ec2-54-81-210-99.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic

[Big Brother is watching you]. [His servants are also watching you]. [May I see your papers, friend citizen?]. [I know where your car is].

There was a big discussion here on IdCards. It's been moved to that page.

Are the days when your employer can [track you going to the loo] coming closer?

Security-related matter.. ToothyWikizens - how important do you consider [anonymity] to be?
Seems rather reminiscent of the [don't copy me] symbol, actually. Hmmm.. wonder if anyone's made a T-shirt of that yet? Anyway, I'm personally not necessarily totally against embedding such devices in printers, so long as it's made clear to users at the outset that the printers contain them. - MoonShadow
Oh, neat!  I didn't realise that the 'this is a banknote' detection was so simple yet clever.  On the printing matter - this is BadWrong?.  Not only that the output should be what I decide it to be (you smudged my text!) but also the prospects of tracking back text to the author is generally a bad thing.  Now, I can see where it might be useful to say "Do you want to sign your name to this document?" - but you need to be able to say no.  And it needs to be publicised, not "On a chip very close to the laser that normal hacking about with won't be able to disable"  --Vitenka

An interesting [essay] by BruceSchneier.
Interestingly, he hits at once upon the easiest way to resist (supplying false information) and then dismisses it.  The more people who put garbage information into the system, the more useless it becomes and the less invasive.  Surely I'm not the only one who receives credit card applications in other peoples names?  --Vitenka (Though I'm willing to accept only a minority have gotten them for their nyms)

More cute [technology], straight out of Cryptonomicon: an operating system based on a SteganographicFileSystem.

http://www.observer.co.uk/uk_news/story/0,6903,811027,00.html - Mobile phones let your location be traced
Cute technology, but scary... -- Senji

Since I'm feeling random - why not redefine identity?  Let there exist only a small number of identities which are valid for a given purpose.  And if two people claim to have the same one at once, well, let them fight it out and admit whichever one is more convincing.  --Vitenka (No, not serious)

There's actually a grain of usefulness there. Start by realising that "who is this person" and "does this person have the right to do this" are actually separate questions. ID documents are usually used to link answers to these questions, but they don't necessarily have to be linked. I'm not sure that calling what you're proposing "identity" is entirely correct, though - it's more a right or capability; the compsci equivalent would be processes owning access capabilities, but the system limiting the total number of capabilities that can exist; semaphores are examples. - MoonShadow

Well, it's precisely capabilities.  The limit was intended to force people to find ways to assert their identity.  Semaphores are generally only limited due to a lack of resources, so I'm not sure that's quite the right metaphor.  --Vitenka
Also, seperating identity and capability is abusable.  A reputation system has to be able to know about repeat offenders, and it can't do that if there's no way to spot that a new member is actually an old one under a new name.  Unless we are willing to never extend credit (any kind of credit) then thi becomes a problem.  MUDs and similar have expored this for us, thankfully.  --Vitenka
But dammit, I still want to not have to have the same work name as home name.  Though it would be hard to make the seperation total, and someone somewhere would quickly set up linking databases.  --Vitenka

Your goals directly compete with each other as stated. You want to be able to use independent identities to demonstrate to a service provider your right to access a service in different contexts, to stop anyone building a complete history of your transactions, yet it is precisely in the interest of the service providers to buld such a history. ISTM the way forward to designing a scheme like the one you propose would be to work out quite where you want the balance to lie between those two requirements first. - MoonShadow
I want both!  And a pony!  --Vitenka
Or, slightly more seriously - I wound like to be able to prove my identity to a provider or a person, but that person then not be able to take that information for later use.  --Vitenka
Which is kinda difficult.  Either the abuse problem needs to be solved in another way, or maybe some kind of anonymised reputation which attaches to all of someone's identities.  --Vitenka
What's an identity? What's a reputation? A capability could contain a "recommendation" section signed by all the providers who trust you, and service providers could keep lists of providers whose signatures they trust. You cannot be trusted to get a "disrecommendation" section of your capability signed by people who mistrust you, but you could make it part of the protocol - every time you make a transaction, the provider signs the entire state of your capability at the time, and once it is known that the transaction was successful, they sign again in the recommendation section. Any signatures in the transaction list which are older than a certain time and aren't matched to a signature in the recommendation section count against you. I see few reasons to link a system like that to who you are. - MoonShadow
Nice, but the flaw there is that your recommends and costs are linked to a capability.  This makes transferring to a new capability hard. - Vitenka
You have to examine what you want to happen at the point of transfer. If you want to start with a clean slate, the system as described allows this. If you want to retain the entire history, include a crypto link - a signature? to the previous capability as part of the information embedded in the new one. If you just want to include the trust level while losing the detailed history, allow the issuer of a capability to describe in it an initial level of trust. - MoonShadow
Authenticating that all of those signatures are legit would also be a real pain, though random testing might be enough.  And the abuse problem still exists with whoever is last in the chain simply refusing to give out the 'done' mark.  --Vitenka
That last one is hard - in practice, the user needs a way to decide whether they trust the provider, just as the provider needs a way to decide whether they trust the user; and other providers need to decide how much they trust a provider to make recommendations / disrecommendations. The details would also depend on how much a single disrecommendation affects your rating (presumably you would not interact twice with a provider that did that). Yes, I am basing all this on eBay, PGP and WebOfTrust. - MoonShadow''

Be thankful for [small victories]. (Police's non-destruction of DNA sample, fingerprints and photograph ruled unlawful, and damages awarded to suspect/victim for the assault committed in obtaining them.)  --B
There's already a LegislativeWorkaround? for this.  Private companies can't compel you to take a DNA test, but if you've had one taken they can require the results be disclosed.  --Vitenka

http://news.bbc.co.uk/1/hi/magazine/6129084.stm - thumbprints required for hiring cars etc.

[Steal ''with'' your identity.] Classic.  Biometric passports contain image files, which can be used to inject data into the readers.  --Vitenka
I got my first biometric passport on Saturday, and immediately made a tinfoil Faraday cage for it. I hope it should be safe except at passport control. --PT

[Japan joins "if we take your fingerprints on immigration, we'll be able to magically divine if you're a terrorist" crowd]

[State to spy on every phone call and email]
Immediately followed by [Ministers cancel big brother database]. I'm confused - what is happening now exactly? --RobHu
"You guys track this for us, it's too expensive for us to do it."  --Vitenka
Same story, different interpretation. The Independent's is more accurate, the Telegraph is, unusually for it, scaremongering. The basics of the story are: there are government plans for an evil database, Labour are in favour but didn't allot Parliamentary time for it before the election, the Conservatives and Lib Dems are opposed, the only chance for it actually coming in is the Conservatives doing the predictable "all parties are libertarian in opposition and authoritarian in government" switcheroo. --SF
Some analysis from [the register] --RobHu

[Panopticlick] - site from the EFF which looks at whether you're uniquely identifiable from what websites can tell about your browser. Of their sample set so far, it looks like I'm the only one to have the exact same set of plugins I have, and the only one to have the exact same set of fonts; even with a bigger data set they can intersect these with your screen resolution, browser version, timezone, etc etc.
Gosh, interesting. It appears that under "plugins", they're including the full list of associations of different file types that can be handled in the browser; I didn't realise the browser forwards all that to sites on demand. --AC

[The counterattack begins...] --SF


ec2-54-81-210-99.compute-1.amazonaws.com | ToothyWiki | RecentChanges | Login | Webcomic
Edit this page | View other revisions | Recently used referrers | List subpages
Last edited February 19, 2017 9:57 am (viewing revision 90, which is the newest) (diff)