a file can be copied but cannot be forged

38 replies [Last post]
panties
Offline
Joined: 02/02/2021

Is it possible to make a file so that it can be duplicated but cannot be faked the original file is the original?
 
Given that you give the orifinal file to someone else. My understanding is that if the file is not modified, maybe that someone can have every confidence in the copy is the file I signed, by checking with my puclic key.
But let's say you give that someone both the original file and a copy. I want per to be able to prove that both files are the same file that I signed, but I also want per to be able to distinguish between the original and the copy. Is this possible?
Or does a file signed with GPG inherently have that property?

koszkonutek
Offline
Joined: 03/19/2020

Philosophically, a physical object can be called an original but when it comes to digital files - there's no such thing. Everything is a copy.

Back to practice, could you please elaborate on what you want to achieve?

If you want to give someone a CD with signed file and stop them from burning a second CD with that same signed file - nobody's able to help you.

If you just want to have 2 signed versions of a file then that's achievable. Perhaps for your needs it would suffice to append to a file some text like "this is the original" or "this is a copy" and then sign these extended files?

panties
Offline
Joined: 02/02/2021

I see, I understand a little better now. Thank you very much.

I have created a song and I intend to sell it.
I will license it under CC0, or GPL if I understand GPL better and like it, and make it available for free and free download from the website. So anyone is free to copy it. Maybe CC0 is fine because no one would pay for something they can get for free even if someone sells that copy?

However, I'd like to add value to it - I haven't really thought this through enough to say it's completely OK, from an ethical standpoint - but I think some people would be happy to an autographed CD.
I intend to sell 100 physically signed CDs. This is done by autographing on the surface of the CD with a pen.
I also thought to sell a limited number of digitally signed CDs. This is because if, for example, 10,000 CDs are sold by mistake, the effort of physically autographing them will not be worth the selling price.
So I wanted to know if it would be possible to create a digital signature that could not be forged, so that if the value of the CD increased in case, the buyer or the buyer's descendants could resell the CD at a wonderful price in times of trouble, much like so-called 'the art game' in the painting world.

When I say ethical point of view, I mean that I don't necessarily like this 'art game' they call it. For some painters, it is unforgivable to call it 'game'. The idea of paying close to a hundred million dollars for a Van Gogh "Sunflower" and then monopolizing it is clearly not my cup of tea.
However, as the author of the work, I am happy if people who liked and supported my work early on (especially poor people like me) and bought two or three CDs can resell one of them at a higher price, and if it helps them make a living. In that sense, I think the concept (or the nature) of the 'art game' is interesting, as scarcity brings value. It can be a transfer of wealth, too. Though personally, I don't understand the collector's spirit, but some of my acquaintances are collectors too.

> Perhaps for your needs it would suffice to append to a file some text like "this is the original" or "this is a copy" and then sign these extended files?

Wouldn't it still be possible to copy the extended file marked "This is an original" if everything is a copy in the digital world?

I've been able to sort out a bit of the ethical aspects (and the nature of digital) while I was writing this. Well, even if there were 10,000 strange tastes, I should do my best to put an autograph on each CD, though... This way, those CDs can be sold in a way that is impossible to counterfeit. But if million CDs were sold by mistake? I wonder I can autograph on every CD. Or rather, I am scared to get tired of autographing on all the CDs.

I was on edge, wondering if something against the spirit of Free Software Movement.

panties
Offline
Joined: 02/02/2021

No, to exposing my (bad) humanity...

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

The GPL is rather inadequate for artistic works: consider the CC BY SA, which is copylefted as well. Preventing somebody to make an exact copy would be DRM, which is unethical. As far as I know, only superstars still make money with copies of their works: the rest makes peanuts that way but can still earn a living with concerts, merchandising and crowd funding.

panties
Offline
Joined: 02/02/2021

As for the CC license, it had looked complicated ('3').
First of all, I didn't understand it myself, and secondly, I didn't want people to think that I had some complicated copyright restrictions when I published my work, because I thought most people don't know much about CC license. Everyone is vaguely aware of copyright, and everyone knows, even vaguely, that if you copy something without permission, you may be committing some kind of crime. And most works are supposed to retain all rights of copyright. In other words, most people know that most works are protected by copyright without explicit notice. Considering the public awareness of the CC License, we were concerned that licensing under CC license would be misinterpreted as imposing further restrictions on copyright. I don't know what the actual public awareness of CC is, but in my own experience, I had the impression that it was a "complicated and unfamiliar license", and I think other people would probably have a similar feeling.
So I thought it would be better to write "CC0" and simply say "licensed under CC0, so copying is free", rather than licensing CC license.
I just realized here that I used to publish my work using CC license, this is a Creative Commons license/tool...

Anyway, in my case, I personally don't see any problem with someone using my work for commercial purposes or whatsoever, so there seems to be no need to license it under CC BY-SA, for now. There may come a time when I find it useful, though.

As for DRM, the way it is regulated seems problematic, but it doesn't seem unethical per se. Why do you see it is unethical?

As for crowdfunding, I believe that if people supported by crowdfunding can make secondary activities work well, such as creating a fund, we can eliminate the unnecessary function of murderous banks. Crowdfunding is an interesting new system (as Bit Coin).

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Digital Restrictions Management is the practice of imposing technological restrictions that control what users can do with digital media. When a program is designed to prevent you from copying or sharing a song, reading an ebook on another device, or playing a single-player game without an Internet connection, you are being restricted by DRM. In other words, DRM creates a damaged good; it prevents you from doing what would be possible without it. This concentrates control over production and distribution of media, giving DRM peddlers the power to carry out massive digital book burnings and conduct large scale surveillance over people's media viewing habits.
https://www.defectivebydesign.org/what_is_drm (Defective by Design is a campaign of the FSF)

As others have already told you, copyleft has nothing to do with "commercial purpose" and everything to do with preventing the middle man from stripping out the freedoms you gave, for instance redistributing your work with DRM, making a remix or a composite work (say, using your song in a movie) that is "all rights reserved", etc. Here is a definition:

Copyleft is a strategy of utilizing copyright law to pursue the policy goal of fostering and encouraging the equal and inalienable right to copy, share, modify and improve creative works of authorship. Copyleft (as a general term) describes any method that utilizes the copyright system to achieve the aforementioned goal. Copyleft as a concept is usually implemented in the details of a specific copyright license, such as the GNU General Public License (GPL) and the Creative Commons Attribution Share Alike License. Copyright holders of creative works can unilaterally choose these licenses for their own works to build communities that collaboratively share and improve those copylefted creative works.
https://copyleft.org

CC BY-SA is extremely popular. It is in particular Wikipedia's license of choice. The license itself is hard to read, like any license that tries to prevent a few things in a way that would hold in court. However, in my humble opinion, Creative Commons makes a good job at explaining the license to the layman. For CC BY-SA, here is the "human-readable summary": https://creativecommons.org/licenses/by-sa/4.0/

panties
Offline
Joined: 02/02/2021

I found an interesting license and liked it very much. Perhaps I will like using this license to my works.

WTFPL(Do What The Fuck You Want To Public License)

https://en.wikipedia.org/wiki/WTFPL

It seems to be almost a public domain like license, but why it is not regarded as copyleft?

lanun
Offline
Joined: 04/01/2021

See also: https://en.wikipedia.org/wiki/Beerware.

> but why it is not regarded as copyleft?

Because it does not require share-alike [1], so it "allows uncooperative people to convert the program into proprietary software" [2].

[1] https://en.wikipedia.org/wiki/Copyleft#Types_and_relation_to_other_licenses
[2] https://www.gnu.org/copyleft

quidam

I am a member!

I am a translator!

Offline
Joined: 12/22/2004

Please do not recommend (bad) joke licenses as a serious choice. Licensing is a very important and complicated legal field that cannot be addressed in such a thoughtless way.

Copyleft is the concept of a free license requiring that the product is shared under the same license.

panties
Offline
Joined: 02/02/2021

y,yes. Sure.

Anyway I see, so you have both a license to let people be free to do what they want (such as CC0), and a license to be free to do anything except violate people's freedoms we should respect each other (copy left).

I often want to buy a developer a round of beer, but how to send the money is always a problem.
I think it would be convenient if I could use Bitcoin, but converting cash into Bitcoin with privacy is quite difficult in my country (or rather, impossible for my computer skill). There are only two ATMs for Bitcoin, and they are located in Kyushu, which is very far from my area.

Is it not a good idea for an organization such as FSF to offer Bitcoin/cash exchange or accept cash sending then issue beer vouchers?
Sending cash by mail is prohibited in Japan, but in Europe, it seems to be basically unprohibited. I don't know about the United States, though.

koszkonutek
Offline
Joined: 03/19/2020

WTFPL is indeed a license equivalent to public domain. However, is has some flaws, e.g. it does not have a warranty disclaimer nor does it have a fallback clause for when releasing work to public domain is not legally possible. Public domain waivers like CC0, Unlicense and BSD0 would be safer for both you and your licensees. In particular, CC0 seems to be the most thoroughly designed of them - with all the necessary fallback clauses. Also, since your work is not software, it would be the most practical to use a license designed for cultural works - which makes CC0 the best choice.

> I personally don't see any problem with someone
> using my work for commercial purposes or whatsoever,
> so there seems to be no need to license it under
> CC BY-SA, for now.

Others have already explained what copyleft is. I'll just add that - strictly speaking - a copyleft license like CC BY-SA does not forbid commercial redistribution. It only requires that any derivative work is always made available under the same CC BY-SA license. One can still legally make a copy of a copylefted work (or derivative thereof) available for a fee.

> As for DRM, the way it is regulated seems problematic,
> but it doesn't seem unethical per se. Why do you see
> it is unethical?

For it to work, it has to be implemented using proprietary software/hardware its owner can't fully control. That is against software freedom principles as it should be the device owner - not software vendor - who has the right to control said electronic device.

> I had the impression that it was a "complicated and
> unfamiliar license", and I think other people would
> probably have a similar feeling.

You could add a notice like "This is a free cultural work that you can share with others according to the CC BY-SA license".

> As for the CC license, it had looked complicated ('3').
> First of all, I didn't understand it myself [...]

Perhaps the Wikipedia article[1] would be more clear than raw text of the license?

> I was on edge, wondering if something against the
> spirit of Free Software Movement.

Software freedom and freedom of cultural works seem to be considered separate issues (a view popularized by RMS). Software is a tool that does something - it controls devices. If we want users to have control over their computing, the software they use must be free.
Cultural works can be read/watched/listened to but unlike software, they (usually) don't perform actions by themselves. Even if they all remain proprietary - it is not going to affect the freedom of computing. This is why releasing a song even under a very restrictive copyright terms is not going to be against the spirit of Freesw Movement. It might be against the spirit of sharing, though.

> Wouldn't it still be possible to copy the extended
> file marked "This is an original" if everything is
> a copy in the digital world?

Indeed, it would be.
What you want to achieve is not directly possible. What are the indirect ways or half-solutions?

You could create a website and make purchasing a copy of the song equivalent to creation of an account on the website. The buyer could then log in to that account and be greeted with a message like "you purchased a copy". And there could be a publicly-viewable list with nicknames of all the buyers. It might not seem very attractive but that's an approach similar to how Minecraft's creators earned billions of $'s - the only difference for those who bought the game wes being able to have a skin when playing online and for server owners - being able to distinguish players who bought from players who didn't buy. And yes, I know Minecraft is nonfree - I'm just mentioning it because it is a noteworthy example of the business model I am discussing.

Instead of running you own server you could create a cryptocurrency where the "coins" would be song copies...
The easiest way would probably be to do it on top of Ethereum.

Or you could just drop the idea of making buyers able to profit from reselling their copies after years and simply sign every copy together with a text like "for Jane Doe". Although that's not what you wanted, it is still a nice thing :)

[1] https://en.wikipedia.org/wiki/Creative_Commons_license#Four_rights

panties
Offline
Joined: 02/02/2021

I'm looking into Ethereum as it sounds like an interesting idea to consider.
Is it possible to prevent people from buying it for purely speculative purposes?

koszkonutek
Offline
Joined: 03/19/2020

> I'm looking into Ethereum as it sounds like an
> interesting idea to consider.

Also way more difficult to implement than hosting a website.

> Is it possible to prevent people from buying it
> for purely speculative purposes?

By 'it' you mean songs or ETH? I don't know the details - just that Ethereum allows one to create a separate cryptocurrency on top of it. For example, someone once made a game where players could exchange and breed "cryptocats". These cats were actually a currency on top of Ethereum and I heard some breeds reached prices of tens of thousands of $'s. As to preventing speculative buying of songs - that has nothing to do with crypto. Provided that I understood your question correctly :)
You just need to know who you are selling to and refuse to sell multiple copies to the same person...

panties
Offline
Joined: 02/02/2021

Is it possible to identify that same person?

NTF looks very attractive and I feel it has the potential to do something interesting in the future in the new community, but the current speculative fever seems to be driven by purely speculative purposes rather than investment in "ownership".
In other words, it seems to me that "the NTF game", like the "consensus" on the value of money, is played by a variety of investors who engage in flashy investment activities in a variety of places, and this is intentionally increasing the value of a digital file that can be easily copied.
It seems to me that investors (and the media) are conspiring to try establishing a "consensus" on the value of ownership of photocopiable digital files to a greater extent than necessary.

To put it simply, isn't it the same as going to an investment bank and being shown a list of investments such as an NBA video, a painting of someone, or a limited edition game card, and then choosing where to invest?
That's what I'm feeling from this NTF boom. The three types of investments I mentioned are hundreds of thousands of dollars (NBA video), hundreds to tens of millions of dollars (digital painting), and three thousand dollars (the game card), respectively. But none of them is something that normal people can afford.

It may be a good thing that the working class, who have nothing to sell but their labor, can dream of getting rich by increasing the value of things they do not expect.
But if the majority of the money flowing through the NTF is from the capitalist class playing games with it, then it looks like the structure is no different from what it has always been. I don't like the attitude of investors that they will invest in anything if it will make them money, and I think it is harmful.
It's a toss-up between the perspective of the so-called general public on NTF and the perspective of the investor class on NTF.

Is this my feeling for NTF wrong?

Also, hosting the website and issuing a new NTF token are essentially the same thing in that context of yours?

edit

koszkonutek
Offline
Joined: 03/19/2020

> Is this my feeling for NTF wrong?

I never thought of it this way. I didn't even know it is called "NTF" before your last post :)
And I also don't feel like going into a "capitalism vs communism" kind of discussion. These lead nowhere...
BTW, shouldn't it be "NFT" instead of "NTF"? For "Non-Fungible Token"? Unless you actually meant something else here.

> Also, hosting the website and issuing a new NTF token
> are essentially the same thing in that context of yours?

Yes, to high extent. However, crypto is not being controlled by any single entity. In case of a website, you - as its operator - would have much more possibilities. And also more responsibilities :)

Also, have you seen this thread?
https://trisquel.info/en/forum/cloudtube-invidious-alternative-update

The LBRY protocol mentioned there could also be interesting to you

panties
Offline
Joined: 02/02/2021

You are right, sorry, I meant NFT.

> And I also don't feel like going into a "capitalism vs communism" kind of discussion. These lead nowhere...

I don't think it is a "capitalism vs communism" kind of discussion, though...
This is because I am neither a capitalist nor a communist. I just don't like investors who invest in even weapons and drugs. Also there are painters like Van Gogh who could be said to have been killed by investment, or rather, the art game.

Anyway thank you for the interesting information. I will think about it.
Thanks for all, too.

panties
Offline
Joined: 02/02/2021

PS: I think centralized systems basically have more advantages than decentralized systems if they are managed by sane people. The problem is that the people running the system usually don't seem to be very sane.

EDIT

koszkonutek
Offline
Joined: 03/19/2020

Centralized systems are indeed more predictable, more efficient when consensus is required, more approachable, etc. The reason decentralized systems like blockchains are in use is because they make it possible to avoid being controlled by a single authority.

Example: PayPal allows easy payments in a centralized fashion. Compared to cryptocurrencies:
- it doesn't require as large fees
- transactions can be recorded faster... well, immediately compared to blockchain systems where for example a block has to be mined
- funds can be relatively easily seized - which makes Paypal difficult to use for criminal activities but also makes it difficult to use by entities like Wikileaks (which had its account there suspended)
- by choice of creators it doesn't use an open protocol (unlike *truly* decentralized blockchain systems for which open protocols are a basis); lack of open protocol in this case means one has to enable PayPal's proprietary javascript to use the service
- by choice of creators and due to legal requirements it offers no anonymity and perhaps also employs additional trackers

Yeah, some of these could look better if there were sane ppl behind it.

panties
Offline
Joined: 02/02/2021

I thought perhaps the same could be said for decentralized systems, but if a decentralized system, or the "federated" system corrupted for some artificial reason, what reason would it be?

My basic idea is that all techniques themselves are transparent, and good or bad (or other concepts) is colored by how it is used. It's easy to understand when you think about drugs.

If a gorilla illogically attacks me, I will use it to incapacitate the gorilla, even if the technology is used to kill living things. On the other hand, freezing food is useful, but it can also be used for torture.

edit:typo

koszkonutek
Offline
Joined: 03/19/2020

> I thought perhaps the same could be said for decentralized systems

Before I respond I would like to know to which of my statements you are referring here.

> but if a decentralized system, or the "federated" system corrupted for some artificial reason, what reason would it be?

It could be a single entity gaining control over most (or at least a big part) of the network. Examples:
- If NSA controls enough Tor nodes, it is going to be able to track users
- If a single entity controls over 50% of some mineable cryptocurrency's mining pools, it can conduct a double-spend attack

> My basic idea is that all techniques themselves are transparent, and good or bad (or other concepts) is colored by how it is used. It's easy to understand when you think about drugs.

That's why I am not saying that centralized systems are inherently bad (for example this forum is also centralized and so far I have no prominent reasons to complain about it). But some technologies/techniques make it easier to crete systems that abuse users. The PayPal choices I mentioned would not be possible or would be less practical in case of a federated system

panties
Offline
Joined: 02/02/2021

> Before I respond I would like to know to which of my statements you are referring here.

It meant that depending on the level of morality of the engineers who built a certain decentralized or faderated system, the technology also will be used for good or for bad.

> It could be a single entity gaining control over most (or at least a big part) of the network.

What do you think about Jami? What kind of undesirable situation can you expect?
Similar to the Tor nodes concern?

I got a bit deeper understanding and reaffirmation that it is still the consensus of all participants in the market that guarantees a digital file is unique. Technology is needed to maintain that consensus, not the other way around. To manage a token, you need a password, and if that password is cracked by quantum computers, or physically tortured and taken away, that token is also taken away.
If one token theft happens, that system is useless, isn't it? Even if I don't say it is useless, but it is not good. As if one public official commits a crime, essentially that country (one centralized system) is already finished.
I feel there is a lack of tension in the civil service and in software.

koszkonutek
Offline
Joined: 03/19/2020

> It meant that depending on the level of morality of the engineers who built a certain decentralized or faderated system, the technology also will be used for good or for bad.

To certain extent yes. It's just a matter of how big influence the engineers have over their system to make sure it is used for good or bad. Centralized system - big influence. Decentralized system - smaller influence.

The more likely engineers are to remain moral the less need for decentralized systems.

> To manage a token, you need a password, and if that password is cracked by quantum computers, or physically tortured and taken away, that token is also taken away.

To access a centralized system you usually also need some kind of password which can also be taken from you. And even here quantum computers can be used to facilitate password theft (e.g. by cracking SSL certificate). I don't see any significant difference between centralized and decentralized in this particular field...

> If one token theft happens, that system is useless, isn't it?

Why? It is surely harms its reputation and in turn causes its value to fall (or rise slower). But if there is a real chance of protecting one's wallet from further thefts (for example through not using proprietary, virus-infected operating system anymore) then why not keep using that cryptocurrency? Ethereum, Bitcoin and others don't seem to have ceased existence, in spite of all the thefts that occured so far. Or perhaps by "useless" and "finished" you meant something different?

> I feel there is a lack of tension in the civil service and in software.

I can't seem to understand your thought. Could you elaborate?

panties
Offline
Joined: 02/02/2021

> The more likely engineers are to remain moral the less need for decentralized systems.

This sounds like the same as a certain kind of decentralized network is less necessary if a certain government agency is functioning sanely (i.e., if no government employee commits "even a single" crime).

> I don't see any significant difference between centralized and decentralized in this particular field...

Yes, so why can't they provide systems that handle cryptocurrencies like Ethereum, for example, that are not "blockchain tamper-resistant" but "blockchain tamper-proof"? If possible, here is a "decisive difference between centralized and decentralized".
If a cryptocurrency system can provide perfect security, and if its adoption rate increases, it will raise further questions about the raison d'etre of some functions of banks, for example, they will be forced to set fees for foreign exchange transfers, which are still unusually expensive, to be competitive with cryptocurrencies. We can see a path where decentralized systems will clearly expose the problems of centralized systems, clean them up, and then rebuild or build a "sane" centralized system.
Even now, from what I read on Wikipedia, cryptocurrency systems like Bitcoin and Ehtereum are far less prone to fraud than existing financial systems, though.
But a layman like me wonders why it is not possible to build a system that is completely fraud-proof. Is it impossible for software to achieve this?

> Ethereum, Bitcoin and others don't seem to have ceased existence, in spite of all the thefts that occured so far.

This is a matter of the number of crimes committed. The more coins are stolen, the more the value of the currency decreases, of course. No one would put their money in such a vault, and no one would invest in such a currency, as you say.
I was talking to a European English teacher and she told me that it often happens that a few dollars at a time are stolen from online bank deposits. And she said it as if it were a common story there. In my country, I think such things rarely happen, even if the amount is small. Maybe both in her conutry and my country though, the police don't take it serious because the amount is so small. Who's raking in those few dollars? Is it the bank? Or is it the little crooks?
I can sort of see the difference between running the same software on a Windows machine with IntelME and even no VPN, and a Cubes machine with coreboot and Tor, but if software can provide complete security on free hardware, then it could be a strong incentive for everyone to use more secure system.

According to 2018 data, the global average penetration rate of cryptocurrencies is 5.5%. Strangely, the penetration rate in African countries seems to be much higher than the global average across the board...
Do you think that the global penetration rate will soon be more than 50% and eventually reach 100%?
If so, then the potential for mining would be still very high. Can't we just use my own machines to calculate and process our own transactions?

I have to keep track of the safety of the tokens I might offer to my customers. I know I've been digressing a bit, but please bear with me.

koszkonutek
Offline
Joined: 03/19/2020

You were downvoted again, what a shame

> This sounds like the same as a certain kind of decentralized network is less necessary if a certain government agency is functioning sanely

Yes, except it's not only government agencies that can cause problems. Consider for example services run by big tech companies like Facebook and Google and privacy abuses these commit as part of their ad business.

> Yes, so why can't they provide systems that handle cryptocurrencies like Ethereum, for example, that are not "blockchain tamper-resistant" but "blockchain tamper-proof"?

Perhaps there are banks that allow you to open ana account in Bitcoin or Eth? And even if there aren't - it might be just a matter of time until they appear. Also, could you clarify the difference between -resistant and -proof? English is not my native lang btw.

> If a cryptocurrency system can provide perfect security, and if its adoption rate increases, it will raise further questions about the raison d'etre of some functions of banks, for example, they will be forced to set fees for foreign exchange transfers, which are still unusually expensive, to be competitive with cryptocurrencies. We can see a path where decentralized systems will clearly expose the problems of centralized systems, clean them up, and then rebuild or build a "sane" centralized system.

Some flaws of centralized systems might get exposed this way. Unfortunately, cryptocurrencies also have their drawbacks, e.g. high transaction fees (you thought these are lower than in banks? well, consider [1]). However, techniques are being introduced to counter such problems (Bitcoin's "Lightning Network" to decrease fees, Ethereum's "proof of stake" to decrease electricity usage, etc.), so crypto should become more attractive over time, just not instantly.

> Even now, from what I read on Wikipedia, cryptocurrency systems like Bitcoin and Ehtereum are far less prone to fraud than existing financial systems, though.

Never heard this opinion. It seems plausible to me, though

> But a layman like me wonders why it is not possible to build a system that is completely fraud-proof. Is it impossible for software to achieve this?

Once you develop algorithms and software that provide certain level of safety, humans become the main problem. As long as users can be tricked into giving away their passwords and private keys, there's no way to eliminate fraud :/

> I was talking to a European English teacher and she told me that it often happens that a few dollars at a time are stolen from online bank deposits. And she said it as if it were a common story there. In my country, I think such things rarely happen, even if the amount is small. Maybe both in her conutry and my country though, the police don't take it serious because the amount is so small. Who's raking in those few dollars? Is it the bank? Or is it the little crooks?

Never heard of such thing. Most of the time I hear about people having their accounts completely cleared + loans taken for their names... But what you're talking about makes sens - theft of a small value (below some treshold) might not classify as a crite under some jurisdictions + it is relatively easy for thieves to fly under the radar this way.

> I can sort of see the difference between running the same software on a Windows machine with IntelME and even no VPN, and a Cubes machine with coreboot and Tor, but if software can provide complete security on free hardware, then it could be a strong incentive for everyone to use more secure system.

Exactly - except a typical John Smith cares about security about as much as donkey cares about deep sea fish ;_;

> According to 2018 data, the global average penetration rate of cryptocurrencies is 5.5%. Strangely, the penetration rate in African countries seems to be much higher than the global average across the board...
Do you think that the global penetration rate will soon be more than 50% and eventually reach 100%?

Idk. Do we even include countries with official bans on cryptocurrencies into the potential market?

> If so, then the potential for mining would be still very high. Can't we just use my own machines to calculate and process our own transactions?

You mean to keep using blockchain but without any more mining? If so, that's what replacing proof-of-work with proof-of-stake is all about.

Btw, sorry for taking so long to reply. I wanted to put some time into other things :)

[1] First MetaGer hit for "bitcoin transaction fees": https://ycharts.com/indicators/bitcoin_average_transaction_fee

panties
Offline
Joined: 02/02/2021

Sometimes I talk about computers with people I know. Most of them don't knoe what FreeSoftwareMovement is. I talk to them carefully. For example, Tesla cars are a hot topic right now. When I first saw a Tesla (it was the last month), I thought it was super cool. It is also faster than Ferrari.
Some of you might not know... but it's a car like Knight 2000 from Knight Rider, and it seems to monitor the owner's activities in detail. And no doubt, all that information will be sent to Tesla, Inc., personally identifiable or not, I don't know. Most people think that the feature, to be monitord everything, would be useful.
Personally, I don't need such a feature, but I seem to be in the minority. I think most people don't care if their information is collected or not. Rather, they say it's convenient.
I personally don't like to be scrutinized for what I've done. If that information is being shared with state agencies, as it seems Snowden accuses, then it becomes more than just a matter of taste and less than something that can be ignored. But I have yet to imagine the worst that could happen from such information collection and sharing. I have read some Mr. Stallman's short story. It may indeed be a situation of concern, but I didn't think it was highly realistic.
Can you explain why you call information collection by a state or a corporation "privacy abuse", rather than harmless?

> you thought these are lower than in banks?

Yes.

> could you clarify the difference between -resistant and -proof?

The tamper-proof is not tamper-resistant, it means that impossible to tamper with. Tamper-impossible.

> Once you develop algorithms and software that provide certain level of safety, humans become the main problem. As long as users can be tricked into giving away their passwords and private keys, there's no way to eliminate fraud :/

So is it theoretically impossible to have a system where you can't give away your password or private key of a cryptocurrency account?
Is it impossible for a computer illiterate grandmother to use her Android phone to manage her cryptocurrency account as easily as she manages her existing bank account, without having to remember passwords or manage private keys?

> Do we even include countries with official bans on cryptocurrencies into the potential market?

Oh, I didn't know there are countries like that... 
My question meant, nowadays, every individual of a certain age probably has a bank account in every country, but I wonder if having a crypto wallet will become as popular as a bank book, which everyone usually has.

I'm looking into proof-of-work and proof-of-stake. Which system do you prefer? and why?

> Btw, sorry for taking so long to reply. I wanted to put some time into other things :)

No, I had other things to worry about, too. No problem at all. Take your time.

koszkonutek
Offline
Joined: 03/19/2020

> Sometimes I talk about computers with people I know. Most of them don't knoe what FreeSoftwareMovement is. I talk to them carefully. [...] I think most people don't care if their information is collected or not. Rather, they say it's convenient.

Same here. That's so sad

> I have read some Mr. Stallman's short story.

I referred to him this way too on some occasion. From his website I learned - however - that the normal way people usually refer to him is just "rms".
As to the story itself - could you provide a link? I have read some of him but probably not this particular piece.

> Can you explain why you call information collection by a state or a corporation "privacy abuse", rather than harmless?

Honestly, I think in most people's minds these 2 don't contradict each other...
Anyways, I's certainly a matter of respect. Even if abusive collection of my data doesn't bring any direct, immediate consequences that would be unpleasant, I still consider it bad - because showing disrespect to someone is evil (unethical if you prefer) by itself. Sadly, most people don't feel the way I do...
Of course, that's not the only reason to reject such companies. Another one is that such data collection might have bad long-term outcome if we assume third parties might get into its possession (which most often happens). We can predict some of the possible negative effects of wrong usage of personal data (e.g. being unable to get a loan, falling victim to smart, targetted scam) but not all.
Yet another issue is that companies like Google and Facebook threaten user freedom in various other ways and feeding them our personal data means making them even more powerful, which we don't (or at least shouldn't) want.

> The tamper-proof is not tamper-resistant, it means that impossible to tamper with. Tamper-impossible.

Then blockchain is surely *not* tamper-impossible. I think achieving distributed consensus with 100% certainty in a finite time is an unsolvable problem by itself (look up biazntine generals). Blockchain solves it by making each new block confirm previous ones. The more blocks are attached in the chain after certain block X, the less likely X is to ever be discarded from the blockchain. In practice this means that if we consider a sufficiently old block, we can know with estimated 99.9999999% certainty it is going to remain in the blockchain forever, which is enough for us. If, however, someone had anough computing power to produce (via proof-of-work) an alternate chain that forks from the main before X, omits X and grows longer than the original, then that person is able to "change history" of the network and perform a double-spend attack. It is most likely to happen with smaller networks with less miners, like EthereumClassis.

Also, there is always possibility of some side-channel attack on a theoretically tamper-resistant system. E.g. algorithm used by the system is good but program that implements it has a bug and someone exploits it.

> So is it theoretically impossible to have a system where you can't give away your password or private key of a cryptocurrency account?
> Is it impossible for a computer illiterate grandmother to use her Android phone to manage her cryptocurrency account as easily as she manages her existing bank account, without having to remember passwords or manage private keys?

It is possible. But then there're other attack vectors, like borrowing grandmother's phone to "send a message".

> My question meant, nowadays, every individual of a certain age probably has a bank account in every country, but I wonder if having a crypto wallet will become as popular as a bank book, which everyone usually has.

I don't think it's impossible. But I suppose conventional banks will, at some point, offer accounts in cryptocurrencies and in the end many people will be using these without having actual wallet installed :/

panties
Offline
Joined: 02/02/2021

> Honestly, I think in most people's minds these 2 don't contradict each other...

But there are actually those who actually find it useful to have information collected by companies.
Personally, I find it particularly annoying that if some people are providing my personal information to state agencies or selling it for money. But I can't criticize them because I don't really understand the flow of information (in the same sense as the flow of money).
But it's so off-topic that I might start another thread on it soon.

I feel like I got a bit much better understanding of blockchain.
Maybe that means that it is practically impossible to tamper with the system, especially on large blockchains, but it is possible to try to tamper with it. Thank you very much.
Also, no matter which asset management method we choose, in the end, we have to manage our own assets to some extent.

When a bank goes bankrupt with huge debts, how has the depositor's deposit been guaranteed? A lot of taxpayer money (insurance money) has been spent in various countries to "maintain a sound financial system", but has there ever been a soundly functioning financial system? Though, I admit that it works to some extent, just like the corruption of law enforcement agencies that I mentioned at the bottom of the thread.
The sense of security that we have always had, that banks are the safest place to deposit money, is something that all Japanese people have gained by paying for insurance.
However, it seems that the payoff has not been triggered in Japan yet, but if a more serious financial crisis or something occurs, the assets we have deposited in the bank could be taken away. As fate would have it, cryptocurrencies might one day try to destroy the existing financial system to see if it is viable. I have a feeling that there might come a time when we will not be allowed to take the easy attitude of "I feel safe because I have my money in the bank" and "I should just do it because everyone else is doing it," without even trying to understand why we feel safe, if we want to keep our money safely.

The phrase "because everyone else is doing it" can be found in many fields, and is sometimes referred to as "inertia" in this forum too.
In the world of finance, this might challenge us in the form of the pain that many of us experience when our deposits disappear.

I personally don't want to put any more money in the bank, because moral hazard in a fundamental sense is almost 100% inevitable in the existing banking system. Also there is no guarantee that hyperinflation will not occur in our country.
The reason why the penetration rate of cryptocurrencies is so high in African countries is maybe because the aforementioned "insurance system for the entire nation" is more difficult to function than in developed countries due to the weakness of the currency value?
It may become common sense for the new generation to manage their own assets on a decentralized system using free hardware and software, including wallets. It's more difficult than going to a bank, showing your ID, getting a bankbook and a card, and managing it, but it doesn't look that difficult if even junior high school students are taught properly in school.

I did some research on biazntine generals and found it inreresting.

koszkonutek
Offline
Joined: 03/19/2020

> But it's so off-topic that I might start another thread on it soon.

I look forward to it :)

> I personally don't want to put any more money in the bank, because moral hazard in a fundamental sense is almost 100% inevitable in the existing banking system. Also there is no guarantee that hyperinflation will not occur in our country.

Good point. Encourages thinking. It feels like I might use it at some point. Thank you

> The reason why the penetration rate of cryptocurrencies is so high in African countries is maybe because the aforementioned "insurance system for the entire nation" is more difficult to function than in developed countries due to the weakness of the currency value?

Perhaps. Other factor that came to my mind just now is conventional banking being less popularized - the % of people already having bank accounts is smaller than in developed countries, people are less used to having bank accounts and might thus be more open for something new.

However, there's something strange in this. Cryptocurrency fees are high. Pays in poor countries are low. In some african countries Bitcoin fee is comparable to average monthly pay. That should make it almost impossible for people to use BTC. Are they perhaps using smaller cryptocurrencies more? Or are most african users rich oligarchs?

> but it doesn't look that difficult if even junior high school students are taught properly in school.

That would be interesting. Is it likely to happen? Probably not so soon, since cryptocurrencies are hard to control and hence less appealing to ruling parties. But in the long term - who knows?

> I did some research on biazntine generals and found it inreresting.

Nice to know :)

panties
Offline
Joined: 02/02/2021

>> but it doesn't look that difficult if even junior high school students are taught properly in school.

> That would be interesting. Is it likely to happen? Probably not so soon, since cryptocurrencies are hard to control and hence less appealing to ruling parties. But in the long term - who knows?

I wish there was a fun GPLed game in the repo that could simulate cryptocurrency management, even if it's 2D. Or maybe I should teach those effeminate kids that...

panties
Offline
Joined: 02/02/2021

I was wondering, if all digital files can be copied, it would be easy for, say, a state agency to fabricate a crime and create a criminal. It may not be possible if you are using a high-security machine, but you can still fabricate a crime, for example, if you put the file into the machine while it is being seized.
Even if a person possessed an illegal file, it would be impossible to prove that he or she owned it in that sense, right? It is quite different from finding and recording guns, drugs, and other prohibited items in the act. It is a fool's errand for a law enforcement agency that has committed even one crime to prove possession of such an item in the first place. The reason is that any agency that has faked even one crime will lose credibility on its own.
This is the reason why a state agency should not commit even a single crime. It is because it is impossible for a state institution that has committed even one crime to prove a certain crime based on its own credibility. Because no matter what they say, they have no credibility.
If the investigator brings in illegal substances into the criminal's house during a search and pretends he found them, a crime will be committed.
Proving a crime inherently would not be possible without the assumption that state officials do not "ever" commit crimes.
It is impossible to prove even physical possession of illegal substances, but proving illegal possession of digital files seems to be even a ridiculous act in that sense, doesn't it?

I'm sure this has already been discussed, but can anyone give me their perspective on this?

koszkonutek
Offline
Joined: 03/19/2020

I think credibility is not a binary quality. At least not in practice. While a law enforcement agency that commits some crime obviously loses some of its credibility, I'd still call it more credible than one which commited 10 times more crimes withinin that same timespan.

As to crime provability - there are many cases where people who were sentenced later turn out to be innocent. I don't think there's any state that claims it doesn't do such mistakes. Most ppl consider it acceptable as long as mistakes are not common and crimes are not being committed too often. The possibility of mistake is one of the arguments agains death penalty. I wish the public also applied it to other kinds of punishment...

panties
Offline
Joined: 02/02/2021

> I think credibility is not a binary quality. At least not in practice. While a law enforcement agency that commits some crime obviously loses some of its credibility, I'd still call it more credible than one which commited 10 times more crimes withinin that same timespan.

True. But it sounds like saying a murder killed one person is better than a murder killed 9 people.

> As to crime provability - there are many cases where people who were sentenced later turn out to be innocent. I don't think there's any state that claims it doesn't do such mistakes. Most ppl consider it acceptable as long as mistakes are not common and crimes are not being committed too often. The possibility of mistake is one of the arguments agains death penalty. I wish the public also applied it to other kinds of punishment...

This is a problem that could be solved if investigations were totally transparent, but I have never really thought about how to increase the transparency of it.
For example, if they brought up the state secret, the information won't opened.
Personally, I would like to ask the President of the United States where the need to have any state secrets is, but it would be impossible, so I would have to do something about it, after studying it.
I've never really thought about the death penalty. I can't say anything about it casually, but for example, Japan is considered a safe country internationally, but it has the death penalty.

edit

koszkonutek
Offline
Joined: 03/19/2020

> But it sounds like saying a murder killed one person is better than a murder killed 9 people.

Not necessarily analogous. I think we should compare law enforcement agencies with other law enforcement agencies. If there are thousands of people working in one such agency, it is going to be impossible to prevent every single one of them from acting wrongly. Hence, every big agency will, at some point, commit some crime. Althought this is bad, the agency can still present well relative to other agencies that commit more crimes.

In case of individuals we have a completely different scale. Very few individuals commit murder, hence murderer, morally, scores very low compared to the majority of people. The equivalent of murder in case of law enforcement agencies could be e.g. genocide.

> This is a problem that could be solved if investigations were totally transparent, but I have never really thought about how to increase the transparency of it.

That reminds me of one TPB issue. Apparently, there is some transparency in Sweden.
Unfortunately, I don't think transparent investigations completely solve the problem. Even if things like invetigation reports were publicly disclosed, an officer could just lie in such report.

> For example, if they brought up the state secret, the information won't opened.

Or worse - a lawsuit against a law enforcement agency that committed a crime will be dismissed

panties
Offline
Joined: 02/02/2021

It is frustrating that there is so little we can do, even though the world has become so decent that we can have this kind of conversation openly. Compared to the Resistance during the World Wars, there seems to be a lot more we can do, especially we have the Internet... Apparently, people in the free software movement are well aware of the state of the world beyond the computer world, and computers are everywhere and involved in almost every area of our lives, but it seems to me that they tend to be conservative and say, "All we can do, or all we should do, is only protect software freedom". At best, this means narrowing down the problems to be tackled, but at worst, it seems that they are trying to confine themselves to the computer world without touching the problems that even can be solved.

koszkonutek
Offline
Joined: 03/19/2020

> Apparently, people in the free software movement are well aware of the state of the world beyond the computer world, and computers are everywhere and involved in almost every area of our lives, but it seems to me that they tend to be conservative and say, "All we can do, or all we should do, is only protect software freedom". At best, this means narrowing down the problems to be tackled, but at worst, it seems that they are trying to confine themselves to the computer world without touching the problems that even can be solved.

Uhh, was this supposed to be an allusion to me?

If so, please accept the explanation that on this particular forum I am trying not to dive too deep into political issues. After all, this place is primary related to software freedom and I know how big an argument a simple mention of other ideological topics can cause.

Consider copyright. When it is mentioned, forum users partition into those against copyright and the proponents of the GPL.

Also, someone from freesw movement who knows how to operate a computer and how to write programs might not actually have the skill (e.g. charisma) required for fruitful participation in politics.

However, if you consider RMS, he also takes voice over matters other than sw freedom. And perhaps we could find other freesw hackers who do too - except in such cases I seem to disagree with them quite often, which makes me (yet again) want to confine our relations just to software topics :/

panties
Offline
Joined: 02/02/2021

> Uhh, was this supposed to be an allusion to me?

No. This is my impression of free software users in general, and I wasn't addressing you in particular.

> I know how big an argument a simple mention of other ideological topics can cause.

Yeah...

> (e.g. charisma)

If they feel that there are clear inequalities in today's society, and if they have even a vague idea of their personal ideal worlds, they don't need any particular technology, I think, though. Or rather, the skill will be born on its own to bridge the gap between reality and ideal.

> However, if you consider RMS, he also takes voice over matters other than sw freedom. And perhaps we could find other freesw hackers who do too

Yes, I know that RMS picks up the news daily.

https://www.stallman.org/archives/2021-mar-jun.html

It's probably one of the best and least time-consuming news sources out there, but unfortunately you can't read it as an email newsletter. It's a huge archive, so I haven't read it at all, but I would if I could subscribe to it as an e-newsletter. If I understand politics dialectically, it hasn't been too much of a problem so far, but from now on I should probably check the news. I get so fed up with all the depressing news, though...

Magic Banana

I am a member!

Offline
Joined: 07/24/2010

Subscribe to https://stallman.org/rss/rss.xml in your RSS reader. Trisquel (not Mini) has Liferea in its default install. Its default email client, Icedove allows to create a "New" "Feed Account" from its main menu too.

panties
Offline
Joined: 02/02/2021

Hm :m Well, I guess I could say that this RSS thing might be useful.