[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Proving I'm not Bob.



[email protected] writes:
> I had an idea for an advertising based net-payment scheme that has 
> a particular security flaw making it totally untrustworthy unless it is
> possible to prove that you are not a particular person (the publisher 
> receiving the ad money) when consuming (viewing or otherwise) the ads.

david writes:
> What is this system?  I can't think of any system that wouldn't work if 
> rearranged so that instead of proving you aren't Bob, you simply don't 
> prove that you are.  It is true that they are not isomorphic, and that 
> could be a problem in some situations, but I don't see this as one of them.

I don't know what particular scheme s1113645 has in mind. But as you point
out, not proving P is very different from proving not-P. Generally, a scheme
that charges for advertising based upon the measured number of accesses to
the advertising has the kind of authentication problem mentioned above. The
party paying for the advertising only wants to pay to reach "legitimate" 
customers. A dishonest publisher (selling ad space) could access the
advertising many times herself to artificially inflate the access figures,
justifying higher advertising charges. 

To avoid paying for this "illegitimate" traffic, the advertiser would like to
authenticate the accesses as *not* coming from the untrusted publisher. This
is a hard problem in general, because the advertiser really wants to discount 
accesses by the publisher, her agents, her family, her friends, etc. It's
tough to prove that you're not working for someone else at a formal protocol
level.

(Note that widespread "legitimate" anonymous accesses of material can
severely damage the reliability of these kinds of measurement-based payment
schemes.)

I think this thread is rapidly straying from cpunks relevance....

-Futplex <[email protected]>