Search Mailing List Archives
[liberationtech] dark mail alliance
adrelanos at riseup.net
Fri Nov 8 13:52:53 PST 2013
phreedom at yandex.ru:
> On Monday, November 04, 2013 01:17:49 PM Jonathan Wilkes wrote:
>> On 11/04/2013 05:28 AM, phreedom at yandex.ru wrote:
>>> On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote:
>>>>> On Nov 3, 2013, at 3:30, "phreedom at yandex.ru" <phreedom at yandex.ru>
>>>>> I don't see how "pasting over" a QR code in a way that's not easily
>>>>> detectable is somehow harder than pasting over a domain/email, or
>>>>> printing a real-looking fake ad and pasting it over the real one.
>>>> A QR code is already isolated in an opaque white square. It's single
>>>> color, and moreover, that color is black. And it's smaller than a
>>>> By contrast, a textual URL or email address will be in a specific
>>>> probably matched to the rest of the billboard. It's also likely
>>>> size-matched to other text. Most importantly, it's likely printed right
>>>> over a patterned and colored background.
>>>> While you're correct that you can address, to some degree, all of those
>>>> issues by wheatpasting over the entire billboard, provided you're at
>>>> as competent a visual designer as the person who executed the original
>>>> which is easier to print and transport? A full-color billboard, or a
>>>> black-on-white sheet of tabloid-sized paper?
>>>> To put this all in more practical terms, since these issues were not
>>>> apparent to you, you're a less-skilled visual designer than anyone who
>>>> would be paid to produce an advertisement. Therefore, you would not be
>>>> capable of covertly coopting their advertisement. Yet you'd still be
>>>> perfectly capable of successfully pasting over their QR code without
>>>> being the wiser.
>>> I can't talk about others, but I'd be quite suspicious if I saw a second
>>> layer of paper exactly where the qr code is located. If such attacks
>>> gained momentum, I guess people would be more careful.
>> Now you are climbing up on a billboard and inspecting the QR code
>> personally as a way to prove human readable addresses are a solution
>> looking for a problem?
> Can you name a specific attack which actually happened, and which involved
> altering an ad url in any way or posting a fake physical ad? Are we talking
> about something that actually exists? It's not like an ad by microsoft can't
> point to a legitimately-looking domain name which isn't microsoft.com eg
>> You already mentioned the idea of domain names that aren't "as
>> widely-known" as others. "Widely-known" is a feature-- that feature
>> doesn't exist with QR codes so you clearly understand the issue. I'm not
>> saying that issue cannot be solved, nor that the current domain name
>> system is immune to exploits. But if you don't understand the benefits
>> of human readable addresses you're likely to end up with a less secure
>> system to replace it.
> I understand also that:
> * these benefits exist for maybe top 100 domains
> * it's usual for well-known entities to use campaign-specific domain names
> * even if you know the entity name to be $NAME, the domain can still be
> $NAME.com, $NAME.org, $NAME-project.org, get$NAME.com etc
> The "security" of physical ads is pretty much about the cost/benefit, and
> that's why we don't see such attacks in the first place.
>> (Especially when the smartphones people must use
>> to read the QR code in the first place are almost all locked down and
>> not under the user's own control.)
> There are gateways like tor2web.org and onion.to, and these can be encoded
> into the QR code for compatibility purposes since there's 1:1 mapping beween
> darknet and gateway urls.
> For all practical purposes, the DNS replacement is already available in the
> form of tor hidden services, tested and known to be quite reliable.
> The status-quo is:
> 1) you pay money to get a DNS record which:
> a) can be revoked at will by a number of entities
> b) requires you to identify yourself, unless you're willing to play spy
> games(and noone know for how much longer the loopholes will exist, see (a))
> c) requires you to be able to pay, which may exclude "children" who can't
> get the bank account/card, residents of sanctioned countries.
> 2) you get a ssl cert, with MITM-by-advanced-adversary as an inherent
> "security feature". This also may come with random and potentially ridiculous
> hops to jump thru, the list is subject to change
> 3) wait for hours/days for payments to complete and records to propagate.
> Tor hidden service:
> 1) add 2 lines to torrc, or use vidalia to do the same
> 2) grab the service address from tor's dir
> 3) the service goes online in 5-10 minutes, with encryption and
> authentication always on.
> HTTP gateway is available for legacy platforms.
> Bookmarking and address book features are widely available thus making the
> appearance of the url itself not that important.
> Both client and service can opt to drop their half of the circuit, which turns
> it into a more or less direct tcp connection, with nat traversal capabilities.
> Yes there are caveats, yes tor devs are spending their effort on making tor
> hide users, rather than optimizing "we don't want no anonymity" use cases, but
> the foundation is solid.
> The only known issue that bothers me is that tor doesn't let you keep the root
> keys for the service offline. A 2-level setup would be really nice, tor devs.
> pretty please?
> For all I care, the solution has been available for several years.
I strongly agree with you. Tor hidden services are awesome. Their
concept is great. The implementation need some love , but there
aren't any conceptual issues. Just no one is working on it.
- no need to trust a registrar
- can't be taken away without physically owning the server
- free registration
- free end-to-end encryption without relying on the CA cartel
Just too awesome.
> It works well, but I'm afraid that getting it adopted would require the
> current gatekeepers to step up abuses by a couple orders of magnitude.
I am afraid, you're probably right. Unless you can manage to advocate
Do you think the FreedomBOX developers know about your "use
non-anonymous Tor hidden services for DNS" idea?
> The only known issue that bothers me is that tor doesn't let you keep
> keys for the service offline. A 2-level setup would be really nice,
> pretty please?
Not sure, but perhaps there was a feature request of this. Probably
conceptually possible as well. Just no one working on it.
More information about the liberationtech