> The threat is not limited to politicians. Anyone (including you and your family members) could be blackmailed or otherwise publicly embarrassed.
... for what they actually did.
You think the solution is allowing people to be blackmailed or otherwise publicly embarrassed for things they didn't do, while removing their ability to verify that they didn't do them?
Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
True, there are things that might ruin someone's life even though there's nothing bad about them, but the list of actual crimes and bad things that people do is WAY longer, and being able to prove it is definitely useful...
The same argument can be used to build a police state. But I suspect that you’re not in favour that either.
We shouldn’t be building technical systems that “trap” people, just because they might be doing something bad and might want to prove that one day.
Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument. DKIM signatures are only useful if the emails are stolen, are you trying to suggest that it’s ok to steal emails from people if they’re bad?
> Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument
No, just the opposite, that is an excellent argument and I think that the privacy should be the real focus when we discuss the freedom, and not the accountability. Because freedom is not to be able to get away for the lack of evidence, freedom is not to put innocent people in that kind of situation in the first place.
Police state doesn't come from the ability to track citizens, it comes from the lack of transparency and government's misuse of the information. Now, reality is that having more data collecting increases the chances of misuse, but I think we're attacking the problem from the wrong side. Rather than killing the option to track emails, there should be much more control and transparency on when and how that data can be collected and used.
> Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
Option 1: DKIM keys stay private... "That email was just a joke, I'm not really gay"
Option 2: DKIM keys go public... "That email was just someone else's joke, I'm not really gay"
Not really a difference, and with option 2 you can't prove you didn't send it (as far as you can prove someone didn't crack 2048 bit RSA and use that power to concern themselves with your sex life).
Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
> Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
Because the DKIM keys were not made public, and a message sent from their account could be confirmed to be authentic.
If the keys were public, they could claim forgery. Regardless they could claim their account was hacked, but they couldn't deny the message was sent from their account.
I'm not asking how the technical mechanism proves the messages may be legitimate. I'm asking how you could use that knowledge in the specific situation you outlined to accomplish anything productive.
People change over time, and normal human communications have a natural sunset as most people don't remember every conversation in exacting detail. It is worth at least considering the fact that we've signed up to have basically all our communications preserved and cryptographically signed in perpetuity. Most people using these services didn't fully weigh the options.
No. Once DKIM keys are published, one can simply deny all emails published "from their account". We currently have a way for an attacker to prove an email's origin years after the fact.
I'm afraid there's also a misunderstanding how the real world works. Cryptographic and real-world plausibility are two entirely different things.
People get blackmailed, shamed, hurt and even killed over mere rumors, speculations and suspicions. As long as people believe in something (because something merely look plausible), there's no need for a fancy crypto to prove some machine sent some email. I'd dare to say most people don't even understand what cryptography is and what digital signatures really are (who signs what and what exactly this means).
I'm yet to hear a story of, let's say, a brave dissident who got out of jail because of cryptographic plausible deniability property making their oppressors unable to prove authenticity of some leaked or intercepted correspondence.
Read up on the Hunter Biden emails. After a DKIM signature was verified, the perception of a large number of people (including right here on HN) went from "this cache of email is probably total fiction" to "they likely do have access to at least some of his emails".
They don’t have plausible evidence anyway. Gmail has had bugs before with SPF/DKIM and will have some again for sure.
Some google employees have direct and indirect access to signing keys or writing emails. Not many, and they have good controls, but still many people with the ability to sign messages.
Not to mention a Trojan infiltration or account takeover, of which thousands (if not millions) a day occur.
The DKIM evidence is, for legal purposes, a good hint but far from proof.
In the court of public opinion, the standard is not "100% proven beyond any reasonable doubt". Hence, blackmail can still be very effective if an accusation is highly plausible.
I am not sure why the DKIM for all emails were not released, or why this did not catch more media coverage by other news organizations I consider more reliable (like NYT).
Thank you for this link, this did not come across my radar.
From your link:
> The only way the email could have been faked is if someone hacked into Google's servers, found the private key, and used it to reverse engineer the email's DKIM signature, Graham, said.
https://www.zdnet.com/article/google-fixes-major-gmail-bug-s... is from Aug 2020 and discusses an SPF/DMARC vulnerability that was in Google since forever (and though reported 4 months before public disclosure, was fixed only 7 hours after public disclosure). The last google DKIM bug I'm aware of was in 2012, so I can't counter the specific claim about DKIM with evidence, but the assertion that "the only way to spoof x is to hack and get the private key" is not any absolute truth.
(P.S: I have seen no denial nor confirmation about the authenticity of the Hunter Biden data - only claims of Russian involvement. Make of that what you will. The DKIM is circumstantial data until there is confirmation or denial - especially, as you say, it's not all released).
Sure, you raise very important points. I just found it weird that NYPost was happy just releasing the emails and not the DKIM, and when one was validated, it received literally no coverage. I thought it might catch steam after the election, but the literal silence is surprising to me.
I am not insinuating any wrongdoing from anyone, just bringing it to your attention, as you claimed to not know about it.
Thank you. I indeed did not know about it. I do try to read all sides, but this did not come on my radar (Though I did not, before you posted this, google DKIM+Biden, I did read tens of articles about those emails mostly from republican leaning outlets, and it wasn't mentioned in any of those I read).
But it does support my thesis that DKIM or no DKIM is not what gives (or doesn't give) any credence to the authenticity (or lack of it) -- here we have a high profile case, with DKIM validation (which a lot of people on this thread cleim "is considered proof by people who don't understand it") and it seems to make no difference even in the court of public opinion - those who accepted it, accpeted it without DKIM, and those who rejected it as russian disinformation, rejected it even with DKIM.
I just did, and I have less than 15 related results in the first 4 pages, only two of which are sources I've ever heard of before (washingtonexaminer and nypost). I'm logged out of google, but it's been a while since I deleted my cookies.
I've read literally hundreds of pieces on the hunter biden laptop, about half of them from republican leaning outlets, (I try to keep a balanced diet....) and none of them mentioned DKIM validation.
(For the record: I don't live in the US, I don't watch television, but I do try to keep a balanced news diet)
Huh? No one (including yourself), have mentioned anything about "destruction of evidence" so far. If you care to enlighten me about how it's relevant I'm happy to listen.
By making the DKIM keys public, you are converting solid evidence of something that was said into something that was either really said, or someone else pretended that they said.
No, destruction of evidence involves things like making something impossible to analyze and evaluate. Publication of a key doesn't erase the original messages and does not make it impossible to look into their contents to try to establish authencity by external means. Causing ambiguity is not destruction of evidence.
That would be an act of submitting false evidence, where you actively make a false claim regarding who the sample belongs to.
Which is very distinctly different from a passive act of not maintaining evidence of the origin of every single thing. Keep in mind that no data is altered - the equivalent of all collected samples remaining intact.
It's still just as possible to collect email logs, their contents do not magically dissappear. They would have to be actively manipulated by the party which holds the copy that would be provided to the police (either reported to them or confiscated, etc). That same party could already decide to delete the emails or strip signatures and then alter them.
Would you mind taking a look at this explanation I posted a couple days ago? https://news.ycombinator.com/item?id=25130956 It is my attempt to explain why we don't want users to flame each other here, even when the other person is ignorant or wrong. The reason may be different than you think, in which case perhaps it will have some persuasive power for you. I hope so anyhow.
>But there are many different ways to stick up for the truth
Whoa. Dang, I have to say, I feel a little slighted. I'm neither ignorant, nor wrong, and I'm aghast that you would insinuate that.
I've contributed faithfully to this site for a decade. The other commenter has -15 karma because, as you noticed, his comments are largely childish, combative and unsubstantive. It's embarrassing that you are validating him.
His claim was that Google publishing DKIM keys as described in the article would be "destruction of evidence", but that's provably untrue since there would be neither intent or willfull neglect on anyones part.
Literally (yes, I mean literally) no-one else here on HN, or anywhere on the internet, has legitimately attempted to argue this. It just doesn't hold up to basic scrutiny. "Destruction of evidence" is a very specific legal term with very specific meaning [0][1][2]. He seems to be distorting it in a Guilianni-esque fashion - "It's fraud! ....But no, your honor, not in the legal sense. More like in my own made-up imaginary sense!".
I've been restrained and as courteous as possible (under the circumstances), but even after you tried to squash the thread, and I stopped commenting, he's continued to insult me. You seem to be tolerating it.
I would have appreciated it if you enforced sanctions against obviously bad actors and remained completely neutral. That is what you're known for, but I respectful think you've failed in this case. At any rate, I know you have just about the hardest job on the internet, so I'll go ahead and chalk this up to misunderstanding.
None of those phrases imply that you were ignorant or wrong. They're simply saying that even if the other person is correct in their position, it doesn't justify breaking the site guidelines.
This is a way of pre-empting the objection "But the other person is wrong and I'm right", which otherwise is the most common reaction to getting moderated. Since the moderation issue is about how people treat each other rather than how right or wrong they are, it's helpful to take it off the table in this way. If you think about it, it's a way of raising the bar for behavior on HN and in that respect is a stronger moderation reaction, not a weaker one.
I am careful, when using such phrases, never to actually take a side on the issue of rightness or wrongness. Remember that in every argument, the other person considers that they are the one who is right; moderating like this is a way of temporarily standing beside them from that perspective and pointing out that nevertheless, they should not have broken the rules. (An exception might be if I happen to personally know the truth about the point under dispute. But I know nothing about DKIM; I barely remember what it is.)
But there are many different ways to stick up for the truth, and some have positive side effects and some not—hammering people over the head, for example. The side effects are actually more important.
This isn't about funding... this is about taking a giant leap into mRNA vaccines, that until now have not been approved for human use. We aren't injecting processed proteins into our bloodstream to trigger and train our immune systems... We are reprogramming our bodies into vaccine factories.
Not sure what you are being downvoted for. Your tone may seem pretty alarmist (but that has been the norm for anything cornoa related). Otherwise it's true.
“Reprogramming” actually has a specific meaning in genetics, and it’s not editing of DNA, it’s the editing of (transient, i.e. epigenetic) DNA modifications. It’s definitely true that this is not what RNA vaccines are doing.
But I guess the parent comment was using “reprogramming our bodies into vaccine factories” as a hand-waving description rather than a technically precise term. And that description is then roughly correct: with RNA vaccines, it is correct to say that our bodies are being triggered to produce the actual “vaccine” themselves; namely (at least in one type of RNA vaccine), the body’s cells are translating the injected mRNA to produce antigens, which is what a conventional vaccine contains, and which, in turn, produces an immune response.
Except your "backyard shed" is actually an uncountable number of your cells that are "edited" (changed using the reprogramming abilities inherent to mRNA, but god forbid you refer to it as such) into not being "backyard sheds" anymore, but being factories for spike proteins that can't be stopped other than waiting for the fire to burn out. After a few weeks, you don't get your "backyard shed" back, because the craftsman destroyed it.
They screwed up by putting themselves in this position where their only hope for a future is desperately trying to distance themselves from what they've done and who they are.
It struck me too... but as completely wrong. A large majority of my work is in APIs, both as a consumer and provider; between local processes, local networks, and the global internet. Every program I build talks to other programs... a lot. If there is any problem at all, it's not that programs don't talk to each other; it's that they talk 1 of 1,000 different standards.
And yet, we have companies building their value based on giant, secret hoards of information hidden away in their lairs, offering mere glimpses of treasures (or horrors) within through their APIs.
Just try to imagine what would happen if the entirety of Facebook's or Google's user were dumped somewhere for everybody to rifle through... The only saving grace here seems to be that the amounts of data are so huge that copying it all takes an unreasonable amount of resources.
No one seems concerned that this is the first "Genetic Vaccine". It doesn't just contain proteins to train your immune system... it rewrites your own cells to produce those proteins. There is no off switch.
The only approved vaccine like this (that I know of) is to protect horses from west nile virus.
That is not true, there is an inherent off-switch in this method. Messenger RNA is not stable in cells and is actively degraded. A typical mRNA has a half-life of a few hours in a cell. After the mRNA is degraded, no more viral protein will be produced.
This has nothing to do with gene therapy or anything that would permanently modify your genome.
> Messenger RNA is not stable in cells and is actively degraded. A typical mRNA has a half-life of a few hours in a cell.
Can anyone speak to the confidence we have in these claims? That is, are we virtually 100% sure that these mRNA have no mechanism to stick around for longer than intended?
GP's point is valid - that this is the first mRNA vaccine that would be widely used.
Let's say our assumption is wrong - these mRNA have a way to stick around forever. Is there an off switch?
One question I got in an organic chemistry exam many years ago was why RNA is not as suitable as DNA for storing genetic information. Essentially why it is inherently less stable than DNA.
With a bit of organic chemistry knowledge you can determine how the additional OH in RNA allows for water to attack there and cleave the RNA strand. This is very dependent on pH, but RNA is inherently less stable than DNA.
But that's not actually the most important mechnanism here, but it is one that is inherent in the chemistry of the molecule, there is no way around it.
Cells need to regulate protein production up and down. If mRNA were to live eternally, there would be no way to reduce protein production. So cells obviously have a way to remove mRNA. What actually happens is that mRNA is permanently degraded by RNAses, so any mRNA that isn't replenished will be gone after a while and protein production will stop. This is a fundamental part of regulation of protein biosynthesis, and you can find that in every textbook.
In addition to the the additional hydroxyl group and cellular RNAses, mRNA is predominantly single stranded while DNA is double stranded, which provides additional stability and protects the nucleotide.
In addition to that being a fact, synthetic mRNA can predominantly reprogram cells to create arbitrary proteins, which provides additional stability and protects the programmer.
One conclusion I got in a mathematical logic exam so many many moons ago was how something being "not as X" still implied that something was "somewhat X".... so just because "RNA is not as suitable as DNA for storing genetic information", essentially it still is somewhat suitable, and perhaps suitable enough.
I haven't looked at the sequence of the vaccine, I assume it is not public. But for the HIV reverse transcriptase to bind the sequence would need to have the proper binding site, and there is no reason to put that in there. Those enzymes are specific, they don't just transcribe anything they come across.
I can't think of a single existing drug with an off switch. Food doesn't have an off switch. Everything in your body goes in, and then goes out according to the pharmacokinetics that your liver, kidneys, and other parts impose.
This isn't like the first person biting into a new apple variety for the first time... this is like the first person growing an apple from scratch in their stomach, using techniques that have never before been approved for human use.
I can't think of a single existing drug that works like that, because there hasn't been one. Food doesn't reprogram my cells before it "goes out".
If your immune system realizes the source of the spike proteins is your own reprogrammed cells, and then attacks them, it will lead to cascade autoimmune disorders mimicking the symptoms of AIDS.
I don't know where you're getting this information from, AIDS isn't an autoimmune disorder. HIV destroys immune cells directly. The symptoms are mainly from secondary infections. Also, if your immune system realizes that your own cells are making virus particles, it will destroy them... and every other cell will survive. That's what happens when you catch a cold - every virus works that way. mRNA is even better because it probably won't cause any of your cells to get targeted for destruction. The failure mechanism you're proposing would at worst make it as bad as some other vaccines.
It's never been approved for human testing *until now under the administration of a lame duck lunatic begging for a reason to take credit for a solution.
How did those cancer treatments pan out? Why weren't they FDA approved?
Maybe you could have started your thinking with the #1 abused drug in the world, heroin; and the nearly instant off switch drug, narcan, that is carried by everyone in emergency medical services.
How much is pfizer paying you? or are you just a r/wsb autist? #YOLO
I was thinking of drugs like penicillin when I said that. I guess you could count the chelating agents they give to people with heavy metal poisoning in that, too. But by and large, drugs do not come with off switches.
Are you familiar with the "Circle of fifths"? That's the first thing that came to mind when I saw your circle patterns, and it directly relates to "harmony".
ACF composes all harmonics together and that's what likely makes the images visually appealing. However ACF doesn't give special treatment to harmonics that are exactly N octaves apart, e.g. A4 and A7 notes.
It would. The 12 notes are usually mapped to 12 colors, and ideally the sound image would reflect that. One "brute force" way to do that is to split the spectrum into 12 parts, draw 12 ACF images and then mix them. A less brute force approach is to tweak ACF to recognize that F-2F-4F-etc frequencies are specially related, even more specially than just F-2F-3F-4F-etc.
When police departments are requesting access to live video feeds from doorbell cams, what will stop them from requesting access to everything else if the city is directly providing the service?
I thought there was a law against murder. I don't remember electing any of the cops in my city. I do remember the elected attorney general and judges refusing to press charges. Perhaps there are enough murderers?
You didn't elect the cops, and yet they're apparently violating laws meant to protect you. If you don't want that protection, consider voting for representatives who will pass fewer laws.
