a) JYA is being paid in laundered bitcoin for spreading FUD to cypherpunks and privacy technologists; CIA now embracing altcoins for darkops and payoffs.
b) the emerging market for captured 0day is spilling over into overt baiting tactics in public places like our beloved listserv; elevated noise a signal for constructed focal points of interest tapping faux target treasures.
c) because honeypots
I don't have a clue about JYA, but what I have seen on the bitcoin lists about address re-use and stealth addresses pretty much confirms that lots of people are getting paid, and many are getting manipulated into developing and promoting 'privacy and anonymity' systems that come pre-hacked with a feed to the highest bidder. The only real defense normal people have is transparency. The only people who can afford privacy are the ones shouting the loudest that we all have an inalienable right to keep shit secret, while they quietly tap our phones, bank accounts, cryptocoin wallets, and new media.
--On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes <hozer@hozed.org> wrote:
The only real defense normal people have is transparency.
What (the hell) is that supposed to mean?
The only people who can afford privacy are the ones shouting the loudest that we all have an inalienable right to keep shit secret, while they quietly tap our phones, bank accounts, cryptocoin wallets, and new media.
Those criminals may have de facto privacy. And?
On Thu, Jan 16, 2014 at 04:25:05PM -0300, Juan Garofalo wrote:
--On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes <hozer@hozed.org> wrote:
The only real defense normal people have is transparency.
What (the hell) is that supposed to mean?
http://www.davidbrin.com/transparentsociety.html
The only people who can afford privacy are the ones shouting the loudest that we all have an inalienable right to keep shit secret, while they quietly tap our phones, bank accounts, cryptocoin wallets, and new media.
Those criminals may have de facto privacy. And?
The criminals in power have privacy. The rich who can pay have privacy. Those below the median income have none. I am inherently suspicious of privacy and anonynmity advocates because they are at best not realizing the threat model, and at worst are working for the criminals in power.
one of our tactics is to make things public knowledge - transparency has been seen by our security ppl as 'protection' >>> yup what can u do when they can even infiltrate thru ur sym card >> taking ur battery out of ur phone aint doin nothin Cari Machet NYC 646-436-7795 carimachet@gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet <https://twitter.com/carimachet> Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. On Thu, Jan 16, 2014 at 8:43 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
On Thu, Jan 16, 2014 at 04:25:05PM -0300, Juan Garofalo wrote:
--On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes <hozer@hozed.org> wrote:
The only real defense normal people have is transparency.
What (the hell) is that supposed to mean?
http://www.davidbrin.com/transparentsociety.html
The only people who can afford privacy are the ones shouting the loudest that we all have an inalienable right to keep shit secret, while they quietly tap our phones, bank accounts, cryptocoin wallets, and new media.
Those criminals may have de facto privacy. And?
The criminals in power have privacy. The rich who can pay have privacy.
Those below the median income have none.
I am inherently suspicious of privacy and anonynmity advocates because they are at best not realizing the threat model, and at worst are working for the criminals in power.
Dnia czwartek, 16 stycznia 2014 13:43:29 Troy Benjegerdes pisze:
The criminals in power have privacy. The rich who can pay have privacy.
Those below the median income have none.
I am inherently suspicious of privacy and anonynmity advocates because they are at best not realizing the threat model, and at worst are working for the criminals in power.
So please tell us, oh enlightened one, what is the threat model? Because I would say the exact same thing about those who badmouth privacy advocates and privacy itself: obviously those in power have vested interests in violating privacy, be it for monetary, or political gain. They have vested interests in convincing the unwashed masses that either "privacy is dead", "privacy is not needed" or "privacy is impossible". So that they can more easily spy upon us all, and so that it gets that harder for privacy-conscious people to maintain their privacy (as that is an ecology, if you do not maintain your privacy, information about you might help somebody to deduce information about me). I would say that the vested interest is more clear in the above than in what you stated. So please tell me, what do I not see, or (if I am "working for the man"), where's the cash that I must've gotten for my services over the years?.. -- Pozdr rysiek
On Thu, Jan 16, 2014 at 08:59:46PM +0100, rysiek wrote:
Dnia czwartek, 16 stycznia 2014 13:43:29 Troy Benjegerdes pisze:
The criminals in power have privacy. The rich who can pay have privacy.
Those below the median income have none.
I am inherently suspicious of privacy and anonynmity advocates because they are at best not realizing the threat model, and at worst are working for the criminals in power.
So please tell us, oh enlightened one, what is the threat model?
Because I would say the exact same thing about those who badmouth privacy advocates and privacy itself: obviously those in power have vested interests in violating privacy, be it for monetary, or political gain.
They have vested interests in convincing the unwashed masses that either "privacy is dead", "privacy is not needed" or "privacy is impossible". So that they can more easily spy upon us all, and so that it gets that harder for privacy-conscious people to maintain their privacy (as that is an ecology, if you do not maintain your privacy, information about you might help somebody to deduce information about me).
I would say that the vested interest is more clear in the above than in what you stated. So please tell me, what do I not see, or (if I am "working for the man"), where's the cash that I must've gotten for my services over the years?..
I'm going to trust you when you say you are an advocate for all the right reasons. I also like to trust, but verify. I cannot verify without invading your privacy, and since that's important to you, I won't. The vested interests absolutely would love us all to believe privacy is dead, but will not themselves give it up, making for an extreme imbalance of power. I, on the other hand, am a person. I am not, however, particularly private, because it costs me too fucking much in terms of money, time, and paranoia to actually test and verify that shit I think is supposed to be private actually is. What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
On Thu, Jan 16, 2014 at 9:25 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
.
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
YAY!! are those ppl largely libertarians (mayb)?
On Thu, 16 Jan 2014, Cari Machet wrote:
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
YAY!!
are those ppl largely libertarians (mayb)?
Do you *always* use SMS-speak? This is a mailing list, not a Twit feed: it's safe to use real words. //Alif -- Those who make peaceful change impossible, make violent revolution inevitable. An American Spring is coming: one way or another.
thanks for telling me i am in a safe place i actually use these ways of writing on purpose - i think language is alive and it changes like you and i - so i see the future english language use as different than now but i use some of its aspects now such as the use of numbers in words etc - if you have seen any future depictions of written language it is usually full of symbols letters and numbers (like code) - even just squares - i just try to open pathways for such things in different arenas and i dont see things as 'real' or unreal in the way that you do On Fri, Jan 17, 2014 at 6:53 AM, J.A. Terranson <measl@mfn.org> wrote:
On Thu, 16 Jan 2014, Cari Machet wrote:
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
YAY!!
are those ppl largely libertarians (mayb)?
Do you *always* use SMS-speak? This is a mailing list, not a Twit feed: it's safe to use real words.
//Alif
-- Those who make peaceful change impossible, make violent revolution inevitable.
An American Spring is coming: one way or another.
-- Cari Machet NYC 646-436-7795 carimachet@gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Twitter: @carimachet <https://twitter.com/carimachet> Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited.
OHAI, Dnia czwartek, 16 stycznia 2014 14:25:51 Troy Benjegerdes pisze:
So please tell us, oh enlightened one, what is the threat model?
Because I would say the exact same thing about those who badmouth privacy advocates and privacy itself: obviously those in power have vested interests in violating privacy, be it for monetary, or political gain.
They have vested interests in convincing the unwashed masses that either "privacy is dead", "privacy is not needed" or "privacy is impossible". So that they can more easily spy upon us all, and so that it gets that harder for privacy-conscious people to maintain their privacy (as that is an ecology, if you do not maintain your privacy, information about you might help somebody to deduce information about me).
I would say that the vested interest is more clear in the above than in what you stated. So please tell me, what do I not see, or (if I am "working for the man"), where's the cash that I must've gotten for my services over the years?..
I'm going to trust you when you say you are an advocate for all the right reasons.
Cool. :)
I also like to trust, but verify. I cannot verify without invading your privacy, and since that's important to you, I won't.
Not true. You can verify my public actions, my public statements. What matters in the end is if the result is right. If my actions, my statements were conducive towards better privacy or bettering of our common human condition, one can assume with high degree of certainty that my reasons were right. If not, well, woe is me.
The vested interests absolutely would love us all to believe privacy is dead, but will not themselves give it up, making for an extreme imbalance of power.
And information assymetry. That's why we have to build our own tools and use them to guard our own privacy.
I, on the other hand, am a person. I am not, however, particularly private, because it costs me too fucking much in terms of money, time, and paranoia to actually test and verify that shit I think is supposed to be private actually is.
Well, there is always the element of trust. I have to (I don't have the time, money, etc to verify myself) trust my hardware and software to some extent. But I *can* choose hardware and software in a way that should make that trust better founded. Free software, open hardware. I use an "ancient" Nokia N900, which is by far not ideal, still much better than any iPhone. I can make listeners' lives harder. And I do.
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
Abso-fucking-lutely! Still, I would like to know what is the threat model you were talking about. I don't see how advocating privacy and anonymity can be sinister -- apart from using these terms in context that these terms have no purpose other than muddying the waters (i.e. "privacy of government agencies or corporations"). -- Pozdr rysiek
;) On Thu, Jan 16, 2014 at 09:49:33PM +0100, rysiek wrote:
OHAI,
Dnia czwartek, 16 stycznia 2014 14:25:51 Troy Benjegerdes pisze:
So please tell us, oh enlightened one, what is the threat model?
Because I would say the exact same thing about those who badmouth privacy advocates and privacy itself: obviously those in power have vested interests in violating privacy, be it for monetary, or political gain.
They have vested interests in convincing the unwashed masses that either "privacy is dead", "privacy is not needed" or "privacy is impossible". So that they can more easily spy upon us all, and so that it gets that harder for privacy-conscious people to maintain their privacy (as that is an ecology, if you do not maintain your privacy, information about you might help somebody to deduce information about me).
I would say that the vested interest is more clear in the above than in what you stated. So please tell me, what do I not see, or (if I am "working for the man"), where's the cash that I must've gotten for my services over the years?..
I'm going to trust you when you say you are an advocate for all the right reasons.
Cool. :)
I also like to trust, but verify. I cannot verify without invading your privacy, and since that's important to you, I won't.
Not true. You can verify my public actions, my public statements. What matters in the end is if the result is right. If my actions, my statements were conducive towards better privacy or bettering of our common human condition, one can assume with high degree of certainty that my reasons were right. If not, well, woe is me.
The vested interests absolutely would love us all to believe privacy is dead, but will not themselves give it up, making for an extreme imbalance of power.
And information assymetry. That's why we have to build our own tools and use them to guard our own privacy.
pgp and gnupg are 'pretty good'. Bitcoin is a disaster because the vested interests appear to have achived complete regulatory capture through FINCEN and the Banking Secrecy Act
I, on the other hand, am a person. I am not, however, particularly private, because it costs me too fucking much in terms of money, time, and paranoia to actually test and verify that shit I think is supposed to be private actually is.
Well, there is always the element of trust. I have to (I don't have the time, money, etc to verify myself) trust my hardware and software to some extent.
But I *can* choose hardware and software in a way that should make that trust better founded. Free software, open hardware. I use an "ancient" Nokia N900, which is by far not ideal, still much better than any iPhone.
I can make listeners' lives harder. And I do.
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
Abso-fucking-lutely! Still, I would like to know what is the threat model you were talking about. I don't see how advocating privacy and anonymity can be sinister -- apart from using these terms in context that these terms have no purpose other than muddying the waters (i.e. "privacy of government agencies or corporations").
-- Pozdr rysiek
The cost of privacy is the threat. There's a lot we can do with things that are Free, as in Freedom (software). I think there's also a great advance waiting when a viral-freedom copyright license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost tradeoff of doing verifiably secure anonymous transactions vs what it costs to just tell the world you are sending $20 to your grandma and making sure it gets there. The problem with bitcoin is all the developers who know what they are doing are now part of the 1% that benefits from exploiting privacy asymmetry. I can't trust someone talking with forked tongue about how cryptocoins are BOTH a serious business currency, AND protect your privacy. -- Troy
Dnia czwartek, 16 stycznia 2014 15:33:07 Troy Benjegerdes pisze:
The vested interests absolutely would love us all to believe privacy is dead, but will not themselves give it up, making for an extreme imbalance of power.
And information assymetry. That's why we have to build our own tools and use them to guard our own privacy.
pgp and gnupg are 'pretty good'.
Yup. And we can make them better, more usable, etc.
Bitcoin is a disaster because the vested interests appear to have achived complete regulatory capture through FINCEN and the Banking Secrecy Act
Also, FBI has "over9000" BTC from SilkRoad bust. Enough to do whatever they want with this market. Who knows how that cash is going to be spent.
I, on the other hand, am a person. I am not, however, particularly private, because it costs me too fucking much in terms of money, time, and paranoia to actually test and verify that shit I think is supposed to be private actually is.
Well, there is always the element of trust. I have to (I don't have the time, money, etc to verify myself) trust my hardware and software to some extent.
But I *can* choose hardware and software in a way that should make that trust better founded. Free software, open hardware. I use an "ancient" Nokia N900, which is by far not ideal, still much better than any iPhone.
I can make listeners' lives harder. And I do.
What I want is for private cypherpunks and transparent cypherpunks to respect each other's values and spill the secrets of the fuckers who say privacy is dead but will only themselves give it up in the cold grip of the grave.
Abso-fucking-lutely! Still, I would like to know what is the threat model you were talking about. I don't see how advocating privacy and anonymity can be sinister -- apart from using these terms in context that these terms have no purpose other than muddying the waters (i.e. "privacy of government agencies or corporations").
The cost of privacy is the threat.
Oh?
There's a lot we can do with things that are Free, as in Freedom (software). I think there's also a great advance waiting when a viral-freedom copyright license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost tradeoff of doing verifiably secure anonymous transactions vs what it costs to just tell the world you are sending $20 to your grandma and making sure it gets there.
What kind of cost are you talking about. The cost of equipment and electricity to mine BTC/whateverCoin? Opportunity cost of some kind? Privacy cost (as in: "my address gets written into a public ledger")? Also: http://en.wikipedia.org/wiki/Zerocoin "Zerocoin is a proposed cryptocurrency that would be provably anonymous. It will employ cryptographic accumulators and digital commitments with zero- nowledge proofs to eliminate trackable linkage in a blockchain, which would make the currency anonymous and untraceable."
The problem with bitcoin is all the developers who know what they are doing are now part of the 1% that benefits from exploiting privacy asymmetry.
Yup.
I can't trust someone talking with forked tongue about how cryptocoins are BOTH a serious business currency, AND protect your privacy.
Makes a lot of sense. Bitcoin is not anonymous, we already know that. It is pseudonymous at best. -- Pozdr rysiek
Abso-fucking-lutely! Still, I would like to know what is the threat model you were talking about. I don't see how advocating privacy and anonymity can be sinister -- apart from using these terms in context that these terms have no purpose other than muddying the waters (i.e. "privacy of government agencies or corporations").
The cost of privacy is the threat.
Oh?
There's a lot we can do with things that are Free, as in Freedom (software). I think there's also a great advance waiting when a viral-freedom copyright license (GPL/AGPL) cryptocoin can figure out how to clearly express the cost tradeoff of doing verifiably secure anonymous transactions vs what it costs to just tell the world you are sending $20 to your grandma and making sure it gets there.
What kind of cost are you talking about. The cost of equipment and electricity to mine BTC/whateverCoin? Opportunity cost of some kind? Privacy cost (as in: "my address gets written into a public ledger")?
The code bloat of <bitcoin-privacy-of-the-week>, the blockchain bloat of new addresses all the time, and the biggest one: The god damned mental anguish I have to deal with because the fricking bitcoin client generates a new address for every damned transaction. I just want a couple of well known addresses to keep track of my stuff. If I want privacy (and for the record, I don't), I can hide in high-frequency automated trading and buttonwood exchanges. Otherwise known as 'tradecraft'. The software attempting to 'do it for me' makes for worse privacy and opsec for EVERYONE, at substantial mental, storage, and computation cost. I dunno, maybe I'm missing something here, but then, if I am missing it, how the hell are non-coders (aka, the real world, or journalists, or dissidents) supposed to figure it out?
On Sat, Jan 18, 2014 at 12:44 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
... The god damned mental anguish I have to deal with because the fricking bitcoin client generates a new address for every damned transaction. I just want a couple of well known addresses to keep track of my stuff.
you don't have to use this feature. i just sent some coin back to originating wallet on command line some hours ago, in fact. (and many wallet services, as much as i hate them, can also do this for you as transfer option.)
If I want privacy (and for the record, I don't), I can hide in high-frequency automated trading and buttonwood exchanges. Otherwise known as 'tradecraft'.
The software attempting to 'do it for me' makes for worse privacy and opsec for EVERYONE, at substantial mental, storage, and computation cost. I dunno, maybe I'm missing something here, but then, if I am missing it, how the hell are non-coders (aka, the real world, or journalists, or dissidents) supposed to figure it out?
the issue is that anonymity loves company. so those that need it badly also need those who care less to use it for best effectiveness. e.g. NSA may be hacking Tor users, but NSA is also a Tor user! the bomb hoax debacle, etc. that said, the rest of your argument i am in agreement with. the existing techniques suck, privacy is too expensive, and myriad well intention-ed idiots are pissing in the pool already filled with IC dookie. best regards,
The criminals in power have privacy. The rich who can pay have privacy.
Those below the median income have none.
It has long been said that obscurity is not security (except that in modest doses it is). At the same time, obscurity most assuredly *is* a species of privacy. In other words, the quotation above has it exactly backwards. I have written on this, which is to say that I'm on the record. The most recent is http://geer.tinho.net/geer.uncc.9x13.txt In the meantime, everyone on this list is above world median income (USD 1,225 per annum) and almost everyone is in the world's 1% (USD 34,000 per annum). I commend Branko Milanovic's _The Haves and the Have Nots_ to your reading in that regard. --dan
On Fri, Jan 17, 2014 at 5:06 AM, <dan@geer.org> wrote:
... At the same time, obscurity most assuredly *is* a species of privacy.
an interesting corollary is obscurity as cost factor / lower bound effort for various attacks in your threat model. more opsec, less information theoretic bounds against discrimination from background...
In the meantime, everyone on this list is [exceptionally privileged...]
alas, privilege below truly absurd[0] apparently insufficient shield from the whims of malevolent prosecution and arbitrary retribution... regarding the original subject: if some perceived method of deterrence (or at best deferment) is attained, is that action itself high risk years later as attempts to redress thwarted efforts are redoubled? or said another way: is deterrence a continual escalation until nullified, once applied in even a single instance? i have seen rare instances of quid pro quo applied instead of other pressures. we get to watch (copy exfil data), you get to walk to away... this is hardly sustainable nor continual however. best regards, 0. investment banking a position of absurd privilege, fraud and conspiracy and other felonies in this domain rarely lead to more than symbolic gestures and slaps on the wrist!
On Fri, Jan 17, 2014 at 08:06:46AM -0500, dan@geer.org wrote:
The criminals in power have privacy. The rich who can pay have privacy.
Those below the median income have none.
It has long been said that obscurity is not security (except that in modest doses it is). At the same time, obscurity most assuredly *is* a species of privacy. In other words, the quotation above has it exactly backwards.
I have written on this, which is to say that I'm on the record. The most recent is
http://geer.tinho.net/geer.uncc.9x13.txt
In the meantime, everyone on this list is above world median income (USD 1,225 per annum) and almost everyone is in the world's 1% (USD 34,000 per annum). I commend Branko Milanovic's _The Haves and the Have Nots_ to your reading in that regard.
--dan
Great article Dan, thank you. In other words, privacy is easy, give up your money, and hide in obscurity. Personally, I'd rather live in a world where the top 1% just publish their tax returns, and keep live online transaction wallets that anyone can watch. Why does this idea threaten people so? I'm under 40 (just barely), and I want the little brothers. There's more money to be made, and lives lived, and the cost is some will do what others think is a crime. Call me an anarcho-capitalist-green-libertarian-farmer. (Except in Minnesota, the Democratic-Farmer-Labor big brother already owns farmer) You're right, we're probably all in the top 1% here. I don't wish to impose my ethics and morals on anyone else, so I feel compelled to advocate radical transparency for most, and creative obscurity for the punks who wish to hide from the Biggest Brother. I think it's actually critical for whomever is the 'Biggest Brother' (and I'm not sure if that's FaceAmaGoogle, or the NSA) to cultivate lots of little brothers they have no control over. If they try to control them, it only takes one to slip through the cover of obscurity with a disruptive innovation (or a disruptive weapon), and crash the biggest. The surveillance states that survive must accept and encourage uncertainty and chaos, or be destroyed by those that do. If one of those states makes me an offer I can't refuse (like Farmland and Wind Turbines), and you hear about it here, I think there is reason to be optimistic. And if you don't hear about it, ask me why. I'm not hard to find. --- FaceGoog, are you listening? You need a cpunk on your payroll .. I would rather work for the NSA, but they won't figure out they need really good people with NO SECURITY CLEARANCE working for them for at least a couple more years. I have more chance of one of the NNSA/DOE open-science labs getting it. I believe I have a lot of asymmetric leverage with the last statement(s), and I hope some other transparency punk will formalize it in a better mathematical/security publication than I can.
On Sat, Jan 18, 2014 at 12:34 PM, Troy Benjegerdes <hozer@hozed.org> wrote:
... --- FaceGoog, are you listening? You need a cpunk on your payroll .. I would rather work for the NSA, but they won't figure out they need really good people with NO SECURITY CLEARANCE working for them for at least a couple more years. I have more chance of one of the NNSA/DOE open-science labs getting it.
better yet: don't security for paid work at all. money corrupts, even subconsciously. do something technical that builds angst and restlessness during the day. hack for great justice bridling that pent up discontent at dark. YMMV
Dnia czwartek, 16 stycznia 2014 16:25:05 Juan Garofalo pisze:
--On Thursday, January 16, 2014 12:33 PM -0600 Troy Benjegerdes
<hozer@hozed.org> wrote:
The only real defense normal people have is transparency.
What (the hell) is that supposed to mean?
I guess one could read that as: "Only transparency OF THE LAW ENFORCEMENT and other government/corporate entities and actors can ensure that normal people have some control over them and can protect themselves from possible abuses of power." Surely nobody would use the word "transparency" to a private person, right? http://rys.io/en/27 -- Pozdr rysiek
participants (7)
-
Cari Machet -
coderman -
dan@geer.org -
J.A. Terranson -
Juan Garofalo -
rysiek -
Troy Benjegerdes