indeed. though this does bring up another question: i wonder if JYA will ever give in and support httpS? ... it would at least avoid trivial plaintext observation.
We did in October 2012 for acessing a few files: https://secure.cryptome.us Looks like a joke, right? Rigging the whole site for https would require labor beyond our diddly life-support system. And cheat the visitors with sleight of clickery. But there's more to this than sloth. Cryptome does not offer security on the premise -- learned here, there and everywhere HTTPS Everywhere promises -- that Internet, telecom, whole wide world users need to learn, be forced to learn, to provide their own security and to never ever trust those who promise it for them. Sysadmins and website operators spy viciously, all of them, and it is a villainous -- business-like -- to offer security in the same way spies do, as lure, trick and trap. Whenever a sec system is invented that does not require sysadmins, bosses and investors, with reliance upon government funding for success, then it may be possible to rely upon it for a single test, then abandon. Comsec is a racket, remember rule 0. RSA and NSA are merely the latest to be pilloried to hide the pillorers' complicity. As discussed repeatedly, here, and at the winetasting blood of christ, this treachery was known long ago, hey, Jude, bitch about it for a while, then get on with doing it with new wine in old bottles means and methods. Which does raise the question: what the fuck is Cryptome up to? Confession, har, hold a congressional hearing for that, then read a slicker expose about the slick expose. First, confessions are lies told to confessors who share the gossip with cohorts to rig fancier recording booths. Second, truth telling is as deceptive as comsec, salvation and honesty. Third, all security is corrupt like comms systems and cipher systems -- deception is a synonym for security, security a synonym for thievery by confidence gaming, confidence a synonym for terrifying the populace in order to sell faulty protection -- perfect protection kills the market. Finally, it should be be obvious, at least here, that HTTPS is horse puckey. Any widely used means of security -- comsec to natsec, anonymizers to Tor -- is compromised at birth and by lifetime economic life-support systems, that is why it is widely promoted, used and abused -- and very profitable. "Electronic freedom," now that is ingenious cover-up of absolutely no way to protect against EM compromise. Like juxtaposing, embedding, Liberty with Security.