undefined | Better HN

0 pointsbinary1322y ago0 comments

I’d be more interested in a system that can prove to me that it’s not collecting logs. Hard, but not impossible.

0 comments

As long as we are talking about classical communication (and not quantum) it is impossible to prove that it isn't collecting at least ciphertext logs.

binary132OP2y ago

Consider a certified tamper-resistant operating system which cryptographically certifies the versions of software it operates, and prohibits uncertified processes from running. The certificate of authenticity verifying the software is made available to the clients which connect to the remote application. This cert specifies all of the program transforms which were required in order to produce the compiled software, and they specify the capabilities required for the transform.

It is certainly a very hard and complex problem but I wouldn’t necessarily go as far as “impossible”. Maybe you know something I don’t know, though.

dheera2y ago

> Consider a certified tamper-resistant operating system which cryptographically certifies the versions of software it operates, and prohibits uncertified processes from running.

If I own the hardware, I can decide how the software is executed, including containerizing your certification processes to make them feel warm and fuzzy and happy but in reality they are running inside a simulation.

If push comes to shove I could theoretically manufacture my own RAM sticks that copy everything and your OS wouldn't even know, but there's a 99% chance I could successfully pull it off at the kernel virtualization level.

lordofgibbons2y ago

Not really. Tor, I2P, and Monero manage this just fine. Building on these technologies should allow one to have privacy and anonymity without any exotic quantum technology.

EraYaN2y ago

Well they don't actually, Tor especially has enormous amounts of government nodes so they can trace and log exactly what and who. And all of those still rely on the IP network which always will allow logging without you ever knowing, it's just math really, the proof of not-logged is just impossible.

beardog2y ago

Interesting, do you have a source? All fully p2p networks are vulnerable to sybil attacks to some extent, but specifically a source that Tor actively has enough "government nodes" to de-anonymize everything.

dheera2y ago

These technologies give privacy and anonymity under normal conditions, but they do not prevent anyone from logging ciphertexts. If someone has logged ciphertext, and the government subponies someone to divulge their private key and subponies whoever has the ciphertext, those ciphertexts as good as plain text.

binary132OP2y ago

I mean, I don’t think anyone really expects that encrypted messages are necessarily secure in context of stolen private keys. I assume that a lot of encrypted traffic is either recorded at the ISP/backbone level or at least can be on demand.

j / k navigate · click thread line to collapse

0 comments

dheera2y ago

As long as we are talking about classical communication (and not quantum) it is impossible to prove that it isn't collecting at least ciphertext logs.

binary132OP2y ago

It is certainly a very hard and complex problem but I wouldn’t necessarily go as far as “impossible”. Maybe you know something I don’t know, though.

dheera2y ago

> Consider a certified tamper-resistant operating system which cryptographically certifies the versions of software it operates, and prohibits uncertified processes from running.

lordofgibbons2y ago

Not really. Tor, I2P, and Monero manage this just fine. Building on these technologies should allow one to have privacy and anonymity without any exotic quantum technology.

EraYaN2y ago

beardog2y ago

dheera2y ago

binary132OP2y ago

j / k navigate · click thread line to collapse