1. 23
  1.  

  2. 12

    Note that link only uses old art for illustrative purposes, but depending on how strict your employer is it may be NSFW.

    EDIT: Seems like this has been flagged off-topic.

    Here, let me point out the bits of the article that are relevant to a practitioner here:

    1. It demonstrates a PoC of storing data cheaply and indefinitely on the ETH blockchain.
    2. It shows the pipeline used for doing that PoC.
    3. It serves the images directly from the blockchain.
    4. It provides the source code for the PoC.

    So, by any reasonable metric, this is a solid (if somewhat cheeky) bit of on-topic material here. Please don’t downvote things until you properly understand their context and relevance, because it lessens the utility of that flagging for genuinely bad actors.

    (And if your knickers are in a bunch over the title…well, don’t shoot the messenger.)

    1. 4

      You say “somewhat cheeky” for what I would call sexism. And you chose to deliberately propagate that part of the message wrapped up with technical content.

      The palantir article you complained about so much was a better aubmission than this.

    2. 7

      This risk isn’t new. In his SCM Security essay, David A. Wheeler described an attack where something negative was inserted into a potentially-immutable repository that made it necessary to remove whole thing if it stayed:

      “On April 11, 2004, Dr. Carsten Bormann from the University of Bremen sent me an email about a specialized attack that he terms the “encumbrance pollution attack”. In an encumberance pollution attack, the attacker inserts material that cannot be legally included. To understand it, first imagine an SCM with perfectly indestructible history. The attacker steals developer credentials, or is himself a malicious developer, and checks in a change that contains some encumbered material. “Encumbered” material is simply material which cannot be legally included. Examples include child pornography, slanderous/libelous statements, or code which has copyright or patent encumberances. This could be very advantageous, for example, a company might hire a malicious developer to insert that company’s code into a competing product, and then sue the competitor for copyright infringement, knowing that their SCM system “can’t” undo the problem. Or a lazy programmer might copy code that they have no right to copy (this is rare in open source software projects, because every line of code and who provided it is a matter of public record, but it proprietary projects do have this risk). Any SCM can record a change that essentially undoes a previous change, but if the history is indestructable and viewable by all, then you can’t get rid of the history. This makes your SCM archive irrevocably encumbered. This can especially be a problem if the SCM is indestructably recording proposals by outsiders! An SCM system could be designed so that a special privilege allowed someone to completely deletion the history data of illegal changes, of course. However, if there are special privileges to delete history data, it might be possible to misuse those privileges to cause other problems.

      One mechanism for dealing with an encumberance pollution attack is to allow specially-privileged accounts to “mask” history elements; i.e., preventing access to certain material by normal developers so that it’s no longer available, so that the material isn’t included in later versions (essentially it work like an “undo” against that change). However, a “mask” would still record the event in some way so that it would be possible to prove that the event occurred at a later time. Perhaps the system could record a hash of the encumbered change, allowing the encumbered material to be removed from the normal repository yet proving that, at one time, the material was included. A “masking” should include a cryptographic signature of whoever did the masking. This mechanism in particular requires careful design, because the mechanism should be designed so that it doesn’t permit other attacks. “

      So, one would need to ensure there was a deletion procedure. Originally, I thought everything encrypted with system just deleting the keys. If any were kept, then keeping the original might be considered in courts as distribution (bad thing here). So, deletion out of official repo might be necessary. My concept was rebuilding it from whatever was certified by multiple parties minus what wasn’t in predictable order or whatever. Also, this reiterates the need for access control on who can submit things in the first place and whether we should require approval by trusted parties on anything somewhat immutable.

      1. 4

        So, are there, say, naked children in the blockchain yet? Either they are or they will be…

        1. 4

          Yeah, the bitcoin blockchain has URLs for pedophile sites. I don’t know if those sites are still up, but the urls will be there forever.

        2. 3

          More interesting examples on what is stored in the blockchain (illegal numbers etc.) can be found here: http://www.righto.com/2014/02/ascii-bernanke-wikileaks-photographs.html

          1. 7

            And we wonder why women leave the computing industry at a faster rate than men….

            1. 6

              Why? Because a male programmer choose to demonstrate this concept by showing paintings of boobs instead of penises? He could have, of course, demonstrated this with something else, but this clearly gets the point across of how bad it can get without being completely obscene, or actually committing data that would confirm the problem to begin with.

              1. 6

                I’ve noticed that a lot of men have a problem with seeing other men’s penises. There’s a certain threat factor involved with an exposed penis. Consider how many men act grossed out at the thought of other men being nude for an extended amount of time in the locker rooms. Why are they so nude? They must be pedophiles getting off from exposing themselves. Even worse if they’re older men, their nudity is doubly threatening.

                Anyway, my point is, yes, choosing breasts was a very gendered, male choice.

                1. 7

                  The author explains it quite plainly:

                  Immutability is a double-edged sword. Transaction data stays forever, which is good. But a wicked mind could leverage immutability to store harmful images or texts about a third party FOREVER, with the goal of inflicting social damage. Once stored, it is irreversible. And it interferes with the Right to be forgotten. Think about a spiteful vengeance in the context of a lovers’ spat or a relationship break-up. That’s why I’ve used artistic boobs, as a fun analogy

                  1. 4

                    Does everything have to be political? Can you not just see what he’s doing and look at the intent instead of trying to insert some unrelated narrative?

                    1. 5

                      That ship sailed a long time ago, sibling.

                      1. 6

                        Does everything have to be political?

                        He made it political in the first place by choosing breasts. If you don’t want people to discuss human anatomy, pick something else as an example, something that doesn’t bring the same kind of attention. We are frail, social creatures and that means politics.

                        1. 5

                          I don’t see how breasts are remotely political.

                          1. 2

                            Obviously, doctor, you’ve never had to deal with hearing the public’s opinions about your breasts.

                          2. 4

                            pick something else as an example,

                            The danger of picking something else is that the entire danger will be lost on the casual reader. “Oh noes!!!! I can put flowers in the block chain and they are forever!!!! AAAAAHHHH WHAT WILL I DO???” v. my immediate reaction of “I sure hope my daughters, in 8 years, don’t start snapchatting breast picks to their so called friends who make it impossible to delete, forever!”

                            1. 1

                              If you don’t want people to discuss human anatomy, pick something else as an example, something that doesn’t bring the same kind of attention.

                              something that doesn’t bring the same kind of attention.

                              Maybe that’s the meta reason? To get everyone wound up and subconciously realize what this post is really about?

                      2. 7

                        I popped into the comments to say the same thing. I suppose I can see why he thought using those pictures was apt, but I think the point could’ve been made just as strongly using any image.

                        1. 3

                          Your remark, true or not, is not germane to this topic and will likely only lead to flaming.

                          If you can’t say anything about the technology, don’t say anything at all.

                          1. 9

                            If you can’t say anything about the technology, don’t say anything at all.

                            It seems to me that you’re encouraging the self-censoring of one viewpoint under the guise of maintaining neutraity. When the dispute is between “this is in poor taste” and “there is nothing wrong with this”, silence on the subject is an implicit endorsement of the latter.

                            1. 5

                              My point is that that dispute is uninteresting and off-topic compared to the technology.

                              1. 2

                                When the dispute is between “this is in poor taste” and “there is nothing wrong with this”, silence on the subject is an implicit endorsement of the latter.

                                You are perfectly free to find something in bad taste. And you’re free to express that opinion. But trying to constitute an argument out of it, for the purpose of holding people to a standard you haven’t met yourself, is illegitimate. Extremely fashionable, but still not valid.

                          2. 4

                            Once stored, it is irreversible. And it interferes with the Right to be forgotten.

                            Good. We can’t just make up crazy shit backed by unenforceable laws and call it a “right”.

                            1. 6

                              Could you explain what you mean by this comment? It’s not clear to me how right to be forgotten is both crazy and any more unenforceable than, say, a speeding violation.

                              1. 3

                                How is it enforceable? How would you enforce it? In which court of (which) law?

                                Rights are hard to define. I can come up with the Right to endless free money. Amnesty Internatinal can make free education as big a right as not getting killed for your opinions. The United Nations can charter a bunch of more reasonable rights.

                                But rights, as such, exist only to the extent people are willing and able to enforce them.

                                1. 4

                                  How is it enforceable? How would you enforce it? In which court of (which) law?

                                  So, if something is unenforcable in some jurisdictions or technologies, it ceases to be a right?

                                  Like it or not, but IP and privacy enforcement on the web are one of the few places that are rather well-trodden in front of courts and their answer is quite practical: takedowns. And if you can’t take down a part, take down the whole. Blockchains are not ephermal things that are beyond or above borders, but at all places at the same time. That makes this a messy problem, but a problem nevertheless.

                                  I think the example the article picks is a really good one, because removing those pictures is a very reasonable request. Note that this may also backfire tremendously for the person submitting those pictures, as they may be asked to unpublish them by a court or face additional fines. “I cannot - for technical reasons - depublish what I posted” is a really bad defense facing an injunction.

                                  Rights are hard to define. I can come up with the Right to endless free money. Amnesty Internatinal can make free education as big a right as not getting killed for your opinions. The United Nations can charter a bunch of more reasonable rights.

                                  I don’t think thats a very useful way of having that discussion. If you go down that route, no rights exist.

                                  1. 3

                                    No, it doesn’t “cease to be a right”, it never can have been a right in the first place. The word means something. Rights aren’t just anything that we decide it would be nice if everyone had; they’re the essentials for the existence of society. Anything that is subject to the vagaries of time and place and technology, is not a correct statement of a right. Anything that isn’t realizable in this universe, is not a correct statement of a right. More importantly, anything that, to be granted, requires you to do violence on people, and to violate even more fundamental rights, is not a correct statement of a right. There might be some general principle in there that can be asserted as a right, but then again, maybe not. Maybe people are just talking about regulations, but framing them in terms of rights to lend unwarranted gravitas to their arguments.

                                  2. 3

                                    How is it enforceable? How would you enforce it? In which court of (which) law?

                                    Starting next May it’s a law in Europe so it will be enforceable then. Although it’s not going to be a light switch, as GDPR (General Data Protection Regulation) is a big technical investment so many companies need to show they are on the path with a reasonable deadline.

                                    I don’t see why this is different than any other right. Free speech is a right in America but not in Europe. Right to be forgotten is law in Europe but not America. Does it make any of these less “rights”?

                                    1. 3

                                      Free speech is a right in America but not in Europe.

                                      You are severely mistaken: https://en.wikipedia.org/wiki/Article_10_of_the_European_Convention_on_Human_Rights

                                      1. 1

                                        I was referring to:

                                        https://en.wikipedia.org/wiki/Laws_against_Holocaust_denial

                                        The argument that laws punishing Holocaust denial are incompatible with the European Convention on Human Rights and the Universal Declaration of Human Rights have been rejected by institutions of the Council of Europe (the European Commission of Human Rights,[6] the European Court of Human Rights[7]) and also by the United Nations Human Rights Committee.

                                        From an American view of free speech, that is limiting it.

                                        1. 2

                                          From an American view of free speech, that is limiting it.

                                          As opposed to http://www.jewishvirtuallibrary.org/anti-bds-legislation ?

                                          The US is not the golden standard here. Maybe it never was.

                                          1. 1

                                            I did not read every entry in there, so if there is a specific one to read please point to it. But of the ones I did read: none of them infringe on a citizen’s right to free speech. They limit what kind of organizations the government can do business in.

                                            The US is not the golden standard here. Maybe it never was.

                                            No, and it was never claimed to be. This free-speech side step took an off-hand remark I made to point out that there are differences in how different countries interpret certain rights. It’s really got nothing to do with the point of this thread.

                                            1. 0

                                              none of them infringe on a citizen’s right to free speech. They limit what kind of organizations the government can do business in.

                                              Tell that to Roger Waters: http://www.haaretz.com/us-news/1.801930

                                      2. 2

                                        The law doesn’t create rights. It either safeguards them, or it curtails them. One is the cause of peace and prosperity, the other is the cause of chaos.

                                        1. 2

                                          Rights dont exist. They’re man-made notions or rules to make life smoother for the group making them or harder for some other group. That this universe imposes a 100% death rate even knocks out the supposed right to life. That most creatures will experience misery, desparation, and/or a painful death knocks out the myth of right to happiness.

                                          These things don’t exist. They’re figments of your imagination. In real world, there’s natural circumstances/traits with the rest beliefs and actions of those that possess them. Fortunately, some of us were born in countries that believed in protections (aka “rights”) for their citizens. They often differ quite a bit further supporting my claim.

                                          1. 2

                                            Everyone’s heard the “spooks” shpiel before; even given that it is literally the case that rights do not physically exist, they are platonic objects that exist in people’s minds and are still not created by laws.

                                            1. 2

                                              They exist as much as mathematics or physics exist. Yes, all of the concepts that we use to work with them had to be “invented”/discovered, but both logically and practically, some ideas work and some don’t. Some are right, and some are wrong. And the ideas that are right, if we’ve done a proper job of figuring them out, are right throughout the universe. Clearly there’s still some figuring out to do, but that’s not the same thing as arbitrariness. Legislating a “right” that doesn’t exist or denying one that does is like legislating pi to 3. You can do it, but the results won’t be entirely happy.

                                          2. 1

                                            Starting next May it’s a law in Europe so it will be enforceable then.

                                            How does the EU plan to enforce it when they don’t have the capability to remove content from immutable public data structures, like blockchains? This is what the GP was presumably asking.

                                            1. 1

                                              In general: someone complains about someone specific (eg an exchange) hosting something, and the EU sues the exchange for continuing to host that content.

                                              Will be an interesting test case.

                                              1. 1

                                                Ok, sure, and now you’ve sued some random third party who also doesn’t have the capability to take down the content. The law is still not being enforced.

                                                1. 1

                                                  The law is still not being enforced.

                                                  I’m not sure I grasp the point you are making. With any law, one can construct a situation where enforcing, or even discovering the law has been violated, is difficult to impossible. That doesn’t mean the law has no utility. In my experience, in most cases companies want to abide by the law and laws like GDPR give users the ability to specify how they want their data used. The law codifies a way people want to interact with companies to control this. It’s not going to cover The Fappening. And it doesn’t even necessarily mean data will or can be taken down. But it does mean, by and large, companies are incentivized to not do the wrong thing and this will be enough for a vast majority of situations. And if it’s not, the law will eventually change.

                                                  1. 1

                                                    They can’t get it off the chain, but they do have the ability to stop serving that content to others, which is all the law in question let’s you ask for.

                                                2. 1

                                                  Oh, that’s easy.

                                                  You ban all devices capable of running non-EU-approved computer programs. You know we’re on that road anyway.

                                            2. 3

                                              “The right to be forgotten” can be equivalently stated (using the same analogy) as “the right to destroy someone else’s memories by force”.

                                              You have the right to control your own data, whether it’s a belief stored in your head or some bits stored on your computer.

                                              As for how it’s unenforceable; look at the OP. You can embed data in immutable, censorship-resistant systems. “The right to be forgotten” goes against entropy and the human spirit. As Mr. Brand said, Information wants to be free.

                                              1. 4

                                                You have the right to control your own data, whether it’s a belief stored in your head or some bits stored on your computer.

                                                Why is this necessarily true? For human memories, sure, but for computer, how is that a right? Governments can and do destroy copies of data. In particular, GDPR is laws around how companies need to act. These companies want to abide by the law.

                                                As for how it’s unenforceable; look at the OP. You can embed data in immutable, censorship-resistant systems. “The right to be forgotten” goes against entropy and the human spirit. As Mr. Brand said, Information wants to be free.

                                                I don’t really understand about how it’s going against the law of entropy or human spirit. For starters, doesn’t entropy mean information is being reduced over time? Secondly, GDPR is about what restrictions companies need on their data. If the data gets leaked, that is one thing, but GDPR isn’t about security in that sense it’s about “if you have data, these are the restrictions on what you can do with it”. It’s all pretty reasonable and it’s an extension of what companies like Google and Facebook have already been trying to do in some ways.

                                                To put it another way, if a company included customer data on an immutable censorship-resistant system where the customer did not explicitly give them agreement to do that, that company can face penalty. So just because you can construct a system that has these properties doesn’t mean nobody will be punished for it.

                                                But perhaps you are taking “right to be forgotten” too literally? This is just colloquial talk for the laws and thought that lead to GDPR, nobody literally means trying to wipe the minds of other people if someone chooses to be forgotten.

                                                1. 1

                                                  Governments also detain people without trial and censor politically inconvenient writing. That doesn’t imply that habeas corpus and freedom of the press aren’t rights.

                                                  What’s the moral difference between bits encoded in meat and bits encoded in silicon? How about when the silicon is physically inside your head?

                                                  Entropy does not mean information is being reduced over time. More disordered states contain more information. Information is increasing, while regular structure (negentropy) is decreasing. When two systems interact, information spreads from one system to the other. That’s how entropy grows.

                                                  “Right to be forgotten” legislation allows people to force companies to delete data they already have. It’s not an a priori restriction on what data can be acquired. Plenty of people have forced Google to remove search results about their name. Spinning it as a uniform restriction on data collection is misleading and inaccurate.

                                                  Do you think I’m an idiot? Why would I interpret “right to be forgotten” as a legal injunction against someone’s brain? It’s an analogy; so much of our person today lives outside of our heads, in our smartphones and online storage. The amount of personal information outside of our heads is only going to get bigger. If you can use the law to reach into someone else’s data and break it (which is what current European legislation does, except that it hasn’t been used against an individual yet to my knowledge), this is at some level tantamount to lobotomizing the person.

                                                  1. 0

                                                    Do you think I’m an idiot?

                                                    My comment had no judgement in it. I was attempting to cover as many possible interpretations as possible, mostly to avoid extra round trips. I’m not sure the tone you had in your head when you wrote this but I feel I’ve been genuine, kind, and thoughtful in this back and forth and to accuse me of claiming you’re an idiot when my comment states nothing of the sort is really unfortunate. Please try to be conscious that maintaining a civil comment thread is not easy and give those you reply to (or at least me) some slack and assume the best in what they said. If your tone was meant to be joking, that did not make it through for me.

                                                    What’s the moral difference between bits encoded in meat and bits encoded in silicon? How about when the silicon is physically inside your head?

                                                    AFAIK, we don’t really have this situation to worry about yet. But if/when it does happen, whatever company puts it in your head and allows you to store customer data in there will have to do it in a way that corresponds to the law assuming they want to be a law abiding company. Most likely this means that whatever silicon touches the data stores it encrypted and has to go through some ACL system to decrypt it. But there are lots of solutions out there. Situations where a person could be harmed in some way to enforce that will likely be dealt with on a case-by-case basis because reality is messy and laws are a guideline and people get to interpret them at the end of the day.

                                                    If you can use the law to reach into someone else’s data and break it (which is what current European legislation does, except that it hasn’t been used against an individual yet to my knowledge), this is at some level tantamount to lobotomizing the person.

                                                    I don’t actually understand the situation you have in mind when you wrote this. But the way the law works is if you are going to store personal information you have to store it in a way that corresponds to the requirements of it. It doesn’t let someone arbitrary break someones data (I’m not really sure what that means). It does give clear requirements to those storing the data. I’m really struggling to understand what point you’re trying to make. It’s not like everyone in the world is running every system on a blockchain.

                                                    1. 1

                                                      I don’t know if you intended it, but this:

                                                      But perhaps you are taking “right to be forgotten” too literally? This is just colloquial talk for the laws and thought that lead to GDPR, nobody literally means trying to wipe the minds of other people if someone chooses to be forgotten.

                                                      is incredibly condescending. If you want to give some slack to the people you’re replying to, at least assume they aren’t mentally deficient and can understand an obvious analogy.

                                                      But if/when it does happen, whatever company puts it in your head and allows you to store customer data in there

                                                      What do you mean by this? I would put it in my head, not a company. If you mean the person I hire to put it in my head, why should they exercise any control over the contents of my body and mind?

                                                      No one “allows” me to store data about people in my head; I just do it, and damn anyone who tells me I can’t.

                                                      So do you, or do you not, think it’s acceptable for governments to dictate the contents of people’s heads, whether meat or silicon?

                                                      But the way the law works is if you are going to store personal information you have to store it in a way that corresponds to the requirements of it. It doesn’t let someone arbitrary break someones data

                                                      Again, this is just straight up wrong. I’m trying to be charitable, but it’s hard.

                                                      http://www.bbc.com/news/technology-27423527 http://searchengineland.com/google-right-to-be-forgotten-form-192837 https://www.theguardian.com/technology/2015/aug/20/google-ordered-to-remove-links-to-stories-about-right-to-be-forgotten-removals http://time.com/103381/google-right-forgotten-takedown-requests/ http://www.washingtontimes.com/news/2014/jul/11/politicians-criminals-using-right-be-forgotten-law/

                                              2. 1

                                                Could you explain what you mean by this comment? It’s not clear to me how right to be forgotten is both crazy and any more unenforceable than, say, a speeding violation.

                                                It all boils down to changing the past. If you became the butt of jokes for an entire country after your public porn got some attention, this law gives you the false hope that by censoring undesirable digital content you’ll also cancel people’s memory of it.

                                                Sometimes, the rude awakening that you can’t edit the past is enough to push you to suicide: https://en.wikipedia.org/wiki/Tiziana_Cantone

                                                1. 1

                                                  Perhaps you’re taking the word “right” more seriously than is meant. It was the name used prior to the GDPR legislation and it’s really about putting restrictions on what companies can do with your data. It’s not about trying to clean out the internet in the case of your data being leaked.

                                                  1. 2

                                                    It’s not about trying to clean out the internet in the case of your data being leaked.

                                                    It kind of is: https://en.wikipedia.org/wiki/Right_to_be_forgotten