Hello, The original message below about my PhD thesis sent to this list was not sent by me. I do not use protonmail and while I find the impersonation to be a kind of semi-creepy flattery, it may be something worse, of course. I'd encourage people to download my thesis from the university library [0] or my university home page. I had no interest in advertising the thesis here and I was mildly surprised to see it pop up on the list, especially sent by someone using my name with all the implications included. With that said, it has been sent to the list and I hope it is an interesting read for people who want to read it. Unlike my university library, the PDF on my home page [1] does not watermark or edit the PDF on a per visitor basis. The PDF on my home page is also slightly revised because of an unexpected book printing error. The PDF on my home page also has an improved general index, it fixes a small number of typographical issues, and of course it should fix the surprising last minute print alignment errors. People who want a printed copy are welcome to contact me privately by email. I will probably mail you a book or maybe I will hand it to you personally. The book is not for sale, and I probably won't send it to people who won't read it. I have a limited number of printed books that I am mailing myself at my own personal expense. I want to encourage paper book readers to read it as well. With that said - I find the PDF much more readable because of the extensive use of hyperlinks and cross referencing, also it's trivial to search a PDF and less so for a printed book. The general index in both the PDF and the book should make it possible to ask smart questions of the thesis directly. For example - look up a vendor or product, find out if they are a collaborator or a target of large-scale adversaries (or perhaps find that they are missing!), read the original source documents, study the listed implants for the vendor in question, and then it should be possible to consider how it could impact you in your everyday life. It is not comprehensive of all the implants or programs known in the world and things left out are not a critique of other research. There is much work to be done in cataloging and indexing a worldwide history of capabilities and programs. Bugged Planet [2], Cryptome [3], and WikiLeaks [4] remain useful for finding further original source documents and analysis of information on these topics. As usual with this mailing list like many other forums, we can expect some folks to dismiss matters written about in the thesis. Surveillance targets and other politically exposed persons in danger are frequently attacked by such people. We can also expect that those same people will not discuss the substantial facts or cryptographic designs, except superficially if at all, and they will attempt to distract, divide, disrupt, degrade, and destroy. The usual JTRIG playbook is to be expected when discussing topics such as JTRIG (see chapter 4) and especially other secret services who collaborate with JTRIG directly (again see chapter 4). Even those who simply wish to copy their methods or obtain similar results will draw out a defense of some capabilities; capabilities whose very existence is an abuse by relying on suspect interpretations of law and politics (again see chapter 4). In the usual spirit of the cypherpunks I encourage readers to ignore any bad faith trolling by using client side filtering. We can expect that the usual or even new elements of the controlled opposition (especially in the anglophone-sphere) will seek to make it personal, to speak poorly of individuals, and they will also denigrate the struggles and issues faced by those individuals. They will also project their own issues on others, and of course they will try to draw out personal and professional fights relentlessly. We may also see flooding of messages about many topics - like a manic eruption to distract any would be reader by burying this email reply among many other emails. I encourage everyone to ignore such bad faith engagements; this thesis is part of a different conversation with different goals. I hope this thesis sparks further discussion among those cypherpunks who are still writing Free Software for all of humanity and that it helps potential users who want to protect their own privacy and security. I hope that any discussion enhances how we build what we need to build, and that the results are usable by regular people. There is still much to be done - but I firmly believe we can make huge progress in protecting traffic in our own autonomous spaces (homes, cafes, conferences, etc), and ideally we can also make the same progress with the Internet as well. Specific protocol design and implementation discussions using the issue tracker pages of Vula [5] and REUNION [6] are welcome. Kind regards, Jacob [0] https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv... [1] https://www.win.tue.nl/~jappelba/Communication_in_a_world_of_pervasive_surve... [2] https://buggedplanet.info/index.php?title=Main_Page [3] https://cryptome.org/ [4] https://www.wikileaks.org/ [5] https://vula.link/ [6] https://rendezvous.contact/ On 3/30/22, Jacob Appelbaum <jakeappelbaum@protonmail.com> wrote:

Communication in a world of pervasive surveillance Citation for published version (APA): Appelbaum, J. R. (2022). Communication in a world of pervasive surveillance: Sources and methods: Counter- strategies against pervasive surveillance architecture. Eindhoven University of Technology. Document status and date: Published: 25/03/2022 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement: www.tue.nl/taverne Take down policy If you believe that this document breaches copyright please contact us at: openaccess@tue.nlproviding details and we will investigate your claim.

Wer die Wahrheit nicht weiß, der ist bloß ein Dummkopf. Aber wer sie weiß und sie eine Lüge nennt, der ist ein Verbrecher." 1 — Bertold Brecht, Das Leben des Galilei, Seite 71

Appelbaum, Jacob R.. /Communication in a world of pervasive surveillance : Sources and methods: Counter-strategies against pervasive surveillance architecture. Eindhoven : Eindhoven University of Technology, 2022. 327 p. https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv...

Best Regards

On 3/31/22, grarpamp <grarpamp@gmail.com> wrote:

...

https://research.tue.nl/en/publications/communication-in-a-world-of-pervasiv... Appelbaum, Jacob R.. /Communication in a world of pervasive surveillance : Sources and methods: Counter-strategies against pervasive surveillance architecture. Eindhoven : Eindhoven University of Technology, 2022. 327 p.

CHAPTER 1 Introduction

"Wer die Wahrheit nicht weiß, der ist bloß ein Dummkopf. Aber wer sie weiß und sie eine Lüge nennt, der ist ein Verbrecher." 1 -- Bertold Brecht, Das Leben des Galilei, Seite 71

Electronic surveillance systems, in their twenty-first century totality, create an environ- ment of pervasive surveillance where most, if not all, communications channels are mon- itored in some capacity. Sociologists and other academic researchers define surveillance in many different ways [Mar15]. We consider the definition from Lyon from Surveillance Studies: "any systematic, routine, and focused attention to personal details for a given pur- pose (such as management, influence, or entitlement)" [Lyo14]. Today's Internet is the pri- mary terrain of struggle [GBC11, Kat90, Her00, Ziz08, Cun15, GE07] between those com- mitted to attacking electronic communications, whether in targeted [Bam16] surveillance of individuals or indiscriminate mass surveillance [Eur18, Eur78, Eur06, Eur84, Eur10, Eur87, Eur15, Eur16] of whole populations, and those committed to securing communi- cations from attack. The two most prevalent surveillance adversaries are state [Gre14b] and corporate [Zub19, Int21a, Int21b] actors, though in some situations there is no meaningful distinc- tion between these. Fusion Centers [Wik21i] for example, are an American domestic intelligence apparatus that aggregates data provided by government agencies, corpora- tions, and private persons, resulting at times in Americans being persecuted for engaging in constitutionally protected activities. Surveillance data of all kinds collected from other terrains [Goo21, War15b] readily merges into the Internet's IP traffic flows. This collec- tion is not merely through passive observation of our communications, but also through active interaction and exploitation, along with analysis of behavioral data, other systems data, and data at rest. To name just a few examples: · In-person, face-to-face meetings when personal or professional electronic equip- ment is present in the same room [ATL06, CCTM16]. · Targeted and mass surveillance of telephone metadata and call content [SM13, GS14]. · Targeted and mass surveillance of postal mail [Nix13]. · Public and private video surveillance, especially when used in tandem with machine learning for identification based on height, gait, and/or facial structure among oth- ers [EKGBSBA16]. · Stylometry of written text to identify anonymous authors [BAG12]. · Analysis of video and images of biological structures such as veins, ear shape, as well as of body modifications such as piercings and tattoos [RP14]. As new sources of data become available in nearly every realm of life, we find new surveil- lance tools being designed to exploit them. Understanding these surveillance practices is critical for building defenses. It is now commonly understood that the US Government does "kill people based on metadata" [Col14] including children [Sca13a, Bon13, Kri19, AR21], intentionally 2 and unintentionally. The state's capacity for violence is enhanced with additional surveillance capabilities. Historical as well as contemporary use of data and metadata to socially sort [Lyo03] has enabled human rights abuses such as persecuting political refugees [CM+ 17, DNI21], assassinations [Col14] and genocide [Bla12]. Modern proponents of both targeted and mass surveillance regularly claim that grant- ing authorities surveillance powers will help to prevent terrorist acts. We know that while this is sometimes true [EM13, BSSC14], it is often false, with disastrous conse- quences [GRS14, Rot15]. We also know that the existence of interception capabilities puts both the operators [Bam16] and users of communication infrastructure at direct risk, and that the same surveillance methods intended for terrorists are diverted to tar- geting democratically elected leaders [JAS13]. This leads us to ask: In order to protect our societies from terrorist acts, must we leave ourselves vulnerable? Is it worth the trade-off to occasionally catch the least competent would-be terrorists, corrupt officials, spies, criminals, and thieves? The questions themselves seem absurd when the answer promotes criminality of all kinds: corporate espionage, economic warfare, government espionage, human-rights violations, lawfare, so-called "targeted killings" (assassinations), untargeted killings, etc. Yet an affirmative answer to those questions is an observable na- tional policy in countries around the world. The deployment of standardized communications protocols in the last century made it possible to perform surveillance in a highly automated fashion. We investigate some of these surveillance systems extensively with help from documents exposed by whistle- blowers, known and unknown, or other anonymous insiders. We compare the intentions and stated beliefs of surveillance adversaries with those of protocol designers, who in recent years have belatedly started to introduce the term surveillance, and later mass surveillance, into Internet-related protocol publications [FT14, BSJ+ 15a].

1 "He who does not know the truth is merely a fool. But whoever knows it and calls it a lie is a criminal." 2 The President of The United States of America is directly involved in some assassination decisions [Poi14, Par15], something of an explicit concern [Ken11] to the founders of the country.

I didn't read it in his e-mail, just like the crap grarpamp sent to the list.Like the Rat,Chameleon, Grarpamp, it looks like someone else joined this list with American propaganda. ​ I tried to read the e-mail quickly, and I saw the article on cryptome and cypherpunks . CIA supporters are multiplying. Instead of Chameleon sorry I mean “John Young” Twitter, you can talk to all of us here. Don't worry about what I said, you admitted to being connected to the CIA years ago. Last time you answered me for Assange, you said chameleon for him.Y ou have another supporter now, just like Karl. By the way, you're right, I don't claim to be an angel anymore. Especially for you and the Rat

...

I replied to the anonymous best regards signature mentioning it was

similar to coderman's. I wondered if whoever posted it had copied it so as to fit in better. but it also could have sounded like I suspected coderman as pretending to be jacob appelbaum. this was not intended, but is a common error for me. I engage in other harmful behaviors, too. it was really great to see that thesis. as a set, a significant number of us have experienced JTRIG bullshittery,

but it is also still not a reason to cease to communicate.

"don't let the bastards win!"

to continue to approach the world with honesty and openness some would call insanity; "of course you get burned - people suck!"

I don't think anybody really believes this, of course, but many say it but to give up is to cease to be human.

so even if fuckery commences, don't let it deter you.

it just means you're doing the right things. *grin*

best regards, and sincerely so - you're member of the feeling set.

thank you for your kindness, coderman. keep yourself safe.

Hopefully you realized that working for the pentagon promoting trash like tor is a bad idea?

If Tor offers him a job, I'm sure he'll go to America. But other Tor volunteers don't want him among them. Anyone with a mind knows Tor doesn't promise privacy. He was never transparent about Tor. He could tell the truth people, but he didn't want to. That's what someone in Tor told me years ago about him. And he brought it up himself,ı’m sure no one there wants him among them. “Also, IDK how to say this, but Jake Appelbaum is not known for his leadership or ability to land a project or code quality. Ethics aside, I wouldn't trust him to plan a dinner party, much less a computer vision firm, yanno?” I don't think most people working for Tor have a good “code quality”. It's not just for him. And most of them have a good salary and a career. I'm also going to go over his doctoral thesis later,but there are much better books to study.

I think being kicked out of tor is appelbaum's highest achievement. It means he didn't fully cooperate with the pentagon. However, appelbaum never ever talks against his 'ex' pentagon accomplices...

I can definitely agree with you on that point. I think being kicked out of tor is appelbaum's highest achievement add +Debian community

yeah tor is a joke - accusing appelbaum of being an inept coder is just misdirection. Whatever the reason appelbaum was kicked out of tor, it was not a technical one.

The reason he got fired wasn't a technical reason. What I want to explain here is that he and the other employees don't have these skills. But thanks to Tor, they've had a good career, some of them making a fortune on “Google”.

appelbaum just wrote :

"As usual with this mailing list...we can expect some folks to dismiss matters...not discuss the substantial facts or cryptographic designs...attempt to distract, divide, disrupt, degrade, and destroy. The usual JTRIG playbook" OK, it seems that appelbaum should be clearly naming who the JTRIG agents are

Hahaha Actually that’s so clear. We all know who the agents are here. The people who send emails with government propaganda are the same.

I kinda suspect appelbaum would say that 'grarpamp' is a 'honest cypherpunk' whereas I am the JTRIG agent...

Grarpamp probably worked in the U.S army. I'll find him like I found the others. I hurt my knee swimming in the pool and I've been sick for a few days. When I have time, I will leak the knowledge of the famous Grarpamp here.People like him have been making government propaganda here for years. They only made government propaganda here. They're never transparent and brave. I leaked information from the FBI or intelligence agents working for the United States. This is just one of the documents I leaked. They didn't even answer that. Because most of them work for U.S, and they send these mails to annoy us. They did not leak any source codes or documents. They didn't talk about privacy or cryptography. And don't care what anyone thinks of you. You're different from them, and you're not a coward. Being different is a good thing, but society perceives it as a bad thing.

https://www.win.tue.nl/~jappelba/Communication_in_a_world_of_pervasive_surve... Communication in a world of pervasive surveillance Sources and methods: Counter-strategies against pervasive surveillance architecture Jacob R. Appelbaum Preface "If this be treason, make the most of it!" -- Patrick Henry, on his twenty-ninth birthday This thesis is the culmination of more than a decade of research into the topic of surveil- lance and the uses of data collected through surveillance. The research that follows in- cludes discussions with insiders and analysis of both previously published and unpub- lished information. We still lack full information on many topics, notably the names of perpetrators. This has several causes: the nature of the topics covered, the legally threat- ening markings on many documents, and the political power of those who would suppress publication. There can be considerable personal consequences for following this direc- tion of research. Several colleagues face serious legal, political, social, and health issues resulting from their participation in, and contributions to, this research topic. Many aspects of this research started as investigative journalism rather than science. Documents first published by news organizations under the byline of the author of this thesis are reproduced here in full and credited appropriately. Sensitive, classified, or otherwise secret internal documents are provided to ensure that their content is witnessed firsthand, to make them freely accessible on the Internet and in libraries, and to ensure that they are not erased from history. The perspective in this thesis is necessarily dominated by the United States of America, whose activities impact nearly every person on planet Earth. The focus on America is deeply political: it is the moral duty of every citizen of the United States to address serious faults in policy and to assist in the process of accountability. Democratic discussion covering technical and non-technical topics of various government or corporate activities is important and necessary. The evidence and findings discussed in this thesis touch on myriad controversial issues ranging from political spying on world leaders to drone assassination of human beings who faced no legal charges and are afforded no day in court. The sheer number of the surveillance systems that we document in subsequent chap- ters reflects the industrial scale of data collection in the twenty-first century. We hope that future researchers will take up the challenge of addressing each covert program as a re- search subject to fully and completely explore, and to freely share their findings with the wider world in the spirit of open academic discussion. This kind of basic research is cru- cial to anti-surveillance software and hardware development. One example is the general idea of the Mix network (mixnet), an anonymity mechanism designed to withstand very powerful adversaries who possess a long memory. How might the evolution of mixnets be shaped by understanding the concrete systems that attack privacy and anonymity in- frastructure? Researchers may even feel inspired to build their own countermeasures, and perhaps full solutions, that encompass more than the purely technical. We offer sev- eral examples of such solutions in the chapters that follow. By applying mathematics and computer science to build countermeasures to surveillance systems, we can protect people individually and at scale, reducing these systems to historical footnotes. Mass surveillance programs present a temptation so great that even very intelligent people imagine the trade-offs to be worthwhile. Many people cannot imagine a future in which their government is blatantly corrupt, or has indeed collapsed. Yet history teaches unambiguously that such changes may come quickly, unexpectedly, and those who seek to exploit the entropic nature of the situation will use all technical, social, economic, and political levers to accomplish their goals. This knowledge should, but often does not, temper support for mass surveillance; this is a blind spot that is not to be dismissed lightly. The machinery of mass surveillance is simply too dangerous to be allowed to exist. We must work to ensure that no one will be able to say that they did not know, or that they were not warned. We must use all of the tools in our toolbox ­ economic, social, cultural, political, and of course, cryptographic ­ to blind targeted and mass surveillance adversaries. The goal is justice [Pon11, "The method is transparency, the goal is justice."] and this thesis encourages a method of designing, building, deploying, and using crypto- graphic protocols centered around human liberty to ensure it.

https://www.wireguard.com/ https://www.gnunet.org/en/gns.html https://gitweb.torproject.org/torspec.git/ A few more among others...

grarpamp and (I have done this too) extracting things from this document to share by hand shows how wrong things are with us and our digital setups I wonder if the paper discusses digital brainwashing and behavior control of political targets. I saw it mentioning parts of this in areas. It shouldn't be hard to share some plaintext from this paper with normal plaintext citations. But it is.