You missed the whole point of this essay. The fastest code to write is often insecure because languages, apis and so on are almost always insecure-by-default.
If you write code fast because you have a life at home to get to, and I write code fast because my employer needs it right now, and someone else writes code fast because they have a large ego to maintain, what really is the difference? If the simplest thing to do is also reasonably secure then the hope is a 30 minute deadline will not lead to an accidental security flaw.
I think the suggestion was that this site doesn't really need to identify its users. It's a quiz site. If you want to make custom inputs for each user, drop a cookie with a big random number and stop fretting about the cases where that fails.
What a terrible post. Every single example is simply security through obscurity. Once a leaker understands the ways in which a file may be watermarked, they will likely be able to circumvent it. An example of a watermarking method that does not fall apart when people know what to look for would make a very good article. This is not that article.
I really want to believe this comment is a joke...
Everything that you mention that needs to be "regulated" is already regulated by the bitcoin protocol itself. In fact, the whole point is to replace regulation with strong cryptographic proof.
Good sir, surely you jest, how else we will maintain security of this nation if FSA will not monitor and double check every single transaction? What if some bitcoins will go missing in transit from source to target wallet?
First part of the post is indeed a joke, I am pretty sure comments on FX markets and strategy that exchanges could use to game the customers are accurate.
Yes this is a real problem. Being "paranoid about privacy" is not a yes/no decision for people to make. Different people have different things they would like to be private about and to different degrees. Some people may not want it to be possible for anyone to ever know anything at all about them. Those people don't use phones of any nature. Maybe some other people only trust phones that they build themselves. Other people are willing to trust open source software and the communities around it. Some people only care about making dragnet surveillance difficult or expensive. Others need perfect assurance of privacy because their lives are in danger. Others don't care if anyone listens to their calls.
But what you are saying is like looking at football players, seeing that they could still get hurt when they wear lots of padding, and deciding either no one should play the game or we should all play inside giant airbags.
Yeah but if you're trying to catch criminals the signal to noise is far better with presidents, judges, and congress than with boring, normal citizens.
Phone numbers are unique values when you need to call a phone or send an SMS, which is what this software does. If you were trying to do your taxes, sure...but in this case a phone number is exactly enough.
Followers are established by connecting to bittorrent swarms. From the paper: "The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users."
Furthermore, not all clients need to store and reseed all messages they receive. More seeders is obviously better for network health, but it's not always a reasonable option. The paper suggests that clients can choose to be "achivists" which means that they keep messages and seed them to others (so it's optional). Clients like mobile phones could easily disable this behavior.
This is not true. Followers are established by connecting to bittorrent swarms. From the paper: "The last network is a collection of possibly disjoint “swarms” of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users."
Furthermore, not all clients need to store and reseed all messages they receive. More seeders is obviously better for network health, but it's not always a reasonable option. The paper suggests that clients can choose to be "achivists" which means that they keep messages and seed them to others (so it's optional). Clients like mobile phones could easily disable this behavior.
Also Twister can't use Namecoin because the incentives are wrong. In Namecoin, miners get to create domains. It would be horrible if only Twister miners could make accounts. Instead they get to make promoted posts, so it has to be a separate implementation.
Basically, if you have anonymous, P2P, encrypted messaging you need to solve the problem of maintaining a public ledger of user names to public keys. There are several approaches to this, but one of the most compelling right now is using the exact same mechanism that bitcoin uses to prevent double spending. Twister has absolutely nothing to do with bitcoin, they are only similar in that double-spending a bitcoin is analogous to identity theft in Twister.
Yes they do but 1) most people are more comfortable dealing with usernames compared to public keys, and 2) distributing the public keys themselves can be tricky if you don't already have a trusted connection set up (just look at past abuses of Certificate Authorities for examples of this).
I do not see how distributing keys is "tricky" in this context. If you do not know who you are communicating with, then a man in the middle attack works if the attack occurs during your first attempt to communicate (think SSH); this would seem to be true regardless of the existence of a ledger, since you need to figure out which username you want to communicate with. If you do know who you are communicating with, you can distribute keys offline (e.g. "contact me with $key") or establish keys via some existing communication channel (OTR, PGP, whatever), just as you would have to distribute your username offline or via another channel given the ledger.
So sure, I can grant people are more comfortable dealing with usernames than with public keys, but that sounds more like a UI problem than a technology problem. People are certainly capable of dealing with Tor hidden service addresses, and I suspect that is because they are already using a UI they know well (their web browser).
If you write code fast because you have a life at home to get to, and I write code fast because my employer needs it right now, and someone else writes code fast because they have a large ego to maintain, what really is the difference? If the simplest thing to do is also reasonably secure then the hope is a 30 minute deadline will not lead to an accidental security flaw.