MozillaFoundation / mpa-cryptomancer-challenge

A repo for the Mozilla Privacy Arcade Cryptomancer Challenge, part of the 2017 Global Sprint
Other
11 stars 5 forks source link

We need real-world inspiration. #10

Open chadsansing opened 7 years ago

chadsansing commented 7 years ago

Have you learned about a real-life online safety and inclusion struggle?

Share a general description here (without including personal information) by commenting below to help us make our adventures relevant and timely.

fabiocosta0305 commented 7 years ago

One that could be good...

Thinking on Federated Networks, like Mastodon or Diaspora...

A Kingdom uses some "servers" into enemy lines, using encrypted magic systems that replicated vital intel via those lines...

However, recently some of the main spies of those kingdoms where found dead... After some intel was sent by them via those networks?

The enemies had took the identification of them? Or they had somewhat spoofed the magical systems?

I'll refine this idea... It was my speed idea on the concept, and need to ser more about cryptomancer setting for more information.

Maybe even I'll do this multi-system. :)

chadsansing commented 7 years ago

That's very neat, @fabiocosta0305 - server spies. Looking forward to following this idea.

BrotherPhil commented 7 years ago

How about something like TOR - groups of people who swap crystals randomly from a bag linking them to others in the group, including some who link this to the public shardnet? Possibly even some sort of mechanism to help them? I have an image of a number of concentric wheels with crystals on them, which the cryptomancer then bridges with their hands. I'll probably have to change this when I've read the rules, but might they glow when they need attention?

cryptomancer-actual commented 7 years ago

@fabiocosta0305 @BrotherPhil

These are all awesome ideas, and concepts I haven't really explored before in the text. So run with it!

There is one short story in the core book that suggests that the Risk Eaters have figured out how to geo-locate the source of otherwise perfectly untraceable communications on the Shardnet by using geo-graphically dispersed golems. By comparing logs, and seeing how long it took a message created on the Shardscape to reach each of the golems separately, they can theoretically determine the approximate location of the sender.

So, if that's the case, then the good guys (?) would need something akin to TOR to avoid being located and snatched up by the Risk Eaters. One idea could be a Proxy Golem. Basically, the good guys never communicate with someone directly over the Shardnet, because the bad guys might be able to geo-locate them (if the sender is using clear-text or encrypting with keyphrase they know)... instead, they send the message to the Proxy Golem (by encrypting with it's true name), who then forwards the message to the recipient (by encrypting with whatever keyphrase or true name specified in the payload of the original message).

Because no one, except the proxy golem, can listen for message encrypted with it's True Name, the Risk Eaters would be unable to detect and triangulate the location of the source. Yes, they could absolutely find the location of the Proxy Golem (which is relaying messages with a breakable/guessable keyphrase) and compromise it (which could lead to all kinds of bad/evil man-in-the-middle stuff). Of course, a Proxy Golem would either 1) not keep logs or 2) dispose of logs after a brief period.

Anyways, if a group of agents was using this type of system, and it was infiltrated by the bad guys, and now the agents are disappearing because they are being led to their deaths, there ya' go.

Edit... wait a sec, I just realized that @tromand designed a roaming/migratory Golem in Issue #15 ... so yeah, we now have the building blocks for a Cryptomancer TOR network!

cryptomancer-actual commented 7 years ago

Ok, I'm gonna' keep riffing with this because I'm excited about it.

1) To "join" this fantasy TOR network, you need to learn the true names of one of the Proxy Golems. These names are kept secret... you almost have to know someone in real life and learn one of the names that way. The reason these are kept secret is because once the Risk Eaters learn their names, they start DDoS'ing the Proxy Golems in order to destroy them.

2) Proxy Golems can reset their true names to something else when they are under DDoS attack. That stops the attack entirely, but now we have a very interesting problem... how do you distribute the new true name to the community of users in a secure fashion? What's interesting here, is that in the 1980's and early 1990's, there were pirate BBS (bulletin board systems) that would be shut down. You connect to a BBS by calling it's phone number with your modem. But if that number gets shut down by Ma Bell, and you set up new phone number to replace it,, how do you distribute that new phone number to your users? Probably through computer magazines and other BBS's. Here, we have the same interesting issue.

3) Lastly, and this is really exciting to me... what if the Risk Eaters distribute a true name to the community that actually doesn't point to our fantasy TOR Proxy Golems, but actually points to a Golem that the Risk Eaters control (so they can spy on everyone's communication)? In real life, we have Certificate Authorities (CAs) that tell our browsers whether or not we can trust that an SSL certificate on a webpage that uses HTTPS actually belong to who they say they belong to. In Cryptomancer, we don't have anything like a CA. We'd have to 1) rely on trust in our communities, and 2) validate the source of information and ensure it isn't "fake news" when everyone says "Yes, use this True Name, it's the replacement."

tromand commented 7 years ago

@cryptomancer-actual my idea of the golemphid was inspired by your short story on geolocalisation :)

chadsansing commented 7 years ago

I wonder, also, about the original idea of a Tor-like network among individual shard holders. Kind of like the anti-Risk Eaters; risk-carriers or risk-holders. A shadow network of people willing to hold/wear multiple shards to keep information moving in ways that are difficult to track.

BrotherPhil commented 7 years ago

Might we have something like certificate charms - possibly some kind of spell that could be said in person or over a shardnet link that would enchant - for example - an amulet or a ring to change colour or glow if a message had been encrypted with the correct charm (and presumably do so in another way for a forged charm). This might also permit the use of a SGNS (Secure Golem Name Servant) Who could provide golem names for people with the appropriate certificate charms. Presumably we might be able to do Charm Servants in a similar way, able to provide the Public Charms for CAs and individuals - I can envisage cryptomancers possible having charm bracelets, or perhaps amulets that can hold several charms, to authenticate a chain of certificate charms. Maybe, in the same way that people exchange business cards, cryptomancer might take charms of of their bracelets and exchange them, to enable secure communication in future. Or for that matter, one might place the appropriate charm on a business card, so that the text changes to indicate security status. In game, the appropriate incantations might be something similar to the word list signaturesused for verifying PGP and GPG keys, perhaps?

chadsansing commented 7 years ago

Certificates sound like a cool area of exploration for Cryptomancer, @BrotherPhil.

BakuDreamer commented 7 years ago

You need a blind signature. And the people who you get that from -- are actually blind ! They're a sect of blind magic users. Here's an opportunity to introduce the ' astral eyes ' psychometry thing too.

On Fri, Jun 2, 2017 at 3:02 AM, Chad Sansing notifications@github.com wrote:

Certificates sound like a cool area of exploration for Cryptomancer, @BrotherPhil https://github.com/brotherphil.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/10#issuecomment-305745288, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRfSZnsXEdQn2RYq6TjsRWisHLA_dks5r_93TgaJpZM4NHxb9 .

fabiocosta0305 commented 7 years ago

Thinking on Cryptomancy, anyone had thought on something like blockchain on it?

chadsansing commented 7 years ago

@fabiocosta0305, that sounds like a question for @cryptomancer-actual.

Thinking on Cryptomancy, anyone had thought on something like blockchain on it?

cryptomancer-actual commented 7 years ago

@fabiocosta0305 Code & Dagger Vol I, pages 22-23 "Credit Shards and the EchoChain Ledger" has something somewhat similar to a blockchain...

BrotherPhil commented 7 years ago

@fabiocosta0305 Great minds clearly think alike - the same thing occurred to me - time to do some reading, if it's finally got to my kindle.

cryptomancer-actual commented 7 years ago

@BrotherPhil I think you're really on to something. Here's sort of where my brain went with the idea... So one of the "problems" in Cryptomancer, when it comes to public/private key crypto in the setting, "True Name / Soul Key" are 1) bound to an individual, 2) cannot be changed/revoked, 3) there is great risk in sharing your "True Name" with someone. From a game design perspective, this is a feature not a bug, but it comes with serious baggage. For example, you may meet someone on the Shardscape and want to share your True Name with them, or vice versa, so you can communicate with maximum privacy. But what if they turn out to be a bad guy? Or what it someone is eavesdropping on that conversation (i.e. they know what keyphrase you are using to have this encrypted conversation in the first place). Or what if your True Name gets harvested from that person via the "Mind Read" spell or an interrogation?

Anyways, I think the idea of physical charms (like magic rings, amulets, etc., in most fantasy settings) might be a really interesting way to allow people to participate in public/private key crypto without having to risk giving out their True Name. Basically, you would have a magic ring that has a True Name (public key), and the only person who can decrypt messages encrypted with that True Name is the personal physically wearing the ring.

cryptomancer-actual commented 7 years ago

...to extend this idea into CA territory, assume you have a guild of Dwarven artificers creating these rings. When they sell one to a customer, they add the rings true name and the customer's common name to a registry. So you can have this example.

Alice: "My name is Alice, my charm's True Name is dsapoijghdsgaewoigh"

Bob, hops on the Shardscape, "Hey Artificer guild, who owns dsapoijghdsgaewoigh?"

Artificer Guild: "Chuck owns dsapoijghdsgaewoigh"

Bob now knows that 1) Chuck is masquerading as Alice, or 2) Alice stole Chuck's ring.

The Artificer Guild is basically the CA now. Just like any SSL certificate, a ring can and will provide a public key for good solid crypto, but unless you have a CA telling you that yes, that certificate saying it's Microsoft really actually belongs to Microsoft, you don't actually know who your recipient really is.

cryptomancer-actual commented 7 years ago

@chadsansing The best candidate for anti-risk-eater-establishment are the Couriers, mentioned briefly in Cryptomancer, but expanded heavily in Code & Dagger vol I as an organization running a powerful anti-conspiracy against the Risk Eaters. They are like the Post Office of Cryptomancer... "Snow, sleet, or hail the messages must get through and they must be private."

chadsansing commented 7 years ago

That's right, @cryptomancer-actual.

BakuDreamer commented 7 years ago

This is what I thought too, that they're like this Secret Post Office that's helping you, even if you don't know them. ( Sort of like Robert DeNiro in 'Brazil' as the municipal repair ' terrorist ' , " We're all in this together ... " )

On Fri, Jun 2, 2017 at 6:23 AM, Chad Sansing notifications@github.com wrote:

That's right, @cryptomancer-actual https://github.com/cryptomancer-actual.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/MozillaFoundation/mpa-cryptomancer-challenge/issues/10#issuecomment-305785797, or mute the thread https://github.com/notifications/unsubscribe-auth/AakbRWN_g-C4EW7Ffjnf0FhCEqJT8Ocwks5sAAzlgaJpZM4NHxb9 .