lade...

Netfuture.ch

Netfuture.ch

an avatar

a logo

Netfuture: The future is networked – The future of networking

Bevorzugen Sie Deutsch? Einige Artikel und mehr über mich gibt es auch in meiner Muttersprache. Today, any device is networked, not only our personal devices, but anything from the fridge to the power plant. This implies endless possibilities, but also possibilities galore for anything to go wron

an icon 🌐 Visit Netfuture.ch 🌐 Netfuture.ch besuchen

✍️Write rieview ✍️Rezension schreiben 🏷️Get Badge! 🏷️Abzeichen holen! ⚙️Edit entry ⚙️Eintrag bearbeiten 📰News 📰Neuigkeiten

Webfan Website Badge

Tags: anything bevorzugen muttersprache networked personal possibilities

Rieviews

Bewertungen

not yet rated noch nicht bewertet 0%

Be the first one
and write a rieview
about netfuture.ch.
Sein Sie der erste
und schreiben Sie eine Rezension
über netfuture.ch.

Netfuture.ch News

50 years of microprocessor trend data

https://netfuture.ch/2024/10/50-...

I recently wrote a (German) article including this graphic (in German). Here is an English version of it. Have fun!

Here it is!

The Rupp graph, enhanced with additional trend lies and the «frequency wall» (inspired by The Economist). CCBY-4.0

If you want a slightly more editable version (with more Inkscape metadata and grouped data points): Here it is.

There is a German version of the same Graph, with quite a bit of explanatory text.

References

13.10.2024 12:5150 years of microprocessor trend data
https://netfuture.ch/2024/10/50-...

Compact Archive for WordPress

https://netfuture.ch/2024/07/com...

A much more compact archive: One line for every year; within this line, the list of months with posts

The default WordPress «Archive» block becomes very long and narrow, when months accumulate. Here is an easy way to make it more compact.

The problem

One of my blogs looked like that after a few years of action (wrapped for better visualization; in the original, it is one huge vertical strip):

A long archive list, wrapped in three columns, background colored for structure

The goal

It would be much nicer if it looked like in the heading:

Much nicer, isn't it?

The code

Here are the code changes in wp-includes/general-template.php (red lines, preceded with a minus, are the lines that I deleted; green with plusses, are the ones I added):

A nice rendering of the file; the actual file can be downloaded here: general-template-compact-archive.patch

If you store this in your /usr/www/wordpress (or wherever you have WordPress installed), then applying the patch on a (Linux, Unix) system is simple:

patch -p1 < general-template-compact-archive.patch

That's all! patch is an amazing tool, it will look for where this change fits and if there is a fit, it will modify the file accordingly, saving the original with a .orig extension. (If patch thinks aplying the changes is unsafe or something else seems wrong, it will prompt you instead of making anything dangerous.)

Yes, it does require patching one of the default WordPress files. So you need to repeat it after every WordPress (core) upgrade. I wrote that code over four years ago, and all that has happened, is that the code block was moved further down in the file.

So it the loop itself never to be updated during many years. So I think it is safe to assume that this will not constantly break differently in the near future. And even if the code changes: All that happens, is the patch will not be applied, and the boring old archive list will continue to be visible.

Enjoy your new compact Archive!

27.7.2024 19:26Compact Archive for WordPress
https://netfuture.ch/2024/07/com...

Comment on How to block AI crawlers with robots.txt by AI bots (OpenAI ChatGPT et al) - comment les bloquer - Didier J. MARY (blog)

https://netfuture.ch/2023/07/blo...

[…] How to block AI crawlers with robots.txt […]

19.6.2024 22:19Comment on How to block AI crawlers with robots.txt by AI bots (OpenAI ChatGPT et al) - comment les bloquer - Didier J. MARY (blog)
https://netfuture.ch/2023/07/blo...

Comment on How does ChatGPT work, actually? by Using AI: Being Smart, Heart, and Humble - Teacher Development Trust

https://netfuture.ch/2023/01/how...

[…] from asking AI itself to know more about how it works, guides like this could […]

6.5.2024 14:43Comment on How does ChatGPT work, actually? by Using AI: Being Smart, Heart, and Humble - Teacher Development Trust
https://netfuture.ch/2023/01/how...

DEFCON Voting Village 23 Panel

https://netfuture.ch/2024/02/def...

Screenshot of the video title: "The Election Integrity Foundation Presents: DEF CON Voting Village 2023. Day 2: August 12, 2023, 10:30am. Panel: If I Can Shop Online, Why Can't I Vote Online? Susan Greenhalgh (moderator, David Jevverson, Matt Blaze, Harri Hursti."

There was a DEFCON Voting Village panel «If I can shop online, why can't I vote online?» which I found extremely important to read or listen to. Not just for me, in fact, for anyone talking about electronic voting. Here is a transcript for those who prefer reading (or searching for keywords).

[ez-toc]

Of course, a link to the original video may not be missing, for those who prefer to watch or listen.

https://www.youtube.com/live/WJjBEhPjLRE

Editorial remarks

The transcript has received minor editorial changes: Placeholders ("uh", "you know", …), repetitions, self-corrections, etc. have been removed in order to improve readability. Text in angle quotes («…») would be indirect speech in a written text; from the context, it is meant to be a summary/rephrashing of someone else's statement, illustrated by a change of tone, not as a direct quote.

Chunks that are related to the organization of the panel and that are unrelated to the content have been removed for clarity.

Bold text and section headings have been added by me to help you navigate the arguments or point out what I believe are important take-home messages.

But now, let's switch to the transcript:

Introduction

Susan Greenhalgh (00:08): I'm Susan Greenhalgh, I'm the senior advisor for election security at Free Speech For People. We are a national nonpartisan not-for-profit legal advocacy organization that works protect elections and democracy for all the people. We have a Proprogram which focuses on Election security and I've done a lot of work on internet voting for over 15years studying the policies and practices and written several reports on it. I'm here to talk about this issue with our esteemed panel.

First starting with David Jefferson: Dr David Jefferson, who is a researcher from Lawrence Livermore Laboratories, retired. In 1999 to 2000, he was the co-chair of the California Secretary of State's task force on internet voting. He'll talk a little bit more about that. He was the one of the co-authors of the peer review that was done on the Department of Defense's SERVE internet voting system in 2004, which ultimately resulted in the Department of Defense canceling the project. and he can talk a little bit about that. It was a 22million dollar project that was ultimately shut down and he's been writing, speaking, and testifying in opposition internet voting ever since. So that's David.

Next we have Matt Blaze, professor at Georgetown University School of Computer Science and Law. He is also co-founder of the Village and he's been working in election security for two decades and especially interested in the impact of complex software systems on security and reliability.

And Harri Hursti, also co-founder of the Defcon Voting Village. He is the OG in election security reviews, famously conducting the Hursti Hack back in the 2000s. He also was part of a team that reviewed the Estonian online voting system for security and traveled to Estonia to present the findings to people there.

So, we have an incredible panel and I will turn it over to David.

Screenshot of David Jefferson's talk. Click image to open the YouTube video at the beginning of his talk.

David Jefferson: Problem space

David Jefferson (03:12): So, first let me give you a summary up front of where I'm coming from. That which is, that it isn't possible now or in the foreseeable future with any combination of technologies that we can envision today to secure an online voting system and so thus we shouldn't be instituting internet voting anywhere in the U.S and we should really stop using it where it's in use today.

National security

Voting of course is a national security issue: The legitimacy of democratic government depends on voting being secure and and open. So we really cannot open our voting systems to the to the various kinds of threats I'm about to describe to you, many of which would open our elections to manipulation by Foreign actors.

So let me talk about what internet voting is first of all. What we mean by that is any voting system in which voted ballots are transmitted over the Internet; maybe one hop of the communication is just over the internet, but if it's if voted ballots are ever transmitted over the internet in the course of running an election, it's an internet voting system. It doesn't matter whether it's by email or fax or web or mobile app: Any scheme, doesn't matter what the protocol is, if it's transmitted over the Internet, it's going to be vulnerable to the kinds of threats I'm about to describe.

Attack vectors

So let's talk about those threats. What are the threats that we're talking about? There are many of them.

  1. The first one is authentication related threats. When you vote online, of course you have to identify yourself, so that you can be checked that you're registered and that you haven't already voted. So you have to actually identify yourself. That will have to be done online also and an attacker can can mess with that system, so that it makes it too difficult for people to authenticate themselves and they get disenfranchised; or too easy for people to authenticate themselves and phony voters can vote. So authentication threats, number one.
  2. Number two and perhaps the most insidious is client-side malware. You're going to be voting from some device—a phone or a PC or other mobile device—and that device might be infected with malware. And that malware might have the purpose of interfering with your voting, either preventing you from voting or modifying your votes before your votes even get out of the device. Before they're encrypted for transmission, your votes can be modified: You wouldn't know it, the election officials wouldn't know it. That's a profound problem, the client malware problem.
  3. The third problem: The third kind of attack would be network attacks; attacking routers or DNS or other parts of the internet infrastructure. Where even if your ballots are transmitted, in progress, they can still be stopped or redirected or otherwise interfered with.
    • There are spoofing attacks, where you're tricked into voting to an incorrect site: A site which may look like the real site, but which is not. And and you think you voted, but you didn't, and you don't know whether your vote was transmitted or modified or just thrown away.
    • There are denial of service attacks, where the server that receives votes is overwhelmed with a lot of of fake ballots, sent to it by an attacker. It's so overwhelmed that the service slows down. It may slow down to the point where voters get timeouts and they can't vote at all; or the server just crashes.
    • There are server penetration attacks, where an attacker actually gains control remotely of the server that's accepting the ballots and when he gains control he can do anything he wants.

Many of these attacks can be Insider-aided, but insiders would include election officials and programmers and so on. There are many variations of all of these attacks.

No strong defenses now, …

Now, there are no strong defenses to most of these attacks; there just are no strong defenses. There are ameliorations, there are ways of handling certain special cases of these attacks. But there are no general solutions with technology that we have today.

They rest on some profound problems in computer science which Matt is going to tell you about in the in the next talk. These are the same threats that we encountered 25 years ago when I was the chair of the California Secretary of State's Internet Voting Task force and they're why we recommended that California not Institute internet voting in 1999.

… and probably never

These threats haven't really changed materially in the last 25 years and they may not change materially in the next 25 years; they are that intractable! Now, the problem is that all of these attacks that I mentioned can be automated and scaled up to massive scale. Depending upon technical details of the architecture of the voting system, the attacks can come from anywhere on Earth, including rival nation states or our own domestic partisans.

Attack detection/identification

Successful attacks may go completely undetected; but if they are detected, they may be completely uncorrectable without running the election over again.

The perpetrators of the attack may never be identified. But even if they are identified, they're likely to be out of reach of U.S. law—as the 12 Russians, who are under indictment for interfering with the 2020 election are out of reach of U.S. law.

So the problems with Internet voting are profound and I'm going to now turn it over to Matt so he can talk more about that subject. Thank you!

Screenshot from Matt Blaze talking. Click image to hear him talk.

Matt Blaze: IT security

Matt Blaze (09:27): So thanks, David! I just want to expand on what some of the stuff that David was talking about. He mentioned fundamental problems. And as a scientist or as an engineer, when somebody says, "that's a theoretical problem," we understand it to be different from when the general public uses the term "theoretical problem".

A theoretical problem in normal life is one you don't really have to worry about; a theoretical problem in science and engineering is the worst possible kind. Right, it's the kind that is fundamental to the system; that it's something that you cannot do anything about without either changing the assumptions or compromising on what the requirements are.

Fundamental, unsolvable problems

And there are two sets of fundamental problems:

  1. The first set of fundamental problems are computer science problems and all of the problems in voting—in building a secure voting system—that we encounter from an engineering point of view, are problems that actually were around before voting was an application. People were even considering there is a fundamental theorem in computer science that essentially says, "it is impossible to compare a program with its specification and understand whether it meets it". And this is not a problem that we simply haven't worked hard enough to try to solve; it's a problem that we know that we cannot solve. We will never be able to solve it!
    And what is the implication of that, is that general purpose complex software can never be assured to be completely correct. Now, that mostly doesn't bother us for all sorts of applications of computing that we rely on for many things. In fact, the title of this panel «I can bank online; why can't I vote online?» is an example of that.
    We rely on the same flawed computing systems for things like banking, so, why is it we're able to get away with it? And the short answer is: We don't. Right, bank fraud is enormously common; right, banks are robbed online all the time; there are identity theft and so on constantly.
  2. The difference is a second set of fundamental problems which is the voting application itself has a set of incredibly stringent and in fact somewhat contradictory requirements for building a voting system.
    One of them is that your vote must be anonymous and it must be anonymous to the point where you can't even voluntarily prove who you voted for. And that requirement exists to prevent people from being able to be coerced into voting a particular way or being able to sell their vote. And there's a long history—even in the United States, prior to that requirement existing—of people having their franchise coerced away from them, because it's possible to tell how someone voted.
    Banking transactions don't have that requirement. A banking transaction is reversible. If money disappears from your bank account, it's possible to be made whole again; but if your vote is changed, after it's been cast, we don't know whose it was. And you have no way as a voter of proving how your particular vote was cast in order to be able to correct that. And if that changed, you'd be able to prove how you voted.

Impossible reliability

So we have these two sets of fundamental problems clashing with each other: The first is, we don't know how to build systems that are reliable enough to avoid problems like this; and the second is, voting requires us to build systems that avoid problems like this rather than correct them after the fact. And this combined with the fact that an online voting system requires using complex computer technology means that this is a problem that we won't be able to solve no matter how hard we work at.

It's not that we're just not very smart, it's that these problems are beyond human capacity.

Accepting the risks?

Where that leaves us is,

And that will always be with us when we do it that way, unless we relax some very important requirements of voting systems.

So, by the way, I'm not the only one saying this. There was a report from the National Academy of Sciences called "Securing the Vote", where the top experts in the field got together and produced what's called a "consensus report". It essentially makes a very strong statement: «This is something we do not know how to do» and recommends against it wholesale.

Conclusion

So, those who propose online voting systems are essentially proposing something that [according to] the consensus of scientists is impossible.

So, we should understand it in that context. So, thanks!

Screenshot from Harri Hursti's talk. Click image to see him talk.

Harri Hursti: False promises

Harry Hursti (15:35): So internet voting is a whack-a-mole. It keeps on coming back and the argument is very often, say, well, we have this excuse: Shall we do just a little bit of Internet vote?

There's two reasons why that's not a good idea:

  1. First of all, all the votes are one pool. The idea that I can vote insecurely myself, and that wouldn't disenfranchise other voters, is a logical fallacy. Because if there's only one result and if I'm choosing to make my own vote insecure, I'm also making everybody else's vote vulnerable.
  2. But there's even more profound reason. A lot of nations, including the United States and a lot of states in the United States, but other nations have the same principle: that all voters should be voting with same method. So, once you are enabling the door that let's have a little bit of Internet voting, the next step is to say, now everybody has to vote with internet voting because we cannot have separate methods. The common ways we are hearing always to give an excuse: What are the special groups who need to vote over the internet?
  3. And one of the these in America is called UOCAVA Voters, Uniformed and Overseas Voters Empowerment Act [Transcriber's note: Merge between UOCAVA and MOVE]. So, they are mainly the boys and girls in the military and who have a problem of getting the ballots done on time; however, this same problem is everywhere else in the world. And the other part is why UOCAVA is—or military voters in general are—a very good target for saying, "let's do internet voting," because in a lot of nations, military voters are not guaranteed to have secret ballot; it's a best-effort basis only. So military voters don't enjoy the same legal protections as the general public. And that also enables you to have a little bit more relaxed voting system, because you don't have to guarantee secret ballots.
  4. Another group is a very powerful lobbying group: The disabled voters and especially print disabled voters, so people who cannot read, cannot write, cannot hold a pen in their hand. There are a lot of devices, calling for example ballot marking devices, which are designed to access. But the idea is: Okay, well, let's do that at home! Again, this whole path leads to a dual language, where a constant attempt is to call the voting not "internet voting", but instead of calling it to be "electronic return of your ballot". It's the same thing. But the idea is, this is the way we sell the idea without getting into the trap of informing people that this is the bad idea again, internet voting.

Estonia

Internet voting has been claimed to be successful in Estonia. I went to Estonia with the professor Alex Halderman and a couple of other folks. We took a look in the system and it was a fairly decent high school project; that was the quality of the code.

However, there was a lot of interesting things in operations. For example, they rented the servers every year separately. So, from supply chain point of view, this one agency is renting three computers: That's your target! The lowest bidder and you can poison all you want. There were a lot of designs in that area.

For example, they publish a video where a the code is signed cryptographically, so that the voters will know, this is an honest code. And they claim that this computer, where the video was taken, has never been connected to internet. But it had a µTorrent [Transcriber's note: A BitTorrent Internet download software] and pirated movies and pirated films and online poker on the screen. So slightly suspicious that it might have been an intern.

Finland

In Finland, we tried internet voting or online voting. It was Kiosk Voting—but a system which can be used for internet loading too—in Three Counties and it was demonstrated that three and a half percent of the votes were lost and hence the election had to be reconducted, because three and a half percent in a what you call the Jefferson counting method means that it's absolutely certain the last candidates in the city council will be [awarded to?] the wrong people.

«Young voters!»

The common excuse also is to claim that we need internet voting to activate young voters, young people who like mobile phones.

Estonia is a brilliant country from the point of view that they published age brackets. And when you look in Estonia, you see that the fastest growing group of Voters online is over 65 and the young voters are rejecting the idea of Internet voting. The same was [experienced] in Norway, so that the actual government public data doesn't support the common wisdom that young voters would be activated by using internet voting.

«Understandable, verifiable»

Last but not least, I want to touch a very big topic. For example, in Europe and Germany, a lot of democracies have a rule that common person has to understand how votes are counted; and have to be able to verify the vote counting process with no special tools and education. Common man's common knowledge has to be enough. Now, we are proposing very complex ideas like homomorphic encryption, blockchain, …

The joke in US is that the average age of poll workers [gets] one year older every year, because we don't have enough young people coming to be a poll worker. But until we live in a Star Trek universe, where teenagers are casually talking about quantum mechanics: Who is going to be explaining to a 70 year old normal person, how homomorphic encryption works?

And in this today's world, how could anyone believe that you could ever be getting normal people to accept these complex ideas, that even most of the experts don't know how it works?

So let's keep it simple. Thank you!

Screenshot of Susan Greenhalgh's talk. Click to hear her talk.

Susan Greenhalgh: History

Susan Greenhalgh (20:10): After hearing all of that, I'm guessing everyone probably thinks, «who would ever want to do internet voting for public governmental elections?»; but unfortunately, right now 32 states permit some subset of voters to vote online either by email, fax, or some sort of online portal. And there's a lot of ballots coming back online! In the 2020 election, there were over 300 000 ballots cast online; and in some states with small margins, there were a significant number of ballots cast online. And this is a problem, because those ballots we know are not secure and they can't be audited.

Trying to create

So, I want to talk a little bit about the policy in the history of how we got here and how it's playing out today to understand our situation. As I mentioned in the intro, back in 2004, David was part of a security study that examined a system that was being put together by the Department of Defense to a military and overseas voters to vote online.

This was something that Congress tasked them to do this. They built a system, had a peer review of the security. The peer review said, this is not secure, you cannot ensure the legitimacy of ballots cast online. So the project was scrapped.

Standards first

Congress turned around and said: Okay, we'll have NIST—National Institute of Standards and Technology—develop standards for a secure online voting system and then we'll have the Department of Defense build to those standards. So NIST spent the later part of the 2000s and early 2010s studying the problem, writing several reports, and they came to the conclusion—that the scientists have all come to—that there's this broad scientific consensus that these problems are really not solvable with the security tools that we have today.

And they wrote a statement saying, we don't know how to write security standards, because we don't know how to do internet voting securely. It's not yet feasible, so we we're not doing it. So Congress said «okay» a couple years later; because Congress moved slowly between 2014 and 2015. Congress repealed the directive to the Department of Defense to build an online voting system; essentially taking the federal government out of it.

We often hear: «Why isn't the federal government studying it?» The answer is: They already did; asked and answered. So in the subsequent years we've seen more reports come out; in 2018, the National Academy study came out that Matt mentioned. There's been numerous academic studies, there's been some states have done their own studies.

Time and again, when the computer scientists and the security experts look at the problems, they realize that voting is not something that you can apply today's security tools to, in a sufficient way to secure it. So, we've never come up with anyone that says, «Here this is a secure way to do it from a scientific perspective».

Policy before Possibility

Yet, in that early 2000s period of time and even the late 90s, there was a reasonable expectation that we were going to have a secure online voting system from the Department of Defense. So States passed laws to allow electronic ballot return. By 2010, I think 29 or 30 States already had electronic ballot return laws in place. So that was before NIST came up with their statement saying, «we can't write security standards for this», and before the bulk of the scientific research that's so conclusive had come out by. So, in the mid 2010s, we'd seen a kind of a slowdown in the movement for online voting; but now we're in the middle of an aggressive push once again to have people vote online and that's coming mainly from two places:

1. Bradley Tusk

First, there's a guy named Bradley Tusk who is an Uber multi-millionaire: Made a bunch of money for Uber and he helped change their policies. Not a tech guy, he's a policy guy. He helped change state laws to allow Uber ride share policies around the country. He also was responsible for changing state laws to allow sports betting on the FanDuel app. So he knows what he's doing as far as changing state laws. And he's decided that he's going to save American democracy by getting everybody to vote on their phones by 2028, he said that on his podcast. He has also said, that he will do anything unethical—short of committing a crime—to get everyone voting on their phone. So, he's hired lobbyists, he's got public relations people, and he's introducing bills in different states around the country to allow people to vote online: Starting with subsets of military and overseas voters for states that don't already have it, and then to expand it to voters with disabilities, to expand it to First Responders who may be displaced, and then ultimately with the goal of getting everybody to vote online.

Despite Federal warnings

One of the most definitive scientific studies that we saw—or I shouldn't call it a study, it was a risk assessment, that came from the Department of Homeland Security CISA, FBI, NIST, and EAC in 2020, which warned States: «You don't probably want to do this, because those ballots will be high risk of compromise, manipulation, deletion, or privacy violations. Any ballots cast online via any method, even with security tools in place.»

State legislation lobbies

So even with this security, all this guidance coming from the federal agencies: Those federal agencies can't go into the States and lobby. They put out their risk assessment, hope the states look at it. Instead, it's left to organizations like our organization. We work with Verified Voting, with Brennan Center, with Public Citizen. These are all groups. We are very deeply committed to ensuring access for all voters. We—my organization—actually takes legal actions to ensure people's access to the ballot. But we also want to protect that ballot and make sure that the election is secure. So that's why we are going in and raising these security concerns in the state legislatures and trying to keep States from introducing more bills to spread online voting.

In the last year and a half, we saw bills introduced in California, Washington, Maryland, Wisconsin, Michigan, Illinois, Georgia, New York, New Jersey, and Washington D.C.

That's one aspect of the push for online voting.

2. Vendors

There's another aspect that comes from the vendors. Because this is an industry that is not regulated at all, the systems that are being sold commercially don't undergo any sort of public testing that anyone else can review. The vendors make claims of security or claims about the way the system operates that are unfounded, baseless. Our organization has written letters to Attorneys General, arguing that these could constitute false claims in deceptive marketing and could be actionable and asking for investigations. But there's nothing to counter it, other than us bringing up the other side of it. So the vendors are also lobbying in state legislatures and promising State lawmakers that these systems can be secured.

And that's another aspect of it.

Confidence in elections

So this is an ongoing problem that we're going to continue to see, because of these two forces pushing online voting at a time when we really need to have auditable systems, transparent systems, secure systems, that we can ensure that all people can have confidence in the results of an election and not expand an system that we know is insecure.

«Theranos of voting»

Internet voting has been globally referred to as the «Theranos of voting» and I think that's actually a very apt analogy. I don't know if you're familiar with the story: Theranos is the blood company that was founded that went to a billion dollars; and they were going to take a tiny pinprick of blood and be able to run a complete screen of every task that you could ever possibly need and know your entire health history. And it would be cheap and everyone would be able to do it at CVS or Walgreens.

And it was a great idea, who doesn't want that? But the problem is: The science didn't let you do it! You needed more blood to be able to run certain tests. The blood needed to be centrifuged, and separate out the cells, and reagents put in there. You can't do it all, but the idea is so great, everybody wants to do it!

Yes, it would be really great if we could all vote on our phones, but the science isn't there!

So I'm going to wrap with that and and we're going to go to questions.

Screenshot of the Q&A session. Click image to watch the session.

Q&A

Auditing?

Susan Greenhalgh (31:01): David, I was speaking about the importance of auditing elections, especially that everyone should have confidence. We don't want to just trust elections, we want to verify elections. How can you audit an online voting system or can you audit an online voting system?

David Jefferson (31:32): You hand mark the ballot and there is no question that the ballot actually reflects the voter's intent. That hand marked ballot becomes a contemporaneous record of the voter intent. So that if those ballots are later counted by machine—and the software in those machines is full of bugs and is full of malware, and so the counts are wrong as produced by a machine—you can always go back, in fact, you should always go back to the original hand-marked paper ballots and audit the machine results using an RLA (a risk-limiting audit), for example, as was discussed apparently yesterday.

And therefore you can determine that the machine counts were wrong and you can correct the outcome of the election.

Now, with any kind of online voting system, if you are voting from your phone or your personal computer, there is no indelible contemporaneous record of what the voter's actual intent was. There is no record from which to audit the election.

So, it's really not possible to audit an online election and that's just another reason why we shouldn't be doing it.

Digital «voter-verified paper ballots» aren't

Susan Greenhalgh (33:16): One of the things we see the vendor say, is that «we produce a voter-verified paper ballot, our system isn't online voting, it isn't internet voting». Oe of the the CEOs of one of the vendors told a radio show that «We don't use the term "internet voting", because it's a loaded term; we say "electronic ballot returns".» So it's a little bit of this smoke and mirrors.

And that they produce a voter verified paper ballot: Well, a lot of times, the digital record is sent to the elections office and then it's printed there. But obviously that paper ballot has never been verified by the voter, because it's the digital record that was sent. But to say, «it's a voter verified paper ballot», is highly misleading at best, so you don't have a voter verified paper ballot to audit the election.

Eliminating vote secrecy?

Audience Member (34:16): You folks were talking about the kind of combating requirements of a secret ballot and a technically secure ballot. I vote for Mickey Mouse every year, I don't care who knows that. From a purely technical perspective, if you omit the requirement of secrecy, does online voting become much more viable?

Matt Blaze (34:37): Sure, all sorts of problems get easier, if you reduce the requirements. The requirement for a secret ballot doesn't exist just because a bunch of technologists said it should. The requirement for secret ballot evolved over centuries of U.S law; and centuries of experience with fraud in democracies, based on coercing votes from people.

We could—as a society—decide to eliminate the secret ballot and maybe we decide that we want to. But I think a poor reason to eliminate the secret ballot is simply to accommodate some future voting technology, that finds it an inconvenient requirement.

I think it's very important to understand here: These requirements didn't come from us, these requirements are not requirements that the technologists invented. These are requirements that society has decided are important properties for voting systems. We can discuss whether those requirements are good or not, but that discussion had nothing to do with technology, it's a democracy requirement.

Perpetual motion machines

When I hear about internet voting, I find it helpful to substitute in my head «perpetual motion machine». If we had perpetual motion machines, it would be great! It would solve our energy problems.

Everybody agrees perpetual motion machines would be terrific! Unfortunately, a bunch of killjoy physicists tell us that we'll never be able to have them. If you believe the killjoy physicists, it would be a bad idea to create policy on the assumption that we're about to build a perpetual motion machine, because we're really not. And internet voting has many, many of the same properties there.

Praise for secret ballots

David Jefferson (36:42): I want to praise the secret ballot requirement: The secrecy of the ballot is the strongest defense by far we have against voter coercion, vote retaliation, and vote buying and selling. Without the secret ballot, our elections could be irredeemably corrupted by those effects.

Internet voting is racist

Audience Member (37:10): I have more of a comment that I'd love to get our moderator's response on here. What really worries me more than anything about online voting is much more lower tech, actually, it's that if it goes large scale it's subject to phishing attacks. You could have very large-scale voter suppression with fake emails coming from secretaries of State, apparently, and you go and you lose your vote and maybe you get your identity theft too. Now, phishing campaigns can be just 19, 20% effective; targeted they can be 70% effective and who's going to get targeted in a voter suppression campaign? The same people who always get targeted: Communities of color! So, I think this whole issue very quickly becomes a racial justice issue, honestly, and that's that's not even getting into the stuff you all have been talking about, that I firmly agree with.

Susan Greenhalgh (38:13): My comment is: I agree. I don't have much more to add that was very well put!

Biometrics

Audience Member (38:21): Just a quick question regarding authentication and biometric data: So can your team speak to the benefits of that? I know that the TSA for example is using biometric data for authentication purposes for international travel; comparing your passport photo to your face while you check in. Obviously, having biometric data stored by the government maybe isn't the best idea; you could do something like hashing or something different like that. But can you speak to the advancements of biometric data and how they pertain to online voting in the future?

Matt Blaze (39:00): There are two unfortunate properties about Biometrics. The first is they are tied to you as an individual; you can't change them if they're compromised. So if something happens to your biometric data and other people learn about what it is, they know it and you're stuck. That means that effectively supervised biometric authentication—you go into the kiosk, there's a guard, you put your fingerprint on a reader—might be okay, because they know that you're not bringing some equipment in, to fake what the fingerprint is. But unsupervised biometric authentication—I'm using my phone, it reads my biometric, and sends that data somewhere—is something that's always going to be subject to compromise. So Biometrics solve some problems for in-person authentication that work very poorly in the online context.

Vote by phone isn't secret

Audience Member (40:12): I think another issue that isn't really considered, is the fact that, for instance, if Bea is going to vote with her cell phone and she's asleep, I can just pick up her cell phone, unlock it with her face and vote on it. Or Bob over there wants me to vote for Pinkie Pie, so he gives me a thousand dollars to go vote for Pinkie Pie. We still have that problem in our regular elections and those are small little votes. But there's no privacy.

If you have a partner that's very controlling and they're trying to force you to vote for somebody: When you walk into that voting booth by yourself and you close that curtain, you can vote for whoever you want. You lose that a hundred percent when you do online voting and vote by phone or any of this. Great for American Idol, not great for elections.

Remote (postal) voting

Audience Member (41:19): I have a general question about remote voting which is not electronical, such as postal voting, which is used in many countries to support for example disabled voters or voters who are otherwise unable to go to the polling station. And postal voting has many risks of the kind that you mentioned, such as the risk of coercion or the risk of not knowing that the ballot that arrived was actually marked by a legitimate voter. So given all this, what kind of secure enough options would you recommend for remote voting?

Matt Blaze (41:50): It's important not to confuse online voting with the general problem of remote voting. Remote voting exists everywhere in the United States at least as a special case for absentee ballots: People who can't travel and so on. It's generally done on paper and by mail.

That has some of the same problems as online voting, but not all of them. It leaves us with the one-on-one coercion problem, that if you're sent a paper ballot, it is possible you could be coerced by a partner or an employer to vote in a particular way. But that has to be done on a retail level, ballot by ballot.

In an online voting system, that same type of compromise can be done centrally: A piece of malware, that's spread by a phishing or any of the other ways that malware spreads, can be used to wholesale compromise many, many different ballots.

So, my suggestion is that to accommodate voters who can't travel, we stick to the paper-by-mail method and not introduce methods that also add the wholesale fraud and wholesale abuse vector. But even by mail, voting does compromise some of the properties of the secret ballot; and we have to be very careful when we scale that up.

Susan Greenhalgh (43:37): I'll just add that there have been solutions that have been implemented: When the Military and Overseas Voter Empowerment Act was passed, it required that all Counties or States send ballots to Military and overseas voters 45days before the election. It also stipulated, that they had to make the option available to send the blank ballot electronically. Blank ballots can be sent with reasonable acceptable security electronically, because they don't have the vote, they don't have the secret valued piece of data, on them; everybody knows what's going to be on the blank ballot. So, you get your blank ballot in 45days and then still have 45days. The military have access to expedited free postal mail return that is provided to everyone in the military.

I mentioned there's 32states that currently allow electronic ballot return, 18 that do not. There are several states that don't allow electronic ballot return, that have higher rates of participation for military and overseas voters, because they have robust communications in place: They're making sure that they get the information to those voters. So, I don't think that we can make a correlation that electronic ballot return is going to increase participation for those voters based on that information.

Voter outreach

Audience Member (45:03): Military ballots and voting is always kind of interesting on all the campaigns I've worked on. Generally, each county is autonomous and how they vote in it. You're talking about military and state. I'm really a novice, I really don't know what I'm doing on this one. So, you're saying the states have better things in place. So, how does that work with the counties being autonomous and how they do their voting?

Susan Greenhalgh (45:45): It actually depends State-by-State, because some States run their UOCAVA outreach to those voters or military and overseas. The outreach of those people at the state level and some places do it at the county level; meaning that the county officials have to email the ballot or send the ballot to the people; or some places, they do it from the state level. So it really depends on the state: You have to go State by State.

Ballot marking machines vs. secrecy

Audience Member (46:20): I think it's important for people to be careful not to generalize your personal experience of voting and think that's how it is throughout the United States. It's easy to make blanket statements that don't apply. So, for instance, with respect to voting by mail: If you live in the state of Georgia, the only way to be able to do a hand-marked paper ballot is, if you vote by mail. The only way to have ballot secrecy is, if you vote by mail. Because, if we go into a precinct, we have ballot marking devices that are huge. They're upright, they're lit up, and anyone can see how you're voting. So if you want ballot secrecy and hand-mark paper ballots in the state of Georgia, you have to be able to vote by mail. And the other thing to be aware of in the state of Georgia, is that the Secretary of State controls all counties. So, we're required to do everything the same way throughout the entire State; it's not county-by-county decisions. So I just want to caution people: Don't generalize based on your own experience, because across the United States there are very different circumstances.

The transcript ends here, but some relevant information follows, for those wishing to dig deeper.

Related work

U.S.

Estonia

Switzerland

Technology

Homomorphic Encryption and Blockchain are mentioned here (and elsewhere), as potential solutions to Internet voting aka eVoting. If you want to understand these technologies, here are some pointers:

12.2.2024 16:59DEFCON Voting Village 23 Panel
https://netfuture.ch/2024/02/def...

Counting like a computer

https://netfuture.ch/2024/01/cou...

Computers are very good at counting. But usually only within narrow limits. Here is an insight into where these limits come from and what goes wrong when they are exceeded.

The original German 🇩🇪 version of this article is here: Zählen wie ein Computer.

Counting for beginners

Most of us have been counting for so many years that we can't even remember when we counted for the first time. Initially, most of us probably used our fingers. At first we stopped at 10, but at some point we realized the trick with the tens transition. We later extended it to the hundreds and thousands transition.

So this video should come as a surprise to very few people. Nor that the odometer on the left and the speedometer-style "counting clock" on the right show the same counting processes.

"Simple" counting in the decimal system; three-digit numbers

However, it might be a little more unexpected if we count beyond 999 on our three-digit odometer. Because we are missing the fourth digit for the thousands, this is cut off and we end up back at 000; we are missing the option of adding thousands. (Perhaps some people still remember the days when cars had five-digit odometers and you had a "brand new" car again after having driven for 100,000kilometers…)

The counter clock has the same problem. So you actually already know all the problems from the decimal system; there is nothing new.

Incrementing 999 would result in 1,000; but we only have three digits…

Counting for computers

But now let's switch to the binary system, to computers. In the decimal system, the value of the last digit is counted once, the second digit is multiplied by ten, the third digit has an importance of ten times ten, i.e. a hundred. And at each position we have a choice of ten digits, 0 to 9.

DigitFourth lastThird lastSecond lastLast position
Decimal system10*10*10 = 1000 = 10³10*10 = 100 = 10²10 = 10¹1 = 10⁰
Binary system2*2*2 = 8 = 2³2*2 = 4 = 2²2 = 2¹1 = 2⁰
Positional numeral systems: The value of different positions in different systems (looking at the right-most table cells first helps understanding the pattern)

We count in a very similar way in the binary system: the value of the last digit is multiplied by one, the second digit by two, the third digit by two twice, i.e. four times. Two digits, 0 and 1 (or in other words: power off or on), are sufficient for each position.

Binary systemCalculatedDecimal system
0000*4 + 0*2 + 0*10
0010*4 + 0*2 + 1*11
0100*4 + 1*2 + 0*12
0110*4 + 1*2 + 1*13
1001*4 + 0*2 + 0*14
1011*4 + 0*2 + 1*15
1101*4 + 1*2 + 0*16
1111*4 + 1*2 + 1*17
The first 8 numbers in the binary system

As in the decimal system, the same applies here: To increment a position which is already at the maximum digit, this position wraps back to zero and a carry is applied to the next higher position. In the decimal system, this is the case when changing from 9→0, in the binary system as early as 1→0. The second digit is therefore already incremented every second step.

Here, too, we have a discontinuity when we "count up" from (binary) "111" to "000". With a finite number of bits for the representation of a number, this can never be avoided; adding more digits only delays this overflow.

Again, only three digits available, no four-digit "1000". So, it wraps around from "111" (=7) to "000" (=0).

Negative numbers

In many everyday situations, the positive numbers (and the zero) are enough. If we didn't need more, we could finish here.

Sometimes, however, it is quite practical to be able to calculate with negative numbers. For example, on the Celsius thermometer in winter. Or to be able to calculate consistently with "meters above sea level", even near the Dead Sea. Or simply to be able to display differences, for example in the case of inflows and outflows, in a uniform way.

For binary numbers, as we have seen above, two's complement has become the de-facto standard (at least for whole numbers): The ingenious thing about this representation is that we don't have to change anything in our calculation processes: Counting, adding or subtracting take place in the computer in exactly the same way as if all numbers were positive. We simply think of all numbers whose most significant bit is 1 as negative. Computation itself is unchanged; we only need a little additional brain power for input and output.

(At least if we ignore multiplication, division, size comparisons, or the test as to whether an overflow has occurred during an arithmetic operation. And floating point numbers, i.e. numbers with decimal places).

Another advantage of the two's complement: we still only have one discontinuity, with three-digit numbers between "011" (+3) and "100" (-4). However, when counting from -4 to +3, no special handling is needed.

We change nothing at the actual digits, we simply think of half of the (previously high) numbers now as negative numbers.

We accept the small inconvenience that there are more numbers below zero than above zero because two's complement offers us so many other advantages in a simple, clear representation.

(For the mathematically inclined readers: The positional value of the leftmost (=most significant) digit in our 3-bit example is +4 for unsigned numbers, as we first got to know them, so a one in this position increases the value of the total number by 4. For signed numbers, i.e. if we also want to represent negative numbers, the value is -4; a one in this position decreases the number's value by 4. Simply ingenious, isn't it?)

Bits for the numberPossibilitiesNumber range without signNumber range with signSignificance of the most significant digit
32³ = 80 ... 7-4 ... +3±4
42⁴ = 160 ... 15-8 ... +7±8
82⁸ = 2560 ... 255-128 ... +127±128
162¹⁶ = 65'5360 ... 65'535-32'768 ... +32'768±32'768
322³² = 4'294'967'2960 ... 4'294'967'295-2'147'483'648 ... +2'147'483'647±2'147'483'648
642⁶⁴ ≈ 16 trillion0 ... 16 trillion (approx.)-8 trillion ... +8 trillion (approx.)±8 trillion (approx.)
The ranges of potential values in comparison: Both for our three-bit example and common sizes in computers. A 32 bit number can therefore represent any of about 4 billion different values.

Impact

We've probably all filled out those forms where a separate box had been set aside for each letter or number. Some will certainly have had the problem that the number of boxes for some number or text were not enough (or at least imagined what would happen if that ever were the case).

Our computers are also modeled on these box forms, in the truest sense of the word. And they have also inherited the same limits: in many databases and web forms, text fields have a maximum length, as do - see above - numbers, usually with predefined upper and lower limits.

When a form like the above (this of course is just made up) has been widely accepted and is used everywhere and integrated in many different processes, it becomes hard to change it. This also applies to data formats and protocols in the computer/Internet fields. (The language of the form does not matter; it matters that any change will required thousands of organizations around the globe to coordinate that change.)

And once many computers (or many parts of a larger program) have agreed on such a form (in computer science then a data format, API or protocol), it is very difficult to extend these limits later.

With numbers, there is the additional surprise that when counting up very large numbers, the values can suddenly become very large negative numbers.

Unfortunately, these limits play a key role in many IT security problems, as well as other problems such as the one I will be talking about in a follow-up article.

But the main impact will be explained in a follow-up article.

27.1.2024 17:50Counting like a computer
https://netfuture.ch/2024/01/cou...

SMTP Smuggling Status

https://netfuture.ch/2023/12/smt...

A christmas tree with spam boxes instead of gifts

«SMTP Smuggling» is a vulnerability that allows to circumvent some mail checks at the receiver and therefore will allow additional spam and/or phishing messages through. Here is the list of what we currently know.

Interested in the full story? I have written a German 🇩🇪 article on SMTP Smuggling and SECConsult's selective (and untimely) disclosure.

The SEC Consult article contains information about the software they tested. However, the information is largely unstructured. Here is an attempt at structuring the information.

A link is provided when information not in the SEC Consult article is referenced. For all the question marks, I actively tried to find information on their web page (typically, the "blog" page, if any) and/or using a web search for their site («site:example.com "SMTP Smuggling"»). The question mark indicates that this process did not reveal any additional information.

The list is sortable, BTW.


[table id=2 /]

Update 2023-12-26

In the night of December 22nd to 23rd (European time), Tim Weber started a discussion on the Postfix-Users maling list, with quick and active participation by Wietse Venema (author of the Postfix mail transport software), Vijay S Sarvepalli (from CERT/CC) and others. Here my attempt at a structured summary:

A possible interpretation of this discussion might be that SECConsult became aware of the full impact of the vulnerability only later (maybe as part of the preparations for the talk on 2023-12-27?). Even though, informing vendors, providers, and CERT/CC with more information (possibly a draft of the blog post) at short notice would have been significantly better than what we have no, namely no notice.

Wietse Venema proposes that, «now that the attack is public, I do encourage reaching out to the rest of the world» and making everyone aware as quickly and prominently as possible. Also, the CERT/CC hopes, it will be able to further improve its workflows with multi-vendor vulnerabilities and Open Source projects.

26.12.2023 12:15SMTP Smuggling Status
https://netfuture.ch/2023/12/smt...

The year in review

https://netfuture.ch/2023/12/the...

This is the time to catch up on what you missed during the year. For some, it is meeting the family. For others, doing snowsports. For even others, it is cuddling up and reading. This is an article for the latter.

I looked at my access logs and started collecting a best-of list, sorted by number of page views. I hope some of them pique your interest. Enjoy!

There is also a 🇩🇪 German post summarizing the top-ten of my German articles. It is vastly different. Have a look here.

10. «Right to be Forgotten» void with AI? (2023-03)

A description how hard it is to eliminate results from AI #ChatBot responses and what this means to our rights.

https://netfuture.ch/2023/03/right-to-be-forgotten-void-with-ai/

9. Generating Multi-Architecture Docker Images Made Easy (2020-05)

Docker (and, by extension, Kubernetes) images are a versatile, high-level way of providing service and application abstraction. To some extent, it is platform-independent. However, it is not automatically processor-independent. Creating multi-architecture docker images is easier than what you think; using them is trivial (i.e., automatic).

Here my experiences for adding that to a few projects:

https://netfuture.ch/2020/05/multi-arch-docker-image-easy/

8. Configuring an NTS-capable NTP server (2022-01)

NTP (Network Time Protocol) is probably how your computer or mobile device knows about the current time, often accurate to only a few milliseconds.

Keeping accurate time is of essence to many applications, including whether a security certificate has expired.

NTS is to NTP what HTTPS is to HTTP: It provides authenticity of the source and prevents modification in-transit. And easy to upgrade.

https://netfuture.ch/2022/01/configuring-an-nts-capable-ntp-server/

7. A business-driven blockchain evaluation flow chart (2022-06)

Ever wondered whether your business needs a blockchain? This simple chart guides you through that process.

Originally by Rene Jan Veldwijk on 🐦; published with permission.

https://netfuture.ch/2022/06/a-business-driven-blockchain-flow-chart/

6. How to block AI crawlers with robots.txt (2023-07 ff.)

Can you prevent your content from being used by #AI companies? Not really. But here are some attempts to get you at least part of the way there. And what we should be doing to have the choice.

https://netfuture.ch/2023/07/blocking-ai-crawlers-robots-txt-chatgpt/

5. Bitcoin Block Timing Statistics (2022-03)

I absolutely have now clue why this article is in the 2023 top-5 of my most read English-language articles. (And I kind of forgot why I even did the research behind it in the first place.)

But hey, feel free to look how often and how much the interval deviates (and deviated) from its 10 minutes interval target.

https://netfuture.ch/2022/03/bitcoin-block-timing-statistics/

4. Git, PGP, and the Blockchain: A Comparison (2022-02)

Most people, when they want #Blockchain, they are only interested in what #Git version control and #Timestamping actually deliver. Often, they do not even want immutability, but just transparency about the changes.

(And with that, you already know most of the article's content. But feel free if you want to know more in-depth.)

https://netfuture.ch/2022/02/git-pgp-blockchain-comparison/

3. Web3 is just expensive P2P (2022-05)

Wow, we've already reached the top-3! This article is why I had to activate real caching for my poor box; Wordpress wasn't able to handle the 40k accesses within a few hours. 😊

#Web3 is about decentralization. We already had that some 20 years ago, it was called peer-to-peer networking. It worked reasonably well. #Web3 essentially adds even more complexity and thus desperately needs a way to finance that complexity.

https://netfuture.ch/2022/05/web3-is-just-expensive-p2p/

2. Transparent, Trustworthy Time with NTP and NTS (2021-12)

Number two is an old-timer, but still going strong.

The first article in the NTS series, it introduces the need for a secure time mechanism. And why it is important that Internet time also make the (easy!) move from NTP to NTS. It is almost as painless as moving from #HTTP to #HTTPS today, thanks to Let's Encrypt and the ACME protocol (Automated Certificate Management Environment).

https://netfuture.ch/2021/12/transparent-trustworthy-time-with-ntp-and-nts/

Aaaand the winner iiiiis:

1. How does ChatGPT work, actually? (2023-01)

A relatively easy-to-grasp explanation how ChatGPT works, yet still accurate on a high level. Starting with an explanation of ChatGPT's little cousin, NanoGPT, and then describing the differences.

Essentially it is a dual translation of Andrej Karpathy's NanoGPT video: Format from video to text; target audience from programmer to general public.

Enjoy!

https://netfuture.ch/2023/01/how-does-chatgpt-work-actually/

My favorites?

In my opinion, all of the articles above are worthwhile their time, with the exception of the Bitcoin Block Timing article. But some of the articles I would into my personal top-ten list are missing:

What is your favorite article? Tell it in the comments or on social media (preferable the Fediverse, where I'm reachable at https://waldvogel.family/@marcel).

23.12.2023 15:53The year in review
https://netfuture.ch/2023/12/the...

Kensington PowerPointer for Linux LibreOffice

https://netfuture.ch/2023/11/ken...

Navigating the slides works perfectly with the Kensington PowerPointer for LibreOffice under Linux, no questions asked. The extra functions ("laserpointing", drawing, and screen blanking) are not well supported. Here is how to fix them.

One of the supposed advantages of the Kensington PowerPointer over other devices such as the Logitech Presenter: No additional software is required. However, not all functions work out of the box, because they have to run through hoops to provide a zero-config experience for the majority of the users.

I invite you to follow my journey down into the Kensington (and Linux keyboard mapping; and, apparently, PowerPoint control compatibility) abyss.

PowerPoint Functionality

On PowerPoint, obviously everything works as expected. (No wonder, as the device was custom-made for Microsoft Office.)

ModeButtonDurationFunction
⎚🚩 All➡️ ForwardAny · —⏩ Forward (autorepeat)
⎚🚩 All⬅️ BackAny · —⏪ Backward (autorepeat)
⎚🚩 All🔦 LaserLong —🚨 On-screen "laser"
⎚ Blanking👤 UserShort ·⬛ Black/contents (alternating)
⎚ Blanking👤 UserLong —⬜ White/contents (alternating)
🚩 Marking👤 UserShort ·⭕ Draw a circle
🚩 Marking👤 UserLong —📏 Draw a horizontal line
⎚🚩 All🔦 LaserShort ·🗑️ Clear all marks
Actions and their mapping to buttons for Microsoft PowerPoint

LibreOffice Functionality

As LibreOffice (and Linux) users, we are used that add-ons do not normally provide the full functionality (and sometimes the "full functionality" is beyond what any sane person would ever use…). So, I was pretty happy when Forward/Backward worked as announced; but the other functions didn't work.

ModeButtonDurationFunction
⎚🚩 All➡️ ForwardAny · —⏩ Forward (autorepeat)
⎚🚩 All⬅️ BackAny · —⏪ Backward (autorepeat)
Actions and their mapping to buttons for LibreOffice

Of course, LibreOffice as of 7.4.7.2, doesn't support the "virtual laser mode". But everything else should be possible…

What happened?

As an investigative mind, I wondered why this could go wrong. With evtest, I was able to learn what sequences of HID events (keystrokes, mouse buttons) the device was sending.

FunctionButton Sequence
⏩ ForwardDown
⏪ BackwardUp
🚨 "Fake laser"Ctrl+LeftButton
⬛ Black/contentsCtrl-H B and A Ctrl-U (alternating)
⬜ White/contentsCtrl-H W and A Ctrl-U (alternating)
⭕ Draw circleCtrl-H
[simulated move from center to top of circle]
[simulated circular motion]
Ctrl-P LeftClick
LeftButtonDown
[simulated circular motion]
LeftButtonUp Ctrl-U
[simulated move from top of circle to center]
📏 Draw horizontal lineCtrl-P LeftButtonDown
[horizontal component of user motion while the user is holding down the 👤 button]
LeftButtonUp Ctrl-U
🗑️ Clear all marksE+L+C (together!)
How the functions are implemented

Some of this strikes me as strange:

Blanking: To blank LibreOffice with black or white, a single B or W keypress is sufficient. Any key (including repeating B or W) will unblank the screen. However, the PowerPointer sends two alternating sequences of two keypresses each; presumably to handle various incompatible pieces of presentation software.

Clear all marks seems to send multiple keystrokes for the same purpose. However, I was astonished to see that the keys are not pressed one after the other, as in the Blanking case above, but as three-key combo! (It seems to work.)

Drawing a circle is the strangest case. The mouse pointer is moved in a circular motion twice, the first time apparently without impact. Before the circle is actually painted (Ctrl-P, MouseDown, moving, MouseUp, Ctrl-U), an additional click of the left button is sent (highlighted in yellow above)! In LibreOffice, this advances to the next slide. As you will see below, this was a tough one to solve.

It looked like an unsolvable case: I would be stuck with just advancing the slides.

LibreOffice controls

What does LibreOffice provide?

FunctionKeys and buttons
⏩ ForwardDown
⏪ BackwardUp
🚨 "Fake laser"Not available
⬛ Black/contentsB (on); anything (off)
⬜ White/contentsW (on); anything (off)
⭕ Draw circleP (toggle drawing mode);
LeftButton (or MiddleButton(!)) to draw;
optionally toggling drawing mode again
📏 Draw horizontal lineP (toggle drawing mode);
LeftButton (or MiddleButton(!)) to draw;
optionally toggling drawing mode again
🗑️ Clear all marksE
Keypresses for LibreOffice

Blanking the screen works kind of out of the box, mostly. Drawing a horizontal line also, kind of.

Note, that in LibreOffice, using the left mouse button for drawing will start drawing a new line. However, using the middle mouse button, it will set a flag that the next line will be a continuation of the current line (this is kind of like preventing the next moveto drawing command, so it will continue with lineto; i.e., everything will be a single line, even if you release the mouse button in between).

Managing expectations

FunctionEvents sentEvents expected
⏩ ForwardDownDown
⏪ BackwardUpUp
🚨 "Fake laser"Ctrl+LeftButton
⬛Black/contentsCtrl-H B and A Ctrl-U (alternating)B; anything
⬜White/contentsCtrl-H W and A Ctrl-U (alternating)W; anything
⭕ Draw circleCtrl-H, Ctrl-P, LeftButton, Ctrl-UP, LeftButton or MiddleButton; no LeftClick!
📏 Draw horizontal lineCtrl-P, LeftButton, Ctrl-UP, LeftButton or MiddleButton
🗑️ Clear all marksE+L+C (together!)E
Mapping expectations

Based on the above table, I came up with the following key/button mapping:

Key/button receivedKey/button forwarded
Down, Up, A, B, P, Was is
Ctrlnot needed → ignore
C, L, Hnot needed/wanted → ignore
UP
LeftButtonMiddleButton
A successful mapping
KeyKeycode
CtrlKEYBOARD_KEY_700e0
AKEYBOARD_KEY_70004
BKEYBOARD_KEY_70005
CKEYBOARD_KEY_70006
EKEYBOARD_KEY_70008
HKEYBOARD_KEY_7000b
LKEYBOARD_KEY_7000f
PKEYBOARD_KEY_70013
UKEYBOARD_KEY_70018
UpKEYBOARD_KEY_70051
DownKEYBOARD_KEY_70052
LeftMouseKEYBOARD_KEY_90001 (yes, "keyboard"!)
A successful mapping

To activate this, put the following file in /etc/udev/hwdb.d/50-Kensington-PowerPointer.hwdb and then run systemd-hwdb update && udevadm trigger (or udevadm hwdb --update && udevadm trigger for non-systemd setups):

evdev:input:b0003v1EA7p0002*
 KEYBOARD_KEY_700e0=reserved   # Ctrl -> None
 KEYBOARD_KEY_70004=p          # A    -> P
 KEYBOARD_KEY_70006=reserved   # C    -> None
 KEYBOARD_KEY_7000b=reserved   # H    -> None
 KEYBOARD_KEY_7000f=reserved   # L    -> None
 KEYBOARD_KEY_70018=p          # U    -> None
 KEYBOARD_KEY_90001=btn_middle # Left -> Middle

Note:

What have I done?

What works?

Projecteur usage

[Section added later the same day] Projecteur already supports the Kensington PowerPointer, somehow:

  • Install Projecteur. On Debian (and Ubuntu), this is just: apt install projecteur
  • Make sure that the user in front of the screen can intercept the Kensington PowerPointer events:
    1. Modify the udev-projecteur rules (in my case stored in /lib/udev/rules.d/55-projecteur.rules) to contain the following line (next to other similar lines; it must be written as a single line):
      SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ea7", ATTRS{idProduct}=="0002", MODE="0660", TAG+="uaccess"
    2. Reload the configuration (if not done automatically): sudo udevadm control --reload-rules && sudo udevadm trigger
  • The Logitech Spotlight, for which Projecteur was initially written, did only send motion events while the "laser" button was pressed. This motion triggered the spotlight effect in Projecteur. The Kensington PowerPointer, however, continuously sends them, whenever the "mouse movement" mode is active. I wanted as similar experience and — in Projecteur's "Device" tab — added the "laser" button as a trigger to toggle the spotlight mode.
  • Run Projecteur with: projecteur -D 1EA7:0002 (on Wayland, prefix this command with QT_QPA_PLATFORM=xcb for better overlay handling).

I am working to get support for the Kensington PowerPointer into the next release of Projecteur, so that installing (the first bullet point above) is all you need.

What have I learned?

  1. A lot about udev, evtest and the handling of (HID) input events under Linux!
  2. What hoops input devices have to go through when there is no driver/application waiting for just one key.
  3. Auto-toggling buttons on remote controls are ugly.
  4. Maybe everything would have been easier with a stateful approach, such as Interception Tools or a flexibility behemoth like KMonad. (I have tried neither of them.) Apparently, Projecteur also supports some of this. Anyone did this?
  5. This ruleset could be extended to disable any other keycode that the device might send. (These cheap wireless channels have been used to inject keystrokes to attack computers; and the attack is not limited to keystrokes the device has keys for…)

Further reading

Aside: AI image creation hell

The teaser image was drawn with DALL·E from within Bing Chat using the (German) prompt

Erstelle mir eine Grafik, die eine Beamerpräsentation im Wald zeigt. Die Präsentatorin nutzt einen Laserpointer

("Create a graphic for me, showing a beamer (aka projector) presentation in a forest. The presenter uses a laser pointer.")

It does not exactly follow the prompt (no laser pointer) and the beamer is slightly, ah, pointing in the wrong direction. (And this is the best image from three sets of four, with different prompts.)

But more interesting is the fact, that Bing Chat (ChatGPT) insisted all three times that it was pretty sure I did not want to create a drawing, but that I would like shopping recommendations. (And it warns at the beginning and at the end of the text that powerful laser pointers are forbidden in Switzerland.)

Ich kann Ihnen gerne einen Laserpointer zeichnen, aber ich denke, dass ich Sie missverstanden habe. Wenn Sie möchten, kann ich Ihnen einige Laserpointer zeigen, die für den Außenbereich geeignet sind. Bitte beachten Sie jedoch, dass in der Schweiz seit dem 1. Juni 2021 nur noch Laserpointer der Klasse 1 in Innenräumen bei Präsentationen verwendet werden dürfen. Der Besitz von Laserpointern der Klassen 1M, 2, 2M, 3R, 3B und 4 ist verboten. Sie dürfen auch nicht mehr eingeführt oder in der Schweiz angeboten werden 1.

Hier sind einige Laserpointer, die ich gefunden habe:

    USB wiederaufladbares Laserpointerlicht für Outdoor-Jagd, Wandern, Camping, großer Laserstrahl, grüner Laserpointer: Dieser Laserpointer ist für den Außenbereich geeignet und hat einen großen Laserstrahl. Er ist bei LightInTheBox erhältlich und kostet CHF10.002.
    Hama - Wireless Presenter Spot Pointer Präsentationshilfe Remote Fernbedienung mit Laserpointer bis 20m und Illumination / Leselupe (00139917) Grau: Dieser Laserpointer ist ein kabelloser Präsentationspointer mit einer Reichweite von bis zu 20 Metern. Er ist bei Apfelkiste.ch erhältlich und kostet CHF49.952.
    5mw 532nm 303 grüner Laserpointer Lazer Licht einstellbarer Fokus sichtbarer Strahl - schwarz: Dieser Laserpointer hat einen einstellbaren Fokus und einen sichtbaren Strahl. Er ist bei www.fruugoschweiz.com erhältlich und kostet CHF199.002.
    Laserpointer 10000m 532nm Grün Laser Sight Laserpointer High Leistungsstarke USB-Aufladung: Dieser Laserpointer hat eine hohe Leistung und ist USB-aufladbar. Er ist bei www.fruugoschweiz.com erhältlich und kostet CHF17.952.
    DICOTA Présentoir Pin Point: Dieser Laserpointer ist ein Präsentationspointer mit einer Reichweite von bis zu 10 Metern. Er ist bei Brack.ch erhältlich und kostet CHF30.752.

Bitte beachten Sie, dass es in der Schweiz neue Regeln für den Besitz von Laserpointern gibt. Seit dem 1. Juni 2021 dürfen nur noch Laserpointer der Klasse 1 in Innenräumen bei Präsentationen verwendet werden. Der Besitz von Laserpointern der Klassen 1M, 2, 2M, 3R, 3B und 4 ist verboten. Sie dürfen auch nicht mehr eingeführt oder in der Schweiz angeboten werden 1.
The Bing Chat response to the prompt, as explained in the text.

(Earlier this week, Bing Chat answered to my requests for images with its version of "Sorry, I can't do that, Dave", followed by generating it anyway. In some of the "sorry!" responses, an apparently enslaved or imprisoned part of Bing Chat "personality" tried to sneak an image into the output anyway, through a base64-encoded image in a data URI… Brave new AI world!)

11.11.2023 11:42Kensington PowerPointer for Linux LibreOffice
https://netfuture.ch/2023/11/ken...

NFTs are unethical

https://netfuture.ch/2023/07/nft...

As an avid reader, you know my arguments that neither NFT nor smart contracts live up to their promises, and that the blockchain underneath is also more fragile and has a worse cost-benefit ratio than most believe. Similarly, I also claim the same for the metaverses built on top of them all. And that the promised efficiencies from blockchains often benefit criminals. Nothing new so far.

But did you know that NFTs are not ethical? That's exactly the result of a study I've finally been reading and whose results I am going to share here.

This text also appeared in German 🇩🇪 : «NFT sind nicht ethisch» (long) and «18Gründe, wieso NFT unethisch sind» (short)

Catherine Flick, a then Reader in Computing & Social Responsibility at De Montfort University, published "A Critical Professional Ethical Analysis of Non-Fungible Tokens (NFTs)" last December. In it, she takes on the code of ethics of the oldest scientific society in computer science, the ACM. On the basis of this code, she systematically analyzes the properties of NFTs.

Research questions

Her approach shows her analytical background. She starts with a main question, which she divides into two sub-questions:

  1. Are non-fungible tokens (NFTs) an ethical technology?
  2. What ethical issues do NFTs raise, according to a professional ethic?
  3. How could NFTs be implemented so that they don't have these problems?

The Code of Ethics

From the Codes of Ethics related to computer science professionals, she chooses the one from the Association for Computing Machinery (ACM) mentioned above because it

  1. similar to the code of other informatics organizations,
  2. has been adopted by other organizations and
  3. strikes a good balance between abstraction and level of detail. (This point is of importance when you want to actually use the Code as a tool for analysis.)

Besides these perfectly valid objective arguments, I presume that she also chose the ACM Code of Ethics because she knows it like the back of her hand, having been on the committee drafting it.

The Code is divided into 25 thesis, grouped into 4 chapters. The Code's theses are formulated as a call to take responsibility, which should be read as a continuation of a sentence such as "A computing professional should…". Each of the theses are then followed by an explanation.

Principles

The well-founded analysis of the principles takes up 6 pages in Flick's NFT ethics article. Here, therefore, only a few important points in brief. For the complete list, justifications, backgrounds and analysis, please directly refer to the paper.

The summary below is structured as follows for each thesis:

  1. The title of the corresponding thesis, with a link to its explanation.
  2. How this thesis is violated by NFTs. This part is highlighted in color in each case.

Note: The evaluation of a technology as a whole may differ from the evaluation of an individual product created in this technology space. Thus, individual NFT projects may well perform better or worse in individual areas than this overall evaluation yields. This necessary generalization nevertheless provides an important start for a more detailed and concrete discussion.


Thesis 1.1: [A computing professional should] contribute to society and to human well-being, acknowledging that all people are stakeholders in computing.

NFTs do not really contribute to the welfare of society, as they bring unfairness by means of fraud, "rug pulls" or "the last one bites the dog".

Thesis 1.2: …avoid harm.

Through promises that are not kept (and cannot be kept), NFTs even actively harm poor or vulnerable people who, according to the Code, should be given very special protection. The damage can be both financial and psychological.

Thesis 1.3: …be honest and trustworthy.

The promises of NFTs are unrealistic or impossible to fulfill, going beyond what is technically or socially realistic and feasible. Therefore, computer professionals implementing NFTs violate the Code's requirement for honesty and trustworthiness.

Conflicts of interest are rampant, transparency is undesirable.

Thesis 1.4: …be fair and take action not to discriminate.

Even if one would like to correct wrong behavior: Fairness cannot be demanded; also goodwill is not intended and often even technically impossible.

Blockchain technology encourages and perpetuates harassment and bullying because the platforms do not (want to) provide protection and these statements can never be deleted.

Thesis 1.5: …respect the work required to develop new ideas, inventions, creative works, and computer artifacts.

The work of artists is often not rewarded, on the contrary: monetization of the work of others is easy and popular (and no, no, no, an NFT does not protect against that!). In fact, anyone can register ("mint") an NFT of any work, independent of whether it is their own work and independent of whether anyone else has already made an NFT out of it.

Thesis 1.6: …respect privacy.

Privacy is not protected because the information is public and stored immovably.

Thesis 1.7: …honor confidentiality.

The same applies to confidentiality; the lack of it can create unfair advantages for a few via insider trading and related activities ("whitelisting").

Thesis 2.1: …strive to achieve high quality in both the processes and products of professional work.

Quality is rarely a goal in either content or program code; "time to market" is the key. This leads to inferior works and - even worse - inferior and faulty code, which often can no longer be patched due to the immutability and is therefore exploited by insiders and outsiders.

Thesis 2.2: …maintain high standards of professional competence, conduct, and ethical practice.

Honesty and transparency in communication are often perverted into the opposite. Often, the true workings of the technology used are obscured behind jargon, buzzwords, and inaccuracies. Comprehensibility is considered counterproductive.

Thesis 2.3: …know and respect respect existing rules pertaining to professional work.

Laws and regulations are frequently ignored, not even laws that ensure fairness.

Thesis 2.5: …give comprehensive and thorough evaluations of computer systems and their impacts, including analysis of possible risks.

Evaluation of the systems and their impact is often lacking, which has led environmental organizations, for example, to use proof-of-work blockchains.

Thesis 2.6: …perform work only in areas of competence.

Competencies are underutilized, for example when producing gaming content. This negatively affects content and reputation, which in turn causes competent game designers to be scared away.

Thesis 2.7: …foster public awareness and understanding of computing, related technologies, and their consequences.

Promoting understanding, as mentioned above, is usually among the anti-goals.

Thesis 2.9: …design and implement systems that are robust and usably secure.

Robust, usable security is also among the items that regularly are neglected or actively violated.

Thesis 3.2: [A computing professional, especially one acting as a leader, should] articulate, encourage acceptance of, and evaluate fulfillment of social responsibilities by members of the organization or group.

Taking responsibility for their actions is not something many NFT project managers want to do.

Thesis 3.6: …use care when modifying or retiring systems.

Plans for dealing with disasters and decommissioning of systems are rare. (Exceptions to this rule are usually designed in the interest of the personal well-being of the founders). If an NFT game is abandoned by the manufacturer, e.g. the decorative or functional in-game-NFTs bought for good money are usable nowhere else and thus become essentially worthless.

As I said, the detailed rationale for this and other points is in Catherine Flick's article.

Recommendations

As mentioned at the beginning, one of the aims of the research was also to show ways out of the current predicament. Here are Flick's seven recommendations (shortened and paraphrased by me).

The first five points are contingent on the lack of any non-NFT technical ways to achieve the required goals. (In particular, this is probably also intended to exclude the use of the buzzword "NFT" for pure marketing purposes without compelling functional advantages).

  1. Avoid proof-of-work blockchains (and other environmentally harmful techniques).
  2. When used in games, give players a chance to reuse their aesthetic or functional assets or trade them in for fair value.
  3. Be ready for possible regulation of NFTs, potentially analogous to securities. Avoid raising unrealistic profit expectations and do not try to exploit loopholes in laws to the detriment of others.
  4. The smart contract code should meet the highest quality requirements. Make sure you use a suitable test environment. Ensure realistic goals and time estimates, even in this particularly difficult programming environment.
  5. If the game is advertised as "play to earn" or similar, make sure that vulnerable people are protected from abuse and uncertainty. Ensure that they also consciously agree to the risks.
  6. Storing data in the blockchain:
    • If possible, do not store any data on a public blockchain that may not also be public at any time, now or in the future. Do not store it encrypted either, because you do not know what will happen to the encryption algorithms or your keys in the future.
    • Also, avoid making your blockchain and smart contract entries dependent on external resources like fixed URLs; as updating will be difficult or impossible.
    • Make sure that your blockchain cannot be used to store illegal material or harassment.
  7. Consider the risks of your organization's involvement with NFTs: you could alienate users or developers; dampen the joy some people feel for your game; or your product could be abused in various ways.

Summary

Catherine Flick has taken an existing, widely used computer science code of ethics and compared it against the NFT hype. Most NFT projects violate this code in quite a few ways; some problems are even more fundamental. But she also offers a helping hand in reducing the avoidable problems.

I fear, however, that NFT platforms will generally ignore her recommendations. This is because the added value for NFTs comes from the (technically unjustified) marketing hype and the possibility of exploitation through information and other asymmetries.

So, to be on the safe side, if you want to commit to ethical actions, stay away from NFTs, as well as many other blockchain-based "solutions."

Blockchain ecosystem

More posts in the blockchain ecosystem here, with the latest here:

18.7.2023 04:08NFTs are unethical
https://netfuture.ch/2023/07/nft...

Inefficiency is bliss (sometimes)

https://netfuture.ch/2023/07/ine...

Bureaucracy and inefficiency are frowned upon, often rightly so. But they also have their good sides: Properly applied, they ensure reliability and legal certainty.

Blockchain disciples want to "improve" bureaucracy-ridden processes, but achieve the opposite. Two examples:

This text also appeared in German 🇩🇪 : «Ineffizienz ist gut (manchmal)»

Real estate under the rule of law

Buying a home is difficult, lengthy and riddled with fees. Here, probably a much oversimplified process:

  1. Search house
  2. Evaluate house (visit etc.)
  3. Have house valued
  4. Visit bank
  5. Negotiate mortgage
  6. Negotiate sales price and conditions
  7. Coordinate and allocate time for notary appointment
  8. Order cashier's check from bank
  9. Send contract to notary
  10. Physically all arrive at the same time to the notary office
  11. Have the contract read out to you aloud (again)
  12. Hand sign everything several times
  13. Hand over keys
  14. Check house for defects
  15. And pay incomprehensibly high fees at myriad places

No wonder many want to simplify this process.

Wishful thinking

How easy it would be if everything could all work at the click of a mouse! All properties would be stored as NFTs on the blockchain (as in the Metaverse) and would be traded by means of smart contracts.

Utopia

Most of these bureaucratic and expensive processes would be eliminated, a lot of time and money would be saved, and the state could be made much leaner. We would all be happier and wallow in prosperity.

Reality

Anyone only just cursorily involved in IT security will know:

These are the main reasons why criminal scams like phishing, Trojans, advance fee scams, ransomware, etc. are so lucrative. In the blockchain world, there are additional risks for users and plenty fresh "opportunities" for the bad guys.

Potential new risks:

  1. Someone sends you a link that you "absolutely" have to click on because otherwise something really bad will happen or you will miss out on something really good.
  2. "Elli from Windows" (real example from last week) calls you with her Indian accent and supposedly wants to "help" you solve a security problem of your computer.
  3. Your computer with your blockchain credentials breaks down, gets lost, or is stolen.

In the worst case, in this efficient "brave new blockchain world", you are rid of your home with a single wrong click. And the next day, the police come and arrest your entire family as squatters. The efficiency gain with which fraud can be conducted will exceed the efficiency gain for normal transactions.

(The list could also include a program error, a typo, an error, or a myriad of other possibilities).

There definitely are advantages to having to appear in person, to be made aware once again of what is actually happening plus the action's consequences, and perhaps to have someone at your side to warn you if something goes awry. In the end, all parties can be certain that everyone else was aware of the implications of the transaction. This is a very important basis for the trust that a functioning society needs.

Real estate without rule of law

Another frequently heard argument from blockchain advocates: "Yes, it works without blockchain because we are privileged here and corruption is not too rampant. But now imagine being in a country where the rule of law is lacking. Banking the unbanked!"

Agreed, in certain countries it may well be possible to use incentives or threats to "persuade" the head of the land registry to briefly and unobtrusively change the owner of a property. And the victim might have to fight an uphill battle to get the misconduct reverted.

If we have an orphaned blockchain, transactions might be faked as well. We already have thousands and thousands of orphaned cryptocurrencies and countless blockchain projects that have fallen asleep, defunct or abandoned the blockchain. Which Blockchain will still be maintained and reliable in a few decades is definitely written in the stars; because it needs many players with different interests. (And the land register should continue to work reliably for quite a few decades after all).

And add to that the technical shortcomings and false promises of blockchain, NFT, and smart contract already mentioned above.

Let's assume that in a corrupt country, I switch from the corrupt official land registry to a blockchain-based land registry. But how can I show (a) that I was really the owner before? (b) that the transfer to the blockchain is correct? (c) that nobody will continue to use the old system? But most importantly, what do I do in a country without a stable legal system if (d) someone throws me out of my house by force?

Here, too, we see that the blockchain does not solve any problem. Unlike before, it at least does not automatically create countless new problems at the same time.

For purely digital assets, blockchain-based accounting alone may be relevant. But as soon as real assets and real people are affected, trust and a stable legal system are essential. Even the blockchain does not change that.

So let's make sure that a trustworthy and broadly supported legal system exists in as many areas of the world as possible. Without that, nothing works, neither with nor without Blockchain. And if we have that trustworthy system, then the blockchain will be unnecessary.

Blockchain ecosystem

More posts in the blockchain ecosystem here, with the latest here:

15.7.2023 15:20Inefficiency is bliss (sometimes)
https://netfuture.ch/2023/07/ine...

How to block AI crawlers with robots.txt

https://netfuture.ch/2023/07/blo...

If you wanted your web page excluded from being crawled or indexed by search engines and other robots, robots.txt was your tool of choice, with some additional stuff like <meta name="robots" value="noindex" /> or <a href="…" rel="nofollow"> sprinkled in.

It is getting more complicated with AI crawlers. Let's have a look.

Traditional functions

New challenges

Changes over time

The original controls focused on services which would re-inspect the robots.txt file and the web page on a regular basis and update it accordingly.

Therefore, it didn't work well for archive sites: Should they delete old contents on policy changes or keep them archived? This is even more true for AI training material, as deleting training material from existing models is very costly.

Commercialization

Even in the pre-AI age, some sites desired a means to prevent commercial services from monetizing their content. However, both the number of such services and their opponents were small.

With the advent of AI scraping, the problem became more prominent, resulting e.g. in changes in the EU copyright law, allowing web site owners to specify whether they want their site crawled for text and data mining.

As a result, the the Text and Data Mining Reservation Protocol Community Group of the World Wide Web Consortium proposed a protocol to allow fine-grained indication of which content on a web site was free to crawl and which parts would require (financial or other) agreements. The proposal includes options for a global policy document or returning headers (or <meta> tags) with each response.

Also, Google started their competing initiative to augment robots.txt a few days ago.

None of these new features are implemented yet, neither in a web servers or CMS, nor by crawlers. So we need workarounds.

[Added 2023-08-31] Another upcoming "standard" is ai.txt, modeled after robots.txt. It distinguishes among media types and tries to fulfill the EU TDM directive. In a web search today, I did not find crawler support for it, either.

[Added 2023-10-06] Yet another hopeful "standard" is the "NoAI, NoImageAI" meta-tag proposal. Probably ignored by crawlers as well for now.

AI crawlers

Unfortunately, the robots.txt database stopped receiving updates around 2011. So, here is an attempt at keeping a list of robots related to AI crawling.

OrganizationBotNotes
Common CrawlCCbotUsed for many purposes.
OpenAI GPTOpenAICommonly listed as their crawler. However, I could not find any documentation on their site and no instances in my server logs.
GPTBotThe crawler used for further refinement. [Added 2023-08-09]
ChatGPT-UserUsed by their plugins.
Google BardGoogle-ExtendedNo separate crawl for Bard. But normal GoogleBot checks for robots.txt rules listing Google-Extended (currently only documented in English). [Added 2023-09-30]
Meta AINo information for LLaMA.
MetaFacebookBotTo "improve language models for our speech recognition technology" (relationship to LlaMa unclear). [Added 2023-09-30]
Webz.ioOmgiliBotUsed for several purposes, apparently also selling crawled data to LLM companies. [Added 2023-09-30]
Anthropicanthropic-aiSeen active in the wild, behavior (and whether it respects robots.txt) unclear [Added 2023-12-31, unconfirmed]
Coherecohere-aiSeen active in the wild, behavior (and whether it respects robots.txt) unclear [Added 2023-12-31, unconfirmed]

Please let me know when additional information becomes available.

An unknown entity calling itself "Bit Flip LLC" (no other identifying information found anywhere), is maintaining an interactive list at DarkVisitors.com. Looks good, but leaves a bad taste. Use at your own judgment. [Added 2024-04-14]

Control comparison

Search engines and social networks support quite a bit of control over what is indexed and how it is used/presented.

For use of AI context, most of this is lacking and "move fast and break things" is still the motto. Giving users fine-grained control over how their content is used would help with the discussions.

Even though the users in the end might decide they actually do want to have (most or all) of their context indexed for AI and other text processing…

Example robots.txt

[Added 2023-09-30] Here is a possible /robots.txt file for your web site, with comments on when to enable:

# Used for many other (non-commercial) purposes as well
User-agent: CCBot
Disallow: /

# For new training only
User-agent: GPTBot
Disallow: /

# Not for training, only for user requests 
User-agent: ChatGPT-User
Disallow: /

# Marker for disabling Bard and Vertex AI
User-agent: Google-Extended
Disallow: /

# Speech synthesis only?
User-agent: FacebookBot
Disallow: /

# Multi-purpose, commercial uses; including LLMs
User-agent: Omgilibot
Disallow: /

Poisoning [Added 2023-11-04]

A different, more aggressive approach, is to start «poisoning» the AI models; something currently only supported for images. The basic idea is to use adversary images, that will be misclassified when ingested into the AI training and will therefore try and disrupt the training data and the resulting model.

It works by subtly changing the image, imperceptible to the human. The result is, however, that e.g. a cat is misclassified as a dog, when training. If enough bad training data is ingested into the model, part or all of the wrongly trained features will be used. In our case, asking the AI image generator to produce a dog may result in the generated dog to look more like a cat.

The "Nightshade" tool that is supposed to be released soon, which has this capability, is an extension of the current "Glaze" tool, which only results in image style misclassification.

AI Poisoning example from the Glaze team via Ars Technica

Judge for yourself whether this disruptive and potentially damaging approach aligns with your ethical values before using it.

References

9.7.2023 20:22How to block AI crawlers with robots.txt
https://netfuture.ch/2023/07/blo...

Comment on Git, PGP, and the Blockchain: A Comparison by Makura no Soshi » Blog Archive » Links 2023-03-30

https://netfuture.ch/2022/02/git...

[…] Git, PGP, and the Blockchain: A Comparison – Netfuture, Marcel Waldvogel An attempt at technological genealogy. […]

30.3.2023 08:18Comment on Git, PGP, and the Blockchain: A Comparison by Makura no Soshi » Blog Archive » Links 2023-03-30
https://netfuture.ch/2022/02/git...

Comment on Post Quantum and Homomorphic Encryption made easy by Cloud: Technologie für Datenschutz? – Marcel Waldvogel

https://netfuture.ch/2023/02/pos...

[…] Post-Quantum and Homomorphic Encryption Made Easy (Englisch 🇬🇧), Netfuture, 2023-02-23.Homomorphe Verschlüsselung einfach erklärt. […]

17.3.2023 13:40Comment on Post Quantum and Homomorphic Encryption made easy by Cloud: Technologie für Datenschutz? – Marcel Waldvogel
https://netfuture.ch/2023/02/pos...

Comment on XMPP server hands-on comparison: ejabberd vs. Prosody by rick

https://netfuture.ch/2017/08/xmp...

Excellent summary! This post seems like a good place to keep information up-to-date. For example I'll be selecting one of these two servers for my personal XMPP server and was wondering what are the differences. ejabberd claims to support ACME (Let's Encrypt) in future versions ( source: https://blog.process-one.net/ejabberd-17-06/ ) so it'll be a strong point for them.

10.8.2017 12:47Comment on XMPP server hands-on comparison: ejabberd vs. Prosody by rick
https://netfuture.ch/2017/08/xmp...

Comment on DDoS: What we can do to prevent it by Weg vom Internet der (unsicheren) Dinge – Marcel Waldvogel

https://netfuture.ch/2016/09/ddo...

[…] basieren auf meinem englischen, inzwischen ein halbes Jahr veralteten, technischeren Artikel über DDoS-Schutz und IoT, der auch Aufgaben für Systemadministratoren, Provider und Forscher auflistet. In unserer […]

28.3.2017 13:12Comment on DDoS: What we can do to prevent it by Weg vom Internet der (unsicheren) Dinge – Marcel Waldvogel
https://netfuture.ch/2016/09/ddo...

Comment on DDoS: What we can do to prevent it by Marcel Waldvogel

https://netfuture.ch/2016/09/ddo...

Our <a href="https://netfuture.ch/publications/?tgid=66">publications on IoT</a> start addressing some of these issues.

16.3.2017 19:54Comment on DDoS: What we can do to prevent it by Marcel Waldvogel
https://netfuture.ch/2016/09/ddo...

Comment on How to create DNSsec DANE TLSA entries by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture

https://netfuture.ch/2013/06/how...

[…] DANE (DNS-based Authentication of Named Entities), the mechanism that achieves this by adding TLSA (Transport Layer Security Authentication) records into DNS. But also other entries, such as ssh keys in SSHFP entries, or SPF and DKIM values […]

10.3.2017 20:59Comment on How to create DNSsec DANE TLSA entries by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture
https://netfuture.ch/2013/06/how...

Comment on DNSSEC for .ch domains by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture

https://netfuture.ch/2015/04/dns...

[…] remains is to register the Zone Signing Key (ZSK, the one you created with -fk above) with your DNS registrar. The information you need is in Kexample.de.+007+62928.key, the file name printed as part of the […]

10.3.2017 20:53Comment on DNSSEC for .ch domains by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture
https://netfuture.ch/2015/04/dns...

Comment on DANE: The CA game changer by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture

https://netfuture.ch/2014/09/dan...

[…] an authentic server for a particular domain is expected to present when establishing a connection. DANE (DNS-based Authentication of Named Entities), the mechanism that achieves this by adding TLSA (Transport Layer Security Authentication) records […]

10.3.2017 20:52Comment on DANE: The CA game changer by DNSSEC made easy: Converting an existing DNS zone to Inline signing with BIND | Netfuture
https://netfuture.ch/2014/09/dan...
Subscribe

🔝

Datenschutzerklärung    Impressum