Quote:
Originally posted by kento
so TG what it seems are saying is a contradiction in the way it was said...you do want PERMANENT verifiable p2p identities (so that you know your "trusted source" isn't an RIAA dude or 'virust writer') BUT you don't want 'verifiable p2p identities' because you don't want to be busted by the riaa/mpaa/etcetera....etcetera
did i surmise this correctly?
|
Let’s clarify the concepts a little…
The unique, permanent and verifiable identities I am talking about are meant for machine level interactions only. As symbolic data the public encryption keys are just random-looking bit patterns to the human eye. Like physical keys they derive all their meaning from what doors they can open, what is behind those doors and who have access to the keys.
The question of anonymity is a separate issue from identity. You can build both anonymous and non-anonymous networks on permanent identities. In an anonymous network the clients could just collect objective technical data (response times, search hits, transfer speeds etc.) from each other and use them to automatically optimise network structure (supernode selection, download source selections). In a more social network you would have all the anonymous level stuff plus some socially meaningful metadata (nicks, avatars, profiles etc.) associated to identities.
Any of your friends could change their nicks and avatars as they wished but they could not force any such changes onto your recollection of them. Should a peer change its nick, your client could prompt you whether you want to start using the new given nick or rather stick to the old one. In other words, your client – basing its actions on reliable identity data - would safeguard the integrity of your social environment and bonding.
The kind of verifiability that the RIAA is interested in is to associate a particular logged online action (like sharing the latest Britney album on a p2p network) to a particular person. To do this, they try to get access to your ISP’s logs and customer data to prove that the bad guy or gal was indeed you. As the ISPs can be compromised under legal threats the best protection here is to know (as far as possible) whom you are dealing with (secure identity management) and to do all your data transfers through protected pipes so that no third parties will have any idea of what is being transferred. Here public keys as identifiers become particularly handy as they allow the encryption of
all peer communications starting from the first contact requests.
- tg
