The other night I reorganized the folder on my computer where I keep all the weird New York Herald personal ads I post.
Over the years I've been clipping these I've come across a handful of personals that were just straight up written in code.
As I was going through the folder I noticed that almost all the coded ads were printed within a year or two of each other (specifically between 1850 and 1852). Looking a bit more closely I also began to realize that the same coded words and phrases were appearing across multiple personals - suggesting they were all written in the same code (which appeared to be a basic substitution cipher), likely by the same person/people.
Possessing multiple samples of the code, struck by the type of confidence that only hits at 11:30 at night, and having the little know-how remaining from a special interest in cryptology in middle school, I thought... I bet I can crack that.
So I took the longest coded personal I had at the time (the image directly above - I've since found a much longer one), cracked open a notebook and got cryptoquip-ing.
I had a few little hitches due to words being mispelled in the original ad and a few unclear letters due to poor quality newsprint, but I soon found myself with a mostly decoded message...
"This morning at elevn[sic] precisely be at Carter's bookstore two eighty five Broadway. As a prete?h ask for their directory. Don't fail."
I made myself a key (V and W are Q and Z, but as neither letter is ever used in an ad there's no way to tell which is which.)...
...and got to decoding the other personal ads and putting them chronological order.
Let's see what was worth encoding 175 years ago...
July 16, 1850 -
"You have arrived by this time I suppose my own dearest Josie. I shall wait ivpatiently[sic] for the Asia hoping to hear from you. I went to vespers Sunday and sat in your pew. You are never out of my thoughts. I have written down all that has occurred which I thought would interest you. We will read it together on our first drive after your return. I kiss this on which your eyes will rest. Do not forget your own fond devoted Jerry."
---
September 12, 1850 -
"Welcome my dearest Josie; when can k[sic] see you."
---
September 17, 1850 -
"Not one word from you dearest while away or since you returndd[sic]. Have your feelings then changed, See last Thursdays Herald. I dare not see you for the first time at home."
---
October 10, 1850 -
"Iām sick with anxiety about you, love. Will you not see me."
---
The ads then skip almost two years (I'm planning to go through the intervening microfilm by hand at some point to make sure there aren't any sneaky ones I missed)...
June 3, 1852 -
"Dearest - I was very ill whne[sic] you wrote."
---
July 4, 1852 -
"Deareft[sic] - Just return[sic] from Albany write again to me box in post office."
---
July 7, 1852 -
"Today three oclock Jersey City ferry house."
---
July 8, 1852 -
"This morning at eleven south ferry New York side."
Street cars and omnibuses wait outside the South Ferry terminal in New York City, circa 1865.
---
July 13, 1852 (the original message I decoded) -
"This morning at elevn[sic] precisely be at Carters Bookstore two eighty five Broadway. As a pretexh[sic] ask for their directory. Donāt fail."
Carter's Bookstore (indicated by janky arrow) as seen in a panoramic view published in Gleason's Pictorial, March 18, 1854.
---
Another time skip, this time 5 months.
December 14, 1852 -
"Give me a da y[sic] dear."
---
And the final message (that I've found as of writing this)...
December 25, 1852 -
"Mnray[sic] at elevn[sic] Catharine Ferry New York."
It may not be the most thrilling of Victorian espionage, but it still feels pretty cool to read something no one else has read in 175 years.
I've gone through about 3 months worth of microfilm by hand and found two more coded ads that weren't picked up by the text recognition due to blurry newsprint, but it's a slog so it's going to take a while.
So what are our theories? Did these two crazy kids make it? What was keeping them apart? Why the two year gap? What were all the meetings for?
Narrative RPG which proofs its true ending against data mining by arranging itself so that all player-facing decisions have either two, four, or eight potential options, thus yielding 1, 2, or 3 bits of binary data. These decisions are in turn arranged so that no matter what path the player takes, their choices will yield exactly 128 bits worth of data. At the end of the game, the decisions are concatenated in some pre-defined order into a 128-bit integer, which is then used to attempt to decrypt an AES-encrypted archive containing the cutscene script for the true ending. If decryption succeeds, the true ending is received.
(That this would involve a main story path in which roughly seventy player-facing decisions ā assuming an average of just under four options per decision ā must be made without a single deviation in order to receive the true ending is, of course, an acceptable price to pay.)
āPrivacy preserving age verificationā is bullshit
If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:
I don't think that it's impossible for politicians, even nontechnical politicians, to make good tech policy. After all, the fact that no one in Congress is a microbiologist doesn't stop federal standards from delivering potable water (and it doesn't excuse the ghastly failures, such as Flint, MI):
For politicians to make good policy, they don't need to be technical experts: they need to have solid, independent, well-resourced expert agencies. Those would be the very agencies that Trump and Musk have DOGEd into oblivion, which is pretty ominous, since the work of expert agencies is how you avoid dying of food poisoning, water poisoning, air poisoning, collapsing buildings, faulty antilock brakes, train explosions and plane-crashes.
But when it comes to tech policy, politicians get it all so goddamned wrong. Partly that's because the cartel of tech companies lies to them like crazy, even under oath, leading to a kind of nihilistic refusal to believe any expert input. Mark Zuckerberg wants you to think that's it's inconceivable for you to have a social life without him eavesdropping on it, and any rule demanding this is a farce, like a demand to make water that's not wet:
Big Tech's highly resourced bullshit machine convinces some politicians that technical expertise is not to be trusted, and gives other, more cynical politicians cover for ignoring experts by saying, "Oh you people are always telling us that this or that is impossible."
For example, since the Clinton era, politicians all over the world demanded a kind of impossible encryption: encryption that works perfectly when it's doing something legitimate, like keeping hackers from pushing malware to your pacemaker or stealing your life's savings or listening in on you through your phone's microphone, but also they require that this encryption offer no protection to criminals, drug dealers, terrorists, child abusers, and other miscreants.
This really is like water that's not wet. We can make encryption that works. It's hard to get right, but when we do, it offers a wondrous level of protection from interception and eavesdropping, scrambling our data so thoroughly that you would have to consume multiple universes worth of time and space to build all the computers necessary to guess the descrambling key. We can also make encryption that doesn't work. People do this by accident all the time. Sometimes, the NSA does it on purpose (and doesn't mention that fact to the people who rely on it for their safety and integrity):
https://en.wikipedia.org/wiki/Dual_EC_DRBG
But what we absolutely, positively, totally cannot make is encryption that both works and does not work, depending on whose secrets it is protecting. That's impossible.
But when technologists tell policymakers this, they tell us that they have every confidence in our ingenuity, and also, they can't be certain we're not telling a Zuck-style fable about how the stuff we merely disprefer is actually impossible. They tell us to NERD HARDER!
When politicians seize on a technological impossibility as a technological necessity, they flail about and desperately latch onto scholarly work that they can brandish as evidence that their idea could be accomplished.
For example, back in 2019, Trump's Bureau of Land Management tried to impose a ton of absolutely bizarre, environmentally devastating requirements on Burning Man's land-use permit. One of these requirements was to effectively ban LED lights at night (!), on the basis that these were so bright at altitude that they could disrupt nocturnal birds.
In support of this measure, the BLM cited a PhD dissertation from a physicist who developed a method for estimating light pollution. That physicist turns out to be a burner, who filed comments in the docket describing how the BLM had misapplied his work, making crude mathematical errors that led them to grossly overstate the amount of light pollution at altitude (I've just spent an hour trying to find this comment and I came up craps ā if you can find it, please let me know, as it was delicious).
That kind of Annie Hall/Marshall McLuhan/"You know nothing of my work" moment is always fantastic, and especially so when politicians are demanding that technologists NERD HARDER! to realize their cherished impossibilities.
That's just happened, and in relation to one of the scariest, most destructive NERD HARDER! tech policies ever to be assayed (a stiff competition). I'm talking about the UK Online Safety Act, which imposes a duty on websites to verify the age of people they communicate with before serving them anything that could be construed as child-inappropriate (a category that includes, e.g., much of Wikipedia):
The Starmer government has, incredibly, developed a passion for internet regulations that are even stupider than Tony Blair's and David Cameron's. Requiring people to identify themselves (generally, via their credit cards) in order to look at porn will create a giant database of every kink and fetish of every person in the UK, which will inevitably leak and provide criminals and foreign spies with a kompromat system they can sort by net worth of the people contained within.
This hasn't deterred Starmer, who insists that if we just NERD HARDER!, we can use things like "zero-knowledge proofs" to create "privacy-preserving" age verification system, whereby a service can assure itself that it is communicating with an adult without ever being able to determine who it is communicating with.
In support of this idea, Starmer and co like to cite some genuinely exciting and cool cryptographic work on privacy-preserving credential schemes. Now, one of the principal authors of the key papers on these credential schemes, Steve Bellovin, has published a paper that is pithily summed up via its title, "Privacy-Preserving Age Verificationāand Its Limitations":
The tldr of this paper is that Starmer's idea will not work and cannot work. The research he relies on to defend the technological feasibility of his cherished plan does not support his conclusion.
Bellovin starts off by looking at the different approaches various players have mooted for verifying their users' age. For example, Google says it can deploy a "behavioral" system that relies on Google surveillance dossiers to make guesses about your age. Google refuses to explain how this would work, but Bellovin sums up several of the well-understood behavioral age estimation techniques and explains why they won't work. It's one thing to screw up age estimation when deciding which ad to show you; it's another thing altogether to do this when deciding whether you can access the internet.
Others say they can estimate your age by using AI to analyze a picture of your face. This is a stupid idea for many reasons, not least of which is that biometric age estimation is notoriously unreliable when it comes to distinguishing, say, 16 or 17 year olds from 18 year olds. Nevertheless, there are sitting US Congressmen who not only think this would work ā they labor under the misapprehension that this is already going on:
So that just leaves the privacy-preserving credential schemes, especially the Camenisch-Lysyanskaya protocol. This involves an Identity Provider (IDP) that establishes a user's identity and characteristics using careful document checks and other procedures. The IDP then hands the user a "primary credential" that can attest to everything the IDP knows about the user, and any number of "subcredentials" that only attest to specific facts about that user (such as their age).
These are used in zero-knowledge proofs (ZKP) ā a way for two parties to validate that one of them asserts a fact without learning what that fact is in the process (this is super cool stuff). Users can send their subcredentials to a third party, who can use a ZKP to validate them without learning anything else about the user ā so you could prove your age (or even just prove that you are over 18 without disclosing your age at all) without disclosing your identity.
There's some good news for implementing CL on the web: rather than developing a transcendentally expensive and complex new system for these credential exchanges and checks, CL can piggyback on the existing Public Key Infrastructure (PKI) that powers your browser's ability to have secure sessions. When you visit a website with https:// in front of the address (instead of just http://).
However, doing so poses several difficulties, which Bellovin enumerates under a usefully frank section header: "INSURMOUNTABLE OBSTACLES."
The most insurmountable of these obstacles is getting set up with an IDP in the first place ā that is, proving who you are to some agency, but only one such agency (so you can't create two primary credentials and share one of them with someone underage). Bellovin cites Supreme Court cases about voter ID laws and the burdens they impose on people who are poor, old, young, disabled, rural, etc.
Fundamentally, it can be insurmountably hard for a lot of people to get, say, a driver's license, or any other singular piece of ID that they can provide to an IDP in order to get set up on the system.
The usual answer for this is for IDPs to allow multiple kinds of ID. This does ease the burden on users, but at the expense of creating fatal weaknesses in the system: if you can set up an identity with multiple kinds of ID, you can visit different IDPs and set up an ID with each (just as many Americans today have drivers licenses from more than one state).
The next obstacle is "user challenges," like the problem of households with shared computers, or computers in libraries, hotels, community centers and other public places. The only effective way to do this is to create (expensive) online credential stores, which are likely to be out of reach of the poor and disadvantaged people who disproportionately rely on public or shared computers.
Next are the "economic issues": this stuff is expensive to set up and maintain, and someone's gotta pay for it. We could ask websites that offer kid-inappropriate content to pay for it, but that sets up an irreconcilable conflict of interest. These websites are going to want to minimize their costs, and everything they can do to reduce costs will make the system unacceptably worse. For example, they could choose only to set up accounts with IDPs that are local to the company that operates the server, meaning that anyone who lives somewhere else and wants to access that website is going to have to somehow get certified copies of e.g. their birth certificate and driver's license to IDPs on the other side of the planet. The alternative to having website foot the bill for this is asking users to pay for it ā meaning that, once again, we exclude poor people from the internet.
Finally, there's "governance": who runs this thing? In practice, the security and privacy guarantees of the CL protocol require two different kinds of wholly independent institutions: identity providers (who verify your documents), and certificate authorities (who issue cryptographic certificates based on those documents). If these two functions take place under one roof, the privacy guarantees of the system immediately evaporate.
An IDP's most important role is verifying documents and associating them with a specific person. But not all IDPs will be created equal, and people who wish to cheat the system will gravitate to the worst IDPs. However, lots of people who have no nefarious intent will also use these IDPs, merely because they are close by, or popular, or were selected at random. A decision to strike off an IDP and rescind its verifications will force lots of people ā potentially millions of people ā to start over with the whole business of identifying themselves, during which time they will be unable to access much of the web. There's no practical way for the average person to judge whether an IDP they choose is likely to be found wanting in the future.
So we can regulate IDPs, but who will do the regulation? Age verification laws affect people outside of a government's national territory ā anyone seeking to access content on a webserver falls under age verification's remit. Remember, IDPs handle all kinds of sensitive data: do you want Russia, say, to have a say in deciding who can be an IDP and what disclosure rules you will have to follow?
To regulate IDPs (and certificate authorities), these entities will have to keep logs, which further compromises the privacy guarantees of the CL protocol.
Looming all of this is a problem with the CL protocol as being built on regulated entities, which is that CL is envisioned as a way to do all kinds of business, from opening a bank account to proving your vaccination status or your right to work or receive welfare. Authoritarian governments who order primary credential revocations of their political opponents could thoroughly and terrifyingly "unperson" them at the stroke of a pen.
The paper's conclusions provide a highly readable summary of these issues, which constitute a stinging rebuke to anyone contemplating age-verification schemes. These go well beyond the UK, and are in the works in Canada, Australia, the EU, Texas and Louisiana.
Age verification is an impossibility, and an impossibly terrible idea with impossibly vast consequences for privacy and the open web, as my EFF colleague Jason Kelley explained on the Malwarebytes podcast:
Politicians ā even nontechnical ones ā can make good tech policy, provided they take expert feedback seriously (and distinguish it from self-interested industry lobbying).
When it comes to tech policy, wanting it badly is not enough. The fact that it would be really cool if we could get technology to do something has no bearing on whether we can actually get technology to do that thing. NERD HARDER! isn't a policy, it's a wish.
Wish in one hand and shit in the other and see which one will be full first:
It looks like Tumblr @staff have finally implemented tracking garbage into shared links in the Tumblr mobile app. It took them years and years, but Tumblr is finally making an attempt to track shared links you click or links you share with friends.
When you share a post and choose to ācopyā a link to your clipboard, you can see that they use their (new?) url shortener, at.tumblr.com.Ā The shortened URL appears to contain: your blog name; either the ID of the destination post, or the short string associated with the post; and an alphanumeric string.Ā Eg:
The shortened URL redirects you to the destination link, but with 2 URL parameters: _branch_referrer and _branch_match_id.Ā Both are associated with a third-party analytics tool, branch.io.Ā Eg:
_branch_match_id, according to this stackoverflow answer, is an identifier unique to you, used to track users.Ā It could be based on browser fingerprinting, as branch.ioās branch_match_id is.
Anyway, thereās not a terribly easy way to avoid this tracking from the Tumblr mobile app, but if you get a link that has the id, not the string, you can modify it to the format of blog.tumblr.com/ID, like so before sending it to a friend:
Bonus 106: The Mysterious Voynich Manuscript - Interview with Claire Bowern
In the 1600s, an antique book is recorded in an alchemist's library in Prague, containing intriguing but puzzling drawings, like plants with unnatural cuboid roots, as well as a strange writing system, with some familiar letters and some utterly unfamiliar. This book became known as the Voynich Manuscript, after a Polish book dealer who purchased it in 1912, and the meaning (or lack thereof) that lies on its 240 parchment pages is a puzzle that's intrigued cryptographers, historians, linguists, and more for centuries.
In this episode, Gretchen gets enthusiastic about the mysterious Voynich Manuscript with Dr. Claire Bowern, who's a professor at Yale University, researcher of language documentation and historical linguistics, and creator of a class about the enduring enigma that is the Voynich Manuscript. We talk about what we can actually know about the manuscript for certain: no, it wasn't created by aliens; yes, it does carbon-date from the early 1400s; and no, it doesn't look like other early attempts at codes, conlangs, or ciphers. We also talk about what gibberish actually looks like, what deciphering medieval manuscripts has in common with textspeak, why the analytical strategies that we used to figure out Egyptian hieroglyphs from the Rosetta Stone and Linear B from Minoan inscriptions haven't succeeded with the Voynich Manuscript, and finally, how we could know whether we've actually succeeded in cracking it one day.
Listen to this episode about the mysterious Voynich Manuscript with Dr. Claire Bowern, and get access to many more bonus episodes by supporting Lingthusiasm on Patreon.
Hey, cryptographers of Tumblr. If anyone is bored and fancies a challenge, please could you have a go at deciphering this message and tell me how long it takes you? It's for a fic I'm writing, and I need to know if it's realistic for my characters to get the answer late enough for my pacing but quick enough to catch the killer.
