On 08/11/2015 08:41 PM, Juan wrote:
On Tue, 11 Aug 2015 19:56:10 -0600 Mirimir <mirimir@riseup.net> wrote:
I have no problem with calling bullshit. Not at all. But if nothing is workable, government criminals have won, and we're fucked.
If that's the case, shooting the messenger will solve nothing. But that's not even what I said.
Somebody asked about a particular idea and I commented on it.
I was commenting more on your aggregate output. But who am I to judge?
What information is out there?
Methods, exploits, vulnerabilities, account credentials, passwords, etc, etc, etc. I'm not into that shit, but I know that it's out there.
Governments have point-and-click wiretapping capabilies for instance. Are you saying that any script kiddy has the 'passwords' to those systems?
If they do, they're not sharing ;) But maybe somebody does?
Are you missing the point on purpose? The networks are 'owned' by the government and friends, and there obviously is no fucking way for joe six pack to use their infrastructure to 'watch' his masters.
Yes, the networks are owned by governments and their friends. But that doesn't mean that they're unusable.
Usable/unusable for what? It seems quite obvious that 'network administrators' can spy on users whereas users can't spy on networks administrators. The system is hierarchical by nature and design.
Spying on traffic, sure. But end-to-end encryption can provide some privacy. And it's possible to anonymize the metadata. If I care to, I can work through chains of proxies, using anonymously leased VPS with minimal desktops, and remote X via ssh from one to the next, routed through nested chains of VPNs and/or Tor. Latency gets huge, but it's usable.
And a rogue system administrator switching sides is not the same thing as users having power.
How do you imagine that users would have power? Even if you and your friends built your own private Internet, I can't imagine that you've give too much power to other random users. You'd be hosed all too soon.
Free agents do get pwned, for sure. But all too often, it's bad OPSEC that gets them. Loose lips, mostly.
And yes, "joe six pack" isn't doing that. But once stuff has been put online, anyone can check it out.
And before the internet, people read the newspapers. Newspapers that 99% of the time worked (and work) for the powers that be.
True. But the Internet is far less manageable than that.
I don't think the discussion was about publishing information but about surveillance anyway. There may be some overlap but it's two different things.
I was talking about publishing results of surveillance. Have you checked out any of the Sony or Hacking Team data dumps?
But it doesn't get posted on open mail lists. Results are put online, via WikiLeaks, Cryptome, pastebins,
Not what I was getting at, not to mention, the amount of stuff that gets posted is (pretty) small.
Manning's dump was huge, Juan!
What were you getting at? We've seen some amazing shit from Snowden. It's too bad that he was too patriotic to just drop the whole wad somewhere, however. So it goes.
That's fine and dandy, but getting and publishing some secrets doesn't counter the surveillance capabilities of the system.
Yes, but it does help us improve our OPSEC.
Also, there were (many) people who correctly assumed that the 'programs' that Snowden leaked information about, were already in place. You know, people who wore tin foil hats...
I've followed this stuff for 20 years, and I'm a fairly technical guy, so broadly speaking, there weren't many surprises. Indeed, although the NSA has immense resources, Google is far more technical. According to Silicon Jungle, the NSA hired Google to build the search component of XKeyscore ;)
But now that the information is 'officialy' public, has the nature of the surveillance mechanisms changed?
Maybe the nature hasn't changed, but the effectiveness has. For example, Google encrypted its data center interlinks. I'm sure that others are locking down their shit too.
Can we now track the movements of the millions of state employees? Listen to their calls? Browse their 'metadata'? Read their mails? I don't think so.
Well, the NSA certainly can. And China is coming up fast. But individuals lack structures for cooperation. That's a hard problem.
Oh, and let me know when the nsa really gets 'hacked' as opposed as having one employee betray them.
They've been betrayed several times, that we know of. Mostly it's for money, and we rarely hear about that, even when people get busted. Have you read James Bamford's books on the NSA?
No. I'll see if I get a copy.
The Puzzle Palace: Inside the National Security Agency, America's Most Secret Intelligence Organization by James Bamford (Sep 29, 1983) Body of Secrets: Anatomy of the Ultra-Secret National Security Agency by James Bamford (Apr 30, 2002) A Pretext for War: 9/11, Iraq, and the Abuse of America's Intelligence Agencies by James Bamford (Jun 8, 2004) The Shadow Factory: The NSA from 9/11 to the Eavesdropping on America by James Bamford (Jul 14, 2009) I recommend reading them in that order.