I was recently reading up on Len Sassaman and his fascinating work on anonymous remailers. This used to be a very active area of research for cypherpunks, but it seems like people don't talk as much about these ideas anymore. I suppose TOR is the successor to these efforts (despite the fact that it seems controlled by the NSA).
In any case, while reading about Len, I came across this spectacularly good talk on YouTube. I learned so many cool things from the talk about how to design secure decentralized systems and how to evaluate threat models and think of creative attacks (as well as how to defend against them) that I wanted to share it with more people, thus the transcript linked here.
Even though the talk is "old" (from 2003), it still seems incredibly relevant and interesting to me, and I think you will enjoy it, too.
I have considered porting mixminion to Go and implementing it as designed.. it's pretty interesting. I think it would be neat if you added "bridges" like an SMTP -> Mixminion and Mixminion -> IRC/Matrix/etc.
Of course, you could chain something like Mixmaster -> SMTP bridge -> Mixminion or Mixminion -> Tor -> IRC/Matrix/etc.
Cool, looks like a good summary. What I like about the talk I linked to is that it walks you through the process of designing it yourself, starting with the simplest version of the idea and then progressively pointing out its weaknesses and showing how you could counteract each weakness with a new idea. And then how there are new attacks against the "fixes," and so on, until you have a fairly secure system. At the end, you understand it way more than if the entire system were laid out from the begnning in a fully formed way.
There is a really nice specification for the authenticated encryption wrapper described above, as a standalone protocol element (i.e. usable independent of email/tor/etc):
> it seems like people don't talk as much about these ideas anymore
The "modernized" Internet got addicted to low-latency interactive protocols. It's basically impossible to protect these from a global passive adversary. All the cool research results (mixnets) produced protections for protocols that have been proclaimed to be extremely uncool these days (like email and bitcoin tx broadcast).
> TOR is the successor to these efforts (despite the fact that it seems controlled by the NSA).
It would be smart for a global passive adversary to invest in technologies that protect people against everybody except them and then give the results away for free.
If I were a supervillian, I would definitely do that. Then I would kill people based on metadata. I'd also be more careful about letting my minions do the kind of dumb shit that gets them multi-year conference attendance bans and 11:30pm (not a typo) speaking slots.
What do you think of all the people who believe he was Satoshi Nakamoto? I think he almost certainly wasn't, but it's hard to dissuade people once they have their own pet suspect.
I think the theory has more going for it than many other candidates who are put forward, since he definitely was interested in that area and had the requisite technical skills. And the fact that he passed away at around the same time Satishi went dark. But who knows. If the theory gets more people interested in his published work, then I don't see the harm.
If people are going to be incorrect about something, it's likely better they are incorrect about it being the dead guy rather than harassing innocent people that are alive.
Yes, that’s certainly true, but unfortunately people can still annoy surviving family members of those people. And it can pose physical security risks to them.
In any case, while reading about Len, I came across this spectacularly good talk on YouTube. I learned so many cool things from the talk about how to design secure decentralized systems and how to evaluate threat models and think of creative attacks (as well as how to defend against them) that I wanted to share it with more people, thus the transcript linked here.
Even though the talk is "old" (from 2003), it still seems incredibly relevant and interesting to me, and I think you will enjoy it, too.