PV Fingerprinting

[rjgibert]

1. They don't know it is there. Why advertise that you've protected yourself against cloners?
2. Even if they think to look for it, they won't know where to look, because it does not require any special code i.e. it can be melded together with ordinary useful code, so it will not give itself away.

Google for security through obscurity!

I understand what you mean, but I have always found the concept a bit specious. It seems to argue for making our secret passwords public and that programmers may as well publish the source code for the applications they write. Good luck with that. Maintaining security without keeping at least some secrets is problematic.

In the case, of cloning, you can't prevent cloners from decompiling your program so that it can be examined. This makes it tough. If you have a solution that's bullet proof, I'd like to hear it.

The problem with "security through obscurity" is that it keeps people from taking more effective security measures. No one is saying to make them public, just to assume they will become public and try somehow to make it secure anyway.

And this what I meant when I said I understood what he meant. Now, to understand what I meant about by what I found specious about it, I will give an example. Lets say you encrypt a file with the latest and greatest method. A property of such methods is that you can publish the algorithm, but it will still be quite secure (axiom: everything has its limits). However, you can't also publish the encryption key. This is the "security through obscurity" of such a method.

Nobody in their right mind would argue that bad "security through obscurity" is not bad. But this catch phrase and its associated meanings hides the fact that good "security through obscurity" is good. Obvious as it is when stated plainly, this it what people nevertheless manage to miss. The point is that it is silly to disparage a security method as being "security through obscurity," since even good methods rely on this even though people tend to not think of that.

Now I already stated that what I have in mind is not bullet proof. I made no claims that it meets a high standard. Instead, the security rests on the fact that trying to break it is not a freeroll.

For example, you enounter a combination lock, you guess the combination, you try it, it fails and there is no adverse consequence.

With program cloning this is not true. You fail to find all of an indeterminate number of traps, you miss one, if you sell the clone, you can get caught red handed.

You can think of this as the FUD defense against cloning, the cloner might find all the traps, but doesn't know if there is one more and is pulling his hair out trying to find it and of course never does. This would be particularly effective if all the traps are dissimilar in method.

It rests on psychology, so obviously it is hardly bullet proof, but the predicament you can create for the cloner is an amusing one.

[rjgibert]

1. They don't know it is there. Why advertise that you've protected yourself against cloners?
2. Even if they think to look for it, they won't know where to look, because it does not require any special code i.e. it can be melded together with ordinary useful code, so it will not give itself away.

Google for security through obscurity!

BTW, this disparagement can apply to the Stoker idea as well. The fingerprint program has to remain secret and unavailable to the public at large. If it is not, it then becomes a tool in the cloners arsenal. It tells him when he has made enough changes to the cloned program to get it accepted as independent

[benstoker]

1. They don't know it is there. Why advertise that you've protected yourself against cloners?
2. Even if they think to look for it, they won't know where to look, because it does not require any special code i.e. it can be melded together with ordinary useful code, so it will not give itself away.

Google for security through obscurity!

BTW, this disparagement can apply to the Stoker idea as well. The fingerprint program has to remain secret and unavailable to the public at large. If it is not, it then becomes a tool in the cloners arsenal. It tells him when he has made enough changes to the cloned program to get it accepted as independent

I think anybody who's capable of hacking a clone together could probably easily hack a perl script in literally minutes using perhaps Expect.pm from CPAN to run the engines, and slurp hundreds of PV strings to easily run their own stats and fashion a way to avert a PV Terrorist Profle.

Code: Select all

Turning and turning in the widening gyre
The falcon cannot hear the falconer;
Things fall apart; the centre cannot hold;
Mere anarchy is loosed upon the world,
The blood-dimmed tide is loosed, and everywhere
The ceremony of innocence is drowned;
The best lack all conviction, while the worst
Are full of passionate intensity. Surely so
revelation is at hand;
Surely the Second Coming is at hand.
The Second Coming! Hardly are those words out
When a vast image out of Spritus Mundi
Troubles my sight: somewhere in the sands of the desert
A shape with lion body and the head of a man,
A gaze blank and pitiless as the sun,
Is moving its slow thighs, while all about it
Reel shadows of the indignant desert birds.
The darkness drops again; but now I know
That twenty centuries of stony sleep were vexed to nightmare by a rocking cradle,
And what rough beast, its hour come round at last,
Slouches towards Bethlehem to be born?

— WB Yeats's "Second Coming"as first printed in 1920