challenge procedure questions

[Jackalgirl]

I do not think you know how to edit a post without its 'edited' marker. You edited this post 6 minutes after you made the post.

I'd actually edited it about four times in that time period. In several cases, there was no "edited" marker. But it's a good point; the forum may be showing you something it's not, for some reason, showing me.

 

[Blue Mountain]

I'm by no means a cryptography expert, but there are ways to determine that a message has been transmitted unaltered by using existing public-key mechanisms.

The basis of public-key cryptography is a pair of keys, the private and public. The public key is disseminated widely, while the private one is kept as private as possible, usually in a file (on the owner's computer) that itself is encrypted, and can be decrypted only by a person who knows the password.

A message encrypted by one key can only be decrypted with the other key--it can't even be decrypted using the original key used to encrypt it.

For example, I want to send a message my friend Bob that only he can open and read. I get his public key, which he makes available to me by some means (eg, on his website, in a key repository, or even by e-mail.) I use that key to encrypt the message and send it to him. The only thing on Earth (currently) that has a hope of decrypting that message is Bob's private key, which in theory is available only to him.

For messages that are intended to be sent in the clear (that is, in plain readable text), I can "sign" them. The signing program creates a "signature block" based on a secure "hash" of the message text. (A "hash" is a mathematical checksum of the message contents--the sum changes radically if even one bit [eg, flipping an "a" to a "b"] changes.) The program then encrypts that signature block with my private key and appends it to the message contents. Using my public key, any interested party can decrypt that signature block. If it decrypts properly, one can be certain it was encrypted with my private key. Further, the checking program can generate its own hash of the text, up to but not including the signature block. If that hash matches the one obtained in the encrypted signature block, you can be certain the message was not altered in transmission.

Thus, if you have a computer where you are assured the clock is accurate, cryptographically signing a message that has a date and time as part of its contents will supply good evidence (may I say proof) that the date and time as recorded on the message have not been altered. If such a message is posted in a public forum like this one, and the time and date in the message body closely matches the time and date the server accepted it, then that is good evidence the clock on the originating computer is accurate.

GNU Privacy Guard is an open-source implementation of public-key cryptography.

 

[CynicalSkeptic]

Actually I believe there's about a 2 minute period when you can edit without it showing, but I won't post any guess under 5 min before it's revealed anyway, so that isn't a problem.

I'm not positive, but I think the trick is that if nobody has read the post between the time it was initially posted, and the time it was edited, it doesn't indicate that it has been edited. If someone has read it, then it shows edited.

 

[rjh01]

Just been in the test forum. I can edit my posts without it having the 'Last edited by rjh01' However when I edited it after three minutes then it came up.

Only hope the mods do not tell me I have flooded the test forum.

 

[Cuddles]

This might all work as a little test between forum members, but I seriously doubt the JREF will ever conduct a test over the internet. Whatever safeguards you use, there are thousands of people who spend their time finding security flaws that no-one else has noticed. You might be satisfied that it is almost certainly safe, but safe enough to rest a million on it? Tests always have multiple observers to ensure no-one is ever left alone and are videotaped. A remote test will never be secure enough to win the challenge.

 

[GzuzKryzt]

I'm still curious, latent aaaack: How often have you tried this before to come with the numbers you gave?

What exactly were your results, at what occasions (lotto, sports, etc.), how did you document them and what controls did you use?

 

[Jackalgirl]

Just been in the test forum. I can edit my posts without it having the 'Last edited by rjh01' However when I edited it after three minutes then it came up.

Only hope the mods do not tell me I have flooded the test forum.

My form of the trick was to complete an edit (within a few /seconds/), at which point the "last edited by..." came up. Then I edited it again, but this time deleted everything in the "Reason for editing" box. When I saved it, there was no "last edited by...".

But the point is, I think, that there's some confusion/question about whether an edited message will always be marked as edited. If the timestamp on an email address can be guaranteed (such as if PGP or some other key program could be set to automatically include the timestamp in the encrypted signature), that would work.

Alternately, one could use a time-stamped chat-room (if such a thing exists), or just use FedEx/UPS if it really got down to the nitty-gritty.

 

[rjh01]

The problem with editing a post is that most people who subscribes to the thread sees the unedited thread in the e-mail.

 

[IXP]

For an informal test, you could do the following.

When JackalGirl rolls her dice she encrypts the number via a specified algorithm and posts it in a forum thread. Then aak answers it with his guess. Repeat multiple times until enough guesses to show the effect have been recorded. Then JG posts the key and and everyone can verify what the original numbers were with no tampering possible.

This would allow JG and Ack to verify that the other was not cheating. It would not rule out collusion between them.

IXP

 

[Blue Mountain]

For an informal test, you could do the following.

When JackalGirl rolls her dice she encrypts the number via a specified algorithm and posts it in a forum thread. Then aak answers it with his guess. Repeat multiple times until enough guesses to show the effect have been recorded. Then JG posts the key and and everyone can verify what the original numbers were with no tampering possible.

This would allow JG and Ack to verify that the other was not cheating. It would not rule out collusion between them.

IXP

A pair of 10-sided dice (which generates values between 00 and 99) or three of them (000 - 999) would be best. Of course, the only way to rule out collusion would be to have both parties under observation by others while the experiment was taking place, and videotaped.

Assuring the timestamp on the videotape hasn't been tampered with might be a challenge; continuous audio running in the background is often used for this purpose.

In the end, of course, this would be useful only for informal testing. Even a preliminary test would require stricter controls.

 

[Jackalgirl]

For an informal test, you could do the following.

When JackalGirl rolls her dice she encrypts the number via a specified algorithm and posts it in a forum thread. Then aak answers it with his guess. Repeat multiple times until enough guesses to show the effect have been recorded. Then JG posts the key and and everyone can verify what the original numbers were with no tampering possible.

This would allow JG and Ack to verify that the other was not cheating. It would not rule out collusion between them.

IXP

I'd be cool with this. I'd also be cool with both posting /and/ PMing a trusted third party; if the post & PM's times are more than, say, 4 minutes apart, it's an invalid post. Don't know if JREF would be willing to do this, but this can all be worked out in the protocol negotiation.

I'd be more than willing to do this with a video recorder. The timestamp would be a little more difficult, if only because I'd have to find some time-verifyable background noise, yes? I'm in Japan on an Air Force Base, so my TV channels (if that's a suggested means for verification) are not the same as those Stateside. I imagine that I could play an Internet radio channel, though, at a specified time, and someone /else/ could also record the radio channel, and if they don't match with a certain amount of "slop" allowed for Internet vagarities (sp?), you all would know I faked the transmission or otherwise was involved in doing something unfair...

 

[IXP]

I thought about the encryption scheme a little more after my too quick post. At first I thought you could just encrypt the 2 digit number with a simple algorithm, but then there is no way to know, once you provide the key, that it really was the key. Any key that mapped the number back to numbers would look okay. You would have to use a typical encyption algorithm that works on all text and embed the number in a longer piece of text, prefererably with the number written out as text. This would make it impossible to provide a wrong key and get any sensible result when decrypting.

IXP

 

[latent aaaack]

This is off topic but is there a reason why UKskeptics.com isn't on the list of links on the 'learning resources' page here http://www.randi.org/education/links.html ? I was just going through that list of all known skeptic organizations to see how many are close to me and noticed that one wasn't there after seeing a link somewhere else for it.

 

[GzuzKryzt]

I'm still curious, latent aaaack: How often have you tried this before to come with the numbers you gave?

What exactly were your results, at what occasions (lotto, sports, etc.), how did you document them and what controls did you use?

 

[latent aaaack]

I'm still curious, latent aaaack: How often have you tried this before to come with the numbers you gave?

What exactly were your results, at what occasions (lotto, sports, etc.), how did you document them and what controls did you use?

I'm sorry but I'd prefer not to go into this right now unless the tester him/herself has such specific questions, I'm just getting an idea of what procedures would be acceptable. It looks like I'll have to be in direct contact with an official tester by e-mail or phone rather than relying on a time stamp as proof, so this could be a little tricky. What makes a test more feasible is that any tester wouldn't have to do anything, just check their email or voicemail during a period of a few hours to verify.

 

[GzuzKryzt]

I'm sorry but I'd prefer not to go into this right now unless the tester him/herself has such specific questions, I'm just getting an idea of what procedures would be acceptable. It looks like I'll have to be in direct contact with an official tester by e-mail or phone rather than relying on a time stamp as proof, so this could be a little tricky. What makes a test more feasible is that any tester wouldn't have to do anything, just check their email or voicemail during a period of a few hours to verify.

Do you expect us - members of a skepticism forum - to simply take your word for the existence of your ability, latent aaaack?

Have you or have you not done this before? What occasion, how, what success?



Does this seem an unreasonable inquiry? Especially concerning latent aaaack's previous evading of said inquiry.
Anyone, please?

 

[Cuddles]

I'm sorry but I'd prefer not to go into this right now unless the tester him/herself has such specific questions, I'm just getting an idea of what procedures would be acceptable. It looks like I'll have to be in direct contact with an official tester by e-mail or phone rather than relying on a time stamp as proof, so this could be a little tricky. What makes a test more feasible is that any tester wouldn't have to do anything, just check their email or voicemail during a period of a few hours to verify.

As I said previously, for a real test you will have to be there in person. No matter how much you try, you will never get the internet or phone lines secure enough for someone to bet a million that you can't be cheating, as well as needing to have people present as observers and usually recording as well. This internet and encryption business is all very well for an informal test, but you cannot assume that your real test will be at all the same.

Why is it such a problem for you to take a normal test? Where do you live? There are skeptical organisations in almost every country with members who would be happy to spend a couple of hours running a test properly. The JREF tests do not have to be run by Randi, and in fact he stays out of it so people can't accuse him of cheating, they are run by representatives of the JREF who are usually chosen from local skeptic organisations.

As I see it, a suitable protocol would be as follows :

You sit in one room, the person rolling the dice, who must be approved by you, sits in another. No contact can be possible, by any means, between the two rooms. A minimum of two observers, approved by both parties, are required, one for each room. Preferably four observers would be present, one chosen by each party in each room so that no-one can accuse anyone of forcing an observer on the other. A final person will act as a courier to take the results of the dice rolls and your predictions. Both rooms will be continuously recorded in both video and audio. No person other than the courier may leave a room at any point, if they do so the test is null and void. No communication devices will be allowed to anyone, again, the test is void if any is found after the test has begun. Ideally you would sit in a Faraday cage to prevent any possibility of electronic communication, although this is unlikely to be possible.

For the test, the dice will be rolled to obtain a number from 00-99. The courier will write this number down and place it in a sealed envelope labelled with "Roll" and the test number. They will carry it to the other room and leave it, untouched, on a table. They will then leave the room. You will then make your guess at the number. Your guess will be written down and placed in another sealed envelope labelled "Prediction" and the test number, and then placed with the roll envelope. The courier will now be signalled, by knocking on the door for example, to go back to the dice room for the next roll. This will continue until the required number of rolls have been made. Until the test is over no-one other than the courier may touch the envelopes and there will be no feedback of any kind to indicate your success on previous rolls.

Once the test is finished, the envelopes will be opened. Everybody should be present for this, since there will be both your observers and the skeptic observers who have seen both results and will therefore know that they haven't been tampered with. A score of 3/3 would be obtained with 1:1,000,000 probablility, but it is likely that more tests would be run and less than 100% accuracy would be required. The exact score that constitutes a pass must be worked out between you and the JREF beforehand.

Ideally the courier would be two people, one chosen by you and one skeptic. If required the envelopes could be kept in a third room with two more observers to watch over them, although this is probably overkill and as long as the numbers cannot be seen through the envelopes is probably not needed.

This simple test only needs five people, you and four others. Ideally, and especially to cover your concerns rather than the testers, it would take eight, you, three of your friends and four skeptics. A location could be a scout hut or church hall which could probably be obtained free for the short time required. It should only take two hours at a generous maximum. Even someone's house could be used, although this might not be acceptable to the JREF. It should not be difficult for you to find three friends, and it should easily be possible for a skeptical organisation to find four people close to you, so there really seems no reason to fuss over internet and phone protocols when it is so simple to conduct a real, secure test.

 

[vIQleS]

For the test, the dice will be rolled to obtain a number from 00-99. The courier will write this number down and place it in a sealed envelope labelled with "Roll" and the test number. They will carry it to the other room and leave it, untouched, on a table. They will then leave the room. You will then make your guess at the number. Your guess will be written down and placed in another sealed envelope labelled "Prediction" and the test number, and then placed with the roll envelope. The courier will now be signalled, by knocking on the door for example, to go back to the dice room for the next roll. This will continue until the required number of rolls have been made. Until the test is over no-one other than the courier may touch the envelopes and there will be no feedback of any kind to indicate your success on previous rolls.

Once the test is finished, the envelopes will be opened. Everybody should be present for this, since there will be both your observers and the skeptic observers who have seen both results and will therefore know that they haven't been tampered with. A score of 3/3 would be obtained with 1:1,000,000 probablility, but it is likely that more tests would be run and less than 100% accuracy would be required. The exact score that constitutes a pass must be worked out between you and the JREF beforehand.

Ideally the courier would be two people, one chosen by you and one skeptic. If required the envelopes could be kept in a third room with two more observers to watch over them, although this is probably overkill and as long as the numbers cannot be seen through the envelopes is probably not needed.

Good protocol, but i would make a couple of changes:

All rolls and guesses are recorded on one sheet each. nothing and no one leaves any room. (these sheets could be sealed when finished, but i don't think that's needed.)

Courier is actually just a signaler. When roll has been recorded the observer waves a flag or shines a light out of the door to let the courier know and he then signals the other room in a similar fashion. and likewise when the guess has been recorded.

The rooms should be well seperated, and the corridor should probably be videoed as well... (all cameras could be recorded on a security-type DVR to get all views at the same time with a good time stamp)

 

[NiallM]

This all seems way too nebulous and evasive to be of testable quality.

Distance is an addition to the claim and is only an enhancement of what is an easily testable claim. For the purposes of making the protocol and the observing conditionseasy it is possible (if not essential) to eliminate distance as an issue.

For a million bucks, anyone in the US can travel to FL.

A preliminary, of course, could probably be arranged locally.

The distance element in this merely serves to obfuscate yet another woo claim.

 

[latent aaaack]

Good protocol, but i would make a couple of changes:

All rolls and guesses are recorded on one sheet each. nothing and no one leaves any room. (these sheets could be sealed when finished, but i don't think that's needed.)

Courier is actually just a signaler. When roll has been recorded the observer waves a flag or shines a light out of the door to let the courier know and he then signals the other room in a similar fashion. and likewise when the guess has been recorded.

The rooms should be well seperated, and the corridor should probably be videoed as well... (all cameras could be recorded on a security-type DVR to get all views at the same time with a good time stamp)

Thanks for the ideas people. Is there any particular reason you thought to bump this thread now?

The reason I asked whether a remote test is acceptable is because of the percieved limitations of what I claim. Testing remotely requires much less resources however and if that stage is passed I'm sure a more robust test could be made to be conducted over a distance.