It has stimulated me to want to understand the concept of information theoretic entropy better, a process which has been slowed by frequent poor sleep …

As has been mentioned in various comments, the notions of entropy and randomness are baffling and resistant to “commonsense” reasoning.

Having accumulated a few spells of sharper-wits thought on the matter, I’ve arrived at some preliminary observations:

- Though I haven’t proved it, I’m fully confident of the truth of Clive’s statement (rephrased here) that the XOR combination of two random sequences always has less entropy than the
*combined*entropy of the input sequences.

To borrow the mathematical term for a deterministic operation combining two functions, I expect that any convolution (not only via XOR) of two random sequences to produce a same-length sequence will have this same property, of yielding less entropy than the total of the input sequences.

- Bias in a random bit generator (corresponding to “loaded” coin or die which doesn’t have an equal distribution of results) diminishes entropy far less than I would have expected.

This is shown clearly in Figure 7 of Claude Shannon’s original paper presenting the definition of information theoretic entropy, titled “A Mathematical Theory of Communication.”

For example, if a true random bit generator^{1} is twice as likely to output 1-bits as 0-bits — a truly awful bias — the entropy is still greater than 0.9 bits per bit.

Even if the bias is 8 to 1, each output bit has more than 1/2 bit of entropy!

So, while the designer of a TRBG will naturally strive to make the bias as small as practical, perfection is hardly necessary.

- In the cases of a pair of random bit sequences, or the output of a TRBG, if the estimated entropy per bit is less than desired, a hash function can be used as an “entropy concentrator” to yield a shorter sequence with greater entropy per bit.

[Note that in his original comment on XOR, Clive wasn’t writing about attempts to “collect” entropy, but rather a property of One-Time Pad encryption.]

- Shannon’s entropy is essentially defined in terms of functions of a random variable, which are a typical example of mathematical idealism.

Excepting the output of a good TRBG, virtually all information sources have a high degree of pattern and structure.

People do speak of the entropy of patterned data (for example, English language is estimated have about one bit of entropy per character), but it seems to me that such assessments depart from the strict definition of entropy.

My present notion is that the assessment of entropy (or at least, some metaphor for it) in partly patterned data is a very deep question, and perhaps more art (or philosophy) than science.

If anybody can point to a good source for study of this matter, I shall be grateful!

^{1} The notion of biased random numbers may be disorienting to computer geeks, who are perhaps accustomed of thinking of “random” as inherently meaning “statistically uniform.”

Those are, however, independent attributes. The digits of pi, or the output of a suitable LFSR (provided the sample is shorter than its period) show perfect statistical uniformity … but are fully deterministic, which is the polar opposite of random.

]]>Ok. How about a back of napkin design summary with software, hardware, etc., and pros and cons or things to consider.

For example, I assume a lot of grandpa’s or grand daughter’s, etc., traffic would be blocked since it is coming from tor.

]]>Our host has written a bunch on open wi-fi, his open wi-fi home network, openwireless.org, etc., and it would be wonderful if he would consider another post. A quick duckduckgo search yielded:

https://www.schneier.com/blog/archives/2008/01/my_open_wireles.html

My Open Wireless Network

https://www.schneier.com/blog/archives/2008/08/terrorists_usin.html

Terrorists Using Open Wireless Networks

https://www.schneier.com/blog/archives/2006/08/stealing_free_w.html

Stealing Free Wireless

https://www.schneier.com/blog/archives/2005/03/anonymity_and_t.html

Anonymity and the Internet

https://www.schneier.com/blog/archives/2006/06/schneier_asks_t.html 2006

“Schneier Asks to Be Hacked

Maybe I shouldn’t have said this:

“I have a completely open Wi-Fi network,” Schneier told ZDNet UK. “Firstly, I don’t care if my neighbors are using my network. Secondly, I’ve protected my computers. Thirdly, it’s polite. When people come over they can use it.”

For the record, I have an ultra-secure wireless network that automatically reports all hacking attempts to unsavory men with bitey dogs.”

]]>“Does your threat model accepts home computer seizure?”

I’ve told people that ianal and before they run an open wi-fi network that they need to be prepared for police to knock on their door in the middle of the night. One person responded “cool” and has run one for five years with no known, to me, police visits.

I also told them to tell the police you are running open wi-fi and you decline to talk more until you talk to a lawyer. eff.org or openwireless.org might also provide legal support, for interesting cases, or lawyer recommendations

Of course, federal, state and local police by now probably know what tor and open wi-fi are. … But they could make one’s life miserable, with merit, or without merit (planting evidence, for example), of course.

Anyway, potential newspaper articles about arrest and confiscation of granny and granny’s computer equipment may provide some deterrent, when the average citizen probably knows that Starbucks, McDonalds, etc., run free wi-fi, too. …

]]>why dont you make the public side autoroute to a TOR Network, you have shared a WIFI for the public and you dont have to be afraid of where the public

surf if they want to do something that is considered bad and the logs hit your IP

Making a TOR Router isnt difficult

]]>arstechnica.com/tech-policy/2011/04/fbi-child-porn-raid-a-strong-argument-for-locking-down-wifi-networks/

But see this

http://www.eff.org/deeplinks/2011/04/open-wireless-movement

There’s email address in the end. And maybe @Bruce can

fill us in how far is that movement today?

I brought the TOR exit node similarity example because i see

similar problems here – people do bad things through it. Sooner

or later someone uses your open WIFI for some bad purpose.

As i mentioned here, in Estonia police confiscates your

computer and all your data, this is something i really

want to avoid.

If you look at the TOR Legal FAQ, then you see that there’s

similar problems in US.

2019.www.torproject.org/eff/tor-legal-faq.html.en

They specifically advice not to run TOR exit node from home.

Does your threat model accepts home computer seizure?

]]>Above, or below, I posted: “re: open Wi-Fi & IP location issues

For example, https://www.openwireless.org “

to justify trying to use this thread, regarding location issues, to explore best practices for businesses and individuals to share their openwireless.org type wi-fi connections. [ and now mesh connections, too ].

I think this is an important topic, but unfortunately widespread sharing may never happen.

Any thoughts?

Anyway, basic concerns abou wi-fi, or open wi-fi, include things found in these links:

https://underspy.com/blog/the-risks-of-using-public-wifi/

https://usa.kaspersky.com/resource-center/preemptive-safety/protecting-wireless-networks

https://www.lawtechnologytoday.org/2016/01/risks-unsecured-wifi-hotspots/

https://www.lifewire.com/is-it-safe-to-use-an-open-wireless-network-2378210

Anything missing from a user’s, or provider’s, perspective?

]]>“Actually i equalize this with running the TOR exit node.“

With less risk, if I understand you correctly, one could dilute their tor traffic by running a non-exit tor node, too.

“But the problems would be even smaller – TOR could be used

from any point in the world, your open WIFI only from the

signal range.”

Open Wi-Fi can provide relatively high throughput, redundancy especially with overlapping ISPs, etc., …, all stuff you are no doubt aware of …

otoh, leakers or whistleblowers, journalists, dissidents, etc., of course might want to use tor, tor browser, etc., or Tails. My current threat model involves calling our lying President a piece of sh!t, who is surrounded by sycophants, …, and I don’t think tor will protect me from that, regardless.

Anyway with fingerprinting, sites visited, persistent cookies, or the like, changing one’s IP address may provide limited benefit against nation state actors, of course.

]]>… one can always compress a given bitstring (of sufficient bitlength) via an analysis of the given bitstring and application of suitable algorithm(s)

It’s simple to proove, that no one algorithm can (losslessly) compress every bit sequence.

I suppose that with a little looseness in the definition of “algorithm,” it’s easy to show that for every possible long bit sequence, an algorithm can be constructed the compresses it at least a little.

However, there might need to be an infinite variety of such algorithms to compress every possible sequence — or more practically, a super-astronomical number of distinct algorithms to compress every possible sequence of some given length (for example, one megabit).

If that were the case, the “compressed file” would need to incorporate instructions (essentially, the specific algorithm) for uncompression.

While that is technically feasible, the extra length needed to include the algorithm would probably mean that in the general case, often the “compressed file” is at least as long as the original.

In my understanding wave phenomena like the interference pattern in the double-slit experiment are (in principle) fully deterministic and highly regular.

In contrast, entropy in information theory is defined in terms of a function of random variable.

So far, I haven’t visualized a connection between the two. Will you explain further?

]]>