#Reality Exploit Roundtable ##Episode 009 Show Notes
Moderator: Hiro
Intro music by Sun Araw - "Deep Cover"
Plato: Javascript Crypto in Browser http://www.w3.org/TR/WebCryptoAPI/ http://it.slashdot.org/story/12/09/18/1526236/w3c-releases-first-working-draft-of-web-crypto-api
Intro Start
As seen on Slashdot, the W3C Web Crypto API First Public Working Draft has been published. Web Crypto API? The abstract:
This specification describes a JavaScript API for performing basic cryptographic operations in web applications [Ed Note: actually inside the browser], such as hashing, signature generation and verification, and encryption and decryption. Additionally, it describes an API for applications to generate and/or manage the keying material necessary to perform these operations. Key storage is provided for both temporary and permanent keys. Access to keying material is contingent on the same origin policy. Uses for this API range from user or service authentication, document or code signing, and the confidentiality and integrity of communications. Intro End.
Plato: Lets assume this gets implemented as secure as it can be for the browser and is implemented well. It seems having pgp like capabilities and a full crypto stack for user to web app, and user to user crypto via dropboxes and message queues, say mixed with streaming apps using websockets, p2p encrypted file transfer in the browser etc. Is this revolutionary or not?
Voodoo: Paypal and Argentina: http://www.bbc.co.uk/news/technology-19605499
Intro Start.
The BBC Reports:
The online payment service said that from 9 October: "Argentina resident Paypal-users may only send and receive international payments."
Last year the Argentine government announced restrictions on the purchase of US dollars. It has led to an increase in currency sales on the black market - but Paypal's exch ange rates are better.
Locals were setting up two accounts under different email addresses and transferring money between the two, exchanging local currency pesos for dollars in the process.
Under the new rules only one account per person can be registered within Argentina.
When the news was announced, finance minister Amado Boudou - who has since become vice president - told the BBC it was "an important measure to combat tax evasion and money laundering".
Since the rules were introduced in November 2011, Paypal has been used as an alternative means of obtaining the US currency close to the official exchange rate, which currently stands at about 4.7 pesos per dollar.
That is much cheaper than the rate on the black market where one dollar costs about 6.3 pesos.
also:
In September the government established a new 15% tax on all purchases made abroad, affecting credit cards and purchases made on international websites like Amazon and eBay, and transactions made on Paypal.
End Intro.
Voodoo: I thought it was interesting that the black market has more expensive rates than the official banks. In many countries it's the black market that has better rates than the official banks driving people to use the cheaper market. This is not the case in Agentina which leads me to think that using paypal for 'black market' exchanges was truly driven by what the government claimed as 'tax evasion'. Why use paypal when gov banks have even better rate unless you have something to hide since you are working in System D.
wise-guy: Tungsten bar: http://www.zerohedge.com/news/tungsten-filled-10-oz-gold-bar-found-middle-manhattans-jewelry-district
Intro Start.
Tyler Durden on ZeroHedge reported Yesterday: Myfoxny reported that a 10-ounce gold bar costing nearly $18,000 turned out to be a counterfeit. The discovery was made by the dealer Ibrahim Fadl, who bought the PAMP bar in question from a merchant who has sold him real gold before. "But he heard counterfeit gold bars were going around, so he drilled into several of his gold bars worth $100,000 and saw gray tungsten -- not gold. The bar was filled with tungsten, which weighs nearly the same as gold but costs just over a dollar an ounce."
Intro End.
Wise-Guy: We have seen this recurring every few years now, fake silver and gold bars. Is this a truly global scam by some big time players, or is this the discovery of a few small scammers.
OR
Is this a scam of a scam, as Durden suggested a possible 'false flag', to try and scare everyone out of metals and into "real cold hard cash money" like USD.
smuggler: Key disclosure Bitcoin http://www.forbes.com/sites/jonmatonis/2012/09/12/key-disclosure-laws-can-be-used-to-confiscate-bitcoin-assets/
Intro Start.
Jon Matonis on Forbes wrote:
Jail time for refusing to comply with mandatory key disclosure hasn’t occurred in the United States yet. But, it’s already happening in jurisdictions such as the UK, where a 33-year-old man was incarcerated for refusing to turn over his decryption keys and a youth was jailed for not disclosing a 50-character encryption password to authorities.
Similarly harsh, key disclosure laws also exist in Australia and South Africa which compel individuals to surrender cryptographic keys to law enforcement without regard for the usual common law protection against self-incrimination.
Key disclosure laws may become the most important government tool in asset seizures and the war on money laundering. When charged with a criminal offense, that refers to the ability of the government to demand that you surrender your private encryption keys that decrypt your data. If your data is currency such as access control to various amounts of bitcoin on the block chain, then you have surrendered your financial transaction history and potentially the value itself.
Intro End.
Smuggler: It does seem that these laws could easily apply to any standard bitcoin client which supported its own encryption system for encrypting keys. They see a wallet, and it needs keys to decrypt. Things get a little hairy though when your wallet was an electrum client with brainwallet like deterministic keys. The thugs have the blockchain, they want keys. There is nothing showing that you have keys. Electrum and brainwallet type systems seem like a bonafide method of plausable deniability. For the electrum client you can always give them the passwords that reveal an alternate clean wallet with a few silly transactions in it. Similar to a truecrypt system where one password gives real data and another gives a another set of data. No?
Falkvinge reference: http://falkvinge.net/2012/07/12/in-the-uk-you-will-go-to-jail-not-just-for-encryption-but-for-astronomical-noise-too/