Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] dark mail alliance

phreedom at yandex.ru phreedom at yandex.ru
Sun Nov 3 03:29:12 PST 2013


On Sunday, November 03, 2013 02:17:59 AM Jonathan Wilkes wrote:
> On 11/02/2013 02:31 AM, phreedom at yandex.ru wrote:
> > On Saturday, November 02, 2013 01:22:02 AM Maxim Kammerer wrote:
> >> On Sat, Nov 2, 2013 at 12:47 AM, Tony Arcieri <bascule at gmail.com> wrote:
> >>> tl;dr: a Bitcoin-like global append-only log can enable the secure
> >>> mapping
> >>> of human-meaningful names to cryptographic keys
> >> 
> >> You are still trusting a third party — a P2P network and the
> >> computational effort it represents, in this case — and in addition
> >> have a non-trivial monetary cost of entry once the system resembles
> >> anything scalable. So you have to both pay money (with all the
> >> implications on anonymity and ease of use, among other things) to have
> >> a meaningful name, and reduce your address security to one of exploit
> >> resistance of some buggy DHT implementation running on nodes you have
> >> no control of.
> > 
> > And you still have problems with phishing thanks to being able to
> > "register" a similar domain.
> > 
> > Of course, despite its shortcomings, namecoin is better than the existing
> > "global namespaces" which are outright run by hostile entities.
> > 
> > Global namespaces seem to be a solution looking for a problem though. In
> > the world full of QR codes and text messaging, sharing your unique ID is
> > not a problem, bookmarking/address book handles assigning a memorable
> > name or even several descriptive names.
> 
> You don't see a difference between a billboard with a fake QR code
> pasted over the real one, and a billboard where the email addy has been
> vandalized to read "@gnail.com?

Yes, that's a very good analogy, especially if the domain is not as widely-known. Also, I 
don't see how "pasting over" a QR code in a way that's not easily detectable is somehow 
harder than pasting over a domain/email, or printing a real-looking fake ad and pasting it 
over the real one.


> Until most folks can dissassemble, inspect and reassemble the device
> they own as easily as Gomer Pyle did with his rifle in "Full Metal
> Jacket", I think they need to stick with human readable addresses.


This is what happens when you click links in spam emails basically, or any other "ad". 
Unelss the domain is in your bookmarks(and your software helpfully points it out, which 
would be a very helpful UI feature to avoid also a supposedly human-readable 
paypa1.com). It's a fundamental trust issue, and not a technology issue.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131103/9ac4831d/attachment.html>


More information about the liberationtech mailing list