Steve Kinney wrote the only thing I've read so far worth a damn. YOU are responsible for YOUR OWN opsec, and global distribution has the effect of precluding the kind of misuse feared... Unless of course you have something to hide. In which case do like Osama, who disappeared off SIGINT radar in 1998. Use paper, pencil, and trusted couriers. They'll still get you if the want you bad enough. What was it some old Bolsheveik or another said?
"Revolutionaries are dead men on furlough."
RR On 10/08/2015 04:18 AM, Steve Kinney wrote:
The overall message I get from JYA's impressionistic essays on network security is that in his view there ain't no such animal. Add to this the well established security axiom across all contexts, "a trusted entity is one that can break your security model." In the present context, trusting Cryptome to protect your privacy is a sucker bet: Either you don't care, or your own OpSec is up to that task, or you are screwed. This context makes the issue at hand an object lesson in stating the obvious.
A rented, public facing, vendor configured and maintained web server instance appears to be 'leaking' its http logs to world + dog. That would mean data that is supposed to be available only to a few dozen intelligence services, tech support guise and marketing departments is world readable. A level playing field with equal access for all is worse than one where access is monopolized by a clusterfuck of privileged players why?
:o)