[Xylakant]

Escrow works well with physical goods. How do you return source code that can be copied endlessly. How many copies do you return? How do you prove that one of them is the "original" copy?

Returning digital goods (or more general "knowledge") works either based on trust or through enforcement. The latter is the rule of law.

[iEchoic]

> Escrow works well with physical goods. How do you return source code that can be copied endlessly. How many copies do you return? How do you prove that one of them is the "original" copy?

Just brainstorming, but:

1. Trusted third party creates a service that (a) provides a one-time-use encryption key (b) provides an endpoint to upload an encrypted blob of information along with an email (or a passcode) and a date after which the decrypted content will be made available to that email (or via that passcode), (c) provides a UI that allows a user to pay $x (redeemable via email/passcode) to wipe the encrypted content from their server, if paid before the ransom date.

2. Malware author compromises system, encrypts content using (a), uploads encrypted content with their email/passcode to (b), sends user a link to (c).

3. Malware author provides some evidence that they haven't also uploaded non-encrypted content elsewhere to give confidence that once the user pays, the content will not exist elsewhere. Some ideas: system/network logs, malware analysis that shows that it only uploads to trusted third-party, providing proof in decompiled source that malware only uploads to trusted third-party, and/or a reputation/review system. Note that this doesn't need to be airtight proof, it just needs to give the victim enough confidence that they think it's worth the risk to hand over some money.

Would this work well, in practice? Who knows. But I think it's a proof-of-concept that shows that there are potentially other ways to escrow ransomed content.

[kbenson]

> Malware author provides some evidence that they haven't also uploaded non-encrypted content elsewhere

Any amount of information that could show this would invariably give away the identity of the hacker. Even then, since the information comes from them, it can't be trusted.

> But I think it's a proof-of-concept that shows that there are potentially other ways to escrow ransomed content.

There's a difference between keeping the owner from their own materials and threatening to spread those materials to others. In the first, you at least know whether you get the files back (for the most part, it might be hard to notice small changed/omissions). In the second, not only do you not necessarily know it's been shared, the blackmailer retains the right to spread it in perpetuity (whether it still retains value or not).

[kbenson]

Even with physical goods, what type of agent would hold the trust of both the criminal and law-abiding elements of the deal? A criminal agent cannot be trusted by a law abiding party, and a law-abiding agent cannot be trusted by a criminal party (they can just give everything back to the rightful owner).

[lawik]

I think this sort of thing could be done using Etherium. Allowing exchange in a mechanical way with code that the parties can verify on their own. A programmed agent being quite impartial. Not sure how hard it would be.

Of course, you can never verify that they will not release the code or keep using it maliciously.

[kbenson]

I think ethereal just hides the problem slightly. If it's information, as you say there's nothing preventing future use of it. If it's physical, there needs to be some holder of the item, and we're back at how can both sides trust the escrow agent?

[lawik]

Indeed. Hard to avoid an element of trust.