Shostack + Friends Blog Archive


Dave Molnar, Call Matt Blaze

Dave Molnar has some good comments on ‘Stolen ID Search.’ He writes, starting with a quote from “ben:”

“I can’t believe you are advocating typing your ssn or credit card into a mystery box.”

That’s “ben”, commenting at TechCrunch on Stolen ID Search, a service from Trusted ID that will tell you if your social security number has shown up online. Thanks to 27B Stroke 6 for the story.

The idea is that you visit, then type your social security number (SSN) or credit card number into the box, and the web site tells you if the number is on their list of “IDs we’ve seen in the wild being traded by evil persons.” If it is, they then helpfully offer you the opportunity to put a freeze on your credit report and purchase other services. The first problem that comes to mind, though, is that typing your SSN into the box gives them your SSN. Now you need to trust that they won’t turn around and sell it to those same evil persons. Maybe you can, maybe you can’t, but it’d be much better if you didn’t need to trust them at all.

Well, this sounds like the scenario for the cryptographic primitive of Private Information Retrieval (PIR). In PIR, a client wants to query a database in such a way that the database learns nothing about the query…. As they say, helger, call your office.

So Dave, why would I trust a PIR implementation to help me here? Have you seen Matt Blaze’s excellent “James Randi Owes me a million dollars?” In that article, Matt talks about the value of ‘strong cryptography’ versus believability to a non-expert audience.

7 comments on "Dave Molnar, Call Matt Blaze"

  • Ian Goldberg says:

    David addresses that issue in his post:

    One of the issues here, however, is that how will you obtain the code required to engage in PIR…and how do you know that it’s actually following the protocol correctly?

  • Adam says:

    I don’t think that’s the question. I think the question is “WTF is PIR, and how on earth can it figure out if my SSN is there unless it sends it?”

  • Iang says:

    Wait a moment … if one assumes that the issuance of SSNs is so compromised that most crooks already have the formula, as well as a few million lying around, why is typing a raw SSN so bad?
    If one were to type in ones SSN and ones name that might be a different matter.

  • David Molnar says:

    Adam, Ian Goldberg:
    I have seen Matt Blaze’s post, but it slipped my mind when I wrote the entry. Thanks for making the connection.
    I agree that the “WTF is PIR” is a problem, and one I did not address in my post. Still, I think explaining the _idea_ of PIR is actually not the hardest part. You can talk about it in terms of “what if we had a trusted third party that would take Bob’s database, and Alice’s query, and then tell us if there is a match.”
    What PIR protocols do is remove the trusted third party.
    While the idea is deeply weird the first few times you see it, I don’t think it grasping what PIR tries to do requires having a PhD in cryptography.
    I read Matt’s article as pointing out something slightly different: that no one will believe that the number-theoretic PIR protocols one would pull out for this actually work without taking a PhD in cryptography. That’s a serious issue, and another one I didn’t talk about. I agree that finding some way to address this is important if cryptographers want to have these sort of protocols used in situations where lots of non-cryptographers need to believe that they work.
    The other issue I did talk about, though, obtains even if you believe the PIR protocol works and you _do_ have a PhD in cryptography — getting a correct implementation on your machine is not trivial at all. For one thing, downloading a completely new application or plug-in to do this seems like a nonstarter, so now we’re talking about some kind of Java applet or Javascript, which pulls in the browser to your trusted computing base. Even if it does carry out the
    PIR protocol correctly, you also need to check that it isn’t sending your SSN or other information back to the site surreptitiously, and so on. This isn’t a new observation,
    of course; I’m pretty sure Bruce Schneier talked about this
    somewhere in _Secrets and Lies_, for just one example.
    Ian Grigg:
    The authors of the stolen ID search site raise this point as well. You might enjoy reading their official response if you haven’t already:
    The unreconstructed cypherpunk in me would respond that with PIR, we don’t have to judge whether the risk of divulging SSN alone is acceptable but SSN plus name is not. With PIR, we simply don’t have to worry about exposing our
    SSN at all. Long live secure multiparty computation! 🙂
    I might also point out that using Tor would be a better idea than just trusting them to forget the IP addresses of all visitors. For one thing, their privacy policy specifically states that they may record your IP address, although it claims that it uses them only in aggregate for
    traffic monitoring:
    More seriously, I think the argument that this trains people to reveal their information to phishers is worth considering. From what I understand, the stolen ID search in fact asks you to sign up for credit check services if your number is on the list. Even if your number is not on the list, they ask you for an e-mail address to start free monitoring for hits on up to three credit cards or SSNs. (Try it with 123-04-5678 to see what I mean.) Their privacy policy specifically discusses billing information, so I expect at some point you get asked for that, which usually includes an address and possibly a CVV2.
    What stops someone else from setting up a “competitor” site that takes your SSN, then tells you that you’re on the list and please put your name, address, and credit card number here to sign up for their credit reporting service? I’m half-joking, but this is a serious
    question that Stolen ID Search will have to answer. Their response above suggests that they’re relying on https://, “HackerSafe,” and “Verisign Secured” logos to differentiate themselves from such sites.

  • Orv says:

    One problem with using tor for something like this, as David suggests, is that you have to trust that the tor exit node isn’t sniffing your traffic. Tor will protect your anonymity, but not the privacy of your data.

  • Srijith says:

    I don’t think it [sic] grasping what PIR tries to do requires having a PhD in cryptography

    You mean, just like you don’t one to understand public-key cryptography and PGP? 🙂

  • David Molnar says:

    Yes, that’s right. In a perfect crypto-anarchy, we’d use both Tor and PIR. I did not mean to imply that Tor alone was sufficient. Particularly not if you use Tor and then type in your credit card billing information. 😉
    Guess this depends on what we mean by understand. There are, in fact, people without PhDs in cryptography who manage to use PGP. We can thank the long hard work of all the people at PGP, Inc. for that. 🙂 Even some non-PGP crypto products look decent these days; I’ve been pleasantly surprised by the integration between Evolution and gpg, for instance.
    Looks like there’s already a copycat service that asks for more than it really needs –

Comments are closed.