Any interest in crypto services on Mises.org?

Posted Thu, Jan 8 2009 10:40 PM by HeroicLife

I would like to take advantage of the open platform and volunteer interest in Mises.org by offering some crypto services.  For example, we could integrate secure messaging into the forum,  offer a secure email service, host a Tor node, or some open-source projects.  Recipes/source codes for everything we do will be provided on the site as well.  What do you think?

Here is a basic sample service to get the conversation started: this secure messaging page allows you to send anonymous, encrypted messages that any recipient with a PGP/OpenPGP public key can read.  If you want to try it out, my PGP key is here and can be send to webmaster@mises.org.

Filed under:

Comments

# re: Any interest in crypto services on Mises.org?

Friday, January 09, 2009 3:36 PM by David C

(copied from the libertarian mailing list)

Uhh, I really hope they know what they're doing.   First off, if you have digital security, but you don't have physical security then you don't have security.  I noticed the link was not https, and the ".com" domain uses US based root nameservers.  As it is, it's basically usless for hiding private messages from the involved internet carriers or the US government - unless the message is already encrypted and even then it does nothing to hide the source or recipient.  In fact, the false sense of security may do more harm than good.

Also which country is the server in?  Which internet carrier does it use? How and who has control over administration? What kind of checks are there?  Also, what about local browser caching.  IMHO, a web browser is not a good platform for secure messaging unless very careful care is taken about caching, and deletion of memory and files.  Anyone watching the IP's (unless it's tor) could go back to the source and retrieve cache.  Computers almost never delete files, or memory, only free up the headers.  Even if you wipe a disk with zeros, it still leavs a magnetic trace, even if you rewrite a disk with random data, the write heads often change alignment on tracks ... (even though pratically speaking, they would need to take an electron microscope to the tracks ... at a costs over 100K, so in practice they almost never do that)

How will they deal with a court order of a government supoena of records?

In San Diego, there is a service called  anonymizer.com that provides anon services, but I always thought it was funny that a private company required a government secrecy clearence for employment?  Is that because they want to carefully check the background of their employees, or is it becasue they are helping the feds spy on their customers and cant afford for someone to blab.  How would they know it's a valid clearence without government collaberation anyhow?

On the internet, I don't think it's wise for people to assume security or annonimity without great care.  I hope they really know what they're doing.

# re: Any interest in crypto services on Mises.org?

Friday, January 09, 2009 7:53 PM by HeroicLife

Patrik and Patrick:

I am not trying to turn mises.org into any kind of anonymizing proxy or crypto-anarchist central.  The Mises Insistute has enough to worry.

I just want to cooperate on some open-source/open-recipe projects and promote good practices.  

Even so, we can take some measures to promote security - we can disable logs where appropriate and the mises.org domain does have a SSL cert, so when they are ready, we can publish service to https.

Also, it is my intention to release desktop or browser-based versions of software so the server never sees plaintext data.

# re: Any interest in crypto services on Mises.org?

Saturday, January 10, 2009 6:26 PM by Junker

HeroicLife,

imo, it's a good thing to do all around, esp. as a public awareness issue and as an example of a "good public practice". I'd like to see all private messaging go encrypted. You might become a public key server... oh, and PublicID too. :-) ty.