While I am complete appalled by the data breach and hope that similar things never happens to anyone again
I would like to propose a purely thought experiment:
The hacker reported sold the nude photos of Jennifer lawrence for a mere sum of $130 using bitcoin.
If we apply game theory here, these kind of data is very difficult to monetize. If you sell one copy of the data, it is then immediately distributed online for free. Although, nude photos of celebs are arguably very valuable.
The question is: What is the ideal path for these people to maximize profits?
I think the better alternative would have been a kick starter type model where the attacker will only release photos if reaches a funding goal (let's say $50k). The attacker might release less revealing photos to build interests in the goal funding.
I often hear about decentralized kickstarter models with bitcoin (mutlsig; or ANYONE_CAN_PAY hash type). But I always thought of them as gimmicky. This is actually a use case for it.
So going beyond, celeb photo breach, this similar model should be applied to many more scenarios. ie.
1. you have a valuable asset,
2. but it loses value immediately after the first distribution
3. so you must capture all of the value at distribution
While I don't actually have any solid grasp of the code that would be required, I imagine it would be possible to release 1 image to show that one does indeed have a collection of "valuable" photos. Once trust has been established that the person probably does indeed have additional photos, people will be more willing to submit bitcoin.
You overwrite each pixel of each photo with black. You assign every photo a bitcoin address and perhaps give a name describing its content (something kinky, obviously). Each photo has a set amount the person is asking for its release. As bitcoin is sent to each photo's address, more and more pixels are revealed, as a percentage of the remaining bitcoin price.
You can go further by making the first few photos far cheaper the next (potentially more sultry) photos, creating an exponential pricing system that will likely benefit the hacker. Trust is increased as a low cost photos are revealed, demand for more revealing photos increases as trust increases.
As noted by ______1, the hacker did something similar by censoring the photos and offering to uncensor for bitcoin. The difference here is that people sending bitcoin have no guarantee that the photos will actually be released once the bitcoin is sent. They don't have any guarantee that the posted bitcoin address is not an imposter, and the real address is elsewhere. They don't even have a guarantee that the hacker was already caught, thereby wasting their bitcoin. That system is lacking in trust. A dynamic system described above would help mitigate that problem (even though the hacker could reblack-out each photo and tell them to start again, but that would completely demolish any future trust, although it would hardly be considered "stealing" since the percentage paid of each photo was already released).
That's a very interesting read, and I'll have to give some thought to the implications therein.
I was originally thinking of something more along the lines of Radiohead's In Rainbows, released online for a donation, but may combined with a kickstarter-like fundraising effort to pay the upfront costs.
Dawkins-esque, sure. But I wouldn't call it tone-deaf. You just have to realize that some people like talking about events at the meta-level instead of focusing solely on object-level details.
Only someone who knows the market can maximize the profit. These pictures would make a lot of money at the hand of specific low/high (depend on the view) magazines, on someone would wanna destroy JLaw's reputation or as ransom... How much money would JLaw pay for the original files?
However, how many people do you think can answer the above questions??
It's like when someone steals a huge pile of jewelery. He steals it, but he needs the mob to sell it... Otherwise he can't monetize.
A bit of a tangent, but it's worth noting that the amount JLaw should rationally be prepared to pay for the original files is zero. If you pay a ransom in a situation like that, all that will happen is a) the guy will take the money and then sell the pictures anyway, and b) you set a precedent that you can be blackmailed, which means the next blackmailer might come up with something worse than some rectangles of RGB pixels.
This is exactly what happened though. A BitCoin address was posted, and the leaker was taking "donations" with the promise of delivering more pictures, showing proof that he had more by showing partial screenshots of them.
Hut those are not stolen. It's much harder to get a good price for stolen goods because there is no demand from legitimate buyers, in this case large publishers.
> Preventing the oracles from colluding to prematurely release the keys, or not release the keys at all, is a harder problem.
No, the harder problem is knowing the "encrypted" data is something other than a directory of the sellers favorite goat-porn. A cut and choose proof could be used, but non-interactive ones require a lot of samples to have good security... and revealing a lot of sample images is something the seller doesn't want to do here.
To put that in concrete terms: Say I claim have a million nudes of Elmo which you'd like to purchase. I give you an encrypted copy of them. You pick some number at random, and I reveal the keys. You decrypt and get find all of them to be fine examples of the promised images of Elmo in all Elmo's glory. You are now convinced that it is likely that the rest of the images are similar— since your selection was uniform you can use simple combinitorics to how likely I would have been to get away with various levels of fraud. "That tickles"
To make this protocol non-interactive with a fiat-shamir transform— I hash the encrypted pictures and use the hash to select which ones I reveal. This requires many more examples to achieve security because I could have been secretly grinding one of the images until the hash picked the few passing examples I had. (There are, however, ways too boost the security by inserting an expensive process— like giving away Bitcoins— into the inner loop).
It's likely not reasonable for a collection of just a few dozen images, even with strengthening, however.
For machine decidable things— say a DRM master key— other approaches are possible (https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment) but since no one is likely to turn up a program that decides nudes of one celebrity vs another, about the best you could do is a non-interactive cut and choose selective reveal over _pixels_, and use compressed sensing techniques to build low res images to decide if the rest of the pixels are worth paying for. If you're happy with that, then at least theoretically, the ZKCP approach lets you pay for the keys for the rest of the pixels with no risk of being stood up and no third parties.
I would like to propose a purely thought experiment:
The hacker reported sold the nude photos of Jennifer lawrence for a mere sum of $130 using bitcoin.
If we apply game theory here, these kind of data is very difficult to monetize. If you sell one copy of the data, it is then immediately distributed online for free. Although, nude photos of celebs are arguably very valuable.
The question is: What is the ideal path for these people to maximize profits?
I think the better alternative would have been a kick starter type model where the attacker will only release photos if reaches a funding goal (let's say $50k). The attacker might release less revealing photos to build interests in the goal funding.
I often hear about decentralized kickstarter models with bitcoin (mutlsig; or ANYONE_CAN_PAY hash type). But I always thought of them as gimmicky. This is actually a use case for it.
So going beyond, celeb photo breach, this similar model should be applied to many more scenarios. ie.
1. you have a valuable asset,
2. but it loses value immediately after the first distribution
3. so you must capture all of the value at distribution
Note:
Anyone can pay: https://bitcoin.org/en/developer-guide#term-sighash-anyoneca...