Feb 4, 17 / Pis 07, 01 03:47 UTC
Re: Sharing your Asgardia ID Number ¶
what the purpose of asgardia??
Feb 4, 17 / Pis 07, 01 14:09 UTC
Hi Alan Player, you are Chapter Advocate, what does it mean, would you be so kind to explain?
Feb 5, 17 / Pis 08, 01 12:24 UTC
Have we looked into an authentication scheme that's more secure than permanently assigning each individual a fairly short ID number that must be kept secret and can't easily be changed? Lots of existing countries do that, but that doesn't change the fact that it's an extremely insecure system (especially given that the numbers aren't assigned completely randomly).
I would recommend that we use the ID numbers solely as globally unique pointers to a particular person (so that i.e. two people with the same name can unambiguously specify who they are), and handle authentication via PGP or something similar (a security expert, which I am not, would be able to make a good suggestion as to what specific algorithm would be most appropriate).
Feb 5, 17 / Pis 08, 01 13:07 UTC
Just consider it a number. Many other countries use a similar scheme, some employ the ambiguity of this number in the scheme - but none that I'm aware of use it as a form of ID, within itself. It's almost always supported by other data.
As for a more secure way to login, PGP/GPG certificates are not an overly poor suggestion - such would actually be better for signing the posts so you can be assured the poster is as intended(as this thing seems to cleverly store the authentication details locally in the browser cookies) but IMHO a "better" solution would be X.509 - This is related to the SSL/TLS that secures traffic to this site and things like your bank. Users should be able to trivially generate themselves a pair of certificates - sensibly these should be locked with a passphrase to prevent inadvertant third party use - and via a key signing request have the server's CA sign the certificate allowing it to be used on the remote system for login without ever leaving the local system. Secure.
Ultimately, either X.509 or PKCS-11 could be embedded into some extra "digital pages" in a passport, and then this could be used to login.
Feb 6, 17 / Pis 09, 01 12:45 UTC
I have to agree with Korvin: "...Sometimes I have a feeling that Asgardia is just a scam to collect our personal information. They are clearly not taking the IT security seriously, nobody even tries to answer when somebody asks or raises their concerns about it..."
But I understand also that everything needs time to grow. Still IT data are very sensitive and should me treaded as such. Right from the beginning. If Asgardia is not interested in protecting our data on their own level, who is?
As per sharing the Asgardia ID number, maybe there is another way to identify us as certified citizen? As least there should be enough MEDIA material we can use on a site who wants to associate itself with Asgardia.
Feb 6, 17 / Pis 09, 01 18:46 UTC
Oh, they're interested in protecting it on their level.
It just doesn't seem to matter to them that this level ceased being relevant circa 1970.
Why should you need to "identify us as a certified citizen"? There's already media available if you'd like to retain various visual conformities - it gets pushed to your browser each time you load a page. "Official" documents have made it easy to lift out the header logo etc - just feed it into a .pdf editor.
This ofc doesn't address any particular copyright or other such and I'd not think it's incredibly wise to just allow anyone to setup anything and simply claim it's an Asgardian, or Asgardian backed initative. Permission should be sought before actually using.
Feb 6, 17 / Pis 09, 01 22:55 UTC
hello guys, im just here because of my curious. i have a question, what is future of this 'thing'? i mean, yeah im an asgardian now but sooo what? what is going to happen now? :D
Feb 7, 17 / Pis 10, 01 01:34 UTC
If https://asgardia.space/en/page/concept and othersuch leaks wasn't enough detail, then there's a submission somewhere for a "roadmap" - should this be implimented then it should not only illustrate "where we're going" but how to get there.
Feb 9, 17 / Pis 12, 01 07:03 UTC
I understand everyones concern about security, in reality if you own a smartphone, have Windows 10, use Google Chrome, and many other programs/devices you information is already being collected one way or another. Alot of this information is sold to third-partys. My point is unless your off-grid and refuse to use technology; a large majority of everyone's information is already stored somewhere. It's a real shame, but a reality. I'm not saying the information stored "here" couldn't be collected and utilized in a negative way, but what I'm saying is so much personal data exists "out their" already that it is almost not worth caring about. Blame the dawn of smartphone technology, which changed the world forever; not from just a technical standpoint, but socially changed the world. Far beyond what the internet itself has achieved.
Feb 9, 17 / Pis 12, 01 13:01 UTC
The majority is already stored somewhere - That's no excuse to be making it really easy to actually link to you, or your activities. Just because it's easy to pop the lock on your front door doesn't mean it's not worth locking the house when you leave. You might not think what you have is of any particular value, but someone certainly will. And truely, if it was of such little concern then there would not be the significant effort and funding placed into the collection and long term storage/analysis.
Blaming the technology itself is poor form - blame lies with those who didn't bother to think about what they're doing enough to see it happening around them and actively encouraged it into the state it is in now, and what's comming next. There's no need to thank them, this will reap it's own rewards. The information collected here holds potential for such abuse - more so as we begin to collect more - but really we should have no excuses behind engaging in any of the more unscroupulous behaviours associated with. Ofc, time will tell. The only thing that 'tardphones brought to the table that wasn't already in place was an enhanced sensor network to increase both the range of data collection and granted a larger pool to collect from, spread across a wider area. All they've managed to change is an upgrade to the exploits everyone carries around with them. Most of the "social" changes are purely because it can touch the interwebs, which has been considered portable since at least the mid nineties. As even voice comms are now data packets it's all interwebs, has been for some time. The only real "social change" that can be attributed to the rise of the 'tardphone is the perception that it's "normal" to not be in any significant control over your hardware, and to pay no particular concern as to what it's doing or why.
Feb 11, 17 / Pis 14, 01 05:00 UTC
Why can't people think don't they know the Asgardian ID number is just like having a Visa or a Passport 😂😂😂😂