Web of Trust, but for most mails it's still far better if I trust some DNSSEC-based database to bind an email address to a public key than if I don't use encryption at all.

    Of course, by "sacrifice some security" I don't mean we should start using shorter keys - the cost of long keys is not very much so we might as well use them - I mean "allow some possible attacks that more secure approaches might deny", such as trying to substitute a fake public key for the intended recipient's keys. These attacks are still far more expensive and difficult than pure eavesdropping attacks, which are relatively easy to thwart.

    Oh, and we shouldn't use SSH everywhere - SRP is the Right Thing for remote passwords, and again it's far more convenient for the users.

    When security measures become inconvenient, people circumvent them in ways that utterly defeats any security gained - like by telling people their password over the telephone. We have to make security so convenient people don't even realise it's there, and do the best we can in the environment that has real users in it. Those who know what they're doing can of course do better, but on the other hand those who know what they're doing are vastly outnumbered by those who *think* they know what they're doing.
    --
  • -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Yes, there is no pint in encryption, but since the accounts here aren't that secure (Do I need to say http), wouldn't it be a good point in signing the posts?
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v0.9.9 (GNU/Linux)
    Comment: Gnome PGP version 0.4

    iD8DBQE4ORydHeQ6HSAJlUwRAqUTAKCn/ITqImOtsnmml4KL 3LA6x1PYkACfcH3B
    4+cI0f+3goMU7wznkgj1lH4=
    =bwQw
    -----END PGP SIGNATURE-----
  • I'm skeptical if there is any magic-bullet proposal. It's not like this topic isn't discussed to death.

    Code is hard. Programmers are expensive. The sacrifices for civil-liberties efforts are substantial and the rewards meager, especially compared to the riches of attending to the needs of corporations.

    We all know "Crypto Good". Now what?

  • by MikeyNg ( 88437 ) <mikeyng@@@gmail...com> on Sunday November 21, 1999 @11:38PM (#1513609) Homepage
    It's not my quote. It's Larry Niven's. (And if you don't know Niven, head on over to library/bookstore. Go ahead. I'll wait.) My point is this: Lest we lose sight of the Big Picture, there are, in fact, several GOOD reasons why the government wants to invade privacy. In the worst-case scenario, people could operate covertly virtually under everyone's noses. I don't believe that a great number of people would want to give terrorists the opportunity to blow everything they have up merely because they felt insecure that the government was looking over their shoulder. I certainly do not advocate that the government (or any agency) should have ultimate power and be able to know absolutely everything about me. However, people must also consider the reasons behind the government's actions. To completely lock observers out of the loop is as dangerous as giving the government carte blanche. Who is to say where that limit should be? Before everyone gets in a uproar about encryption and how everything needs to be encrypted, and how we should keep Big Brother from looking over our shoulder, they should think what the consequences of such an action may be. As a final note, Niven has noted that the constant is not the same for each individual, or even for individual governments. If technology can find a way to increase the constant, I'm all for it.
  • I know Europe has stricter privacy laws than the US - anyone want to enlighten us on how they work?

    Germany has a federal law governing privacy, which applies to federal govermental institutions and all non-governmental institutions, including companies. There is state law governing all state governmental institutions, too, and it is usually stricter than the federal law. Privacy law came into existence in Germany as a response to a census in the Mid-70ies, where the Government asked some over-investigative questions and ran into a PR desaster. The law which came from this regulates mainly the relationship between the state as a data-collector and citizens. The relationship between companies and customers was not seen as the major problem at that time and was not as thoroughly regulated. This is changing at the moment.

    The basic idea behind all privacy law in Germany is that you cannot collect any data at all without stating clearly and in advance what data you will collect and - that is the catch - without stating beforehand what you will use that data for. It is a violation of the law to use such data for other purpose than specified.

    There is a federal privacy commissioner, who supervises federal institutions and (at the moment) companies and other non-governmental institutions. There are state privacy commissioners, who deal with state govermental institutions. The privacy commissioners are fairly independent and report only to the parliament. They have the ability to check about any personal data records anywhere, without stating that beforehand. Usually they do so because some citizen has complained about some irregularity and the commisioner is now investigating this. As a counterweight the commisioner cannot act directly upon his findings, but can only file a report, which will then be acted upon by other institutions, for example the Police, a prosecutor or somebody else, depending on the case. All privacy commisioners produce annual reports of their findings.

    The work of the commissioners is currently changing, as responsibility for companies and other non-governmental institutions is shifted from the federal commisioners to the respecive state commissioners. Also, some of the state commissioners (the "gang of 5") are begining proactive work such as technology evaluation, best-practice definition and sample implementations. The best-practice definition is particularly interesting, because privacy law requires that you use state-of-the-art techniques for privacy protection.

    There are some interesting alliances forming at the moment between the privacy commissioners and the federal ministry for commerce, as the ministry learned about the importance of trustworthy software in cryptographic applications and understood that only Open Source and peer reviewed software is able to generate this kind of trust. There are several projects coming up in Germany which involve cooperation between the privacy commissioners and the ministry, such as governmentally operated anon remailers, anonymizing web proxies, governmentally sponsored developement and distribution of the Open Source software necessary for this and other projects. These projects will fit nicely into a frame as sketched by the above CfP.
    © Copyright 1999 Kristian Köhntopp
  • I would suggest, as clarification:

    Freedom(of individual) * Freedom(of government) = K
    =and=
    Security(of individual) * Security(of government) = K2

    Add these two to get Niven's formula.

    The spooks's methods are not the only method of limiting and containing folks like that Abu dude. How 'bout some good foreign policy too? Try taming that Berlin embassy for one. ; ) I'd bet that int'l terrorism will subside as foreign policy objectives move to actual peace from East block containment. One must wait a few decades for the anger of many to subside tho'.

    Why is it that we (the good folks of the West) once spied mainly on the "enemies" of the West, but now we mainly spy on friends? Did we have too much cash to spend?

    The US case is where internal terrorism will likely be much more prevalent. Most of these (survivalists?) believe that their government is out to get them already--spying with systems like Echeon simply flame these fears.

    In short, the West can grant more freedom to its citizens and make genuine attempts to improve the well being of foreigners. Both cut at the heart of terrorism.

    cheers,
    Bobzibub.
  • Also, if you encrypt your stuff, and you usually have nothing to hide, and others do the same, eventually it gets much harder for anyone to snoop on the internet. They'd generally want to attack people who send unencrypted streams of data... Sucks for them. :)

    People who lurk around sniffing out plaintext messages and attacking them are usualy bored script kiddies. They are not something to worry about, unless you annoy your younger brother whos idea of a great retaliation is to post your logfile showing your access to www.spank-me-harder.com.

    Against serious attacks, be they privacy or denial of service, the average user has no defence except anonymity. To hide in the masses is a cowardly concept but it works. If noone knows you're there they wont seek you out and attack you. And before you ask, yes I am quite familiar with the 'It's not the voices of the evil but the silence of the good' reasoning and I agree with it. But on the net, if you want to stay somewhat safe, don't stick out. Just take a look at how many attacks are made on the FBI's net resources and how many on John Doe's@Xoom. Anonymity works.

    This brings us to the next point. Defending privacy on the net is not only a question of cryptography. The main problem is the usage of information that is gathered. If I wish to post in alt.binaries.terrorists that's my concern, but any ISP can, without threat of legal reprimand, enter my log and punish me by declining me their services. And that's a sanctioned privacy breech.

    The same goes for push marketing (see the article further down). It's the companies that log access that choose how they will use their information. And use it they do. Just check AltaVista, the ads they show are tailored based on which country suffix you're connecting from. This is a mild form of push marketing, but it's concievable that someone would store information on what you search for and correlate it against which ads you're most liable to click-trough. And once such databases are in place they become a real threat to the integrity of the average joe.

    But I do not believe that the situation is as bad as people are painting it up to be. If one thinks back to the 50s and the Communist paranoia, the 60s and the 'big brother' and later atomic war paranoia and the 70s with its drug wars, none of these problems were as bad as they were made out to be. The privacy issue on the internet will most likely go the same way, it's going to be present, and potentialy dangerous, but it will be forgotten for newer fears.

  • Anonymity is the human version of security through obscurity. You're fine until someone figures out what you're doing. :)

    I agree that on the internet, this can work well, and all of the Anonymous Cowards on slashdot and those darn 'cypherpunk'(s) who have accounts everywhere, and the deserted old computers doing anonymous re-mailing can rejoice. However, you'd better shut off all your ports, and hope that no one is scanning for interesting info... Staying anonymous can be fine for some people, but I consider staying uninteresting as both a good defense, and a horrible curse. :)

    Heh, AltaVista (av.com) also tailored their ads according to what you search for. And they didn't check the modifiers. So if you searched for something like: "paisely box -xxx", you'd get porn ads. Is that pitiful, or what? I think they fixed that eventually, but they still try to use your searches to show ads. (no, america, if you search for "mp3", they don't show you porn. ;)

    I'd worry a little, just because we found out in the 90's that big brother built a computer, and it really was watching us. Fortunately, the gov't has either been a little less corrupt than some members of Generation X-Files would like you to believe, or really good at covering their tracks. (Ooo, conspiracy theory! :) But the fact remains that there are spooks watching, and if they see something they consider strange, maybe they'll be watching you. So why show them anything at all?
    ---
    pb Reply or e-mail rather than vaguely moderate [152.7.41.11].

  • Heh, AltaVista (av.com) also tailored their ads according to what you search for. And they didn't check the modifiers. So if you searched for something like: "paisely box -xxx", you'd get porn ads. Is that pitiful, or what? I think they fixed that eventually, but they still try to use your searches to show ads. (no, america, if you search for "mp3", they don't show you porn. ;)

    I still remember a run in I had with a guy on IRC who was complaining vocally in a channel about Altavista running porn ads. He shut up pretty fast when he found out that the reason that he was seeing those adds but not the rest of us :-).

    Morality, thy name is hipocracy...

    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • by Hobbex ( 41473 ) on Monday November 22, 1999 @02:46AM (#1513617)
    Technology has been solving our social problems since its very inception, and shall continue to do so at an even greater rate. Nothing has been more important to the social solutions of freedom and democracy then the technology of information (going back to the original printing press, and even written language as a whole).

    In the case of privacy technology does offer a number of things that will help us. Secure communications and anonymous information access and sharing (go read about the mixmaster) have been made possible, and if there is call for it will become prevailent and easy to use.

    The problem is that the very technological innovations that help our privacy are exactly those under most attack by society. People advocate non-technological solutions to these issues not because they do it better, but because they offer less absolute privacy, privacy that can be fucked with given a court order or if enough people want to. With technology you have a situation of all or nothing, which society (in the form of our governments, but also companies and orgs (like RIAA, who would attack a truely free forum the second it came into being)) doesn't seem ready for.

    -
    We cannot reason ourselves out of our basic irrationality. All we can do is learn the art of being irrational in a reasonable way.
  • I keep reading a lot of vitriol being expended toward those companies that keep data on transactions that people perform with them. What I don't here is anyone defending the companies rights.

    Don't get me wrong here. I get irritated at corporate intrusion, too. The other day I had to threaten an AT&T telemarketer with a lawsuit. I was getting at least two calls a day from people wanting to know who my long-distance carrier was (as if it were any of their business).

    But think about it. If I buy a widget from Joe Schmoe, do I have a right to tell everyone that I bought a widget from Joe Schmoe? Can I tell people that the widget was good/bad/cheap/expensive... (e.g., can I give a review in a magazine)? Can I state publicly that Joe Schmoe was easy/hard to deal with? Free countries throughout the world claim the ability to do a product review as a basic right of free speech.

    If I can talk about a transaction that I have with Joe Schmoe, Inc., why can't Joe Schmoe, Inc. talk about it? You can say that it isn't fair because Joe Schmoe, Inc. profits from the information, but don't product reviewer's profit from the information they provide? How do we justify taking the right of freedom of speech from Joe Schmoe, Inc.?

  • This idea may seem harmful but I believe it is not. In fact a very similar thing is done now to hunt bugs in the commercial software. What if to launch several open-source projects aimed at making software to penetrate privacy. I mean, for example, developing toolkits and application for massive e-mail filtering, keystroke sniffing, instant messages interception and blah-blah-blah. I am sure that there are lots of people on /. who have ideas on what to do in technical terms. These should be classical open-source projects under least restrictive licenses and with good docs. As a result almost anybody will get an ability to penetrate privacy of almost anybody. But then counter-action will follow and various anti-eavesdropping software and hardware will be developed both by the open-source, commercial and government communities. And it will be much easier to do it than now because many of the attack methods will be known and well studied. Obviously, protection software will be able to fight not only open penetrating methods but also ones that are used now. This scenario can be extended to hardware specifications too. To avoid legal hassle the projects can be based in countries that would not preculed such activities (like in case with the encryption software).
  • Most of the posts I see here are concentrated on one issue or another, not looking at the big important issue. What it comes down to is this, we will not be free online until two things happen. A) When online we are granted the same freedom as we have walking down the street. B) We have the same rights involving our electronic data and communications that we have over our physical property and traditional communitcations media ie. the mail.
  • The problem with assuming the internet is an unassailable bastion of liberty, that it inherently "routes around censorship" and so forth, is that its human users reside in the physical world and are subject to physical coercion, such as losing their jobs, their homes, their freedoms, or (in extreme cases, in extreme locations) their lives.

    Others have mentioned the importance of very strong, easy to use encryption. This is important. However, I think a far better approach would be to design the underlying protocols to allow for transparent use of strong encryption, strong authentication, and double-blind anonymouty.

    This may sound at first absurd, the idea of having both strong authentication capabilities coupled with (ideally) unassailable anonymouty. However, the key is that one's cyberspace handle, while an authenticable on-line identity, should not be able to be matched up with a real-world, physical being without that person explicitly identifying themselves willingly and deliberately.

    Project's like "freenet" are important, though I would suggest going further and redesigning the lower protocols (e.g. an ip protocol - perhaps a variant of ipv6) which would incorporate these characteristics at the lowest level. Obviously this is not a panacea -- traffic analysis could for example be used to trace messages to a particular, physical location despite whatever electronic anonymouty has been designed into the system. These and other problems would of course need to be addressed. Even if they couldn't all be solved, a great many of our existing difficulties and vulnerabilities would be alleviated.

    I think that, as long as the technology makes an all-intrusive, omnipotent state possible, it is only a question of time (apparently not a very long time at that) before such becomes a reality. Echelon, the litigation of the RIAA and MPAA, the censorship imposed by the Scientologiest on their critics, and so forth, are only the tip of an emerging iceberg. Redisign the technology to make that sort of thing impossible, very, very difficult, or unacceptably expensive, and you go a long way toward preventing it from ever happening. After all, what good is a court order if the physical and logical infrastructure make it impossible to carry out?
  • Before we discuss computer privacy and civil liberty issues we have to discuss some even older civil liberty issues having to do with anonymity and free speech.

    I think that Slashdot itself had a fine idea when it started the points system--it preserves the right of anonymity but lends more credibility to "signed" things. E-mail and other electronic communication should be the same way: one should have the right to post anonymously.

    At the same time, there must be such a thing as a digital signature that is not traceable back to a real person. This is the sort of strength that anonymous remailers have--or used to, before the "church" of Scientology coerced the Swedish (I think) government into confiscating the identities of an anonymous remailer's system. In order to protect political speech, there must be a way to sign things verifiably but privately. Prior to the American Revolution, the influential Federalist Papers were published as a series of pamphlets, all signed by "Publius". In this modern age, if anyone can sign "Publius" to any document, the real message would be drowned out by spam, mockery, satire, and possibly even subverters of Publius's message. On the other hand, if Alexander Hamilton and James Madison had to sign their own, real names to their works, they would have been arrested, shipped to England and hung as treasoners after the first pamphlet was published. Always remember that several of the signers of the Declaration of Independence were arrested; of them, a few were tortured or executed, or died in prison. That's what can happen when you chose to speak out against a government, but use your own true name.

    So, how do we protect the right of safe free speech without having meaningful speech drowned out by spam?

    --

  • Since it seems that goverments & corporations have the resources & inclination to collect any and all information they can about the general populace, regardless of whether the populace likes it or not, it seems like the only real alternative to defend our own rights is to fight fire with fire - collect, organize & share information on those who would attempt to be our "overlords", continually audit their behavior & organize "corrective" behavior where warranted.

    The media somewhat fulfills this role, but the mainstream media seems to have been greatly corrupted by the influence of their sponsors (i.e., business) and the resultant coverage tends to be biased to avoid offending those sponsors. (It defies common sense that a media outlet will REGULARLY defy their sponsors - they might occasionally run something to show their independence, but in general they will not risk the revenue stream which allows them to exist.)

    There are lots of little advocacy & watchdog groups which are attempting this function - but they aren't working together & the general populace is not taking an active part in supporting their activities, therefore their overall effect is somewhat insignificant.

    I guess an effective system would provide a way a way to organize & tie together the efforts of these groups, including generating reports for & accepting input from the general populace. It would be decentralized & have some kind of builtin self-checking feedbacks to resist corruption of the information. Anonymous whistleblowing would be a necessity, along with validation through cross-reference & investigation, to try and dig out the dirty "secrets" that students of Machievelli (sp?) are so adamant about hiding.

    *sigh* nice daydream, eh?
  • Assuming people really wanted to do this, what I'd love to see in a standard is a means for me to control my own information. It would go something like this:

    1) One of these "anonymizing sites", or even my own server, would be recognized as the authoritative source of personal information about me.

    2) I could establish my own rules for access to my information: how much, by whom, when it's available, and how it could be used.

    3) There has to be a mechanism for one-time access to certain info -- I'll give my address to company X to ship me something, but the mechanism kicks in and erases my address once they've printed the label.

    4) All information that might persist on someone's database would be date-stamped, so that it would be clear that the info may no longer be accurate.

    Even a limited version of this system would sure stop a lot of the credit-bureau misidentification nonsense -- the credit bureaus would have a place to go to verify changes to data, and data that had long since been identified as inaccurate wouldn't come creeping back in, as happens today.

    If you think this would be impossible to enforce, ask yourself: who but you knows your new phone number, or a new address, or when your child is born, or what your blood tests said? Lots of people know each item individually, most of them already are or could easily be bound by law to keep it secret, and virtually no one but you knows all of these things, until you let them.


    Of course, if we all just paid in cash (need digital cash!), much of this would be unnecessary.
  • Personal firewalls? What's wrong with ipfwadm, ipchains, or ip filters? They're probably in your kernel already.


    --
  • LOL, as if browsers don't modify your content rendering the digisigs invalid. :) Can you say HTTP?

I put up my thumb... and it blotted out the planet Earth. -- Neil Armstrong

Working...