freedom.press, also the firstlook/intercept...
and they host all the juicy bits on documents on documentcloud, requiring anyone interested to expose themselves. it is not possible to download the dumps anonymously in a simple zip file, you really have to use goddamn javascript. this is totally unacceptable. when approached on this, you get very irritated answers, if at all. to say "this stinks" is an understatement. it's a goddamn trap. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/30/2015 04:02 PM, stef wrote:
and they host all the juicy bits on documents on documentcloud, requiring anyone interested to expose themselves. it is not possible to download the dumps anonymously in a simple zip file, you really have to use goddamn javascript.
this is totally unacceptable. when approached on this, you get very irritated answers, if at all. to say "this stinks" is an understatement. it's a goddamn trap.
I am not inclined to believe that a "simple zip file" can be downloaded anonymously, without employing extraordinary OpSec procedures that would incidentally render javascript useless for tracking purposes. Not if the adversaries in your threat model include any official agency of any of the FVEYE countries, or any of the major private contractors working with them. The network itself is the trap, with or without javascript, with or without obfuscation via TOR or etc. I would be much more concerned with the handling of those downloaded files on the local machine - if a trap is suspected, zero day exploits hidden in the files should be assumed. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWDat/AAoJEDZ0Gg87KR0LC94QAL39VlUBFSpnW8nuvMuA0aiW J6Qc3IbqulWNQAyvba8ISmAKpMrYRq3RHUF6ATWRNXRyG4UURS6SRRhTpw/WnYmv JgQzacPBR5NHEYMGXOh3pb/RZ4aKLFq7Jx3/y9jqkCHBfUCqouYmEmTS3wxaGeAj gWB4gMhSxcF5FvQGap9VUXTWJNUasrEd+Cl+1rlcxJY+2IJ0AkZgNdlXVfhJb7yD m115MLvmQFOdmMSTYGhA54rKReNepUc4PM8Wda9y0r+/MQpxlmx3A095z+QHqYfQ Fs/eiDGeYDmAOZy5SG/TZSGqxGUj6Yto+UfAu5nEt/4aBrMpgyd8qlg+cZquACoi ZIXqF09g/Jtaw6gZ2uBbXFI1Spiq3tT7lv3AnADhyAwRtjlquPNaTjgY/BckzavQ 5DSzYp9b52Fd5fsWzkhJ8SInG4wcGgPKjFJscWlTvMyvvmrzjRl1Ua6MqUnXG/b9 Z9L7K1S4qzOmcEGl05BtWIThPxZw4Tr6xQbQ08lbcMrpa8IBP2Eb1C778eULIU2m 37JCugF3FprRZvpymnpQIBVi9ly2S2Y1629YfJB/Zs0zCy0cd5u6XcqnLwELCdMR pM/J5AHJEyv1dPzAEaIGXPdxpkHuH1rtdAgeAM85FUt0UzsOc3rM9PdFQ8xKSV4D Mh58LWEHn2x8unlFYnJ9 =KVQL -----END PGP SIGNATURE-----
On October 1, 2015 3:01:55 PM Steve Kinney <admin@pilobilus.net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 09/30/2015 04:02 PM, stef wrote:
and they host all the juicy bits on documents on documentcloud, requiring anyone interested to expose themselves. it is not possible to download the dumps anonymously in a simple zip file, you really have to use goddamn javascript.
this is totally unacceptable. when approached on this, you get very irritated answers, if at all. to say "this stinks" is an understatement. it's a goddamn trap.
I am not inclined to believe that a "simple zip file" can be downloaded anonymously, without employing extraordinary OpSec procedures that would incidentally render javascript useless for tracking purposes. Not if the adversaries in your threat model include any official agency of any of the FVEYE countries, or any of the major private contractors working with them.
The network itself is the trap, with or without javascript, with or without obfuscation via TOR or etc. I would be much more concerned with the handling of those downloaded files on the local machine - if a trap is suspected, zero day exploits hidden in the files should be assumed.
:o)
-----BEGIN PGP SIGNATURE-----
[Snip] Agree with both sentiments, but - who the hell opens documents of dubious origin on a networked machine? Even on an airgapped machine, I still use a VM... -S
On Thu, Oct 01, 2015 at 03:09:40PM -0700, Shelley wrote:
Agree with both sentiments, but - who the hell opens documents of dubious origin on a networked machine? Even on an airgapped machine, I still use a VM...
Agree about VM, it adds another layer of protection. VMs have bugs too, as history shows. btw, does rowhammer escape VM? (appears to me yes).
2015-10-02 10:58 GMT+02:00 Georgi Guninski <guninski@guninski.com>:
On Thu, Oct 01, 2015 at 03:09:40PM -0700, Shelley wrote:
Agree with both sentiments, but - who the hell opens documents of dubious origin on a networked machine? Even on an airgapped machine, I still use a VM...
Agree about VM, it adds another layer of protection.
VMs have bugs too, as history shows.
btw, does rowhammer escape VM? (appears to me yes).
You know, a webpage is supposed to be in a VM too. With HTML growing so big and so fast it's very hard to know it's secure. But I see little reason as to why Javascript is the baddest boy on the block. iPhones Got wrecked by a png rendering library. Interpreting a programming language is not *that* different from interpreting an image. Even less different from interpreting HTML/CSS. If you would care for a secure instead of a fast Javascript interpreter, well, too bad because nobody's making a secure one. Hah. Which relates as to why I lost a lot of personal photo's; I didn't use the cloud backup feature. Now nobody has my pictures, except maybe whomever stole my phone* =( Using one of those file hosting sites provides a greater level of convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all. The consumers don't care to invest in security very much, in fact, hardly at all. Especially when all you're securing against sounds like more paranoia - which is what an invisible-seems-like-its-not-even-there organization will always seem like. (remember, the NSA lacks the field agents to even be anywhere, and I never see GCHQ agents either) * full disk crypto is not a thing in androidland ;( tl;dr: javascript could be fine if we'd have secure software - as it is HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.
Dnia piątek, 2 października 2015 16:28:23 Lodewijk andré de la porte pisze:
tl;dr: javascript could be fine if we'd have secure software
Or, in other words, "if we were secure, we would be secure". Can't say I disagree. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147
On Fri, Oct 02, 2015 at 04:28:23PM +0200, Lodewijk andré de la porte wrote:
* full disk crypto is not a thing in androidland ;(
it is weird to troll android from a gmail.com account, according to headers. are you using windoze phone on gmail? are you outsourcing dDos to google instead of hotmail.com?
[Random snipping ahead to reply inline while on my mobile, apologies] On October 2, 2015 7:35:19 AM Lodewijk andré de la porte <l@odewijk.nl> wrote: [Georgi]> btw, does rowhammer escape VM? (appears to me yes). I think it does, but I've not done enough testing on my own to be sure.
You know, a webpage is supposed to be in a VM too.
Yep, agreed. I meant that I also use VM on my crappy airgapped box, even though it doesn't matter as much as my other boxes of importance or networked laptops etc. VM should be pretty standard security fare, and yet nothing is 100% secure. We do what we can, adding layers so that it may slow down any threats. There is no way to be absolutely secure, it's a sad fact of modern life. But we don't have to make it easy for the bastards, you know? [Snip]
Which relates as to why I lost a lot of personal photo's; I didn't use the cloud backup feature. Now nobody has my pictures, except maybe whomever stole my phone* =(
Automated TiBU + weekly manual backups of media to external drive? That's what I do; couldn't pay me to use a cloud backup. Same as with people complaining about the first Blackphone not having access to GAPPs/ Google Play (...seriously?), do u even sideload bro? Do it regularly when you're managing your other data backups, it's quick and painless after the initial setup.
Using one of those file hosting sites provides a greater level of convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all.
I'm surprised to hear that come from you. I've never used a cloud backup and the most I've ever lost is a day or two's worth of data/ media. I have redundant backups. It's not difficult (it truly isn't, I'm not trying to be snotty.)
The consumers don't care to invest in security very much, in fact, hardly at all.
Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?
* full disk crypto is not a thing in androidland ;(
Sadly, it's not a "thing" anywhere right now. Not when EC has been intentionally weakened, etc. Hell, even if crApple did have true full disc encryption, I wouldn't use their closed source crapware.
tl;dr: javascript could be fine if we'd have secure software - as it is HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.
"Essential" is very much a subjective term. I don't mind most of my web browsing experience looking like plaintext (in fact, I much prefer it.) However, I understand most people do not want to use the web in that way. We all make concessions we consider acceptable, sacrificing privacy/security for convenience. I'm guilty of it, too. Anyone with a smartphone and a credit/debit card is as well. -S
2015-10-03 0:01 GMT+02:00 Shelley <shelley@misanthropia.org>:
Using one of those file hosting sites provides a greater level of
convenience. Perhaps so much greater that without that level of convenience it would hardly be possible at all.
I'm surprised to hear that come from you. I've never used a cloud backup and the most I've ever lost is a day or two's worth of data/ media. I have redundant backups. It's not difficult (it truly isn't, I'm not trying to be snotty.)
*possible at all *for them* I'm trying to argue we need more convenient + secure services/applications/workflows/etc. because apparently security wasn't worth it for the reporters. I'm also aware of the exceedingly detrimental effect copyright law has had on general filesharing. Somehow information controls, huge dangers to freedom of speech, are permissible because ideas aren't free but instead licensable at owner's whims. Reg backups - I think you have a far better way of managing things than I do. It was actually on my mind to fix within the week (earlier if I'd have found a client-side-crypto-cloud-backup-thing). There's no excuse really - I just kept delaying it because I never /actually/ lost data before (I always had a backup somewhere). I've never been very systematic about it and it feels totally off that it isn't already automated in our operating systems. (/vent... losing data hurts)
The consumers don't care to invest in
security very much, in fact, hardly at all.
Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?
I mean so many of them that we do not have much security now. (btw: geotagging is cool, it's bad for security, but so are all pictures)
* full disk crypto is not a thing in androidland ;(
Sadly, it's not a "thing" anywhere right now. Not when EC has been intentionally weakened, etc. Hell, even if crApple did have true full disc encryption, I wouldn't use their closed source crapware.
I actually lost (a test server's) data before because I crypted it and locked it up - and forgot the horrendously complicated extra-long passkeys. Since then I opt for something easier to remember/derive, because everything else is detrimental to security. Making physical notes means "import sec.physical" which is a foolhardy proposition.
tl;dr: javascript could be fine if we'd have secure software - as it is
HTML/CSS/images/videos/etc are all also dangerous. Top level security seems (and often is) useless - therefore we don't really have it (even when we'd like it so very much) unless we keep ourselves from essential features.
"Essential" is very much a subjective term. I don't mind most of my web browsing experience looking like plaintext (in fact, I much prefer it.) However, I understand most people do not want to use the web in that way. We all make concessions we consider acceptable, sacrificing privacy/security for convenience. I'm guilty of it, too. Anyone with a smartphone and a credit/debit card is as well.
It makes you slower. Incompatibility makes you slower. Slowness makes you irrelevant. Slowness equals failure. (depending on how much slower you'll be, of course) I say this because it sometimes seems strategically so.
I'm also aware of the exceedingly detrimental effect copyright law has had on general filesharing. Somehow information controls, huge dangers to freedom of speech, are permissible because ideas aren't free but instead licensable at owner's whims.
This wouldn't be a problem if the masses would simply recognize and move their operations to anonymous encrypted networks such as I2P, Phantom, Tor... then at least you would throw true "freedom of speech" up against the wall to be tested... (yes, excepting these fill-traffic-less networks current ability to be outed by passives, and generally exploited by actives.)
I actually lost (a test server's) data before because I crypted it and locked it up - and forgot the horrendously complicated extra-long passkeys. Since then I opt for something easier to remember/derive, because everything else is detrimental to security. Making physical notes means "import sec.physical" which is a foolhardy proposition.
How hard is it really to, upon boot of a physical local storage server, to remember to concatenate 12'th line of the 12'th page of the first 12 books on your bookshelf? Or to at least write the fucker down so that phrase remains airgapped (though obviously final key still present in core)?
On Fri, Oct 2, 2015 at 6:01 PM, Shelley <shelley@misanthropia.org> wrote:
Do you mean the same lusers who broadcast the fact that they're on vacation all over Failbook, post photos with GPS enabled and are then surprised when their home is burglarized?
Same for obituaries with calling hours, next of kin and lineage ID'd and blasted out over the media, etc. People are stupid, even people who care about OPSEC. Perfection is "hard", and must be a "lifestyle" of minimization and excercises and engineering, both in real life and in the mind. Think strategically, practice daily.
2015-10-04 5:36 GMT+02:00 grarpamp <grarpamp@gmail.com>:
Perfection is "hard", and must be a "lifestyle" of minimization and excercises and engineering, both in real life and in the mind.
But this is exactly the problem! Most people are not at (info)war. Most people are trying to live another kind of lifestyle entirely, and see not how invisible orgs can abuse them. All that care about infosec can only say "stop having fun, stop using features, start putting effort into something that you can hardly even imagine". I think the best "for the public" angle is sovereignty, control and actionable freedom. Politicians whose internal memo's and private lives are not secure will function much worse; even when not blackmailed their adversaries have a strong upper hand - affecting sovereignty. The same applies to companies. Control over your life and how you behave, no silly timewasting DRM, no involuntary updates or changes, no "accept all" or misleading "opt-in", no aggressive tie-in strategies, options other than voting-with-your-feet/wallet. And wrt actionable freedom - privacy isn't just for nefarious business, it's also just for keeping people out of your hair. If you like long showers you might prefer not tweeting it, lest your eco-buddies will look at you with little frowns. Maybe you really dig that groovy lavalamp - doesn't mean everyone should know it. And perhaps you'd rather not scribble your teen-girl-pop-rock-addiction? Best not speak of heavy subjects - people prefer lightweight, fun, enthusiastic, positive talks. In that vein, I have determined Android smartphones to be something I do want to have. It has been getting worse and worse for years on end. iOS is worse still, but now seemingly only marginally so. Having just lost my personal pictures (which are really not that useful for anyone but me) is painful, and I wish I just accepted the cloud backup feature. I did not see why it should not be encrypted locally, but the applications for doing so manually did not inspire trust, and seemed like a big hassle besides (was still gonna). Basically, I recommend using automatic cloud backups for images, and remembering that GOOG/TLA's are watching (which they are anyway, on your Android smartphone). How hard is it really to, upon boot of a physical local storage server,
to remember to concatenate 12'th line of the 12'th page of the first 12 books on your bookshelf? Or to at least write the fucker down so that phrase remains airgapped (though obviously final key still present in core)?
I'd first need a stable bookshelf. Housing has been in flux somewhat - for a while now. I may have written something down. Somewhere. Also, I thought I would remember, and did, until I did not use the password for some months (it was running smoothly and needed no reboots). So, harder than it seemed. I have also used grids and patterns to hide passwords, so not every onlooker would immediately see them - but it's possible to brute force them so there's no real comfort. Sorry for always being so verbose. Brevity kills clarity.
On Fri, Oct 2, 2015 at 10:28 AM, Lodewijk andré de la porte <l@odewijk.nl> wrote:
Which relates as to why I lost a lot of personal photo's; I didn't use the cloud backup feature. Now nobody has my pictures, except maybe whomever stole my phone* =(
Don't use a phone that doesn't have sdcard, or at least usb or scp over wifi. Don't take pictures of self, family, friends or business you care about on hardware (obviously baseband) which doesn't care about you. Bonus: since the masses are ditching standalone cameras for phones, used cameras are now dirt cheap, anonymous, and come prefilled with all sorts of fun images "deleted/formatted" from their DOS FAT.
On Fri, Oct 2, 2015 at 10:28 AM, Lodewijk andré de la porte <l@odewijk.nl> wrote:
2015-10-02 10:58 GMT+02:00 Georgi Guninski <guninski@guninski.com>:
btw, does rowhammer escape VM? (appears to me yes).
To affect your own instance, probably. In others, at least those (or under VMM's) that wipe wipe malloc before use, probably not.
* full disk crypto is not a thing in androidland ;(
Are not the Linux and FreeBSD slowly approaching (with droid/hardware blob compatibility shims) the ability to run natively on certain hardware such that FDE is theirs and not droid's (baseband, and open chip fabs, excepting)? http://www.freebsd.org/platforms/arm.html https://wiki.freebsd.org/201506DevSummit/ARMv8 https://www.google.nl/search?q=linux+qualcomm+snapdragon
On Thu, Oct 01, 2015 at 05:54:09PM -0400, Steve Kinney wrote:
The network itself is the trap, with or without javascript, with or without obfuscation via TOR or etc. I would be much more concerned with the handling of those downloaded files on the local machine - if a trap is suspected, zero day exploits hidden in the files should be assumed.
yes, that's why the "zip" should also be signed with some widely accepted pgp key. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt
participants (7)
-
Georgi Guninski -
grarpamp -
Lodewijk andré de la porte -
rysiek -
Shelley -
stef -
Steve Kinney