There is no technical reason why something like whatsapp can't be peer-to-peer. Choosing for a centralized service is implicitly choosing for giving the powers that be the opportunity to massively listen in on our various modes of conversation, to figure out your 'graph' and/or to allow censorship.
An old quote has that the internet sees censorship as a routing problem and will route around the break. But that only works if we explicitly refuse to allow centralized services.
[0]: https://blockchain.info/charts/blocks-size (26 Jun 2016, 0519 UTC)
1) Have "tracker" servers set up around the world. The App needs to know at least one of the IPs, preferably all, in order to get a list of Peers it can connect to. This is still considered "decentralized" so long as none of the "trackers" is considered a "master" over the others.
2) Have UserA manually enter the IP of another UserB. Then, UserB tells UserA all of the Peers it knows about, which UserA will then connect to, and so on and so forth. This approach can quickly get out of hand unless there is some sort of limit on how many peers a User can be connected to at once. That's up to the developer (or possibly user) to decide.
Theoretically, as long as one Peer is alive and doesn't forget the list of other Peers it has been told of, the network will never completely shut down. Even if it does, however, the network can "start back up" again, but there may be cases of "subnets" within the P2P network if no peers from one subnet ever know of peers from another subnet.
In regards to the actual chat functionality, it's very simple. As long as you can preserve consistency between peers (which is its own subject), it's relatively easy to have each Peer keep a copy of the current chat. Even if the chat is between >2 Peers.
There are intricacies to this, but it's not actually that difficult. It's a lot more complicated to design, but once the groundwork has been laid, it can sustain itself for the most part.
Like email. Let everyone host their own chat server. Pass messages around to the correct server and let it forward it to the user's device.
Not that I disagree with you but can we all stop using this as an argument.
Also what's the matter with using intent in arguments?
We have slack instead of IRC, because IRC sucks.
Consider in order to have offline history I'm logged in permanently via. tmux session on a server which I connect to with Mosh. Weechat is a barely okay client (totally not suitable for non-technical users and Mosh still has significant delay).
What do you expect the non-engineering part of the company to do?
I could kind of see how the plaintext communication makes bribery and similar things harder (which is what RTI should prevent), but if that's the reasoning it seems to be really backwards.
--
http://timesofindia.indiatimes.com/city/gurgaon/Most-mobile-...
http://indianexpress.com/article/cities/delhi/two-gurgaon-sc...
http://www.thehindu.com/news/national/move-to-link-digital-l...
---
All three don't have anything to do with government corruption. What I get from this is:
1. He is involved in things other than government corruption.
2. RTI is a tool that he uses, so RTI activist is probably a misnomer
3. This is possibly just an well intentioned old man who doesn't understand technology doing the wrong thing for the right reason.
But the supreme court is hearing him? Well then I hope that this gets squashed at the highest level before it turns into a discussion.
On the other hand, the arguments against encryption seem to be that it cripples the Government agencies in their work against terrorists, which is a genuine concern.
There seems to be no way to address both these major concerns (that I am aware of), and hence the battle between privacy advocates and the camp against encryption in the name of national security will continue.
Banning a single service such as WhatsApp is not a solution to this problem. If someone really wants their communication to be encrypted, they can easily make it happen using the numerous tools available, and there is nothing the Government can do about it.
That argument does not hold under the current constitution of India. Under the guise of one threat or another (terrorists, corruption, protection of classes of people) the government has nullified all our rights. On the one hand the government is quite open about its maliciousness. On the other hand, unlike the First World governments, the government is honest about the rights it grants us. We don't have a situation where the constitution guarantees something, and the law enforcement agencies violate it.
The bottom line: if you care about your privacy, don't depend on the government, wherever you are.
Generalizing this argument a bit, banning encryption is also not a solution to this problem. The cat is, as they say, out of the bag, and unless we're going to burn every cryptography book and remove every website documenting cryptographic methods or hosting cryptography code, there's no putting it back [1].
1: Presuming the development of effective post quantum cryptography cannot be prevented and distributed, which considering the current state of PQC seems unlikely.
Obviously here we are speaking in a mathematical sense, but encryption of information predates the internet. Hell, it predates electricity. Where do you draw the line? can I not encrypt my conversation with a friend by referencing shared unique experiences?
Sounds more like we're returning to a state of how things were (suspicions would have to be aroused, and actual police work would have to be done, instead of just retrieving all of the relevant metadata on people the State doesn't like from a database of just about every piece of information transmitted across a wire for 50+ years).
If users obtained thier software elsewhere, the system could still "ban" it, but people would still obtain it.
With the app stores, it becomes fairly easy for a government to unilaterally ban a piece of software.
Sometimes we can't engineer ourselves out of a problem and need to do it democratically. Looks like this government is a little rotten if you ask me.
"Almost" impossible is a stretch. It's regarded as impractical regardless of computational power or other available resources with current computational technology. We might as well not even try.
> Decrypting a single 256-bit encrypted message would take hundreds of years, Yadav said.
That's an interesting way to phrase it.
If you were in possession of an ideal computer, that floats in space and uses only the minimum energy required by physics to distinguish two states, and you were able to convert all the mass in our solar system directly into energy (which you probably wouldn't want to do, for obvious reasons) and feed that energy into the ideal computer, then you would be able to count (no decryption attempts here, just counting) all the way up to 2^231.
Trying to brute-force 256-bit keys is a very unrewarding activity indeed. If Yadav thinks he would be able to do it in "hundreds of years" rather than "long after all the stars have died" he must have a computer hidden somewhere that would run Crysis very smoothly even with all the settings on maximum.
http://csrc.nist.gov/publications/PubsFIPS.html
A lot of the hard (math heavy) stuff used in modern cryptography has been published almost a couple of decades ago and good books are available on Amazon. I usually just buy them used as you get very good deals for books that have been published several years ago.
I would recommend Bruce Schneier's 'Applied Cryptography, Protocols, Algorithms and Source Code in C'. I was surprised to see the 20th Anniversary Edition is out now.
https://www.amazon.com/Applied-Cryptography-Protocols-Algori...
The math involved uses a lot of number theory (prime numbers, prime factorization, modulo computations, chinese remainder theorem, elliptic curves, etc)
Once you get a basic understanding of the math, you will find out why it is hard to find the keys (if properly generated) through brute force computer attacks.
Bruce Schneier wrote a book called Data and Goliath and touches on the subject a bit. Simply to many false positives are detected.
But how will governments decrypt communications you say?
Simple, they hack the devices performing the communication, if they are important enough. They can then get the key if needed. Encryption forces governments to do targeted surveillance.
This isn't just about whats app, it's about all crypto systems. Without privacy, you have no liberty.
But well, I am from europe, looking forward to you kicking out your security industry and outsourcing it to us. Thanks for that.
I am saying that a provision should be given for government or any agency if it helps saving people's lives but only with a warrant or better scrutiny for the request. Shouldn't that be the case?
[1] https://www.theguardian.com/technology/blog/2013/jun/14/nsa-...
In this hypothetical scenario, humanity has developed the ability to remotely project thoughts to designated individuals. No technology is involved. Interception of projected thoughts is simply not possible. Plans are made, and then time comes for executing the plan, which must by necessity occur in the physical world.
Per your position, prevention of destructive acts by sociopathic actors in the above hypothetical world is not possible?
The freedom to associate and communicate unhampered by special interests -- corporate or governmental -- is a fundamental requirement of free societies. This fundamental requirement trumps every other consideration. For example, in the above hypothetical world, the society at large still has recourse to other means to detect and prevent destructive action. However in the world that you seem to be proposing, perfectly sane and reasonable actors can be trivially denied from the exercise of the fundamental right of free speech, communication, and association.
Do we have any stats on this? I am assuming most HN readers are American but I think Indians would be 2nd or 3rd on the most readers list.
I chuckled. thanks.
