[messaging] Value of deniability

Natanael natanael.l at gmail.com
Fri Dec 12 04:29:17 PST 2014


> Your insurance company, faced with a claim that the well established auto
dealership and data brokers are making things up for no obvious reason,
would just conclude your denial is a lie and double your insurance costs
anyway.

Well established? Won't have errors? The wrong notes are made all the time
on the side of the company, information is frequently misinterpreted,
misattributed, etc. You can always claim they made a mistake. Unless of
course you give them undeniable evidence.

> Only if it was disclosed. Again the issue seems to be loss of privacy.

Disclosures will always happen. Chances are everybody will screw up
sometimes. But if you can claim you're simply not involved, and that the
name was changed, then what? Then it changes from a guarantee of getting
screwed to that there need to be information unique to you, something
nobody else knew, in there for anybody to be able to blame you. The
evidence against you is no stronger than somebody's word.

> So if your boss finds a highly plausible chat log of you talking to a
competitor about working there, you will say "no the chat log was forged by
the competitor" and your boss will say,   "oh ok, no problem, how could I
ever doubt you"  ?
>
> I think deniability in this case would be unlikely to have any effect.

Even a short mention in an otherwise unrelated discussion is sufficient to
get in trouble. Yes, that could easily be forged. I'm not exclusively
talking about a leak of negotiations or anything else close to that. For a
text file to be more convincing than you are, they need to know the full
history of it. What device does it come from, who does it being to, where
has it been, etc.

> So show the full chat log and turn the tables on the bully. Problem
solved.

Situation A) it doesn't exist. The rest of the conversation was held
elsewhere.

Situation B) the rest of the contents of it is even more private, you'll
lose more on publishing it than not.

Both those are frequently occurring today.

> Manning already used a deniable chat medium and was hosed anyway, despite
being somewhat technically proficient.

He told somebody he couldn't trust, and from there on I assume they found
an amount of physical evidence in the investigation that's too hard to deny
(all those burned CD:s, etc).

> For deniability to have any real world effect, there'd need to be a LOT
of people forging chat logs pretty routinely. As it's only relevant when
there's some breakdown in privacy, and that should hopefully be rare in a
good cryptographic system, getting people to routinely forge or edit logs
seems .... hard.

It doesn't need to be routine, just frequent enough that nobody assumes
authencity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141212/fab28191/attachment.html>


More information about the Messaging mailing list