Summary of where we are right now
Since I haven't seen anything come off of the list for a while and since I've imbibed some nice single-malt, I will for the fuck of it summarize where things are. Any Cypherpunk with some kinda balls will tell me I'm completely and absolutely full of shit, but at least I tried, so do better. 1. We won. With Bitcoin and Silk Road along with encrypted peer-to-peer sharing networks (oh yeah and TOR), it's pretty clear we won. There's a lotta popular literature out there now discovering Cypherpunks anew. Some form of Crypto is out there, for those that want to use it, that can can make it real pain in the ass for TLAs to discover that your "Afghan" is really just a form of 80s retro-pot. 2. No, we didn't win yet: TOR is a honeypot. That's right, motherfucker: You do know who really gave TOR its initial impetus, right? And you know why they did that? They did it precisely because it was too obvious and too expensive to pull EVERYTHING back to Virginia or wherever. So they figured it was easier to just get suckers to use some form of encryption (including and specifically TOR) to send the red flag that someone wanted to hide something, so "look over here!". Anything TOR'd is certainly backhauled to the greater DC area and, if there are any additional meta-meta-data risk flags, they'll red light it to begin cracking. If they can't crack within reasonable time/cost budgets (given the risk), and if they for some reason feel a little nervous about you, well they'll just find out where you are and attack your shitty machine. Oh, you use Linux? Well that's totally different. It's not like they hired any brilliant math or crypto geek coming out of college or grad school. 3. But we are going to win. Yeah, we're gonna win. Why? Because we want to. It's not enough to encrypt: The type and context of encryption had to be hidden as well. Kind of the network version of Rubberhose. But these young kids who grew up not watching TV because it didn't interact with them, it's they who will create a stego virus to propagate fake stego everywhere on Facebook or whatever. It's them who are going to create TOR services that operate ubiquitously behind the scenes, so that most users dob't even know they are using it. Hiding the form of encryption will itself be the final frontier as crypto becomes ubiquitous. 4. Bitcoin, motherfucker. Crazy old cackling May was right. Or at least, he was right enough. Right enough for me to buy pot or 'cid or shrooms over the internet and have them sent to my Unabomber shack. Even less...tasteful...forms of porn will be tolerated precisely because THEY can't reveal what they can do, at least not unless their own salaries are in jeopardy. Adrian Lamo? No doubt THEY looked for someone who had contact Manning so that they could hide what they had intercepted and what they could do. But they will keep hiding what they can do while a real economy takes over and sorts out its own. Yeah, that's it. It's downhill from here. Cypherpunks are dead because they are no longer needed, so long live the King of the Anarchy. -TD
On Thu, 2013-03-07 at 21:28 -0500, Tyler Durden wrote:
No, we didn't win yet: TOR is a honeypot. That's right, motherfucker: You do know who really gave TOR its initial impetus, right? And you know why they did that? They did it precisely because it was too obvious and too expensive to pull EVERYTHING back to Virginia or wherever.
It seems pretty clear that this is in fact not why the Navy funded Tor. Virtually all science in the US is funded by the military in some form. The stuff that isn't funded by the military is funded by the NSA, and the stuff that isn't funded by either is funded by the NSF (which is probably just a front group for the military; or at least functionally is, as is most of the American government). Saying "look, this thing was funded by the military" is just not useful. By that metric, virtually all computer science is a hidden backdoor. You have to be more specific. -- Sent from Ubuntu [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tyler Durden <camera_lumina@hotmail.com> writes:
... I will for the fuck of it summarize where things are. ...
1. We won.
No. If we had won, (a) new p2p acquaintances would be wary until they had a opportunity to verify each other's keys out-of-band (having already exchanged them on first meeting); (b) merchants would proudly include the Key ID of their signing key in every web page, print ad, letterhead, and customers would instinctively recognize verification failure as the sign of an impostor; (c) banks would require customers to identify themselves by Key ID; (d) Verisign and the other CAs would no longer exist; (e) thinly disguized government agents like Ted Smith would be scorned into insignificance. - -- -- StealthMonger <StealthMonger@nym.mixmin.net> Long, random latency is part of the price of Internet anonymity. anonget: Is this anonymous browsing, or what? http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain stealthmail: Hide whether you're doing email, or when, or with whom. mailto:stealthsuite@nym.mixmin.net?subject=send%20index.html Key: mailto:stealthsuite@nym.mixmin.net?subject=send%20stealthmonger-key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/> iEYEARECAAYFAlE5chEACgkQDkU5rhlDCl5ejgCfe2PZxix+S8RTqt2CY/CBQtHW JOAAoLGGiQil2DD3LMcxgDQCbKzwJILm =9PE/ -----END PGP SIGNATURE-----
So they figured it was easier to just get suckers to use some form of encryption (including and specifically TOR) to send the red flag that someone wanted to hide something, so "look over here!".
I don't agree that the NRL funded Tor for this purpose, but I do agree that our tools today (Tor, mixmaster/mixminion, PGP mail, RedPhone, TextSecure, OTR, etc) are easily distinguishable in traffic streams, and that this is a problem. Just as Riseup collects a bunch of people who care a lot about privacy onto one mailserver - people using these tools are likely to be interesting. Skype, Facebook, Gmail - for all their problems, they are ubiquitous, and don't draw attention.
3. But we are going to win. Yeah, we're gonna win. Why? Because we want to. It's not enough to encrypt: The type and context of encryption had to be hidden as well. Kind of the network version of Rubberhose. But these young kids who grew up not watching TV because it didn't interact with them, it's they who will create a stego virus to propagate fake stego everywhere on Facebook or whatever. It's them who are going to create TOR services that operate ubiquitously behind the scenes, so that most users dob't even know they are using it. Hiding the form of encryption will itself be the final frontier as crypto becomes ubiquitous.
A friend I talked with recently told me he thought it was easy to set up an anonymity system that worked great for you and your friends, and near impossible to build one that worked well for everyone else. Once it got popular or you became a target of investigation, people would put the effort into detecting it. Otherwise, it would continue along, looking like another TLS/SSH/Skype/whatever that just a little bit odd... Tor faces this problem immensely. I don't see us as having won, I see us as now knowing how to fight. We know the devices they will use to easily detect our traffic, and in most cases we can get access to them. We must make our protocols indistinguishable on the wire. We know the ubiquitous services and protocols that we must work within or disguise ourselves as. We know (some of? most of?) the statistical attacks adversaries of the future can conduct - we must make them as difficult and expensive as possible for them to achieve. We know how woefully inadequate the user interfaces and requirements of the first generation of tools were, and we know where we must go: to browsers, smartphones, tablets, and consumer operating systems. We have a much better idea of how normal people will react to our tools, and thus how much effort we must make to make them usable, and push for ubiquity. We know what requirements are unreasonable of us to make upon people, and that we must design systems where those requirements are worked around, dulled, or the single 'sharp edge' of the system. -tom
participants (4)
-
StealthMonger -
Ted Smith -
Tom Ritter -
Tyler Durden