Inferencium/website
1
0
Fork 0
Code Issues Activity

Add HTML sections.

Browse Source
This commit is contained in:
inference 2023-06-26 02:30:14 +01:00
parent a42f11d56f
commit 44264f740c
Signed by: inference
SSH Key Fingerprint: SHA256:9Pl0nZ2UJacgm+IeEtLSZ4FOESgP1eKCtRflfPfdX9M
1 changed files with 103 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
blog/untrusted_the_issue_with_decentralisation.html
View File

@ -5,7 +5,7 @@
<!-- Copyright 2022 Jake Winters --> <!-- Copyright 2022 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
<!-- Version: 4.1.0.22 --> <!-- Version: 4.1.0.23 -->
<html> <html>
@ -32,97 +32,109 @@
<p class="update_date">Posted: 2022-06-30 (UTC+00:00)</p> <p class="update_date">Posted: 2022-06-30 (UTC+00:00)</p>
<p class="update_date">Updated: 2022-10-29 (UTC+00:00)</p> <p class="update_date">Updated: 2022-10-29 (UTC+00:00)</p>
<!-- Table of contents --> <!-- Table of contents -->
<h2 id="toc"><a href="#toc" class="h2">Table of Contents<a/></h2> <section id="toc">
<ul> <h2 id="toc"><a href="#toc" class="h2">Table of Contents<a/></h2>
<li><a href="#introduction" class="body-link">Introduction</a></li>
<li><a href="#examples" class="body-link">Examples</a></li>
<ul> <ul>
<li><a href="#examples-messaging" class="body-link">Messaging</a></li> <li><a href="#introduction" class="body-link">Introduction</a></li>
<li><a href="#examples" class="body-link">Examples</a></li>
<ul>
<li><a href="#examples-messaging" class="body-link">Messaging</a></li>
</ul>
<li><a href="#solution" class="body-link">Solution</a></li>
<li><a href="#conclusion" class="body-link">Conclusion</a></li>
</ul> </ul>
<li><a href="#solution" class="body-link">Solution</a></li> </section>
<li><a href="#conclusion" class="body-link">Conclusion</a></li> <section id="introduction">
</ul> <h2 id="introduction"><a href="#introduction" class="h2">Introduction</a></h2>
<h2 id="introduction"><a href="#introduction" class="h2">Introduction</a></h2> <p>A recent trend is seeing people move towards decentralised services and platforms. While this is
<p>A recent trend is seeing people move towards decentralised services and platforms. While this is reasonable and I can understand why they are doing such a thing, they are seemingly doing it without
reasonable and I can understand why they are doing such a thing, they are seemingly doing it without thinking about the possible consequences of doing so. The issue with decentralisation is trust;
thinking about the possible consequences of doing so. The issue with decentralisation is trust; there is no way to pin a key to a specific person, to ensure that you are communicating with the
there is no way to pin a key to a specific person, to ensure that you are communicating with the same person you are supposed to be communicating with. In this article, I will discuss some of the
same person you are supposed to be communicating with. In this article, I will discuss some of the security issues with the decentralised model.</p>
security issues with the decentralised model.</p> </section>
<h2 id="examples"><a href="#examples" class="h2">Examples</a></h2> <section id="examples">
<h3 id="examples-messaging"><a href="#examples-messaging" class="h3">Messaging</a></h3> <h2 id="examples"><a href="#examples" class="h2">Examples</a></h2>
<p>When it comes to messaging your contacts on a centralised platform, such as Twitter or Facebook, <section id="examples-messaging">
the keys are pinned to that user account, using the user's password as the method of identification. <h3 id="examples-messaging"><a href="#examples-messaging" class="h3">Messaging</a></h3>
This approach makes it impossible to log in as a specific user without their password, should it be <p>When it comes to messaging your contacts on a centralised platform, such as Twitter or Facebook,
strong enough to not be guessed, whether via personal guessing or exhaustive search. The trust in the keys are pinned to that user account, using the user's password as the method of identification.
this centralised model is the high security these platforms have. It is extremely unlikely that This approach makes it impossible to log in as a specific user without their password, should it be
anyone other than a government would be able to access the accounts stored on such platforms' strong enough to not be guessed, whether via personal guessing or exhaustive search. The trust in
servers, which makes the physical security trusted. As for remote security, should a user's password this centralised model is the high security these platforms have. It is extremely unlikely that
be compromised, it can typically be reset if the user can prove they are the owner of the account anyone other than a government would be able to access the accounts stored on such platforms'
via some form of identification; this is where the trust issue of decentralisation occurs.</p> servers, which makes the physical security trusted. As for remote security, should a user's password
<p>In the decentralised model, keys are kept on the users' devices, in their possession. While this be compromised, it can typically be reset if the user can prove they are the owner of the account
soveriegnty is welcomed, it introduces a critical flaw in the security of communicating with anyone via some form of identification; this is where the trust issue of decentralisation occurs.</p>
via a decentralised platform; should a user's device be lost, stolen, or otherwise compromised, <p>In the decentralised model, keys are kept on the users' devices, in their possession. While this
there is no way to know it happened and what the new keys really are, and if the same user generated soveriegnty is welcomed, it introduces a critical flaw in the security of communicating with anyone
those keys. There is no centralised point where anyone can go to check if the compromised user has via a decentralised platform; should a user's device be lost, stolen, or otherwise compromised,
updated their keys, which means there must already have been at least one other secure channel in there is no way to know it happened and what the new keys really are, and if the same user generated
place before the compromise occurred. Even if there was, the security of endpoint devices, those keys. There is no centralised point where anyone can go to check if the compromised user has
especially typical users, is much lower than a well protected corporation's servers, making even updated their keys, which means there must already have been at least one other secure channel in
those secure channels questionable to trust. Should all secure channels be compromised, there is place before the compromise occurred. Even if there was, the security of endpoint devices,
literally no way to know if the person you are communicating with is the real person or an imposter; especially typical users, is much lower than a well protected corporation's servers, making even
there is no root of trust. This point is fatal; game over. The only way to establish trust again those secure channels questionable to trust. Should all secure channels be compromised, there is
would be to physically meet and exchange keys.</p> literally no way to know if the person you are communicating with is the real person or an imposter;
<h2 id="solution"><a href="#solution" class="h2">Solution</a></h2> there is no root of trust. This point is fatal; game over. The only way to establish trust again
<p>I'll cut to the chase; there isn't a definitive solution. The best way to handle this situation would be to physically meet and exchange keys.</p>
is to design your threat model and think about your reasoning for avoiding centralised platforms. Is </section>
it lack of trust of a specific company? Is it the possibility of centralised platforms going </section>
offline? Only by thinking logically and tactically can you solve both the issue of centralisation <section id="solution">
and decentralisation. Often, one size fits all is never the correct approach, nor does it typically <h2 id="solution"><a href="#solution" class="h2">Solution</a></h2>
work.</p> <p>I'll cut to the chase; there isn't a definitive solution. The best way to handle this situation
<p>In order to avoid the issue of loss of trust due to lack of root of trust, all users' keys must is to design your threat model and think about your reasoning for avoiding centralised platforms. Is
be stored in a centralised location where all contacts are able to go to in case of compromise or to it lack of trust of a specific company? Is it the possibility of centralised platforms going
periodically check the state of keys and to see if they have changed. This centralised location offline? Only by thinking logically and tactically can you solve both the issue of centralisation
requires some sort of identification to ensure that the user changing their keys is really the same and decentralisation. Often, one size fits all is never the correct approach, nor does it typically
person who initially signed up for the platform, using a trust-on-first-use (TOFU) model, which work.</p>
isn't much different than what today's centralised platforms are already doing; the only difference <p>In order to avoid the issue of loss of trust due to lack of root of trust, all users' keys must
is who is controlling the location; trust is still present and required.</p> be stored in a centralised location where all contacts are able to go to in case of compromise or to
<p>In order to have a root of trust, I have posted my keys to my website, which is protected by periodically check the state of keys and to see if they have changed. This centralised location
multiple layers of security:<br> requires some sort of identification to ensure that the user changing their keys is really the same
<br> person who initially signed up for the platform, using a trust-on-first-use (TOFU) model, which
<ol> isn't much different than what today's centralised platforms are already doing; the only difference
<li>I have provided identification to my domain name registrar, to ensure I can access the website I is who is controlling the location; trust is still present and required.</p>
rightfully own, should it be compromised, by providing identification to the domain name <p>In order to have a root of trust, I have posted my keys to my website, which is protected by
registrar.</li> multiple layers of security:<br>
<li>I have provided identification to my virtual private server host, to ensure I can access the <br>
virtual private servers I rightfully rent, should they be compromised, by providing identification <ol>
to the virtual private server host.</li> <li>I have provided identification to my domain name registrar, to ensure I can access the website I
<li>I have pinned my website to a globally trusted certificate authority, Let's Encrypt, which is a rightfully own, should it be compromised, by providing identification to the domain name
trusted party to manage TLS certificates and ensure ownership of the domain when connecting to registrar.</li>
it.</li> <li>I have provided identification to my virtual private server host, to ensure I can access the
<li>I have enabled DNSSEC on my domain, so it is extremely difficult to spoof my domain to make you virtual private servers I rightfully rent, should they be compromised, by providing identification
believe you're connecting to it when you're actually connecting to someone else's.</li> to the virtual private server host.</li>
</ol></p> <li>I have pinned my website to a globally trusted certificate authority, Let's Encrypt, which is a
<p>While not the most secure implementation of a root of trust, it is the most secure implementation trusted party to manage TLS certificates and ensure ownership of the domain when connecting to
currently available to me. While the domain name registrar or virtual private server host could it.</li>
tamper with my domain and data, they are the most trustworthy parties available. In its current <li>I have enabled DNSSEC on my domain, so it is extremely difficult to spoof my domain to make you
form, decentralisation would make this impossible to implement in any form.</p> believe you're connecting to it when you're actually connecting to someone else's.</li>
<h2 id="conclusion"><a href="#conclusion" class="h2">Conclusion</a></h2> </ol></p>
<p>Do not demand anonymity; demand privacy and control of your own data. Complete anonymity makes it <p>While not the most secure implementation of a root of trust, it is the most secure implementation
impossible to have a root of trust, and is typically never necessary. It is possible for someone currently available to me. While the domain name registrar or virtual private server host could
else to hold your keys, without them taking control of them and dictating what you can and cannot do tamper with my domain and data, they are the most trustworthy parties available. In its current
(Twitter's misinformation policy comes to mind). If a platform is not listening to your or other form, decentralisation would make this impossible to implement in any form.</p>
people's concerns about how it is being run, show those platforms that you will not stand for it, </section>
and move to a different one. This may not be ideal, but it's not different to moving from one <section id="conclusion">
decentralised platform to another. Centralisation is not what is evil, the people in control of the <h2 id="conclusion"><a href="#conclusion" class="h2">Conclusion</a></h2>
platforms are what is potentially evil. Carefully, logically, and tactically, choose who to trust. <p>Do not demand anonymity; demand privacy and control of your own data. Complete anonymity makes it
Decentralisation doesn't do much for trust when you must still trust the operator of the impossible to have a root of trust, and is typically never necessary. It is possible for someone
decentralised platform, and are still subject to the possibly draconian policies of that else to hold your keys, without them taking control of them and dictating what you can and cannot do
decentralised platform. If government is what you are trying to avoid, there is no denying it is (Twitter's misinformation policy comes to mind). If a platform is not listening to your or other
feasibly impossible to avoid it; a government could always take down the decentralised platform, people's concerns about how it is being run, show those platforms that you will not stand for it,
forcing you to move to another, and they could also take down the centralised key storage site and move to a different one. This may not be ideal, but it's not different to moving from one
mentioned earlier in this article. A government is not something you can so easily avoid. decentralised platform to another. Centralisation is not what is evil, the people in control of the
Decentralisation does not solve the government issue. In order to live a happy, fun, and fulfilled platforms are what is potentially evil. Carefully, logically, and tactically, choose who to trust.
life, while protecting yourself against logical threats, there are only two words you must live by: Decentralisation doesn't do much for trust when you must still trust the operator of the
Threat model.</p> decentralised platform, and are still subject to the possibly draconian policies of that
decentralised platform. If government is what you are trying to avoid, there is no denying it is
feasibly impossible to avoid it; a government could always take down the decentralised platform,
forcing you to move to another, and they could also take down the centralised key storage site
mentioned earlier in this article. A government is not something you can so easily avoid.
Decentralisation does not solve the government issue. In order to live a happy, fun, and fulfilled
life, while protecting yourself against logical threats, there are only two words you must live by:
Threat model.</p>
</section>
</body> </body>
</html> </html>