Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Security

Fling:Anonymous Protocol Suite 223

_endgame writes "Fling is a new suite of internet protocols that perform the function of DNS, TCP, and UDP in a manner that's both untraceable and untappable. Fling protects clients from servers, servers from clients, and both from an eavesdropper in-between. The result is that anyone can serve or retrieve any data, without fear of censure."
This discussion has been archived. No new comments can be posted.

Fling:Anonymous Protocol Suite

Comments Filter:
  • While this is great, I believe that it'll just be a matter of time before this "secure" protocol is hacked/cracked and is again insecure.
  • This will be great for projects like FreeNet, Gnutella, Napster, or any other form of data transferral that someone might want to prosecute you over.
  • ...this project is less than a week old and consists of some theories bandied about by a developer and he's friend (who is providing the crypto knowledge).

    Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.

    PS: That said, I wish them luck. :)

  • by Anonymous Coward
    Metallica is entitled to receive payment for their work. You are not entitled to unlimited, unrestricted free access to their work. I like Internet privacy as much as the next guy but what you are advocating is theft. What needs to happen in my opinion is that some Napster kiddies need to be put on trial and jailed and made examples of. Then we could demonstrate exactly what could happen to people who choose to use the Internet to commit crimes instead of using it for positive purposes.
  • One of the things that always strikes me as interesting about things like this is the posiblities for abuse. No - I'm not talking about things like trading warez, porn, MP3, or whatever the hot semi-illegal commodity of the week is.

    I'm more interested in the possible effects for companies that keep wanting to do things like map out the Internet (see article last week here on /. about the group maping the 'net for advertising purposes) but don't want to really tick off admins who's machines they are adding to thier map. Same goes for script kiddies looking for machines (using nothing more than ping to see who responds) but want to keep from possibly alerting the admin at some company they are maping out.

    Just a thought - I could, of course, be completely wrong!

  • by / ( 33804 ) on Monday July 10, 2000 @04:34AM (#945998)
    Ah, but an idea backed up with an open-source-oriented webpage (sourceforge.net [sourceforge.net]) has always a headline on slashdot made. Besides, since some of the planning has been done, it will soon be time for bandwagoners to start contributing code, and it's nice to have such a heads-up.
  • This may take the release early release often a little far... Still looks quite young. But on the other hand, it reduces the chances of the project (or sometimes the author) being snuffed out before the public ever gets a chance to kick the tires. If i could encrypt my way out of a paper bag i'd help out with this one...
    Seriously though, i think there is a need for a more modern, updated secure way to do this sort of thing. I think it is helpful if people can read what they want without fear of being profiled by evil govenrments (or even worse persistant spammers...) and I think it will allow people a little more freedom to be themselves.
  • by phil reed ( 626 ) on Monday July 10, 2000 @04:34AM (#946000) Homepage
    What better way to attract attention and get some serious development effort aimed at it? For those of us who don't want solutions handed to us on a silver platter, this is the best time to get involved.


    ...phil
  • this project is less than a week old and consists of some theories bandied about by a developer and he's friend

    yeah, looking at the little information that is available, i'm not sure anyone should be getting too excited yet. It doesn't seem like there is anything more than some descriptions of protocols that don't really exist. Not only that, I think credibility is hurt by what "Fling is deliberately designed to protect":

    Porn and the sex trade
    Political dissidents
    Unpopular opinions
    Free (libre) online traders answerable only to trustability guarantors
    Sale of government-disapproved goods
    Anonymous, unreported e-cash transactions
    Anyone whose rights are being ignored or legislated away

    To me, those aren't the REAL reasons anyonmous protocols are needed. I think the first one, "Porn and Sex Trade" should worry us. Do we really need a way for people to pass around child pornography without having a way to find out who they are (so we can stop them)?

    This might have just been attempt to get some attention on slashdot....

    ---
  • This is a great idea, but being the sceptic I am, I have no doubt that another technology would be invented to 'remove' the anonymity that this tries to preserve. It's all a bit like the arms race. I'll make an anti-missle-missile and then you can make something on your missile that jams my anti-missile missile.. etc.... I can't see this set of protocols being implemented, because it isn't in bu$inesses/governments interest to have total anonymity and whether we like to admit it or not, that's the driving force behind the internet these days. M.
  • Indeed... Little specifics are given as to the details of the protocols, routing methods, etc. IMHO, the routing techniques he describes will incur significant overhead. I don't think this service would be useful to many people.

    Better to check out existing services that provide anonymity, security, etc. There's a bunch out there that are already much better established and much better thought-through.

    Afterthought: is it really a good idea to implement these ideas on the protocol level? I would think that abstraction principles would dictate that security and anonymity are better implemented in higher levels of abstraction...

  • Errr, the WEBSITE is a around a week old, it doesn't mean the developement is a week old. Don't try and read between the lines too much.
  • by Signal 11 ( 7608 ) on Monday July 10, 2000 @04:37AM (#946005)
    There's no way to prevent man-in-the-middle attacks with a truly anonymous protocol as there is no way to verify the authenticity of the server.

    In addition, crypto without a pre-arranged way to mutually verify both parties is trivial to crack. The NSA will certainly not mind you exporting this protocol overseas. :P But that is just a footnote to the above problem I mentioned. You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s). However, I am no expert in this, so I may be incorrect about being able to derive the keys - specifically, I know nothing about the duffie-hellmann(sp?) public key exchange stuff, beyond "it works", so YMMV.

    The other problem I can see is that you're sending up a big red flag saying "Here I am! Look at me, I'm up to no good!" to your network administrators. Net admins are notoriously paranoid, moreso now with the proliferation of scripts. This means that if you use it at work, you stand a good chance of having your network access monitored/revoked and/or you getting your ass canned. Yeah! Go crypto!

    The ideal protocol for this would be one where monitoring would a) do an attacker no good (which means you have to verify the authenticity of the server somehow before you communicate over the unsecured channel (the 'net)) and b) look like normal traffic. This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself.. and it'll become more important as governments crack down on conventional crypto - witness new zealand, I believe, which made it a law forcing you to divulge the keys of every encrypted thing on your system under penalty of jail.. even when they can't prove you ever had them!

    Imagine an HTTP request to www.someplace.com where the downloaded JPEG contains the information requested and the POST contents contained the key+query. E-commerce cookies can easily look like crypto keys. Rewrite a few doubleclick cookies and no one will be the wiser.

  • by grahamsz ( 150076 ) on Monday July 10, 2000 @04:37AM (#946006) Homepage Journal
    But what it lacks are any suggestions of how the system would scale... will it be like gnutella which now has so many users that the average modem user is struggling just to connect to the network.

    Plus if my PC ends up routing mp3 files for other people using my 128k connection I wont exactly be pleased.

    Added to this I would expect that there will be quite a reasonable bandwidth overhead given all the layers of encryption.

    Certainly as a system for trading textual data it's reasonably sound but then usenet probaly works just as well for most people.

    Added to this for a user to keep information persistantly on the network they still must be permanantly connected... which isn't really an option for opressed tibetan monks is it..?
  • all the anonymous/freenet/ZKS/crypto&privacy projects could really use some convergence and working together. OTOH, I suppose that if there are many, the likelyhood of them all being shut down approaches zero. but. maybe just extreme interoperability....
  • ...or is 100% untraceable Internet communication the cyber equivalent of perpetual motion--it would be Very Cool to invent, everyone wants it for various reasons, but the nasty truth is that you just can't get there from here?
  • by phil reed ( 626 ) on Monday July 10, 2000 @04:38AM (#946009) Homepage
    The author's justifications are very much anti-tax (he appears to be a serious Randian). One of the unstated reasons that the U.S. government was believed to be anti-crypto was exactly that the widespread distribution of unbreakable crypto would allow the development of an underground untaxable economy. It's interesting that this web site's author comes right out and says pretty much the same thing.


    ...phil
  • part of the nature of security is that nothing ever is, until it isn't. And then it is questionable as to how insecure it is.

    javajawa# sleep
  • This isn't really implemented yet.

    Someone above said that RIAA and MPAA and AA and whatever would TRY to put the kibosh on this: WHY? Even if tried I doubt they could. Consider this: An IP is like a phone number. The web logs on a box are like caller id. So aren't we just developing something that blocks the caller ID info (like *??)? And that certainly hasn't been deemed illegal.

    Also, I imagine, SOMEWHERE, there will be a log of our activities- even though we blocked our caller ID, the phone company still has that information of the call. I'm sure there could be found a "packet log" or some such somewhere.

    A step in the right direction, I think, but I don't think it's the solution.
  • I think this shouldn't have been posted for a while, this project and the page is obviously in it's very early stages.

    Apart from the music and software industry people attacking this if it ever comes to fruition, wouldn't many systems and networks administrators be wary of it? It seems like something like this would make for some really nice DoS attacks even more untraceable than the current ones already are. So, unless I'm misunderstanding something, I'd expect opposition from a lot more fronts than just the entertainment groups.

    It's sort of a hard question, should we introduce new technologies that make it easier for jerks to cause trouble if they're technically superior but don't really cause any huge huge problems? (I know this is a good idea, but how many people have really been censored or persecuted online who wouldn't have been if they used these protocols? From the cases I've seen I don't think this would actually help, but I could easily be wrong).

  • Spending some time looking around sourceforge for interesting projects can be entertaining, but also an excercise in futility.

    Certainly, there are a lot of very interesting sounding projects (like this one). But, about 95% of them are in the "planning" stage, 4% are in "pre-alpha" and only 1% actually got somewhere. The most accomplished project I saw was a map viewer/editor for blackisle games.

    Anyways I think my point is that posting stories about vaporware someone turns up on sourceforge is a bit silly. For example, have you checked out Arianne RPG [come.to] since its slashdot debut? About the only thing they got done is a new webpage. That story was posted like 3-5 months ago.
    ---

  • I'm going to paraphrase the movie about Larry Flynt's life starring Woody Harrelson here. He said that he was a scumbag, the lowest of the lowlifes, and if the law protected his right to say what he wanted to say, then you be certain that the law would also protect fine upstanding citizens like ourselves.

    Well, we're not really willing to simply *trust* that the law will protect us. We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored.
  • "Censorship is always bad" he says. "Regulations destroy trust" he says. "Redistribution is theft" he says.

    Noble concepts, they might (or might not be), but it's not exactly well reasoned, defended or explained. It certainly isn't well demonstrated.

    Good ideas? Good intentions? We could all come up with better sitting in the bar with a few cold ones.

    What is it that they say about the road to hell?
  • There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?

    So you don't have a license plate huh? And maybe the make of your car can change? God damn, you've got a freaking Bat Mobile.

    PS. The Preview button is definitely there for a reason...
  • by Anonymous Coward
    Can you spell i n e f f i c a n t, u s e, o f, b a n d w i d t h?
    Can you spell "fiber optic capacity doubling every six months?"

    Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.
    Who defines the right times? If it's the end user, then we allow abuse by end users. But if it's corporations or governments, we allow abuse by corporations or governments. I'd rather have end user abuse, myself.

  • Nothing more than something to incite all the mp3/warez fans and generate banner hits to make up for failing stock.
  • The outspoken reason for this is the idea that "need is an idol requiring sacrifices" (as Ayn Rand put it)
    While independent of the technical merits of this project, this fellows hard-line politics are hard to swallow. Does an attack on social justice really help a networking project grow? If he is trying to promote a free environment, why is he launching it from an idealogical point of view. Arguments along the lines of "freedom is a good thing" are useful as a mission statement, but this fellows arguments come across much stronger than a charter should. I'm not so worried about protecting my ideas from the government as the author himself!
  • I am reminded of Neil Stephenson's comment in Diamond Age about an untraceable communication protocol being the thing that made it impossible for tax collection agencies like the IRS to trace transactions and thereby bring down our current political/social model.
  • Well, we're not really willing to simply *trust* that the law will protect us. We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored.

    I think you have a really good point here. I find myself not wanting to agree with you, because I think (and I'm sure most people do) that "scumbags" should be censored. But as you say, how can we censor them, without censoring ourselves? And if we could find a way to do so, then how do we go about determining who is a scumbag and who isn't?

    Like I said, Good Point.

    ---
  • by NetCurl ( 54699 ) on Monday July 10, 2000 @04:50AM (#946022)
    Sure this sounds great in theory, but considering the current state around the world, how would this be received?

    The economy is globalizing quickly, and daily interaction across the globe is paramount. So considering China just recently picked Linux over Windows95/98 because it can examine the source code to make sure there aren't any caveats that the US could use to sabotage them in a crisis, and on the other hand, the US is so paranoid about other countries being super-secretive that they delayed the release of Apple's G4 machine because it could perform well in encryption/decryption. Would the US allow China to have this Fling technology? Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?

    This project may be doomed to the "oh-that-was-a-neat-trick-but-where-is-it-now?" hall of fame from the start.
  • There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?

    No, what you're talking about is license plates - that's how you're discovered. Window tint would just make it harder for you to see the old ladies. Wear some glasses ala Clark Kent, and take off your license plates. Maybe stop at the car wash on the way home to wipe off the mess.

    You're right about non-traceability being bad, though. I reject traffic coming to my machines if I can't tell who it's coming from in every case that it's possible. I'm not doing anything malicious with anyone's info, and the only reason to hide from me is if you're doing something you don't want me to find out about. Well, I'd better be able to find out if my equipment's being used to do it...

  • I feel things like zeroknowledge and this are not good. Society does not need 24/7 anominaty, it needs privacy and authenticity at the right times.

    That's a fallacy. If you only encrypt sensitive material, you are vulnerable to traffic analysis. You are also telling your attacker exactly what needs to be cracked and what can safely be discarded. Thus you have lowered the workload required to aquire your sensitive data. This, incase you didn't know, is not good. You really want your data to be difficult to recover.

    There's a reason why the front windshild of cars are not allowed to be tinted. Imagine if I could drive around town and run over old ladies with there being no way for me to be discoverd?

    If you look on the front of your car, you'll see a big slab of metal called a "license plate" - a unique identifier people can use to track you down when you go on a run-down-the-old-lady spree. No, the reason your windshield cannot be tinted is because of safety, not accountability - other drivers need to see that you are looking at them.. very important at 4-way stops and such. It is also, umm, somewhat difficult to see through tinted glass at night.. meaning you could easily go off the road and kill yourself.. or someone else.

    Anyway, completely offtopic, but the MNDOT and other states have already endorsed the use of tinted windshields provided they can be "de-tinted" at night - ie, some kind of light-sensitive filter that only darkens when exposed to light. I believe IBM or 3M are working on this around here.

  • Currently, legal entanglements make it impossible for a university to censor the child porn newsgroups. If they do censor, they can get sued for all (netnews, ftp, http, blahp) content that the is on the university network storage.

    DMCA sucks.

    The therory is that if you control one part of the content on a network, you are responsible for all the content. This is prohibitively expensive for a university to keep squeaky clean.

    In this way people who support censor legislation have in effect widdled a niche for child abusers to exist. No special (computer) protocal needed.

  • And people bitch about RMS's software being political. Not that I disagree with their politics or anything, but it won't bring good press. Not that the press matters, or anything.

    But this sort of flagrant politicism kindof colors the project...a person who would have a use for the Fling suite and would like to contribute to it may not because they don't agree with the idealogy.

    But then again, that hasn't stopped too many people from working in GPL'd projects. I mean, there have been developers working on projects under the GPL who don't neccessarily agree with RMS's rants that "Proporietary Software is Satan."

    Its a cool idea, and I hope it works. I know jack shit about IP, but Fling looks like it has a bit more overhead then the normal protocols. Eh.

  • You can probably derive the encryption keys by monitoring the beginning of the conversation with the server and thus decrypt the contents of the packet(s).

    You mean the bit where he says "Here's my public key" and you encrypt your public key to it and send it back to him? Might be succeptable to a man in the middle attack (You need to take additional steps to verify the authenticity of the server) but you can't derive the keys when they're transferred automatically any more than you can derive them when I E-mail you my GPG key. And having my public key buys you nothing (Other than being able to send me encrypted data.)

    Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.

    Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it. Is that guy one hop down downloading a file or is he just acting as a proxy/cache for someone else?

  • What is it that they say about the road to hell?

    It is paved with insert Political Leaning.

    You can unpack this objectivist crap in about 20 minutes. Back to work...

  • *click* http://www.sourceforge.net *signing up.. yadda yadda poop@nospam.com yadda* *click* Hamster Sexorcise 2000 *click* *upload dancing hamster gif* *click.. slashdot, form, yadda yadda Ground Breaking Linux Program yadda* *wait* *slashdotted, 1000351 downloads*
  • Not to mention this guy seems to be a little "out there". Have a look at their philosophy page [sourceforge.net].

    Also, what's up with the new Slashdot icons? Bring back the crappy old photorealistic ones!

    --

  • Right. This has probably been said before in another discussion, but there will be a law enacted if this ( or gnutella, freenet, etc ) ever becomes mainstream. It will be a simple extension of being an accessory to a crime. You can run this software, but if you aid in the transmission of illegal data, you will be held accountable. So, the arguement, "I'm merely an unwitting conduit", will not hold water for long. If you use these apps/protocols, you will run the risk of violating the law.

    This is not how I would like to see things happen, but I think it is inevitable.

    The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets.

    But, on the bright side, maybe if one of these ideas can be implemented and achieve a critical mass like Napster, it will make enforcement like this practically impossible.
  • Comment removed based on user account deletion
  • We want to ensure that the scumbags can never be censored. If that happens, then we find upstanding citizens can also never be censored.

    Gun control laws prevent law-abiding citizens from owning guns. Not scumbags. So, even though scumbags will always be assured of having guns, upstanding citizens will not. I guess that theory is wrong.

    -Brent
  • Hmm... Using doubleclick cookies for encryption keys. That'd be... bizarre... Most of them aren't primes though, so I doubt it'd do you much good.

    :) That wasn't quite what I meant...

    Ideally there are an indeterminate number of hops between you and the server (Possibly some caching too) so that no server could ever know for sure who's downloading from it.

    It's called zero knowledge [www.zerokn...argetblank]

  • Just a thought - I could, of course, be completely wrong!

    No you are completely right. Look at the comments above about censorship. The same idea applies here. How do HONEST (honest being a generic term here) people stay anonymous on the web, while not allowing the warez/mp3 doodz, child porn lovers, and the companies like you're talking about to enjoy the same anonymity? Sure I'd love to surf the web (even though this isn't what the protocols are for, its just an example) knowing that nobody knows who I am, but at the same time, I don't want some script kiddie cracking away at my box because he knows I'll never find him.

    ---
  • by Harri ( 100020 ) on Monday July 10, 2000 @04:55AM (#946036) Homepage
    Do we really need a way for people to pass around child pornography without having a way to find out who they are (so we can stop them)?

    In a word: Yes. We do. For the simple reason that there _is no way_ for any of us to exert our simple right to anonymity without having a way to pass round child porn too.

    This is one of those circumstances where people will have to choose between a greater evil and a lesser evil. At risk of making myself very unpopular, I would suggest the evils that can come from denial of freedom of speech could be an awful lot worse than the evils coming from the hampering of one of the ways the police use to track down a class of particularly unpleasant criminals.

    Put it this way: would you like every tiny piece of data about yourself in big government database, even though this would clearly help to catch many criminals, probably including some child pornographers? Supposing you didn't mind this. Now would you make it compulsory for _everyone_ to be in this database? That's what you're asking.

    Supposing the goverment could identify the profile of a child pornographer with 90% accuracy from this data. So they imprison all the people with these characteristics. This is another way the government could reduce child porn, but few would argue that the benefits outweighed the drawbacks.

  • 1) Consider businesses based in one country where the products are legal, selling into another where they are forbidden. Publish your advertisment in some public forum, such as a newsgroup; this doesn't tell where you are physically located. Alright, maybe it's a government run sting, can't help you there.

    2) So ? If the company is based somewhere friendly to it, it may be paying taxes there, but not being taxed out of existance.

    3) I get the impression that Fling is more interested in keeping 3rd parties from knowing what is going on between A and B, than keeping A and B from knowing about each other.

  • Well, slashdot seems to have permanently removed the article I was looking for (something along the lines of "Napster, Gnutella, et. al. security hole") but one poster in that article detailed a system exactly like this. D'you think they read slashdot?

    OT: Why does slashdot remove some articles and never keep them up on the site?

  • *click*
    Hrm what an idiot, must be applying for his MCSE
    *click*
    Guess I could flame him, might give me a kick, work is pretty slow
    *click*
    "Dear sir, enclosed is my private statement FYEO. I like to make up acronyms (not unlike my boss, who I obtained this habit from) so that you must figure them out. I would just like to say you're an idiot, and that whenever I drive around hitting old ladies, somebody always seems to see this reflective metal plate attached to the front of my car, sometimes denoted as a Liscense Plate. I have my winshield tinted because, as everyone knows, the first thing after an accident is to look at the persons front winshield to get a good look at them, the liscense plate is utterly useless. Anyway, just wanted to say good comment, solid structure and grammatical flow, great use of interpretive HTML tags."
    *click*

    idiot.
  • I've had this idea rolling around in my head lately...

    In an ideal world, producers and suppliers of goods and services would be able to know the needs of its customers as much as possible so that the products could be quickly optimized. If the companies could get this information directly from the consumer, then the rate of evolution could be faster than simply having one company wait until it realizes that its competitor is making more money from a modified version of the product.

    It would also be nice if these direct customer queries were as unobtrusive as possible. Telephone surveys in the middle of dinner kinda suck.

    These lead to a DoubleClick sort of idea. As I see it, the main problem with DoubleClick isn't that information is being gleaned from your private life, it's that the information can be directly traced back to you. They can claim that they will just use the information in aggregate, but we can't really believe them that they won't abuse the system.

    But if they only used an anonymous version of TCP to transfer the data, then we could use technical means (personal firewalls, etc...) to make sure they're keeping their word. So we would get the best of both worlds: privacy, and better products and services.
    --

  • The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets
    Not quite with freenet. One of the design goals of freenet is you have no idea where the data is stored. I'm not sure how they implement it, have to read (as opposed to skim loosely) the docs again...
  • The way people would most commonly be caught, especially in the case of fling because of the encryption, would be to simply request something illegal, retrieve it, and then bust the admin of the machine that sent you the packets
    That would be the same as busting the companies that run routers over which you received the data, and thats obviously unworkable, here in the UK HMG are really screwing things up with the RIP bill which is almost as stupid, see Stand [stand.org.uk]
  • This is important - either you encrypt everything, even non-sensitive material, or you encrypt nothing and rely on stenography. I like stenography better myself...

    Do you mean steganography? Or should we start working on an RFC for SHTP (Shorthand Transport Protocol)?

    :)
  • I don't think anyone can define what a scumbag is.

    It's more difficult than some people think. It's just as difficult as defining pornography. There's some people that know it when they see it. Funnily enough, to those people, nipples and clitorae are pornographic. To me, when I see guns, violence, and Microsoft Windows, those things look like pornography.

    Without defining what a scumbag is, you cannot hope to censor them. If you misdefine what a scumbag is, then you'll certainly censor a person who doesn't deserve it.

    The only solution is to allow all people to transmit, without censorship. We don't live in a safe society. The world is dangerous. Boo Hoo! All in all, I'd rather use my intellect to avoid or combat messages that I don't like. Every other animal has to use their feet to avoid a wolf's teeth that they don't like. What chance do the sheep have of ever "censoring" the actions of the wolves? None at all. The choice is clear: We can act like humans, using our brains to fight ideas we disagree with in an absolutely free forum, or we can act like animals and hope the wolf doesn't like the taste of woolly fleece.

  • While I'm admitting that this is an instance of throwing vapor-ware before educated critics, I'm not sure what Sourceforge you were looking at. I won't waste everyones time with the list...
  • by Anonymous Coward
    I think the idea is that the servers you route through all have public keys, rather than using Diffie-Hellman, so you can't do man-in-the-middle. That's the way onion routes normally work--you encrypt your destination IP with the IP/publickey of an onion server, encrypt that server's IP/key with that of another server, and on back as many layers as you want. Then send it to the outermost server, each server decrypts a layer and sends to the next. Only the first server knows who you are, and only the last knows the destination. If servers along the way are compromised the worst they can do is drop your packet.

    So theoretically, the only way to crack this would be to compromise every server on the route you happen to pick. "Monitoring the beginning of the communication" won't do the attacker any good (and btw wouldn't even with Diffie-Hellman, unless attacker intercepted messages and replaced with his own). If you pick at least some well-known trusted servers, all in different jurisdictions, you should be fairly safe.

    The main problem on a protocol like this, intended for real-time use, is traffic analysis. Message padding to all the same length helps, but to be really safe each server should hold messages for random lengths of time and send them out reordered. That's fine for email, but adds a lot of latency for generic TCP like Fling hopes to do.

    Steganography is cool but no magic bullet--if everyone who requests a particular jpeg gets a copy with different low-order bits, a government can figure out that something's up.

  • This poses a threat to our ability to Innovate(tm). The Microsoft collective cannot properly satisfy its customers needs without being able to analize its needs. If we cannot freelly embrace the ideas of others due to encryption we cannot extend and expunge them.

  • Yeah, this whole thing seems to be just the opposite of well thought out. Most people think "my work raises complex moral issues. I should explore them." This project seems to have the train of thought "This project raises serious moral isssues. I'll let someone else take care of it."
    This seems very irresponsable to me. This guy is targeting illegal markets ("Sale of government-disapproved goods", "Anonymous, unreported e-cash transactions"). He acknowledges that it could be a tool for money laundering, but then adds that it offers even more functionality. Money laundering and the Secure Assault Rifle eXchange Protocal (SARXP)? How could you not support it!?
    In addition to the ethical concerns over enabling exchange of contraband and money laundering, I'm concerned that his idea of how to address disagreement with the policies of your local governing body is to hide your identity and disregard the law. I liked the article that was posted around the 4th about what happened to the signers of the Declaration of Independance in the US; it's a reminder that civil disobediance doesn't require anonimity. Using high ideals to justify being a punk and a thief does.

    "Sweet creeping zombie Jesus!"
  • Get over it, tcp is *not* an anonymous protocol, and stuff running over it will allways bring some party under the axe.
  • When you start with bad logic, you get a bad result.

    Guns are physical objects. Ideas are not. Ideas are therefore much more powerful than guns. You can't make a meaningful argument out of a forced analogy between the two.

  • by Alien54 ( 180860 ) on Monday July 10, 2000 @05:07AM (#946051) Journal
    We now have the classic conflict generated by criminal thought on both sides of the issue.

    Protection from criminal actions by governments, and more specifically criminals in governments, big business, financial instituations, etc. who use and write the "law" to protect their own limited criminal interests is vitally important. Equally, protection from individuals who use such protection to justify and protect their own individual thievery and rape of the creative elements in the society is important as well.

    What we have is a war between the criminal elements that make up and contribute to the current internet and global culture. It is a war between criminal organisations who want to maintain their monopolies, and individuals who have been driven to criminal behavior by the rip offs in the world around them. It becomes a part of the culture. It is extraordinarily difficult to treat everyone you deal with with some sort of "code of ethics" or "code of honor" if you run into the argument that "only losers pay full price", as noted in a recent Salon Article; or you are trapped in the culture of "Net Slaves" [salon.com]

  • caller ID vs. IP numbers

    Reasons why an IP address is nothing like a telephone number...

    Okay, the reason this isn't doable as you described is because your telephone is, in the main, a switched connection and the Internet is a packet connection.

    Internet connections get split up into little segments called packets which are then routed by the best means available at that time. The exact route can vary from day to day (or minute to minute!). Ergo it is important to have the IP number visible to everybody, otherwise nobody knows where to send the replies back to.

    Telephone connections (well in theory anyway) are not split up into packets. They exist as a static single connection from end to end (okay purists at the back stop squabbling, yes modern exchanges do use packets, but they also reassemble them to reform the single logical connection). Ergo you can safely hide your telephone number because the connection is already tied down at both ends and, most importantly, doesn't disconnect until the call is over (unlike an Internet connection which is lots of little brief connections and disconnections as packets arrive).

    With a telephone, you don't need to know the callers' number, because remote end just replies to whichever line is connected. This wouldn't work with the internet, because the remote end could be receiving packets from thousands of different hosts in a very short time- there is no concept of a one-to-one static connection (not at the transport layer anyway).

    And like you said, caller ID is only withheld to the person you're calling. You can be damn sure your telephone company know your number, who you called, and when! Then all the police or GCHQ or whoever have to do is ask your company for a copy of the logfiles.

    --

  • There's been talks of two types of tinting for windshields that I've heard of so far. The first is the same as those automagic shading eyeglasses - dark in the sun light inside. The new materials do change rather quickly, the only problem can occur with the short runs of tunnels or other dark areas, where the material doesn't have time to clear up again. For eyeglasses, at least, this has improved miles from a few years ago. Quicker changing, less yellow color when it should be clear. The second method is an electronic shading system, similar to those crystal windows that are clear or opaque depending on whether or not a current is applied to them. This one gets expensive fast, and the durability and safety concerns are fairly high.

    IIRC, in Arizona it is legal to have the tinted front windshield. A friend moved to NJ from there, and they had to get the windshield replaced before they could register the car. Pain in the @$$, that's for sure.
  • by hardaker ( 32597 ) on Monday July 10, 2000 @05:22AM (#946060) Homepage
    Glancing through the web page quickly I note a few things:

    1. He's basically just adding a seperate data routing layer over the top of the standard IPv4 addressing space. Hence, data doesn't get routed only based on the IPv4 routing tables, but gets routed fairly randomly around above this. This has 2 problems:
      1. You still know the IPv4 address of the destination (regardless of weather or not DNS is protected) and hence can still trace the ownership of that address.
      2. Since data is no longer taking the shortest path, it'll get routed many times around the network and hence will increase the overall traffic level of the network at large (possibly sending the data over a given physical segment multiple times).
    2. He's assuming that by routing things around the network using different paths that it'll be harder to pick up all the traffic by way of a sniffer. This may be true if the physical internet truly had different physical routes. I suspect most sniffers you have to worry about are the ones at the end points, not the ones in the middle. It's the box next to mine thats more likely to be sniffing my traffic and hence that this protocol won't help. Now, it will encrypt it multiple times with possibly multiply different keys, but it won't prevent the majority of that traffic being sniffed.
    3. Root domain name ownership is not based on a pricing model. Hence I can:
      • for i in `cat /usr/dict/words`; do register $i; register $i.$i; done
      And the internet is hereby mine!!! Muhahahaa.
    4. Protocols designed by a few people quickly, possibly inexperienced in the world of security, will certainly run into security related implecations they hadn't thought of. I hope that something like this would go through a lot of peer review by cryptologists before being trusted.
  • Great! Not giving away your IP address is a fantastic idea! As long as we don't need to get information back from the server, it'll work for sure! Exclamation points can make the suckiest idea sound good if used right!

    Seriously, though, you need to reveal your IP address so the server can send back the information you requested. That's what servers do.

  • This project raises serious moral isssues ...[snip]... This guy is targeting illegal markets ("Sale of government-disapproved goods", "Anonymous, unreported e-cash transactions").

    You understand the difference between legality and morality, don't you? Right? Err... you do understand?

    I'm concerned that his idea of how to address disagreement with the policies of your local governing body is to hide your identity and disregard the law.

    I wouldn't put it this way, but now that you've formulated it, I would tend to agree with this. This is good advice, particularly with regard to hiding your identity.

    it's a reminder that civil disobediance doesn't require anonimity.

    Ahem. Where? How about civil disobedience in the (quite recently deceased) Soviet Union? Or, currently, in places like Serbia, Iran, Myanmar? Would you tell people who find themselves "in disagreement with the policies of their local governing body" that anonymity is unnecessary for them and bad for the political process?

    Closer to home -- I assume you live in a Western developed country which has strong anti-drug legistlation -- let's say you smoke grass on a regular basis (and remember that laws do not determine morality). Would you proclaim this fact to all and sundry as an act of civil disobedience? Would you dare the cops to arrest you? Is it a useful thing to do?

    Using high ideals to justify being a punk and a thief does.

    You seem not to understand what "freedom" means. Think about it.


    Kaa
  • This whole discussion is an illustration of an ancient Sufi teaching problem:

    Make a hole in your backyard fence that is just large enough for your chickens to get through and eat in your neighbors garden -- and just small enough that your neighbors chickens cannot get through to eat in your garden.

    Once you have solved this, the Internet is easy.

  • by scott@b ( 124781 ) on Monday July 10, 2000 @05:36AM (#946070)
    IMO overhead isn't a large issue, bandwidth continues to get cheaper. Low power wireless communications will be an excepion to this; but that is generally shortrange stuff while unstoppable distribution is more of a wide area issue.

    Secure protocols will have more overhead because they need certain things beyond simply getting the data to the target. To avoid traffic pattern analysis you try to pad packets to fixed lengths, split streams up and send some junk so that bursts don't stand out, send dummy packets when traffic is low, and so on.

    You need secure low level protocols to give yourself a fighting chance at anonymous exchanges. Running such protocols at a higher level over something that is essentially an end-to-end protocol just points out the path used to route the `crypted data. At that point the unfriendly government steps in and has you blocked or arrested.

    The same technologies taht allow you to publish your anti-government newspapaer in a totalitarian state allow the distribution of porn and information on controlled substances. Sorry, information is information; differing states have declared diffeerent bits of information "bad" at times, the tools to supress one type can supress all types of information

    As for Fling specifically, I noticed that it uses IP4 addresses putting it behind current tech. I'd like it better if it's internal addresses were larger than IP6.

  • by AugstWest ( 79042 ) on Monday July 10, 2000 @05:41AM (#946074)
    Wouldn't have been better to post this when there was actually news to report? Simply because someone has an idea and backs it up with a webpage does not a headline make.

    This is one of the weirder things about /. -- like the Ogg Vorbis open-source audio compression posts... They posted that a beta was scheduled, but submissions when the beta was actually released were declined. [http]

    I've seen this happen many times now, where a headline states that something cool is *going* to happen, but no posts when the thing *actually* happens.
  • Would the US allow China to have this Fling technology?

    And who is going to ask them?

    Would it not try to stop certain countries (*cough* Iran, China, Lebanon, North Korea *cough*) from utilizing "super-secure" technology to transport data?

    Ahem. US tried to limit exports of hard crypto. The main result was that now a lot of crypto work is done outside of the US (and I have a nice RSA-in-Perl t-shirt). Hard crypto is out of the bag.

    Kaa
  • I guess you missed the "philosophy" page where he explores the complex moral issues.

    Read it, actually. He makes a number of points concerning why there are legitimate uses for these protocals. Great. However, he makes no provisions for dealing with or preventing misuse of them that is illegal or dangerous. It is one thing to say that there are plenty of existing things that can be misused that should not be regulated; it is another to introduce a new technoligy that is geared towards misuse without taking any precautionary measures.

    As for the assault rifle exchange protocal, when I wrote that I was actually aware that one cannot move assault rifles through your normal modem connection. They are simply too wide. However, I am curious as to what the creators of Fling mean when they say that they want to aid the "sale of government-disapproved goods". That is goods mind you, not information. If they are talking about goods that can be converted into 1's and 0's, than they are talking about 1)copywriten works, 2)kiddie porn, 3)Classified documents, or 4)people's private records (health, credit, etc.). There are others, I am sure, and to be frank I feel we have enough distribution chanels for all of them as it stands.

    And if they find a way to move AK-47's throguh a T3, I won't like that either.



    "Sweet creeping zombie Jesus!"

  • Maybe you should read this guy's horror story [slashdot.org] about Gnutella before you cheer the idea of Gnutella doing this. If you couldn't trace and track who was doing what, you couldn't retaliate against people blatantly breaking the law. Fling could be a spammer's heaven if it does what it seems to be saying it does -- protecting servers and clients from each other. If you can't know who's screwing with you, you can't know how to stop them.
  • I've got three unrelated problems with Fling.
    1. Technical The crypto as described seems to add very little apart from immense delays to transmission. Unless you use Fling for everything, it doesn't even begin to protect you, and using a multi-host route is going to probably multiply latency by the number of hosts you add. Frankly this looks like a half-baked MixMaster anonymous email scheme applied with broad strokes to all of low level networking.
    2. Adoption It won't be. You have to write this into any client you want to use it? Name service is a completely seperate entity? This would basically mean redoing the whole networking thing from square one (UDP), and the people who have to implement it are exactly the ones you're try to hide info from. Do you really think MS would ever put truly secure transmission protocols in their TCP/IP package?
    3. Philosophy The entire philosophy behind it is repugnant to me. The conclusions are somewhat accurate, in that there ought to be a means to be anonymous on-line, but the basis is in Objectivist Libertarianism, and implies a freedom from obligation to others and debt to forebearers. It's a selfish, twisted, flawed philosophy, evident of weak thinking and small souls.
      1. I for one doubt it will really go anywhere.

    Ushers will eat latecomers.

  • I believe what he is saying is that we have the right to free speech. Period.


    If the government doesn't respect that right, we will need to take it back. Larry Flynt used the courts to take it back. Others are proposing that they use methods such as Fling.



    Simple, really.

  • As Neal Stephenson has pointed out, the tax authorities will still get their bite even in a strong crypto world. If all else fails, they can fund everything with property taxes: try hiding your real estate on the net.

  • I generally agree with arguments for no censorship except for pedophilia. Pedophilia involves mentally and physically abusing children, it is reviled most cultures and for good reason.
    The existence of a market for pedophilia means that somewhere in the world a child is being abused to satisfy that market. Censorship reduces this market and frankly I will support it to my dying day.
    A persons rights to express themselves should stop short of abusing another person's rights and pedophilia does abuse the rights of others.

  • You bring up a lot of good points that really make me think.

    I agree with you that total lawlessness would be a horrible thing to unleash on the internet. I'm a dedicated spam hunter, and have been for years now. With untraceable connections we will be deluged with spam advertizing from all directions. It would be absolutely horrible.

    With the sheer horror of that to consider, I would embrace spam if it meant that total freedom of speech forever was guarenteed.

    Censorship is the most horrible thing, because it prevents people from speaking about and organizing against injustice.
  • Some more:

    1) In cases of fraud, you have no proof. After all, if the company is hiding the fact that it's conducting business to commit tax evasion, it's not going to be easy to find evidence that they cheated you.

    2) SPAM. How can you stop, filter, or track down SPAM if you don't know where it's coming from?

    Also, as you point out, hiding the actual internet transactions themselves isn't going to magically make the IRS not know you're in business. Your physical distribution channels, employee benefits paperwork, and building rent should give you away. I completely disagree with the anti-tax rhetoric he's spewing, but the protocol is dangerous to its own users in ways that he obviously can't see through his extremist world-view. His stance on hard-core pornography and children shows that he also actively refuses to acknowledge some of these problems. I'd love to see what his takes on SPAM and fraud are.
  • Get over it, tcp is *not* an anonymous protocol, and stuff running over it will allways bring some party under the axe.

    TCP is not anonymous, but you can perfectly well run truly anonymous protocols on top of it.

    Basically people are trying to apply mixmaster-type technology to packets instead of emails.

    [bizzare idea]
    Build a packet-to-email gateway and route your packets through existing Mixmaster servers. Everything that times out is toast (Mixmaster introduces random delays into retransmission to foil traffic analysis) and you wouldn't believe how slow it will be, but in principle it should work, shouldn't it?
    [/bizzare idea]

    Kaa
  • You understand the difference between legality and morality, don't you? Right? Err... you do understand?

    Yup. Everything that is illegal is not immoral. But not everything that you think ought to be legal is moral. The catagories of legality and morality are not the exact same thing, but they are not mutually exclusive. Some things that are illegal are rightly so. Not everyone who violates the law is following a "higher morality", no matter what they say.

    You do have a point about anonimity in countries where politicol opposition is dangerous. And anonymous politicol opposition will probably be the best that most people can manage in such places. But many such countries don't have adequite internet infrastructure to take advantage of this. Secondly, I wasn't saying something about them "following politicol process". I was saying something about the impact of people that are willing to give their lives (and their names) to a cause. I wasn't saying that they should be happy to die after making themselves public as opposition to the powes that be. But people do not rally to the cause of Anonymous Coward. They have rallied to the causes of Mahatma Gandhi, Martin Luther King, George Washington, Nelson Mandela, and Aung San Suu Kyi. These are the people who have exposed themselves to the most danger, and they are the people leading the opposition. I was not critisizing people in danger for wanting to be anonymous; I was critisizing the assumption that you can only protest when anonymous.

    As for the pot smoking- frankly, I can tell cops anything I want. If I confess to a murder, they'll probably look into it. If I tell them I smoke grass, but possess none at the time, they can't do anything. I have commited no offense. More relevantly, I can join an organization like NORML and agitate for the alteration of Marijuana laws across the US. Publicly, with the face I was born with. Wether it is a useful thing to do depends on your opinion of lobbying. But I wouldn't do that, because smoking weed seems like a waste of my time.

    You seem not to understand what "freedom" means. Think about it.
    What I meant by that is this: rhetoric, and even sincerity, do not equate with morality. There are always people willing to take up a banner to further their own status and position. And there are always people who believe very sincerely in causes that are detrimental to the people around them. Ask a Klansmen some day. They wear masks. Civil rights marchers didn't. I realize that anonymity can protect good people that need it because of their situation. The situation varies a lot from country to country. What distresses me is people in this country (the US) using complex rationalizations to justify their own greed. It happens. It isn't a reason to roll back everyone's freedom. But it is a reason to be a little wary when someone offers some handy dandy thing that will guarantee your freedom, but has the 'negligable' side effect of giving people a clean way to circumvent laws that may (but not always, yes I know) intersect with morality

    "Sweet creeping zombie Jesus!"

  • Not to mention this guy seems to be a little "out there". Have a look at their philosophy page.
    It's not that far "out there". A sophmoric rehash of Objectivism and Libertarian Capitalism, yes, but for net.politics the notions that altrusim is bad and property ownership should be the basis all rights (rather than one of several means of defining and protecting them) are pretty mainstream. Foolish, but mainsteam.

    (Which doesn't mean that the conclusion - censorship is evil - isn't correct, just that the arguments used here to support it are full of holes.)

  • Nuclear weapons are arms as well. Do you propose that those should be allowed? Fertilizer bombs?

    The right to bear arms may or may not be noble. This is not the place to argue that point. What I am saying is that there is absolutely *no way* to permanently safeguard the right to bear arms.

    But that doesn't matter because there will eventually be no way to censor ideas, and ideas are far more powerful than guns.

    The ivory tower comment was ad homenem. Please argue with logic, not emotion.
  • by PD ( 9577 ) <slashdotlinux@pdrap.org> on Monday July 10, 2000 @06:27AM (#946105) Homepage Journal
    I agree that it is repugnant. How will you draw the line?

    Obviously kiddie porn inclus photos of 3 year olds involved in sex acts, but what about the other possible cases including:

    *a 17 year old 45 year old man
    * a 17 year old with an 18 year old man
    * two 6 year olds holding hands
    * a 4 year old swimming naked at the beach with his family
    * a 6 month old taking a bath
    * a 2 week old nursing at his mother's breast

    You get the point. I remember how surprised I was when my very own grandmother demonstrated a suprising amount of anger at seeing a baby nursing at his mother's breast in a parenting magazing. She was absolutely of the opinion that it was pornographic - kiddie porn even.

    So, how do you define those fringe cases? How can you reconcile your definition of kiddie porn with my grandmothers?

    When I said that censorship should be absolutely banished, I meant it knowing the consequences. It means that kiddie porn will be uncensorable, and to prosecute it you'll have to actually catch people with it on their computers, or in production. You won't be able to catch it in transmission.

    Freedom exacts a horrible price. The penalty in blood from wars and in cases like your example is very high. I am still of the opinion that the penalty of censorship is still higher.
  • Someone should really patent this, it sounds like wonderful technology. Maybe when I get thru with my WOM (Write Only Memory) patent (I can acheive memory densities that are beyond your imagination!!!) I'll work on this one.

    The sad part is, with the current state of the PTO, you probably could patent both of these if you wanted to spend the time and money.
  • Actually with freenet (as I understand it) you CAN tell where the data is stored. Or rather you can find out some subset of locations where it is stored.

    However...observation is not a passive act. Simply observing where the data is stored causes it to propagate to new locations. Thus it becomes like trying to nail jello to a tree...

    aint replication a bitch? :)
  • an untraceable communication protocol being the thing that made it impossible for tax collection agencies like the IRS to trace transactions and thereby bring down our current political/social model.
    No communication protocol is going to change the state's ability to levy property taxes (all the crypto blinding and dummy holding companies won't stop the local sheriff from knocking on the front door and saying "We ain't leaving 'till someone gives us $1700"), corporate taxes and capital gains taxes on domestic corporations - or corporations in nations with some sort of reciprocity agreement (since corporations are a creation of the state), or sales taxes at my local grocery store (since their business depends on a well-known physical location).

    If other sorts of taxes become difficult to collect, the tax burden will just shift.

  • > When I said that censorship should be absolutely
    > banished, I meant it knowing the consequences.
    > It means that kiddie porn will be uncensorable,
    > and to prosecute it you'll have to actually
    > catch people with it on their computers,
    > or in production. You won't be able to catch it
    > in transmission.

    This may be a fine point but...I feel the need to state here that I do NOT think mere posession of kiddie porn should be punished.

    Remember...Pedophiles are humans. A pedophile is not a child molseter. Child molestation is an ACT. Pedophilia is entirely a psycological thing.

    A person has no control over what sexually arouses them. This type of "wireing" is setup very early in life. It is by no means a conscious choice.

    Many, hell even most, child molesters may be pedophiles. That does NOT mean that most or even all pedophiles are child molesters.

    If they are able to keep their urges under control, and keep a collection of pictures on their computer to help them satiate those urges when they arise...then i say more power to them. Frankly...I pity them, and am extremely thankful that I did not grow up to find myself craving something that is so incredibly verboten in our society.

    I think we, as a society, should be expending our effort finding and dealing with those who ACT on these impulses and harm other people, rather than spend our energy condemming and ostracising those who merely HAVE these urges. I think alot would be gained by accepting them and allowing them to come "out of the closet".

    To put it in perspective...If I am with a friend and his wife. I am a human male. I can find his wife sexually attractive. I can even fantasise about his wife. He knows I am a human male and I have those urges. As long as I don't make an issue of them or act upon them...there is no problem.

    However...think of a pedophile. If his friend had a child, he would generally need to hide the fact that he has these urges...for if it was discovered, in most instances it would be considered a problem...whether he acted upon those fantasies or not.

    These people, as much as any other group, need anonymity on the net. There are constantly witch hunts going on for them. The mere association of ones name with pedophilia can have devastating effects on ones life.

    --Steve
    who still mourns anon.penet.fi, even though he only used it once.
  • > Nuclear weapons are arms as well. Do you propose that those should be allowed? Fertilizer bombs?

    Certainly. If I so choose, I should be able to manufacture and store a nuclear device in my garage. The real limiting factor here is the practicality of such a device.

    I cannot afford the uranium/plutonium for such a device. Nor can I afford the machine tools for crafting such a device. There are safety issues with radiation and such that would seriously lessen my desire to own such a device. Therefore, even though I have the right to own and keep one, I will, in all likelihood, never do so.

    Fertilizer bombs? Certainly, again. Granted, the materials are cheap and plentiful, and the technology doesn't require any special preparation, so it's available to anyone. The problem is again one of practicality. If I were to create one of these devices in my garage, chances are, it would blow up my house - that stuff is unstable. But, if it became necessary to use a fertilizer bomb to wipe out a platoon of invading soldiers (foreign or domestic), I would want to be able to have the material on hand to be able to build just such a device. To do so would be to stand up for my ideals and those that founded this nation - that tyranny should not go unchecked, and that the power to govern rests with the people, not with whomever can field a large army.

    > The right to bear arms may or may not be noble. This is not the place to argue that point.

    You are correct. A right cannot be said to be (or not to be) noble. It just _is_. There is, and can be, no argument to this point. I find myself having problems with those who, without honest and rational debate, want to preclude my rights secured to me by the Constitution. They cannot do so, anyway, and they are free to try, but that they are not simply laughed off their podiums is the most strikingly disgusting point of all. It makes me sick to be an American in this day and age - we've forgotten what we stood for.

    > What I am saying is that there is absolutely *no way* to permanently safeguard the right to
    > bear arms.

    Ah, but you're wrong. Given the right to bear arms (which is not _given_, but _secured_ - and there is a _huge_ difference in mindset there, if you choose to examine it logically), that right will protect itself (and, not coincidentally, all the others besides)!

    The only way we lose rights is when people don't take the time to rationally think about what they're giving up. People give up their rights in this country - they're not taken away. If people would simply stand up, en masse, and say one word, all this insanity would come to a grinding halt. That word is, "NO".

    > But that doesn't matter because there will eventually be no way to censor ideas, and ideas
    > are far more powerful than guns.

    That's a very nice thought, but it doesn't seem to hold a lot of water. When it's YOU under the microscope of censorship, you will certainly wish you had a freer forum in which to say what you want. Without the means to secure that forum, deriving from the right to protect oneself from tyranny inherent in the Second Amendment, your wishes will do you no good. When a people can resist invasion, whether by foreign or domestic power interests, their freedom is more likely to be secured.

    --Corey
  • >I don't think the poster you were responding too realizes that point.

    And that would be me....

    I do realize that point. But, being a practical person I understand that the right to bear arms cannot be permanently guaranteed. The censorship-proof internet can be permanent. That quality makes freedom of speech much different in character than the freedom to bear arms. My argument is not about the merit of one right vs. another right. Your points are well taken, but that wasn't what I was talking about.

  • tcp is neither anonymous nor onymous. It is a session protocol. Period. It is layer 4. Tracking down a user (IP) is layer 3. They are not directly related at all.
  • >Certainly. If I so choose, I should be able to
    >manufacture and store a nuclear device in my
    >garage. The real limiting factor here is the
    >practicality of such a device.

    !!!!!!!!!!!!!!!!

  • For the morality legality issue, my point was that the author of the protocals acknowledged that he was aiming at assissting people in illegal ares. Illegal, as in those things that are binding upon all, as you pointed to here. I thought that by your remarks concerning morality, you were indicating that it would be permissable for one to act in accordance with one's personal morality even if that contradicted the law. I was not intending to open a discussion of civil disobedience, but rather to point out that the fact that he is aiming at aiding illegal trades diminishes the credibility of the project.

    By "some things that are illegal are rightly so" I meant this: there are things that are illegal because they impinge upon other's rights. It is find for someone to be bound by their personal morality, but where it impedes another person's rights (as defined by law, typically), it is the role of the law to set boundaries that everyone abides by. Certainly, the law oversteps that guideline sometimes. But that is a whole other discussion.

    I specified the US when I spoke of people justifying personal wants with high faluting rhetoric because you pointed out in earlier posts that the situation varies greatly in different countries, something that I agree with. I was certainly not implying that I thought that the phenomenon was unique to the US, or the West, or New Jersey. Obviously, such things happen everywhere. But the US is not Burma, it is not Serbia, it is not Tibet. Civil disobedience in this country is not so often the life-or-death issue that it is in other countries. This tends to greater abuse, as the stakes are not so high in the US. If you could be imprisoned for using secure communications like the ones being developed, as is the situation in restrictive regimes, you almost certainly would not use it to swap porn and MP3's. In the US, where we take for granted our right to basic communication, such tools are more likely to be abused.

    Yes, you can use a telophone to commit a crime. I can use a hand saw to behead my in-laws. Any tool is subject to misuse. Again, this is obvious. But there is some responsability to protect against misuse. This needs not be legislated, by a conscientous and skilled tool-maker takes it into account. I was not saying that anything that can be misused should be banned or destroyed, but that the maker of such a tool should be responsable enough to take steps to safeguard their work, and at the very least to think through the consequences of their system. The fact that the creator acknowledges that the system is useful for money laundering but makes no effort to prevent it is, to me, a bit irreponsible. I'm not saying tap everyone's phone lines and take away their guns. I am saying take modest and reasonable steps to ward against abuses that you already know about.

    "Sweet creeping zombie Jesus!"

  • Unfortunately, this Fling is mostly a pipe dream. The author makes the following claim:

    Fling destroys forever the ability of anyone to force the content of the information you share. That information will also include ecash - so fling will destroy anyone's ability to control or surveil online purchases, transfers, or holdings

    Does the Fling system prevent finding the original sending IP of the message? Yes, but so does classic IP spoofing. Now, we all know that any real sysadmin can get around that by contacting other sysadmins on the packet's path.

    The layered encryption is a waste of time --- any idiot with a copy of the Fling source can decrypt the message down to the final level --- and discover all the targeted computer on the path. Plain old PGP would accomplish the same (w/o revealing the 'allied' machines on the route).

    And of course there is no server authentication, which makes the utterly useless for ecommerce.

    All in all, Fling wastes bandwidth with uneccesary encryption, and offers no real increase in security. Sorry guys. No party today.

  • Well, if anything, it proves that while technology is in and of itself politically neutral, no technology is born in a political vaccuum.

    I just finished reading the "Philosophy" section of Fling's Sourceforge site and I've got that same creepy feeling I always get whenever I see a Randroid [aasp.net] running at full tilt. I get the feeling that many geeks latch onto Rand because she appeals to their revenge fantasies [astronet.com].

    I have no disagreement with the personal responsibility aspects of Objectivism -- ultimately, each one of us has to sleep in the bed that he or she made. The "me first always" stance really bothers me though. The blanket assumption that the disadvantaged are that way because they earned it or are lazy and incompetent smacks of the purely greedy kind of thinking that may end up being our ultimate demise.

    Want a nervous laugh? Go hit the Ayn Rand Institute's site [aynrand.org] and check out articles such as Sweatshop Opponents want to Violate Worker's Rights [aynrand.org], Against Environmentalism [aynrand.org], or my all-time favourite, Why Christmas Should Be More Commercial [aynrand.org] (Even if you're not religious, don't you think we really overdo that holiday's shopping aspect?).

    Want some food for thought? Check out author Paulina Barsook and what she has to say about the kind of libertarianism that many people in high-tech are buying into [salon.com] these days.

  • by billstewart ( 78916 ) on Monday July 10, 2000 @09:18AM (#946160) Journal
    A first readthrough of the documentation tells me that it needs better documentation :-) No surprise - new projects are often that way, but doing a good architectural description is a critical factor in making a project like this succeed, because people can understand where it needs work and where to help, and because security models need to address a lot of issues to be able to meet their goals.

    I had trouble telling what the technical goals of the project were - are they addressing traffic analysis, or only protecting content? They're describing a bunch of complex shuffling, but don't indicate why they chose those methods and what attacks they're trying to protect against. Some of the earlier projects like Pipenet and Onion Routing found that there are theoretical weaknesses if you only send traffic when you have real traffic, or if you do anything that makes it possible for an eavesdropper to tell what the boundaries between messages are, because the eavesdropper can do enough correlation to identify reasonably accurately where the traffic is going. The alternative is to build connections between sites that always have constant traffic levels, using filler traffic when there's no real traffic. This has a major cost/performance impact that affects the willingness of servers to support this kind of application. By contrast, IPSEC gives you all the privacy you need by encrypting, but doesn't try very hard to block the user identification.

    Privacy servers like this also depend on having lots of users - if there are only two people using it, it's easy to tell who's communicating with whom. It's nice to do technology, but you also need to work on a social or business model that encourages lots of people to run the client, and if it's got separate servers, to run servers as well. That's one of the cool things about Zero Knowledge [zks.net] - they've got a model that they hope will achieve this, though whether they succeed will depend on whether they implement it well enough for users to accept it and whether they can market it well enough to really take off. Some things are overnight successes - Hotmail, Napster - while others limp along at a low level for a long time, like the current remailer networks, mainly because they're annoying to administer and responding to complaints when they're abused is annoying. I wish the Fling folks good luck - but there's a lot of work they've got ahead of them to make it working and accepted.

    • Amendment IX


    • The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.


    Nobody gave us rights. The rights enumerated in the Constitition are rights we are born with. Your kind of thinking is exactly why the Framers of the Constitution felt it necessary to include the 9th Amendment.

    I suggest you read the Constitution [loc.gov] and the Bill of rights [loc.gov].
  • It's funny you use the example of drug dealers when talking about trusted businesses. The only kinds of businesses which need to hide themselves from their customers and conduct business secretly are those that have something to hide, whether that be tax evasion or some other illegal dealings. Companies like Amazon.com and eBay will never have to use Fling. When you build a network dedicated to shady dealings, you're not going to have much in the way of people to trust.
  • I made it onto slashdot with Fling, and it's been less than a week...

    Okay people, some cold hard facts.

    One, fling is theoretical at the moment. I don't even have a byte complete protocol, although I expect to within days.

    Two, I'm not throwing the doors open to developers until there's enough of a skeleton there for you to see where to put the flesh. Otherwise the project will mire into a mass committee blunderfest. Of course, once the protocol's up, you can make your own versions in parrallel, if you want. This may even be useful, if you're porting it to other OSes or languages.

    That said, thanks for the attention, I intend to see this becomes big.

    My current focus is on getting a the route ball as small as poss while staying secure. Experienced crypto designers would be welcome help right now.
  • > Please review the Second Amendment. It states:
    > A well regulated Militia being necessary to the security of a free State, the right of the
    > people to keep and bear Arms shall not be infringed.


    Correct. It says "the right of the people to keep and bear Arms shall not be infringed ".

    Now, these are the same people about whom it is said, "Congress shall make no law ... abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble ...".

    These are the same people about whom it is said, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated ...".

    These are the very same people about whom it is said, "The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people".

    It is that last phrase which turns the trick, you see. It is clearly the intent of the framers of the Constitution to separately address the freedoms of the people versus those of the state versus those of the United States. Looking back over historical documents to determine the intent of the founders as to the application of laws (a practice which has legal merit, and which is not uncommon when dealing with issues of protected rights), it is clear that they wanted the people armed in the same fashion as the armies of the day, so that proper resistance could be brought to bear against a tyrannical regime. They secured, in that document, our right to arm ourselves the same way as our military so that we could fight our military should it be necessary. That is the final check on the government assured by the Constitution - the sovereign right of the people to resist oppression. The Second Amendment was not put in place so that we could defend our home state or nation, exclusively. Remember, the revolutionaries of the day fought their own sovereign government - and won.

    Now, I might be able to come up with a hypothetical case wherein a nuclear device would be necessary to further the cause of Liberty, if pressed hard enough.

    --Corey
  • > We have a constitutional right to anonymity? Just curious?

    My take on this is, we have a Constitutional protection for Speech. If you feel that, in order to protect yourself from stigma attached to words you feel _must_ be said, you may do so anonymously.

    It's the same principle followed by those who wrote "The Federalist Papers". There were several men who did that, and they all used a common pen name. In that way, they were able to put forth ideas into the going public debate without bringing the Redcoats to their homes to burn them down and kill them, their wives, and their children.

    --Corey

  • A person has no control over what sexually arouses them. This type of "wireing" is setup very early in life. It is by no means a conscious choice.

    Complete and utter bullshit. A total copout.

    Anyone who has the control to hide their "affliction" from society, also has the control necessary to keep themselves from acting on those impulses, and over time, to change their own feelings.

    The human mind is malleable, no matter what those assholes who use the "it's-not-my-fault" excuse say. They could change themselves if they wanted - they just don't give enough of a damn about anyone except themselves to want to.

    While I'm not going to be witch-hunting for people who have child-rape pictures on their harddrives, if I discover someone has such fantasies, I'm sure as hell not going to trust them with anyone *I* care about!

  • If you WANTED to be homosexual...you could force yourself through mental willpower to be sexually attracted to men?
    Could you force yourself to be sexually attracted to horses?
    Do you really believe that sexual attraction is completely a conscious decision that a person can just sit up and decide?

    Yes, yes & yes - with the proper "brainwashing" techniques (which is still brainwashing, even if it's self-imposed), anyone's mind can be "bent" to believe things they did not have any previous "natural" tendency to do - even more easily if they are actually cooperating.

    All I am saying is that a person has no control over what they fantasise about.

    And I believe this is bullshit rationalization - anyone who hasn't suffered brain damage causing total lack of inhibitions can control what they fantasize about - they just don't want to control it.

    No I would go farther...no person should be judged merely upon what their fantasy is.

    If I know someone is fantasizing about having sex with kids, I judge them as unsafe to be around children. I judge them this way because fantasizing about having sex with kids is a precursor to the act, placing them one step closer to being dangerous to my kids. Damn right I'll prejudge them, because the result of making a mistake the other way is too horrible to allow.

...there can be no public or private virtue unless the foundation of action is the practice of truth. - George Jacob Holyoake

Working...