The Ur-Quan Masters Home Page Welcome, Guest. Please login or register.
Did you miss your activation email?
July 28, 2017, 08:51:07 pm
Home Help Search Login Register
News: UQM development migrated from Subversion to Git

+  The Ur-Quan Masters Discussion Forum
|-+  The Ur-Quan Masters Re-Release
| |-+  Starbase Café (Moderators: Michael Martin, fossil, Lukipela)
| | |-+  Nutrition
« previous next »
Pages: 1 ... 6 7 [8] 9 Print
Author Topic: Nutrition  (Read 1138 times)
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #105 on: July 05, 2017, 12:18:02 am »

Quote
Look, I am not proposing that it should be sent to my private computer, but more like a super secure gmail account which only I have access to.

I know that.

Quote
That server could very well be made so that individuals could log in and look at their own data, but they wouldn't have any possibility to edit their data.

Correct, it could be designed to allow the citizen to look at the existing data. Not add new data. If the citizen could add data, then they would be able to add incorrect data, thus changing the dataset. You could claim to be buying celery when you're actually buying ice cream, for example. Therefore, the data would have to be added by the store. For the store to do that, it would need to know what the account is. And since, as you said, the people would be required to identify themselves to "access" their account (and adding information is a type of access), there simply isn't a way to design this in a way that would prevent the store, and by extension the government, from being able to determine which account is yours.

At best, it would be possible to hide the secret key from the government if the citizen generates their own secret key and is responsible for decrypting it and sending it to researchers. It wouldn't work that way, though, because it would be too complicated. Even if it did, there would still be ways to loosely link your now unencrypted data to your identity.

The main point I'm getting at here is, for your system to work, it necessarily follows that the government, and probably several other individuals, can learn your entire life's purchase history. You simply cannot design a system to work the way you are imagining. This has very little to do with security and more to do with the contradictory goal you are trying to accomplish.

Quote
Maybe you can get a bank card that is related to a bitcoin account

Bitcoin is not anonymous. If you want to make payments online anonymously, the best way is to pay cash for a prepaid debit card or VISA/Mastercard gift card, then use that.

Quote
But you should know that most people don't care nearly as much about their privacy as you might

Yes, and that is a tragedy. That's not really relevant to what we're talking about, however. The fact that most people don't care is not a justification for violating essential liberties. It could be that most people in the U.S. don't care about freedom of non-Christian religion. That does not justify turning the U.S. into a Christian theocracy.
« Last Edit: July 05, 2017, 12:20:37 am by Julie.chan » Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #106 on: July 05, 2017, 12:28:41 am »

Correct, it could be designed to allow the citizen to look at the existing data. Not add new data. If the citizen could add data, then they would be able to add incorrect data, thus changing the dataset. You could claim to be buying celery when you're actually buying ice cream, for example. Therefore, the data would have to be added by the store. For the store to do that, it would need to know what the account is. And since, as you said, the people would be required to identify themselves to "access" their account (and adding information is a type of access), there simply isn't a way to design this in a way that would prevent the store, and by extension the government, from being able to determine which account is yours.

The store knows for example which bank account is related to my purchases. They send this information encrypted to the server. The server then recognizes that this bank account belongs to me.

Lets imagine that they just sent this information to google, and google figured out that it belonged to me, since I was registered with that bank account. Now, how would the store figure out my google ID?

Secondly, if I want to use this information to participate in research, I don't give away my google ID then either. Then it is sent from another anonymous user ID, which has nothing to do with my google ID.

« Last Edit: July 05, 2017, 12:39:42 am by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #107 on: July 05, 2017, 12:47:24 am »

Quote
The store knows for example which bank account is related to my purchases. They send this information encrypted to the server. The server then recognizes that this bank account belongs to me.

Lets imagine that they just sent this information to google, and google figured out that it belonged to me, since I was registered with that bank account. Now, how would the store figure out my google ID?

Even ignoring the fact that people buy things for other people all the time, all you've done here is re-route the problem to the bank. So now it's the bank the government compels to reveal your information.

Quote
if I want to use this information to participate in research, I don't give away my google ID then either.

So let me get this straight. You are saying now that this would be non-compulsory? You don't have to send your data to research centers, or anyone?

If that is the case, why is it necessary to compel people to save this information in the first place?
Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #108 on: July 05, 2017, 12:50:49 am »

Even ignoring the fact that people buy things for other people all the time, all you've done here is re-route the problem to the bank. So now it's the bank the government compels to reveal your information.

The bank would just send information about my bank account to the server, with my social security number for example. Then the server would know that it is my bank account, since I am registered there with that social security number. They still don't have any clue about  my user/login ID.

Now you are just going to say that I have re-routed the problem to the government, since they gave me my social security number. But here is the beauty of it. The government first opens an account with your social security number. But the first time you use the account, you need to change your user ID (either of your own choosing, or a randomly assigned user ID), and the government won't have any clue about what that new user ID is. Still,  your social security number will be assigned to your account.

It should also be possible for you to change your user/login ID, whenever you want.

So let me get this straight. You are saying now that this would be non-compulsory? You don't have to send your data to research centers, or anyone?

I have said that all the time.

If that is the case, why is it necessary to compel people to save this information in the first place?

Because some people might want to know what information is stored about themselves, some might want to use it for their own endeavors, while others might want to participate in such a research project.
« Last Edit: July 05, 2017, 01:14:28 am by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #109 on: July 05, 2017, 01:25:11 am »

Quote
The bank would just send information about my bank account to the server, with my social security number for example. Then the server would know that it is my bank account, since I am registered there with that social security number. They still don't have any clue about  my user/login ID.

Then you're re-routing the problem to whomever runs the server. Now it's the server operators the government goes to. What's more, by using this method, you are ensuring that the server operators can see all the data on the server. That just makes it even easier for the government to track your purchases. No trickery needed.

Quote
But the first time you use the account, you need to change your user ID (either of your own choosing, or a randomly assigned user ID), and the government won't have any clue about what that new user ID is.

That doesn't solve anything.

Quote
Because some people might want to know what information is stored about themselves, some might want to use it for their own endeavors, while others might want to participate in such a research project.

That's a terrible reason to mandate the collection of data. Unless they have a warrant to do so, the state should not be collecting data about you at all. And to use the data yourself, you can easily record it yourself and answer surveys.
Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #110 on: July 05, 2017, 01:38:08 am »

Then you're re-routing the problem to whomever runs the server. Now it's the server operators the government goes to. What's more, by using this method, you are ensuring that the server operators can see all the data on the server. That just makes it even easier for the government to track your purchases. No trickery needed.

Oh really. Then I am sure Linus Torvalds has access to all the Linux computers in the world, since he releases the Linux kernel. Or that whoever develops the different Linux distributions have access to all the Linux computers that use the different distributions. For example, the people developing Debian have access to all Debian computers in the world. The people developing Arch Linux have access to all the Arch Linux computers in the world, etc. It would be easy for them to make it like that, if it wasn't open source... That is why I don't trust Windows and MacOS, but I do trust in Linux and open source.  So no problem. Just make it into a Linux server, and make the system open source. The people developing the system don't need to have any more access to my account, than Linus Torvalds and the people developing Arch Linux has to my computer.
« Last Edit: July 05, 2017, 01:43:23 am by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #111 on: July 05, 2017, 01:43:49 am »

Quote
Then I am sure Linus Torvalds has access to all the Linux computers in the world

Please don't argue from ignorance. It's fine if you don't understand how servers or cryptography work. But when you say things like this, it just makes you look arrogant.

I said server operators. As in, the people who own the server. Owning the server being used is not the same as developing a program being used.

Since I know you know little about this topic, I should explain briefly what a server is. A server is a computer which is connected to the Internet and provides services. Whoever owns that computer (the server) can control what it does and access everything on it.

It's great for the server owner for the server to be running only libre software. That protects them from malware. But it means essentially nothing to people who only access the service provided by the server, because the server owner can do whatever they want.
Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #112 on: July 05, 2017, 01:46:36 am »

I said server operators. As in, the people who own the server. Owning the server being used is not the same as developing a program being used.

It doesn't necessarily need to have any operators. Just people that develop and update the system.

Whoever owns that computer (the server) can control what it does and access everything on it.

You know, even at this computer, I can just create another user, and encrypt the folder of that user. Even though I have administrator access on this computer, I wont have any access to that encrypted folder unless I know the encryption passphrase. I can delete the user and his folder, but not access his folder. The assertion that a server owner can access everything they want is nonsense. I think you have a basic misunderstanding about what encryption is.
« Last Edit: July 05, 2017, 02:12:58 am by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #113 on: July 05, 2017, 02:51:49 am »

Quote
It doesn't necessarily need to have any operators.

Yes, it does. All servers do. The operator would likely just be the owner, which yes, all servers have to have. It's just like any other equipment.

Quote
You know, even at this computer, I can just create another user, and encrypt the folder of that user. Even though I have administrator access on this computer, I wont have any access to that encrypted folder unless I know the encryption passphrase. I can delete the user and his folder, but not access his folder. The assertion that a server owner can access everything they want is nonsense. I think you have a basic misunderstanding about what encryption is.

There's a big difference between not being able to access something and not being able to understand something.

But as I have been trying to explain to you, it is not possible for the owner of the server to be unable to know what something on the server is unless it never does the decryption or encryption. If the encryption and decryption is done at the bank, the bank can read it. If the encryption and decryption is done on the store's computer, the store can read it. If the encryption and decryption is done on the server itself, the server can read it. The only way you can use cryptography to protect the citizen is if the data is encrypted and decrypted only on their own computer, which as I explained is impossible if you're going to require I.D. checks or force the citizen to upload certain information.
« Last Edit: July 05, 2017, 02:53:30 am by Julie.chan » Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #114 on: July 05, 2017, 02:58:52 am »

If the encryption and decryption is done on the server itself, the server can read it.

Yeah, but the administrator doesn't need to be able to read it. You can make a Linux distribution where the administrator have much less rights.
Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #115 on: July 05, 2017, 03:27:05 am »

Quote
the administrator doesn't need to be able to read it.

Yes, they do. It necessarily follows from the fact that they can control what the computer does.

Quote
You can make a Linux distribution where the administrator have much less rights.

And the owner of the server can just not use that distribution, or replace it with one that doesn't put arbitrary restraints on what they're able to do like that. This idea of making the owner of a computer unable to do something that a computer can do (a.k.a. DRM) is a pure fantasy. The only way it can sort of work is with a proprietary software stack, in which case it's the proprietary software stack's developers who can put malware into the computer to allow them to record and/or transmit the information.
Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #116 on: July 05, 2017, 12:40:39 pm »

And the owner of the server can just not use that distribution, or replace it with one that doesn't put arbitrary restraints on what they're able to do like that.

Sure, but then they won't necessarily be able to run the program to operate the user database anymore, and they won't have any access to the database since it is encrypted. And it would be completely illegal, and they would need to spend the rest of their lives in prison if they got caught.

Anyhow. 100% security is more or less impossible in the technological world we live in. If you don't want technology because it infringes on your civil liberties, then go and join an Amish settlement. Personally I prefer to live in a technological world with a little surveillance and a little insecurity, rather than in an Amish settlement without any technology and surveillance. I also really don't care so much if anybody learned what groceries I am buying. Do you want to see my grocery receipts?

Even if I was gay or smoked marijuana , I don't think the best solution would be to keep it secret (privacy). I think the best solution is for people to be less judgmental.
« Last Edit: July 05, 2017, 12:59:23 pm by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #117 on: July 05, 2017, 03:46:07 pm »

Quote
but then they won't necessarily be able to run the program to operate the user database anymore

Yes they will. There isn't any possible way for a program to not work with a certain operating system, unless it's proprietary, in which case, again, the developer of the program can introduce malware.

Quote
And it would be completely illegal, and they would need to spend the rest of their lives in prison if they got caught.

No, because the government itself is your adversary. I don't know why you refuse to accept this simple fact. Just look at North Korea, Soviet Russia, even China. Malicious states do exist, and in wide numbers. You can't just expect your government to be benevolent in perpetuity. If you give your government too much power, and it goes rogue 50 years down the line, you will find yourself living in 1984.

Quote
100% security is more or less impossible

Security is largely a moot point. It's a secondary concern, but more important is the fundamental nature of the collection of data.

Quote
If you don't want technology because it infringes on your civil liberties, then go and join an Amish settlement.

Our choices aren't an Amish farmland and 1984. Technology doesn't necessitate totalitarianism or mass surveillance. Saying that you would rather have technology is not a valid argument for increasing surveillance.
Logged

Zanthius
*Smell* controller
****
Offline Offline

Posts: 297



View Profile
Re: Nutrition
« Reply #118 on: July 05, 2017, 03:51:09 pm »

No, because the government itself is your adversary. I don't know why you refuse to accept this simple fact. Just look at North Korea, Soviet Russia, even China. Malicious states do exist, and in wide numbers. You can't just expect your government to be benevolent in perpetuity. If you give your government too much power, and it goes rogue 50 years down the line, you will find yourself living in 1984.

I live in a society where around 80% of the population trusts our government. You live in a society where around 20% of the population trusts your government. You live in a country with tons of gun violence, because people feel like they need to have guns to protect themselves from the police/government. I live in a society where there is almost no gun violence, since we don't have crazy ideas about the necessity of having guns to protect ourselves from our democratically elected government. Your country has the highest incarceration rate in the world. We have one of the lowest incarceration rates in the world. In my country, the police officer is my friend. In your country, he is your enemy.

Yeah, and we also beat you on practically all country comparisons; like human development index, press freedom index, gender equality index, corruption index, etc.

No, I do not think we should aspire to become as distrustful of our democratically elected government as you are.

In a functional democracy, the government is respectful of the population, and the population trusts the government.
« Last Edit: July 05, 2017, 04:06:52 pm by Zanthius » Logged
Julie.chan
*Many bubbles*
***
Offline Offline

Posts: 119


Sharing is good.


View Profile WWW
Re: Nutrition
« Reply #119 on: July 05, 2017, 04:36:29 pm »

Everything you said about the U.S. is far more complicated than you claim (even the part about distrusting government), and even if it were all 100% true cut and dry, it would not be evidence that your country is going to stay benevolent forever. Power corrupts, leaders change, that sort of thing.
Logged

Pages: 1 ... 6 7 [8] 9 Print 
« previous next »
Jump to:  


Login with username, password and session length

Powered by MySQL Powered by PHP Powered by SMF 1.1.21 | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!