/g/ - Technology

install openbsd

[Make a Post]
[X]





Technological /nano/nymity Nanonymous No.9823 [D][U][F][S][L][A][C] >>9833
File: b421286b0b645410a781623bf9b6f0f21ecbe87351f3c6cdc71c1b23916d4b65.jpg (dl) (328.76 KiB)
Anonymity describes situations where the acting person's name is unknown. Some writers have argued that namelessness, though technically correct, does not capture what is more centrally at stake in contexts of anonymity. The important idea here is that a person be non-identifiable, unreachable, or untrackable.

Security is freedom from, or resilience against, potential harm (or other unwanted coercive change) caused by others. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change.

Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals.



Nanonymity is Anonymity + Security + Privacy, discuss nanonymity, take the /nano/pill.

Nanonymous No.9826 [D]
I completely agree.

Nanonymous No.9833 [D] >>9834 >>9837
>>9823
I like this concept, and I want to be able to write blogposts about it for normal fags to read, but I don't think that the name would work. I would tell them that privacy is insufficient, and what they really want is nanonimity, and they would say "why is it called that, that doesn't make any sense". I was thinking about this the other day, as I was reading a blog post by mozilla, explaining how facebook's new whatever is very private. I wanted to be able to explain that "privacy" is insufficient, but it wouldn't make any sense to try bringing up the word nanonymity. In short: we need a better name.

Nanonymous No.9834 [D] >>9835 >>9837
>>9833
"Nano" means small. It it is the minturization of privacy + security + anonymity.
Someone just needs to add it to UrbanDictionary.

Nanonymous No.9835 [D] >>9837 >>9853
>>9834
Minimize what you share
Minimize your attack surface
Minimize your identity

Nanonymous No.9837 [D][U][F] >>9848
File: 645cf3346bf3c213ad31c5d8b208db06352bb1d3358b4880afdebc55906aaa8e.jpg (dl) (6.04 KiB)
>>9833
>I like this concept, and I want to be able to write blogposts about it for normal fags to read, but I don't think that the name would work.
>...and they would say "why is it called that, that doesn't make any sense".
I'll start with saying that the idea of nanonymity wasn't mine, another nanon wrote about it in a post that i can't find anymore(i don't have a version of the database recent enough to search for it).
Explaining anonymity, security and privacy in a way that makes sense for normalfags can be a really hard task, lot of time even if they say that they understand these concepts, they get it just at a superficial and abstract level and in reality they don't get the more deep and practical implications.
Usually these half-initiated people are the ones that falls for all the fake privacy/security initiatives, like Mozilla stuff(Firefox, Firefox Tracking Protection, Firefox Send, Firefox Lockbox), shilled VPNs, shitty privacy extensions(Privacy Badger, Ghostery), "privacy" focused mail providers(ProtonMail, Secmail), shady public DNS(Google DNS, Cloudflare 1.1.1.1), cloud password managers, antiviruses, just to name a few.
This is all stuff that either doesn't work as advertised or works against the user in some way or another, but still people fall for it cause it gets heavily advertised, "private" and "secure" are the marketing buzzwords of 2019 and cause they have never used something that is actually well made and respects your anonymity, security and privacy, and this is why i like the term nanonymity, you don't have to explain anything at all about it, you just have to show people Nanochan as an example of applying these concepts in the real world and make them understand how simple really is to achieve this.

>>9834 >>9835 also have good points, making your technology and how much you depend on it more nano is one of the best ways to increase privacy and security.

So a good way to explain the term could be the metaphor of the minimization(nanomization?) of technology and saying that the term originated on a forum that applies the concept in practice.

As an alternative we can make another term that doesn't involve nanochan sure, but i can't really think of anything to be honest.
If we come up with something else good we can keep nanonymity as our own slang.

Nanonymous No.9848 [D]
>>9837
It was this post:
http://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/g/9174.html#post9259

Nanonymous No.9850 [D] >>9851 >>9853
Anonymity and privacy are mutually exclusive. People usually hold the reasonable middle ground between the two.
>Privacy is the ability of an individual or group to seclude themselves, or information about themselves
Acknowledged.
>The important idea here [Anonymity] is that a person be non-identifiable, unreachable, or untrackable.
Acknowledged.

How to achieve private communication between the two? To somehow give yourself the trackable id, either some sign system or just a public key. If you don't do that, you might as well be talking to a wall or to a MitM.
This contradicts the "non-identifiable, unreachable, or untrackable".
How to achieve anonymous communication between the two? You have to find a 3rd party to organize a "meet", be it some shady corner or some web forum. That way your communication partner won't have your id. However, you sacrifice at least the fact that you (with some information on who you are) two met to the 3rd party. If you don't have any specific "neutral ground" to play (don't do the above), you are playing on YOUR own turf.
So, that contradicts the "seclude themselves, or information about themselves".

The "privacy + anonymity" systems are all therefore leaky and you have to trust them for some specific scenario. Not that I hate it, I wouldn't post here otherwise, but this is important to say when you talk about "privacy + anonymity". There is no "plus". It's "slash" at best.

Nanonymous No.9851 [D] >>9853 >>9854
>>9850
There's is always better. Perfection (in this case, total, 100% nanonimity) isn't literally attainable.
But, I don't think privacy and anonimity are mutually exclusive.

Just as when any part of nanonimity is discussed elsewhere anywhere, things are taken relatively and reasonably, not all-or-nothing. Why would this be anything different?

I think these definitions/meanings make the most sense (from Wordnik->The American Heritage® Dictionary of the English Language, 5th Edition):
Privacy:
The state of being free from public attention or unsanctioned intrusion.
Anonyimity:
The state or quality of being anonymous or without a name, or of not declaring one's name; anonymousness.

Nanonymous No.9853 [D] >>9855
>>9850
Privacy and anonymity are not mutually exclusive. First of all, privacy doesn't have to apply to groups: if an individual is doing something alone, privacy means that no one else sees what they are doing. Second, if a number of people are in a group chat, privacy means that no outside observer can determine the contents of the chat, whereas if the members are anonymous, then that means that no one in the chat can tell who the other members of the group chat are; ie. their real names etc. Third, it's been argued in the past that "metadata", ie who's communicating with who, is public information that isn't subject to privacy. Adding on anonymity makes this obviously inane: even if it doesn't breach your privacy for others to know who you're talking to (it does), it definitely breaks your anonymity.

>>9851
>The state of being free from public attention or unsanctioned intrusion.
I don't like "unsanctioned", because it implies that as long as you agreed to the ToS, then it's fine. Maybe something more like "being observed by the minimal number of parties in order to carry out an action". So if I send a message to someone, then obviously they need to see it, but no one else does. If I'm alone at home making lunch, then no one needs to be watching for me to do that.
>The state or quality of being anonymous or without a name, or of not declaring one's name; anonymousness.
This is the literal definition of the word, but I think most people understand it to relate to making your identity small. If I gave you a list of every post I'd made on this board, then that would make me less anonymous, even though it wouldn't let you see my name. If I put something in the name field one time, but never did again, this doesn't make me less anonymous, even though I have a "name". So maybe something more like "enabling the correlation of a given action with the fewest number of other actions by the same person"

I actually really like the definitions from >>9835, especially since it would make the word "Nanonymity" easier to explain without having to link back to a thread on an obscure darkweb imageboard.

Nanonymous No.9854 [D] >>9857
>>9851
>things are taken relatively and reasonably, not all-or-nothing.
It's not all-or-nothing, it's more of either-or.
> The state of being free from public attention or unsanctioned intrusion.
If you try to anonymize in that scenario, you take a risk of a 3rd party ratting you out. In case of a web forum, it could be compromised or datamined. If you don't try to anonymize, there is no risk (even datamining isn't exactly possible), unless the 2nd party betrays you. But if the 2nd party is to betray, you might as well say there was no privacy to begin with.
> The state or quality of being anonymous or without a name, or of not declaring one's name; anonymousness.
If you try to become private in that scenario, you assign the id to yourself, because if you don't, there is no meaningful way to tell who you are. An example, Alice the drug buyer, Bob the drug seller and Carl the fed, nobody can identify each other reliably:
Anonymous (Alice): Sup!
Anonymous (Bob): Hi!
Anonymous (Carl): Hi.
Anonymous (Alice): I'd like to purchase some drugz.
Anonymous (Bob): Sure, it would be that much.
Anonymous (Alice): Cool, that's a deal, how do we meet?
Anonymous (Carl): Let's meet over there.
*Alice goes to the meet with Carl and gets deanonymized*

I agree that's some awkward and a bit unrealistic example (no feedback on Bob on that shit) but it is mostly to illustrate how easily privacy is intruded when there is no identity. In other words, Man In The Middle.

It is not a technical flaw. It is a social feature. It is basic logic. Tread lightly.

Nanonymous No.9855 [D] >>9857
>>9853
>First of all, privacy doesn't have to apply to groups: if an individual is doing something alone, privacy means that no one else sees what they are doing.
It is not a useful scenario to explore.
If you don't turn on your computer and don't connect to the Internet, nobody there can see you.
If you don't say anything on the Internet, nobody can read your messages there.
You get the picture. You are absolutely private because no one can see you and absolutely anonymous because there is nobody to hide from. There is no public at all.
>Second, if a number of people are in a group chat, privacy means that no outside observer can determine the contents of the chat
If anybody can enter the chat, the chat is public.
If only selected few can enter the chat, they revealed some of the identities to the person/persons who approved their enter.
>if the members are anonymous
That means there could be dataminers/traitors in the chat. If you trust them, then you know why, then they're not anonymous.
>Third, it's been argued in the past that "metadata", ie who's communicating with who, is public information that isn't subject to privacy.
In general, it is, because there are scenarios when even disclosing that kind of information is "undesirable".

Nanonymous No.9857 [D] >>9860
>>9855
>It is not a useful scenario to explore.
it is a useful avenue to explore: join an IRC channel, you will see both your privacy and your anonymity violated.

For the rest of your argument: this is why I define anonymity and privacy over some action. If my goal is to chat with random anons on the internet, then I can do that with strong anonymity, privacy, or both. If I want to chat with particular people, then I probably need to give up anonymity (they do, at least). If I want to chat with lots of anons at once, then I probably need to give up privacy (again, they do). But there could be a chat-roulette type thing, where you're paired with a random anon in a super-secret channel. It wouldn't be very useful, is I think your point, but it could happen. But it doesn't strictly imply a trade-off. All it means is that certain actions require you to sacrifice small amounts of either anonymity or privacy.

Take the drug example from >>9854. I want to guarantee that I don't get honeypotted by a fed. Can I sacrifice a little bit of privacy to increase my anonymity? I don't see how, it seems unlikely. If I say "mail to this address" publically, then the feds will wait by my postbox. Can I give up a little anonymity to increase my privacy? Again, I don't think so. If I give the dealer a picture of my driver's license, the dealer might happen to be a fed. What you're seeing here is that there is a baseline level of both privacy and anonymity that needs to be sacrificed in order to sell/buy drugs, but not a trade-off per se.

Nanonymous No.9860 [D] >>9862
>>9857
>it is a useful avenue to explore: join an IRC channel, you will see both your privacy and your anonymity violated.
What does it have to do with the "I do everything alone" scenario?
>this is why I define anonymity and privacy over some action.
The point is that over any action there will be a tradeoff.
>But there could be a chat-roulette type thing, where you're paired with a random anon in a super-secret channel.
Chat-roulette will know whatever ids the users provide. Those ids could be used by attackers to intercept communications. It's pretty challenging and would require a fair bit of the chat-roulette to be compromised, but it's not impossible.
>But it doesn't strictly imply a trade-off. All it means is that certain actions require you to sacrifice small amounts of either anonymity or privacy.
The point is the one will require to sacrifice the other, exactly. Nobody said it's black and white. We're both private in a sense that aside from people who know about this place and maybe occasional .onion crawlers, nobody knows what we're doing here (that's actually quite a bit lol). We're both anonymous in a sense that aside from our post ids and post metadata, there is nothing else identifying us, at least strictly (which could be circumvented too, but whatever).
>I want to guarantee that I don't get honeypotted by a fed. Can I sacrifice a little bit of privacy to increase my anonymity? I don't see how
>Can I give up a little anonymity to increase my privacy? Again, I don't think so
That's why you should make loyal IRL friends lol.
If you're deep in the anonymity game, you might be very fucked, as there is no way to build trust (the privacy), and trustless systems are limited in use. Mutually exclusive pal.
But that's a talk for another time. Anyway,
> Take the drug example from
Don't be stuck on that example alone. Take the DH key exchange, the main idea behind any TLS connection and many more secure communication solutions. DH makes any public link absolutely cryptographically secure and gives a guarantee that within a given session, you are talking to the same entity (unknown). Though, obviously, the link can become intercepted by a MitM, who can impersonate both sides just like all mitms do. Or Alice and Bob could have shared their public keys (+privacy, -anonymity) beforehand meaning Carl will be either kicked out from the connection (not really, rather Alice and Bob could just drop it) or listen to seemingly random data (asymmetrically encrypted between Alice and Bob).
>not a trade-off per se.
It just is. You can look at it that way:
- Anonymous action is some action to be REVEALED to a certain circle or to everybody WITHOUT disclosing the IDENTITY of the author
- Private action is some action to be HIDDEN from anybody not involved (means it's REVEALED for anybody involved) or from everybody (action that is not revealed cannot be anonymous, see above - anonymous action is revealed) when [some sort of] the IDENTITY is already PRESENT (if there is no identity, the hidden action is not anonymous, see above - anonymous action is revealed)

That might contradict with what I said about that weird corner case of nobody but the sole actor knowing anything, but I think there is no point in defining anonymity without any audience involved, so these two latter definitions look more right. It really works with the explanations given above. Once the identity is set, you can hide. If not, you're public, i.e. graffiti on a wall or whatever.

Nanonymous No.9862 [D] >>9873
>>9860
To make your rebuttal of the chat-roulette example more concrete: I visit a website, and give them my public key. They give me the public key of some random anon. We start chatting. But the key I got might not be the other anon's, it might be Evelyn's, who is now reading everything we type. Without identity, you can't resolve Sybil attacks. And without resolving Sybil attacks, you can't have any idea if one person or 100 can see what you're doing. This is a good point anon.

>What does it have to do with the "I do everything alone" scenario?
If you post messages, then you need to decide whether your messages will be private or anonymous. If you don't post any messages, then you don't have to decide, I think. So if you visit nano, then the admin sees you visit, but has no idea who you are. No one else sees you visit. If you join an IRC channel, then everyone sees you join, and they can see who you are (based on hostname). Basically, I think there is a distinction to be made of reading versus posting. You can still read anonymously and privately, even if you can't have both when posting.

Nanonymous No.9863 [D] >>9874
Privacy is the capacity to withhold personal information, and anonymity is the capacity by which one is untraceable and unidentifiable. These definitions are more befitting in the current discussion, than the ones given above. We now see, that anonymity does not violate privacy, that is to say, the more one is anonymous, no less is one private; or anonymity does not negatively affect privacy, nor privacy anonymity. Therefore anonymity and privacy share no mutual relation.

Nanonymous No.9873 [D]
>>9862
>Basically, I think there is a distinction to be made of reading versus posting. You can still read anonymously and privately, even if you can't have both when posting.
>the admin sees you visit, but has no idea who you are
This is actually too vague.
The clearnet site may have "no idea who you are" because all it knows is your IP address in general. If this is the identity, then you're not anonymous to the site. It is private from others if the link to the site is secured somehow. I suppose what can be added also is that if you have LESS of privacy/anonymity you DON'T GAIN anonymity/privacy, so it's kinda one-sided.
With Tor though, the act of communication is you -> tor -> onion/clearnet site.

So, to expand the statements onto Tor in general:
With Tor, what you do is still ultimately delegate privacy (as long as you connect via IP address you want to hide) to the Tor system in order to get anonymity for your actions through Tor. If Tor decides to track you, you cannot really do anything about it. It's hard for Tor to "decide" it though, because nodes are run by the volunteers around the globe and iirc clients just look up the global list of nodes and generate the circuit accordingly. An obvious thing Tor could do in that scenario (client looks up a list of nodes to pick from) is to provide them with a fake list of fed nodes lol. Actually do tell me how exactly Tor works in that scenario, because I was UNABLE to find the exact circuit establishing procedure fast (in a form of a concise webpage).

To conclude,
>the admin sees you visit, but has no idea who you are
You reveal your privacy to Tor in order to anonymously browse nano. You also reveal your page requests within a "circuit session". Also if your reading has a pattern than can be tracked between sessions, that's another one. I suppose it's small but it opens a possibility to datamine and target nonetheless, as opposed to just reading a book which cannot speak and cannot memorise anything you've done to it.

Anyway your post and others clearly made me realize the concept needs some clear separation of concerns - separation of actions to perform and of people to hide from/show to. Without that even your mom is anonymous and private because the president of the US has no idea what exactly she browses on the Internet and who the fuck she is. Maybe using casual words (pri/ano) is bad for it because they are too loaded.
Also another thing is that the principle becomes kinda mitigated by using a lot of tradeoffs of privacy/anonymity, but it still applies. It's just that meaningful privacy/anonymity is achieved when "there is no reasonable way to learn about you"/"there is no reasonable way to track you".

Nanonymous No.9874 [D]
>>9863
Just for the sake of it, let's apply it to your definitions too.
>Privacy is the capacity to withhold personal information
>anonymity is the capacity by which one is untraceable and unidentifiable.
It doesn't have to be about "personal" information but it's still applicable.
First, there are going to be people who know some personal information about you, that's a given unless you've never seen anyone in your entire life.
Since they know it, withholding means being able to keep it from leaking further. That means not talking about it ever outside the designated circles (different circles hold different secrets) ever. That means you are perfectly "identifiable" every time you talk about it within those circles. I will repeat: if you don't leak that information to the outside, you're identifiable because the inside already knows you.
Now, if you want to talk about something personal anonymously, you leak the exact information you have talked about. Now that information is as good as public. For example, I could theoretically mirror this site into comments of Twitter of some celebrity or whatever else, or I could tell my friends that people discuss privacy issues here. This is public now. As for your example, you could ask how to cure gut parasites or something, and that's a huge privacy leak from you. If you provide more identifying bits, you could lose anonymity altogether but that's behind the scope of the talk I suppose.

Hope this clarifies something.