[Standards-JIG] Re: CSpace instant messenger integrated in Jabber

[Carlo v. Loesch]

Hal Rottenberg typeth:
| On 8/5/06, Carlo v. Loesch <CvL at mail.symlynx.com> wrote:
| > oh! you mean the c-id is used to protect your privacy! so it isn't so
| > unimportant after all! and once a person knows your public key, they can
| > always find out your ip and attack you, yes? so if i don't like you i
| > can simply publish your public key saying on that server there are tons
| > of warez p0rn and mp3, yes?
| 
| > huh.. alright, but what if the server is my own, or of one of my best
| > friends? all it does it does for me. if some employee of my ISP spies on
| > me, i am sure my ISP at home works for government or the FBI, so my
| > server's isp is trustworthier than my dsl isp.
| 
| Now I'm not defending cspace as an improvement over jabber of course,
| but to be fair Carlo, I don't think it works the way you think.  If it
| works like WASTE, it's totally closed-loop.  You cannot exchange
| information (or even see what is available) until you've exchanged

yes. in the upper paragraph i was asking what happens after you have
exchanged keys. the way the cspace DHT operates you can always lookup
the ip address of a former friend, so you can use traditional ways
to attack an ip address (denial of service etc). in other words, no
i was certainly not misunderstanding how cspace operates.

| keys.  The ISP or government would not (in theory) be able to see
| anything unless there were key escrow.  You'd be an idiot to use a
| system which had key escrow for sharing your porn and warez.  :)

the second paragraph is NOT about encryption. you skipped reading
the part of the text it was referring to. thomas asta said:

>> You do not need servers, often as well servers register, that there is traffic, as this is direct from ip to ip in cyberspace, you are hidden from shaping and traffic analysis. Servers logg, how often you are online and to which Ip  you sent. As every Ip connection in europa has to be recorded, it is not necessarey that the ISP provioder of the Server and the server and the ISP Providers of two Buddies have all the connection time and trafficvolume logged. This is 4 x logged the same!! <<

so the criticism is, that the information who is talking with whom
and for how long is available to the governments. and i was argueing,
that servers are probably actually less inspected than large public ISPs.
in particular if you run your server in a medium sized ISP company.

so if you can for instance tunnel *all* your activities through your
server, governments will only see you communicating with your own server
in large amounts at no end.. and maybe, if they are very thorough, they
can find a way to also keep their eyes on your server.

so a server can actually enhance your safety rather than diminish it
as suggested by cspace. the question is, who owns the server, and where
is it standing? it's all relative.