Comments

6 responses to “security discussion: crypto – a partial spoiler for Facebook’s world domination”

1. 2010/05/05

   Dogsbody

   What are peoples views on a standard markup for showing that something is rot13? I know a few exist but does anyone use any of them?

   Reply
   1. 2010/05/05

      alecm

      that’s kinda the point; you could even have something like “!rotN” for values N=1..25 and then let javascript pick up the rest.

      am also discussing “proper” crypto usage with other parties…

      Reply
      1. 2010/05/05

         alecm

         test vectors:

         !rot0 The Quick Brown Fox Jumped Over The Lazy Dog
         !rot1 Uif Rvjdl Cspxo Gpy Kvnqfe Pwfs Uif Mbaz Eph
         !rot2 Vjg Swkem Dtqyp Hqz Lworgf Qxgt Vjg Ncba Fqi
         !rot3 Wkh Txlfn Eurzq Ira Mxpshg Ryhu Wkh Odcb Grj
         !rot4 Xli Uymgo Fvsar Jsb Nyqtih Sziv Xli Pedc Hsk
         !rot5 Ymj Vznhp Gwtbs Ktc Ozruji Tajw Ymj Qfed Itl
         !rot6 Znk Waoiq Hxuct Lud Pasvkj Ubkx Znk Rgfe Jum
         !rot7 Aol Xbpjr Iyvdu Mve Qbtwlk Vcly Aol Shgf Kvn
         !rot8 Bpm Ycqks Jzwev Nwf Rcuxml Wdmz Bpm Tihg Lwo
         !rot9 Cqn Zdrlt Kaxfw Oxg Sdvynm Xena Cqn Ujih Mxp
         !rot10 Dro Aesmu Lbygx Pyh Tewzon Yfob Dro Vkji Nyq
         !rot11 Esp Bftnv Mczhy Qzi Ufxapo Zgpc Esp Wlkj Ozr
         !rot12 Ftq Cguow Ndaiz Raj Vgybqp Ahqd Ftq Xmlk Pas
         !rot13 Gur Dhvpx Oebja Sbk Whzcrq Bire Gur Ynml Qbt
         !rot14 Hvs Eiwqy Pfckb Tcl Xiadsr Cjsf Hvs Zonm Rcu
         !rot15 Iwt Fjxrz Qgdlc Udm Yjbets Dktg Iwt Apon Sdv
         !rot16 Jxu Gkysa Rhemd Ven Zkcfut Eluh Jxu Bqpo Tew
         !rot17 Kyv Hlztb Sifne Wfo Aldgvu Fmvi Kyv Crqp Ufx
         !rot18 Lzw Imauc Tjgof Xgp Bmehwv Gnwj Lzw Dsrq Vgy
         !rot19 Max Jnbvd Ukhpg Yhq Cnfixw Hoxk Max Etsr Whz
         !rot20 Nby Kocwe Vliqh Zir Dogjyx Ipyl Nby Futs Xia
         !rot21 Ocz Lpdxf Wmjri Ajs Ephkzy Jqzm Ocz Gvut Yjb
         !rot22 Pda Mqeyg Xnksj Bkt Fqilaz Kran Pda Hwvu Zkc
         !rot23 Qeb Nrfzh Yoltk Clu Grjmba Lsbo Qeb Ixwv Ald
         !rot24 Rfc Osgai Zpmul Dmv Hskncb Mtcp Rfc Jyxw Bme
         !rot25 Sgd Pthbj Aqnvm Enw Itlodc Nudq Sgd Kzyx Cnf

         Reply
2. 2010/05/05

   Steven Murdoch

   Here is one transparent encryption/decryption system for social networking sites: http://www.primelife.eu/results/opensource/39-scramble

   It’s a prototype, but I’ve seen it running and works rather well. As always, key management is the tricky part.

   Reply
3. 2010/05/05

   acb

   A few days ago I was thinking that it would be useful, for people with friends who speak different languages, to have a custom Facebook browser which hooked into Google’s Language API and auto-translated foreign-language updates (optionally translating replies as well). Perhaps such a browser (which would remember who tends to speak which language) could be generalised to handle ROT13 as well.

   Reply
4. 2010/05/06

   Simon

   ACB why a custom browser? I have gtranslate for Firefox, and I just highlight anything I can’t read and it translates it into English. Seems it can’t identify or translate Latin yet, but it does a reasonable job on Swedish and Norwegian, although highly idiomatic or informal usages still cause it a few problems.

   The issue with rot13 is that it is obfuscation, and those who want to index content could add it as easily as the intended audience (wonder if Google can index it yet?). So it doesn’t scale as a solution.

   Google translate has similar privacy issues to facebook. Indeed a lot of the “facebook invades your privacy” discussion recently omits that many other companies on the web who do far worse. Before people worry that facebook knows if they visit selected websites (all 3 of them), they need to check they have the various web analytics companies stopped like google analytics, 2o7.net and a whole host of others.

   Next aem will be proposing social networking over freenet as part of the everything over freenet project.

   Reply