Saturday, September 28, 2013
Friday, September 27, 2013
"Robin Hooding"
Robin Hood is known for "stealing from the rich and giving to the poor". There are many versions to the story, and the origins of the tale are obscured in history. However, in several of the versions, including Disney's adaptation, it is the oppressive and thieving government who Robin Hood steals from so that he can return the money to the rightful owners, which are the people at large.
In Keene, New Hampshire the Spirit of Robin Hood lives on and has begun to spread. A group of Voluntaryists, Libertarians, Anarchists, and generally friendly people have been walking the city streets spreading good cheer and having fun at the same time by feeding parking meters that are about to expire, thus depriving the government of an opportunity to rob/extort money from the good people of Keene. Take a minute to watch their excellent introductory video. It's well worth watching.
Now some of you may think that they are guilty of committing a crime- that the city is somehow entitled to collect a fine from those parking violators. For those people, the Robin Hood of Keene make an excellent point. They state that the people and the merchants pay taxes for the roads and the parking areas, the meters for those parking areas, and the salaries of the meter maids who then collect more money for parking and still even more from the parking violators. When is it enough?
If what these people are doing is a crime, then I'd like to present this video, which was John Hickenlooper's campaign ad from 2003, when he was running for Mayor of Denver.
Please take another 30 seconds to watch this.
In Keene, New Hampshire the Spirit of Robin Hood lives on and has begun to spread. A group of Voluntaryists, Libertarians, Anarchists, and generally friendly people have been walking the city streets spreading good cheer and having fun at the same time by feeding parking meters that are about to expire, thus depriving the government of an opportunity to rob/extort money from the good people of Keene. Take a minute to watch their excellent introductory video. It's well worth watching.
Now some of you may think that they are guilty of committing a crime- that the city is somehow entitled to collect a fine from those parking violators. For those people, the Robin Hood of Keene make an excellent point. They state that the people and the merchants pay taxes for the roads and the parking areas, the meters for those parking areas, and the salaries of the meter maids who then collect more money for parking and still even more from the parking violators. When is it enough?
If what these people are doing is a crime, then I'd like to present this video, which was John Hickenlooper's campaign ad from 2003, when he was running for Mayor of Denver.
Please take another 30 seconds to watch this.
Wait! What??!? Was that a Mayoral candidate "Robin Hooding" the people of Denver? Why, yes it was! He even did it right in front of a Meter Maid (Yes! I know it was a dude. That doesn't make him a man).
John Hickenlooper's ad was so popular, that he won the mayor's seat by a landslide. Many media outlets said it was due to the popularity of this ad alone that won him the seat.
One of the first things Hickenlooper did as Mayor was to tear out the parking meters in the Cherry Creek Shopping District...
...and replace them with more modern ones that take credit cards.
But, he did make the parking free on Sundays (when many of the shops were closed). Since the newer machines took credit cards, many people didn't notice the increase in meter fees since it is a lot more convenient to use a bank card then it is to carry around an ashtray full of quarters in your car or run into the nearest shop to get change for the meter.
According to the Denver Post, Hickenlooper's parking meter enforcement shot up to record levels.
That's right, the "Robin Hood of Denver" was really Sheriff Nottingham in disguise!
It's true! In fact in another one of his popular mayoral campaign ads, you see him originally in his Sheriff of Nottingham costume, which he trades in for trying on all kinds of different disguises, trying to find the one that will make him look more "authentic" as a mayor that the people will embrace.
With frauds like this, now serving as governor of the state of Colorado, it is time for the REAL Robin Hoods to step up and start returning back to the people everything he and people like him have stolen.
It is time for a new chapter of the Robin Hoods to get out there and start patrolling the parking meters of the Denver Metro area. Anyone can be a Robin Hood. If you see an expired meter or one that is about to expire, just drop in a quarter. Of course, the new meters that Hickenlooper put in at the Cherry Creek Shopping District, require you to take the printout of the receipt and place it on your dash, so this won't unless they left a window rolled down. You might want to just leave the receipt under the wiper blade for them. But there still are plenty of Old-School meters all around the city elsewhere.
Do your neighbor a favor, while showing the government that increasing enforcement of parking meters is not going to make up for their reckless spending and budget gaps. Chances are you could use the good Karma.
For more information on Robin Hood of Keene, check out their website and Facebook page and give them a 'Like'.
Related Posts:
Sources:
Other Recommended Sites:
Thursday, September 19, 2013
Speed Kills Your Pocketbook
Speed limits are set by politicians not engineers. Engineers who design the highways, do testing, and determine the best speed limits to maximize safety submit SUGGESTIONS to politicians who then figure out the best speeds to maximize revenue and make those speed limits law.
Once again, we see that government is NOT concerned with your safety, the safety of the public, logic, or reason. They are only concerned with maximizing the amount of money they can steal from you through extortion and increasing their power.
This is an extremely good video on the subject and quite entertaining also. I highly suggest that everyone take the time to watch it.
Once again, we see that government is NOT concerned with your safety, the safety of the public, logic, or reason. They are only concerned with maximizing the amount of money they can steal from you through extortion and increasing their power.
This is an extremely good video on the subject and quite entertaining also. I highly suggest that everyone take the time to watch it.
Sunday, September 15, 2013
Texas Pol: State Preparing to Become Independent Nation in Case U.S. Falls Apart
Texas pol: State preparing to become independent nation in case U.S. falls apart
See also
September 8, 2013
Texas Railroad Commissioner Barry Smitherman -- a candidate for Attorney General -- says his state is actively preparing to operate as an independent nation if the United States "falls apart," The Blaze reported Saturday.
“Generally speaking, we have made great progress in becoming an independent nation, an ‘island nation’ if you will, and I think we want to continue down that path so that if the rest of the country falls apart, Texas can operate as a stand-alone entity with energy, food, water and roads as if we were a closed-loop system,” he told WND.
Smitherman also said Texas is “uniquely situated because we have energy resources, fossil and otherwise, and our own independent electrical grid.”
“This was one of my goals at the Utility Commission and it is one my goals currently as chairman of the Railroad Commission,” he added. “That’s why I stress so vehemently oil and gas production, permitting turnaround times, and everything that enables the industry to produce as much as it can, as quickly as it can.”
He also told WND that Texas has “been very strong leading in the charge against the Obama administration.”
WND's John Griffing said a lot of officials address these kind of issues, but not the same way Smitherman does.
“One of the things I’ve focused on in the last 10 years of my public sector life is preparing Texas to be a prosperous and safe place to work, regardless of what happens outside our borders,” he said.
While Smitherman is being called a secessionist by liberals and detractors, it is important to note that he never used the word in the WND interview, nor does he appear to advocate secession as a matter of state policy -- only as one possibility in the event of an apocalyptic national catastrophe.
An article at Think Progress called WND a "right-wing birther hub" and reminded readers of the last time Texas seceded from the Union. Predictably, liberals crawled out of the woodwork to express their hatred of Texas and all things conservative.
"The thought of the U.S. without Texas is truly exhilarating," one person said.
"Good. If Texas secedes, the nation will be better and Texas can enjoy its sand and heat until the next hurricane hits the gulf, or the next firestorm, or the next tornado -- no help will be available. No federal money going to the state in subsidies. And best of all, we would be spared the likes of all-hat, no-cattle politicians like Perry, Cruz, Gohnmert, Paul, et.al," another person added.
Related:
- Citizens in all 50 states sign petitions to secede from United States
- Liberalism remains an ideology of genocidal hate and rage
- Liberalism: An ideology of rage and hate
- Citing voter fraud, petition at White House web site demands recount of election
- Retired officer warns: Obama victory may spark civil war
- Texas judge warns of possible civil war, U.N. takeover if Obama wins
- Do liberals really want a second civil war in America?
- Daily Kos diarist: Secession petitions proof conservatives are unpatriotic
-----------------------------------------------------------------------------------------------------
If you like this article, you can follow Joe on Twitter @jnewby1956, visit and like his Facebook page, orsubscribe to receive email updates when a new article is published.
For hard-hitting conservative commentary, please visit Joe's blog, the Conservative Firing Line. You can also find Joe's articles at Right News Now, Tea Party Tribune, Liberty Unyielding and PolitiCollision.
Be sure to listen to "Grit and Grace" every Thursday from 6-8 p.m. Pacific Time on Blog Talk Radio, where you can hear Joe discuss current events.
Friday, September 13, 2013
Giving Thanks to Those Who Fought and Died for Our Freedom...
Every Veterans Day, Memorial Day, Pearl Harbor Day, as well as every September 11th and every other occasion, we are reminded to always give thanks to the men and women in uniform who fought and died in order to secure our freedom. The government spends millions of dollars (of your money) to build memorials and advertise this message of soldiers providing for and securing your freedom.
Yet, at the same time we see that our government is not very concerned at all with our freedom. The United States holds the largest prison population on earth - by a long shot. Despite having only 5% of the world's population, 25% of all the world's prisoners are in the United States. Nearly 200,000 pages of federal laws dictate our behavior, and our jurisprudence operates under the premise that "ignorance is no excuse" for violating any of these laws. Each January 1st, every American is subjected to over 40,000 new laws - that's a lot to try to keep track of. Couple this with the massive NSA spying programs, warrant-less searches and seizures, DEA spying programs, and militarization of our police and you see that liberty is not anywhere on the government's agenda.
Every aspect of our lives is regulated and governed by bureaucrats, legislators, and an alphabet soup of government agencies at local, county, state, and federal levels.
So why does the government keep spending money telling us about how our military secures and defends our freedom?
The military operates under the command of the same people who heap these burdensome laws that continue to enslave us further and further. The reason the government tells us that the military gives us freedom is because THEY are the military. They control the military - the military works for the politicians. Now, this is where many people will get upset and beg to disagree, stating that the military works to uphold the Constitution, etc. However, the Constitution states that the military operates under the civil power and that the President of the United States is the Commander in Chief of the Armed Forces. Alright, well the "civil power".. that's the People right? Yes, the People through their representatives in Congress. Yep, the politicians!
Few would argue that the government gives us freedom. Yet at the same time, they will argue that the soldiers fought and died for our freedom. These two statements are contradictory. If we owe our freedom to our soldiers, then we owe that same freedom to the politicians who command the soldiers.
On July 4, 1776, the Colonial Congress sent a letter to King George III declaring their independence from Britain. King George sent his armies against his own people to attempt to bring them back into subjugation to his crown. The Colonialists ended up fighting against their soldiers in order to secure their freedom. Freedom did not come from soldiers. It came from farmers, merchants, blacksmiths, brewers, and tradesmen. The soldier was their to take away the freedom of the people, not to give it to them.
Throughout history, the soldier's role has always been to deprive people of freedom. It is only through the government's use of Newspeak that the idea of a soldier providing the people with Liberty could ever remotely be considered.
Reading this, I'm sure most readers will be appalled and angry with my words. If you are one of these, ask yourself if your emotional reaction is due to logic and reason? Or is it due to the fact that this goes against everything you have been conditioned to believe?
The founding fathers spoke of a standing army as the biggest affront to liberty (aside from a central bank). Who is right? The Ad Council and Veteran's organizations who venerate our standing army or the founders who warned us against it?
The evil that governments do to keep you enslaved...
U.S. 'backed plan to launch chemical weapon attack on Syria and blame it on Assad's regime'
- Leaked emails from defense contractor refers to chemical weapons saying'the idea is approved by Washington'
- Obama issued warning to Syrian president Bashar al-Assad last month that use of chemical warfare was 'totally unacceptable'
By LOUISE BOYLE
|
Leaked emails have allegedly proved that the White House gave the green light to a chemical weapons attack in Syria that could be blamed on Assad's regime and in turn, spur international military action in the devastated country.
A report released on Monday contains an email exchange between two senior officials at British-based contractor Britam Defence where a scheme 'approved by Washington' is outlined explaining that Qatar would fund rebel forces in Syria to use chemical weapons.
Barack Obama made it clear to Syrian president Bashar al-Assad last month that the U.S. would not tolerate Syria using chemical weapons against its own people.
Scroll down for video
War games: An explosion in the Syrian city of Homs last month. It has been now been suggested that the U.S. backed the use of chemical weapons to spur international military intervention
According to Infowars.com, the December 25 email was sent from Britam's Business Development Director David Goulding to company founder Philip Doughty.
It reads: 'Phil... We’ve got a new offer. It’s about Syria again. Qataris propose an attractive deal and swear that the idea is approved by Washington.
'We’ll have to deliver a CW to Homs, a Soviet origin g-shell from Libya similar to those that Assad should have.
'They want us to deploy our Ukrainian personnel that should speak Russian and make a video record.
'Frankly, I don’t think it’s a good idea but the sums proposed are enormous. Your opinion?
'Kind regards, David.'
Britam Defence had not yet returned a request for comment to MailOnline.
Enlarge 
Leaked: The email was allegedly sent from a top official at a British defense contractor regarding a 'Washington approved' chemical attack in Syria which could be blamed on Assad's regime
The emails were released by a Malaysian hacker who also obtained senior executives resumés and copies of passports via an unprotected company server, according to Cyber War News.
Dave Goulding's Linkedin profile lists him as Business Development Director at Britam Defence Ltd in Security and Investigations. A business networking profile for Phil Doughty lists him as Chief Operationg Officer for Britam, United Arab Emirates, Security and Investigations.
The U.S. State Department had not returned a request for comment on the alleged emails to MailOnline today at time of publication.
However the use of chemical warfare was raised at a press briefing in D.C. on January 28.
A spokesman said that the U.S. joined the international community in 'setting common redlines about the consequences of using chemical weapons'.
Countless losses: Families attempt to identify the bodies of Syrian fighters shot and dumped in a river in the northern Syrian city of Aleppo today
Devastation: People gather at a site hit by what activists said was missiles fired by a Syrian Air Force fighter jet from forces loyal to Assad, at the souk of Azaz, north of Aleppo on January 13
A leaked U.S. government cable revealed that the Syrian army more than likely had used chemical weapons during an attack in the city of Homs in December.
The document, revealed in The Cable, revealed the findings of an investigation by Scott Frederic Kilner, the U.S. consul general in Istanbul, into accusations that the Syrian army used chemical weapons in the December 23 attack.
An Obama administration official who had access to the document was reported as saying: 'We can't definitely say 100 per cent, but Syrian contacts made a compelling case that Agent 15 was used in Homs on Dec. 23.'
Mr Kilner's investigation included interviews with civilians, doctors, and rebels present during the attack, as well as the former general and head of the Syrian WMD program, Mustafa al-Sheikh.
Dr. Nashwan Abu Abdo, a neurologist in Homs, is certain chemical weapons were used. He told The Cable: 'It was a chemical weapon, we are sure of that, because tear gas can't cause the death of people.'
Threats: Barack Obama said during a speech last month that if Syria used chemical weapons against its own people it would be 'totally unacceptable'
Tyrant: Syrian dictator Bashar al-Assad, pictured with his wife Asma, is facing increasing international pressure over his brutal massacre of his own people
Eye witness accounts from the investigation revealed that a tank launched chemical weapons and caused people exposed to them to suffer nausea, vomiting, abdominal pain, delirium, seizures, and respiratory distress.
The symptoms suggest that the weaponized compound Agent-15 was responsible. Syria denied using chemical weapons and said it would never use them against citizens.
Speaking to Pentagon reporters at the time, Defense Secretary Leon Panetta said his biggest concern was how the U.S. and allies would secure the chemical and biological weapons sites scattered across Syria and ensure the components don't end up in the wrong hands if the regime falls, particularly under violent conditions.
Government forces and rebels in Syria have both been accused by human rights groups of carrying out brutal warfare in the 22-month-old conflict, which has claimed more than 60,000 lives.
WARNING GRAPHIC CONTENT : 'SYRIAN REBELS TESTING CHEMICAL WEAPONS
ON RABBITS'
ON RABBITS'
Thursday, September 12, 2013
California County votes to secede from California
9.04.2013, 15:11 PM
California county votes to secede from state
Jeff Chiu/AP
The Siskiyou County Board of Supervisors voted 4-1 on Tuesday for a declaration of secession from the state of California.
These are uncivil times in Northern California.
The Siskiyou County Board of Supervisors voted 4-1 on Tuesday in favor of a declaration of secession from the state.
Citing a lack of representation in the California legislature, as well as new annual fees for fire service to the county’s remote, rural areas, the board passed the declaration in front of approximately 100 residents, most of whom voiced support for the measure.
"I haven't had one contact in regard to this issue that's in opposition," Supervisor Michael Kobseff told the Redding Record Searchlight.
RELATED: SECESSION PETITIONS GAIN STEAM
Many in attendance also said they planned to try and drum up support in neighboring counties in Northern California and Southern Oregon to form a new state called Jefferson.
In Humboldt County, Supervisor Rex Bohn, seems to be on board with the secession plan.
Many residents in rural Northern California want to form a new state called Jefferson with surrounding counties.
Jeff Chiu/AP
Many residents in rural Northern California want to form a new state called Jefferson with surrounding counties.
"I was one of the people who thinks the state of Jefferson wasn't a bad idea," Bohn told the Record Searchlight. "There has been a total lack of respect of our water rights and the fire fee. Those things may not be important to the rest of the state, but it's important to us."
The idea for the formation of a new state called Jefferson stems back to the 1940s, when local residents pressed the California legislature to improve the local roads in the remote northern regions of the state.
RELATED: ‘NORTH COLORADO’ RESIDENTS WANT TO CREATE 51ST STATE
The area is also decidedly more conservative than much of the state.
"Many proposed laws are unconstitutional and deny us our God-given rights," Gabe Garrison of Happy Camp said at the meeting. "We need our own state so we can make laws that fit our way of life."
Supervisor Ed Valenzuela, the lone supervisor to vote against secession, said he could not support the measure because he had taken a vow to uphold the state constitution.
"I signed on to work within the system I know," he said. "I don't like it, I don't agree with it all the time, but ... I did sign up for that and I will continue to do so."
For now, the board of supervisor’s vote is unlikely to have much actual bearing on California’s future because the move to secede would need to be passed by the state legislature and by Congress.
DKnowles@nydailynews.com
Author:
DAVID KNOWLES
Tuesday, September 10, 2013
Monday, September 9, 2013
Building a PGP web of trust that people will actually use
http://bitcoinism.blogspot.com/2013/09/building-pgp-web-of-trust-that-people.html?m=1
Sunday, September 8, 2013
Building a PGP web of trust that people will actually use
Back in the early 1990s, PGP introduced the concept of web of trust (WoT)- a means by which users of personal encryption can know whether or not the key they are using actually belongs to the person they want to communicate with. Without some mechanism for verifying the connection between a cryptographic key and an identity encryption is mostly useless. All an attacker needs to do is insert themselves between the sender and recipient and trick each party into using the attacker's key for encryption instead of the intended recipient. This is the man in the middle attack, and based on the actual state of personal encryption as it is currently deployed, is still an unsolved problem 22 years after PGP was introduced.
There are two basic ways to solve the problem - first, all users can register with a central authority who vouches for their identity. This is the model used by SSL certificates, and it's worse than useless. Despite the illusion of security they provide, certificate authorities are routinely subverted by governments and other types of criminals, and there is little that a user can do to avoid this weakness inherent to a centralized model.
The web of trust concept is based on the idea of decentralized trust and social networks. Instead of trusting Verisign to validate identities, you validate the identities of the people you know and export this information to a public database. Then you rely on you friends to vouch for the people they know, and those friends to vouch still more people, and so on until you can create a trust chain between any two arbitrary identities.
This approach avoids the inherent problems of central authorities, but in practice virtually nobody uses it outside the open source software community, and even there it is hit or miss. The rest of this articles is going to discuss two reasons for the failure to deploy this technology, and how to solve them. First, the problems:
If we assume the purpose of a WoT is to unambiguously and unimpeachably map public keys to human beings, there are two ways in which the typical key signing party fails.
There are two basic ways to solve the problem - first, all users can register with a central authority who vouches for their identity. This is the model used by SSL certificates, and it's worse than useless. Despite the illusion of security they provide, certificate authorities are routinely subverted by governments and other types of criminals, and there is little that a user can do to avoid this weakness inherent to a centralized model.
The web of trust concept is based on the idea of decentralized trust and social networks. Instead of trusting Verisign to validate identities, you validate the identities of the people you know and export this information to a public database. Then you rely on you friends to vouch for the people they know, and those friends to vouch still more people, and so on until you can create a trust chain between any two arbitrary identities.
This approach avoids the inherent problems of central authorities, but in practice virtually nobody uses it outside the open source software community, and even there it is hit or miss. The rest of this articles is going to discuss two reasons for the failure to deploy this technology, and how to solve them. First, the problems:
- The software tools are hard to use, even for experts. As as result, even people who understand how important it is usually don't bother.
- Usability failures of privacy software should be regarded as possessing the same degree of severity as algorithmic or code failures, because there is no difference in practice between a message that is sent in cleartext because encryption was too hard and one that was decrypted by an adversary due to an implementation flaw.
- Even among the tiny minority of users who bother to sign keys, within the tiny minority of users who bother to encrypt at all, almost nobody agrees what it actually means to sign a key.
- The definition of "identity" in a cryptographic sense does not directly map to how our brains naturally process it, and this impedance mismatch has never been addressed successfully.
- Most users of personal encryption can't explain what they are actually verifying when they sign another person's public key.
What is Identity?
The stereotypical way that PGP users build out the WoT is via a key signing party. A group of people who meet in person, typically at a software conference, and exchange public keys. They they sign the public keys they collect and (hopefully) remember to upload those signatures to key servers where they can be used by others. The amount of identity verification that is applied is highly inconsistent. Some people might verify the government-issued ID card of the person handing them a key (or a key fingerprint), others might just blindly sign anything that gets handed to them. Most frequently of all, however, is that the key signing party never happens at all.If we assume the purpose of a WoT is to unambiguously and unimpeachably map public keys to human beings, there are two ways in which the typical key signing party fails.
- The mere presentation of a public key or a key fingerprint does not prove the person delivering it actually controls the associated private key. The only way to such ownership may be proved is if the person can sign data on the spot which could not have been predicted ahead of time.
- Government issued ID cards are useless when it comes to what we actually mean when we talk about about identity. For example, I could meet someone at a key signing party with a valid government-issued ID card containing the name "Linus Torvalds". In principle, I could meet an arbitrarily high number of unique people all sharing that same name. They won't all be the Linus Torvalds, though.
Identity, as we humans understand it, is a set of shared experiences. We don't know our friends by a set of characters printed on a piece of plastic; we know our friends by the past interactions (direct or otherwise) we've had with them.
If I want to send an encrypted email to Linus Torvalds, and if I want to use some kind of public database to help me make sure I'm using the right key for encryption, the actual question I want the database to answer is not, "Does the owner of this public key posses an ID card containing the name Linux Torvalds?" The actual question I want answered is, "Is the owner of this public key the inventor of the Linux kernel?"
The signatures that form the basis of the existing WoT are thus useless because they don't certify the right data - the data that forms the basis for how we actually understand identity. Before we can have an effective WoT, one that normal people are willing to use, we first need a well-defined method of representing identity that matches our intuitive understanding.
The signatures that form the basis of the existing WoT are thus useless because they don't certify the right data - the data that forms the basis for how we actually understand identity. Before we can have an effective WoT, one that normal people are willing to use, we first need a well-defined method of representing identity that matches our intuitive understanding.
Getting Identity Right
A successful WoT must be built very much like a social networking site, because that's how we obtain the shared experience information for certification, and that's the model that hundreds of millions of people all over the world are already comfortable using.
We also need to take advantage of mobile computing technology. Secure key exchange has to occur through tamperproof channels, and there's no way to achieve that in practice except in person. 22 years ago nobody had a smartphone and not many had laptops, but now enough people own smartphones that our key exchange protocols can rely on their capabilities.
The rest of this proposal assumes that we can trust the hardware we own. This is a known-false assumption, and an urgent problem, but solving it is something that will have to be handled via other efforts.
Given a more through understanding of the nature of identity, and with the understanding that the protocol must prioritize usability at least as much as cryptographic integrity, let's approach the problem by building an enjoyable social networking game that just happens to build a secure WoT as a side effect.
Imagine a social networking site called "iMet". The way it works is that users register on this account, and fill out facts about themselves. The facts could be serious like the kind you'd put on LinkedIn, or frivolous like most Facebook posts. Users "friend" other users by meeting them in person and using a smartphone app to certify. They are then presented with a list of facts about the person they just met which can be answered as true, false, or unsure. Their scores go up based on the number of people they met, and the accuracy of their answers. Users can also compete with their friends for obtaining the shortest path to famous or otherwise noteworthy people. Properly implemented, this application sufficiently fun and compelling such that people would participate for its own sake, without needing to care about cryptography.
Behind the scenes, however, these interactions can be leveraged to build a secure WoT. When users "iMeet" with their smartphones they are actually performing a secure key exchange over NFC or camera/QR code, whichever is available and most convenient.
The specific facts are represented as text strings. When users answer questions about other users, their clients sign a (key id, string, ACK/NACK, date) tuple. These tuples are publicly searchable and can be used by PGP clients for WoT calculations.
Another problem is that most people don't understand the difference between time-variant and time-invariant facts. My date of birth is time-invariant. Most of the other facts which form my identity are not. The text strings should be formatted in a way that time-variant facts can be sanely represented and verified. The UI should not accept a "street address" fact without an associated date range. When I certify my friend's street address, by default my signature should be interpreted to mean "true as of the date of the signature", unless I specify otherwise. Clients who are parsing the public database must be able to intelligently handle the time element of truth.
We also need to take advantage of mobile computing technology. Secure key exchange has to occur through tamperproof channels, and there's no way to achieve that in practice except in person. 22 years ago nobody had a smartphone and not many had laptops, but now enough people own smartphones that our key exchange protocols can rely on their capabilities.
The rest of this proposal assumes that we can trust the hardware we own. This is a known-false assumption, and an urgent problem, but solving it is something that will have to be handled via other efforts.
Given a more through understanding of the nature of identity, and with the understanding that the protocol must prioritize usability at least as much as cryptographic integrity, let's approach the problem by building an enjoyable social networking game that just happens to build a secure WoT as a side effect.
Imagine a social networking site called "iMet". The way it works is that users register on this account, and fill out facts about themselves. The facts could be serious like the kind you'd put on LinkedIn, or frivolous like most Facebook posts. Users "friend" other users by meeting them in person and using a smartphone app to certify. They are then presented with a list of facts about the person they just met which can be answered as true, false, or unsure. Their scores go up based on the number of people they met, and the accuracy of their answers. Users can also compete with their friends for obtaining the shortest path to famous or otherwise noteworthy people. Properly implemented, this application sufficiently fun and compelling such that people would participate for its own sake, without needing to care about cryptography.
Behind the scenes, however, these interactions can be leveraged to build a secure WoT. When users "iMeet" with their smartphones they are actually performing a secure key exchange over NFC or camera/QR code, whichever is available and most convenient.
The specific facts are represented as text strings. When users answer questions about other users, their clients sign a (key id, string, ACK/NACK, date) tuple. These tuples are publicly searchable and can be used by PGP clients for WoT calculations.
Usability details
Anyone who has ever tried to put user-supplied information into a database knows that regular people are terrible at structuring data. This protocol allows for user-supplied arbitrary text strings, but an actual implementation should go to great lengths to sanitize their inputs first. For example, the UI should ask for common facts, such as birth date, and format them in an agreed-upon way.Another problem is that most people don't understand the difference between time-variant and time-invariant facts. My date of birth is time-invariant. Most of the other facts which form my identity are not. The text strings should be formatted in a way that time-variant facts can be sanely represented and verified. The UI should not accept a "street address" fact without an associated date range. When I certify my friend's street address, by default my signature should be interpreted to mean "true as of the date of the signature", unless I specify otherwise. Clients who are parsing the public database must be able to intelligently handle the time element of truth.
Unsolved problems
- Cheating by manually creating signatures without actually meeting in person: is this an actual problem, and if so, how could it be fixed?
- Distribution of data: Will there be just one site handling all this data, or will it be distributed somehow?
- If there are multiple providers, how to you make sure data is globally available?
- If there is a single provider, how do you prevent the CA failure mode?
What do we do with it?
Successfully building a secure, decentralized WoT is just the first step to building a large number of other secure services. Once secure cryptographic identities exist and are available the WoT forms a foundation that can be used by other projects:
- Encrypted communications
- Personal clouds
- Website logins
Really the sky is the limit once the WoT exists, we don't yet know what is ultimately possible once it exists because so far we've never got to the point of building one that works for a critical mass of the population. Given recent events, there's never been a better time to to do it than now.
Subscribe to:
Posts (Atom)