Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Buying anything on Amazon? Please use the Geekzone Amazon aff link.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
2909 posts

Uber Geek
+1 received by user: 92

Trusted

  Reply # 481005 14-Jun-2011 14:11 Send private message

SaltyNZ: But the majority of people who infringe do so because they have no 'legal' means.

Is this a fact?  Or are you just extrapolating your own (and acquaintances') experiences?

2968 posts

Uber Geek
+1 received by user: 613

Trusted
Subscriber

  Reply # 481020 14-Jun-2011 14:32 Send private message

bazzer:
SaltyNZ: But the majority of people who infringe do so because they have no 'legal' means.

Is this a fact?  Or are you just extrapolating your own (and acquaintances') experiences?


Well, it's no more or less an extrapolation of the 'everyone is a thief & every download is a lost sale' arguments, is it?




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.



1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481032 14-Jun-2011 14:52 Send private message

ScottStevensNZ:
The point I was making with that was that they understand that identification from a central agency is important for identifying people to have secure and safe internet encounters, it would also be great for helping law enforcement agencies tackle problems on the web like they mentioned, and let people access the internet without their rights being abused.  If people are accountable for their actions on the web they are less likely to be horrible, nasty and criminal.  Just like a public place.  


That assertion is highly unlikely to be the case. Any scheme such as the one you are mooting can be spoofed given enough time and effort and I suspect that given the distributed nature of the internet the amount of time required to crack a scheme such as your proposal wouldn't actually be that much. Once again, the inconvience would be on 'legitimate' users - i.e. mum and dads wondering why there internet isn't working or why they have to enter these extra fields, or what does it mean when their key store gets corrupted etc. Once again, deal with the root of the problem - availability and usability of content.


it's not really much different from someone getting a postal letter with your information on it and using it for social engineering purposes.  It can be done, with enough time and effort. I think people wouldn't mind entering a couple extra data fields when setting up wifi on their laptop computer for example if it provided extra security and piece of mind.  

It could even be one of those keyring pass code generators. 

Inconvenience would be on the large amount of downloaders who no longer want to risk getting caught downloading, for fear of the consequences.

If an underage person wants to get served in a bar, some of them get a Fake ID, and they do often get caught.

I'm not arguing that if business' want to be in business, they need to actually let the consumer buy from them, what I'm arguing is that most people torrent regardless if it is available or not to them, but because they would rather not pay for it. 

1296 posts

Uber Geek
+1 received by user: 12


  Reply # 481033 14-Jun-2011 14:56 Send private message

macuser:
ScottStevensNZ:
The point I was making with that was that they understand that identification from a central agency is important for identifying people to have secure and safe internet encounters, it would also be great for helping law enforcement agencies tackle problems on the web like they mentioned, and let people access the internet without their rights being abused.  If people are accountable for their actions on the web they are less likely to be horrible, nasty and criminal.  Just like a public place.  


That assertion is highly unlikely to be the case. Any scheme such as the one you are mooting can be spoofed given enough time and effort and I suspect that given the distributed nature of the internet the amount of time required to crack a scheme such as your proposal wouldn't actually be that much. Once again, the inconvience would be on 'legitimate' users - i.e. mum and dads wondering why there internet isn't working or why they have to enter these extra fields, or what does it mean when their key store gets corrupted etc. Once again, deal with the root of the problem - availability and usability of content.


it's not really much different from someone getting a postal letter with your information on it and using it for social engineering purposes.  It can be done, with enough time and effort. I think people wouldn't mind entering a couple extra data fields when setting up wifi on their laptop computer for example if it provided extra security and piece of mind.  

It could even be one of those keyring pass code generators. 

Inconvenience would be on the large amount of downloaders who no longer want to risk getting caught downloading, for fear of the consequences.

If an underage person wants to get served in a bar, some of them get a Fake ID, and they do often get caught.  


A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.





1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481037 14-Jun-2011 15:06 Send private message




A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.




Same with any ID/Payment method that doesn't require face to face verification, I could take the details of your drivers license and a bill with your name and address, and use it to ID myself over the phone to get almost anything. Even an internet connection so I can download many torrentzz!!

At least with a keychain ID generator, if they record a number from it, the information can constantly change, and is only valid for a short time (or something)  so they can't continue to access your info.  You lose the keychain?  report it missing..

1296 posts

Uber Geek
+1 received by user: 12


  Reply # 481039 14-Jun-2011 15:10 Send private message

macuser:



A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.




Same with any ID/Payment method that doesn't require face to face verification, I could take the details of your drivers license and a bill with your name and address, and use it to ID myself over the phone to get almost anything. Even an internet connection so I can download many torrentzz!!

At least with a keychain ID generator, if they record a number from it, the information can constantly change, and is only valid for a short time (or something)  so they can't continue to access your info.  You lose the keychain?  report it missing..



Right well i'm fairly confident you couldn't bill me for anything with just my drivers license ID.

But if you happend to get my credit card details thats no big deal. I just call up the bank and cancel my card - if you have already used it then they refund my money and chase you up.

If you had my internet ID stolen, i guess i would call up to cancel - so until you send me out a new one then i can't access the internet even though it's not fault of my own and according to the UN it is my human right to access the internet.

245 posts

Master Geek


  Reply # 481045 14-Jun-2011 15:18 Send private message

macuser:



A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.




Same with any ID/Payment method that doesn't require face to face verification, I could take the details of your drivers license and a bill with your name and address, and use it to ID myself over the phone to get almost anything. Even an internet connection so I can download many torrentzz!!

At least with a keychain ID generator, if they record a number from it, the information can constantly change, and is only valid for a short time (or something)  so they can't continue to access your info.  You lose the keychain?  report it missing..


You're obfuscating the argument: Digital measures such as what you are discussing are breakable, be it a token (e.g. the RSA token on my desk in front of me needs to be replaced due to a hack into lockheed martin) or something else. Your entire premise of having a digital ID to track 'legitimate' use will do more to hurt 'legitimate' users than it will the 'evil doers' particulary with a series of guilty until proven innocent laws. Yes, you can fake drivers licenses etc however what you are also forgetting is that once a digital scheme is broken then that algorithim is out in the wild - how else do you think you can play DVD's on Linux? The encryption algorithim was cracked for DVD and then the algorithim was made public. Faking a drivers license or physical ID? You still need an investment in equipment to do a good job and because said equipment is physical then there are limitations on how many people can use it at the same time. No such limitations on a digital scheme. Once an ID is cracked then the legitimate user needs to a) prove it wasn;t them that broke the law; and then b) get a new ID from the trusted certifying authority however that may be (physical visit?) by proving their identity - BUT the algorithim has been cracked so whats the point - do you issue new ID's to everyone (like RSA?)

You must be trolling...




Load & Performance Tester/PHP/JSP/C/PERL/MYSQL/LoadRunner8->11/HTML/CSS/XML/XSLT/2B|!2B/Cervelo Soloist/EMC Equip4/ Samsung Galaxy S /Darkys 10.2 Extreme

Do androids dream of electric sheep?
use strict;
my $sheepCount;

Yes, they can.



1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481047 14-Jun-2011 15:22 Send private message



Jbard

If you had my internet ID stolen, i guess i would call up to cancel - so until you send me out a new one then i can't access the internet even though it's not fault of my own and according to the UN it is my human right to access the internet.


With a drives license and a bill with a name and address, I'm very sure you could set up an internet account!  Maybe with even less information than that actually.  I'm pretty sure when we set up internet to our flat, we didn't need too many details at all.  Name, DOB, Address, Contact number, maybe even a drivers licence number.  Of course there would come up the issue of needing your credit card details to actually pay for it!  Scammers always be scamming though.  

So is being able to travel to go where you please I'm pretty sure, have your passport stolen?   Here you go, an emergency travel document if you need to go overseas.  http://www.passports.govt.nz/Emergency-travel-document---form . I'm sure a temporary ID for internet access would be more than easy to give.  Probably could even pop into your local Work and Income  branch (or whoever) and have them issue you a new keychain.








2968 posts

Uber Geek
+1 received by user: 613

Trusted
Subscriber

  Reply # 481056 14-Jun-2011 15:38 Send private message

jbard:
A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.




An even bigger problem is it would break everything that's already in place. What do you think Apple are going to do if the New Zealand government demands they shut up shop till they add this new ID?

Wait, stop the internet, New Zealand wants to get off!




iPad Air + iPhone 5S + 2degrees 4tw!

These comments are my own and do not represent the opinions of 2degrees.



1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481061 14-Jun-2011 15:47 Send private message

ScottStevensNZ: 


It also takes a huge skill set to be able to break into the RSA encryption, time, money and effort.  So that isn't free either.  I'm sure the know how of how to print money and the things to do it, and how to an incredibly complex hack like that aren't common knowledge.  

Okay, so we know it's always going to be cracked, so lets make it infinitely harder to crack, what if say 100,000 or so 12 digit long strings were stored on a key chain, and every one was valid for 20 minutes.  This went up against a log in the website you were accessing.  To build these keys, 6 different algorithms are used, each giving a random number of digits towards the final key.  The positioning of these digits (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12) was determined by the user when they activated the key.  They user at set up would enter the positioning at random eg (12, 5, 4, 2, 8, 10, 7, 6, 3, 1, 9, 11), this would assign the digits from the 6 algorithms (or however many were assigned to that key) and place them in that order on the key.  The 100,000 or so of these keys are loaded on to the keyring.

So not only do you have multiple advanced algorithms, working together at 'random' to provide a key, you also have somebody deciding the order they will be finally presented.   

It would only mean storing a couple mb of memory, in the device itself, and a clock, maybe a NFC device as well to sync time occasionally.

 



1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481062 14-Jun-2011 15:52 Send private message

SaltyNZ:
jbard:
A big problem is, if you did manage to gain access to someone elses ID you have far far more power than if you stole someones wallet for example.

Seen as this would be the only way of identifying people online you could pose as this person and do what you like without any trace of it coming back to you.




An even bigger problem is it would break everything that's already in place. What do you think Apple are going to do if the New Zealand government demands they shut up shop till they add this new ID?

Wait, stop the internet, New Zealand wants to get off!


Oh no! Don't shut down my appleztore! 

Let's pretend all my arguments apply internationally.

245 posts

Master Geek


  Reply # 481063 14-Jun-2011 15:53 Send private message

macuser:

Jbard

If you had my internet ID stolen, i guess i would call up to cancel - so until you send me out a new one then i can't access the internet even though it's not fault of my own and according to the UN it is my human right to access the internet.


With a drives license and a bill with a name and address, I'm very sure you could set up an internet account!  Maybe with even less information than that actually.  I'm pretty sure when we set up internet to our flat, we didn't need too many details at all.  Name, DOB, Address, Contact number, maybe even a drivers licence number.  Of course there would come up the issue of needing your credit card details to actually pay for it!  Scammers always be scamming though.  

So is being able to travel to go where you please I'm pretty sure, have your passport stolen?   Here you go, an emergency travel document if you need to go overseas.  http://www.passports.govt.nz/Emergency-travel-document---form . I'm sure a temporary ID for internet access would be more than easy to give.  Probably could even pop into your local Work and Income  branch (or whoever) and have them issue you a new keychain.




once again, you have missed the point: One stolen passport or drivers license does not necessitate having every passport or drivers license produced by the issuing authority replaced (we did not replace every passport after Mossad had faked some - because they are physical entities which can be removed from cirulation, and there is a significant investment in capabilities to fake one). If the encryption system (because it will have to be encrypted) is cracked (which it will) then the entire system comes apart at the fundamental level. Sure, many encryption schemes are theoretically unbreakable, however a system such as that you are proposing would be such a huge target that a weakness will definately be found if enough people look for it (which they will). Once the weakness is out, then thats it - you may as well pack up and go home. Even if that weakness is patched, there would have been enough time to find further flaws in the system while it was vulnerable. The scheme has holes big enough in it to fly a Tu-95 through.







Load & Performance Tester/PHP/JSP/C/PERL/MYSQL/LoadRunner8->11/HTML/CSS/XML/XSLT/2B|!2B/Cervelo Soloist/EMC Equip4/ Samsung Galaxy S /Darkys 10.2 Extreme

Do androids dream of electric sheep?
use strict;
my $sheepCount;

Yes, they can.

245 posts

Master Geek


  Reply # 481066 14-Jun-2011 15:56 Send private message


An even bigger problem is it would break everything that's already in place. What do you think Apple are going to do if the New Zealand government demands they shut up shop till they add this new ID?

Wait, stop the internet, New Zealand wants to get off!


Thats the answer! National internet! The only places you can go are NZ only, nothing offshore - at all - ever.




Load & Performance Tester/PHP/JSP/C/PERL/MYSQL/LoadRunner8->11/HTML/CSS/XML/XSLT/2B|!2B/Cervelo Soloist/EMC Equip4/ Samsung Galaxy S /Darkys 10.2 Extreme

Do androids dream of electric sheep?
use strict;
my $sheepCount;

Yes, they can.



1302 posts

Uber Geek
+1 received by user: 193


  Reply # 481068 14-Jun-2011 16:00 Send private message

ScottStevensNZ:



I think you're speaking to the entire issue of encryption, which is a problem in almost any situation on the internet.  You're saying find something more secure than encryption.  Unfortunately no encryption isn't better than encryption.  Now you'll say 'then don't bother with this in the first place'.  Identification on the internet = important.  

Current situation is that you have multiple log ins for your different websites (although most of us don't), it's hard to manage.  If I'm going to a bar, or getting a loan, or getting pulled over by the cops, I only need one ID, my drivers license.  

245 posts

Master Geek


  Reply # 481078 14-Jun-2011 16:17 Send private message

macuser:
ScottStevensNZ:



I think you're speaking to the entire issue of encryption, which is a problem in almost any situation on the internet.  You're saying find something more secure than encryption.  Unfortunately no encryption isn't better than encryption.  Now you'll say 'then don't bother with this in the first place'.  Identification on the internet = important.  

Current situation is that you have multiple log ins for your different websites (although most of us don't), it's hard to manage.  If I'm going to a bar, or getting a loan, or getting pulled over by the cops, I only need one ID, my drivers license.  


Um, no, what I am saying is that a system such as you are proposing poses a large, single, unified target. You counter by comparing with a physical item such as a stolen passport or drivers license, which is a straw man argument as, for reasons outlined before failure of one physical component (forging a passport) does not mean the whole system needs replacing as physical items need to be physically created (currency needs the right paper for example). Statisitically, if something has a low order of probability of occuring, then given time that probability approaches certainty. Factor in a massively parallel effort to destroy the system then that time factor is reduced. You create a perfect storm, you have lots of non tech savy users having to enter multiple passphrases and tokens (using your model) all using the same government provided system (which will not be leading edge, will require time to implement, will have numerous leaks during development, will be late, and will not adapt fast enough if weaknesses are found) - how long for instance would a brute force attack take to penetrate something such as that? Do grandma and grandpa use strong passwords? How secure is there machine? Do they have malware? have they been phoned by those helpful techs in india saying that there is a virus on their machine and they need remote access? Not to mention what you propose breaks every internet standard out there meaning everyone needs to implement it. What is it they say - the strenght of a secret is the inverse of the amount of people who know about it?

"Unfortunately no encryption isn't better than encryption.  Now you'll say 'then don't bother with this in the first place"

Nope, I am saying that no system is better than the system that you propose.




Load & Performance Tester/PHP/JSP/C/PERL/MYSQL/LoadRunner8->11/HTML/CSS/XML/XSLT/2B|!2B/Cervelo Soloist/EMC Equip4/ Samsung Galaxy S /Darkys 10.2 Extreme

Do androids dream of electric sheep?
use strict;
my $sheepCount;

Yes, they can.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Police Camera Van Disguise
Created by Reanalyse, last reply by oxnsox on 19-Dec-2014 21:59 (26 replies)
Pages... 2


Has Spark (Telecom) locked their iphone 6 ?
Created by anewguy2014, last reply by michaelmurfy on 17-Dec-2014 14:32 (25 replies)
Pages... 2


forgot how to unlock a car door
Created by joker97, last reply by joker97 on 19-Dec-2014 19:10 (49 replies)
Pages... 2 3 4


In defence of cats
Created by Rikkitic, last reply by DarthKermit on 17-Dec-2014 15:40 (68 replies)
Pages... 3 4 5


Slaughter of Innocents
Created by networkn, last reply by networkn on 19-Dec-2014 17:46 (64 replies)
Pages... 3 4 5


Lightbox launches on PlayStation 4
Created by freitasm, last reply by sultanoswing on 19-Dec-2014 20:56 (39 replies)
Pages... 2 3


How is iParcel these days?
Created by peejayw, last reply by surfisup1000 on 18-Dec-2014 21:45 (19 replies)
Pages... 2


Spray Foam Insulation
Created by AACTech, last reply by timbosan on 19-Dec-2014 16:58 (36 replies)
Pages... 2 3



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.