How to Make Your Dating Site Attractive


There’s a huge profusion of dating sites out there. From those focused on casual encounters to christian marriage, there’s a site for that.

So from a product management and privacy perspectives I found this article very thought provoking:

Bookioo does not give men any way to learn about or contact the female members of the site. Men can join for free, if they have been invited—and if a current Bookioo member can vouch for their information. They can then post a profile for the perusal of the female—and paying—members of the site. It’s those paying women, however, who get to call the shots.

As interesting as the approach is, what’s more interesting is how they came to it. They focused on a set of female customers, and asked what is it that they worry about, and what do they want? Co-founder David Olmos:

We think that women don’t feel comfortable with the current dating sites. The latter are too masculine: they were designed by men and they fundamentally address men’s needs. We know that many women prefer a different approach: they’re eager to socialize, to meet new people, and we propose to do that through activities. It may lead them to find a partner, of course, but they may as well enjoy an afternoon in a museum with a new girl friend whom they met Bookioo! So we propose to socialize through activities, common hobbies and common tastes.

As you can see, we actually want to revamp the “dating” concept, taking the perspective of women. The key issue for us is to make sure that women enjoy the level of privacy they wish and that the males’ profiles are fully validated. (“Bookioo: dating and social networking site gives women full control.”)

It’s also a very different approach to “creep management,” which we’ve covered in past posts like “Emerging dating paranoia,” “Dating and Background Checks in the UK” or “Dating & Background Checks in China

Today in Tyrranicide History

On January 30th, 1649, Charles I was beheaded for treason. He refused to enter a defense, asserting that as monarch, he was the law, and no court could try him. That same defense is raised today by Milošević, Hussien and other tyrants.

The story of how John Cooke built his arguments against that claim is told in entertaining and accessible depth in “The Tyrannicide Brief” by Geoffrey Robertson.

As his website says, “Geoffrey Robertson QC has been counsel in many landmark cases in constitutional, criminal and media law in the courts of Britain and the commonwealth and he makes frequent appearances in the Privy Council and the European Court of Human Rights.” So he knows what he’s talking about, and he knows how to tell an engaging story.

The principle that no one is above the law is an important one. So today raise a glass and remember John Cooke.

Privacy and Security are Complimentary, Part MCIV

Privacy and security often complement each other in ways that are hard to notice. It’s much easier to present privacy and security as “in tension” or as a dependency.

In this occasional series, we present ways in which they compliment each other. In this issue, the Financial Times reports that “Hackers target friends of Google workers:”

Personal friends of employees at Google, Adobe and other companies were targeted by hackers in a string of recently disclosed cyberattacks…The most significant discovery is that the attackers had selected employees at the companies with access to proprietary data, then learnt who their friends were. The hackers compromised the social network accounts of those friends, hoping to enhance the probability that their final targets would click on the links they sent.

If friends lists were not being aggregated, this attack would have been harder to execute. How much harder is tricky to judge without more information about possible attack vectors.

Also, this is a nice example of the sort of externality that Facebook imposes on the networks of their users. Because Facebook exposes the fact that we’re friends, I have to treat communications from my friends with more suspicion.

The Lost Books of the Odyssey

You should go read The Lost Books of the Odyssey. You’ll be glad you did.

I wrote this review in April of 2008, and failed to post it. Part of my reason is that I have little patience for, and less to say about most experimental fiction. I am in this somewhat like a luddite, unwilling to tolerate experiments which ought to have been kept confined to a laboratory. And so, knowing that this book won a prize worried me greatly, but for reasons which I’ll get to in a moment, I persevered, and I’m glad that I did.

The “lost books” consist of very short stories, usually of a few pages or so. The context, is of course, the Odyssey, and the actions of its heros and villians.

It falls into that class of writing which is simply a delight to read. The stories are beautifully crafted, surprising and casting new lights on old stories.

The richness and character of the writing is exceptional and engaging, all the more so for the origin and nature of the work. As Zachary Mason explains in the introduction, “The Lost Books of the Odyssey” were in fact lost and recovered, in a feat perhaps nearly as impressive for its cryptanalytic acumen as for its literary importance.

It is entirely worth reading, and since I first read it, it has been winning substantial literary prizes, and the New York Times calls it “dazzling.”

Finally, I should mention that Zachary and I were roommates at Miss Hall’s School for Precocious Youth in Arkham, Mass. I would like to offer my most sincere apologies for anything he remembers.

[Updated, fixed a spelling error]

Emergent Planetary Detection via Gravitational Lensing

The CBC Quirks and Quarks podcast on “The 10% Solar System Solution” is a really interesting 9 minutes with Scott Gaudi on how to find small planets far away:

We have to rely on nature to give us the microlensing events. That means we can’t actually pick and choose which stars to look at, and we can’t actually pick what times to look at. So the best suited telescopes are those telescopes we can use at anytime that are located throughout the globe so that it’s dark somewhere. And so we use a lot of amateurs, actually we don’t use, we work with a lot of amatuers who have their own telescopes, relatively small telescopes, .3 meters, .4 meters in their backyard which they can use anytime they want. We call them up when we see a microlensing event happening that we think might be interesting and we ask them to get data for us. In fact in many cases they’ve gotten crucial data for us which has helped to discover a micro-lensing event.

What’s most amazing to me is how useful it is to have small parts loosely coupled, each pursuing their own interests. What emerges is, quoting Gaudi again:

One of our amatuers, Jenny McCormick who works in New Zealand and has her own observatory which she calls Farm Cove Observatory has said “It just goes to show: you can go out there you can work full time, you can be a mother and you can still find planets.”

Photo: The ESO Telescopes, by Paul Browne

People are People, Too!

Apparently, corporations and unions can now spend unlimited funds on campaign advertisements. I’m hopeful that soon the Supreme Court will recognize that people are people too, and have the same free speech rights as corporations.

Maybe, too, the Court will recognize that Congress may not limit the right of people to freely associate, and perhaps even pool their money in support of ideas or candidates they like.

Does it include a launchpad?

The New York Times is reporting that there’s a “Deep Discount on Space Shuttles ,” they’re down to $28.8 million. But even more exciting than getting one of the 3 surviving monstrosities is that the main engines are free:

As for the space shuttle main engines, those are now free. NASA advertised them in December 2008 for $400,000 to $800,000 each, but no one expressed interest. So now the engines are available, along with other shuttle artifacts, for the cost of transportation and handling.

So NASA, can I borrow the launchpad and send it to LEO?

Terrorism Links and quotes

  • Ed Hasbrouck on “Lessons from the case of the man who set his underpants on fire
  • A Canadian woman who’s been through the new process is too scared to fly. “Woman, 85, ‘terrified’ after airport search.” Peter Arnett reported
    “‘It became necessary to destroy the town to save it,’ a TSA major said today. He was talking about the decision by allied commanders to shock and awe the public regardless of civilian casualties, to rout al Qaeda.”

  • Ethan Ackerman on risks of ionizing radiation, via Froomkin, but also see Technology Review, “How Terahertz Waves Tear Apart DNA.”
  • TSA has been telling us that the machines “can’t” record you naked, while ordering machines that can. See EPIC Posts TSA Documents on Body Scanners. TSA responded, and Ed Hasbrouck responds TSA lies again.
  • The EU is objecting to new US rules, and the Pirate Party of Berlin is protesting them.
  • If you want to see why they’re protesting, watch this not safe for work video, “Body scanner, with detailed genitalia reporting
  • There’s a well worth reading article by Paul Campos in the Wall St. Journal, “Undressing the Terror Threat:”

    I’m not much of a basketball player. Middle-age, with a shaky set shot and a bad knee, I can’t hold my own in a YMCA pickup game, let alone against more organized competition. But I could definitely beat LeBron James in a game of one-on-one. The game just needs to feature two special rules: It lasts until I score, and when I score, I win.

    We might have to play for a few days, and Mr. James’s point total could well be creeping toward five figures before the contest ended, but eventually the gritty gutty competitor with a lunch-bucket work ethic (me) would subject the world’s greatest basketball player to a humiliating defeat.

    The world’s greatest nation seems bent on subjecting itself to a similarly humiliating defeat, by playing a game that could be called Terrorball. The first two rules of Terrorball are:

    1. The game lasts as long as there are terrorists who want to harm Americans; and
    2. If terrorists should manage to kill or injure or seriously frighten any of us, they win.

Another Week, Another GSM Cipher Bites the Dust

Bag Contents

Orr Dunkelman, Nathan Keller, and Adi Shamir have released a paper showing that they’ve broken KASUMI, the cipher used in encrypting 3G GSM communications. KASUMI is also known as A5/3, which is confusing because it’s only been a week since breaks on A5/1, a completely different cipher, were publicized. So if you’re wondering if this is last week’s news, it isn’t. It’s next week’s news.

The paper isn’t up on IACR’s Eprint archive yet, but copies of it are circulating around privately. I’m writing about it with Adi Shamir’s permission.

KASUMI is a modified version of the MISTY cipher. The KASUMI designers made MISTY faster and more hardware friendly by changing the key schedule and modifying some internal parameters. However, they also made it vulnerable to related key attacks.

Of all the weaknesses that a cipher can have, related key attacks are the ones to worry about least. Operationally, crypto engineers know that they should never reuse keys and when in doubt just pull another one off of the random number generator. Consequently, this doesn’t mean that the guys at Weizmann Institute of Science are listening to 3G calls.

Nonetheless, related key attacks are bad to have because implementers do screw up, and related key attacks indicate that the cipher designers didn’t have as tight a handle on things as they thought they did. It is no cause for panic, but it is no cause for either warmness or fuzziness (particularly since the DKS team point out that the KASUMI designers wrote that they’d taken care of related-key issues when they simplified MISTY into KASUMI).

Moreover, the attack here is completely practical. Here is a quote from the abstract:

In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2?14. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2128 complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem.

It will be interesting to see the response from the GSM Association. They have the opportunity to show leadership. If they recognize that this is a real problem, reassure us that it’s not a catastrophe, and show that they’re taking it seriously, then this can be an all-around good thing for them and us.

We’re all adults (well, okay, most of us are adults and act like adults some of the time), and if we know that there will be an upgrade in a few years, then that’s great. We lived through the WEP issues. We are living through the SSL evil proxy issues. This is less acute than either of those. But we need to have some assurance that in a few years, we’ll just get wireless devices with a safety net. Their challenge is to have a response before this news metastasizes into a common perception that 3G crypto is worthless.

Photo “bag_contents” courtesy of openfly. Selected because it looked good and it was the only photo that came back on a search of “3g crypto.”

Ignorance of the 4 new laws a day is no excuse

Code-of-Hammurabi.jpgThe lead of this story caught my eye:

(CNN) — Legislatures in all 50 states, the District of Columbia, Guam, the Virgin Islands and Puerto Rico met in 2009, leading to the enactment of 40,697 laws, many of which take effect January 1.

That’s an average of 753 laws passed in each of those jurisdictions. At 200 working days in a year, which is normal for you and me, that’s nearly 4 laws per day.

Now, there’s a longstanding principle of law, which is that ignorance of the law is no excuse. That goes back to the day when laws, like the code of Hammurabi, were inscribed at a rate of about 4 letters per day. The laws were posted in the city center where both of the literate people could read them.

Joking aside, at what point does knowledge of the law become an unreasonable demand on the citizenry? Civil rights lawyer Harvey Silvergate has a new book, “Three Felonies a Day: How the Feds Target the Innocent. I haven’t read it, but as I understand, it’s largely about the proliferation of vague laws, not the sheer numbers.

A few years back, Aleecia McDonald and Lorrie Cranor calculated the cost of reading and understanding the privacy policies of the sites you visit. It was $365 billion. It might be interesting to apply the same approach to the work of legislatures.

768-bit RSA key factored

The paper is here.

The very sane opening paragraph is:

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve (NFS, [19]). The number RSA-768 was taken from the now obsolete RSA Challenge list [37] as a representative 768-bit RSA modulus (cf. [36]). This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago (cf. [7]) it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours or the one in [7]. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

It’s an interesting read if factoring fascinates you.