Punish them for their complete inability to block spam calls. Million bucks per successfully connected call would fix it overnight and then our phone would be worthwhile as phones once again.
You realize the telcos themselves know exactly where the spam calls are coming from, right? You can be damn sure that functionality was a top priority from day 1 because (just like for all subscribers) they need to know the spammers’ usage in order to bill them for it.
They just don’t bother passing that information along to end users or law enforcement because nobody’s forcing them to.
They dont actually thanks to VoIP and other countries telcos being shit and pushing through whatever is sent with the call, which is exactly where that disconnect happens. Ive been in Telecom a long time, and the push to fix that problem was very real long before Indian scammers were spoofing calls for IT scams. Once you go to IP, the “real” link isnt there, and CID becomes no more than a data string which is no longer tied to anything physical as far as telecom infrastructure, which they have to accept in the current set up, which is why said the whole thing has to start from scratch.
The other issue is the way non ILECs send the CID is exactly how the scammers spoof, to cut that off, all CLECs would loose the ability to send CID data, businesses wouldn’t be able to send a main phone from their 3000+ extensions etc. Its far from a simple soulution which is why its still an issue.
You can be damn sure that functionality was a top priority from day 1 because (just like for all subscribers) they need to know the spammers’ usage in order to bill them for it.
CID data being injected has absolutely nothing to do with a line being used regardless of what the outbound DID actually is.
frequency of 'spam' calls should have significant gone down with the implementation of cid verification (stir/shaken). it has on all our lines; home and office--cellular and pots.
FCC recently begged congress to let them punish spam calls. It turns out that they currently have to research then forward to the justice department for it to do its own research then file an order against a specific name, then the company changes its name and throws the fine in the trash can, and the cycle repeats
I’d absolutely use this. I’m glad to see people using this incredibly powerful concept to solve problems that would literally be impossible to solve without it. It is especially encouraging that they used Monero since it has an extra layer of untraceability built-in. Blockchain is experiencing kind of a backlash in public perception, but like tech closely related to it like NFT’s, it is a VERY viable idea that just so happens to be tainted by greed and disinformation.
Voting is another concept that would become unhackable overnight…but would also probably:
A. enable the creation of a CBDC (which would also allow the state to REVOKE ownership of your own money)
B. force a state to pick a technology/crypto of choice (and tip the scales toward that crypto)
both of which I somehow am vehemently against yet moderate a (ghosty) community on blockchain voting. 😅
Monero uses three different privacy technologies: ring signatures, ring confidential transactions (RingCT), and stealth addresses. These hide the sender, amount, and receiver in the transaction, respectively. All transactions on the network are private by mandate; there is no way to accidentally send a transparent transaction. This feature is exclusive to Monero. You do not need to trust anyone else with your privacy.
IMO, as a software engineer, leveraging the network effect of Monero was a wise choice. In decentralized systems, the network effect (the amount of unique, separate nodes on a network) is directly correlated to the security of that network. If I were to transact with you in a public place (like a mall food court), you could correlate the presence of other parties in the food court as unique nodes in a network. The more eyes you have witnessing you transaction, the more intrinsic security that transaction has.
Another concept that actually comes into play in cryptocurrency-based systems is that the intrinsic value of that token directly relates to the security of the data in its network. That could be another reason that they chose Monero. Since it already has stable value, it offers a pre-existing and stable security solution.
How does it address the issues with like money laundering, KYC, etc? Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?
I could be wrong (since article is paywalled) but as a DApp dev, Proton probably has a wallet with enough Monero to run this smart contract without anyone needing to add any money at all. So you wouldn’t be getting a Monero wallet in it. It would simply mint an NFT that you could then refer back to for verification that this is the same address that I say it is. It would simply leverage the monero chain every time an account was created and mint that as a unique ID (NFT!).
Wouldn’t you, in practice, basically need a lawyer to help make sure you “use” it correctly and legally?
Using private cryptocurrency is not illegal, at least in the United States, nor should it be. This is like worrying if it is legal to pay for things with cash.
Thanks for lazily puking a couple of reductive, bankster-funded, cherry-picked, neolib rage-bait videos at me. Did you want to discuss this issue or do you want to lazily let the videos do it for you while forcing me to write essays that will be brigaded by the hivemind?
I like Dan Olson’s video but I don’t think it’s truly unassailable. There is some real use cases for block chains in low trust networks. One of those being global monetary policy. Another critic is that web3 applications (like Mastadon and Lemmy …) I think is moving forward even more so as the age of easy money comes to a full close.
It’s the coordinated decentralization that really defines web from web2 and 1. Cooperative vs competitive coordination is just a sub strategy within that, but I don’t think either strategy is always best for all problems.
As a sampler of the points made, web3 is already re-centralizing around gatekeepers because the average person doesn’t want to run their own server (or, in the blockchain case, host their own full copy of the blockchain) and, if the supermajority of users can’t see you because the gatekeepers block you, then it doesn’t really matter that you’re technically still up.
The takeaway on that particular point is that pushing for more and easier data portability is probably the best route in the face of how real-world users behave. (eg. anything stored in a git repository, including GitHub project wiki contents, is a great example of that. You’ve got your data locally with a simple git clone and you can upload it to a competing service with a simple git push.)
Voting is another concept that would become unhackable overnight
No. Voting on the blockchain is an even worse idea than money on the blockchain.
In many cases, there are good reasons why these things are done they way they are. I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.
A single actor might be able to commit voter fraud in the order of dozes or hundreds of votes perhaps but with a digital voting system based on blockchain, they could do so on the order of thousands or even millions by compromising end-user devices used for voting or buy enough work/stake/whatever to perform a 51% attack.
Same goes for money btw. Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.
I have yet to see a software system that is better at preventing voter fraud than humans looking at your government-issued ID at a poll site and humans overseeing other humans manually counting votes.
have you seen any of the research that the US government did on it? Homomorphic encryption enables votes to be both public and obfuscated at the same time. I don’t want to write an essay right now but are you truly up to date on this?
Our current system is by far not a perfect one but removing the ability for governments to i.e. freeze accounts of bad actors is not a boon.
I COMPLETELY DISAGREE. It should be exactly as hard as it is to freeze the cash of bad actors. That’s the point of it. I, of course, happen to be a libertarian socialist/anarcho syndicalist. You happen to be a capitalist. You seem to want be in the camp of “you will own nothing and you will like it” but I just so happen to not trust governments and their decisions. I believe in socialism but have seen it co-opted and destroyed by corruption. Anyway, I don’t think that those same clearly corrupted governments should have the unilateral right to prevent me from attemtpting to claw enough back from their corruption and greed to feed my family.
If you dislike corruption and capitalists, then why do you like cryptocurrency?
Because properly-implemented cryptocurrencies make corruption impossible. Even the shitty, scammy FTX project had a decentralized ledger, allowing the FTC to quickly and easily forensically untangle SBF’s tangled web of lies and fraud. Even Do Kwan’s TerraLuna hack would have been possible to detect had the project been open source (like any viable crypto project) but regardless of that, it will still now be quite trivial for the regulators prosecuting him and his co-conspirators with fraud.
It’s interesting that you can identify cherry-picking on my part but fail to identify it on your own. I merely mentioned situations where fraud (which I didn’t fall for because I follow certain principles about transparency and auditability of the crypto technologies that I prefer) was easily detected because the nature of the technology puts all transactions on an immutable ledger.
What valid criticisms of THE TECH have you offered so far? You’ve simply pointed to situations where stupid people failed to protect themselves from clear frauds then went and used that brush to paint the entire crypto space. You’re not really the intellectual heavyweight you seem to think you are.
I didn’t predict the failure of FTX or TerraLuna but they also didn’t smell right to me because they ticked MANY of the warning boxes above. I’m fairly centered around Cardano ecosystem projects but even in that ecosystem there’s bound to be some fraud. I protect myself by sticking to my gut feeling and using that small checklist. I have yet to be defrauded and I’ve been investing the space since 2017. It’s not hard and I am not Nostradamus but thanks for the compliment.
This video only mentions ERC-20 tokens as NFT’s. Are you so ignorant that you don’t realize that Ethereum is not the only crypto currency project? Do you realize that many projects have entirely different tech stacks? Actually, if you wanted to, you could go through my history and find me criticizing Ethereum’s badly flawed accounts model at least 20 times.
I’m not wasting any more time trying to have an intellectually honest debate with a person that blindly writes off an entire class of technologies yet doesn’t even understand beginner level things about it.
“You drink water and breathe air. Peter Thiel drinks water and breathes air too. Therefore you are just like Peter Thiel!”
You’re a troll. I literally hate Peter Thiel. He is invested in so many technologies that it’s VERY likely that we’re invested in the same tech somewhere. Pretty sure he doesn’t give a shit about Cardano which is the project I develop applications for.
Spreading your investments out is kind of how investing works when someone is a billionaire, dipshit.
Anyway, that’s enough feeding the trolls for today. Have a good night, intellectually dishonest hiveminder.
It sounds overcomplicated, is there really a need for the blockchain aspect? Could the same security be provided by a simpler method (like how keybase has their identity proofs?) but better to have it and not need it than need it and not have it ig
How many people have verified how many people’s identity with PGP signatures? Also I’m willing to bet a horribly shocking amount of people would just accept a new key from someone (not necessarily sign it) and trust them regardless.
Yeah these issues are definitely not new, but replacing “I trust the people who sign/verify my keys” versus “I trust the blockchain” is not too far off. What rules are going to be in place for peers to validate entries to the blockchain and independently reach enough concensus to achieve true decentralization?
Blockchains are an immutable ledger, meaning any data initially entered onto them can’t be altered. Yen realized that putting users’ public keys on a blockchain would create a record ensuring those keys actually belonged to them – and would be cross-referenced whenever other users send emails. “In order for the verification to be trusted, it needs to be public, and it needs to be unchanging,” Yen said.
The benefit of doing this with a blockchain instead of a privately held and maintained database is that the latter can be compromised, and you just have to trust "whoever" is maintaining that private database. Blockchain means that the ledger is distributed to many nodes, and any post-entry modification to that chain would be instantly recognized, and marked invalid by the other nodes operating the chain. Besides that, when you're looking up a public key for a recipient on such a blockchain, you would be looking it up at a number of nodes large enough that in order for a malicious entry to come through, they would all have to be modified in the same way, at the same time, and you would have to be asking before the change got flagged. Poisoning blockchain data like this is simply not possible; that's what makes this an especially secure option.
As long as there is an appropriate method for adding a legitimate entry to the chain, incorrectly entered data can be handled by appending corrected data on to the chain, and marking the error as such. Sensitive data, in this case, would be along the lines of "I accidentally added my private key instead of my public key." The action necessary here is the same as if I published my private key anywhere: stop using that key pair and generate a new one.
Proton rolled out the beta version of Key Transparency on their own private blockchain, meaning it's not run by a decentralized series of validators, as with Bitcoin or Ethereum. Yen said Proton might move the feature to a public blockchain after the current version serves as a proof of concept.
Because the Proton blockchain is currently private, the keys they are currently adding could easily be affected by a man in the middle attack.
No. That's not how that works. Just because a blockchain is "private" doesn't make it suddenly changeable, and it doesn't mean there's a unsafely small number of nodes. People commonly get invited to participate in beta testing; that's kind of how software development works.
And there would be no way to invalidate those keys for any of the affected users, ...
Remember when I said:
As long as there is an appropriate method for adding a legitimate entry to the chain, incorrectly entered data can be handled by appending corrected data on to the chain, and marking the error as such.
Yeah, and that's called a fork. The chain doesn't vanish; a new chain is created, forking off of the old one. That's why we have both Ethereum and Ethereum Classic.
Oh wait, you're talking about a 51% attack. Read the whole article that you linked. It is amazingly difficult to perform, and as the number of nodes goes up, it becomes even more difficult.
Has anyone successfully performed a 51% Attack on Bitcoin?
Nope, not yet.
Some miners have come close to reaching 50% or more of the total mining power over Bitcoin’s history, but nobody has actually performed a successful 51% Attack.
If Big Daddy Bitcoin hasn't suffered a 51% attack, I find the risk of that happening vanishingly low.
There have been three. BTG, ETC and VTC. All three of those are Proof of Work. PoW is going by the wayside, I'm hopeful that Proton would be using Proof of Stake, which is a much more difficult model to 51% against. (You would need to possess 51% of the tokens.) Even if someone managed to do it, it would still be noticed pretty much immediately, and then you'd fork to a new chain and move on.
A fork assumes the old chain continues to exist instead of being completely replaced. Without insight into the chain, which is we can’t have until it’s public, you can’t make any guarantees of immutability.
Put differently, I’ve got a revolutionary new financial encryption system. It can safely act as the middleware between you and any vendor. You can trust me with your credit card numbers because of my years experience and industry clout. You can’t see my system and I won’t do a PCI audit because it’s in beta. You can totally trust me though.
You do realize that when it's out of beta, they could easily drop the beta chain and start a brand new one, right? And that the methodology for someone adding their public key as well as the blockchain node application (wallet) would be open source, so that anyone can look at the code? And that Proton isn't adding your public key to the chain, you are? And that being a beta blockchain kind of necessaily depends on having many nodes, in order to test scalability?
You're out of your depth here, and I'm not going to bother explaining any further.
But it’s not public. It’s a private blockchain. The immutable ledger aspect only matters if everyone can see the ledger. Otherwise we take at face value all of the things you said. Assume they run one node and that one node is compromised by a malicious actor. The system fails. Extend it to a limited number of nodes all controlled by SREs and assume an SRE is compromised (this kind of spearphishing is very common). The system fails again.
Sure, you can creatively figure out a way to manage the risks I’ve mentioned and others I haven’t thought of. The core issue, that it’s not public, still remains. If I’m supposed to trust Proton telling me the person I’m emailing is not the NSA pretending to be that person (as the Proton CEO suggested), I need to trust their verification system.
It's. In. Beta. Of course it's not being offered to the general public yet. It's likely that there are very many beta nodes, in order to test scalability. When it's out of beta, you drop the beta chain and start a new one.
Yen said Proton might move the feature to a public blockchain
I’m not interested until it’s public. Additionally, building out the chain then dropping it to rebuild a new public one is rewriting history, which violates the whole “immutable” part of “immutable ledger.”
Untestable security claims for sensitive information are useless. I’m a huge fan of Proton and I’m excited to test this but only once the blockchain is public. Until then there is no way to verify the trust so there is no trust.
If you disagree, I might have something for you. I’ve got the strongest financial encryption known to man on top of the best transit system ever that makes it super easy to do stuff. It’s all based on blockchain, of course. Just give me your credit card info and bank details. It’s in beta so I won’t let you audit it, but unless you’re shilling you don’t have a problem with that.
Yeah I guess I missed the part where security fundamentals weren’t supposed to be a part of a secure product. Do you mind explaining how a product centered on trust can be developed without trust? I think that would really help me understand why you think repeating the word “beta” allows a security-focused company to sidestep normal foundational components.
I don’t think we read the same article. We’re talking about a product those goal is secure verification of identity, correct? Something all about security?
Proton rolled out the beta version of Key Transparency on their own private blockchain, meaning it's not run by a decentralized series of validators, as with Bitcoin or Ethereum. Yen said Proton might move the feature to a public blockchain after the current version serves as a proof of concept.
It's not rewriting history. We're talking about validation of public keys. The exact same information can be added to a public non-beta chain, to satisfy the concerns about security that would come from maintaining a previously private beta chain into production.
… which gives a timing attack and the ability for bad actors to impersonate someone. I agree with you that, once public, this is a good idea. You cannot convince me that this is a good idea if done privately because there is no way to trust but verify, especially in the highly sensitive contexts they want trust in.
If it’s not public, I won’t trust it. You trust it blindly because it’s in beta. We’re not going to come to an agreement over these mutually exclusive positions.
I don't "trust it blindly" because it's in beta - I understand that it's a work in progress because it's in beta. Jesus christ you people and your fucking tinfoil hats.
Your only response to valid criticism about the lack of verification is pointing to the state of development as if that magically washes away all of the criticism. It doesn’t.
While I do have many tinfoil hats, basic fucking trust measures do not require me to pull them out. This is cryptography 101 shit not anything complicated.
You don’t understand basic trust relationships. I don’t really care about your opinion. I already called out that your blind trust in beta software conflicts with my security fundamentals so we’re at an impasse. Once you understand why validation is important or can show why a critical component of trust architecture is somehow not necessary, I’d be happy to be happy to reconsider your opinion.
Keep living in your weird fantasy world where applications and solutions should pop into existence fully formed, feature-rich, and bug-free, with no development or testing whatsoever.
It doesn’t matter what the tech is, if you can’t audit it, you can’t trust it.
Also a single private blockchain owner is just a blackbox data store, not a blockchain. I’ve already explained how it’s vulnerable to very simple attacks, much less the complicated attacks that will be thrown at something like this.
That is the wrong answer entirely. You should try to dictate prices to ISPs. The better approach is to work to increase competition. That will drive down prices and increase speeds.
Its worked in my city as prices for fiber are cheap and there is like 6-7 companies who will do it.
Telecom is a natural monopoly: even if you’ve got 6-7 companies marketing to the public, chances are only one of them is actually running the lines (maybe two, if we’re talking about both fiber and coaxial) and the others are just resellers. In other words, the competition is kinda artificial since the one with the infrastructure should (in theory – barring regulations disallowing it) always be able to undercut the others, who are just middlemen taking out an extra chunk of profit.
Although I guess you could argue that deregulation is better than the regulatory-captured status quo, fully regulating the telecom provider as the monopoly it is (if not nationalizing it entirely) would be inherently more efficient.
This is why I think that the lines should be owned by the municipalities (or a multi-community partnership) and access to them resold. Not even just for fiber, do all of them. The town already handles the water and the sewer, why can’t they lay the pipe for the gas?
They don’t need to be the ISP, or the cable company, or electric company, or whatever (though they can be). Just own and maintain the infra. Obtain right of way. Lease access.
What I’m trying to say is that any small changes that we add to the extension will have very few (or none) effect on the real users, but will force the srappers to adapt. That might require important human and machine ressources to collect data at a massive scale.
You are absolutely right! Using a single public encryption key can not be considered as secured. But it is still more than having your content in clear.
I intend to add more encryption options (sharable custom key, PGP), that way users can choose the level of encryption they want for their public content. Of course, the next versions will still be able to decrypt legacy encrypted content.
In a way, it makes online Privacy less binary:
Instead of having an Internet where we choose to have our content either “public” (in clear) or “private” (E2E encrypted), we have an Internet full of content encrypted with heterogeneous methods of encryption (single key, custom key, key pairs). It would be impossible to scale data collection at this rate!
I totally applaud your efforts to find a solution to this issue but I don’t think this is practicable, at least in it’s current form. I get the underlying idea that changes to the extension will have to be continually adapted to by the scrapers but that’ll slow them down for a negligible amount of time.
I don’t mean to sound negative and I really do thank you for your efforts but I can’t see how this could be effective.
Slow them down and prevent them to scale is actually not that bad. We are in the context of public content accessible to anyone, so by definition it can not be bulletproof.
Online Privacy becomes less binary (public vs private) when the internet contains content encrypted using various encryption methods, making it challenging to collect data efficiently and at scale.
Some are trying to give data to AI. Some are trying to hide data and contents from AI. Then why AI was invented🙃. It was better when there was no such thing like AI.
Funnily enough, they don’t advertise preventing users from opening unapproved media files as a feature. So that could either mean they’re sneaking it in, or that the image is not genuine.
Maybe if this was condesed to a userscript, or instead of encryption use base 64 encoding. Its really just about obfuscating/transforming text to automated systems, not securing it.
You’re right. “Securing” is bad word. “Obfuscating” might be more appropriate. Actually had the same feedback from Jonah of Privacy Guides.
I use AES encryption with a single public key at the moment. That way, if I want to give the option to the user to create encrypt with a custom key, I don’t have to change the encryption method.
EDIT: Editing the title of this thread ̶P̶r̶o̶t̶e̶c̶t̶
privacy
Oldest
This magazine is from a federated server and may be incomplete. Browse more on the original instance.