This is our second yearly status letter. It covers all news-worthy updates since our previous letter. Inside This Year’s Letter: Group Income Voting systems research research education Victor Morrow Joins Group Income! development Group Income Shorts! education San Francisco Basic Income Create-A-Thon education development New York Meetup! education DPKI: Decentralized Public-key Infrastructure ID2020 – Rebooting […]
Previously, we reviewed Google’s Certificate Transparency efforts, and observed that while it does not prevent MITM attacks, it might detect at least some of them. We compared it to blockchains, and described what a Decentralized Public-key Infrastructure (DPKI), which uses blockchains, might look like. Today we compare these approaches with two new systems: Key Transparency […]
Listen up, super-villains and laboratory mice! Outlined in this post is a masterplan for how to “take over the world!” — by compromising Zcash.1
Also see our followup: How To Compromise Zcash And Take Over The World As part of our work, we will sometimes put a new system under scrutiny in order to provide constructive feedback, and/or clear up a widespread misunderstanding that could lead to problems down the road (for example, see our series on Certificate Transparency).
Thanks to insightful feedback from John Light, I realized it would be good to do a regular Turtle Status Letter in order to keep our followers and supporters abreast of our activities and decision-making process. We now plan to do one every year. Inside This Year’s Letter: How We Got Started The okTurtles Browser Extension […]
Some turtles got together this weekend to hack on a thon—err, for a Group Income hackathon!
On Monday, the Internet received another reminder about its sad state of security. It was discovered that Dell decided to compromise their users’ Internet security in a way that’s difficult to top. As elaborated further in this post, Dell, in tandem with Google, made it possible for anyone on earth, you or me, to break […]
Blockchains are difficult to run on most end-user devices. Although MITM-proof proxies are a great way to address this problem, they are unlikely to scale well to all Internet users (not everyone will be able to run their own full node). Therefore, most people will need to rely on thin client techniques to reduce the […]
After publishing our Certificate transparency on blockchains we learned of a recently updated IETF draft proposal that updates how Certificate Transparency (CT)1 gossip protocols work.
This week Google learned of another batch of fraudulently issued certificates for several of their domains. At the end of the post they made a renewed call for Certificate Transparency. In this post, we’ll use the acronym CT to refer to Google’s implementation of the general concept of certificate transparency, and we’ll explore other technologies […]