RIAA Safeweb Ping

[John Young]

Based some three dozen pings of Safeweb IP address 64.124.150.130
from locations in the US and overseas, all pings conclude with these
5 or 6 hops:

  lga1-lhr3-stm64.lga1.above.net (64.125.31.182)  (New York, NY)
  core2-lga1-oc192.lga2.above.net (208.184.232.198)  (New York, NY)
  main1colo45-core2-oc48.lga2.above.net (216.200.127.174)  (New York, NY)

About half the pings timed out before the last hop at:

  208.184.48.173.safeweb.com (San Jose, CA)

A few hit a "private" address after 208.184.48.173:

  10.100.0.2 (no location)

before ending at:

  64.124.150.130.safeweb.com (San Jose, CA)

The station locations were provided by trace route program
VisualRoute.

Interpretation is needed for:

1. How much about the Safeweb stations is true and how much cloaking.
2. Why some pings timed out and others didn't.
3. Phantom station 10.100.0.2
4. Whether the San Jose hops actually go to San Jose or are spoofed.
5. Why go to New York then hop across the continent unless the
last hops are just administrative not physical.
6. How is cloaking done on addresses and physical locations

Is cloaking done by a Safeweb program, say by address spoofer or by 
phantom proxies, or is there a way to do this by special agreement 
with Network Central (whatever that is), say, as Intel Web and other 
classified systems covertly use the Web.

Recall that Safeweb was selected for financial support by the
CIA so intel officers could use it to cloak their Net use. And other
programs such as Onion make use of sub-Net features not easily
available to the surface user.

Now, onto news of the RIAA leaker (not yet a proven hoaxer despite
Declan, RIAA and friends hoaxing that).

We received a third message yesterday from the alleged source 
of the RIAA allegations who was pissed at our attempts to trace
the source. Use of Safeweb was admitted. Angry words were
hurled at us. Allegations were made that parties have been
punished for the leak though not the leaker who fears that
information about the traces could be used for that. Here's
our response:

-----

October 11, 2001

I very much appreciate your concern. I have stated publicly
that I do not yet believe there has been a hoax and that the source 
of the messages will not be disclosed if the messages can 
be shown to be legitimate.  Not that I have any hard information
on who you are. And don't need to know who you are so long
as your information is reliable. Hell, it doesn't have to be reliable
just provocative and unsettling.

Right now there is a push on by a host of people to promote 
that the messages are a hoax, and if they prevail RIAA will 
be the main beneficiary. And a great story becomes a bore.

It is to head off that win by RIAA, to avoid giving them improved
protection against future abuses as a result of the alleged hoax, 
that I wish to get from you information that will demonstrate 
there was no hoax. Again without putting you in jeopardy.

In a tough fight like this RIAA and its supporters will do whatever
they can to smear and deny your revelations. That's the
way it is, so fighting back is the only answer to prevent an
RIAA win by default as result of your valiant effort.

Listen, this very thing happens every time we put up a
controversial document, and your protection is paramount,
but opponents of publication will fight like hell to deny
the truth. But you surely know that. Now is when the
going gets tough. You need to decide how to avoid losing
this battle, losing your reputation and the whole shebang.

I say come forth with proof of the meeting and comments
made, provide it through a secure channel to protect your
identity. But don't let this story die a useless death.

Tony Smith ducked and ran. Not here, the story stays on
Cryptome, along with the story of what happened after
your account was published. Disinformation is as good
as information, maybe better. 

But if you want to abandon what you started, I'll understand
and wait for the next opportunity to buck the fuckers.

-----