Thread: On security and privacy (Internet Citizenship)

Why don't we just make a hash function for people based on their atomic make-up? Or rather, the atomic make-up of their brains? I'm assuming the wave functions of each individual atom of each person's brain would create a unique wave function, assuming no two brains are identical down to the QM level.

Originally Posted by phantomotap

O_o

In the context of a universal identifier included with all traffic, the guilty party could leave your fingerprints everywhere.

Convincing a jury that you are innocent because of a lack of physical evidence is at least possible.

Convincing a jury that you are innocent despite overwhelming digital evidence seems unreasonably difficult.

Soma

I think one of the problems is that today it should be that you are innocent until proven guilty, even though that doesn't seem to be exactly true in practice. (For example, online banking and credit cards with chip and pin, there the burden of proof lies on you. You have to prove that you where not negligent.)

I fear that with a system where they can "prove" that it was you, or at least your credentials that did, something, then the burden of proof would be on you, i.e you would be guilty until you have proven that you are innocent. Which more or less is how things work in dictatorships.

Originally Posted by MutantJohn

Why don't we just make a hash function for people based on their atomic make-up? Or rather, the atomic make-up of their brains? I'm assuming the wave functions of each individual atom of each person's brain would create a unique wave function, assuming no two brains are identical down to the QM level.

That would be _really_ bad when they figure out how to steal your credentials! :-)

"Sorry, we have to remove your brain, somebody figured out how to make an imprint of it and used it to steal your identity.

One of the reasons biometric information doesn't work that well as credentials in practice, pretty hard to revoke once they get stolen.

Originally Posted by the_jackass

Then I'll have to look for/design a hat of material that matches energy level of the evil frequencies (idk any physics at this stage but if I'm not wrong photon's energry = h*f right?)

Electromagnetic radiation exposure effects vary too much from person to person for there to be "evil" EM frequencies. Try chemicals (bisphenol-A and other hormone-like ones especially) and infrasonics (sounds under the hearing range); they are known to work.

For example, it is common in movie theaters to use infrasonics in the 5-20 Hz range to make people uncomfortable in scary scenes. It works, because human brainwave patterns have a few specific frequencies (that do not vary that much from person to person), whose disruption causes pretty well-known effects.

Similarly, the bedazzler (nauseating flashlight) works by using flickering lights that disrupt brainwave patterns via our optical inputs, causing nausea et cetera. Such light sources can be used to induce headaches, migraine, and even epileptic attacks.

(BTW, I hate cyclists who use bright flickering/blinking front lights at night. When tired, I'm very susceptible to the effects, and when walking down the street, having just one such light in my field of view for a full block tends to give me a slight headache (or behind-the-eye ache, if you know what I mean). I've seriously considered building a bedazzler just to get back at them.)

Strong magnetic fields varying at the 1-13 Hz range could, perhaps (I don't know, and I don't know of any research on this either), be used to induce similar brainwave disruption without the targeted person realizing it.

A combination of the above techniques -- for example, spiking the local water supply with a tasteless, usually harmless chemical that however increases the susceptibility to the other methods -- is quite possible, and frankly I'd be surprised if it hasn't been extensively tested by the intelligence agencies yet.

Originally Posted by MutantJohn

Why don't we just make a hash function for people based on their atomic make-up?

Because the atomic make-up changes constantly.

Originally Posted by MutantJohn

I'm assuming the wave functions of each individual atom of each person's brain would create a unique wave function

The wave functions for the atoms would be quite hard to measure. The outermost electrons of each atom, or better yet, the electron densities around each neuron, could be measured, however. Even current magnetoencephalography (measuring the the magnetic fields generated by the current flows in the brain) might be precise enough to map individual neurons. Unfortunately, we know that human brains change all your life -- new neurons are produced (not just during adolescense as believed earlier), and others wilt away. So even going a couple of orders of magnitude less precise, from atoms to neurons, would not help much.

Staying offline for a couple of weeks, or maybe just hitting your head, and not recognized as the same person anymore, is a pretty nasty side effect.

Originally Posted by Elysia

If this "identity" would be "potentially 1000 identities," it would be very hard for hackers to actually frame someone like that. The idea then is to keep many identities, yet make sure that all identities are properly left behind when the non-expert computer user does something on the web, allowing government agencies to identify these people if they commit a crime.

Actually, the idea -- as I see it -- would be to use the identity marker (or few markers, out of many) left by the criminal, to trace the overall activities of the related identities and devices.

That is, no "Aha! The packets have your identity, so you must have done it!" moments. (Like we do now: Here is proof that your router was used in sharing this song, so you owe us $150,000. Or you can spend some $10,000 and upwards and fight us in court.)

Rather, investigation would start with the markers left at the crime scene (i.e. network packet identifiers, if captured, and so on). Then, the investigators would trace the markers back to devices, then see what other markers the devices had used, and this way build a complete picture. For suspects, the reverse is used: starting at the devices they claim they used at the time, you track the markers used, and build complementary pictures. The law enforcement would be responsible for building these connectivity graphs, and their security; the courts would decide if they are compelling enough to judge anyone.

The problem we currently have is that all features of the online systems we have, from protocols to devices up to and including law enforcement, make it easy to point a finger to a specific end-user, with little relation to reality. Online, you are guilty unless you yourself can prove otherwise; and nobody is going to help you with that.

For example, spoofing all of the internet base protocols (TCP/IP, UDP/IP, ICMP, for both IPv4 and IPv6 protocols) is trivial: given access to any node between two parties, you can spoof one or the other, without the endpoint knowing. (The endpoints have to do a magic handshake -- some cryptographic operations -- to find out; this is basically what TLS/SSL does. Even at the start, there were suggestions to bake the security in to the protocol, but it was nixed, apparently by the US intelligence/military. OTOH, they did fund and start it with ARPANET, but still.)

If you have access to the certificates used in TLS/SSL endpoint identification, you can craft a fake certificate, and spoof anyone at the other end into thinking you're somebody else. This has already occurred numerous times, and will occur in the future, too. Even if perfectly secure technically, grabbing a suitable certificate authority employee and forcing them to do it for you (via blackmail or such) is always possible.

In my opinion, a new identity scheme would start at the bottom level, at the base protocols. It could mean that endpoint-to-endpoint traffic can always be monitored by authorities, while the content transferred could be protected (encrypted). This would be analogous to the real-world traffic scenario: license plates are routinely tracked, but in most countries, car contents are only examined in specific situations by law enforcement. (Perhaps we could even make it so that if a packet is intercepted, the endpoints could always notice -- because that's the way the protocols just worked?)

Instead of just looking at a "fingerprint" at the scene of a crime -- and each individual would typically have dozens of "fingerprints", at least one per personal device they use --, law enforcement would use the tracking data to build a graph of the fingerprints and related devices, to find out where and who the real culprit might be.

---

No, I don't believe anything like the above will come to be within my lifetime. Much, much more important systems, like our global banking system, is much more blatantly skewed against end users, and much easier and cheaper to start fixing, and nobody seems willing to do anything about it. Well, aside from a few hours of chanting and holding up signs with like-minded people a few days every year.

Even if you are paranoid, does not mean they're not after your assets.

Originally Posted by Nominal Animal

No, I don't believe anything like the above will come to be within my lifetime. Much, much more important systems, like our global banking system, is much more blatantly skewed against end users, and much easier and cheaper to start fixing, and nobody seems willing to do anything about it. Well, aside from a few hours of chanting and holding up signs with like-minded people a few days every year.

One of the reasons this will not change is because some of the time those in charge want the system to work so that you can be anonymous and the next day they don't.

A good example is the way the US praised the way people where able to use the internet to set up a resistance in Syria and leak/get information out through anonymous channels. They said something to the effect of "being able to be anonymous are important for people living in dictatorships and under oppressive regimes". A few weeks later the Snowden incident happens. And from that point onward anonymity is something bad. (Not to bash on the US, it was the only example that came to me at the moment.)

For me one of the biggest issues is that the reason anonymity on the net is feared is because most governments have so many skeletons in the closet. And most of the information that is classified is classified because it would be a great embarrassment if it came to light.

All the atoms changing in your brain is more secure though. It is like changing the password on your home computer constantly.