this post was submitted on 08 Aug 2024
422 points (99.3% liked)

Europe

1476 readers
464 users here now

News and information from Europe ๐Ÿ‡ช๐Ÿ‡บ

(Current banner: La Mancha, Spain. Feel free to post submissions for banner images.)

Rules (2024-08-30)

  1. This is an English-language community. Comments should be in English. Posts can link to non-English news sources when providing a full-text translation in the post description. Automated translations are fine, as long as they don't overly distort the content.
  2. No links to misinformation or commercial advertising. When you post outdated/historic articles, add the year of publication to the post title. Infographics must include a source and a year of creation; if possible, also provide a link to the source.
  3. Be kind to each other, and argue in good faith. Don't post direct insults nor disrespectful and condescending comments. Don't troll nor incite hatred. Don't look for novel argumentation strategies at Wikipedia's List of fallacies.
  4. No bigotry, sexism, racism, antisemitism, dehumanization of minorities, or glorification of National Socialism.
  5. Be the signal, not the noise: Strive to post insightful comments. Add "/s" when you're being sarcastic (and don't use it to break rule no. 3).
  6. If you link to paywalled information, please provide also a link to a freely available archived version. Alternatively, try to find a different source.
  7. Light-hearted content, memes, and posts about your European everyday belong in !yurop@lemm.ee. (They're cool, you should subscribe there too!)
  8. Don't evade bans. If we notice ban evasion, that will result in a permanent ban for all the accounts we can associate with you.
  9. No posts linking to speculative reporting about ongoing events with unclear backgrounds. Please wait at least 12 hours. (E.g., do not post breathless reporting on an ongoing terror attack.)

(This list may get expanded when necessary.)

We will use some leeway to decide whether to remove a comment.

If need be, there are also bans: 3 days for lighter offenses, 14 days for bigger offenses, and permanent bans for people who don't show any willingness to participate productively. If we think the ban reason is obvious, we may not specifically write to you.

If you want to protest a removal or ban, feel free to write privately to the mods: @federalreverse@feddit.org, @poVoq@slrpnk.net, or @anzo@programming.dev.

founded 4 months ago
MODERATORS
 

Russian-American ballerina Ksenia Karelina has pleaded guilty to treason charges after she was arrested for donating money to a charity supporting Ukraine.

Russian prosecutors are seeking a 15-year sentence after the security services accused Ms Karelina of collecting money that was used to purchase tactical supplies for the Ukrainian army.

She was detained by authorities in Yekaterinburg, about 1,600km (1,000 miles) east of Moscow after a family visit in February.

The sentence comes one week after Russia and the West carried out the largest prisoner exchange since the Cold War, where 24 people jailed in seven different countries were exchanged.

Ms Karelina's lawyer said the prosecutors' request for a 15-year sentence in a penal colony was too severe as the defendant had cooperated with the investigation.

Mikhail Mushailov also said it was "impossible" for Ms Karelina to have been included in the recent prisoner exchange, because an exchange can only happen once the court verdict comes into force.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] poVoq@slrpnk.net 8 points 3 months ago (1 children)

FUD regarding Taler. This kind of thing is exactly what could not be traced with a Taler based payment.

[โ€“] jet@hackertalks.com 1 points 3 months ago (1 children)

https://taler.net/en/kyc.html

Remember the threat in this scenario is the authoritarian government with full banking authority to legally inspect all transactions, as well as token timings.

[โ€“] poVoq@slrpnk.net 2 points 3 months ago* (last edited 3 months ago) (1 children)

You seem to have a fundamental misunderstanding how Taler works. Yes KYC exists for it, but the exchange can only know that you exchanged money for Taler token, not what you spend them on. And on a cross-border payment like this the government doesn't have "full banking authority" either.

[โ€“] jet@hackertalks.com 7 points 3 months ago* (last edited 3 months ago) (1 children)

https://taler.net/files/taler-book.pdf

2.2.1 Exchange Compromise modes

If the exchange is inside of Russia, which for a Russian user with a Russian bank account, seems likely, these compromise methods can be used by the central authority to deanonymize wallets created from the Russian Exchange.

The Taler defense against this is the Auditor system, but when the compromise is being done by the central authority its moot.

Not even to mention the 2.2.3 Perfect Crime Scenario revocation method.

The most likely scenario is people are going to mint coins EXACLTY when they want to spend them, so just looking at the exchange timing and the spend timing is enough to reveal most users... to the central authority.

Taler is designed from the ground up to crack down on illegal business activities, which is fine until the central authority deciding the illegal business activity is something we disagree with (like funding human rights related relief in a war zone)

I do agree that Taler is better for privacy then credit cards, but it wouldn't help our ballerina, if your spending can put you in jail or get you killed, Taler is not appropriate for the threat model

[โ€“] poVoq@slrpnk.net 2 points 3 months ago* (last edited 3 months ago) (1 children)

Ok, can you please quote the exact part in those two sections that would allow to deanonymize the payer of a specific transaction?

I read both sections you mentioned, and 2.2.1 only seems to have one rare case where the merchant is a fake honeypot and the exchange is totally compromised, which clearly wouldn't be the case in our scenario, where the merchant is in another country and the attacker doesn't know either the merchant nor the customer in advance. And 2.2.3 talks about a hypothetical modification of GNU Taler, ~~which would be incompatible with the version the merchant in another country is using~~ (and anyways tries to deanonymize the merchant and not the customer), ~~and again afaik wouldn't work retroactively~~ Edit: would need to be done while transaction is in process, and aims to catch a merchant that forced someone to pay anonymously in a ransom case or so (meaning the payer is already known or at least suspected). And this would also be massively disruptive to all other customers of the same exchange.

[โ€“] jet@hackertalks.com 2 points 3 months ago (1 children)

Compromise of the Master Key If the master key was compromised, an attacker could de-anonymize customers by announcing different sets of denomination keys to each of them. If the exchange was audited, this would be detected quickly, as these denominations will not be signed by auditors.

[โ€“] poVoq@slrpnk.net 1 points 3 months ago* (last edited 3 months ago) (1 children)

This is not possible retroactively, and any exchange doing that would be quickly detected and not accepted by the merchant which is not under control of the government because they are based in another country. Edit: Basically for this to work, the exchange, the auditor and the merchant would need to be under full control of the hostile government and the system actively compromised before the transaction takes place.

[โ€“] jet@hackertalks.com 2 points 3 months ago (1 children)

We disagree on the primitives of the architecture clearly. To my (self stylized) reasonable opinion the primitives are such that I cannot recommend Taler to anyone where their spending puts their Life or Liberty at risk, such as the good Ballerina in this sad story.

[โ€“] poVoq@slrpnk.net 1 points 3 months ago (1 children)

I would be happy if you could point me to a way the good Ballerina could have been caught if they had used Taler for the payment, but that seems highly unlikely because GNU Taler privacy is designed around such an exact case, and if you were right the entire system would be fundamentally broken from ground up.

[โ€“] jet@hackertalks.com 2 points 3 months ago (1 children)

it is my assessment that it is fundamentally broken from the ground up in protecting people from central authorities, yes.