One of the attractions of presence in communications services is that you know someone's available before you try to contact them. The flipside is that presence is also inimical to privacy. Now, a group of researchers has put forward a way to improve privacy of "buddy lists" but still allowing friends to know each others' presence. Outlined in this paper [PDF] , the presence system, referred to as DP5, has been developed by researchers from the University of Illinois, University College London, and the University of Waterloo in Canada.
DP5 proposes a mechanism in which users' buddy lists are encrypted but can still be interrogated. As they explain, the system also protects users against having their buddy lists compromised in case of an attack against a service: "While infrastructure services are required for DP5 to operate, they are designed to not require any long-term secrets and provide perfect forward secrecy in case of compromise".
The PDF contains all the details for those who want to get into the 12 pages of crypto-theory.
(Score: 3, Informative) by VLM on Tuesday June 10 2014, @09:07PM
In before the obvious "The NSA will just demand the data"
This is probably more of a software upgrade for the FBCB2
http://en.wikipedia.org/wiki/Force_XXI_Battle_Command_Brigade_and_Below [wikipedia.org]
So if someone breaks into / steals / powns a 2020 model year Stryker, this could be some kind of damage control, somehow.
Its probably the coolest Linux system I'm aware of.
There's a new system coming out to replace it, I wonder if the NSA boys already knew about this article topic and its already in the new software. I wouldn't be surprised.
(Score: 2) by Alfred on Tuesday June 10 2014, @09:29PM
I have no buddies to have a list of.
(Score: 0) by Anonymous Coward on Tuesday June 10 2014, @09:56PM
I have no buddies, period. Works the same.
(Score: 2) by skullz on Tuesday June 10 2014, @10:00PM
I have negative buddies and like it.
(Score: 3, Funny) by ls671 on Wednesday June 11 2014, @12:01AM
If you have some buddies, set them free.
Free, free, set them free.
Sting
Everything I write is lies, read between the lines.
(Score: 2) by maxwell demon on Wednesday June 11 2014, @07:11AM
You don't need buddies to have a buddy list. Never heard of the empty list?
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by Alfred on Wednesday June 11 2014, @03:29PM
I kinda lied about my buddy list...
My mom is on my buddy list
(Score: 2, Informative) by MostCynical on Wednesday June 11 2014, @01:31AM
What to do when keyswap buddy has been kidnapped by a TLA...
No amount of encryption will save you..
http://craphound.com/littlebrother/download/ [craphound.com]
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 0) by Anonymous Coward on Wednesday June 11 2014, @06:06AM
Great book, kudos to you and Cory!
(Score: 2) by wonkey_monkey on Wednesday June 11 2014, @02:43PM
My best but admittedly vague guess as to roughly how this works (based first on my reading of the summary, then a skim of the paper):
Your presence is an object that encapsulates your offline/online status plus anything else your buddies might need to know - your IP address, your cat's current mood, etc.
You encrypt it with your buddies' public keys and then only they can see your presence.
But you pad this presence object out with lots of false versions, all encrypted differently. So far, your buddies can only decrypt the true one. But if you want to revoke a buddy, you only use his key to encrypt one of the false versions.
Am I even remotely close to grasping this?
systemd is Roko's Basilisk