Saturday, September 17, 2011

"A Good Name"


"A good name is to be chosen rather than great riches,and favor is better than silver or gold." -Proverbs 22:1

  Those who know me are aware that the vast majority of the Christian bible (really, all "holy" books) holds no sway with me, so this may come as a shock that I quote a verse from such in a blog post.  Whatever.  This is a fitting proverb to the subject at hand:  Reputation.  In particular, the role of reputation in the developing digital economies.

  In discussions of online economies that are not regulated by nor dependent upon centralized states, a major point of discussion surrounds the need for trust (though truthfully, nation-states do not do away with this need, and the downgrading of the U.S. government's S&P rating demonstrates that many trust/rating systems are flawed) .  That is, if you are offering a product or service, and accepting payment in a form of currency/exchange that cannot be charged back (such as bitcoin.  Chargeback fraud has been the bane of seller's utilizing PayPal since its inception-through-merger in 2000.  Just scroogle.org search "paypal sucks" for more information on this), the buyer needs to then trust you to make good on the delivery of the product/service.  Many reputation systems exist, but for the most part they are mind-numbingly simple, and equally mind-numbingly elementary to game. 

  Take Ebay for example.  A person can setup several accounts, conduct "business" between the accounts, give themselves a high positive rating, then when someone else buys that $800 guitar they're advertising, they just take the money and run. 

  Wavyhill and Andre Goldman wrote "Toward a Private Digital Economy" in 2004 and within described a concept/protocol for  trust systems that would make it harder to game.  Ideally, it would make it impossible, but economics is notorious for listening less to what is "ideal" and more to the cost/benefit analysis.  So in actuality a trust system does not have to be "perfect", it just has to make it so that the costs of gaming the system outweigh the potential benefit/payout of gaming the system.

  For a real-life example/explanation of systems that currently implement reputational protocols (and could only benefit from a more robust protocol implementing secure features of crypto-identities), check out this Tedx presentation on the rise of collaborative consumption.

  Curiously enough, the differential calculus that describes the velocity and acceleration of physical objects, the motion of stocks/bonds/futures and (*snicker*, derivatives) can also be applied to more comprehensive representations of reputation.  When engaging in business with individuals, one can compare the reputation of the individual to the level and types of risk you are willing to undertake, and thus facilitate safe/rewarding commerce.

As is discussed in "Towards a Private Digital Economy", bonds-persons can alleviate the boot-strapping issue of trust systems, through the commoditization of reputation.


*deep breath*

Now to go and code out a distributed reputation server and hope someone finds it useful enough to put together a gui front-end, since most people won't want to have to manually perform differential calculus before conducting business every time.


Truly, a good name is more valuable than silver or gold, and curiously, all of the above can now be digitized.

 ******************************************************************
In "Towards a Private Digital Economy"  (under the sidebar "Reputation as Capital") the authors draw a rather Marxist conclusion from the idea of commodifying reputation that I feel is rather unwarranted. More to come on this (perhaps)
Another recommended read is "Future of Reputation" by Daniel J. Solove

Tuesday, September 13, 2011

Protecting your Intellectual "Property"

So the discussion concerning what constitutes intellectual "property" (talk of scarce goods, do I own my own thoughts/data-machine, etc.) aside, many creators of content wish to "protect" their creations (art and what-not), and understandably so.

Traditional copyrights are rapidly becoming obsolete in the age of widespread p2p technology, cloud-computing/file-hosting and darknets.  Not to mention the fact that seeking legal recourse to a traditional copyright infringement is liable to bankrupt all but the most well financially-endowed.

Old-school tricks (as in, late 90's) a la disabling "right-click"  using JavaScript are in no way preventing people from downloading and using your images.  If the image is showing on your webpage, each visitor who loads your webpage has a copy of that image on their machine.  So there's a few things you can do to prevent your original material from being used by others.

1.) Don't publicly publish your material.  This especially goes for things like photos of your children.  A publicly viewable blog/webpage is no place to be pasting the image of your (or anyone else's) offspring.  Want to show off pictures of the kids to your family?  Well of course, but public blogs is *not* the way to do it if you have any respect for your posterity.  Wait until they are old enough to grant informed consent (like you would for any other human).  Now, this does not help with the aforementioned intellectual property (content that you have authored/created), so let's peruse some other options for these things.

2.) Only publish images that have a watermark.  I will not go into detail on this, just search scroogle.org (scroogle.org is a way to search the net without playing into google's marketing/profiling scheme) for "photoshop watermark tutorial youtube" (change search to reflect your image manipulation program if you're not using photoshop).  Putting out watermarks allows you to advertise without giving away the original/usable image.

3.) My personal favorite.  Cryptographically sign your image files.  Yes, that sounds technical (most things in life worth doing are), but it is not that hard to get the hang of the basics to give strong security to your images.

So, I haven't touched a MS (Windows) system in yeeeeeeears, so this tutorial is geared more towards Linux (I'll try to give adequate references for Windows users)

So, if you are on Windows, download the program "gpg4win" (gpg4win.org).  There is a ton of user information for the program.

If on Linux (I'm using Ubuntu. . .yes, go ahead and laugh) open the terminal and enter

sudo apt-get install gpg
(enter password)

Alright?  Good.

Oh yeah, now you need what is called a "key".  I won't go into the mathematics of gpg keys, suffice it to say, make it the strongest allowable.

In linux, enter
gpg --gen-key
follow the prompts

In Windows, consult the documentation for gpg4win on creating a new keypair.  There may be a way to do all this with simple DOS prompt commands, but again, I don't deal with Windows myself.

Now, there's lots of nifty stuff you can do with GPG like secure email encryption (yes, regular email is the equivalent of sending your personal mail on open-faced postcards.  Email encryption ensures that only the intended recipient can view the message), protecting sensitive files on your hard drive, and many other things besides.

What we're going to use it for in this tutorial is a little function called "detached signature".  What this does is it creates a .sig file to accompany your image file (.gif, .jpg, whatever).

"So?"

Ahh, glad you asked.  Since strong cryptography keys are thus far unbreakable (and it seems they will be until the advent of quantum computing, and even then quantum encryption is already being developed) and unforgeable  (it's harder to forge a cryptographic signature than it is to forge a hand-written one), the signing of your file with your signature validates you as the original owner of the image (since if anyone else tries to sign it, it will be an younger signature).

So, for linux users, open your terminal.

cd /directory-of-image-file

gpg --detach-sign image.gif (this works for any image file, I'm just using .gif for the example)
enter your passphrase

A file has now been created in the directory (that's "folder" for you Windows users) that has the same name as the image, but with .sig after it (for example, image.gif.sig)

The image looks just the same, but can now be verified with

gpg --verify image.gif.sig image.gif  (assuming you're still in the directory containing these 2 files)

If the file is modified in any way, an error is returned.  If it is the original with the good signature, it will state as much.


So, what this means is, if you sign your work, and store the original image file (and the .sig file) in a safe place, you have a validated copy of your design.  You can copy the image, use it on your website, product, whatever.  If someone else is using your image for profit without your permission, you can present the signed copy (original image + the accompanying .sig file) to prove precedence.

In developing economies, the classic "web of trust" is developing to inter-operate with an accompanying "web of reputation" (some tasty algebra/calc discussion on this topic to come!).  In the case of crypto-signed content, it is viewable/usable by anyone (just like it is now on your blogs/webpages/etc) but anyone trying to claim authorship of your content will lose reputation by doing so (I remember a scripture verse about "a good name is to be cherished above gold/silver" <--paraphrased.  Well, this is how it plays out into the technical realm)

In short, use a watermark since you're already using an image manipulation program

P.S. Look into Creative-commons share-alike license vs traditional copyright.
anonymous ball blog blogthis centralized comments consent contract created else email etc exercise far file force freedom gif government gpg guy guy--- image individuals intellectual internet monopoly original people play politically posted property protecting provided republic security services share sig social state things used windows yes zen
created at TagCrowd.com