Hacker News new | comments | show | ask | jobs | submit login

The problem is thinking that there is a way. You can't. Data can easily be obfuscated. As long as bits are flowing through your machine from sources that you don't control, you could be middle man to anything.

API stated it was a hard problem. Hard problems dealing with cryptography can take years and some times produce PhDs when they are cracked. It is easy to tell it is a hard problem, it is hard to say for sure it is not possible. If you have done the hard work of show it impossible please share and save others from repeating your work.

There is at least one free Ph.D thesis topic in this thread. I think solving this problem and creating a darknet that most people would want to use would be at least as impactful as the development of Bitcoin. People said that was impossible too.

I see a lot of people saying that you cannot analyze the data flowing through a system - and yet, I have to wonder, how then do people find the data they are looking for? It seems to be a rather fundamental theorem that if you know a URL to a file, no, there is no way to stop you passing whatever you want. But if you only have search, then surely the search itself implies that you have a way to classify the data!

Personally, I think this is enough to stop the spread (if not the storage) of horror. In other words, someone might safely store their cache on my computer without my knowledge (heaven help me) but I refuse to store anything that is searchable as a horror.

I don't think this system is searchable. You'll be storing a bunch of encrypted blobs, each of which can be retrieved and decrypted by anyone who knows a short key. One of them might be a CP picture (if you store enough of them, statistically one of them will be a CP picture). One of them might be an index full of other short keys, pointing to a whole host of CP pictures spread across the mesh.

If you're fine with that, that's good enough; you can run this system, and political activists and perverts alike will be able to stick their blocks there, accessible to anyone to whom they can pass the relevant short keys. But many people will be uncomfortable with even this much.

Yeah this system does not appear to be the quick glance I looked, but api's disired system does not need to model this one.

api's requirements:

> How do we design a system that is anonymous and un-censorable where users can opt out of being relays for certain types of data?

As long as we are reasonable by taking "un-censorable" to mean very difficult to censor and "users can opt out of certain types of data" to mean highly limit traffic of data type <x>, it seems like a hard problem until proven impossible.

>I don't think this system is searchable.

How then can it be used to share anything? I can see how it could be used as a secure, distributed backup (which itself is rather handy) but I'm not sure how it can be used to distribute data.

It's (AIUI) meant as a replacement for pastebin etc. - you host something on this mesh, and then you only have to spread a short hash key around. It also lets you do the wikileaks thing of publishing a bunch of encrypted data which you could later release the key to.

I'll bite.

In the OMG, think of the children case: A number of cases that went public (some even linked here) agreed that legally, child porn is 'i recognize it when I see it' kind of subjective. I'm obviously talking about teenagers here and different moralities or a missing context (such as those 'taken for fun' or 'sent to a friend, privately and deliberately' cases).

Api might, from his subjective view, decide that this as-yet-never-encountered image is bad/evil/perverse. How would you ever create an algorithm for that, other than 'api, please press a button that says "fine by me" or "no way hell", right next to the image in question'?

It is not clear to me that a system could be created that would be fine grained enough to take into account individual preferences with out general AI. I can imagine a rough grained system were none of them match perfectly but some get close. A user would have to pick a standard and live with the good and the bad that came with it. Not perfect but more choice then what you have if you sign up to be a tor relay or run freenet now.

This isn't about cryptography, this is about what data can be pulled out of bits transfered through your computer. There is no requisite that they be encrypted, they can be obfuscated, hidden, or just not recognizable as illegal to you. There is no way for you to verify that a collection of bits, put on your computer by a 3rd party, does not in fact represent something illegal. You would have to have access to every existing and theoretical encoding, encryption and obfuscation technique, and use them in every theoretical combination to verify such a thing.

The hard work has already been done and it is easy to demonstrate the problem and the impossibility of telling 'good data' from 'bad data', assuming the system is cryptographically secure, as by definition a cryptographically secure system resists analysis of content.

Consider the problem of one time pads. If I have two messages the same length, one made of 'good data' and the other consisting of 'bad data' and I encode them both with different one time pads, then it is possible for the resulting ciphertext version of each message to be identical. Another way of putting this is that for any given ciphertext that has been properly encoded with a one time pad, the only information available about the plaintext is the length of the message (assuming you know already that a one time pad was used) and nothing else.

api: > How do we design a system that is anonymous and un-censorable where users can opt out of being relays for certain types of data?

So not necessarily following any of the specifications of the system in the article.

I read his specification to mean that users are anonymous, they can post data and it can not be tracked to them. I do not see this necessarily requiring the data be filtered in a encrypted state only that it can not be tracked back to a submitter who took reasonable precautions.

The aim of - un-censorable where users can opt out of being relays for certain types of data - seems possibly paradoxical.

It is. What «api» has been proposing is literally, "I want a no-censorship network which I can censor."

That it is paradoxical does not necessarily make it impossible, though. The goals are certainly contrary but I am not certain that they are contradictory.

If you think about community-based censorship, this could probably be arranged even in an anonymity community, as long as it had active-enough participation. A popular search engine like Google can have tremendous ability to censor others even on a network like Tor where people cannot easily be censored.

The chief problem is that «api» faces is that his/her aspirations are too individualistic and unimaginative. You could always put the to-be-censored material in an encrypted archive and distribute the link to the material with the password to it -- this sometimes happens with BitTorrent (and then you'd have to click on ads to get the password and it becomes a nightmare). Then nodes cannot inspect the content. So what are you going to do, limit content-types? This was done by Napster, where only MP3s would be shared -- but a piece of software quickly came out called Wrapster which "wrapped" other files in MP3s. There exist JPEG steganography tools as well, both hiding files within the least-significant bits of the image data as well as in parts of the JPEG which do not get interpreted by a normal JPEG reader (e.g. appending a RAR archive to the end of the JPEG image).

I say "too individualistic" as well because any sort of relay net where the nodes themselves inspect the content that they trade is going to expose itself to a possibility of systematic censorship. "I know that you know what you were sending me" is a horrible way to start your cryptosystem.

Nonetheless, there might be hope for a sort of global data-store which the nodes collectively take responsibility for, which nodes collectively trade and where nodes can vote to "veto" certain indexed files. The idea would be that you can't take down the data store by taking down individual nodes, you can't prove which node "uploaded" a file, and you can't necessarily fault the nodes for failing to down-vote a file tracked by the community since hosting the file is a collective decision, not an individual one. It would have to use central aspects of the design of BitCoin alongside central aspects of anonymity networks, but I don't see why it would be impossible.

Well if no one opted out of any data type then it would be just like the some systems we have today. If most relays opted out of a data type x then the result would probably be that data type x would be less anonymous then other data types. It would take fewer conspirators to subvert the system for data type x. Similar to anonymity from government Z is effectively lost if they control m% of the nodes on tor.

Though I do not study cryptograph professionally that would be my current guess.

Forcing such data to be obfuscated is a step in the right direction. At least we won't accidentally happen on it.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact