request for transcript: Bruce Schneier and Eben Moglen discuss a post-Snowden Internet
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_schneie... "Join us at Columbia Law School as renowned security expert Bruce Schneier talks with Eben Moglen about what we can learn from the Snowden documents, the NSA's efforts to weaken global cryptography, and how we can keep our own free software tools from being subverted."
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_sch neier/
"the nsa can't break tor" Ha? tor developers admit that the nsa can break tor but schneider says otherwise? plus, schneier, greenwald and partners don't seem to have too much credibility at this point
"Join us at Columbia Law School as renowned security expert Bruce Schneier talks with Eben Moglen about what we can learn from the Snowden documents, the NSA's efforts to weaken global cryptography, and how we can keep our own free software tools from being subverted."
From: Juan Garofalo juan.g71@gmail.com
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
So you think you know more than Schneier? Do tell. -- Al Billings http://makehacklearn.org
--On Sunday, December 15, 2013 7:01 PM -0800 Al Billings <albill@openbuddha.com> wrote:
From: Juan Garofalo juan.g71@gmail.com
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
So you think you know more than Schneier? Do tell.
seems to be 'public' knowledge eh cryptome.org/2013/08/tor-users-routed.pdf
-- Al Billings http://makehacklearn.org
From "Traffic correlation" attacks to "NSA being able to break Tor" there is a long way.
On Mon, Dec 16, 2013 at 12:12 AM, Juan Garofalo <juan.g71@gmail.com> wrote:
--On Sunday, December 15, 2013 7:01 PM -0800 Al Billings <albill@openbuddha.com> wrote:
From: Juan Garofalo juan.g71@gmail.com
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
So you think you know more than Schneier? Do tell.
seems to be 'public' knowledge eh
cryptome.org/2013/08/tor-users-routed.pdf
-- Al Billings http://makehacklearn.org
-- Pain is the sensation of weakness leaving your body http://apx808.blogspot.com
--On Monday, December 16, 2013 1:17 AM -0200 APX 808 <apx.808@gmail.com> wrote:
From "Traffic correlation" attacks to "NSA being able to break Tor" there is a long way.
Oh really? Traffic correlation is what tells you who is who, so yes, it's the same as breaking tor. If you mean, stuff encrypted by tor using standard crypto can't be read, well, maybe that is true. But is not the point. Also, given the fact that the american nazi government has influenced and bribed virtually everybody in the 'security' 'community', isn't it an obvious educated guess that Tor, which is directly funded by the american nazi governemnt is, let's say, not so trustable?
On Mon, Dec 16, 2013 at 12:12 AM, Juan Garofalo <juan.g71@gmail.com> wrote:
--On Sunday, December 15, 2013 7:01 PM -0800 Al Billings <albill@openbuddha.com> wrote:
From: Juan Garofalo juan.g71@gmail.com
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
So you think you know more than Schneier? Do tell.
seems to be 'public' knowledge eh
cryptome.org/2013/08/tor-users-routed.pdf
-- Al Billings http://makehacklearn.org
-- Pain is the sensation of weakness leaving your body http://apx808.blogspot.com
I’m pretty sure that the American government isn’t composed of National Socialists. From: Juan Garofalo juan.g71@gmail.com
Also, given the fact that the american nazi government has influenced and bribed virtually everybody in the 'security' 'community', isn't it an obvious educated guess that Tor, which is directly funded by the american nazi governemnt is, let's say, not so trustable?
-- Al Billings http://makehacklearn.org
Let’s see your implementation, Juan. From: Juan Garofalo juan.g71@gmail.com
seems to be 'public' knowledge eh
cryptome.org/2013/08/tor-users-routed.pdf(http://cryptome.org/2013/08/tor-users-routed.pdf%E2%80%8E)
-- Al Billings http://makehacklearn.org
--On Sunday, December 15, 2013 7:25 PM -0800 Al Billings <albill@openbuddha.com> wrote:
Let's see your implementation, Juan.
My implementation of what.
From: Juan Garofalo juan.g71@gmail.com
seems to be 'public' knowledge eh
cryptome.org/2013/08/tor-users-routed.pdf(http://cryptome.org/2013/08 /tor-users-routed.pdf%E2%80%8E)
-- Al Billings http://makehacklearn.org
From: Juan Garofalo juan.g71@gmail.com
Let's see your implementation, Juan.
My implementation of what.
Your mechanism for breaking Tor since that paper apparently contains all that you need to do so. Quick, show us your work or are you just some guy bitching on the Internet? -- Al Billings http://makehacklearn.org
--On Sunday, December 15, 2013 7:48 PM -0800 Al Billings <albill@openbuddha.com> wrote:
From: Juan Garofalo juan.g71@gmail.com
Let's see your implementation, Juan.
My implementation of what.
Your mechanism for breaking Tor since that paper apparently contains all that you need to do so. Quick, show us your work or are you just some guy bitching on the Internet?
Are you as fucking stupid as you appear to be?
-- Al Billings http://makehacklearn.org
From: Juan Garofalo juan.g71@gmail.com
Are you as fucking stupid as you appear to be?
Funny that you, of all folks, ask this. -- Al Billings http://makehacklearn.org
--On Sunday, December 15, 2013 8:00 PM -0800 Al Billings <albill@openbuddha.com> wrote:
From: Juan Garofalo juan.g71@gmail.com
Are you as fucking stupid as you appear to be?
Funny that you, of all folks, ask this.
You know Al, I wasted a few minutes yesterday checking your posts in the archive. Of course I didn't find a single post with any kind of really valuable content. But, I did find the spam in which you whinied about Jim Bell's posts - which ironically you called spam. Quite telling. And, more interesting, I saw the posts again from a guy who pretended that US presidents are not bribed...and that was you. Now, what kind of person would say such a thing in a list like this...?
-- Al Billings http://makehacklearn.org
Juan, Al - I recommend you dig through the Cypherpunks archives to read Detweiler's ranting. He was much more interesting than listening to you to squabble.
From: Al Billings <albill@openbuddha.com> To: Juan Garofalo <juan.g71@gmail.com>; cpunks <cypherpunks@cpunks.org> Sent: Sunday, December 15, 2013 7:01 PM Subject: Re: request for transcript: Bruce Schneier and Eben Moglen discuss a post-Snowden Internet From: Juan Garofalo juan.g71@gmail.com
Ha? tor developers admit that the nsa can break tor but schneider says otherwise? plus, schneier, greenwald and partners don't seem to have too much credibility at this point
So you think you know more than Schneier? Do tell. Al Billings
"knowledge" and "credibility" are two entirely different things. For example, Republican John Boehner no doubt has a great deal of "knowledge" about Congressional politics. But right now, he has very little "credibility" because of his actions vis a vis the Tea Party and Conservatives. Jim Bell
On Sun, Dec 15, 2013 at 6:40 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
... "the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
your understanding is flawed. let me clarify: the NSA does not currently break Tor on demand at the protocol level. all indications are this is currently true. the NSA and others have great success around Tor by opportunistically watching users fuck up (see other usability thread), by pwning their horribly insecure systems (0days as far as the eye can see..), and by actively manipulating user paths to the Tor network or destination sites. "forget your global passive adversary threats, active denial and manipulation of service attacks are _really_ scary!" said another way, breaking Tor at protocol level is currently too expensive a solution to the same ends provided by much cheaper means.
--On Sunday, December 15, 2013 7:30 PM -0800 coderman <coderman@gmail.com> wrote:
On Sun, Dec 15, 2013 at 6:40 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
... "the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
your understanding is flawed.
If you say so...
let me clarify:
the NSA does not currently break Tor on demand at the protocol level. all indications are this is currently true.
What is currently true? Even tor developers admit that traffic analysis is feasible. Are you telling me you know all the nsa does? You know they are not big enough to attack tor as 'global adversary' or whatever the jargon was?
the NSA and others have great success around Tor by opportunistically watching users fuck up (see other usability thread), by pwning their horribly insecure systems (0days as far as the eye can see..), and by actively manipulating user paths to the Tor network or destination sites. "forget your global passive adversary threats, active denial and manipulation of service attacks are _really_ scary!"
said another way, breaking Tor at protocol level is currently too expensive a solution
And you know that, how, exactly?
to the same ends provided by much cheaper means.
Your reasoning is flawed. Yes, there may use cheaper means if that's all they needed. But that does not imply, at all, that other more sophisticated means are not available to them.
On Sun, Dec 15, 2013 at 7:40 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
... What is currently true? Even tor developers admit that traffic analysis is feasible.
of course. it's also expensive, relative to other options. i'm saying NSA spends money carefully.
Are you telling me you know all the nsa does? You know they are not big enough to attack tor as 'global adversary' or whatever the jargon was?
never said either thing. i'm also long on the record advocating for the next generation of low latency anonymous networking that _does_ provide strong defense against traffic analysis. turns out the details are, um.. complicated ;)
Your reasoning is flawed. Yes, there may use cheaper means if that's all they needed. But that does not imply, at all, that other more sophisticated means are not available to them.
i'm glad that is not, in fact, my reasoning. of course there are more sophisticated means available to them; that will always be the case. they've got BILLIONS and BILLIONS every year, for their projects. the point is not making something "NSA proof", which is an ill defined and open ended venture. the point is increasing the cost of their efforts and narrowing their scope. the more money they spend getting less and less in return, the better!
--On Sunday, December 15, 2013 8:57 PM -0800 coderman <coderman@gmail.com> wrote:
On Sun, Dec 15, 2013 at 7:40 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
... What is currently true? Even tor developers admit that traffic analysis is feasible.
of course. it's also expensive, relative to other options. i'm saying NSA spends money carefully.
Are you saying that government, whose nature is to not be subjected to 'market discipline', government that is able to tax(steal) borrow(cheat) and spend trillions, spends money carefully? Your remark seems to go against basic economic theory - and practice.
Are you telling me you know all the nsa does? You know they are not big enough to attack tor as 'global adversary' or whatever the jargon was?
never said either thing. i'm also long on the record advocating for the next generation of low latency anonymous networking that _does_ provide strong defense against traffic analysis. turns out the details are, um.. complicated ;)
Meaning? It's basically impossible to defend against an enemy that controls the physical infrastructure. The problem here is political, not technological. Although this is an aside.
Your reasoning is flawed. Yes, there may use cheaper means if that's all they needed. But that does not imply, at all, that other more sophisticated means are not available to them.
i'm glad that is not, in fact, my reasoning.
of course there are more sophisticated means available to them; that will always be the case. they've got BILLIONS and BILLIONS every year, for their projects.
Exactly. And one of objectives is to spend all the money they get, and more, so that their budget keeps growing. Now we've established that economic constraints don't mean much to them.
the point is not making something "NSA proof",
It isn't? Anyway, here's your original assertion "the NSA does not currently break Tor on demand at the protocol level." How do you know that? You don't? On the other hand, to assume that they do it, or can do it if they want to, is a sensible assumption. you added "said another way, breaking Tor at protocol level is currently too expensive a solution to the same ends provided by much cheaper means." which to me reads as an attempt at an economic proof of sorts, but the economics don't add up. Why wouldn't the US governemnt NOT play the role of 'global passive adversary'? <---- that's a rhetorical question... Also, the assumption that they can get exactly the same results by pwning target computers doesn't seem correct to me. Yes, there may be cases when that is true. But is that always true?
which is an ill defined and open ended venture. the point is increasing the cost of their efforts and narrowing their scope.
the more money they spend getting less and less in return, the better!
Not really. The more money they 'need' the more taxes you pay. So, they get all the resources they want, and you pay. Neat deal huh?
On Sun, Dec 15, 2013 at 11:57 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
[ a lot of things ... ]
this is all coming to a few conclusions, where we simply disagree: a) the black budget was leaked, along with other leaks about technical capabilities and programs and priorities. intelligence community is not immune to government budget pressure. you insist there is a limitless expansion, and an unlimited technical ability. i disagree. b) you insist Tor's origins and funding sources are proof of malfeasance; they've responded by diversifying funding. (not to mention scrutiny of Tor by external, mututally un-trusting parties. you can look at the code yourself, and interface with controller and path construction yourself, etc.) c) we both appear to agree that limiting solutions to technical realms is missing the bigger picture. yes to political reform that cuts funding and restricts scope. yes to judicial reforms which demolish secret orders and secret courts. yes to social measures which value and reinforce privacy. yes to educational efforts which empower individuals to make privacy positive decisions, etc. last but not least, i second the call to fix it. help write something better!
--On Monday, December 16, 2013 12:27 AM -0800 coderman <coderman@gmail.com> wrote:
On Sun, Dec 15, 2013 at 11:57 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
[ a lot of things ... ]
this is all coming to a few conclusions, where we simply disagree:
a) the black budget was leaked, along with other leaks about technical capabilities and programs and priorities. intelligence community is not immune to government budget pressure. you insist there is a limitless expansion, and an unlimited technical ability. i disagree.
I didn't say limitless. If it sounded that way, let me rephrase to : Governments can spend a lot more money than a 'for-profit' enterprise in a (hypothetical) free market. Private firms go bankrupt. Governments and their 'agencies' usually don't. I'd be surprised if you disagreed too much with that =P
b) you insist Tor's origins and funding sources are proof of malfeasance;
I didn't say it's direct proof. I do say they are (highly) suspect. But that was an aside. My point here is that the assertion (paraphrasing) "the nsa doesn't play the global passive adversary game against tor" is unfounded. Schneier flatly said "they can't break tor" - which is something you don't even agree as far as I can tell, but you regard as too costly (rather than impossible)
they've responded by diversifying funding. (not to mention scrutiny of Tor by external, mututally un-trusting parties. you can look at the code yourself, and interface with controller and path construction yourself, etc.)
c) we both appear to agree that limiting solutions to technical realms is missing the bigger picture. yes to political reform that cuts funding and restricts scope. yes to judicial reforms which demolish secret orders and secret courts. yes to social measures which value and reinforce privacy. yes to educational efforts which empower individuals to make privacy positive decisions, etc.
last but not least, i second the call to fix it. help write something better!
Yes, I want to write a one time pad for an arm microcontroller (in assembler) - OK, that doesn't fix the traffic analysis problem that tor is supposed to address, but seems to be a nice solution for encryption that even the NSA can't break =P J.
tonight in the us of agh on 60 minutes they had on a giant ad for the NSA fr what i understand alexander has his office set up as star trek battleship and this was really weird they do standing meetings with a blue light on where he gets a report read to him - they gave the appearance of children playing a game they said every summer they have high school student interns break code for them and they are highly successful i just wonder if ppl are thinking about the bio sphere at all in terms of some sort of 'encryption' method i mean if we can work outside of the little box they have made for themselves (and us) then mayb things r movable? Cari Machet NYC 646-436-7795 carimachet@gmail.com AIM carismachet Skype carimachet - 646-652-6434 Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet <https://twitter.com/carimachet> Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Mon, Dec 16, 2013 at 9:47 AM, Juan Garofalo <juan.g71@gmail.com> wrote:
--On Monday, December 16, 2013 12:27 AM -0800 coderman <coderman@gmail.com
wrote:
On Sun, Dec 15, 2013 at 11:57 PM, Juan Garofalo <juan.g71@gmail.com> wrote:
[ a lot of things ... ]
this is all coming to a few conclusions, where we simply disagree:
a) the black budget was leaked, along with other leaks about technical capabilities and programs and priorities. intelligence community is not immune to government budget pressure. you insist there is a limitless expansion, and an unlimited technical ability. i disagree.
I didn't say limitless. If it sounded that way, let me rephrase to :
Governments can spend a lot more money than a 'for-profit' enterprise in a (hypothetical) free market. Private firms go bankrupt. Governments and their 'agencies' usually don't.
I'd be surprised if you disagreed too much with that =P
b) you insist Tor's origins and funding sources are proof of malfeasance;
I didn't say it's direct proof. I do say they are (highly) suspect. But that was an aside.
My point here is that the assertion (paraphrasing)
"the nsa doesn't play the global passive adversary game against tor" is unfounded.
Schneier flatly said "they can't break tor" - which is something you don't even agree as far as I can tell, but you regard as too costly (rather than impossible)
they've responded by diversifying funding. (not to mention scrutiny of Tor by external, mututally un-trusting parties. you can look at the code yourself, and interface with controller and path construction yourself, etc.)
c) we both appear to agree that limiting solutions to technical realms is missing the bigger picture. yes to political reform that cuts funding and restricts scope. yes to judicial reforms which demolish secret orders and secret courts. yes to social measures which value and reinforce privacy. yes to educational efforts which empower individuals to make privacy positive decisions, etc.
last but not least, i second the call to fix it. help write something better!
Yes, I want to write a one time pad for an arm microcontroller (in assembler) - OK, that doesn't fix the traffic analysis problem that tor is supposed to address, but seems to be a nice solution for encryption that even the NSA can't break =P
J.
Dnia poniedziałek, 16 grudnia 2013 10:00:05 Cari Machet pisze:
tonight in the us of agh on 60 minutes they had on a giant ad for the NSA
fr what i understand alexander has his office set up as star trek battleship
and this was really weird they do standing meetings with a blue light on where he gets a report read to him - they gave the appearance of children playing a game
They *are* children playing a game. Boys with (extremely dangerous) toys.
they said every summer they have high school student interns break code for them and they are highly successful
i just wonder if ppl are thinking about the bio sphere at all in terms of some sort of 'encryption' method i mean if we can work outside of the little box they have made for themselves (and us) then mayb things r movable?
I think that making working for NSA "srsly uncool, dude" is a very effective tactic, for example. Especially in the light of the "thanksgiving talking points". -- Pozdr rysiek
On 2013-12-17 11:38, rysiek wrote:
I think that making working for NSA "srsly uncool, dude" is a very effective tactic, for example. Especially in the light of the "thanksgiving talking points".
Will never work. You overrate social pressure. Social pressure does not work on most males, and does not work on females under the influence of a bad boy alpha male. Would nazism be cool http://www.nydailynews.comentertainment/gossip/tila-tequila-wears-nazi-unifo... if the winners had not made it the incarnation of evil? The commies killed way more people than the nazis, but no one ever dresses up as commissar and kulak to perform sexual acts. If the Nazis had won instead of the commies, and the Wikipedia articles on communism read the way the articles on Nazism read in our reality, if Senator McCarthy got in trouble for complaining about Nazis in the state department, if employees routinely get fired for using words suggestive of thoughts suggestive of class conflict, and every television villain is of an evil race, rather than a white male ceo, then commissars would be sexy. But, in our reality, despite not stop television demonization, or rather because of it, white male CEOs and nazi stormtroopers are sexy. You think social pressure works, because people stop using certain words for homosexual, and call firemen firefighters, but that is not social pressure, that is because employers fire people who use those words, and if they don't fire them, the government runs the employer out of business - not soft power, but hard power thinly dressed as soft power.
On Tue, Dec 17, 2013 at 01:47:12PM +1000, James A. Donald wrote:
On 2013-12-17 11:38, rysiek wrote:
I think that making working for NSA "srsly uncool, dude" is a very effective tactic, for example. Especially in the light of the "thanksgiving talking points".
Will never work. You overrate social pressure.
despite german government seemingly having serious problems recruiting competent devs for producing their own malware and thus being forced to procure this from front companies of allied agencies. in germany either moral standards are higher and/or social pressure does work? -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt
On 2013-12-17, 11:06, stef wrote:
despite german government seemingly having serious problems recruiting competent devs for producing their own malware and thus being forced to procure this from front companies of allied agencies. in germany either moral standards are higher and/or social pressure does work?
I think that this cannot be used in evidence. The plain fact is that the German government will pay only a fraction of what a company would pay. As an example (even though not one that could be applied to a job with the federal government as a civil servant, but which I nevertheless believe to be comparable), a PhD being paid according to the pay grade known as TVöD 14 Step 1 will take home a base salary of roughly 1700 Euros, after taxes. Also, prospects for promotion are slim and the bureaucracy is terrible and cannot be evaded. Best, Stephan
stef wrote:
I think that making working for NSA "srsly uncool, dude" is a very effective tactic, for example. Especially in the light of the "thanksgiving talking points".
James A. Donald wrote:
Will never work. You overrate social pressure.
rysiek wrote:
despite german government seemingly having serious problems recruiting competent devs for producing their own malware
Governments have serious problems recruiting competent developers even for stuff that many people approve of, for example the obamacare web site.
Obama probably didn't pay its developers enough to get solid coders. Hence a scrappy web system. Sent from Yahoo Mail on Android
Obama probably didn't pay its developers enough to get solid coders. Hence a scrappy web system.
Au contraire, Monsieur, beaucoup d'argent. nypost.com/2013/11/01/obama-donors-firm-hired-to-fix-web-mess-it-helped-make Thinking out loud, if Quality Software Services was selected for this most visible effort, then they must have a track record with Federal agencies. And they do (read, they're wired). One (only) example: Quality Software Services, Inc. Wins $109.93 Million Federal Contract for Medicare and Medicaid Services Jun 20 12 Quality Software Services, Inc. won a federal contract valued at up to $109,926,956 from the U.S. Department of Health and Human Services' Centers for Medicare and Medicaid Services, Baltimore, for enterprise identity management services under the American Recovery and Reinvestment Act. So they are in the identity management services game, which means that they already have your number, so to speak. And are pre-existing contractors to Health & Human Services. Yet more searching discovers that all the key management personnel have TS clearances, but the firm seems to never have had TS contracts, so one can argue that the clearances were gifts for friends. This is a rat hole... --dan
On Mon, 2013-12-16 at 00:40 -0300, Juan Garofalo wrote:
said another way, breaking Tor at protocol level is currently too expensive a solution
And you know that, how, exactly?
All of the most recently leaked documents pertaining to Tor (from 2007 to 2011 IIRC) treat it as far too expensive. These documents are largely congratulatory for Tor, and most of the fears of the research community (correlation attacks in particular) are as yet unrealized. As coderman says, there are a wide variety of lucrative active attacks that the NSA is not shy about using. Given these attacks, there's no reason to try to become a global passive adversary or implement correlation attacks. You don't need a correlation attack if you've owned your target's computing platform with a 0day or several. To respond to another comment of yours:
Also, given the fact that the american nazi government has influenced and bribed virtually everybody in the 'security' 'community', isn't it an obvious educated guess that Tor, which is directly funded by the american nazi governemnt is, let's say, not so trustable?
Virtually all academic computer science in the United States is government-funded; Tor isn't substantially different. Further, the Tor developers include people whom the US Government is openly hostile towards (Jacob Applebaum), and are generally very principled people. What is your source for the "fact that the american government has influenced and bribed virtually everybody in the security community"? -- Sent from Ubuntu
--On Monday, December 16, 2013 12:06 AM -0500 Ted Smith <tedks@riseup.net> wrote:
On Mon, 2013-12-16 at 00:40 -0300, Juan Garofalo wrote:
said another way, breaking Tor at protocol level is currently too expensive a solution
And you know that, how, exactly?
All of the most recently leaked documents pertaining to Tor (from 2007 to 2011 IIRC)
'if you recall correctly'? Are you aware that this is the end of the year 2013, by the way? Do I need to mention again that tor developers admit that traffic can be analyzed? Why on earth do you believe that "absence of (outdated)evidence is evidence of absence"?
treat it as far too expensive. These documents are largely congratulatory for Tor, and most of the fears of the research community (correlation attacks in particular) are as yet unrealized.
What if you actually read my messages instead of repeating the same unfounded assertions I've already replied to?
As coderman says, there are a wide variety of lucrative active attacks that the NSA is not shy about using. Given these attacks, there's no reason to try to become a global passive adversary
Àre you joking? There's no reason for the NSA to be the NSA? the hell are you talking about.
or implement correlation attacks. You don't need a correlation attack if you've owned your target's computing platform with a 0day or several.
They can do both . And actually, owning the target's computer may be harder than monitoring the tor network, depending on circumstances.
To respond to another comment of yours:
Also, given the fact that the american nazi government has influenced and bribed virtually everybody in the 'security' 'community', isn't it an obvious educated guess that Tor, which is directly funded by the american nazi governemnt is, let's say, not so trustable?
Virtually all academic computer science in the United States is government-funded; Tor isn't substantially different.
So? Virtually all academic computer science in the US is corrupt. That isn't news.
Further, the Tor developers include people whom the US Government is openly hostile towards (Jacob Applebaum), and are generally very principled people.
So? Applebaum may not get along with the US government, doesn't mean anything, considering that the other developers are rather friendly to the US government. For fuck's sake they work for the FUCKING US MILITARY.
What is your source for the "fact that the american government has influenced and bribed virtually everybody in the security community"?
"common sense"
-- Sent from Ubuntu
From: Juan Garofalo juan.g71@gmail.com
What is your source for the "fact that the american government has influenced and bribed virtually everybody in the security community"?
"common sense”
Where can I put in to get my bribe then? -- Al Billings http://makehacklearn.org
Well, that escalated quickly. Here's an old response to (new?) thing. https://lilithlela.cyberguerrilla.org/?p=4959 Hopefully not rehashing too much.. This is sounding a bit like the Sept / August 2013 flareup of activity in which many people were "Ahhhh! oooooh!! Something is so seriously wrong here!" So volunteer your time / money etc to fix it... there's always a solution waiting for someone's action... :/
On Mon, 2013-12-16 at 00:40 -0300, Juan Garofalo wrote:
said another way, breaking Tor at protocol level is currently too expensive a solution
And you know that, how, exactly?
All of the most recently leaked documents pertaining to Tor (from 2007 to 2011 IIRC) treat it as far too expensive. These documents are largely congratulatory for Tor, and most of the fears of the research community (correlation attacks in particular) are as yet unrealized.
As coderman says, there are a wide variety of lucrative active attacks that the NSA is not shy about using. Given these attacks, there's no reason to try to become a global passive adversary or implement correlation attacks. You don't need a correlation attack if you've owned your target's computing platform with a 0day or several.
To respond to another comment of yours:
Also, given the fact that the american nazi government has influenced and bribed virtually everybody in the 'security' 'community', isn't it an obvious educated guess that Tor, which is directly funded by the american nazi governemnt is, let's say, not so trustable?
Virtually all academic computer science in the United States is government-funded; Tor isn't substantially different.
Further, the Tor developers include people whom the US Government is openly hostile towards (Jacob Applebaum), and are generally very principled people.
What is your source for the "fact that the american government has influenced and bribed virtually everybody in the security community"?
-- Sent from Ubuntu
Everyone knows there are active attacks against 'Tor' users... ie: the apps they attach to it. Those are cheap wins for the adversary and unrelated to Tor. There are attempts to exploit Tor daemon and other various access to 0wn or run the relays themselves to get at the plaintext or the service running behind Tor. Not much to do there but harden Tor and the relays and run more independant ones. And nobody's cracking the crypto on the wire anytime soon. Those aren't really related to Tor, but standard practice. Tor can have it's hidden services found via various published attacks involving deploying analysis nodes. There are caveats, and the cost isn't that much, but it takes time. It's in the papers. I'd caution on one debated thing about adversaries... we know there are at least a few adversaries in the world that have *very* good regional coverage with network taps. So contrary to some opinions, I'd suggest it would be rather possible for them to use those and determine who is talking to who by correlating traffic passing the taps... if your traffic happened to begin and end within that region it could be game over. That's in the papers too. Low latency nets that do not use fill traffic are simply not resistant to timing/correlation attacks. Tor is low latency and does not use fill traffic. It's not a break, it's a design choice/tradeoff. Depending on how you use these networks, it may or may not be an issue for you. Tor was never meant to do everything, yet it's quite good at what it does, and publishing what it doesn't.
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_sch neier/
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that? All the best, Jacob
--On Tuesday, December 17, 2013 1:43 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_s ch neier/
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
See my next messages. I'm referring to the "users get router" paper. I see no reason to believe that the NSA can't find out who's who in the tor network.
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that?
Because they have access to a lot of information they are not publishing, and have close ties to the establishment. Plus, isn't the latest news that greenwald was bribed/bought by ebays owner, who happens to be the typical fake american 'libertarian' (he's actually a mercantilist conservative - see what kind of 'free' market ebay is)
All the best, Jacob
Juan Garofalo:
--On Tuesday, December 17, 2013 1:43 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce_s ch neier/
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
See my next messages. I'm referring to the "users get router" paper.
Wait, you're taking an academic paper, a good one I might add, and saying that this counts as admission by the Tor Project that our efforts are futile?
I see no reason to believe that the NSA can't find out who's who in the tor network.
Perhaps the leaked documents that specifically state this fact might clue you into their capabilities? I encourage you to read them: http://media.encrypted.cc/files/nsa/ Contained in those files, I see no evidence for your assertions. Aaron's paper is good but as Al said, feel free to show us some evidence that you've used it to break Tor!
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that?
Because they have access to a lot of information they are not publishing, and have close ties to the establishment.
Wait, they have access to information, that they publish, story by story and that means that they're not credible? That is hilariously strange reasoning. The information is coming out as quickly as people are able to make sense of it.
Plus, isn't the latest news that greenwald was bribed/bought by ebays owner, who happens to be the typical fake american 'libertarian' (he's actually a mercantilist conservative - see what kind of 'free' market ebay is)
No, the latest news is that Glenn still has nouns of steel and is still publishing incredible news on a regular basis. All the best, Jacob
--On Tuesday, December 17, 2013 3:03 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Tuesday, December 17, 2013 1:43 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce _s ch neier/
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
See my next messages. I'm referring to the "users get router" paper.
Wait, you're taking an academic paper, a good one I might add, and saying that this counts as admission by the Tor Project that our efforts are futile?
The paper states that traffic analysis is feasible. I mean, that isn't exactly news. The paper seems to admit that traffic analysis is (a lot?) easier that previously supposed. So, yes, that shows that tor can't protect people from the US government. Which actually shouldn't be surprising since tor is a tool of the US government. As to your 'efforts being futile' - that's not my wording. Depending on what your ends are, your efforts are certainly not futile...
I see no reason to believe that the NSA can't find out who's who in the tor network.
Perhaps the leaked documents that specifically state this fact might clue you into their capabilities?
Oh, come on. Again "absence of evidence is not evidence of absence".
I encourage you to read them:
I've already seen a few of them. No, I obviously don't think that those prove anything. Did I mention that "absence of evidence is not evidence of absence"? And while we're it, did I miss any leaked documents discussing traffic analysis of tor? There should be some no?
Contained in those files, I see no evidence for your assertions. Aaron's paper is good but as Al said, feel free to show us some evidence that you've used it to break Tor!
I really can't believe you wrote that. You think I'm that stupid? The way to 'break' tor, that is, find things like the location of, say, freedom hosting and silk road, is to monitor traffic. I obviously can't do that. Your government can obviously do that. Please.
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that?
Because they have access to a lot of information they are not publishing, and have close ties to the establishment.
Wait, they have access to information, that they publish, story by story and that means that they're not credible? That is hilariously strange reasoning.
What's hilarious is your attempt at twisting what I said.
The information is coming out as quickly as people are able to make sense of it.
Oh really. I need to be spoon fed by computer illiterate greenwald? That's cool... And how do these superior people gauge the rate at which the inferior people they spoon fed are able to consume what they are given? Just curious...
Plus, isn't the latest news that greenwald was bribed/bought by ebays owner, who happens to be the typical fake american 'libertarian' (he's actually a mercantilist conservative - see what kind of 'free' market ebay is)
No, the latest news is that Glenn still has nouns of steel and is still publishing incredible news on a regular basis.
OK...
All the best, Jacob
Juan Garofalo:
--On Tuesday, December 17, 2013 3:03 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Tuesday, December 17, 2013 1:43 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
Video: https://archive.org/details/schneier Audio: http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce _s ch neier/
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but schneider says otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
See my next messages. I'm referring to the "users get router" paper.
Wait, you're taking an academic paper, a good one I might add, and saying that this counts as admission by the Tor Project that our efforts are futile?
The paper states that traffic analysis is feasible. I mean, that isn't exactly news. The paper seems to admit that traffic analysis is (a lot?) easier that previously supposed.
Traffic analysis is likely feasible if you can watch all of the internet. The question is at what resolution? With full packet captures of everything, for all time, it becomes a statistical question with some possibly negative outcomes.
So, yes, that shows that tor can't protect people from the US government.
Actually, we see from the documents that they cannot deanonymize all people, all of the time; they must target. So actually, it *does* protect people from instantly falling into the pitfalls related to dragnet surveillance. You're avoiding this and it is totally silly.
Which actually shouldn't be surprising since tor is a tool of the US government.
The Tor Project is a 501c3 non-profit. As a company, we're not tools of anyone and as a tool, tor, is similarly not a tool of the US government. Your statements indicating otherwise are just rude and uninformed.
As to your 'efforts being futile' - that's not my wording. Depending on what your ends are, your efforts are certainly not futile...
Could you possibly be more of an asshole, Juan?
I see no reason to believe that the NSA can't find out who's who in the tor network.
Perhaps the leaked documents that specifically state this fact might clue you into their capabilities?
Oh, come on. Again "absence of evidence is not evidence of absence".
How does that old quote go? "That which is presented without evidence may be dismissed without argument." Yeah, exactly.
I encourage you to read them:
I've already seen a few of them. No, I obviously don't think that those prove anything. Did I mention that "absence of evidence is not evidence of absence"?
The NSA and the GCHQ ran a real operation to deanonymize someone. Do you understand how they attempted to do this? Do you understand the evidence presented or will you continue to ignore it?
And while we're it, did I miss any leaked documents discussing traffic analysis of tor? There should be some no?
Yes, you did - read the above documents already? The CES summer school document discusses some of this and it is sadly very poor research. The open community, such as Aaron's recent paper, is much much further ahead. This is what we expect - this is why we work with an open research community so seriously.
Contained in those files, I see no evidence for your assertions. Aaron's paper is good but as Al said, feel free to show us some evidence that you've used it to break Tor!
I really can't believe you wrote that. You think I'm that stupid?
I'm giving you some credit - break it, already?
The way to 'break' tor, that is, find things like the location of, say, freedom hosting and silk road, is to monitor traffic. I obviously can't do that. Your government can obviously do that.
Can you please explain to everyone how they found the location of the Silk Road? Hint: it wasn't Tor, it was his extremely bad operational security and using... a VPN!
Please.
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that?
Because they have access to a lot of information they are not publishing, and have close ties to the establishment.
Wait, they have access to information, that they publish, story by story and that means that they're not credible? That is hilariously strange reasoning.
What's hilarious is your attempt at twisting what I said.
You criticize the only people working to inform the public and you degrade their honor without having real information about their specifics. Do you live under threat for your work? Do you live in exile from your home country? Do you do anything that matters where someone else has some criticisms because they don't have a full view on your entire life or because they misunderstand something about what is presented in public?
The information is coming out as quickly as people are able to make sense of it.
Oh really. I need to be spoon fed by computer illiterate greenwald? That's cool...
And how do these superior people gauge the rate at which the inferior people they spoon fed are able to consume what they are given? Just curious...
Ah, I see - you're basically just green with envy? Well, get in line, eh?
Plus, isn't the latest news that greenwald was bribed/bought by ebays owner, who happens to be the typical fake american 'libertarian' (he's actually a mercantilist conservative - see what kind of 'free' market ebay is)
No, the latest news is that Glenn still has nouns of steel and is still publishing incredible news on a regular basis.
OK...
You could actually demonstrate that you see that Glenn, Laura and others have taken real risks by doing anything at all to inform us. The way that you behave, it is a wonder that they take such risks with people who are so cynical and ungrateful as their peanut gallery. Lucky for the rest of humanity that for every dozen people spending their energy being so unkind, as you are, we have thousands who appreciate their efforts. All the best, Jacob
You understand I am Juan, Jon, Ian, Ivan, Giovanni and Jean. And Julian and Ed and Chelsea. Chinese, Russian, Iranian and terrorist. All undifferentiated in a haystack of PRISM and drone demons. Hurling insults aid finding the easiest to turn or burn. At 01:21 PM 12/17/2013, you wrote:
Juan Garofalo:
--On Tuesday, December 17, 2013 3:03 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Tuesday, December 17, 2013 1:43 AM +0000 Jacob Appelbaum <jacob@appelbaum.net> wrote:
Juan Garofalo:
--On Sunday, December 15, 2013 6:11 PM -0800 coderman <coderman@gmail.com> wrote:
> Video: > https://archive.org/details/schneier > Audio: > http://www.softwarefreedom.org/events/2013/a_conversation_with_bruce > _s ch neier/ >
"the nsa can't break tor"
Ha? tor developers admit that the nsa can break tor but
otherwise?
Where do we admit that the NSA can break Tor? We have seen evidence only for the NSA exploiting the code in Tor Browser (Firefox) and never in the core Tor network software.
See my next messages. I'm referring to the "users get router" paper.
Wait, you're taking an academic paper, a good one I might add, and saying that this counts as admission by the Tor Project that our efforts are futile?
The paper states that traffic analysis is feasible. I mean,
schneider says that isn't
exactly news. The paper seems to admit that traffic analysis is (a lot?) easier that previously supposed.
Traffic analysis is likely feasible if you can watch all of the internet. The question is at what resolution? With full packet captures of everything, for all time, it becomes a statistical question with some possibly negative outcomes.
So, yes, that shows that tor can't protect people from the
US government.
Actually, we see from the documents that they cannot deanonymize all people, all of the time; they must target. So actually, it *does* protect people from instantly falling into the pitfalls related to dragnet surveillance. You're avoiding this and it is totally silly.
Which actually shouldn't be surprising since tor is a tool of the US government.
The Tor Project is a 501c3 non-profit. As a company, we're not tools of anyone and as a tool, tor, is similarly not a tool of the US government. Your statements indicating otherwise are just rude and uninformed.
As to your 'efforts being futile' - that's not my wording.
Depending on
what your ends are, your efforts are certainly not futile...
Could you possibly be more of an asshole, Juan?
I see no reason to believe that the NSA can't find out
who's who in the
tor network.
Perhaps the leaked documents that specifically state this fact might clue you into their capabilities?
Oh, come on. Again "absence of evidence is not evidence of absence".
How does that old quote go? "That which is presented without evidence may be dismissed without argument." Yeah, exactly.
I encourage you to read them:
I've already seen a few of them. No, I obviously don't think that those prove anything. Did I mention that "absence of evidence is not evidence of absence"?
The NSA and the GCHQ ran a real operation to deanonymize someone. Do you understand how they attempted to do this? Do you understand the evidence presented or will you continue to ignore it?
And while we're it, did I miss any leaked documents
discussing traffic
analysis of tor? There should be some no?
Yes, you did - read the above documents already? The CES summer school document discusses some of this and it is sadly very poor research. The open community, such as Aaron's recent paper, is much much further ahead. This is what we expect - this is why we work with an open research community so seriously.
Contained in those files, I see no evidence for your assertions. Aaron's paper is good but as Al said, feel free to show us some evidence that you've used it to break Tor!
I really can't believe you wrote that. You think I'm that stupid?
I'm giving you some credit - break it, already?
The way to 'break' tor, that is, find things like the
location of, say,
freedom hosting and silk road, is to monitor traffic. I obviously can't do that. Your government can obviously do that.
Can you please explain to everyone how they found the location of the Silk Road? Hint: it wasn't Tor, it was his extremely bad operational security and using... a VPN!
Please.
plus, schneier, greenwald and partners don't seem to have too much credibility at this point
Why is that?
Because they have access to a lot of information they are not publishing, and have close ties to the establishment.
Wait, they have access to information, that they publish, story by story and that means that they're not credible? That is hilariously strange reasoning.
What's hilarious is your attempt at twisting what I said.
You criticize the only people working to inform the public and you degrade their honor without having real information about their specifics. Do you live under threat for your work? Do you live in exile from your home country? Do you do anything that matters where someone else has some criticisms because they don't have a full view on your entire life or because they misunderstand something about what is presented in public?
The information is coming out as quickly as people are able to make sense of it.
Oh really. I need to be spoon fed by computer illiterate
greenwald? That's
cool...
And how do these superior people gauge the rate at which the inferior people they spoon fed are able to consume what they are given? Just curious...
Ah, I see - you're basically just green with envy? Well, get in line, eh?
Plus, isn't the latest news that greenwald was bribed/bought by ebays owner, who happens to be the typical fake american 'libertarian' (he's actually a mercantilist conservative - see what kind of 'free' market ebay is)
No, the latest news is that Glenn still has nouns of steel and is still publishing incredible news on a regular basis.
OK...
You could actually demonstrate that you see that Glenn, Laura and others have taken real risks by doing anything at all to inform us. The way that you behave, it is a wonder that they take such risks with people who are so cynical and ungrateful as their peanut gallery. Lucky for the rest of humanity that for every dozen people spending their energy being so unkind, as you are, we have thousands who appreciate their efforts.
All the best, Jacob
participants (18)
-
Al Billings -
APX 808 -
Bill Stewart -
Cari Machet -
coderman -
dan@geer.org -
grarpamp -
Jacob Appelbaum -
James A. Donald -
Jim Bell -
Joe Wang -
John Young -
Juan Garofalo -
Odinn Cyberguerrilla -
rysiek -
stef -
Stephan Neuhaus -
Ted Smith