Why cryptome sold web logs to their paying customers?
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA
Resend–HTML email scrubbed Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on. So how the fuckd this really happen? Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On October 11, 2015 10:14:15 AM "Dr. J Feinstein" <drjfeinstein@mail.com> wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on.
So how the fuckd this really happen?
I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing. Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals. -S
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On Oct 11, 2015, at 2:02 PM, Shelley <shelley@misanthropia.org> wrote:
I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing.
Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals.
-S
Has anyone stopped to think that perhaps it was on absolute purpose as a warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you? JYA’s stance has always seemed to have been: You’re not safe, please do not be deluded into believing any systems, statements, or mathematical systems will always have your back. Perhaps this is just to bring it into the absolute light for those too dense to grasp this mindset. The above scenario would also explain his general lack of input on the situation — I myself have been expecting miles and miles of (interestingly grotesque almost) prose about the situation. _benjamin
On 10/11/2015 11:37 AM, bbrewer wrote:
Has anyone stopped to think that perhaps it was on absolute purpose as a warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you?
I thought about that. AAMOF I posted that thought about another website that had been behaving oddly recently. On 10/02/2015 09:53 AM, in the thread "Re: What is this "Weird garbled Windows 7 update"?", Razer wrote:
Suppose it's a way to mass-distribute a dead 'canary', offed by someone in the company who knows something the company wasn't willing to kill it's 'canary' over?
Just rumormongering...
RR
Has anyone stopped to think that perhaps it was on absolute purpose as a warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you? JYA’s stance has always seemed to have been: You’re not safe, please do not be deluded into believing any systems, statements, or mathematical systems will always have your back. Perhaps this is just to bring it into the absolute light for those too dense to grasp this mindset. The above scenario would also explain his general lack of input on the situation — I myself have been expecting miles and miles of (interestingly grotesque almost) prose about the situation. _benjamin
If so, then why did he spend a week denying it, calling me a liar, saying the data is fake and accusing it of being disinfo? And why not notify people on the website instead of the occasional tweet about how all logs leak/it's "not the worst"? And if it *was* purposeful, how is *that* okay? If he leaked four months worth of his users' logs and metadata including search terms, *to make a point*?
On Sun, Oct 11, 2015 at 2:02 PM, Shelley <shelley@misanthropia.org> wrote:
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on. So how the fuckd this really happen? I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing. Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals. -S
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On October 11, 2015 10:14:15 AM "Dr. J Feinstein" <drjfeinstein@mail.com> wrote:
Resend–HTML email scrubbed
On October 11, 2015 11:44:07 AM Michael Best <themikebest@gmail.com> wrote:
Has anyone stopped to think that perhaps it was on absolute purpose as a warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you? JYA’s stance has always seemed to have been: You’re not safe, please do not be deluded into believing any systems, statements, or mathematical systems will always have your back. Perhaps this is just to bring it into the absolute light for those too dense to grasp this mindset. The above scenario would also explain his general lack of input on the situation — I myself have been expecting miles and miles of (interestingly grotesque almost) prose about the situation. _benjamin
bbrewer has made a good point, actually. If someone is served a NSL, they are gagged - prohibited by law from saying anything about it. Look at Nick from Calyx: after a decade, his gag order has finally been lifted but there is still a 90-day period during which the gag remains intact to give the feds time to appeal. It's crazy stuff. Even if JY did it to "make a point" about all security being illusory BS, the log files dropped are old enough that they probably wouldn't cause much harm. The same basic argument used by Wikileaks when they dropped the State Dept cables. -S
If so, then why did he spend a week denying it, calling me a liar, saying the data is fake and accusing it of being disinfo? And why not notify people on the website instead of the occasional tweet about how all logs leak/it's "not the worst"?
And if it *was* purposeful, how is *that* okay? If he leaked four months worth of his users' logs and metadata including search terms, *to make a point*?
On Sun, Oct 11, 2015 at 2:02 PM, Shelley <shelley@misanthropia.org> wrote:
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[
https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...]
and you have to turn them on. So how the fuckd this really happen? I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing. Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals. -S
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On October 11, 2015 10:14:15 AM "Dr. J Feinstein" <drjfeinstein@mail.com> wrote:
Resend–HTML email scrubbed
I hadn't thought of it that way. That's an interesting possibility, How would we know? John, can you deny receiving any NSLs, warrants, court orders, etc.? Is the warrant canary doing it's Monty Python routine? (It has ceased to be!) On Sun, Oct 11, 2015 at 2:57 PM, Shelley <shelley@misanthropia.org> wrote:
On October 11, 2015 11:44:07 AM Michael Best <themikebest@gmail.com> wrote:
Has anyone stopped to think that perhaps it was on absolute purpose as a warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you? JYA’s stance has always seemed to have been: You’re not safe, please do not be deluded into believing any systems, statements, or mathematical systems will always have your back. Perhaps this is just to bring it into the absolute light for those too dense to grasp this mindset. The above scenario would also explain his general lack of input on the situation — I myself have been expecting miles and miles of (interestingly grotesque almost) prose about the situation. _benjamin
bbrewer has made a good point, actually. If someone is served a NSL, they are gagged - prohibited by law from saying anything about it. Look at Nick from Calyx: after a decade, his gag order has finally been lifted but there is still a 90-day period during which the gag remains intact to give the feds time to appeal. It's crazy stuff.
Even if JY did it to "make a point" about all security being illusory BS, the log files dropped are old enough that they probably wouldn't cause much harm. The same basic argument used by Wikileaks when they dropped the State Dept cables.
-S
If so, then why did he spend a week denying it, calling me a liar, saying
the data is fake and accusing it of being disinfo? And why not notify people on the website instead of the occasional tweet about how all logs leak/it's "not the worst"?
And if it *was* purposeful, how is *that* okay? If he leaked four months worth of his users' logs and metadata including search terms, *to make a point*?
On Sun, Oct 11, 2015 at 2:02 PM, Shelley <shelley@misanthropia.org> wrote:
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[
https://www.networksolutions.com/support/how-to-enable-download-the-web-logs... ]
and you have to turn them on. So how the fuckd this really happen? I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing. Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals. -S
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On October 11, 2015 10:14:15 AM "Dr. J Feinstein" < drjfeinstein@mail.com> wrote:
Resend–HTML email scrubbed
On 10/11/2015 11:43 AM, Michael Best wrote:
If so, then why did he spend a week denying it, calling me a liar, saying the data is fake and accusing it of being disinfo?
Because unlike Farcebook twitter Google Apple and all the others who 'squealed like a pig' after Snowden's leaks, a FISA court would put JYA so deep in a hole no one would ever hear of his existence again. You're NOT ALLOWED TO EVEN MENTION that the 'suits' had been in contact, no less compromised your system... RR
Razer Rayzer@riseup.net Sun Oct 11 15:59:29 EDT 2015 10/11/2015 11:43 AM, Michael Best wrote:
If so, then why did he spend a week denying it, calling me a liar, saying the data is fake and accusing it of being disinfo? Because unlike Farcebook twitter Google Apple and all the others who 'squealed like a pig' after Snowden's leaks, a FISA court would put JYA so deep in a hole no one would ever hear of his existence again. You're NOT ALLOWED TO EVEN MENTION that the 'suits' had been in contact, no less compromised your system... RR
That would explain keeping silent, *NOT* making up lies about me and saying the data is fake. On Sun, Oct 11, 2015 at 2:43 PM, Michael Best <themikebest@gmail.com> wrote:
Has anyone stopped to think that perhaps it was on absolute purpose as a
warning of lack of safety on his servers due to known 'but unable to speak about’ system compromise? Ie. The same fashion as a warrant canary, or what have you? JYA’s stance has always seemed to have been: You’re not safe, please do not be deluded into believing any systems, statements, or mathematical systems will always have your back. Perhaps this is just to bring it into the absolute light for those too dense to grasp this mindset. The above scenario would also explain his general lack of input on the situation — I myself have been expecting miles and miles of (interestingly grotesque almost) prose about the situation. _benjamin
If so, then why did he spend a week denying it, calling me a liar, saying the data is fake and accusing it of being disinfo? And why not notify people on the website instead of the occasional tweet about how all logs leak/it's "not the worst"?
And if it *was* purposeful, how is *that* okay? If he leaked four months worth of his users' logs and metadata including search terms, *to make a point*?
On Sun, Oct 11, 2015 at 2:02 PM, Shelley <shelley@misanthropia.org> wrote:
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on. So how the fuckd this really happen? I truly don't know. I don't have any more info than anyone else, I was just musing about how it could have happened. Obviously, hearing JY's explanation would be the best thing. Also agree re: the /var/log issue, but I get the impression that the restored files weren't kept in the normal file tree structure. Again, I simply don't know and I'm not trying to be an overt JY apologist - I'm just saying sometimes, shit happens. It would help if he would weigh in instead of having dorks like me positing hypotheticals. -S
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would
When I do incremental backups or updates on my own systems, I don't> usually go back and check the integrity of files I've already archived> in my closed system. I can see where this could be an honest mistake> that has gotten blown way out of proportion. It's a good lesson to be> more aware of
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs? I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups. <--SNIP--> the "NetSol total restore" have changed that? these types of glitches. I still don't get how logs would have ended up in archives. Maybe JYA prepared a special set of archives for a collaborator. Maybe for someone helping him to understand what had happened. And then maybe he forgot about doing that. Hard to say.
On October 11, 2015 10:14:15 AM "Dr. J Feinstein" <drjfeinstein@mail.com> wrote:
Resend–HTML email scrubbed
On Oct 11, 2015, at 4:04 PM, Michael Best <themikebest@gmail.com> wrote:
That would explain keeping silent, NOT making up lies about me and saying the data is fake.
Perhaps he knew that you would keep the ‘conversation’ raging, therefore bringing it more ‘into the light’ than silence itself would prompt. Since you’ve been ‘on the case’, cypherpunks is 90% this subject matter, and 10% other cruft. Again, perhaps that was the intended purpose. Ie, in a different thread about the same subject (after he poked and prodded you earlier in said thread…)
On Oct 8, 2015, at 6:23 AM, John Young <jya@pipeline.com> wrote:
We've encouraged Best to continue doing what he is doing after using Cryptome as a platform, counsel and source of information. He did set up a website, did mirror the Cryptome archives, did do further research and announce it widely and has picked a fight with several parties, complained of mistreatment, censorship, abuse, exposed collateral innocent (ha!) parties.
We also told Best log files are the dirtiest secret of the Internet, none are secure, none private, none singular, admins and websites lie about using them, exploiting them, deleting them, needing them, stealing them, accusing about them, inflating them, rigging them. They pay for the Net, thus not ever going away or kept secure.
So Best is going in the tried and true direction, many others have staggered. And if determined he will avoid depending on anybody for support. More power to the asshole, welcome to the world of disputatious assholes, cypherpunks, the Internet, the planet.
Brave new growth to kill off the cowardly old.
Praise and support controls, don't seek it or succumb to it. Enjoy fucking yourself, Best, to entertain audiences. Cheers and keep at it.
I don’t know; neither do you. Selling old ass log files on purpose isn’t full of much sense if you’re constraining yourself into thinking ‘inside the box’. JYA doesn’t seem very in the box to me, but hey… Cheers, -benjamin
Anyway to rule this out other than hearing it from John? How long before we begin to seriously consider it or assume it? And if there was a NSL, why not shut down? Why put users at ongoing risk?? On Sun, Oct 11, 2015 at 4:19 PM, bbrewer <bbrewer@littledystopia.net> wrote:
On Oct 11, 2015, at 4:04 PM, Michael Best <themikebest@gmail.com> wrote:
That would explain keeping silent, NOT making up lies about me and saying the data is fake.
Perhaps he knew that you would keep the ‘conversation’ raging, therefore bringing it more ‘into the light’ than silence itself would prompt. Since you’ve been ‘on the case’, cypherpunks is 90% this subject matter, and 10% other cruft.
Again, perhaps that was the intended purpose.
Ie, in a different thread about the same subject (after he poked and prodded you earlier in said thread…)
On Oct 8, 2015, at 6:23 AM, John Young <jya@pipeline.com> wrote:
We've encouraged Best to continue doing what he is doing after using
as a platform, counsel and source of information. He did set up a website, did mirror the Cryptome archives, did do further research and announce it widely and has picked a fight with several parties, complained of mistreatment, censorship, abuse, exposed collateral innocent (ha!) parties.
We also told Best log files are the dirtiest secret of the Internet, none are secure, none private, none singular, admins and websites lie about using them, exploiting them, deleting them, needing them, stealing them, accusing about them, inflating them, rigging them. They pay for the Net, thus not ever going away or kept secure.
So Best is going in the tried and true direction, many others have staggered. And if determined he will avoid depending on anybody for support. More
Cryptome power
to the asshole, welcome to the world of disputatious assholes, cypherpunks, the Internet, the planet.
Brave new growth to kill off the cowardly old.
Praise and support controls, don't seek it or succumb to it. Enjoy fucking yourself, Best, to entertain audiences. Cheers and keep at it.
I don’t know; neither do you. Selling old ass log files on purpose isn’t full of much sense if you’re constraining yourself into thinking ‘inside the box’. JYA doesn’t seem very in the box to me, but hey…
Cheers, -benjamin
On Oct 11, 2015, at 4:22 PM, Michael Best <themikebest@gmail.com> wrote:
Anyway to rule this out other than hearing it from John? How long before we begin to seriously consider it or assume it?
And if there was a NSL, why not shut down? Why put users at ongoing risk??
https://en.wikipedia.org/wiki/Lavabit "Levison said that he could be arrested for closing the site instead of releasing the information, and it was reported that the federal prosecutor's office had sent Levison's lawyer an e-mail to that effect.” I’m just blabbering on suppositions here, but I wouldn’t be surprised by… anything. -benjamin
On October 11, 2015 1:35:42 PM bbrewer <bbrewer@littledystopia.net> wrote:
On Oct 11, 2015, at 4:22 PM, Michael Best <themikebest@gmail.com> wrote:
Anyway to rule this out other than hearing it from John? How long before we begin to seriously consider it or assume it?
And if there was a NSL, why not shut down? Why put users at ongoing risk??
https://en.wikipedia.org/wiki/Lavabit
"Levison said that he could be arrested for closing the site instead of releasing the information, and it was reported that the federal prosecutor's office had sent Levison's lawyer an e-mail to that effect.”
I’m just blabbering on suppositions here, but I wouldn’t be surprised by… anything.
-benjamin
That's exactly the example I was going to post, thank you. Yes, the feds can force you to keep your compromised site up; basically, anything you might do to warn users is verboten. Someone flaming uncharacteristically could be one of the only ways... and, it *is* old data. If this is the case, and that's a very tentative IF, there is not much else he can do (and he did as much as he could without putting himself in legal hot water.) -S
https://cryptome.org/2012/07/gent-forum-spies.htm 25 February 2014. Related: GCHQ Full-Spectrum Cyber Effects: <http://cryptome.org/2014/02/gchq-cyber-effects.pdf>http://cryptome.org/2014/02/gchq-cyber-effects.pdf 24 February 2014. Related: GCHQ Online Deception: <http://cryptome.org/2014/02/gchq-online-deception.pdf>http://cryptome.org/2014/02/gchq-online-deception.pdf GCHQ DISRUPTION Operational Playbook: <http://cryptome.org/2014/02/gchq-disruption.pdf>http://cryptome.org/2014/02/gchq-disruption.pdf 29 January 2014. Related: GCHQ Squeaky Dolphin Psychological Operations: <http://cryptome.org/2014/01/gchq-squeaky-dolphin.pdf>http://cryptome.org/2014/01/gchq-squeaky-dolphin.pdf (18MB) 4 March 2012. Precursor to this sabotage, OSS Sabotage of Organizations: <http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html>http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html
I'm not sure what the links are meant to imply. That the log leak was a disruption effort by the GCHQ that was planted when NetSol restored the site? On Sun, Oct 11, 2015 at 5:03 PM, John Young <jya@pipeline.com> wrote:
https://cryptome.org/2012/07/gent-forum-spies.htm
25 February 2014. Related: GCHQ Full-Spectrum Cyber Effects:
http://cryptome.org/2014/02/gchq-cyber-effects.pdf
24 February 2014. Related: GCHQ Online Deception:
http://cryptome.org/2014/02/gchq-online-deception.pdf
GCHQ DISRUPTION Operational Playbook:
http://cryptome.org/2014/02/gchq-disruption.pdf
29 January 2014. Related: GCHQ Squeaky Dolphin Psychological Operations:
http://cryptome.org/2014/01/gchq-squeaky-dolphin.pdf (18MB)
4 March 2012. Precursor to this sabotage, OSS Sabotage of Organizations:
http://svn.cacert.org/CAcert/CAcert_Inc/Board/oss/oss_sabotage.html
On 10/11/2015 02:33 PM, Dr. J Feinstein wrote:
I think the implication is that youre a JTRIG type
Usable... Too involved in chasing the snipe to notice the hunters benefiting from that chase.
On 10/11/2015 01:04 PM, Michael Best wrote:
That would explain keeping silent, *NOT* making up lies about me and saying the data is fake.
I'm not going to make JYA's argument here, even if what's been assumed is fact, but the strategy would be a stall at least with the potential for redirection from the 'dead canary' hypothesis because it's typical for people to explode into useless flame wars over the 'leakage' instead of giving serious thought beyond ego/profit motives to why the leak occurred. But, as a notable scientist once said... "Yes, but the whole point of the warrant canary is lost if you keep it a secret! Why didn't you tell the world, eh!?!" https://www.youtube.com/watch?v=cmCKJi3CKGE
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily... Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago): ~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed: tar zcf cryptome-backup.tar.gz ~/ The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances. Alfie -- Alfie John alfiej@fastmail.fm
Maybe, but why those foldersmonths only? Itd be good to hear from JYA, especially b/c Netsol contradicts him.
Sent: Sunday, October 11, 2015 at 9:13 PM From: "Alfie John" <alfiej@fastmail.fm> To: cypherpunks@cpunks.org Subject: Re: Why cryptome sold web logs to their paying customers?
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily...
Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago):
~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log
So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed:
tar zcf cryptome-backup.tar.gz ~/
The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances.
Alfie
-- Alfie John alfiej@fastmail.fm
It's simple. Someone made a mistake. Best was initially assumed full of shit by JYA, as he's a neophyte - and is consistently 'off-message' for this list. Others, wishing to read more into it, other than face value of hubris, see plans within plans. At the end of the day, Bests' disclosures amount to nothing of consequence. At best he overhyped them, being a neophyte. At worst he's JTRIGd the list, hilariously easily. The technical cognoscenti on the list stay quiet, "code compiling" as the good doctor says. In general, this oversight is valuable because it demonstrates one thing: Even if you try to delete it. If there's a signal it will leak. Purposefully or not. When the protocol you use doesn't provide metadata anonymity, don't expect it because you won't get it. If you don't understand this - keep studying. Why guess at 'motivation'? Do we need to FUD yet another leaker site? Put your money where your mouth is - improve it, donate, write your own, fix the bug & plug the hole. Travis On Sun, Oct 11, 2015, 5:28 PM Dr. J Feinstein <drjfeinstein@mail.com> wrote:
Maybe, but why those foldersmonths only? Itd be good to hear from JYA, especially b/c Netsol contradicts him.
Sent: Sunday, October 11, 2015 at 9:13 PM From: "Alfie John" <alfiej@fastmail.fm> To: cypherpunks@cpunks.org Subject: Re: Why cryptome sold web logs to their paying customers?
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[
https://www.networksolutions.com/support/how-to-enable-download-the-web-logs... ]
and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily...
Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago):
~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log
So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed:
tar zcf cryptome-backup.tar.gz ~/
The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances.
Alfie
-- Alfie John alfiej@fastmail.fm
So why does Netsol contradict JYA about the log settings? Sent: Sunday, October 11, 2015 at 9:43 PM From: "Travis Biehn" <tbiehn@gmail.com> To: "Dr. J Feinstein" <drjfeinstein@mail.com>, alfiej@fastmail.fm Cc: cypherpunks@cpunks.org Subject: Re: Why cryptome sold web logs to their paying customers? It's simple. Someone made a mistake. Best was initially assumed full of shit by JYA, as he's a neophyte - and is consistently 'off-message' for this list. Others, wishing to read more into it, other than face value of hubris, see plans within plans. At the end of the day, Bests' disclosures amount to nothing of consequence. At best he overhyped them, being a neophyte. At worst he's JTRIGd the list, hilariously easily. The technical cognoscenti on the list stay quiet, "code compiling" as the good doctor says. In general, this oversight is valuable because it demonstrates one thing: Even if you try to delete it. If there's a signal it will leak. Purposefully or not. When the protocol you use doesn't provide metadata anonymity, don't expect it because you won't get it. If you don't understand this - keep studying. Why guess at 'motivation'? Do we need to FUD yet another leaker site? Put your money where your mouth is - improve it, donate, write your own, fix the bug & plug the hole. Travis On Sun, Oct 11, 2015, 5:28 PM Dr. J Feinstein <drjfeinstein@mail.com> wrote:Maybe, but why those foldersmonths only? Itd be good to hear from JYA, especially b/c Netsol contradicts him.
Sent: Sunday, October 11, 2015 at 9:13 PM From: "Alfie John" <alfiej@fastmail.fm> To: cypherpunks@cpunks.org Subject: Re: Why cryptome sold web logs to their paying customers?
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/[https://www.networksolutions.com/support/how-to-enable-download-the-web-logs/]] and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily...
Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago):
~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log
So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed:
tar zcf cryptome-backup.tar.gz ~/
The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances.
Alfie
-- Alfie John alfiej@fastmail.fm
On 10/11/15, Dr. J Feinstein <drjfeinstein@mail.com> wrote:
So why does Netsol contradict JYA about the log settings?
ask netsol about their TLS competence, as well. :P [ many trying to get JYA to run a dedicated server someplace safe, but that's cRaZy unless you're good at it... ] best regards,
On 10/11/2015 03:13 PM, Alfie John wrote:
On Mon, Oct 12, 2015, at 04:08 AM, Dr. J Feinstein wrote:
Resend–HTML email scrubbed
Calling bullshit. Mirimirs right, this makes no sense. And JYA says netsol won't let him delete the logs but Netsol says logs are disabled by default[ https://www.networksolutions.com/support/how-to-enable-download-the-web-logs...] and you have to turn them on.
So how the fuckd this really happen?
Mirimir <mirimir@riseup.net> Are you arguing that users could have found those logs?
I almost can't imagine that. Logs are normally in /var/log/ somewhere, and I can't imagine making them searchable. And indeed, I can't imagine how Cryptome archives would have included anything from /var/log/, even after system restore from backups.
<--SNIP-->
Should access logs be kept for that long? Absolutely not. From what I> have read in the email exchange that was posted, the log files were> included in a NetSol total restore. My guess is that John/Cryptome did> not intentionally keep these files, and did not realize these files were> included in the archive. But that's the thing. Logs should have been in /var/log/. And how would the "NetSol total restore" have changed that?
Not necessarily...
Logs in /var/log is where they should be by default, but if the box is on a shared hosting account, then things are completely different. For instance, Bluehost charges $3.95/month, which gets you a home directory on a box shared with hundreds of other users. In your home directory, you get something like (from memory, which was a long, long time ago):
~/ ~/public_www/ ~/public_www/html/ ~/public_www/access_log ~/public_www/error_log
So as you can see, the user does have permissions to access logs, but are kept in the user's _home_ directory. Now you can see why this could have mistakenly been distributed:
tar zcf cryptome-backup.tar.gz ~/
The backup would have also slurped in all the logs. There was no malice, just an easy mistake that everyone here could have make given the same circumstances.
Alfie
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
A billboard doesn't need much 'security.' *shrug* Travis On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;) It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion. Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
I'd rather have what you call 'lazy' over nothing. The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes." Cryptome shows up on google searches. Your onion does not. -Travis On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
On 10/11/2015 07:49 PM, Travis Biehn wrote:
I'd rather have what you call 'lazy' over nothing.
Look, I mean no disrespect to Cryptome. But I do think that there ought to be a warning for users to protect themselves, if they don't want their access logged by everyone and their little yellow dog.
The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes."
Cryptome shows up on google searches. Your onion does not.
Well, Cryptome has been around for about 20 years, so hey ;) But Google is indexing it. And it shows up well enough in relevant searches. But I haven't been promoting it very much.
-Travis
On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
Your onion or your clearsite? How do you establish that your onion and clearsite host the same content? How do you federate changes from your onion to your clearsite? What do you do if your clearsite gets seized and used to serve up TAO payloads? How do you prevent your upstream from logging the IP addresses that hit port 80 and 443? The size of those messages (you know the https sizing attacks which can reveal which particular pages your visitors are on, right)? How do you make your visitors aware of the above and more? How do you ensure that they saw your message? -Travis On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 07:49 PM, Travis Biehn wrote:
I'd rather have what you call 'lazy' over nothing.
Look, I mean no disrespect to Cryptome. But I do think that there ought to be a warning for users to protect themselves, if they don't want their access logged by everyone and their little yellow dog.
The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes."
Cryptome shows up on google searches. Your onion does not.
Well, Cryptome has been around for about 20 years, so hey ;)
But Google is indexing it. And it shows up well enough in relevant searches. But I haven't been promoting it very much.
-Travis
On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
I would not have expected Cryptome to be on shared hosting ;) But
yes,
that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
On 10/11/2015 08:31 PM, Travis Biehn wrote:
Your onion or your clearsite?
What clearsite? One aspect of the design is that lighttpd runs in a VM that can't see the Internet except through a Tor-gateway VM.
How do you establish that your onion and clearsite host the same content?
Running a clearsite just doesn't work for me. It would paint too big a target on the server. Anyone not using Tor can just use <http://dbshmc5frbchaum2.onion.link/>.
How do you federate changes from your onion to your clearsite? What do you do if your clearsite gets seized and used to serve up TAO payloads?
Don't have a clearsite :)
How do you prevent your upstream from logging the IP addresses that hit port 80 and 443? The size of those messages (you know the https sizing attacks which can reveal which particular pages your visitors are on, right)?
Upstream = Tor. And sure, maybe Tor gets hosed.
How do you make your visitors aware of the above and more? How do you ensure that they saw your message?
Look at my front page :)
-Travis
On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 07:49 PM, Travis Biehn wrote:
I'd rather have what you call 'lazy' over nothing.
Look, I mean no disrespect to Cryptome. But I do think that there ought to be a warning for users to protect themselves, if they don't want their access logged by everyone and their little yellow dog.
The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes."
Cryptome shows up on google searches. Your onion does not.
Well, Cryptome has been around for about 20 years, so hey ;)
But Google is indexing it. And it shows up well enough in relevant searches. But I haven't been promoting it very much.
-Travis
On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
> I would not have expected Cryptome to be on shared hosting ;) But
yes,
> that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
onion.link is an untrusted, upstream CDN, no? On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 08:31 PM, Travis Biehn wrote:
Your onion or your clearsite?
What clearsite? One aspect of the design is that lighttpd runs in a VM that can't see the Internet except through a Tor-gateway VM.
How do you establish that your onion and clearsite host the same content?
Running a clearsite just doesn't work for me. It would paint too big a target on the server. Anyone not using Tor can just use <http://dbshmc5frbchaum2.onion.link/>.
How do you federate changes from your onion to your clearsite? What do you do if your clearsite gets seized and used to serve up TAO payloads?
Don't have a clearsite :)
How do you prevent your upstream from logging the IP addresses that hit port 80 and 443? The size of those messages (you know the https sizing attacks which can reveal which particular pages your visitors are on, right)?
Upstream = Tor. And sure, maybe Tor gets hosed.
How do you make your visitors aware of the above and more? How do you ensure that they saw your message?
Look at my front page :)
-Travis
On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 07:49 PM, Travis Biehn wrote:
I'd rather have what you call 'lazy' over nothing.
Look, I mean no disrespect to Cryptome. But I do think that there ought to be a warning for users to protect themselves, if they don't want their access logged by everyone and their little yellow dog.
The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes."
Cryptome shows up on google searches. Your onion does not.
Well, Cryptome has been around for about 20 years, so hey ;)
But Google is indexing it. And it shows up well enough in relevant searches. But I haven't been promoting it very much.
-Travis
On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote:
A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
Travis
On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote:
> >> I would not have expected Cryptome to be on shared hosting ;) But yes, >> that would explain it. > > Shared is cheap, so are we. Shared is vuln, so are we. So are the others > despite credentials and billion-dollar armaments and above all else > secrecy and shallow oversight. That explains it. > > > >
-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
On 10/11/2015 08:57 PM, Travis Biehn wrote:
onion.link is an untrusted, upstream CDN, no?
Yes, so use Tor :)
On Sun, Oct 11, 2015 at 10:50 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 08:31 PM, Travis Biehn wrote:
Your onion or your clearsite?
What clearsite? One aspect of the design is that lighttpd runs in a VM that can't see the Internet except through a Tor-gateway VM.
How do you establish that your onion and clearsite host the same content?
Running a clearsite just doesn't work for me. It would paint too big a target on the server. Anyone not using Tor can just use <http://dbshmc5frbchaum2.onion.link/>.
How do you federate changes from your onion to your clearsite? What do you do if your clearsite gets seized and used to serve up TAO payloads?
Don't have a clearsite :)
How do you prevent your upstream from logging the IP addresses that hit port 80 and 443? The size of those messages (you know the https sizing attacks which can reveal which particular pages your visitors are on, right)?
Upstream = Tor. And sure, maybe Tor gets hosed.
How do you make your visitors aware of the above and more? How do you ensure that they saw your message?
Look at my front page :)
-Travis
On Sun, Oct 11, 2015 at 10:15 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 07:49 PM, Travis Biehn wrote:
I'd rather have what you call 'lazy' over nothing.
Look, I mean no disrespect to Cryptome. But I do think that there ought to be a warning for users to protect themselves, if they don't want their access logged by everyone and their little yellow dog.
The ideal is all distribution modes available: "Keep the info off the dark web, off the deep web and in the search indexes."
Cryptome shows up on google searches. Your onion does not.
Well, Cryptome has been around for about 20 years, so hey ;)
But Google is indexing it. And it shows up well enough in relevant searches. But I haven't been promoting it very much.
-Travis
On Sun, Oct 11, 2015 at 9:38 PM, Mirimir <mirimir@riseup.net> wrote:
On 10/11/2015 06:20 PM, Travis Biehn wrote: > A billboard doesn't need much 'security.' *shrug*
Well, there are the access logs ;)
It ought to be an onion service, no? No sure bet, of course, but better than nothing. In my opinion.
Putting it all on users is awfully lazy, I think.
> Travis > > On Sun, Oct 11, 2015, 8:18 PM John Young <jya@pipeline.com> wrote: > >> >>> I would not have expected Cryptome to be on shared hosting ;) But yes, >>> that would explain it. >> >> Shared is cheap, so are we. Shared is vuln, so are we. So are the others >> despite credentials and billion-dollar armaments and above all else >> secrecy and shallow oversight. That explains it. >> >> >> >> >
On 10/11/2015 06:15 PM, John Young wrote:
I would not have expected Cryptome to be on shared hosting ;) But yes, that would explain it.
Shared is cheap, so are we. Shared is vuln, so are we. So are the others despite credentials and billion-dollar armaments and above all else secrecy and shallow oversight. That explains it.
Thanks. I get the strategy. But it doesn't work for me. I prefer to use pseudonyms, and to hide behind anonymity systems. I don't trust anyone or anything more than necessary, and I totally compartmentalize online stuff from meatspace. It limits me, I know. No credentials. No meetings. No sharing with meatspace friends. Not many online friends. But so it goes. And maybe, as you imply, it's all bullshit. Time will tell ;) Or maybe, as Uncle Bill speculated, they're just waiting me out, as my guns rust in my hands. But hey, no problem. I have more slack to play :) Anyway, y'all might be amused by this experiment: erehwon.dev.null <http://dbshmc5frbchaum2.onion>. One point of the site is to fully document itself. I welcome criticism and suggestions. I'll implement what I can, and document it. I already know, by the way, that the site is easy to DOS ;)
participants (10)
-
Alfie John -
bbrewer -
coderman -
Dr. J Feinstein -
John Young -
Michael Best -
Mirimir -
Razer -
Shelley -
Travis Biehn