From camera_lumina at hotmail.com Thu Sep 1 12:54:22 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 01 Sep 2005 15:54:22 -0400 Subject: Perhaps the real reason why Chavez is being targeted? In-Reply-To: <6.2.1.2.0.20050827222757.03b3a308@pop.idiom.com> Message-ID: >While the US certainly has been interfering with Chavez >and generally trying to mess around in Venezuela for a while, >most of what's happening here is just that >Chavez is running off at the mouth for domestic political reasons. >(Pat Robertson was partly doing that also and partly just babbling.) The leftist Z-mag had an interesting article about Chavez last month. Although most of Z-mag's articles are fairly silly leftwing ranting, you defiintely have a few in-the-trenches-type articles that show up every now and then. The article on Chavez is most interesting and strongly suggests that what Chavez is actually doing is trying to drive up the price Venezuela gets per barrel. Apparently, he's been successful, and most major oil companies (with the notable exception of Exxon) have recently signed very favorable contracts with his government. Also of interest is the proliferation of Chinese and other oil companies edging in next to the big US & UK oil firms that have traditionally dominated such deals. >The business about shipping oil to Jamaica is interesting; >he'd previously been talking about selling cheap gasoline >to poor US communities, which was high-grade political bullshit >that he had no mechanism for implementing, and quite amusing. Maybe not quite bullshit after all...the major barrier to doing this (ie, shipping low cost oil to some contries and communities) was that the oil was in a form that required processing before it could be used (when I get home I'll try to look up the specifics). Only a few companies could do this and he now has such companies signed (one is Chinese, I think). >But fundamentally the US government's problem is that he's a leftist >who hangs out with Castro and has oil and likes to do >"land reform" and nationalize oil companies, >which is not the kind of thing that right-wing industrialists like. Well, that's always the catch. Mao and (to a much lesser extent) Castro were effective guerilla warriors, but Mao had to die of old age in order for China to start developing itself (Cuba speaks for itself). Chavez seems to be spending a lot of the oil wealth on lots of social services which, though perhaps noble, is not sustainable. If Chavez were bright enough to use this $$$ to kick-start a modern economy his rhetoric would then prove to be much more than hot air. In short, I'm not convinced Chavez is an idiot. From this vantage point I'd argue it's way too early to tell. -TD From camera_lumina at hotmail.com Thu Sep 1 16:44:36 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 01 Sep 2005 19:44:36 -0400 Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] In-Reply-To: <20050830144227.GU2259@leitl.org> Message-ID: Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [syverson at itd.nrl.navy.mil: Re: Tor on USB] >Date: Tue, 30 Aug 2005 16:42:27 +0200 > >----- Forwarded message from Paul Syverson >----- > >From: Paul Syverson >Date: Tue, 30 Aug 2005 10:22:22 -0400 >To: or-talk at freehaven.net >Cc: Paul Syverson >Subject: Re: Tor on USB >User-Agent: Mutt/1.4.1i >Reply-To: or-talk at freehaven.net > >You might also see the following commercial distribution that >bundles Tor, a tiny linux, and related software on a USB stick > >http://www.virtualprivacymachine.com/products.html > >Looks cool and got favorable reviews, but I haven't used or examined >it first hand. This is a pointer, not an endorsement. > >-Paul > > >On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote: > > Interesting implementation. You could use it at a public terminal, a > > friend's computer, or for plausible deniability on your own computer. > > > > On 8/29/05, Shatadal wrote: > > > Arrakis Tor wrote: > > > > Can firefox be installed to run standalone whatsoever? > > > > > > > > > > > > > > Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and > > > http://portablefirefox.mozdev.org/ > > > > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From phobos at rootme.org Fri Sep 2 18:41:46 2005 From: phobos at rootme.org (phobos at rootme.org) Date: Fri, 2 Sep 2005 21:41:46 -0400 Subject: Greetings/Question - Was: RE: Have some consideration for Message-ID: users... User-Agent: Mutt/1.4.1i Reply-To: or-talk at freehaven.net You'll get timed out and clients will route around you. When you're back online and the dirserver recognizes it, you'll get clients routed to you. If you're flapping that much, it's better to just not be online at all. The "line card" excuse means your provider oversubscribed the upstream link; or they actually have a failed line card, but those are usually replaced quickly. On Fri, Sep 02, 2005 at 09:08:27PM -0400, jbloss at tampabay.rr.com wrote 1.7K bytes in 48 lines about: : What IS the impact on the tor network if a node suddenly drops off the : face of the planet, or appears and disappears every half hour or so : for an 8 hour span? I'd assume since tor is "real time" the node is : simply routed around, correct? How fast are these things compensated : for? ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From arma at mit.edu Fri Sep 2 19:00:53 2005 From: arma at mit.edu (Roger Dingledine) Date: Fri, 2 Sep 2005 22:00:53 -0400 Subject: Greetings/Question - Was: RE: Have some consideration for Message-ID: users... User-Agent: Mutt/1.5.9i Reply-To: or-talk at freehaven.net On Fri, Sep 02, 2005 at 09:08:27PM -0400, Jeffrey F. Bloss wrote: > What IS the impact on the tor network if a node suddenly drops off the > face of the planet, or appears and disappears every half hour or so > for an 8 hour span? I'd assume since tor is "real time" the node is > simply routed around, correct? How fast are these things compensated > for? Tor servers publish an "uptime" in their server descriptor, which is the time they've been available/working at their current IP. If servers die suddenly, Tor circuits that use them are broken. If somebody is using one of those circuits (e.g. for his irc connection), then it gets cut. Tor clients have a config option "LongLivedPorts" which defaults to "21,22,706,1863,5050,5190,5222,5223,6667,8300,8888". If a socks request asks for one of these ports, then it uses a circuit constructed entirely of nodes with uptimes of at least a day. The theory is that if they've been up that long, they'll probably be up a while longer. So for things like port 80 where the request is typically quite quick, a flaky node is fine, since it's either up during the request or it's not (in which case we'll keep building circuits until we get one that works). The answer to your question is "If your node is always like this, then it's probably not worth while to run a Tor node. But if it's fine for most days and it has this behavior one afternoon a week, then it's useful to have it." Hope that helps, --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From wdwrsosrgs at yahoo.com Fri Sep 2 22:15:35 2005 From: wdwrsosrgs at yahoo.com (Sanford Kuhn) Date: Sat, 03 Sep 2005 11:15:35 +0600 Subject: Watches Lovers Love this 4FQNJ5 Message-ID: <427504011246.j31CkQBj054969@..com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.watch3znow10bymail.com o-ut of mai-lling lisst: http://043.watch3znow10bymail.com/rm/ EptsY From dgerow at afflictions.org Sat Sep 3 08:53:55 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Sat, 3 Sep 2005 11:53:55 -0400 Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] In-Reply-To: References: <20050830144227.GU2259@leitl.org> Message-ID: <20050903155355.GF11749@afflictions.org> Thus spake Tyler Durden (camera_lumina at hotmail.com) [02/09/05 19:45]: : How long will it take the Greater Tor Network to notice the existence of : this little node? A few days after you register. : In other words, if I go into a Starbucks with this thing, can my laptop or : whatever start acting like a temporary Tor node? Yep. But I'm not sure you'd want to do that... AFAIK, TOR can handle dynamic addresses. So long as you've got a public address, you can act as a TOR entry/exit point. So you could, in theory, set up a TOR entry/exit point on your local Starbuck's network. All you'd have to do is register, and jump a few hoops to register your dynamic address. I don't know if the same holds true if it's not a public address. Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going. From camera_lumina at hotmail.com Sat Sep 3 10:56:19 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sat, 03 Sep 2005 13:56:19 -0400 Subject: Tor VoIP, & etc... In-Reply-To: <20050903155355.GF11749@afflictions.org> Message-ID: Damian Gerow replied to the great Tyler Durden: >Thus spake Tyler Durden (camera_lumina at hotmail.com) [02/09/05 19:45]: >: How long will it take the Greater Tor Network to notice the existence of >: this little node? > >A few days after you register. > >: In other words, if I go into a Starbucks with this thing, can my laptop >or >: whatever start acting like a temporary Tor node? Well, here I meant after registration, etc...in a "regular" IP network it can take seconds to minutes in order for routing tables (at layer 3) or the local MAC Address tables (at layer 2) to recognize that you're back on line. With a Tor node I'm wondering how long it takes for the greater Tor network to both notice your existence and then trust that you're here to stay...for a while. In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two? >Though, you can just skip all that, walk in to Starbucks, sit down, and >start using your TOR node as your own entry point. No registration, no >wait, no nothing: just sit down and go. I just set a node up a few days >ago, and was surprised at how simple it was to get TOR up and going. In other words, just for me. That, of course, is great. As for simplicity, I need that: I know my way around the BLSR protection switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). I just don't have time to have to fiddle with the OS myself, so this will be interesting. Think I might get me one of those gizmos and then stick it on my PDA. So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! -TD From eugen at leitl.org Sat Sep 3 05:44:56 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Sep 2005 14:44:56 +0200 Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] In-Reply-To: References: <20050830144227.GU2259@leitl.org> Message-ID: <20050903124456.GL2249@leitl.org> On Thu, Sep 01, 2005 at 07:44:36PM -0400, Tyler Durden wrote: > In other words, if I go into a Starbucks with this thing, can my laptop or > whatever start acting like a temporary Tor node? I don't see why not, you'd be just middleman. If you want to wind up on this list http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl you'll have to submit your stats, and it will take a day or two. > That's a very fascinating concept: A temporary, transient Tor network. Any > node on this network could cease to exist by the time someone tried to jam > large portions of it. Or at least, their attacks would have to be a hell of > a lot more flexible. An ephemeral P2P traffic remixing system with high node density in address space could bootstrap very quickly just from rendezvousing/scanning some random net blocks. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Sep 3 06:00:32 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Sep 2005 15:00:32 +0200 Subject: [phobos@rootme.org: Re: Greetings/Question - Was: RE: Have some consideration for users...] Message-ID: <20050903130032.GP2249@leitl.org> ----- Forwarded message from phobos at rootme.org ----- From eugen at leitl.org Sat Sep 3 06:03:12 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 3 Sep 2005 15:03:12 +0200 Subject: [arma@mit.edu: Re: Greetings/Question - Was: RE: Have some consideration for users...] Message-ID: <20050903130312.GR2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From dgerow at afflictions.org Sat Sep 3 13:00:53 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Sat, 3 Sep 2005 16:00:53 -0400 Subject: Tor VoIP, & etc... In-Reply-To: References: <20050903155355.GF11749@afflictions.org> Message-ID: <20050903200053.GC75659@afflictions.org> Thus spake Tyler Durden (camera_lumina at hotmail.com) [03/09/05 14:03]: : Well, here I meant after registration, etc...in a "regular" IP network it : can take seconds to minutes in order for routing tables (at layer 3) or the : local MAC Address tables (at layer 2) to recognize that you're back on : line. With a Tor node I'm wondering how long it takes for the greater Tor : network to both notice your existence and then trust that you're here to : stay...for a while. : : In other words, am I contributing to the greater Tor network if I allow my : USB Tor node to function while I'm sucking down a cappucino or two? As others have stated, no, likely not: bouncing your connection up and down like that will likely cause great untrust within the TOR routing. Whether you will be /harming/ the TOR network or not is a more interesting question... I'd suspect not, but it's probably worth looking into. : In other words, just for me. That, of course, is great. Good. : As for simplicity, I need that: I know my way around the BLSR protection : switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, : well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). : I just don't have time to have to fiddle with the OS myself, so this will : be interesting. Think I might get me one of those gizmos and then stick it : on my PDA. It is, quite literally, a matter of installing the binary (whichever OS you are using will determine the method of installation), setting two, maybe three configuration parameters -- things like logging levels, interfaces to use, and other very basic parameters -- starting it up and using it. So I imagine you can handle it quite easily. : So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! In theory, TOR can support anything that can handle a SOCKS connection. So if your VoIP program can do SOCKS, then yes, it can. If your VoIP program can't, wrappers are readily available. The question to ask here is: can TOR support VoIP /well/? I wouldn't put much faith in maintaining a solid VoIP connection: due to the very nature of what TOR does, you're introducing a substantial amount of latency to your connection, and it might be enough to throw off any VoIP connections you try to make. But it's worth trying... - Damian From bill.stewart at pobox.com Sat Sep 3 21:49:37 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Sat, 03 Sep 2005 21:49:37 -0700 Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] In-Reply-To: <20050903155355.GF11749@afflictions.org> References: <20050830144227.GU2259@leitl.org> <20050903155355.GF11749@afflictions.org> Message-ID: <6.2.1.2.0.20050903214708.03fbf850@pop.idiom.com> At 08:53 AM 9/3/2005, Damian Gerow wrote: >Though, you can just skip all that, walk in to Starbucks, sit down, and >start using your TOR node as your own entry point. No registration, no >wait, no nothing: just sit down and go. I just set a node up a few days >ago, and was surprised at how simple it was to get TOR up and going. How does TOR feel about NAT and various firewall things? I've been at hotels where I can't even get my ipsec VPN to work. From skquinn at speakeasy.net Sat Sep 3 21:08:32 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Sat, 03 Sep 2005 23:08:32 -0500 Subject: Tor VoIP, & etc... In-Reply-To: References: Message-ID: <1125806913.3295.10.camel@xevious.platypuslabs.org> On Sat, 2005-09-03 at 13:56 -0400, Tyler Durden wrote: > In other words, am I contributing to the greater Tor network if I > allow my USB Tor node to function while I'm sucking down a cappucino > or two? For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck". Anyway, as others have said, your node will only be able to function as middleman in such a setup, because by the time you register your IP will change unless you camp out in the Starbucks parking lot. Not that middleman is not useful, mind you (this applies to both Tor and Mixmaster). -- Shawn K. Quinn From camera_lumina at hotmail.com Sun Sep 4 08:49:41 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 04 Sep 2005 11:49:41 -0400 Subject: Tor VoIP, & etc... In-Reply-To: <1125806913.3295.10.camel@xevious.platypuslabs.org> Message-ID: Shawn Quinn wrote... >For the people that only route stuff like HTTP traffic through your Tor >node, it will be a benefit. If I'm IRCing and get routed through your >node, that's a different story (but it's no different than the bad old >days of IIP where people dropped off by the dozens when someone shut >down their computer). A Mixmaster remailer where the mail was transacted >at public Internet access points would be much more useful. It would >actually be funny if someone did this and named the node "starbuck". So: How hard would it be to surreptitiously install a Tor node into a computer at a public library? -TD From dgerow at afflictions.org Sun Sep 4 10:52:24 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Sun, 4 Sep 2005 13:52:24 -0400 Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] In-Reply-To: <6.2.1.2.0.20050903214708.03fbf850@pop.idiom.com> References: <20050830144227.GU2259@leitl.org> <20050903155355.GF11749@afflictions.org> <6.2.1.2.0.20050903214708.03fbf850@pop.idiom.com> Message-ID: <20050904175223.GA51545@afflictions.org> Thus spake Bill Stewart (bill.stewart at pobox.com) [04/09/05 01:27]: : At 08:53 AM 9/3/2005, Damian Gerow wrote: : >Though, you can just skip all that, walk in to Starbucks, sit down, and : >start using your TOR node as your own entry point. No registration, no : >wait, no nothing: just sit down and go. I just set a node up a few days : >ago, and was surprised at how simple it was to get TOR up and going. : : How does TOR feel about NAT and various firewall things? : I've been at hotels where I can't even get my ipsec VPN to work. Well, the running a server won't work well: But given that it's just initiating outbound TCP connections, so long as the firewall permits connections on those ports, it /should/ work fine. Give it a shot, see how it works. From skquinn at speakeasy.net Sun Sep 4 12:16:03 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Sun, 04 Sep 2005 14:16:03 -0500 Subject: Tor VoIP, & etc... In-Reply-To: References: Message-ID: <1125861364.16039.7.camel@xevious.platypuslabs.org> On Sun, 2005-09-04 at 11:49 -0400, Tyler Durden wrote: > Shawn Quinn wrote... > >For the people that only route stuff like HTTP traffic through your Tor > >node, it will be a benefit. If I'm IRCing and get routed through your > >node, that's a different story (but it's no different than the bad old > >days of IIP where people dropped off by the dozens when someone shut > >down their computer). A Mixmaster remailer where the mail was transacted > >at public Internet access points would be much more useful. It would > >actually be funny if someone did this and named the node "starbuck". > > So: How hard would it be to surreptitiously install a Tor node into a > computer at a public library? A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card and possible criminal prosecution if caught. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Other public libraries? Who knows. -- Shawn K. Quinn From camera_lumina at hotmail.com Sun Sep 4 18:03:51 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Sun, 04 Sep 2005 21:03:51 -0400 Subject: Tor VoIP, & etc... In-Reply-To: <1125861364.16039.7.camel@xevious.platypuslabs.org> Message-ID: SQ wrote... >A Houston (TX, USA) public library? Could be next to impossible, as well >as excellent cause for revocation of your library card Oh no! Loss of the Houston library card! My passport to knowledge!!! >criminal prosecution if caught. Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC. >Needless to say, I haven't tried. The >best you could do from Houston libraries would be a proxy accessed via >HTTPS. At one time you could telnet, but that has long since passed. Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports.... -TD From skquinn at speakeasy.net Sun Sep 4 23:13:50 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Mon, 05 Sep 2005 01:13:50 -0500 Subject: Tor VoIP, & etc... In-Reply-To: References: Message-ID: <1125900831.7925.8.camel@xevious.platypuslabs.org> On Sun, 2005-09-04 at 21:03 -0400, Tyler Durden wrote: > SQ wrote... > > > A Houston (TX, USA) public library? Could be next to impossible, as > > well as excellent cause for revocation of your library card and > > criminal prosecution if caught. > > Well, the idea would be not to get caught. I'm thinking basically of just > adding one of those $40 Tor nubbins at the end of a USB cable and then > tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If > it lasts a month then it might be money well spent, particularly if Al Qaeda > successfully nukes DC. > Damn. They blocked Telnet? They might as well just block TCP/IP. Do > they do this by blocking the likely ports or by merely de-balling the > protocol stack somehow? I assume Tor is smart enough to try various > open ports.... All you get access to as a library card holder is a Web browser (or pathetic excuse for same, as I think it's a hacked-up IE). The computers at the Houston libraries don't allow access to the USB ports from what I have seen, and in order to get access to anything besides a Web browser you would probably need to reboot the machine and you then have maybe 15-20 minutes before a librarian notices you. Now, the Harris County libraries might be different; I have not gone to one. -- Shawn K. Quinn From schoen at eff.org Mon Sep 5 06:10:02 2005 From: schoen at eff.org (Seth David Schoen) Date: September 5, 2005 6:10:02 PM EDT Subject: [E-PRV] Internet phone wiretapping ("Psst! The FBI is Message-ID: Having Trouble on the Line", Aug. 15) David Farber writes: >Can I get a copy for IP > The original article is at http://www.time.com/time/archive/preview/0,10987,1090908,00.html (subscription required) Here's the letter we sent: Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies ("Psst! The FBI is Having Trouble on the Line," Notebook, August 15) is in error. You claim that police "can't tap into [Internet] conversations or identify the location of callers, even with court orders." That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance. But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse. The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power "in the face of increasingly powerful and personally revealing technologies" (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations. -- Seth Schoen Staff Technologist schoen at eff.org Electronic Frontier Foundation http://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From berry at ajilonfinance.com Mon Sep 5 20:23:59 2005 From: berry at ajilonfinance.com (Gerard Brennan) Date: Mon, 05 Sep 2005 19:23:59 -0800 Subject: Notice: Loww mortagee ratee approved Message-ID: <152550196795466.1033929@> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 681 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .8.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From dgerow at afflictions.org Mon Sep 5 18:32:17 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Mon, 5 Sep 2005 21:32:17 -0400 Subject: Tor VoIP, & etc... In-Reply-To: References: <1125861364.16039.7.camel@xevious.platypuslabs.org> Message-ID: <20050906013217.GF8108@afflictions.org> Thus spake Tyler Durden (camera_lumina at hotmail.com) [04/09/05 21:14]: : I assume Tor is smart enough to try various open ports.... TOR can only contact other entry/mid/exit nodes on the ports they're listening on. The documentation actually requests that people set up nodes on TCP ports 80 and 443, for the exact case that this Houston, TX library seems to be in. So yes, TOR *is* smart enough to try various open ports, but it will only work if something is listening on said ports. From knizw at hotmail.com Mon Sep 5 23:07:29 2005 From: knizw at hotmail.com (Clay Naquin) Date: Tue, 06 Sep 2005 07:07:29 +0100 Subject: Can You Last 36 Hours? ZF2 Message-ID: <950504011246.j31CkQBj138769@..com> "Ci-ialis Softabs" is better than Pfizer Viiagrra and normal Ci-ialis because: - Guaaraantees 36 hours lasting - Safe to take, no side effects at all - Boost and increase se-xual performance - Haarder e-rectiions and quick recharge - Proven and certified by experts and doctors - only $3.99 per tabs Cllick heree: http://aspartames.net/cs/?ronn o-ut of mai-lling lisst: http://aspartames.net/rm.php?ronn QQU6S From skquinn at speakeasy.net Tue Sep 6 06:11:25 2005 From: skquinn at speakeasy.net (Shawn K. Quinn) Date: Tue, 06 Sep 2005 08:11:25 -0500 Subject: Tor VoIP, & etc... In-Reply-To: <20050906013217.GF8108@afflictions.org> References: <1125861364.16039.7.camel@xevious.platypuslabs.org> <20050906013217.GF8108@afflictions.org> Message-ID: <1126012285.32446.2.camel@xevious.platypuslabs.org> On Mon, 2005-09-05 at 21:32 -0400, Damian Gerow wrote: > Thus spake Tyler Durden (camera_lumina at hotmail.com) [04/09/05 21:14]: > : I assume Tor is smart enough to try various open ports.... > > TOR can only contact other entry/mid/exit nodes on the ports they're > listening on. The documentation actually requests that people set up nodes > on TCP ports 80 and 443, for the exact case that this Houston, TX library > seems to be in. The bigger problem is convincing the library's computer to run your software without getting caught. Even then, there's no guarantee that the computers have direct Internet access; it's likely everything is funneled through proxies. -- Shawn K. Quinn From dgerow at afflictions.org Tue Sep 6 21:35:29 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Wed, 7 Sep 2005 00:35:29 -0400 Subject: Tor VoIP, & etc... In-Reply-To: <1126012285.32446.2.camel@xevious.platypuslabs.org> References: <1125861364.16039.7.camel@xevious.platypuslabs.org> <20050906013217.GF8108@afflictions.org> <1126012285.32446.2.camel@xevious.platypuslabs.org> Message-ID: <20050907043529.GF89015@afflictions.org> Thus spake Shawn K. Quinn (skquinn at speakeasy.net) [06/09/05 09:22]: : > TOR can only contact other entry/mid/exit nodes on the ports they're : > listening on. The documentation actually requests that people set up nodes : > on TCP ports 80 and 443, for the exact case that this Houston, TX library : > seems to be in. : : The bigger problem is convincing the library's computer to run your : software without getting caught. Even then, there's no guarantee that : the computers have direct Internet access; it's likely everything is : funneled through proxies. Generally speaking, it's not terribly difficult to convince a library computer to run your software. Especially if there's anything from MS Office installed. And whether or not it's funneled through proxies doesn't matter one bit: you're submitted a valid HTTP request to a valid HTTP port. There's no reason the proxy would reject your request. At this point, I think I'll put my money where my mouth is, and try running a TOR node (client only) at my local library. See what happens. From dave at farber.net Wed Sep 7 06:48:13 2005 From: dave at farber.net (David Farber) Date: Wed, 7 Sep 2005 09:48:13 -0400 Subject: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on Message-ID: the Line", Aug. 15) X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From bill.stewart at pobox.com Wed Sep 7 10:46:24 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 07 Sep 2005 10:46:24 -0700 Subject: UK: Don't smile for passport photos - face scanners limitations Message-ID: <6.2.1.2.0.20050907104204.03d59a10@pop.idiom.com> This'll probably apply to the UK's new National ID cards if they ever approve them. http://www.jamaicaobserver.com/news/html/20050906T030000-0500_87710_OBS__DON_T_SMILE_FOR_PASSPORT_PHOTOS__.asp 'Don't smile for passport photos' AFP Tuesday, September 06, 2005 LONDON, England (AFP) - Britons are being told not to smile for photographs when applying for new passports to avoid confusing new security scanners introduced at airports worldwide, officials said yesterday. Passport applicants from next week must keep their mouths closed and retain a neutral expression to meet new facial recognition technology being used in airport scanners, they said. The new international requirements were announced in August 2003 as part of a process to enable production of new, more secure biometric "ePassports" with facial recognition technology, the United Kingdom Passport Service said on its website. By 2008 it is hoped that fingerprint identification will also be used in passports. Britain is among the first countries to implement the new requirements, a spokesman at the Home Office (interior ministry) said. There were concerns that Britain would not meet the United States deadline for passport changes, which was brought forward in the wake of the September 11, 2001 terror attacks in the United States, the spokesman said. Without the new ePassports, visitors would have to apply for visas, the spokesman said. However, the United States has not been able to keep up with its own deadline, delaying it twice, leaving Britain enough time to implement the new requirements, he added. The security scanners are reported to work by matching key points on the holder's face, such as the mouth and eyes, with the photograph. The new rules, according to one report, say "photographs must show no shadows: your face looking straight at the camera, a neutral expression, with your mouth closed". Eyes must be open and clearly visible, and there must be no sunglasses, tinted glasses or hair across the eyes, it added. From qqgfpf at msn.com Wed Sep 7 02:05:55 2005 From: qqgfpf at msn.com (Cassandra Sadler) Date: Wed, 07 Sep 2005 13:05:55 +0400 Subject: Double Your Penis Size tongDT Message-ID: <13713969.986qqgfpf@msn.com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://www.gratifyher.info X33YPH From camera_lumina at hotmail.com Wed Sep 7 10:55:02 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 07 Sep 2005 13:55:02 -0400 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] In-Reply-To: <20050907135808.GU2249@leitl.org> Message-ID: Like I said: We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Then again, the FBI probably loves hanging out in Starbucks anyway... -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] Internet phone wiretapping ("Psst! The FBI >is Having Trouble on the Line", Aug. 15)] >Date: Wed, 7 Sep 2005 15:58:08 +0200 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Wed, 7 Sep 2005 09:48:13 -0400 >To: Ip Ip >Subject: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble >on >the Line", Aug. 15) >X-Mailer: Apple Mail (2.734) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: Seth David Schoen >Date: September 5, 2005 6:10:02 PM EDT >To: David Farber >Cc: Donna Wentworth , eff-priv at eff.org >Subject: Re: [E-PRV] Internet phone wiretapping ("Psst! The FBI is >Having Trouble on the Line", Aug. 15) > > >David Farber writes: > > > >Can I get a copy for IP > > > >The original article is at > >http://www.time.com/time/archive/preview/0,10987,1090908,00.html >(subscription required) > >Here's the letter we sent: > > Your account of FBI efforts to embed wiretapping into the design of > new Internet communication technologies ("Psst! The FBI is Having > Trouble on the Line," Notebook, August 15) is in error. > > You claim that police "can't tap into [Internet] conversations or > identify the location of callers, even with court orders." > > That is false. Internet service providers and VoIP companies have > consistently responded to such orders and turned over information > in their possession. There is no evidence that law enforcement is > having any trouble obtaining compliance. > > But more disturbingly, you omit entirely any reference to the > grave threat these FBI initiatives pose to the personal privacy > and security of innocent Americans. The technologies currently > used to create wiretap-friendly computer networks make the people > on those networks more pregnable to attackers who want to steal > their data or personal information. And at a time when many of our > most fundamental consititutional rights are being stripped away in > the name of fighting terrorism, you implicitly endorse opening yet > another channel for potential government abuse. > > The legislative history of the Communications Assistance for Law > Enforcement Act (CALEA) shows that Congress recognized the danger > of giving law enforcement this kind of surveillance power "in the > face of increasingly powerful and personally revealing >technologies" > (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House > Report]). The law explicitly exempts so-called information >services; > law enforcement repeatedly assured civil libertarians that the > Internet would be excluded. Yet the FBI and FCC have now betrayed > that promise and stepped beyond the law, demanding that Internet > software be redesigned to facilitate eavesdropping. In the coming > months, we expect the federal courts to rein in these dangerously > expansive legal intepretations. > >-- >Seth Schoen >Staff Technologist schoen at eff.org >Electronic Frontier Foundation http://www.eff.org/ >454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 > > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Wed Sep 7 06:58:08 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 7 Sep 2005 15:58:08 +0200 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] Message-ID: <20050907135808.GU2249@leitl.org> ----- Forwarded message from David Farber ----- From measl at mfn.org Wed Sep 7 17:04:02 2005 From: measl at mfn.org (J.A. Terranson) Date: Wed, 7 Sep 2005 19:04:02 -0500 (CDT) Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] In-Reply-To: References: Message-ID: <20050907190059.F43708@ubzr.zsa.bet> On Wed, 7 Sep 2005, Tyler Durden wrote: > Like I said: > > We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then > will the ghost of Tim May rest in piece. Somehoe, I don't see the [legitimate] ghost of Tim May finding either rest nor peace. -- Yours, J.A. Terranson sysadmin at mfn.org 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D. From europus at gmail.com Wed Sep 7 19:16:31 2005 From: europus at gmail.com (Ulex Europae) Date: Wed, 7 Sep 2005 22:16:31 -0400 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Message-ID: <570521b2050907191632ebdb18@mail.gmail.com> Okay, I've been in a hole in the ground for a few years. What happened to Tim May? At 13:55 07-09-05 -0400, Tyler Durden wrote: >Like I said: > >We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then >will the ghost of Tim May rest in piece. > >Then again, the FBI probably loves hanging out in Starbucks anyway... > >-TD From rah at shipwright.com Wed Sep 7 19:30:34 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 7 Sep 2005 22:30:34 -0400 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <570521b2050907191632ebdb18@mail.gmail.com> References: <570521b2050907191632ebdb18@mail.gmail.com> Message-ID: At 10:16 PM -0400 9/7/05, Ulex Europae wrote: >Okay, I've been in a hole in the ground for a few years. What happened >to Tim May? See below. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen From gt_IP050716 at think.org Thu Sep 8 03:24:45 2005 From: gt_IP050716 at think.org (Glenn S. Tenney CISSP CISM) Date: September 8, 2005 3:24:45 PM EDT Subject: Radio jamming in New Orleans during rescue operations Message-ID: I saw this... For IP if you like: http://www.waynemadsenreport.com/ September 2, 2005 -- Who is jamming communications in New Orleans? Ham radio operators are reporting that communications in and around New Orleans are being jammed. In addition, perplexed ham radio operators who were enlisted by the Federal government in 911 are not being used for hurricane Katrina Federal relief efforts. There is some misinformation circulating on the web that the jamming is the result of solar flares. Ham radio operators report that the flares are not the source of the communications jamming. If anyone at the National Security Agency is aware of the source of the jamming, from direction finding or satellite intelligence, please discretely contact me at waynemadsendc at hotmail.com (from a private or temporary email account). In this case, the Bush administration cannot hide behind national security and it is the duty of every patriotic American to report such criminal activity to the press. Even though the information on the jamming may be considered classified -- it is in the public interest to disclose it. Also, the Federal Aviation Administration (FAA) is reporting that no aircraft over New Orleans have been fired on over New Orleans or anywhere else in the area. Are the reports of shots being fired at aircraft an attempt by the Bush administration to purposely delay the arrival of relief to the city's homeless and dying poor? The neocons have turned New Orleans into Baghdad on the Mississipppi New Orleans: Who is jamming communications and why? UPDATE: We can now report that the jamming of New Orleans' communications is emanating from a pirate radio station in the Caribbean. The noise is continuous and it is jamming frequencies, including emergency high frequency (HF) radios, in the New Orleans area. The radio frequency jammers were heard last night, stopped for a while, and are active again today. The Pentagon must locate the positions of these transmitters and order the Air Force to bomb them immediately. However, we now have a new unconfirmed report that the culprit may be the Pentagon itself. The emitter is an IF (Intermediate Frequency) jammer that is operating south southwest of New Orleans on board a U.S. Navy ship, according to an anonymous source. The jamming is cross-spectrum and interfering with superheterodyne receiver components, including the emergency radios being used in New Orleans relief efforts. The jammed frequencies are: 72.0MHZ (high end of Channel 4 WWL TV New Orleans) 45.0MHZ (fixed mobile) 10.245MHZ (fixed mobile) 10.240 Mhz (fixed mobile) 11.340 Mhz (aeronautical mobile) 233 MHZ (fixed mobile) 455 IF (jammer) A former DoD source says the U.S. Army uses a portable jammer, known as WORLOCK, in Iraq and this jammer may be similar to the one that is jamming the emergency frequencies. UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search & Rescue Team deployed to New Orleans reported that their satellite phones were not working and they had to obtain other satellite phones to keep in touch with their headquarters and other emergency agencies in British Columbia. There is a report on a ham radio web site that jamming is adversely affecting the New Orleans emergency net on 14.265 Mhz. If a U.S. Navy ship is, in fact, jamming New Orleans communications, the crew must immediately shut down the jammer and take action against the Commanding Officer. *** We have just learned from a journalist in Mobile that yesterday, Sprint blocked all cell phone calls from the Gulf Coast region to points north and west. Calls were permitted between Alabama, Mississippi, and Florida but no calls could be made to Washington, New York, or Los Angeles September 5, 2005 ... Meanwhile, the communications jamming in the New Orleans area continues. It is now being reported by truck drivers on Interstate-10 as affecting the Citizens' Band (CB) frequencies. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From gt_IP050716 at think.org Thu Sep 8 03:24:45 2005 From: gt_IP050716 at think.org (Glenn S. Tenney CISSP CISM) Date: September 8, 2005 3:24:45 PM EDT Subject: Radio jamming in New Orleans during rescue operations Message-ID: I saw this... For IP if you like: http://www.waynemadsenreport.com/ September 2, 2005 -- Who is jamming communications in New Orleans? Ham radio operators are reporting that communications in and around New Orleans are being jammed. In addition, perplexed ham radio operators who were enlisted by the Federal government in 911 are not being used for hurricane Katrina Federal relief efforts. There is some misinformation circulating on the web that the jamming is the result of solar flares. Ham radio operators report that the flares are not the source of the communications jamming. If anyone at the National Security Agency is aware of the source of the jamming, from direction finding or satellite intelligence, please discretely contact me at waynemadsendc at hotmail.com (from a private or temporary email account). In this case, the Bush administration cannot hide behind national security and it is the duty of every patriotic American to report such criminal activity to the press. Even though the information on the jamming may be considered classified -- it is in the public interest to disclose it. Also, the Federal Aviation Administration (FAA) is reporting that no aircraft over New Orleans have been fired on over New Orleans or anywhere else in the area. Are the reports of shots being fired at aircraft an attempt by the Bush administration to purposely delay the arrival of relief to the city's homeless and dying poor? The neocons have turned New Orleans into Baghdad on the Mississipppi New Orleans: Who is jamming communications and why? ----------------------------------------------------------------------------- -------------------------------- END OF QUOTED TEXT FROM: http://www.noaanews.noaa.gov/stories2005/s2502.htm Sept. 9, 2005 Forecasters at the NOAA Space Environment Center in Boulder, Colo., continue to observe significant flares on the sun Friday in NOAA sunspot Region 808. This is the same region that yielded a powerful X-17 flare on Wednesday-R4, severe radio blackout, on the NOAA space weather scales. NOAA cautions satellite and communications groups are already experiencing problems due to this activity. Other agencies impacted by space weather are at increasing risk for service disruptions. This includes other space activities, electric power systems, high frequency communications and navigation systems such as global positioning systems. Randy From DaveHowe at gmx.co.uk Wed Sep 7 21:31:32 2005 From: DaveHowe at gmx.co.uk (Dave Howe) Date: Thu, 08 Sep 2005 05:31:32 +0100 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] In-Reply-To: References: Message-ID: <431FBEA4.7030500@gmx.co.uk> Tyler Durden wrote: > We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then > will the ghost of Tim May rest in piece. Don't really need one. the Skype concept of "supernodes" - users that relay conversations for other users - could be used just as simply, and is Starbucks-compatable. If the feds had to try and monitor traffic for every VoIP user that could potentially be used as a relay (*and* prove that any outbound traffic from their target wasn't relayed traffic from another user) life would get much harder for them much faster. Plus of course some sort of assurance that skype's crypto isn't snakeoil :) From SNHDUERC at labelgraphics.co.uk Wed Sep 7 22:37:56 2005 From: SNHDUERC at labelgraphics.co.uk (Esperanza Atkinson) Date: Thu, 08 Sep 2005 07:37:56 +0200 Subject: You can save few hundreds every month Message-ID: <20630403245750.A31810@xearthlink.net> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.strangeflower.info/?f11e5501f7a2d5Sec987edacc86Sfb9f waterline ow pathway iju crisis qog exhibit dot bawd fm briggs hh colby za anodic qq barnhard rdi mudsling tu standstill dfm amphibole wg czarina vly wheresoever ymy excelsior cwp allude xd http://www.strangeflower.info/rm.php?got From eugen at leitl.org Wed Sep 7 23:55:33 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Sep 2005 08:55:33 +0200 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <570521b2050907191632ebdb18@mail.gmail.com> References: <570521b2050907191632ebdb18@mail.gmail.com> Message-ID: <20050908065533.GG2249@leitl.org> On Wed, Sep 07, 2005 at 10:16:31PM -0400, Ulex Europae wrote: > Okay, I've been in a hole in the ground for a few years. What happened > to Tim May? http://groups.google.com/groups?q=&start=0&scoring=d&enc_author=8NH-JhoAAAAfC Mh-TnQo0KXFjppET7C1dSi2gjvQCgNblIvwKtcqeQ&hl=en& Nobody of importance, just an Usenet troll. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ghicks at cadence.com Thu Sep 8 09:56:59 2005 From: ghicks at cadence.com (Gregory Hicks) Date: September 8, 2005 9:56:59 PM EDT Subject: Judge says no to law enforcement cell-phone tracking request Message-ID: http://rcrnews.com/news.cms?newsId=24009 ---------------------------------------- By Heather Forsgren Weaver Sep 6, 2005 WASHINGTON A federal judge in New York has ruled that law enforcement may not track someone without probable cause, according to News.com by CNET. Burton Ryan, an assistant U.S. attorney, had tried to obtain a "pen register" tap that would track constantly a target whenever his cell phone was in use. U.S. Magistrate Judge James Orenstein said no. To require that type of information, Ryan must apply for a wiretap, which requires probable cause. "I don't know anything about the specific case, but it is true that location information only attaches to a court order obtained with probable cause," said Les Szwajkowski, a former FBI agent now with Raytheon Corp "This is exactly the role magistrates are supposed to play. They are not rubber stamps." The rules implementing the Communications Assistance for Law Enforcement Act said that law enforcement was entitled to pen register information from a cell-phone conversation at the beginning and end of the call. This information would make it similar to a pen register in the wired world, which gives the date, time and number called. Because the location is fixed in the wired world, the location is known. According to CNET, Orenstein said that more definitive rules need to be established. "My research on this question has failed to reveal any federal case law directly on point. Moreover, it is my understanding based on anecdotal information that magistrate judges in other jurisdictions are being confronted with the same issue but have not yet achieved consensus on how to resolve it. If the government intends to continue seeking authority to obtain cell-site location information in aid of its criminal investigations, I urge it to seek appropriate review of this order so that magistrate judges will have more authoritative guidance in determining whether controlling law permits such relief on the basis of the relaxed standards set forth (under federal law), or instead requires adherence to the more exacting standard of probable cause," wrote Orenstein. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Sep 8 01:13:27 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 8 Sep 2005 10:13:27 +0200 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] In-Reply-To: <431FBEA4.7030500@gmx.co.uk> References: <431FBEA4.7030500@gmx.co.uk> Message-ID: <20050908081327.GL2249@leitl.org> On Thu, Sep 08, 2005 at 05:31:32AM +0100, Dave Howe wrote: > Don't really need one. the Skype concept of "supernodes" - users that relay > conversations for other users - could be used just as simply, and is What hinders Mallory from running most of supernodes? > Starbucks-compatable. If the feds had to try and monitor traffic for every VoIP > user that could potentially be used as a relay (*and* prove that any outbound > traffic from their target wasn't relayed traffic from another user) life would > get much harder for them much faster. > Plus of course some sort of assurance that skype's crypto isn't snakeoil :) It is snake oil until proven otherwise. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From hicks at affichage.astral.com Thu Sep 8 11:27:52 2005 From: hicks at affichage.astral.com (Anita Butcher) Date: Thu, 08 Sep 2005 10:27:52 -0800 Subject: Low mortaggee ratess Message-ID: <488596105783998.6711013@> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 675 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: .2.gif Type: image/gif Size: 7610 bytes Desc: not available URL: From rah at shipwright.com Thu Sep 8 09:27:52 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 8 Sep 2005 12:27:52 -0400 Subject: [Clips] MIT Conference On REAL ID Act Is Postponed And Augmented By Online Discussion Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 8 Sep 2005 12:27:09 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] MIT Conference On REAL ID Act Is Postponed And Augmented By Online Discussion Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Date: Thu, 08 Sep 2005 12:03:51 -0400 From: Daniel Greenwood User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) To: dang at media.mit.edu Subject: MIT CONFERENCE ON REAL ID ACT IS POSTPONED AND AUGMENTED BY ONLINE DISCUSSION Please be advised that the public forum originally scheduled for Wednesday, September 14, 2005 to address the REAL ID Act of 2005 has been postponed. This has become necessary because many of the people interested in the forum are from the homeland security and first responder communities, and their focus is now squarely on the ongoing efforts to recover from Hurricane Katrina. In place of the September 14th public forum, the MIT Media Lab and the MIT E-Commerce Architecture Program will be organizing an online forum to start a conversation about the REAL ID Act of 2005. This online forum will be an ongoing, asynchronous event lasting from Monday, September 19, 2005 through Friday, September 23, 2005. This online discussion will include presentation by leaders in the field, policy experts and governmental officials who will give deeper background on the status and issues related to REAL ID. There will also be an opportunity for all registrants to participate in a dialog with the speakers and each other. Additional details about the online forum will be available shortly at http://ecitizen.mit.edu/realid.html. Please register at that web site between now and September 19th in order to participate in this web-based discussion. Finally, there will be a physical meeting at MIT to discuss the REAL ID Act of 2005 on Thursday, November 17, 2005. The upcoming online forum will provide an excellent opportunity to design this event so as to provide the maximum benefit for the people who will be attending this gathering. In the meantime, please continue to use the registration feature on the website to let us know if you are interested in participating in the online forum or attending the November meeting. Also be sure to check the website periodically for additional details. Regards, Daniel J. Greenwood, MIT Media Lab, Smart Cities Group MIT E-Commerce Architecture Program --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From SUTVJFLVBZLDFY at yahoo.com Thu Sep 8 08:36:03 2005 From: SUTVJFLVBZLDFY at yahoo.com (Lee Braun) Date: Thu, 08 Sep 2005 12:36:03 -0300 Subject: Is yours Below 5 Innches Long? jr Message-ID: <560504011246.j31CkQBj226333@..com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://www.gratifyher.info Rbnmdj From bill.stewart at pobox.com Thu Sep 8 15:55:16 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Thu, 08 Sep 2005 15:55:16 -0700 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Trouble on the Line", Aug. 15)] In-Reply-To: <20050908081327.GL2249@leitl.org> References: <431FBEA4.7030500@gmx.co.uk> <20050908081327.GL2249@leitl.org> Message-ID: <6.2.1.2.0.20050908144434.03f62448@pop.idiom.com> At 01:13 AM 9/8/2005, Eugen Leitl wrote: >On Thu, Sep 08, 2005 at 05:31:32AM +0100, Dave Howe wrote: > > > Don't really need one. the Skype concept of "supernodes" > > - users that relay conversations for other users - > > could be used just as simply, and is > >What hinders Mallory from running most of supernodes? Budget? But Mallory doesn't need to run *most* of the supernodes - hitting just the current targets is good enough, especially if the central sites or client software can be tricked into not using encryption or using compromised keys. > > Plus of course some sort of assurance that skype's crypto isn't > snakeoil :) >It is snake oil until proven otherwise. Yup. They say they use AES, and that they use RSA to set up session keys. The main issue is that they don't document their protocols or crypto, and of course the usual failures are bad protocol design, which can break systems that do include strong crypto. The use of RSA for session key setup instead of Diffie-Hellman is a strong sign that they don't really have a clue... If you're in the SF Bay Area, Skype is having a developer get-together in Palo Alto on Thursday 9/22. http://www.skype.com/campaigns/skypenightpaloalto2005 From camera_lumina at hotmail.com Thu Sep 8 16:43:04 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 08 Sep 2005 19:43:04 -0400 Subject: The ghost of Tim May In-Reply-To: <570521b2050907191632ebdb18@mail.gmail.com> Message-ID: Ulex Europae wrote... >Okay, I've been in a hole in the ground for a few years. What happened >to Tim May? May's ghost haunts and trolls lesser boards (and as an upper bound I admit CP ain't super-hot these days), where he is banished for all eternity, and where he is viewed as merely an old, crazy kook. I don't miss his racism and love of mass murder, but I sure miss his brilliant, destabilising ideas. -TD From jamesd at echeque.com Fri Sep 9 00:00:22 2005 From: jamesd at echeque.com (James A. Donald) Date: Fri, 09 Sep 2005 00:00:22 -0700 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <570521b2050907191632ebdb18@mail.gmail.com> Message-ID: <4320D096.11762.19834E26@localhost> -- From: Ulex Europae > Okay, I've been in a hole in the ground for a few > years. What happened to Tim May? Gone very quiet. At the expiration party, he failed to recommend gas chambers. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 52+QQakDucdEgAkVYs0b9Lq9sI84wmnFiKPwbEZK 45j1XEUboV0R/BnpbNqH/42HhEuzdBcP38z9OmshC From ghicks at cadence.com Fri Sep 9 08:07:19 2005 From: ghicks at cadence.com (Gregory Hicks) Date: Fri, 9 Sep 2005 08:07:19 -0700 (PDT) Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having Message-ID: <200509091507.j89F7C9i011263@pony-express.cadence.com> > Date: Fri, 9 Sep 2005 09:35:18 -0400 > From: Steve Furlong > To: cypherpunks at jfet.org > Subject: Re: [dave at farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having > > On 9/9/05, Eugen Leitl wrote: > > Does anyone have a recent working email address? Does > > tcmay at got.net still work? > > You might try sending email to that address. If you don't get a > response, either it's not a good address or he thinks you're an idiot. > (Or he's dead, but he wasn't last I knew.) He's not... Or he has a really, really good autoresponder. Just saw some notes purported to be from him on ba.food... > > -- > There are no bad teachers, only defective children. ------------------------------------------------------------------- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton From dave at farber.net Fri Sep 9 05:21:19 2005 From: dave at farber.net (David Farber) Date: Fri, 9 Sep 2005 08:21:19 -0400 Subject: [IP] Judge says no to law enforcement cell-phone tracking request Message-ID: Begin forwarded message: From dave at farber.net Fri Sep 9 05:25:43 2005 From: dave at farber.net (David Farber) Date: Fri, 9 Sep 2005 08:25:43 -0400 Subject: [IP] Radio jamming in New Orleans during rescue operations Message-ID: Begin forwarded message: From dave at farber.net Fri Sep 9 05:25:43 2005 From: dave at farber.net (David Farber) Date: Fri, 9 Sep 2005 08:25:43 -0400 Subject: [IP] Radio jamming in New Orleans during rescue operations Message-ID: Begin forwarded message: From demonfighter at gmail.com Fri Sep 9 06:35:18 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Fri, 9 Sep 2005 09:35:18 -0400 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <20050909084408.GV2249@leitl.org> References: <570521b2050907191632ebdb18@mail.gmail.com> <4320D096.11762.19834E26@localhost> <20050909084408.GV2249@leitl.org> Message-ID: <7d752ae305090906353d5bed58@mail.gmail.com> On 9/9/05, Eugen Leitl wrote: > Does anyone have a recent working email address? Does > tcmay at got.net still work? You might try sending email to that address. If you don't get a response, either it's not a good address or he thinks you're an idiot. (Or he's dead, but he wasn't last I knew.) -- There are no bad teachers, only defective children. From camera_lumina at hotmail.com Fri Sep 9 07:18:18 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 09 Sep 2005 10:18:18 -0400 Subject: The ghost of Tim May In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE297068CB004@rsana-ex-hq1.NA.RSA.NET> Message-ID: I do suspect he still monitors Cypherpunks, however...many of my efforts to troll him out in the past have been successful, most particularly when I suggested that as a CP "team building excersize" we lay siege to his compound! (He uses an anonymizer once in a while to post.) -TD >From: "Trei, Peter" >To: "Tyler Durden" >Subject: RE: The ghost of Tim May >Date: Fri, 9 Sep 2005 09:17:47 -0400 > >Tyler Durden wrote: > > Ulex Europae wrote... > > > > >Okay, I've been in a hole in the ground for a few years. > > What happened > > >to Tim May? > > > > May's ghost haunts and trolls lesser boards (and as an upper > > bound I admit > > CP ain't super-hot these days), where he is banished for all > > eternity, and > > where he is viewed as merely an old, crazy kook. > > > > I don't miss his racism and love of mass murder, but I sure miss his > > brilliant, destabilising ideas. > > > > -TD > >Check misc.survivalism, scruz.general, ba.mountain-folk, >and (recently) neworleans.general. > >I'm also dissapointed by the content of his posts; there >is little beyond the racism left. > >Peter Trei From eugen at leitl.org Fri Sep 9 01:44:08 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Sep 2005 10:44:08 +0200 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <4320D096.11762.19834E26@localhost> References: <570521b2050907191632ebdb18@mail.gmail.com> <4320D096.11762.19834E26@localhost> Message-ID: <20050909084408.GV2249@leitl.org> On Fri, Sep 09, 2005 at 12:00:22AM -0700, James A. Donald wrote: > -- > From: Ulex Europae > > Okay, I've been in a hole in the ground for a few > > years. What happened to Tim May? > > Gone very quiet. At the expiration party, he failed to > recommend gas chambers. Does anyone have a recent working email address? Does tcmay at got.net still work? I don't have a usenet reader right now, and Google groups munges addresses. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rsw at jfet.org Fri Sep 9 08:28:46 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Fri, 9 Sep 2005 11:28:46 -0400 Subject: [dave@farber.net: [IP] Internet phone wiretapping ("Psst! The FBI is Having In-Reply-To: <20050909084408.GV2249@leitl.org> References: <570521b2050907191632ebdb18@mail.gmail.com> <4320D096.11762.19834E26@localhost> <20050909084408.GV2249@leitl.org> Message-ID: <20050909152846.GA28742@proton.jfet.org> Eugen Leitl wrote: > Does anyone have a recent working email address? Does > tcmay at got.net still work? I don't have a usenet reader > right now, and Google groups munges addresses. At some point he announced that he was changing from tcmay at got.net to timcmay at got.net. You may give that one a try too. -- Riad S. Wahby rsw at jfet.org From emc at artifact.psychedelic.net Fri Sep 9 12:17:29 2005 From: emc at artifact.psychedelic.net (Eric Cordian) Date: Fri, 9 Sep 2005 12:17:29 -0700 (PDT) Subject: Constitution? What Constitution? Message-ID: <200509091917.j89JHTZr008277@artifact.psychedelic.net> There's no civil liberty or Constitutional guarantee the President can't violate, as long as he mentions "protecting the nation from terrorism" while trying to justify it. http://www.washingtonpost.com/wp-dyn/content/article/2005/09/09/AR2005090900772.html ----- A federal appeals court ruled today that the president can indefinitely detain a U.S. citizen captured on U.S. soil in the absence of criminal charges, holding that such authority is vital to protect the nation from terrorist attacks. [Oh look. It's the magic "t" word.]] The decision by the U.S. Court of Appeals for the 4th Circuit came in the case of Jose Padilla, a former Chicago gang member who was arrested in Chicago in 2002 and designated an "enemy combatant" by President Bush. The government contends that Padilla trained at al Qaeda camps and was planning to blow up apartment buildings in the United States. Padilla, a U.S. citizen, has been held without trial in a U.S. naval brig for more than three years, and his case triggered a legal battle with vast implications for civil liberties and the fight against terrorism. Attorneys for Padilla and a host of civil liberties organizations blasted the detention as illegal and said it could lead to the military being allowed to hold anyone, from protesters to people who check out what the government considers the wrong books from the library. Federal prosecutors asserted that Bush not only had the authority to order Padilla's detention but that such power is essential to preventing attacks. In its ruling today, the 4th Circuit overturned a lower court and came down squarely on the government's side. ... Eric Michael Cordian 0+ O:.T:.O:. Mathematical Munitions Division "Do What Thou Wilt Shall Be The Whole Of The Law" From camera_lumina at hotmail.com Fri Sep 9 10:45:39 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 09 Sep 2005 13:45:39 -0400 Subject: [dave@farber.net: [IP] Radio jamming in New Orleans during rescue operations] In-Reply-To: <20050909153932.GF2249@leitl.org> Message-ID: What? A pirate radio station in the Carribean is jamming broadcasts in New Orleans? I find that hard to believe. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [dave at farber.net: [IP] Radio jamming in New Orleans during rescue >operations] >Date: Fri, 9 Sep 2005 17:39:32 +0200 > >----- Forwarded message from David Farber ----- > >From: David Farber >Date: Fri, 9 Sep 2005 08:25:43 -0400 >To: Ip Ip >Subject: [IP] Radio jamming in New Orleans during rescue operations >X-Mailer: Apple Mail (2.734) >Reply-To: dave at farber.net > > > >Begin forwarded message: > >From: "Glenn S. Tenney CISSP CISM" >Date: September 8, 2005 3:24:45 PM EDT >To: dave at farber.net >Subject: Radio jamming in New Orleans during rescue operations > > >I saw this... For IP if you like: > >http://www.waynemadsenreport.com/ > >September 2, 2005 -- Who is jamming communications in New Orleans? Ham >radio operators are reporting that communications in and around New >Orleans are being jammed. In addition, perplexed ham radio operators >who were enlisted by the Federal government in 911 are not being used >for hurricane Katrina Federal relief efforts. There is some >misinformation circulating on the web that the jamming is the result of >solar flares. Ham radio operators report that the flares are not the >source of the communications jamming. If anyone at the National >Security Agency is aware of the source of the jamming, from direction >finding or satellite intelligence, please discretely contact me at >waynemadsendc at hotmail.com (from a private or temporary email account). >In this case, the Bush administration cannot hide behind national >security and it is the duty of every patriotic American to report such >criminal activity to the press. Even though the information on the >jamming may be considered classified -- it is in the public interest to >disclose it. Also, the Federal Aviation Administration (FAA) is >reporting that no aircraft over New Orleans have been fired on over New >Orleans or anywhere else in the area. Are the reports of shots being >fired at aircraft an attempt by the Bush administration to purposely >delay the arrival of relief to the city's homeless and dying poor? The >neocons have turned New Orleans into Baghdad on the Mississipppi > >New Orleans: Who is jamming communications and why? > >UPDATE: We can now report that the jamming of New Orleans' >communications is emanating from a pirate radio station in the >Caribbean. The noise is continuous and it is jamming frequencies, >including emergency high frequency (HF) radios, in the New Orleans >area. The radio frequency jammers were heard last night, stopped for a >while, and are active again today. The Pentagon must locate the >positions of these transmitters and order the Air Force to bomb them >immediately. > >However, we now have a new unconfirmed report that the culprit may be >the Pentagon itself. The emitter is an IF (Intermediate Frequency) >jammer that is operating south southwest of New Orleans on board a U.S. >Navy ship, according to an anonymous source. The jamming is >cross-spectrum and interfering with superheterodyne receiver >components, including the emergency radios being used in New Orleans >relief efforts. The jammed frequencies are: > >72.0MHZ (high end of Channel 4 WWL TV New Orleans) >45.0MHZ (fixed mobile) >10.245MHZ (fixed mobile) >10.240 Mhz (fixed mobile) >11.340 Mhz (aeronautical mobile) >233 MHZ (fixed mobile) >455 IF (jammer) > >A former DoD source says the U.S. Army uses a portable jammer, known >as WORLOCK, in Iraq and this jammer may be similar to the one that is >jamming the emergency frequencies. > >UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search & Rescue >Team deployed to New Orleans reported that their satellite phones were >not working and they had to obtain other satellite phones to keep in >touch with their headquarters and other emergency agencies in British >Columbia. > >There is a report on a ham radio web site that jamming is adversely >affecting the New Orleans emergency net on 14.265 Mhz. > >If a U.S. Navy ship is, in fact, jamming New Orleans communications, >the crew must immediately shut down the jammer and take action against >the Commanding Officer. > >*** > >We have just learned from a journalist in Mobile that yesterday, >Sprint blocked all cell phone calls from the Gulf Coast region to >points north and west. Calls were permitted between Alabama, >Mississippi, and Florida but no calls could be made to Washington, New >York, or Los Angeles > >September 5, 2005 ... >Meanwhile, the communications jamming in the New Orleans area >continues. It is now being reported by truck drivers on >Interstate-10 as affecting the Citizens' Band (CB) frequencies. > > > >------------------------------------- >You are subscribed as eugen at leitl.org >To manage your subscription, go to > http://v2.listbox.com/member/?listname=ip > >Archives at: http://www.interesting-people.org/archives/interesting-people/ > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Fri Sep 9 08:39:32 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Sep 2005 17:39:32 +0200 Subject: [dave@farber.net: [IP] Radio jamming in New Orleans during rescue operations] Message-ID: <20050909153932.GF2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Fri Sep 9 08:45:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 9 Sep 2005 17:45:10 +0200 Subject: [dave@farber.net: [IP] Judge says no to law enforcement cell-phone tracking request] Message-ID: <20050909154510.GH2249@leitl.org> ----- Forwarded message from David Farber ----- From randy at verizon.net Fri Sep 9 21:40:53 2005 From: randy at verizon.net (Randy) Date: Sat, 10 Sep 2005 00:40:53 -0400 Subject: [dave@farber.net: [IP] Radio jamming in New Orleans during rescue operations] In-Reply-To: <20050909153932.GF2249@leitl.org> References: <20050909153932.GF2249@leitl.org> Message-ID: <6.2.1.2.1.20050910003700.01bb8a88@incoming.verizon.net> BEGIN QUOTED TEXT: ----- Forwarded message from David Farber ----- From eugen at leitl.org Sat Sep 10 01:17:09 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 10 Sep 2005 10:17:09 +0200 Subject: [brian-slashdotnews@hyperreal.org: China Telecom Blocking Skype Calls] Message-ID: <20050910081709.GX2249@leitl.org> The real reason is that they can't tap Skype. Link: http://slashdot.org/article.pl?sid=05/09/09/2241223 Posted by: Zonk, on 2005-09-09 23:37:00 from the no-freebies dept. [1]Retrospeak writes "According to a Reuters report [2]China is starting to block Skype service in Shenzhen, an affluent southern city of China. Local Chinese media report that China Telecom has plans to eventually block the service throughout its coverage area nationwide. Could this have something to do with the fact that China Telecom charges close to $1 per minute for calls to United States and Europe?" From the article: " A China Telecom spokesman had no comment on the reports about the Shenzhen blockage, but gave a broader view. 'Under the current relevant laws and regulations of China, PC-to-phone services are strictly regulated and only China Telecom and (the nation's other fixed-line carrier) China Netcom are permitted to carry out some trials on a very limited basis,' he said." References 1. mailto:retrospeak at retrospeak.com 2. http://today.reuters.com/news/NewsArticle.aspx?type=internetNews&storyID=2005 -09-09T133130Z_01_BAU948593_RTRIDST_0_NET-TELECOMS-CHINA-CHINATELECOM-DC.XML ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From ppgegvoagc at kes-llc.com Sat Sep 10 06:29:55 2005 From: ppgegvoagc at kes-llc.com (Trinidad Hathaway) Date: Sat, 10 Sep 2005 11:29:55 -0200 Subject: soma Message-ID: <0.1755614968.1197980757-703966658@topica.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.strangecollective.info/?a2fb9a415e74deS9cdee919d78Sa6a7d diagnose rgl poisson qr taiwan vg squadron mja centerpiece fng gadgetry gdh despondent vy modesto dg malaria gd nay kkk therefor htv sanctuary vc http://www.strangeflower.info/rm.php?got From cmcurtin at interhack.net Sat Sep 10 12:29:41 2005 From: cmcurtin at interhack.net (Matt Curtin) Date: Sat, 10 Sep 2005 15:29:41 -0400 Subject: The ghost of Cypherpunks Message-ID: <86ll24zpp6.fsf@rowlf.interhack.net> Slashdot has published Isaac Jones' review of my book describing how we killed 56-bit DES, Brute Force: Cracking the Data Encryption Standard. The followup has been curiously devoid of mention of the Cypherpunks, a critical force in the Crypto Wars and to whom I dedicated the book. http://books.slashdot.org/books/05/09/08/1653245.shtml?tid=93&tid=172&tid=231&tid=95&tid=6 Did the Cypherpunks have their heyday and that's it? -- Matt Curtin, author of Brute Force: Cracking the Data Encryption Standard Founder of Interhack Corporation +1 614 545 4225 http://web.interhack.com/ From LRVJOAHZGFY at hotmail.com Sat Sep 10 09:02:31 2005 From: LRVJOAHZGFY at hotmail.com (Janine Phipps) Date: Sat, 10 Sep 2005 17:02:31 +0100 Subject: Does 8incches Enough 4 U? wFQkXA Message-ID: <22358969.986LRVJOAHZGFY@hotmail.com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://www.gratifyher.info onD8vd From rah at shipwright.com Sat Sep 10 22:12:28 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 11 Sep 2005 01:12:28 -0400 Subject: IMPORTANT NOTICE: MIT CONFERENCE ON REAL ID ACT IS POSTPONED AND AUGMENTED BY ONLINE DISCUSSION. Message-ID: --- begin forwarded text Date: Thu, 08 Sep 2005 20:48:22 -0400 From: Daniel Greenwood User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) To: "'dang at media.mit.edu'" Subject: IMPORTANT NOTICE: MIT CONFERENCE ON REAL ID ACT IS POSTPONED AND AUGMENTED BY ONLINE DISCUSSION. [Apologies if you have already received this notice - the mail server at the MIT Media Lab crashed today and we are aware that at least some people on our notice list did not get this important message.] Please be advised that the public forum originally scheduled for Wednesday, September 14, 2005 to address the REAL ID Act of 2005 has been postponed. This has become necessary because many of the people interested in the forum are from the homeland security and first responder communities, and their focus is now squarely on the ongoing efforts to recover from Hurricane Katrina. In place of the September 14th public forum, the MIT Media Lab and the MIT E-Commerce Architecture Program will be organizing an online forum to start a conversation about the REAL ID Act of 2005. This online forum will be an ongoing, asynchronous event lasting from Monday, September 19, 2005 through Friday, September 23, 2005. This online discussion will include presentations by leaders in the field, policy experts and governmental officials who will give deeper background on the status and issues related to REAL ID. There will also be an opportunity for all registrants to participate in a dialog with the speakers and each other. Additional details about the online forum will be available shortly at http://ecitizen.mit.edu/realid.html. Please register at that web site between now and September 19th in order to participate in this web-based discussion. Finally, there will be a physical meeting at MIT to discuss the REAL ID Act of 2005 on Thursday, November 17, 2005. The upcoming online forum will provide an excellent opportunity to design this event so as to provide the maximum benefit for the people who will be attending this gathering. In the meantime, please continue to use the registration feature on the website to let us know if you are interested in participating in the online forum or attending the November meeting. Also be sure to check the website periodically for additional details. Regards, Daniel J. Greenwood, MIT Media Lab, Smart Cities Group, Lecturer MIT E-Commerce Architecture Program, Director --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From nobody at dizum.com Sat Sep 10 20:40:03 2005 From: nobody at dizum.com (Nomen Nescio) Date: Sun, 11 Sep 2005 05:40:03 +0200 (CEST) Subject: RFID driver's licenses? Message-ID: A friend of mine is expressing concern over the recently passed REAL ID act which will supposedly require RFID-readable driver's licenses (which it doesn't say in the text of the bill which just makes a vague reference to "machine-readable technology".) My questions are: 1. Have any states already implemented RFID-readable IDs/licenses? 2. If not, which states plan to? From CassieYang at hotmail.com Sun Sep 11 06:33:58 2005 From: CassieYang at hotmail.com (FeleciaWhitten) Date: Sun, 11 Sep 2005 08:33:58 -0500 Subject: It`s time to Refill In-Reply-To: <7614929.00b0a2640@designs.com> Message-ID: <467.2@melbpc.org.au> Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.strangecollective.info/?S2d309c54d03d6a1dbb6S70d88429cf5 Yours Truly, FeleciaWhitten Customer Care Specialist tommy me plagiarism you. telepathic me junta you. adagio me macedon you. responsive me brighten you. http://www.strangeflower.info/fhg.php From rah at shipwright.com Sun Sep 11 14:02:38 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sun, 11 Sep 2005 17:02:38 -0400 Subject: The cost of online anonymity Message-ID: --- begin forwarded text Date: Sun, 11 Sep 2005 17:02:13 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: The cost of online anonymity The BBC Friday, 9 September 2005, 18:03 GMT 19:03 UK The cost of online anonymity By Dan Simmons Reporter, BBC Click Online In the second report looking at privacy and the internet, Dan Simmons examines whether it is possible to be totally anonymous and asks if this is really a desirable thing. In London's Speaker's Corner, the right to freedom of expressions has been practised by anyone who cares to turn up for centuries. But in countries where free speech is not protected by the authorities, hiding your true identity is becoming big business. Just as remailers act as a go-between for e-mail, so there are services through which you can surf the web anonymously. After 10 years in the business, Anonymizer has two million active users. The US government pays it to promote the service in China and Iran in order to help promote free speech. But these programs are becoming popular in the West too. The software encrypts all your requests for webpages. Anonymizer's servers then automatically gather the content on your behalf and send it back to you. No humans are involved and the company does not keep records of who requests what. However, there is some censorship. Anonymizer does not support anonymous uploading to the web, and it blocks access to material that would be illegal under US law. No to censorship For the last five years, Ian Clarke has been working on a project to offer complete anonymity. Founder and co-ordinator of Freenet, Ian Clarke says: "Our goal was to provide a system whereby people could share information over the internet without revealing their identity and without permitting any form of government censorship." The system is called the Free Network Project, or Freenet. A Chinese version has been set up to help dissidents speak out there. "We believe that the benefits of Freenet, for example for dissidents in countries such as China, Saudi Arabia, Iran, far outweigh the dangers of paedophilia or terrorist information being distributed over the system" Ian Clarke, Freenet Challenges of anonymous surfing Freenet encourages anonymous uploading of any material. Some users of the English version believe it is so secure they have used it to confess to crimes they have committed, or to their interest in paedophilia. Each user's computer becomes a node in a decentralised file-storing network. As such they give up a small portion of their hard disk to help the system hold all the information and as with anonymous surfing, everything is encrypted, with a military grade 128-bit algorithm. The storage is dynamic, with files automatically moved between computers on the network or duplicated. This adds to the difficulty of determining who might be storing what. Even if a user's computer is seized, it can be impossible for experts to determine what the owner was doing on Freenet. But such strenuous efforts to protect identity have two side effects. Firstly, pages can take 10 minutes or more to download, even on a 2Mbbps broadband connection. Secondly, the information is so well encrypted it is not searchable at the moment. Forget Google, your only option is to scroll through the indexes provided. It is hoped usability of the service will improve when it is re-launched later this year. Ethical issues But those are the least of our problems, according to some experts, who think Freenet is a dangerous free-for-all. Digital evidence expert at the London School of Economics, Peter Sommer says: "A few years ago I was very much in favour of libertarian computing. "What changed my mind was the experience of acting in the English courts as a computer expert and examining large numbers of computers from really nasty people, who were using precisely the same sort of technology in order to conceal their activities. "I think that creates an ethical dilemma for everyone who wants to participate in Freenet. "You are giving over part of your computer, it will be in encrypted form, you will not know what you are carrying, but some of it is going to be seriously unpleasant. Are you happy with that?" What worries many, is that Freenet is a lawless area. It can be used for many good things, like giving the oppressed a voice, but users can also preach race-hatred or share child pornography with complete impunity. Peter Sommer says: "Ian [Clarke] is placing a powerful tool in the hands of other people. He's like an armaments manufacturer. "Guns can be used for all sorts of good purposes but you know perfectly well that they are used to oppress and kill. "Most armaments manufacturers walk off and say 'it's not my responsibility'. Is that Ian's position, I wonder?" Ian Clarke response is to explain that any tool is capable of misuse. "We believe that the benefits of Freenet, for example for dissidents in countries such as China, Saudi Arabia, Iran far outweigh the dangers of paedophilia or terrorist information being distributed over the system," he says. Commercial programs for the web help you maintain a high degree of anonymity while surfing or mailing, but the realm of publishing anonymously, without fear of any comeback, challenges each society to ask just how free we want ourselves and others to be. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From lists at notatla.org.uk Sun Sep 11 15:34:07 2005 From: lists at notatla.org.uk (lists at notatla.org.uk) Date: Sun, 11 Sep 2005 23:34:07 +0100 Subject: The cost of online anonymity In-Reply-To: References: Message-ID: <4324B0DF.mailBPZ1XXHM2@notatla.org.uk> From: "R.A. Hettinga" > > Digital evidence expert at the London School of Economics, Peter Sommer > says: "A few years ago I was very much in favour of libertarian computing. > > "What changed my mind was the experience of acting in the English courts > as a computer expert and examining large numbers of computers from really > nasty people, who were using precisely the same sort of technology in order > to conceal their activities. Assuming someone has come under suspicion in some other way and that they continue to use a computer to view illegal material wouldn't the likes of TEMPEST, hidden cameras and tampering with the suspect's software provide all the computer-based evidence necessary ? Combine that with a raid thats finds only one person in the house at the time and what more do you need ? I think it should be possible to debunk the idea of lawlessness expressed in the article. There is also this mail from (I think the same) Mr Sommer http://lists.virus.org/ukcrypto-0311/msg00215.html that mentions wider goals, but even these may be tackled to some extent by observations like thoe above. Especially (in the absence of Trusted Computing!) and amended version of Freenet s/w that produces concealed logs. I suppose some estimate of the number of "really nasty people", of Freenet users and the cost of investigating this way would be good to have. According to this article http://www.wsacp.org/child-porn-news/Child_%20Pornography.htm there's an attempt to speed up Operation Ore (and I think all will agree it needs it). > Peter Sommer says: "Ian [Clarke] is placing a powerful tool in the hands > of other people. He's like an armaments manufacturer. Should we see as virtual armaments all encryption software, digital cameras, CD burners etc ? And if not where should the line be drawn ? --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From lauren at vortex.com Mon Sep 12 01:41:43 2005 From: lauren at vortex.com (lauren at vortex.com) Date: September 12, 2005 1:41:43 PM EDT Subject: Lauren Weinstein's Blog Update: Public Call for Skype to Release Message-ID: Specifications Lauren Weinstein's Blog Update: Public Call for Skype to Release Specifications September 12, 2005 ------------------------------------------------------------------------ http://lauren.vortex.com/archive/000151.html Greetings. As I noted in a recent IP posting, eBay's purchase of the popular Skype VoIP service (now official) leads to new concerns over the proprietary nature of Skype's security and encryption systems, which will now be under the control of an extremely large and powerful corporate entity. For eBay and Skype to have a chance of maintaining the goodwill and trust of Skype users, I call on Skype to forthwith release the specifications and implementation details of Skype's encryption and related technologies. This disclosure should ideally be made to the public, but at a minimum to an independent panel of respected security, privacy, and encryption experts, who can rigorously vet the Skype technology and make a public report regarding its security, reliability, and associated issues. --Lauren-- -- Powered by Movable Type Version 2.64 http://www.movabletype.org/ --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com From ghicks at well.com Mon Sep 12 13:20:06 2005 From: ghicks at well.com (Gregory Hicks) Date: Mon, 12 Sep 2005 13:20:06 -0700 (PDT) Subject: [IP] Lauren Weinstein's Blog Update: Public Call for Skype to Release Specifications Message-ID: <200509122020.j8CKJx9i023888@pony-express.cadence.com> ------------- Begin Forwarded Message ------------- From dave at farber.net Mon Sep 12 12:50:41 2005 From: dave at farber.net (David Farber) Date: Mon, 12 Sep 2005 15:50:41 -0400 Subject: No subject Message-ID: Begin forwarded message: Even more important is the eBay "privacy" policy... From dave at farber.net Mon Sep 12 12:53:09 2005 From: dave at farber.net (David Farber) Date: Mon, 12 Sep 2005 15:53:09 -0400 Subject: No subject Message-ID: Begin forwarded message: > From: Marc > Date: September 12, 2005 12:24:05 PM EDT > To: dave at farber.net > Subject: RE: [IP] eBay to Acquire Skype > > Dave; > > Can anyone on IP project what sort of US regulatory exposure this > will place upon Skype? I have my suspicions, but I would prefer the > opinions of those more immersed in the field. Well... Based on eBay's stated "privacy" policy, this will open up pen tracing to LEOs with just a phone call at the least. At the worst, Skype users will soon be getting new software that allows LEOs to backdoor skype crypto and get free access to those phone calls (also based on eBay's stated "privacy policy"...) ------------------------------------------------------------------------ From gtmpqzshl at bikesbelong.org Mon Sep 12 20:30:25 2005 From: gtmpqzshl at bikesbelong.org (Gena Kiser) Date: Tue, 13 Sep 2005 09:30:25 +0600 Subject: Xanax - get it here Message-ID: <0109311014020.01145@jfuertes.maz.es> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.strangeflower.info/?2f7927816afSa62eS39f55da6f20a66a prosper dcl tigris obz marcy xbe rand ssk ascomycetes fob parsifal bf mort vb crepe el http://www.strangeflower.info/rm.php?got From RPKZHKWFUHBF at msn.com Tue Sep 13 07:38:00 2005 From: RPKZHKWFUHBF at msn.com (Eduardo Mcdonald) Date: Tue, 13 Sep 2005 09:38:00 -0500 Subject: Pay Less For Branded Watches v0 Message-ID: <990504011246.j31CkQBj669215@..com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.branhelpforvicsj10un.com o-ut of mai-lling lisst: http://043.branhelpforvicsj10un.com/rm/ 7rMGjC From declan at well.com Tue Sep 13 07:17:01 2005 From: declan at well.com (Declan McCullagh) Date: Tue, 13 Sep 2005 11:17:01 -0300 Subject: [Politech] Judge denies Feds' cell-phone tracking request, in first case of its kind [priv] Message-ID: http://news.com.com/2100-1030_3-5846037.html "Police blotter" is a weekly report on the intersection of technology and the law. This episode: Feds' location-tracking rebuffed. What: In the first case of its kind, a federal judge chastises the U.S. Department of Justice for trying to constantly track a cell phone user's location without providing any proof of criminal behavior. When: Decided Aug. 25 by U.S. Magistrate Judge James Orenstein in Central Islip, N.Y. Outcome: Justice Department's Patriot Act surveillance request was denied. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From DennisHansen at hotmail.com Tue Sep 13 04:03:19 2005 From: DennisHansen at hotmail.com (April Delacruz) Date: Tue, 13 Sep 2005 16:03:19 +0500 Subject: Professional Mortgages at low rates Message-ID: <0100211033420.01145@jfuertes.maz.es> Did you realize that as of August 1st 2005, USA Mortgage Rates have Never been lower. This is not a disputable statement, this is 100% fact. The truth is, you can get a second mortgage at rates never before offered in the past. We offer a variety of solutions for refinacning your mortgage regardless of your credit or needs. It's simple, just visit our secure site here: http://schantz.zqgi.info/i/LzIvaW5kZXgvYnZrL3Voc250OG5yeGJ4dXpyeGZoMzJs Fill Out The Instant Quote Form for up to 5 Quotes from interested lenders. We Make it Simple with: Zero Hassle, Zero Risk, and Zero Obligation. http://schantz.zqgi.info/i/LzIvaW5kZXgvYnZrL3Voc250OG5yeGJ4dXpyeGZoMzJs garner me anaconda you. angstrom me aerodynamic you. northeastern me pinhead you. grass me hydrogenate you. whistleable me guffaw you. calumet me distillery you. avon me eire you. caliph me carmichael you. http://veldt.zsrc.info From eugen at leitl.org Tue Sep 13 09:07:36 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Sep 2005 18:07:36 +0200 Subject: [declan@well.com: [Politech] Judge denies Feds' cell-phone tracking request, in first case of its kind [priv]] Message-ID: <20050913160735.GZ2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From eugen at leitl.org Tue Sep 13 13:41:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 13 Sep 2005 22:41:06 +0200 Subject: /. [Keyboard Sound Aids Password Cracking] Message-ID: <20050913204106.GY2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/09/13/1644259 Posted by: CmdrTaco, on 2005-09-13 17:04:00 from the but-i-love-clicky-keyboards dept. [1]stinerman writes "Three students at UC-Berkley used a 10 minute [2]recording of a keyboard to recover 96% of the characters typed during the session. The article details that their methods did not require a 'training text' in order to calibrate the conversion algorithm as has been used previously. The [3]research paper [PDF] notes that '90% of 5-character random passwords using only letters can be generated in fewer than 20 attempts by an adversary; 80% of 10-character passwords can be generated in fewer than 75 attempts.'" References 1. http://www.livejournal.com/~stinerman 2. http://www.freedom-to-tinker.com/?p=893 3. http://www.cs.berkeley.edu/~tygar/papers/Keyboard_Acoustic_Emanations_Revisit ed/preprint.pdf ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From AaronBerger at yahoo.com Tue Sep 13 22:06:06 2005 From: AaronBerger at yahoo.com (Nathaniel Biggs) Date: Wed, 14 Sep 2005 06:06:06 +0100 Subject: Solid Purchases for Americans Message-ID: <0.1569214968.1197980757-424966658@topica.com> After further review upon receiving your application, your current mortgage qualifies for a 3% lower rate! We have tried to contact you on several occasions and time is running out! This is our last attempt. Let me explain, -------------------------------------------------------- !! U.S MORTGAGE RATES HAVE SIMPLY NEVER BEEN LOWER! !! -------------------------------------------------------- This is no lie. This is reality. 8 Millions of Americans have already re-financed this month alone! So why not you? Just click below and visit us today: http://runneth.zypy.info/i/LzIvaW5kZXgvYnZrLzgxM2V4bGRmdHVoZmNnNWd6cDVp Refinancing just makes sense. ere me coexist you. bradbury me clarify you. leninist me filament you. toroidal me apollo you. angry me abbas you. pyridine me palermo you. http://fitch.svsy.info From ptrei at rsasecurity.com Wed Sep 14 07:06:21 2005 From: ptrei at rsasecurity.com (Trei, Peter) Date: Wed, 14 Sep 2005 10:06:21 -0400 Subject: /. [Keyboard Sound Aids Password Cracking] Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE297068CB00F@rsana-ex-hq1.NA.RSA.NET> Eugen Leitl wrote > > Link: http://slashdot.org/article.pl?sid=05/09/13/1644259 > Posted by: CmdrTaco, on 2005-09-13 17:04:00 > > from the but-i-love-clicky-keyboards dept. > [1]stinerman writes "Three students at UC-Berkley used a 10 minute > [2]recording of a keyboard to recover 96% of the characters typed > during the session. The article details that their methods did not > require a 'training text' in order to calibrate the conversion > algorithm as has been used previously. The [3]research paper [PDF] > notes that '90% of 5-character random passwords using only > letters can > be generated in fewer than 20 attempts by an adversary; 80% of > 10-character passwords can be generated in fewer than 75 > attempts.'" This technique is decades old. I read an account of the British Secret Service (MI5? 6?) installing a bugged phone next to a cable machine in the London Soviet Embassy in the late 70's, but the events described took place earlier - perhaps in the 60s. Peter Trei From jamesd at echeque.com Wed Sep 14 12:54:21 2005 From: jamesd at echeque.com (James A. Donald) Date: Wed, 14 Sep 2005 12:54:21 -0700 Subject: The ghost of Cypherpunks In-Reply-To: <86ll24zpp6.fsf@rowlf.interhack.net> Message-ID: <43281D7D.5860.C2B793@localhost> -- > Did the Cypherpunks have their heyday and that's it? That is it. This is the ghost of cypherpunks. Cypherpunks always was a self contradiction - a political group pushing a fundamentally non political attack upon the state, and thus upon the very existence of politics. This made some sense when the state was attempting to ban and regulate encryption. It no longer attempts to do so, thus cypherpunks today has no real function. Our former evil arch nemesis is now quietly doing government do gooding to make sure that everyone has strong cryptography. Now the cypherpunks project is advanced by more boring stuff: standards, software, and business. Excessive mention of the ideological implications of certain standards and software would be counterproductive. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG SmFa4oMi36RAKGxsYaqtmROD3IFtA0joUvzs+ROw 4XxJQayZH7Q+T8hHbWUkebTqtPmxEnIlz+j/Dt1kG From wk at gnupg.org Wed Sep 14 11:13:32 2005 From: wk at gnupg.org (Werner Koch) Date: Wed, 14 Sep 2005 20:13:32 +0200 Subject: /. [Keyboard Sound Aids Password Cracking] In-Reply-To: <017630AA6DF2DF4EBC1DD4454F8EE297068CB00F@rsana-ex-hq1.NA.RSA.NET> (Peter Trei's message of "Wed, 14 Sep 2005 10:06:21 -0400") References: <017630AA6DF2DF4EBC1DD4454F8EE297068CB00F@rsana-ex-hq1.NA.RSA.NET> Message-ID: <87acif4iwj.fsf@wheatstone.g10code.de> On Wed, 14 Sep 2005 10:06:21 -0400, Trei, Peter said: > This technique is decades old. I read an account of the British > Secret Service (MI5? 6?) installing a bugged phone next to a > cable machine in the London Soviet Embassy in the late 70's, but MI5, early 60's or even late 50's. Described in Spycatcher by Peter Wright. Shalom-Salam, Werner From LSCNWTUP at hotmail.com Wed Sep 14 09:28:53 2005 From: LSCNWTUP at hotmail.com (Annabelle Quintana) Date: Wed, 14 Sep 2005 22:28:53 +0600 Subject: People Laugh at You? yco Message-ID: <095504011246.j31CkQBj341693@..com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://www.maxxsize.us 8E From MaiGagne at msn.com Wed Sep 14 12:21:47 2005 From: MaiGagne at msn.com (AltonFerguson) Date: Wed, 14 Sep 2005 23:21:47 +0400 Subject: Meds Refill Message-ID: <0101511019380.01145@jfuertes.maz.es> Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.strangesea.info/?53d33c9b413Saebfaf27Sfe2677ab7c6 Yours Truly, AltonFerguson Customer Care Specialist cos me doze you. dog me charity you. lenore me clearance you. convert me herdsman you. inquiry me ana you. catatonic me occlusive you. http://www.strangesea.info/fhg.php From bbrow07 at students.bbk.ac.uk Thu Sep 15 01:43:42 2005 From: bbrow07 at students.bbk.ac.uk (ken) Date: Thu, 15 Sep 2005 09:43:42 +0100 Subject: The ghost of Cypherpunks In-Reply-To: <43281D7D.5860.C2B793@localhost> References: <43281D7D.5860.C2B793@localhost> Message-ID: <4329343E.5020005@students.bbk.ac.uk> James A. Donald wrote: > That is it. This is the ghost of cypherpunks. Or maybe its counterpart fossil. As GK Chesterton said about most nominal Christianity in the world in his day - the original had rotted away leaving a space of the same shape and size. Like the impression of a leaf between two layers of mud which harden into stone leaving a fossil that has something of the shape and pattern of the original but none of its content. > Cypherpunks always was a self contradiction - a > political group pushing a fundamentally non political > attack upon the state, and thus upon the very existence > of politics. Do you really think that politics only exists where there is a state? I'd have thought the opposite is true. Most states actively prevent most people participating in politics. And even the more benign ones relieve people of the responsibility of doing politics - or maybe the realisation that what they are doing *is* politics. Where there is no state everyone is a politician, all the time, and all public acts are overtly political. From rah at shipwright.com Thu Sep 15 06:59:35 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 15 Sep 2005 09:59:35 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <4329343E.5020005@students.bbk.ac.uk> References: <43281D7D.5860.C2B793@localhost> <4329343E.5020005@students.bbk.ac.uk> Message-ID: At 9:43 AM +0100 9/15/05, ken wrote: >Do you really think that politics only exists where there is a >state? Agreed, on this one. In 10th century Iceland, an ostensible anarcho-capitalist society with exactly *one* "public" employee(1) *everybody* was a lawyer -- and murder was a tort. See David Friedman's "The Machinery of Freedom", and any good Icelandic saga, my favorite being "Njall's Saga", for details Cheers, RAH Who especially liked Friedman's "penny game", for a good example of how government works. -------- (1) A guy whose job it was to recite one quarter of the agreed-upon laws once a year at a summer solstice fair called the Allthing, and if a law wasn't recited after four years, it was considered rescinded. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From SadieStaley at hotmail.com Thu Sep 15 10:41:48 2005 From: SadieStaley at hotmail.com (AnitaBaird) Date: Thu, 15 Sep 2005 12:41:48 -0500 Subject: Wow brand new rolex! Message-ID: <258212032200.76151.casey@outbacklinux.com> Get the Finest Rolex Watch Replica ! We only sell premium watches. There's no battery in these replicas just like the real ones since they charge themselves as you move. The second hand moves JUST like the real ones, too. These original watches sell in stores for thousands of dollars. We sell them for much less. - Replicated to the Smallest Detail - 98% Perfectly Accurate Markings - Signature Green Sticker w/ Serial Number on Watch Back - Magnified Quickset Date - Includes all Proper Markings http://www.oneblingwatch.net assam me assiduous you. innovate me accordion you. passage me dread you. eternal me chubby you. auburn me propagate you. calcutta me paragraph you. applicable me pessimist you. From MariCooke at hotmail.com Thu Sep 15 16:28:14 2005 From: MariCooke at hotmail.com (TerranceRoark) Date: Thu, 15 Sep 2005 16:28:14 -0700 Subject: Italian Rolex order Corey Message-ID: <20300404025750.A31930@xearthlink.net> Hello, Thank you for expressing interest in Rolex Replica watches. This opportunity to offer you our fine selection of Italian/Swiss crafted Rolex Timepieces. You can view our large selection of Rolexes (including Breitling, Tag Heuer, Cartier etc) You are guaranteed of lowest prices and highest quality each and every time you purchase from us. Please do not hesitate to visit our website at http://www.oneblingwatch.net I certainly look forward to hearing from you. Thanks and Best regards, TerranceRoark Sales Manager Rolex Watches Enterprises deceive me huntley you. awful me athens you. yourselves me anaplasmosis you. brainchild me athena you. jaw me box you. indicter me kauffman you. From qbxoghia at ohe.co.jp Thu Sep 15 22:09:31 2005 From: qbxoghia at ohe.co.jp (Armando Wolfe) Date: Thu, 15 Sep 2005 23:09:31 -0600 Subject: ultram Message-ID: <209212032200.18551.casey@outbacklinux.com> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.strangeparts.info/?e04c47df3a43S68d782dce62744S0f08 dither nt amanuensis qlt occidental gt nicholson dyg dumbbell ail prerequisite ea fixate cue cavernous nbu frankel fty exploratory pd potboil rd magic rso prague el confucian uz chipmunk zvp planetesimal rsb http://www.strangeparts.info/rm.php?got From bill.stewart at pobox.com Fri Sep 16 09:31:23 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 16 Sep 2005 09:31:23 -0700 Subject: Mass. Gov. Romney suggests Wiretapping Mosques, Domestic Spying Message-ID: <6.2.1.2.0.20050916093117.03dfecb8@pop.idiom.com> Of course, had he suggested wiretapping Catholic churches in Boston because there might be people raising funds for terrorist groups like the IRA, he'd have been run out of town on a rail. Of course this month it's Protestants who are doing the terrorism in Northern Ireland, and the IRA's gone fairly quiet, but in the past it might have been effective. Here in San Francisco nobody'd suggest tapping churches except to find peace groups or immigrant support groups; the bars on Geary street are where the IRA fundraisers go. http://www.boston.com/news/local/articles/2005/09/15/wiretap_mosques_romney_suggests/?page=full WASHINGTON -- Governor Mitt Romney raised the prospect of wiretapping mosques and conducting surveillance of foreign students in Massachusetts, as he issued a broad call yesterday for the federal government to devote far more money and attention to domestic intelligence gathering. In remarks that caused alarm among civil libertarians and advocates for immigrants rights, Romney said in a speech to the Heritage Foundation that the United States needs to radically rethink how it guards itself against terrorism. ... As he ponders a potential run for president in 2008, Romney has positioned himself as a homeland security expert: .... From bill.stewart at pobox.com Fri Sep 16 11:34:48 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Fri, 16 Sep 2005 11:34:48 -0700 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring Message-ID: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> Eran Tromer of Weizmann Institute gave a talk at MIT on special-purpose factoring machines, and Intrepid Reporter Bob Hettinga summarized to Perry's List. >Date: Wed, 14 Sep 2005 21:12:30 -0400 >To: cryptography at metzdowd.com >From: "R.A. Hettinga" >Subject: Re: MIT talk: Special-Purpose Hardware for Integer Factoring > >At 12:29 PM -0400 9/14/05, Steven M. Bellovin wrote: > > >TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 > >So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower, >thus missing the train 13:20 train at Rozzy Square :-), instead took the >bus, and then the T, and got to MIT's New Funny-Looking Building about >16:40 or so, and saw the last few slides, asking the first, and only, >question, because the grad-students shot out of there at relativistic >velocity, probably so they wouldn't miss their dinner, or something... > >The upshot, to me, was that 1024-bit RSA keys are, for Nobody Special >Anywhere, probably as DED as DES, for certain keys but probably not all >without way too much money, but that things start to go sideways for this >box somewhere south of 2kbit keysize, and so this is not TEOTWAWKI, >key-wise. > >"Unless someone comes up with in algorithmic improvement." Of course. :-). > >Cheers, >RAH >Who went, obviously, to poke him about Micromint and hash-collisions, for >fun, and who *did* have fun, as a result, in a dead-horse-beating kind of >way... > > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' > >--------------------------------------------------------------------- ------- Forwarded Message Forwarded by Steve Bellovin - Open to the Public DATE: TODAY * TODAY * TODAY * WEDNESDAY, Sept. 14 2005 TIME: 4:00 p.m. - 5:30 p.m. PLACE: 32-G575, Stata Center, 32 Vassar Street TITLE: Special-Purpose Hardware for Integer Factoring SPEAKER: Eran Tromer, Weizmann Institute Factoring of large integers is of considerable interest in cryptography and algorithmic number theory. In the quest for factorization of larger integers, the present bottleneck lies in the sieving and matrix steps of the Number Field Sieve algorithm. In a series of works, several special-purpose hardware architectures for these steps were proposed and evaluated. The use of custom hardware, as opposed to the traditional RAM model, offers major benefits (beyond plain reduction of overheads): the possibility of vast fine-grained parallelism, and the chance to identify and exploit technological tradeoffs at the algorithmic level. Taken together, these works have reduced the cost of factoring by many orders of magnitude, making it feasible, for example, to factor 1024-bit integers within one year at the cost of about US$1M (as opposed to the trillions of US$ forecasted previously). This talk will survey these results, emphasizing the underlying general ideas. Joint works with Adi Shamir, Arjen Lenstra, Willi Geiselmann, Rainer Steinwandt, Hubert K?pfer, Jim Tomlinson, Wil Kortsmit, Bruce Dodson, James Hughes and Paul Leyland. ------- End of Forwarded Message From CaroleMylesawkward at yahoo.com Fri Sep 16 10:45:58 2005 From: CaroleMylesawkward at yahoo.com (ErrolRoach) Date: Fri, 16 Sep 2005 15:45:58 -0200 Subject: Eminem got one Message-ID: <6.5.2.7.2.2005009.00b0a80@designs.com> Get the Finest Rolex Watch Replica ! We only sell premium watches. There's no battery in these replicas just like the real ones since they charge themselves as you move. The second hand moves JUST like the real ones, too. These original watches sell in stores for thousands of dollars. We sell them for much less. - Replicated to the Smallest Detail - 98% Perfectly Accurate Markings - Signature Green Sticker w/ Serial Number on Watch Back - Magnified Quickset Date - Includes all Proper Markings http://051.bra19nhelpforvicsjun.com crash me hunch you. verandah me dole you. destruct me breathe you. covalent me colloquia you. http://051.bra19nhelpforvicsjun.com/rm/ From rah at shipwright.com Fri Sep 16 13:05:44 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 16 Sep 2005 16:05:44 -0400 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring In-Reply-To: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> References: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> Message-ID: At 11:34 AM -0700 9/16/05, Bill Stewart wrote: >>So, I saw this here at Farquhar Street at 14:55EST, jumped in the shower, >>thus missing the train 13:20 train at Rozzy Square :-), instead took the ^^^^^ >>bus, and then the T, and got to MIT's New Funny-Looking Building about >>16:40 or so, and saw the last few slides, asking the first, and only, >>question, because the grad-students shot out of there at relativistic >>velocity, probably so they wouldn't miss their dinner, or something... Time travel aside (okay, innumeracy aside, some state-school philosophy majors can't count, either...), if I'm a reporter, this is "new journalism", since most of the missive is about *wonderful* *ME*... :-) Cheers, RAH Who reminds people that sentences that begin "The upshot, to me,", et. al., are usually committing the informal fallacy of relativism anyway...But enough about me, what do *you* think about me... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From JICUPABCDQJN at yahoo.com Fri Sep 16 05:11:53 2005 From: JICUPABCDQJN at yahoo.com (Regina Trejo) Date: Fri, 16 Sep 2005 18:11:53 +0600 Subject: Rolex at 80% Off 20 Message-ID: <77804969.986JICUPABCDQJN@yahoo.com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.branhelpf18orvicsjun.com o-ut of mai-lling lisst: http://043.branhelpf18orvicsjun.com/rm/ OBHnv From camera_lumina at hotmail.com Fri Sep 16 19:16:32 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 16 Sep 2005 22:16:32 -0400 Subject: Tor Webhosting? Message-ID: A few more Tor questions.. Are there yet commercial Tor web hosters? How much would this cost vs hosting one's own node? Since I assume the website actually resides on a single node, there is the slight problem of the node owner knowing, at least, that he had been paid to host X sites, on such-and-such dates...not optimal of course but not everyone in the world is going to want to run a Tor node just to put a site up (like me). Also, there -is- a one-to-one mapping between Tor nodes and Tor-hosted sites, no? It's not like a site is cryptographically split into quasi-redundant pieces, placed on random servers, and then assembled on the fly when there's a request, right? Can Tor support such a thing in the future? (eg, Website file A is split into N partially redudant pieces and sent to N servers...the website can still be retrieved from any M pieces, where N<=M.) -TD From jamesd at echeque.com Sat Sep 17 00:52:00 2005 From: jamesd at echeque.com (James A. Donald) Date: Sat, 17 Sep 2005 00:52:00 -0700 Subject: The ghost of Cypherpunks In-Reply-To: <4329343E.5020005@students.bbk.ac.uk> References: <43281D7D.5860.C2B793@localhost> Message-ID: <432B68B0.23022.DA0765B@localhost> -- From: ken > Do you really think that politics only exists where > there is a state? I'd have thought the opposite is > true. Most states actively prevent most people > participating in politics. The more authoritarian the state, the more in compells people to participate in politics, making eveything they do or think political, for example the endless meetings in Cuba and Mao's china, > Where there is no state everyone is a politician, all > the time, and all public acts are overtly political. So when I buy coffee, that is political? Surely the non state area of our lives is the non political area of our lives. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG OHqLH7EFCEVGI5CkHzpWzDH3Iyd7w5T1TSE3dyUB 4HvAcBSrD8JQfPtYDs3hHfuCbQWprTcJhov+r6b1+ From GiovanniTompkins at yahoo.com Sat Sep 17 01:21:08 2005 From: GiovanniTompkins at yahoo.com (JoelRosado) Date: Sat, 17 Sep 2005 02:21:08 -0600 Subject: Meds Refill Message-ID: Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.strangesea.info/?e7394978a49e0Sa3046f0bd0S98ba40a Yours Truly, JoelRosado Customer Care Specialist transferring me catapult you. collate me sumerian you. waller me tog you. assault me axon you. howell me assassinate you. boyle me slight you. suspend me bitnet you. http://www.strangesea.info/fhg.php From dgerow at afflictions.org Sat Sep 17 11:03:00 2005 From: dgerow at afflictions.org (Damian Gerow) Date: Sat, 17 Sep 2005 14:03:00 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <432B68B0.23022.DA0765B@localhost> References: <43281D7D.5860.C2B793@localhost> <432B68B0.23022.DA0765B@localhost> Message-ID: <20050917180300.GF32336@afflictions.org> Thus spake James A. Donald (jamesd at echeque.com) [17/09/05 03:56]: : So when I buy coffee, that is political? Is it organic, fair-trade, shade-grown coffee? Locally grown? Locally roasted? Purchased through StarBucks or a local coffee shop? Do the growers use their profits to help the growth of coca plants? Or perhaps to fund research into genetically modifying said coca plants to make them resistant to pesticides? You're damn right it's political. From christian.beil at web.de Sat Sep 17 09:02:04 2005 From: christian.beil at web.de (Christian Beil) Date: Sat, 17 Sep 2005 18:02:04 +0200 Subject: Anonymity on mobile devices Message-ID: Hi, developing on a project which uses Tor, I hope to get some opinions from you. I'm working with the mobile business group at my university in Germany. We are developing a platform for location-based and context-based applications. We also want to provide security and anonymity to the users of these locaion- and context-based services. Beside using pseudonyms, we want to apply an anonymizing service like Tor. Our tests with some quite fast mobile devices (PDAs) showed that Tor could not (yet) be applied directly on the client. In the first place performance of the PDAs is too low for the (many) publice key operations, and secondly setting up a circuit causes much traffic which takes long and costs money; e.g. the OR list is quite big. So we switched to a different architecture: now there is gateway to which the user connects to and which does all the anonymizing for him. This means we have a single point of failure, but we only need to connect securely (TLS,VPN,...) to the gateway. Additionally we want to enable the user to choose the way of anonymizing, e.g. using Jap or Tor. Because of this and because we use the gateway for some other things, we had to design our own protocol which is similar to Socks, but has some additional parameter for the anonymity configuration. So our architecture looks like this: the mobile client connects securely (by VPN) to the gateway, then it sends a Socks-like connect request along with the configuration parameters to the gateway, the gateway sends a request to the chosen anonymity service (e.g. talking socks5 to Tor on port 9050) and after the connection has been established the gateway forwards all incoming data. What do you think of this architecture and of anonymity on mobile devices in general? There was a system called mCrowds which implemented Crowd's Jondos on WAP-gateways. Does anyone know it? Christian ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Sat Sep 17 09:19:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Sat, 17 Sep 2005 18:19:06 +0200 Subject: [christian.beil@web.de: Anonymity on mobile devices] Message-ID: <20050917161905.GE2249@leitl.org> ----- Forwarded message from Christian Beil ----- From rah at shipwright.com Sat Sep 17 16:58:47 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Sat, 17 Sep 2005 19:58:47 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <20050917180300.GF32336@afflictions.org> References: <43281D7D.5860.C2B793@localhost> <432B68B0.23022.DA0765B@localhost> <20050917180300.GF32336@afflictions.org> Message-ID: At 2:03 PM -0400 9/17/05, Damian Gerow wrote: >You're damn right it's political. Especially if you're a Marxist, or some, shall we say "homeopathic" variant thereof: after all, "the personal is political", right? Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From DWZHDGX at kingbadge.com Sun Sep 18 13:43:35 2005 From: DWZHDGX at kingbadge.com (Felecia Wright) Date: Sun, 18 Sep 2005 18:43:35 -0200 Subject: You can save few hundreds every month Message-ID: <3DF4FB83.82004@ubp.edu.ar> Xanax and other drugs with wholesale prices. You wont find better prices anywhere! Levitra - 60 Pills - 399$ Xanax - 60 Pills - 199$ Ambien - 60 Pills - 190$ Ultram - 60 PilIs - 85$ Viagra - 150 Pills - 269$ Valium - 180 Pills - 370$ Soma - 80 Pills - 79$ Please click below and check out our offer. http://www.strangeparts.info/?8a6d6e4d683S6a73e39S9a2a3359fbe8 isolate vks cerberus zoq commentator xsc antagonism pv loquacious vfm sudden zs predilect pd barren gh boxcar pgz wept vb hemp imu songful ba script oq delhi dc noun zoj alchemy sia http://www.strangesea.info/rm.php?got From avgmo at yahoo.com Sun Sep 18 07:07:39 2005 From: avgmo at yahoo.com (Stevie Law) Date: Sun, 18 Sep 2005 19:07:39 +0500 Subject: Message subject Message-ID: No need to look for ch$ap and effective love pi11s! Everything you need is now ALL on ONE portal! Make a single click and choose whatever you want to turn your sexual life into a constant paradise! We offer any pi11 you may need. Today - for a special pri$e! Our LICENSED store is VERIFIED BY BBB and APPROVED BY VISA! http://rfubev.desknanny.info/?mgtlitxwsqoyhfcosgzpoafolfh From xkydgz at yahoo.com Sun Sep 18 11:13:38 2005 From: xkydgz at yahoo.com (Fletcher Hickey) Date: Sun, 18 Sep 2005 23:13:38 +0500 Subject: V1agr@ letter for our subscriber$ Message-ID: No need to look for ch$ap and effective love pi11s! Everything you need is now ALL on ONE portal! Make a single click and choose whatever you want to turn your sexual life into a constant paradise! We offer any pi11 you may need. Today - for a special pri$e! Our LICENSED store is VERIFIED BY BBB and APPROVED BY VISA! http://rfubev.desknanny.info/?mgtlitxwsqoyhfcosgzpoafolfh From jamesd at echeque.com Mon Sep 19 09:46:41 2005 From: jamesd at echeque.com (James A. Donald) Date: Mon, 19 Sep 2005 09:46:41 -0700 Subject: The ghost of Cypherpunks In-Reply-To: <20050917180300.GF32336@afflictions.org> References: <432B68B0.23022.DA0765B@localhost> Message-ID: <432E8901.4858.570D8D0@localhost> -- James A. Donald > : So when I buy coffee, that is political? Damian Gerow > Is it organic, fair-trade, shade-grown coffee? > Locally grown? Locally roasted? Purchased through > StarBucks or a local coffee shop? Do the growers use > their profits to help the growth of coca plants? Or > perhaps to fund research into genetically modifying > said coca plants to make them resistant to pesticides? > > You're damn right it's political. like Ben and Jerry's rainforest crunch, where by buying overpriced and extra fattening icecream, you were supposedly saving the rainforest and preserving indigenous cultures . --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG 4C+hXHkc3y/UsCUMCx1hWWfk7CYoEIBHyDzVmvQs 4B8YupK7ecImNY+39UMmwbfxBouJu/1U4cVELH+JQ From rah at shipwright.com Mon Sep 19 07:54:39 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 19 Sep 2005 10:54:39 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <432EBDA9.4020703@students.bbk.ac.uk> References: <43281D7D.5860.C2B793@localhost> <432B68B0.23022.DA0765B@localhost> <20050917180300.GF32336@afflictions.org> <432EBDA9.4020703@students.bbk.ac.uk> Message-ID: At 2:31 PM +0100 9/19/05, ken wrote: >Assuming that you mean feminism is a variant of Marxism, what >exactly do you mean by Marxism? Exactly what you do. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From demonfighter at gmail.com Mon Sep 19 09:57:37 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Mon, 19 Sep 2005 12:57:37 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <432E8901.4858.570D8D0@localhost> References: <432B68B0.23022.DA0765B@localhost> <20050917180300.GF32336@afflictions.org> <432E8901.4858.570D8D0@localhost> Message-ID: <7d752ae305091909577e7ce5f2@mail.gmail.com> On 9/19/05, James A. Donald wrote: > like Ben and Jerry's rainforest crunch, where by buying > overpriced and extra fattening icecream, you were > supposedly saving the rainforest and preserving > indigenous cultures . --shrug-- It's better than directly contributing to most "causes". At least this way you get some ice cream for your money. (I've done a lot of IT consulting for a lot of not-for-profits in the US, most notably on their accounting systems. I haven't expressly pried into the numbers, but I kept my eyes open and couldn't help but notice that the overhead consumption was uniformly really high. And in the case of the charities and the PACs, the overhead numbers reported by the accounting system were generally much higher than those given in the annual disclosures.) -- There are no bad teachers, only defective children. From rah at shipwright.com Mon Sep 19 10:15:15 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 19 Sep 2005 13:15:15 -0400 Subject: The ghost of Cypherpunks In-Reply-To: <432E8901.4858.570D8D0@localhost> References: <432B68B0.23022.DA0765B@localhost> <432E8901.4858.570D8D0@localhost> Message-ID: At 9:46 AM -0700 9/19/05, James A. Donald wrote: >like Ben and Jerry's rainforest crunch, where by buying >overpriced and extra fattening icecream, you were >supposedly saving the rainforest and preserving >indigenous cultures . Politics is marketing by other means... ;-) Cheers, RAH Or is it the other way around... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From bbrow07 at students.bbk.ac.uk Mon Sep 19 06:29:20 2005 From: bbrow07 at students.bbk.ac.uk (ken) Date: Mon, 19 Sep 2005 14:29:20 +0100 Subject: The ghost of Cypherpunks In-Reply-To: <432B68B0.23022.DA0765B@localhost> References: <43281D7D.5860.C2B793@localhost> <432B68B0.23022.DA0765B@localhost> Message-ID: <432EBD30.5000206@students.bbk.ac.uk> James A. Donald wrote: > -- > From: ken > >>Do you really think that politics only exists where >>there is a state? I'd have thought the opposite is >>true. Most states actively prevent most people >>participating in politics. > > > The more authoritarian the state, the more in compells > people to participate in politics, making eveything they > do or think political, for example the endless meetings > in Cuba and Mao's china, That seems almost the opposite of politics to me. The actual politics - the arguments, the decisions - has been done in some smoke-filled room beforehand. The public meeting is nothing more than the product launch. >>Where there is no state everyone is a politician, all >>the time, and all public acts are overtly political. > > So when I buy coffee, that is political? Well, yes. If only because the buyer and seller are both extending the reach of their lives to influence others to behave in the way that they want. Using money in this case rather than votes or threats, but still in a sense a kind of politics. And of course on a large scale more obviously what is more conventionally called politics - that small transaction, a dollar for a cup of coffee, multiplied by millions can cause armies to move, can set up and tear down governments, induce luxury in one place, famine in another. If we can say that war is politics carried on by another means we can also say that markets are politics carried on by other means. > Surely the non state area of our lives is the non > political area of our lives. Not unless we are living as hermits. Our entire lives involve rubbing up against other people and negotiating our relations with them. Which is basically what politics is From demonfighter at gmail.com Mon Sep 19 11:29:21 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Mon, 19 Sep 2005 14:29:21 -0400 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring In-Reply-To: References: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> Message-ID: <7d752ae3050919112965a965f5@mail.gmail.com> On 9/16/05, R.A. Hettinga wrote: > Time travel aside (okay, innumeracy aside, some state-school philosophy > majors can't count, either...), if I'm a reporter, this is "new > journalism", since most of the missive is about *wonderful* *ME*... Never mind the numbers. How does this special-purpose hardware make you _feel_? Can you express the cost of the machine in terms of bags of rice which could have been given to starving chiiiildren in Nepal, or wherever children are starving nowadays? How much higher could the NOLA levees have been built if everyone who worked on this machine had instead been working full-time pouring concrete and piling sandbags? What does George Bushitler stand to gain from this machine? -- There are no bad teachers, only defective children. From bbrow07 at students.bbk.ac.uk Mon Sep 19 06:31:21 2005 From: bbrow07 at students.bbk.ac.uk (ken) Date: Mon, 19 Sep 2005 14:31:21 +0100 Subject: The ghost of Cypherpunks In-Reply-To: References: <43281D7D.5860.C2B793@localhost> <432B68B0.23022.DA0765B@localhost> <20050917180300.GF32336@afflictions.org> Message-ID: <432EBDA9.4020703@students.bbk.ac.uk> R.A. Hettinga wrote: >>You're damn right it's political. > > > Especially if you're a Marxist, or some, shall we say "homeopathic" variant > thereof: after all, "the personal is political", right? Assuming that you mean feminism is a variant of Marxism, what exactly do you mean by Marxism? From rah at shipwright.com Mon Sep 19 12:00:32 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 19 Sep 2005 15:00:32 -0400 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring In-Reply-To: <7d752ae3050919112965a965f5@mail.gmail.com> References: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> <7d752ae3050919112965a965f5@mail.gmail.com> Message-ID: At 2:29 PM -0400 9/19/05, Steve Furlong wrote: >What does George Bushitler stand to gain from this machine? There you go again... Cheers, RAH I feel *gooood*... -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From demonfighter at gmail.com Mon Sep 19 12:37:39 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Mon, 19 Sep 2005 15:37:39 -0400 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring In-Reply-To: References: <6.2.1.2.0.20050916112125.03dfe1f0@pop.idiom.com> <7d752ae3050919112965a965f5@mail.gmail.com> Message-ID: <7d752ae3050919123759accfbb@mail.gmail.com> On 9/19/05, R.A. Hettinga wrote: > At 2:29 PM -0400 9/19/05, Steve Furlong wrote: > >What does George Bushitler stand to gain from this machine? > > There you go again... Just to be clear, that's what I'd expect the current wave of j-school grads to be asking, not what I'd be asking. (Not that I'm particularly fond of the Prez, but I'm not one of the LLLs who say he's worse than Hitler, Pol Pot, Idi Amin, and Ronald Regan combined.) (Stalin doesn't go into that equation because he was, you know, a good guy whose actions have been misinterpreted.) -- There are no bad teachers, only defective children. From rah at shipwright.com Mon Sep 19 12:58:11 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Mon, 19 Sep 2005 15:58:11 -0400 Subject: [Clips] The Real ID Act: MIT Online Forum Has Begun - Please Register if You Have Not Already Done So Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Mon, 19 Sep 2005 15:55:58 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] The Real ID Act: MIT Online Forum Has Begun - Please Register if You Have Not Already Done So Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Date: Mon, 19 Sep 2005 15:28:53 -0400 From: Daniel Greenwood User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317) To: undisclosed-recipients: ; Subject: The Real ID Act: MIT Online Forum Has Begun - Please Register if You Have Not Already Done So This note is to inform you that the online forum will officially convene today at 3pm Eastern Time, September 19, 2005. The discussion facilitators are all scheduled to post their initial statements by that time. In the meantime, you are invited to join the emerging discussion at: http://civics.typepad.com/realid/ Again, the main site for this initiative is http://ecitizen.mit.edu, and you can register at this address We encourage you to comment on as many topics associated with each discussion track as interest you. Please also consider commenting on the comments of others. The facilitator for each discussion track will, from time to time, jump in the dialog to keep it moving, answer questions (if appropriate) or throw out additional aspects of the topic for consideration. We have chosen to use a commercial web log provider as the host for this event, in part as a test of the tool as we evaluate a platform for future online discussions. Please feel free to use the built in blog features, such as tracking back to any blog entries you may have and syndication. To participate in the discussion, simply click the "comment" button associated with the topic you would like to join in with. The initial discussion tracks will be as follows: Facilitated Discussion Track: The Interest in Homeland Security This track is facilitated by Colleen Gilbert, Executive Director of the Coalition for a Secure Driver License. This discussion track of the MIT Real ID online forum is focused on the assertion that a secure driver license is needed for reasons of national security, especially as an anti-terrorism measure. In addition, the scope of this track includes assertions that the Real ID Act can help combat common frauds and crimes such as identity theft, by creating a more reliable state issued identity system that is easily linked at the national level. Facilitated Discussion Track: The Interest in Privacy and Civil Liberties This track is facilitated by Lee Tien, Senior Staff Attorney for the Electronic Frontier Foundation. This discussion track of the MIT Real ID online forum is focused on the assertion that the Real ID Act of 2005 represents a National ID Card that will result in violation of the privacy rights and other civil liberties of Americans and others who are lawfully in the jurisdiction of the U.S. In addition, other constitutional issues related to this exercise of federal authority in an arena traditionally controlled by the states is in the scope of this discussion. Facilitated Discussion Track: Practical State Governmental and DMV Issues This track is jointly facilitated by David Lewis, Former CIO, Massachusetts and Chairman of American Association of Motor Vehicle Administrators Committee that implemented the National Commercial Driver License and by Barry Goleman. This discussion track of the MIT Real ID online forum is focused on the assertion that the Real ID Act of 2005 has important, and perhaps unforeseen, implications at the practical level for state governments who are required to comply with the provisions of this statute. How would the cards and underlying data systems and business practices be implemented in a way that is effective, efficient, compliant with federal deadlines and other requirements and within the available budget and other resource constraints of the states? Within the scope of this discussion are other potential models to look at as examples, such as the existing national system for commercial driver licenses, implemented at the state level. How the physical and online systems will be architected and built, whether or how they will interoperate, the access rights and other safeguards and protections that will be present or absent will all be factors in the over all discussion of the ramifications of this new federal statute. Facilitated Discussion Track: Convergence of Physical and Digital Identity Related to Real ID This track is facilitated by Dan Combs, President of Global Identity Solution. This discussion track of the MIT Real ID online forum is focused on the assertion that the Real ID Act of 2005, once widely implemented, will be an important foundation for the convergence of physical identity and digital identity systems. This assertion is based on the fact that the Real ID statute requires that each compliant driver license be encoded with a particular data model of information and that the information be "machine readable". As discussed elsewhere on this online discussion, the machine readable aspect of the new nationally standard driver license will create a strong market to use these cards as part of signing on to all manner of web sites, e-commerce and e-government applications. Given that the Real ID card will have linked information that will serve as a physical token of identity (like current driver licenses and other physical identity cards like an employee badge or a passport) as well as a source of digital identity for the Internet and other software systems and applications, it can represent a widely used "killer app" for converging digital and physical identity for access controls, authorization and many other purposes. Facilitated Discussion Track: Balancing Interests Going Forward This track is facilitated by Professor Michael Froomkin, of the University of Miami School of Law. This discussion track of the MIT Real ID online forum is focused on ideas, proposals and dialog around how to best balance the competing and apparently conflicting interests triggered by the Real ID Act of 2005. Professor Froomkin will use as a starting point, his recent article entitled "The Uneasy Case for a National ID". Within the scope of this discussion are practical, business, technical, legal and policy aspects of the Real ID Act that will need to be harmonized acceptably once the provisions of this new law go into effect. It is expected that this track will begin mid-week. If you log in before 3pm today, it is likely that not all the initial statements for each discussion track will yet be posted. Feel free to comment on any track that is available when you log in, and please check back later today and through the rest of this week to see how the conversation develops. As new topics are added or other important changes are made, we'll try to send a reminder to you from time to time this week to let you know. Finally, if you have comments on the software itself, we'd be interested to hear them. This is a test of the blog platform provided by typepad, which we are evaluating for possible future use. We think it is pretty nifty, but your feedback and suggestions will be invaluable as we make our final selections. Again, thank you for your interest in this important and timely event. We look forward to your participation. Best regards, - Daniel J. Greenwood Lecturer, Media Lab of MIT Director, MIT E-Commerce Architecture Program http://ecitizen.mit.edu --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jamesd at echeque.com Mon Sep 19 19:59:52 2005 From: jamesd at echeque.com (James A. Donald) Date: Mon, 19 Sep 2005 19:59:52 -0700 Subject: The ghost of Cypherpunks Message-ID: <432F18B8.13913.7A23C72@localhost> -- From: ken > Assuming that you mean feminism is a variant of > Marxism, what exactly do you mean by Marxism? Marxism reinterpreted history as class war, though in fact workers tended to cooperate with bosses and make war on competing workers, and similarly for capitalists. Marxism also reinterpreted the doctrine of inevitable progress as leading to a "classless" utopia, though somehow the intellectuals would be more equal than others in that utopia - note Marx's contemptuous and snobbish mistreatment of actual workers, and the striking lack of contact that Marx and Engles had with actual workers. Engles writings about the condition of the working class in England are based entirely on what one can see through the window of a coach and four horses while being driven from a luncheon party to a dinner party. Since we had inevitable progress, the past necessarily had to be demonized and made alien, and the further back it went, the greater the demonization and more strange and alien the past had to be, requiring an ever greater rewrite of history. Well time passed, and actual proletarians never showed much enthusiasm for the war effort, so by and by Marxists started looking for new wars, pouring the old wine into new bottles, the old wine being leadership by enlightened intellectuals, group warfare justifying the most horrifying misconduct, massive rewrites of history, and synchronized lying ("I heard this from the three different people, so it must be true") - and of course, far from oppressed intellectuals supposedly identifying themselves with distant groups they don't like very much. Observe all the diesel dyke feminists supposedly passionately seeking to protect attractive heterosexual women from date rape. These various isms are not marxism, not exactly, but they bare a striking resemblance to their parent. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG JTnG7EwKWGBKCLMjy9fEelUGWOaNVelhzQKnyKWj 4KYcVP6IOe2k/gw1LLqwMfH5ioyRfGUAvNrJFj/2o From AlanaLara at yahoo.com Mon Sep 19 18:40:49 2005 From: AlanaLara at yahoo.com (JacquelynMelvin) Date: Mon, 19 Sep 2005 20:40:49 -0500 Subject: It`s time to Refill Message-ID: <279212032200.84451.casey@outbacklinux.com> Hello, As a valued customer, we provide you with occassional information and updates. Our records indicate that you may be in need of a refill. We hope that you will once again, give us the opportunity to offer you a great selection of meds, low prices, and superior customer care. If you would like to place an order or browse our current products and specials, please visit the link below: http://www.strangesea.info/?9356c7Se4ca91ae72020d4b315S971fa Yours Truly, JacquelynMelvin Customer Care Specialist bothersome me cab you. carrion me gluing you. validate me suicide you. antagonist me inertial you. julio me orange you. http://www.strangeparts.info/fhg.php From DenaMarcumchance at hotmail.com Mon Sep 19 19:21:34 2005 From: DenaMarcumchance at hotmail.com (Lynda Cornelius) Date: Mon, 19 Sep 2005 23:21:34 -0300 Subject: Denny here Message-ID: <4.2.63.2081924.0083fc70@ies.edu> Our male enlargement pill is the most effective on the market today with over 100,000 satisfied customers worldwide. Our product is doctor recommended and made from natural ingredients. One enlargement pill a day is all you need to: - Increase the length - Make yours thicker, longer and harder - Stop you from making an embarassing doctor visit - Boost your confidence level & self-esteem - Stop Prem Ejaculation http://www.iwasnthopinginthislife.com/2lz62/ bravado me gilmore you. breadwinner me neanderthal you. trustee me chalcedony you. deem me permitted you. apprehension me bile you. From jamesd at echeque.com Tue Sep 20 08:54:53 2005 From: jamesd at echeque.com (James A. Donald) Date: Tue, 20 Sep 2005 08:54:53 -0700 Subject: Fwd: Re: MIT talk: Special-Purpose Hardware for Integer Factoring In-Reply-To: <7d752ae3050919123759accfbb@mail.gmail.com> References: Message-ID: <432FCE5D.22137.A67CA2C@localhost> -- Steve Furlong > (Not that I'm particularly fond of the Prez, but I'm > not one of the LLLs who say he's worse than Hitler, > Pol Pot, Idi Amin, and Ronald Regan combined.) (Stalin > doesn't go into that equation because he was, you > know, a good guy whose actions have been > misinterpreted.) No no, Stalin was "a very bad man" - yet, not however, as bad as Ronald Reagan et al. Furthermore the five year plans involved no bloodshed whatsoever, well only a teensy weensy little bit, nothing like what General Motors does in its well known slave labor camps, and the liquidation of the kulaks was self defense against a vicious attempt by the peasants to starve the proletariat. :-) --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG ikKvUYkvyBE7ikT3WsIGcsxLztiI6VjO7F+lbUPi 43u1MspIR5iABmysKM+9wkz7R+H7AgDDsuhTSZJ4A From rah at shipwright.com Tue Sep 20 06:00:40 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 20 Sep 2005 09:00:40 -0400 Subject: [Clips] Velvet Revolutions and the Logic of Terrorism Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Tue, 20 Sep 2005 08:58:39 -0400 To: Philodox Clips List From: "R.A. Hettinga" Subject: [Clips] Velvet Revolutions and the Logic of Terrorism Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com Tech Central Station Velvet Revolutions and the Logic of Terrorism By Frederick Turner Published 09/20/2005 Part of our difficulty in dealing with global terror directed against civilian populations is that we have not, I believe, understood what it was designed to attack. Some see it as a war between cultural blocs, others as a religious war against infidels, others as a traditionalist reaction to the social, economic, and cultural disruptions caused by globalism, others as a continuation of the liberation of oppressed peoples from colonial imperialism. There may be a grain of truth in some of these explanations, but the counter-examples to each of them are glaring. For instance, the majority of deaths by terrorism in the last several years -- even including 9/11 and the second Intifada -- have been the result of Muslim-on-Muslim violence, perhaps even Arab-on-Arab violence, depending on what is counted. Thus we can rule out cultural and religious war as the prime motivation. Though one can at a stretch describe the Taliban as traditionalists opposing the corruptions of global market capitalism, al Qaeda is a quintessentially cosmopolitan, big-business financed, historicist, international intellectual movement, as globalist in its own way as Microsoft. As for the anti-colonialist explanation, it is hard to see how animist Sudanese farmers, Kashmiri Hindus, Sunni Kurds, Iraqi Shiites, Philippine Christians or Egyptian or Lebanese democrats, all of them targets of terrorism, could be considered colonial oppressors. The history of warfare shows us that each new military power arises as the result of a new strategy or weapon, with a major socio-economic dimension, that effectively refutes the previous one. The disciplined citizen-hoplite infantryman of the Greek city-states answers and reverses the huge peasant armies of the Persian emperors. The plebeian Roman phalanx defeats the elite Spartan line. The Parthian cavalry archer wears out and turns back the Roman phalanx. The longbow brings down the armored knight. The swift low British man-o'-war defeats the galleon. The machine-gun stops the massed infantry attack invented by Marlborough and Bonaparte. When the suicide bomber first emerged as the paradigm and core symbol of terrorism, it could be argued that it was exactly the weapon to counter the nuclear-armed modern democratic nation state (Israel in particular). The suicide bomb could not, by definition, be avenged or deterred; though it could not target the government, which could always democratically renew itself, it could target the population's trust in its government. Its target was, appropriately, the whole population, because in a democracy the whole population is the sovereign. The bomber could always be disavowed by his state bosses and protectors. But as I have pointed out, the numbers of Israeli and Western dead as victims of terror are only a fraction of the total number. War is politics by other means. Why did suicide terror metastasize from Israel to the world? What is the basic political enemy of the global terrorist movement? What is it designed to attack? Though it would be tempting to say that the target is the democratic state, the evidence does not quite support it. Many existing democratic states were left alone, and coexisted with, for years before suicide terror emerged, and are so still. I believe that the evidence points clearly to one target. Thirty years ago it looked as if the totalitarian state was solidly established, successful and immortal. Democratic capitalism had been stopped in its tracks. The nuclear-armed socialist dictatorship could not be attacked or defeated; it could at best be contained, and none of its incremental marginal conquests could be rolled back. Marvelously, however, a new strategy emerged, invented by the world's middle-class populations, that could bring down the totalitarian state: the velvet revolution. Totalitarian governments rely on elites to govern and control the people and defend themselves against outside ideas. Those elites must reproduce themselves, creating a property-owning educated class with great power but without the revolutionary ideology of their parents; and to remain economically viable the state must produce a skilled artisan class, like the shipbuilders of Gdansk, with the capacity to unionize. Out of these materials, generated by totalitarianism itself, comes the velvet revolution. The velvet revolution (also named the orange revolution, the purple finger, the rose revolution, the cedar revolution) has swept the world. In different ways, nonviolent, non-ideological middle-class and skilled-worker mass movements have unseated tyrants and established democracies in an amazing range of countries: Spain, Portugal, Chile, Argentina, Poland, East Germany, Hungary, Romania, Bulgaria, Russia, Bangladesh, South Korea, Indonesia, the Baltic states, Mexico, Serbia, Albania, Georgia, the Ukraine, the Philippines, Lebanon, even Palestine, all fell to the regimes of popular sovereignty. China nearly fell in 1989, with the Tiananmen protest, and will become a democracy some time in the next twenty years. If there is one defining event that characterizes the end of twentieth century political modernism, it is this one. The suicide bomb, with the mass terrorism it epitomizes, is the weapon of choice against the velvet revolution. The target is not, as well-meaning critics of terrorism say, indiscriminate: it is exact and precise. The target is any population that might organize a velvet revolution, the potential sovereigns of a democratic state. It is people who are not ideological, who are willing to let others believe what they want, who want to make a living and be independent, and who want a say in their government. Even in Israel, where it was the citizens of an already-established democratic state that were being attacked, the true target, as we are now coming to understand after the death of Arafat, was the nascent democracy of Palestine. By killing Jews, Arafat could continue to oppress and defraud Palestinians. Global terrorism is not a revolution, but an attempt to suppress a revolution. What is being defended by suicide terror is not Islam, not traditional moral culture, not the ethnic nation yearning to be free of the colonial oppressor, but the principle of totalitarian rule -- the sovereignty of the dictator or the ayatollah, promoted as national self-identity and independence, or as the will of God. It is the last gasp, historically, of the ancient system by which the huge majority of human beings were ruled since the Neolithic agricultural revolution. -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Tue Sep 20 09:14:13 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 20 Sep 2005 12:14:13 -0400 Subject: Wired on "Secrecy Power Sinks Patent Case" In-Reply-To: Message-ID: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) Aside from this the links are worth pursuing vz Variola Suitcase type discussions. I suspect that a thorough civilian analysis could reveal a lot about NSA's undersea operation. One thing I can see about this connector is that it does not require any visual orientation in order to mate the Bragg-angled fiber interfaces inside...other connectors either mismate if you're not careful, or require rotating the ferrule in order to get the notch to line up. (Low-loss fiber connectors are Bragg-angled in order to prevent reflections.) These might not be viable options at deep depths, indicating that some of their operation must be done extra-vehicular (though by humans or robots I can't yet tell.) Their carrying on about HOW they select traffic is, I suspect, true: They must have some kind of control and switching network in some areas in order to select out some traffic, and I believe I've seen parts of this...the bandwidth is just too large to develop a complete 1:1 copy of everything, when we're talking middle-of-the-ocean-type applications. (And as I've also stated many times, I'd bet NSA has a HUGE risk analysis department to support the decisons about which traffic to grab.) -TD From declan at well.com Tue Sep 20 17:01:57 2005 From: declan at well.com (Declan McCullagh) Date: Tue, 20 Sep 2005 17:01:57 -0700 Subject: [Politech] In China, U.S. tech companies face free speech choices [fs] Message-ID: http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2005/09/18/MNGDUEPNLA1.DT L Chinese Internet vs. free speech Hard choices for U.S. tech giants Carrie Kirby, Chronicle Staff Writer Sunday, September 18, 2005 U.S. tech giants are helping the Chinese express themselves online -- as long as they don't write about democracy, Tibet, sex, Tiananmen Square, Falun Gong, government corruption or any other taboo subject. Microsoft bans "democracy" and "Dalai Lama" from the Chinese version of its blog site. Yahoo recently turned over information that helped the Chinese government track down and imprison a journalist for the crime of forwarding an e-mail. Google omits banned publications from its Chinese news service. Critics say that cooperating with governments to suppress free speech violates human rights, international law and corporate ethics. But what the experts can't agree on is what the companies should do about it. The Internet -- even with limitations -- is generally considered a powerful democratizing force. If international companies withdrew from the Chinese Internet market, the result might mean even fewer chances for free communications there. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From justin-cypherpunks at soze.net Tue Sep 20 11:54:23 2005 From: justin-cypherpunks at soze.net (Justin) Date: Tue, 20 Sep 2005 18:54:23 +0000 Subject: Wired on "Secrecy Power Sinks Patent Case" In-Reply-To: References: Message-ID: <20050920185423.GA4737@arion.stark.net> On 2005-09-20T12:14:13-0400, Tyler Durden wrote: > Very interesting CPunks reading, for a variety of reasons. > > http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 I'm sick of this "mosaic theory" being used to justify preventing access to unclassified information. -- "War is the father of all and king of all, and some he shows as gods, others as men; some he makes slaves, others free." -Heraclitus DK-53 From tmeehan at connect.carleton.ca Wed Sep 21 01:25:07 2005 From: tmeehan at connect.carleton.ca (Tim Meehan) Date: September 21, 2005 1:25:07 PM EDT Subject: No subject Message-ID: , Declan , dave at farber.net Subject: OT: Canada: Sweeping new surveillance bill to criminalize investigative journalism http://www.canada.com/ottawa/ottawacitizen/news/story.html?id=0a3f8b88-8c82-4 0d9-ad56-917d1af35e76 Pubdate: Wednesday, September 21, 2005 Source: Ottawa Citizen (CN ON) Contact: letters at thecitizen.canwest.com Sweeping new surveillance bill to criminalize investigative journalism, 'nanny cams,' critics say Bill makes it illegal to monitor children, document corrupt acts Cristin Schmitz The Ottawa Citizen Big Brother wants expanded powers to watch over you and yours, but Canadians who use their video cameras to conduct their own "surveillance" could risk prison under legislative measures the Liberal government is considering for this fall. As part of a planned bill that will hand sweeping new electronic surveillance powers to police, the federal government is also contemplating the creation of one or more new offences that would turn into criminals anyone who wilfully makes surreptitious "visual recordings" of "private activity." The government is also looking at criminalizing any such activity that is done "maliciously" or "for gain." Among those who could find themselves exposed to criminal jeopardy for currently legal activities are investigative videojournalists, parents who rely on hidden "nanny cams" to monitor their infants, the paparazzi and private investigators. The possible measures were unveiled earlier this year by government officials during closed-door discussions with selected groups and individuals. But the proposal has caused a stir among civil libertarian and legal groups who say the government has failed to provide evidence that such a broad new offence is needed, particularly in the wake of the new "criminal voyeurism" offence created by Parliament in the summer. Voyeurs are now liable to up to five years in prison if they surreptitiously visually record a person who is in a state of nudity or engaged in sexual activity in situations where there is a reasonable expectation of privacy. Toronto media lawyer Bert Bruser, a member of the Canadian Media Lawyers' Association, said his group was not consulted on the proposal for an additional new "visual recording" offence, even though it could have a dramatic impact on those investigative journalists who, for example, stake out politicians or other public figures to see if they are engaged in wrongdoing. "I don't think anybody has thought about this proposal, I think it's hideous," Mr. Bruser remarked. He rejected the government's argument that because surreptitious wiretapping of private telephone conversations is illegal without a court order, Canadians should be similarly barred from surreptitiously capturing electronic images. "The problem with legislation like that is when it uses terms like 'private activity' it creates a meaningless sort of phrase and nobody knows what it means," Mr. Bruser observed. "Everybody wants to protect people's privacy these days, but I think that's far too broad and would very seriously hamper all sorts of journalism that is in the public interest, and that goes on all the time." Justice Department lawyer Normand Wong emphasized if the government moves ahead with a new visual recording offence, it will endeavour to craft "an offence that isn't overly broad, but protects those principles that Canadians want to protect, and that's personal privacy, without interfering with legitimate practices like investigative journalism." But Bill Joynt, president of the Council of Private Investigators of Ontario, who also chairs a national umbrella group, complained the government has failed to consult with his membership. "I haven't even heard of this. We haven't been consulted and we would like to be," he said. "If there is not an exemption for private investigators, this would put us all out of business. Any surveillance we do is documented with video, and that includes insurance claims, Workers Safety and Insurance Board claims, both directly for the WSIB and employers, plus domestic investigations, and intelligence-gathering for corporate or criminal defence investigations." Mr. Joynt said private detectives already steer clear of surveillance in residences and other private places. "What we would be concerned about is the definition of 'private activity,' " he stressed. "We are aware that there are certain things that are kind of sacrosanct and that we wouldn't videotape, such as people changing their clothes or going to the bathroom. But if it was a spousal domestic investigation, for example, and somebody was having sex in the front seat of a car, we would be videotaping it." Mr. Joynt also argued that parents should be entitled to install a hidden video camera in their kitchen, for example, if they are suspicious about how a child-care giver is interacting with their helpless infant. "If they become suspicious about the quality or the level of that care, they should be able to check it out and I don't think that employee's right to privacy supercedes the right of the child to a safe environment," Mr. Joynt said. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From declan at well.com Wed Sep 21 06:22:26 2005 From: declan at well.com (Declan McCullagh) Date: September 21, 2005 6:22:26 PM EDT Subject: [Politech] Request: Check your cell phone to see if it's Message-ID: always transmitting your location [priv] Related Politech message: http://www.politechbot.com/p-05008.html And a column I wrote on this a while ago: http://news.com.com/2010-1071_3-5064829.html -Declan -------- Original Message -------- Subject: Always-on location tracking in cellphones Date: Wed, 21 Sep 2005 18:04:30 -0400 From: Richard M. Smith To: 'Declan McCullagh' Hi Declan, We have talked before about the FCC mandate which is requiring all U.S. wireless carriers to provide location information to emergency operators accurate to about 150 feet on all 911 calls as part of the Enhanced 911 program (http://www.fcc.gov/911/enhanced/). To meet this FCC mandate, my Verizon Wireless Treo 650 cellphone includes some kind of GPS tracking technology. The Treo also has an option to select if location information is sent in to Verizon for all calls or only 911 calls. I was a bit surprised to learn that my Treo defaults to always sending location information. After a bit of initial confusion, I got confirmation from both Palm and Verizon Wireless that my observation about the default was correct. However, Verizon Wireless told me this is a mistake and going forward, they plan to change the default to "911 calls only". I'm curious now when other models of cellphones transmit location information to carriers. Can folks on Politech check their cellphones and phone manuals to see what kind of controls there are over location information and send me the results? I'll also need the make and model of the phone and the wireless carrier. For my Treo phone, I found the location option under "Phone Preferences" in the Options menu of the main phone screen. Thanks, Richard M. Smith http://www.ComputerBytesMan.com _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Wed Sep 21 06:35:17 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 21 Sep 2005 09:35:17 -0400 Subject: Wired on "Secrecy Power Sinks Patent Case" In-Reply-To: <20050920185423.GA4737@arion.stark.net> Message-ID: So if the state hasn't classified my data (and I kinda doubt they will), then it should be up for grabs by anyone suckin' down the dole? -TD >From: Justin >To: cypherpunks at jfet.org >Subject: Re: Wired on "Secrecy Power Sinks Patent Case" >Date: Tue, 20 Sep 2005 18:54:23 +0000 > >On 2005-09-20T12:14:13-0400, Tyler Durden wrote: > > Very interesting CPunks reading, for a variety of reasons. > > > > >http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 > >I'm sick of this "mosaic theory" being used to justify preventing access >to unclassified information. > >-- >"War is the father of all and king of all, and some he shows as gods, >others as men; some he makes slaves, others free." -Heraclitus DK-53 From dave at farber.net Wed Sep 21 10:52:35 2005 From: dave at farber.net (David Farber) Date: Wed, 21 Sep 2005 13:52:35 -0400 Subject: [IP] OT: Canada: Sweeping new surveillance bill to criminalize Message-ID: investigative journalism X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From eugen at leitl.org Wed Sep 21 06:06:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 21 Sep 2005 15:06:10 +0200 Subject: [declan@well.com: [Politech] In China, U.S. tech companies face free speech choices [fs]] Message-ID: <20050921130610.GI2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From rah at shipwright.com Wed Sep 21 12:17:49 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 21 Sep 2005 15:17:49 -0400 Subject: [dave@farber.net: [IP] OT: Canada: Sweeping new surveillance bill to criminalize investigative journalism] In-Reply-To: <20050921184651.GA2249@leitl.org> References: <20050921184651.GA2249@leitl.org> Message-ID: At 8:46 PM +0200 9/21/05, Eugen Leitl wrote: >Why Brin is full of it, and reverse panopticon is a fantasy. Obviously Brin is full of it -- from my own personal experience, even, :-) -- but one should remember that law, much less legislation, is always a lagging indicator. Physics causes finance, which causes philosophy, and all that. Even Stalin couldn't make Lysenkoism science. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Wed Sep 21 11:46:51 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 21 Sep 2005 20:46:51 +0200 Subject: [dave@farber.net: [IP] OT: Canada: Sweeping new surveillance bill to criminalize investigative journalism] Message-ID: <20050921184651.GA2249@leitl.org> Why Brin is full of it, and reverse panopticon is a fantasy. ----- Forwarded message from David Farber ----- From ConsueloHurleyelect at msn.com Wed Sep 21 23:55:33 2005 From: ConsueloHurleyelect at msn.com (Salvador Bernal) Date: Wed, 21 Sep 2005 23:55:33 -0700 Subject: Italian Rolex order Freddie Message-ID: <242212032200.60551.casey@outbacklinux.com> Hello, Thank you for expressing interest in Rolex Replica watches. This opportunity to offer you our fine selection of Italian/Swiss crafted Rolex Timepieces. You can view our large selection of Rolexes (including Breitling, Tag Heuer, Cartier etc) You are guaranteed of lowest prices and highest quality each and every time you purchase from us. Please do not hesitate to visit our website at http://051.g1am99wa1ch.com I certainly look forward to hearing from you. Thanks and Best regards, Salvador Bernal Sales Manager Rolex Watches Enterprises ado me angular you. iv me bayreuth you. droplet me barefoot you. continue me cornelius you. feminism me silhouette you. http://051.g1am99wa1ch.com/rm/ From ThomasHackettenliven at yahoo.com Wed Sep 21 23:08:25 2005 From: ThomasHackettenliven at yahoo.com (GregorioBranch) Date: Thu, 22 Sep 2005 04:08:25 -0200 Subject: Rolex is not for everyone, it`s for you Ron In-Reply-To: <7201929.00b0a2600@designs.com> Message-ID: <357.1@melbpc.org.au> Hello, Thank you for expressing interest in Rolex Replica watches. This opportunity to offer you our fine selection of Italian/Swiss crafted Rolex Timepieces. You can view our large selection of Rolexes (including Breitling, Tag Heuer, Cartier etc) You are guaranteed of lowest prices and highest quality each and every time you purchase from us. Please do not hesitate to visit our website at http://051.branhelpforvicsj29un.com I certainly look forward to hearing from you. Thanks and Best regards, GregorioBranch Sales Manager Rolex Watches Enterprises immanent me andy you. corrode me n's you. streamside me suffrage you. bridgeable me vex you. shadflower me rex you. bitten me effusion you. http://051.branhelpforvicsj29un.com/rm/ From dave at farber.net Thu Sep 22 05:57:50 2005 From: dave at farber.net (David Farber) Date: Thu, 22 Sep 2005 08:57:50 -0400 Subject: [IP] Request: Check your cell phone to see if it's always Message-ID: transmitting your location [priv] X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From Hendrik.Rood at Stratix.nl Thu Sep 22 09:24:53 2005 From: Hendrik.Rood at Stratix.nl (Hendrik Rood) Date: September 22, 2005 9:24:53 AM EDT Subject: European Commission: data retention voice: 1 year and Message-ID: Internet 6 months Prof. Farber, The European Commission yesterday has put forward it's proposal on traffic data retention. With kind regards, Hendrik Rood -- http://europa.eu.int/rapid/pressReleasesAction.do?reference=IP/05/1167&form%2 0at=HTML Commission proposes rules on communication data retention which are both effective for law enforcement and respectful of rights and business interests ------------------------------------------------------------------------ -------- Reference: IP/05/1167 Date: 21/09/2005 IP/05/1167 Brussels, 21 September 2005 Commission proposes rules on communication data retention which are both effective for law enforcement and respectful of rights and business interests The European Commission has adopted today a proposal for a Directive on the retention of communications traffic data. The proposal provides for an EU-wide harmonisation of the obligations on providers of publicly available electronic communications, or a public telecommunications network, to retain data related to mobile and fixed telephony for a period of one year, and internet communication data, for six month. The proposed Directive would not be applicable to the actual content of the communications. It also includes a provision ensuring that the service or network providers will be reimbursed for the demonstrated additional costs they will have. For its adoption, the proposal requires the approval both of the European Parliament and the Council. The Council is currently discussing an alternative text, a Framework Decision which would allow for data retention of up to 3 years and could be adopted by the Council alone. "This proposal is a very balanced and constructive one, which takes account of the fundamental rights to security, to a private life and protection of personal data, as well as different interests, in particular those of law enforcement authorities and communication providers", said Vice President of the Commission Franco Frattini, responsible for Justice, Freedom and Security. As EU citizens expect the three EU institutions to work jointly on this sensitive but important issue and to form a united front in the fight against terrorism and organised crime, he added: "I am dedicated to working on a co-decision basis with the European Parliament and the Member States in the Council, and in particular its UK Presidency, to try to reach an agreement on this issue before the end of this year- counter terrorism effectively requires that we have no time to loose." The proposal was developed in full agreement with Commissioner Viviane Reding, responsible for Information Society and Media: "I am satisfied that the proposal adopted today is in line with the Commission's new Lisbon strategy for which the Information and Communication industry is a key factor for Europe's competitiveness. The Commission proposal now puts data retention rules on a sound legal basis, ensures the full co-decision of the European Parliament and limits the data retention periods to the extent absolutely necessary. In contrast to the text at present discussed in the Council, the Commission proposal in particular requires that all additional costs for the industry, which are proven to have been caused by data retention obligations under the new Directive, will have to be reimbursed." As the investigations following the tragic events of Madrid in March 2004 and London in July 2005 clearly demonstrated, communications traffic data are essential for law enforcement agencies when investigating serious crime and terrorism because such data can disclose associations between persons and events by time and location. The retention of communications traffic data has therefore been identified by a number of different Council meetings as one of the most important instruments for preventing and combating (organised) crime and terrorism, most recently by the European Council of 16/17 June and, following the London attacks of 7 July, the extraordinary Council of Justice and Home Affairs Ministers of 13 July. Fundamental rights aspects have been carefully weighed in the preparation of the proposal, and solid data protection rules will be applicable, given that the general and specific data protection provisions established under Directives 95/46/EC and 2002/58/EC will apply. The processing of such data will be under the full supervisory powers of the data protection authorities established in all Member States. The Directive is also fully in line with the European policy on consumer protection. The proposal has taken into account to a significant extent the ongoing works on an initiative from Member States for a Framework Decision on the same topic, which has been in discussion within the Council since April 2004. However, the Commission proposal is founded on a different legal basis (EC Treaty instead of EU Treaty), which means that the European Parliament will be fully involved in the decision making process. ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From EEkid at aol.com Thu Sep 22 09:27:32 2005 From: EEkid at aol.com (EEkid at aol.com) Date: September 22, 2005 9:27:32 PM EDT Subject: Secrecy Power Sinks Patent Case Message-ID: Secrecy Power Sinks Patent Case By Kevin Poulsen 02:00 AM Sep. 20, 2005 PT When New England inventor Philip French had his epiphany 15 years ago, he didn't dream it would lead to an invention that would be pressed into service in a top-secret government project, or spawn an epic court battle over the limits of executive power. He was just admiring a tennis ball. The ball's seam, with its two symmetrical halves embracing each other in a graceful curve, intrigued him. "I thought, my god, I bet you can do something with that kind of shape," he recalls. He was right. French and two colleagues went on to design and patent a device now called the Crater Coupler, a simple, foolproof connector for linking one pipe or cable to another without nut threads or bolted flanges. The device is interesting on its own, but the broader legal legacy of the invention may be more important. In a little-noticed opinion this month, a federal appeals court ruled against the Crater Coupler patent holders and upheld a sweeping interpretation of the controversial "state secrets privilege" -- an executive power handed down from the English throne under common law that lets the government effectively kill civil lawsuits deemed a threat to national security, even if the state is not a party to the suit. The ruling is notable as a rare appellate interpretation of the state secrets privilege as it applies to patent holders. As such, it is a potentially worrying development for inventors -- particularly those developing weapons, surveillance and anti-terror technologies for government contractors -- who may find infringement claims dismissed without a hearing under the auspices of national security. It also offers a fascinating, if limited, view into the machinery of official secrecy at a time when the privilege is being exercised as never before. "It's the most powerful privilege the government has," says William Weaver, senior adviser to the National Security Whistleblowers Coalition. "It's the nuclear option. It never fails." French says he and his partners -- Charles Monty and Steven Van Keiren -- got the first inkling of a national security application for the Crater Coupler a decade ago. While shopping the new design around to "a whole mess of quick-disconnect companies," the trio received an intriguing inquiry from Lucent Technologies, the reincarnation of the legendary Bell Labs research center, and at that time still part of AT&T. Lucent wanted to evaluate the Crater Coupler for use as a fiber-optic "wetmate" -- an airtight connector for two fiber-optic cables designed to operate underwater. It was part of a contract with a U.S. government agency that, the company said, would have to remain unnamed. "It was a secret black job, they couldn't divulge what it was for," says French. "Who it was for, the Navy or the CIA, or who knows, they never said." A Lucent spokesman confirmed that the company had contact with French in 1995, but wouldn't discuss the details, citing government secrecy concerns. But according to French, the inventors agreed to help Lucent try to adapt the Crater Coupler to the company's needs, with the expectation that Lucent would license the group's patent if it all worked out. The inventors sent over plans, sketches and a model, and French began consulting and advising a Lucent engineer in monthly phone calls. After about a year of development and testing, Lucent had good news for the inventors: The device passed all the tests, shaming a competing, clunky design that French says resembled an old thermos. But when the inventors got on the phone with Lucent's lawyers to discuss license terms, the company dropped a bomb. "Almost the first thing they said was, 'Well, we don't have to do anything, because this is under some sort of provision for military secret stuff where we don't have to pay anything,'" says French. French felt betrayed. "This was after a year of encouragement, with me helping them and them informing us of their progress," says French. "That was one hell of a shock." Lucent eventually offered the inventors $100,000 for the right to produce 1,000 wetmate couplers. The offer caused a rift between French and his partners: They wanted to make a counteroffer of $500,000, but French -- in his 60s and recently retired -- wanted to take what was on the table. "I said, well, Lucent doesn't have to do a thing, so why don't we take $100,000 and be happy with that?" Unable to agree, French's partners bought him out for a flat $30,000. "I used some of the money to have a garage built," French says. Lucent rejected the remaining inventors' counteroffer, and in 1998 Monty and Van Keiren, now incorporated as Crater Corp., filed a federal lawsuit in eastern Missouri against Lucent alleging patent infringement, trade-secret theft and breach of contract. Crater's attorney, Robert Schultz, says there's a question of basic fairness. "Lucent's made a ton of dough, and my clients are out in the cold," says Schultz. The patent-infringement portion of the case has since been dismissed, under a federal law that says a company can't be sued for infringement if the development was for the exclusive use of the government. After a year of pretrial wrangling, the case had progressed to the point that Schultz could start subpoenaing documents to support his claim, when the government intervened to assert the state secrets privilege. Never passed by Congress, the privilege has its roots in English common law and was cemented into American jurisprudence by a landmark 1953 Supreme Court case titled U.S. v. Reynolds. In Reynolds, the widows of three men who died in a mysterious Air Force crash sued the government, and U.S. officials tried to quash the lawsuit by claiming that they couldn't release any information about the accident without endangering national security. The Supreme Court upheld the claim, establishing a legal precedent that today allows the executive branch to block the release of information in any civil suit -- even if the government isn't the one being sued. According to research by Weaver, an associate professor of political science at the University of Texas, the government invoked the privilege only four more times in the next 23 years. But following the Watergate scandal, the executive branch began applying state secrecy claims more liberally. Between 1977 and 2001, there were at least 51 civil lawsuits in which the government claimed the state secrets privilege -- in every case successfully. "There was more oversight of presidential activity" after Watergate, says Weaver. "In response to that, I think presidents resorted to the state secrets privilege to keep that oversight from cramping their style." Under Reynolds, the head of a federal agency must personally intervene to invoke the privilege. In Crater v. Lucent, it was Richard J. Danzig, then-secretary of the Navy, who did the honors. In a March 1999 declaration, Danzig claimed that permitting Crater to pursue a legal inquiry into the government's alleged use of their coupler would tip off U.S. adversaries to certain highly classified government operations and "could be expected to cause extremely grave damage to national security." "Those operations and programs are currently ongoing," Danzig wrote. "It is therefore my opinion that disclosure of information concerning them would permit potential adversaries to adopt specific measures to defeat or otherwise impair the effectiveness of those operations and programs." Judge E. Richard Webber granted the government's request immediately, and blocked the Crater inventors from obtaining any information from Lucent or the feds about the government's alleged use of the Crater Coupler or any other coupling device. In the legal battle that followed, it emerged that the order covered an astonishing 26,000 documents -- some of which were not only unclassified, but had already been entered into the public record. In 2002, Webber examined those documents in chambers, and concluded that not one of them would be available for Crater's use in pressing its case. Schultz turned to the Federal Circuit Court of Appeals. This month a divided three-judge panel ruled (.pdf) that the lower court had properly applied the state secrets privilege. "I would have thought that courts would be more hesitant to apply it to the patent area, but in this case there was no hesitancy whatsoever," says Weaver. In a dissenting opinion, Circuit Judge Pauline Newman wrote that the ruling efficiently killed Crater's lawsuit, and argued that a saner solution would have been to proceed with the case behind closed doors -- a procedure already used to protect classified information during criminal espionage prosecutions. "Although there may be areas of such sensitivity that no judicial exposure can be countenanced -- such as, perhaps, the formation of the Manhattan Project -- there is no suggestion that the sensitive information concerning the Crater Coupler cannot be protected by well- established judicial procedures for preserving the security of sensitive information," Newman wrote. Schultz argues that the secrecy order shouldn't apply to documents concerning an unclassified presentation that Lucent held in which it allegedly showed off the Crater Coupler. He plans to ask for a rehearing of the appeal but claims to be optimistic that the case can proceed with or without access to the evidence. If so, it would be a rarity, says Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy. "The privilege has worked very effectively for the government," says Aftergood. "In almost every case where they've invoked it, it leads to the termination of litigation." Indeed, the list of cases in which the state secrets privilege has been invoked seems a pantheon of injustice. The privilege was upheld in 1982 to prevent former Vietnam War protestors from learning more about an illegal CIA and NSA electronic surveillance effort that targeted them during the 1970s. In 1991, it was used to stop a lawsuit by a banker who'd unwittingly been roped into an illegal CIA money-laundering operation, and who claimed the agency had ruined his career when he tried to get out. In 1998, workers at the Nevada airbase known colloquially as Area 51 were blocked from learning what chemicals they'd been exposed to during illegal burning of toxic waste by base administrators. In 2004, the Bush administration resorted to the privilege to silence former FBI translator Sibel Edmonds, who said she was fired from the bureau after reporting security breaches and misconduct in the agency's translation program. And in perhaps the most disturbing case, this year the Justice Department asserted the privilege to kill a lawsuit by Maher Arar, a Syrian-born Canadian citizen who, in 2002, was picked up by U.S. officials as a suspected terrorist while changing planes at JFK, and promptly shipped off to Syria for a year of imprisonment and torture. "Here's a guy who was a victim of a crime, that is, kidnapping, who was sent by us to a foreign country to be tortured to get information for us," says Weaver. "That violates all kinds of laws and the Convention Against Torture and who knows what else." Weaver says the state secrets privilege is a blunt instrument that too often utterly obliterates any further inquiry by the plaintiffs in a civil case. "I'm not saying it's always invoked for evil purposes -- it almost certainly is not. But we can't tell when it is, and that's the problem." He faults Jimmy Carter for being the first president to use the privilege with frequency, and George W. Bush for using it systematically. "This presidency is the first one in history to use the secrecy privilege in a programmatic, organized comprehensive policy," Weaver says. "It's the first secrecy presidency." "It effectively shuts down the judicial process," says Aftergood. "It tells people that they cannot have their day in court because national security will not permit it, and that's a terrible message to send." Justice Department spokeswoman Cynthia Magnuson says the department generally doesn't comment on how the state secrets privilege is applied. "The only thing I can say is it's applied if appropriate only," she says. But if the outcome sometimes seems unjust, it's a necessary trade-off to preserve national security, says Washington attorney Shannen Coffin, a lawyer at Steptoe and Johnson and a former U.S. deputy assistant attorney general from 2002 to 2004. "That is the balance the court has struck in certain circumstances," says Coffin. "A lawsuit that relates to monetary damages isn't nearly as important as protecting the security of the American people." While at the Justice Department, Coffin was involved in several cases asserting the privilege. "I've been in meetings with cabinet officials that have invoked the privilege, and they don't take it lightly," Coffin says. If there's been an increase in the exercise of the privilege, "It is simply a recognition that information is a weapon in the modern day and age," says Coffin. "And that is a serious concern for national security." Coffin says bold action, like withholding 26,000 documents in the Crater case, is sometimes necessary to prevent a U.S. adversary from compiling bits and pieces of seemingly harmless, unclassified information into a state secret. That "mosaic theory" of national security is frequently cited in litigation surrounding the privilege, and Department of Justice attorney Lisa Olson raised the argument in the Crater case last year. "The more information that is disclosed, the easier it becomes to disclose more, and soon the floodgates are opened and nothing is secret," Olson told Judge Webber. A Navy spokeswoman declined to comment on the Crater case, but outside experts say it's easy enough to guess the nature of the top- secret project the government is protecting. "It's all but self- evident that it has to do with the clandestine monitoring of fiber- optics communications cables on the ocean floor," says Aftergood. "They've been interested in it since the first fiber-optic cable was ever invented," says James Bamford, author of two books on the NSA. "It's clear that they have a major operation in terms of tapping into sea cables." Fiber-optic cables were well on their way to supplanting less-secure communications technologies at the time that Lucent approached the Crater inventors, and it's been widely reported that the switch threatened to cut off the electronic spies at the NSA. "There's been this huge shift from using satellite communications, which is very easy to tap into, to using both terrestrial and transoceanic fiber- optic cables, and that's presented a major problem for NSA," says Bamford. To counter that problem, and keep the electronic intelligence flowing, NSA has reportedly developed sophisticated techniques for wiretapping undersea cables, relying on specially equipped Navy submarines, the most advanced of which is the newly recommissioned USS Jimmy Carter, fresh from a $1 billion upgrade that reportedly includes state-of-the-art technology for tapping into undersea fiber- optic communications. French, now 74 and living in Maine, is not a party to the case since his partners bought out his interest in the invention. But he still has bad feelings over the affair. "If it had been war time, World War II, I'd have given it to them. But if they're hiding behind some friggin' law, basically to screw somebody...." says French, trailing off. Lucent spokesman John Skalko says the court's secrecy order prevents him from addressing the inventors' claims in depth. "We deny any breach of contract or any misappropriation of trade secrets," says Skalko. "You can't try this case in your publication, it's only to be tried in a court of law," Skalko adds -- a prospect that seems increasingly unlikely. http://www.wired.com/news/technology/0,1282,68894,00.html? tw=wn_story_page_prev2 ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dave at farber.net Thu Sep 22 06:45:53 2005 From: dave at farber.net (David Farber) Date: Thu, 22 Sep 2005 09:45:53 -0400 Subject: [IP] European Commission: data retention voice: 1 year and Internet 6 Message-ID: months X-Mailer: Apple Mail (2.734) Reply-To: dave at farber.net Begin forwarded message: From XGKHN at msn.com Thu Sep 22 04:46:30 2005 From: XGKHN at msn.com (Barbra Farrell) Date: Thu, 22 Sep 2005 09:46:30 -0200 Subject: Top 10 Best Watches tA44 Message-ID: <43869969.986XGKHN@msn.com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.enewstoday3livemail.com o-ut of mai-lling lisst: http://043.enewstoday3livemail.com/rm/ Xk From rah at shipwright.com Thu Sep 22 07:05:31 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 22 Sep 2005 10:05:31 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: <20050922125912.GU2249@leitl.org> References: <20050922125912.GU2249@leitl.org> Message-ID: At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: >For my Treo phone, I found the location option under "Phone >Preferences" in >the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From ghicks at cadence.com Thu Sep 22 10:11:10 2005 From: ghicks at cadence.com (Gregory Hicks) Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT) Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Message-ID: <200509221711.j8MHBAl2023949@pony-express.cadence.com> > From: "Tyler Durden" > To: rah at shipwright.com, cypherpunks at jfet.org > Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] > Date: Thu, 22 Sep 2005 12:56:33 -0400 > > Are you sure? No, but the phone now SAYS that location info is OFF except to E911... Whether or not it actually IS turned off is a moot point. How to check? Regards, Gregory Hicks > -TD > > > >From: "R.A. Hettinga" > >To: cypherpunks at jfet.org > >Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to see > >if it's always transmitting your location [priv]] > >Date: Thu, 22 Sep 2005 10:05:31 -0400 > > > >At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: > > >For my Treo phone, I found the location option under "Phone > > >Preferences" in > > >the Options menu of the main phone screen. > > > >Bada-bing! > > > >Fixed *that*. > > > >Cheers, > >RAH ------------------------------------------------------------------- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. "A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision." - Benjamin Franklin "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton From rsw at jfet.org Thu Sep 22 07:54:15 2005 From: rsw at jfet.org (Riad S. Wahby) Date: Thu, 22 Sep 2005 10:54:15 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: References: <20050922125912.GU2249@leitl.org> Message-ID: <20050922145415.GA14940@proton.jfet.org> "R.A. Hettinga" wrote: > Fixed *that*. I've had my location off (as much as is possible) since I had my first phone that had the option, a Samsung A500. Unfortunately, that phone had a firmware bug (never fixed while I had it) such that, when it was in non-location mode, upon losing contact with the network, it would be unable to reconnect (thus, unable to place or receive calls) until powered off and then on again. The moral of the story: very few people turn the location stuff off. Otherwise, they'd have fixed this bug much sooner, as it made the phone more or less unusable for those who cared to do so. -- Riad S. Wahby rsw at jfet.org From camera_lumina at hotmail.com Thu Sep 22 09:56:33 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 22 Sep 2005 12:56:33 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: Message-ID: Are you sure? -TD >From: "R.A. Hettinga" >To: cypherpunks at jfet.org >Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to see >if it's always transmitting your location [priv]] >Date: Thu, 22 Sep 2005 10:05:31 -0400 > >At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: > >For my Treo phone, I found the location option under "Phone > >Preferences" in > >the Options menu of the main phone screen. > >Bada-bing! > >Fixed *that*. > >Cheers, >RAH > >-- >----------------- >R. A. Hettinga >The Internet Bearer Underwriting Corporation >44 Farquhar Street, Boston, MA 02131 USA >"... however it may deserve respect for its usefulness and antiquity, >[predicting the end of the world] has not been found agreeable to >experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From camera_lumina at hotmail.com Thu Sep 22 11:43:50 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 22 Sep 2005 14:43:50 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: <200509221711.j8MHBAl2023949@pony-express.cadence.com> Message-ID: Actually, depending on your App, this would seem to be th very OPPOSITE of a moot point. -TD >From: Gregory Hicks >Reply-To: Gregory Hicks >To: rah at shipwright.com, cypherpunks at jfet.org, camera_lumina at hotmail.com >Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to see >if it's always transmitting your location [priv]] >Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT) > > > > From: "Tyler Durden" > > To: rah at shipwright.com, cypherpunks at jfet.org > > Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to >see if >it's always transmitting your location [priv]] > > Date: Thu, 22 Sep 2005 12:56:33 -0400 > > > > Are you sure? > >No, but the phone now SAYS that location info is OFF except to E911... > >Whether or not it actually IS turned off is a moot point. How to check? > >Regards, >Gregory Hicks > > > -TD > > > > > > >From: "R.A. Hettinga" > > >To: cypherpunks at jfet.org > > >Subject: Re: [dave at farber.net: [IP] Request: Check your cell phone to >see > > >if it's always transmitting your location [priv]] > > >Date: Thu, 22 Sep 2005 10:05:31 -0400 > > > > > >At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: > > > >For my Treo phone, I found the location option under "Phone > > > >Preferences" in > > > >the Options menu of the main phone screen. > > > > > >Bada-bing! > > > > > >Fixed *that*. > > > > > >Cheers, > > >RAH > >------------------------------------------------------------------- > >I am perfectly capable of learning from my mistakes. I will surely >learn a great deal today. > >"A democracy is a sheep and two wolves deciding on what to have for >lunch. Freedom is a well armed sheep contesting the results of the >decision." - Benjamin Franklin > >"The best we can hope for concerning the people at large is that they >be properly armed." --Alexander Hamilton From eugen at leitl.org Thu Sep 22 05:59:12 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 22 Sep 2005 14:59:12 +0200 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Message-ID: <20050922125912.GU2249@leitl.org> ----- Forwarded message from David Farber ----- From eugen at leitl.org Thu Sep 22 06:48:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 22 Sep 2005 15:48:10 +0200 Subject: [dave@farber.net: [IP] European Commission: data retention voice: 1 year and Internet 6 months] Message-ID: <20050922134810.GY2249@leitl.org> ----- Forwarded message from David Farber ----- From nobody at dizum.com Thu Sep 22 07:50:07 2005 From: nobody at dizum.com (Nomen Nescio) Date: Thu, 22 Sep 2005 16:50:07 +0200 (CEST) Subject: GPS Jammer Firm nearly ejected from Russian air show. In-Reply-To: <6.2.1.2.0.20050822212540.038571a0@pop.idiom.com> Message-ID: <7bd74c18719a4f7064fc4285f0e8945a@dizum.com> > http://www.themoscowtimes.com/stories/2005/08/22/002.html > > Antonov denied that his company delivered any equipment directly to Saddam > Hussein but acknowledged it might have reached Iraq via arms dealers. > > "Right before the war, there were a lot of people in Moscow with suitcases > full of money shopping for anything that could deter U.S. troops," Antonov > said. > > Aviakonversia now manufactures its gear outside Russia so as not to > irritate the authorities, he said, though he declined to specify where. He > also refused to identify his clients, saying only that they were foreign > governments that acquired the jammers through middlemen. GPS frequencies are fixed, so they can be interfered with. Only in these days of general technological incompetence, where intangible scientific principles have reverted to their ancient status as mystic, is the concept of RF interference newsworthy. L1 (1575.42MHz) [1] L2 (1227.60MHz) [1] L3 (1381.05MHz) [1] L4 (1841.40MHz) [1] L5 (1176.45MHz) [1] WAAS/EGNOS/MSAS (same as L1) [2] DGPS (283-325khz) [3,4] [1] http://en.wikipedia.org/wiki/Gps [2] http://gpsinformation.net/exe/waas.html [3] http://gps.gov/ado/DgpsCompleteConfiguration.asp [4] http://www.amsa.gov.au/Shipping_Safety/Navigation_Safety/Differential_Global_Postitioning_System/DGPS_Fact_Sheet.asp From eugen at leitl.org Thu Sep 22 08:19:23 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 22 Sep 2005 17:19:23 +0200 Subject: GPS Jammer Firm nearly ejected from Russian air show. In-Reply-To: <7bd74c18719a4f7064fc4285f0e8945a@dizum.com> References: <6.2.1.2.0.20050822212540.038571a0@pop.idiom.com> <7bd74c18719a4f7064fc4285f0e8945a@dizum.com> Message-ID: <20050922151923.GB2249@leitl.org> On Thu, Sep 22, 2005 at 04:50:07PM +0200, Nomen Nescio wrote: > GPS frequencies are fixed, so they can be interfered with. Only in Military receivers are somewhat hardened at least against terrestrial jamming. It would be probably impossible to be immune to strong airborne (balloons and drones) jammers. > these days of general technological incompetence, where intangible > scientific principles have reverted to their ancient status as mystic, > is the concept of RF interference newsworthy. -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From GalenveilBynum at hotmail.com Thu Sep 22 05:39:23 2005 From: GalenveilBynum at hotmail.com (Yong Swan) Date: Thu, 22 Sep 2005 18:39:23 +0600 Subject: Do you want viagra? Message-ID: <032z7fzlsc.fsf@calle73.net> A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1856 bytes Desc: not available URL: From dave at farber.net Fri Sep 23 03:09:34 2005 From: dave at farber.net (David Farber) Date: Fri, 23 Sep 2005 06:09:34 -0400 Subject: [IP] Secrecy Power Sinks Patent Case Message-ID: Begin forwarded message: From dqenvolnemacof at msn.com Fri Sep 23 04:04:08 2005 From: dqenvolnemacof at msn.com (Lucile Wilkins) Date: Fri, 23 Sep 2005 08:04:08 -0300 Subject: 36 Hours Erection 4btZDS Message-ID: <5296277.103133dqenvolnemacof@msn.com> ED Med proud to offer the world best quality of erection pills, at huge savings over the brand equivalents. Ci ialis (only $3 per pill) Ci ialis Softabs (only $3.33 per pill) Vaigra (only $1.56 per pill) Vaigra Softabs (only $1.89 per pill) Le vitra (only $2.78) Join our current 5 millions happy users today. http://0t80bo7oi6ao6oa0i0b50itn0i0.bultowmifd.com/?25 Do From eugen at leitl.org Fri Sep 23 03:13:17 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 23 Sep 2005 12:13:17 +0200 Subject: [dave@farber.net: [IP] Secrecy Power Sinks Patent Case] Message-ID: <20050923101317.GZ2249@leitl.org> ----- Forwarded message from David Farber ----- From s.schear at comcast.net Sun Sep 25 23:55:48 2005 From: s.schear at comcast.net (Steve Schear) Date: Sun, 25 Sep 2005 23:55:48 -0700 Subject: Wired on "Secrecy Power Sinks Patent Case" In-Reply-To: References: Message-ID: <6.0.1.1.0.20050925235309.052a6480@mail.comcast.net> At 09:14 AM 9/20/2005, Tyler Durden wrote: >Very interesting CPunks reading, for a variety of reasons. > >http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 > >Of course, the fact that Lucent has been in shit shape financially must >have nothing to do with what is effectively a state-sponsored protection >of intellectual theft and profiting by Lucent (merely keeping the tech >under wraps would have been possible in a closed-doors session. Remember >that connectors can easily cost $50 per or more, so these guys were really >ripped off and Lucent probably made out quite well.) [Cross posted from another list....] Ian G wrote: What I don't understand about that case is that the precedent already exists. If a defendent declines to defend by supplying documents then the judge does not force them to do so in a civil case, instead the award goes against them. What is not clear is why the judge awarded in the favour of the government. By not supplying files, they clearly indicated they were using the patent. And even that wasn't ever in doubt. He should have just awarded summarily for the patent owners and that would have been that. And, it was only for a measly half million. By saving a half million in patent fees, Lucent and the USG have reduced their reputation for fair dealing, had the whole case blow up in their faces and now we're all poking around looking for how the patent was used by the _Jimmy Carter_.... From declan at well.com Mon Sep 26 02:29:16 2005 From: declan at well.com (Declan McCullagh) Date: Mon, 26 Sep 2005 02:29:16 -0700 Subject: [Politech] Are geeks being targeted as "terrorists?" [fs] Message-ID: -------- Original Message -------- Subject: Geeks being targeted as "terrorists" Date: Fri, 23 Sep 2005 16:18:04 -0400 From: Richard M. Smith To: 'Declan McCullagh' Hi Declan, It appears that there is a growing group of "geeks" who are being singled out as "terrorists". Although suspected or charged with terror-related crimes, these folks in many cases were simply in the wrong place at the wrong time, have quirky hobbies, or showed poor judgement. Attached is a list of articles about these individuals and their alledged crimes. Richard M. Smith http://www.ComputerBytesMan.com ============================================= Suspicious behaviour on the tube http://www.guardian.co.uk/comment/story/0,,1575411,00.html Cape pilot wages battle over FBI's 'No Fly' action http://www.capecodonline.com/cctimes/capepilot23.htm In N.Y., Case Of Germs Shifts From Bioterror To Moral Error http://www.washingtonpost.com/wp-dyn/articles/A16281-2004Jun29.html Man Charged Under Patriot Act for Laser http://abcnews.go.com/US/wireStory?id=385589 Agents search homes of bioterror expert [Kenneth M. Berry] Actions in N.Y., N.J. part of anthrax investigation http://tinyurl.com/c6fnu Patent 6,710,711 - Method for identifying chemical, biological and nuclear attacks or hazards, Kenneth M. Berry http://tinyurl.com/3p6jj Scientist in plague vial case set to appear court http://www.cnn.com/2003/US/Southwest/01/15/missing.plague/ The Hunting of Steven J. Hatfill Why are so many people eager to believe that this man is the anthrax killer? by David Tell http://tinyurl.com/8ac2m Man wrongly linked to Madrid bombings sues Names Ashcroft, Justice Department, FBI; challenges Patriot Act http://www.cnn.com/2004/LAW/10/04/mayfield.lawsuit/ _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From declan at well.com Mon Sep 26 02:36:51 2005 From: declan at well.com (Declan McCullagh) Date: Mon, 26 Sep 2005 02:36:51 -0700 Subject: [Politech] White House supports forcible DNA extraction from Americans by cops [priv] Message-ID: We discussed this here weeks ago: http://www.politechbot.com/2005/09/13/more-on-dna/ http://www.politechbot.com/2005/09/10/federal-dna-database/ --- http://www.washingtonpost.com/wp-dyn/content/article/2005/09/23/AR20050923016 65.html Bill Would Permit DNA Collection From All Those Arrested By Jonathan Krim Washington Post Staff Writer Saturday, September 24, 2005; Page A03 Suspects arrested or detained by federal authorities could be forced to provide samples of their DNA that would be recorded in a central database under a provision of a Senate bill to expand government collection of personal data. The controversial measure was approved by the Senate Judiciary Committee last week and is supported by the White House, but has not gone to the floor for a vote. It goes beyond current law, which allows federal authorities to collect and record samples of DNA only from those convicted of crimes. The data are stored in an FBI-maintained national registry that law enforcement officials use to aid investigations, by comparing DNA from criminals with evidence found at crime scenes. [...remainder snipped...] _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dewayne at warpspeed.com Mon Sep 26 11:40:25 2005 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: September 26, 2005 11:40:25 AM EDT Subject: [Dewayne-Net] China Tightens Its Restrictions for News Media Message-ID: on the Internet Reply-To: dewayne at warpspeed.com [Note: This item comes from reader John McMullen. DLH] >From: "John F. McMullen" >Date: September 25, 2005 10:58:53 PM PDT >To: "johnmac's living room" >Cc: Dewayne Hendricks , Dave Farber > >Subject: China Tightens Its Restrictions for News Media on the >Internet > > >From the New York Times -- international/asia/26china.html? >ex=1285387200&en=38ac65b7be2e2b9b&ei=5090&partner=rssuserland&emc=rss> > >China Tightens Its Restrictions for News Media on the Internet >By JOSEPH KAHN > >BEIJING, Sept. 25 - China on Sunday imposed more restrictions >intended to limit the news and other information available to >Internet users, and it sharply restricted the scope of content >permitted on Web sites. > >The rules are part of a broader effort to roll back what the >Communist Party views as a threatening trend toward liberalization >in the news media. Taken together, the measures amount to a stepped- >up effort to police the Internet, which has become a dominant >source of news and information for millions of urban Chinese. > >Major search engines and portals like Sina.com and Sohu.com, used >by millions of Chinese each day, must stop posting their own >commentary articles and instead make available only opinion pieces >generated by government-controlled newspapers and news agencies, >the regulations stipulate. > >The rules also state that private individuals or groups must >register as "news organizations" before they can operate e-mail >distribution lists that spread news or commentary. Few individuals >or private organizations are likely to be allowed to register as >news organizations, meaning they can no longer legally distribute >information by e-mail. > >Existing online news sites, like those run by newspapers or >magazines, must "give priority" to news and commentary pieces >distributed by the leading national and provincial news organs. > >This restriction on the ability of Web sites to republish articles >produced by the huge array of news organizations that do not fall >under direct government control seems intended to ensure that the >Propaganda Department has time to filter content generated by local >publications before it can be widely disseminated on the Internet. > >The new rules are the first major update to policies on Internet >news and opinion since 2000. > >"The foremost responsibility of news sites on the Internet is to >serve the people, serve socialism, guide public opinion in the >right direction, and uphold the interests of the country and the >public good," the regulations state. > >Although Chinese authorities have already effectively unlimited >powers to control the gathering and publication of news, the >Propaganda Department has sometimes struggled to censor information >about delicate developments before it circulates on the Internet. > >About 100 million Chinese now have access to the Internet. Though >the government closely monitors domestic content and blocks what >officials consider to be subversive Web sites from overseas, savvy >users can obtain domestic and overseas information that never >appears in China's traditional news media. > >By the time officials have decided that a topic might prove harmful >to the governing party's agenda, an item about it has often already >been posted or discussed on hundreds of sites and viewed by many >people, defeating some traditional censorship tools. > >Experts who follow the Internet say one of the most significant >changes is the ban on self-generated opinion and commentary >articles that accompany the standard state-issued news bulletins on >major portal sites. > Weblog at: ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Mon Sep 26 03:16:32 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 26 Sep 2005 12:16:32 +0200 Subject: [declan@well.com: [Politech] Are geeks being targeted as "terrorists?" [fs]] Message-ID: <20050926101632.GF2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From eugen at leitl.org Mon Sep 26 03:32:14 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 26 Sep 2005 12:32:14 +0200 Subject: [declan@well.com: [Politech] White House supports forcible DNA extraction from Americans by cops [priv]] Message-ID: <20050926103214.GG2249@leitl.org> ----- Forwarded message from Declan McCullagh ----- From dave at farber.net Mon Sep 26 10:49:32 2005 From: dave at farber.net (David Farber) Date: Mon, 26 Sep 2005 13:49:32 -0400 Subject: [IP] China Tightens Its Restrictions for News Media on the Internet Message-ID: Begin forwarded message: From eugen at leitl.org Mon Sep 26 11:37:28 2005 From: eugen at leitl.org (Eugen Leitl) Date: Mon, 26 Sep 2005 20:37:28 +0200 Subject: [dave@farber.net: [IP] China Tightens Its Restrictions for News Media on the Internet] Message-ID: <20050926183728.GS2249@leitl.org> ----- Forwarded message from David Farber ----- From camera_lumina at hotmail.com Mon Sep 26 18:36:05 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Mon, 26 Sep 2005 21:36:05 -0400 Subject: Wired on "Secrecy Power Sinks Patent Case" In-Reply-To: <6.0.1.1.0.20050925235309.052a6480@mail.comcast.net> Message-ID: Nah...it wasn't half a million. It was a hell of a lot more, I suspect. Even a standard SC or APC connector cost $50 in those days, and from what I suspect this would be MUCH much more than that, and probably formed just one piece of a larger contract. The odd thing about this case was that the judge ruled in favor of Lucent...the government wasn't even directly involved. Lucent made a ton of profit which this poor bastard didn't get dime one from. That's a lot different then allowing the government to use your IP. -TD >From: Steve Schear >To: cypherpunks at jfet.org >Subject: Re: Wired on "Secrecy Power Sinks Patent Case" >Date: Sun, 25 Sep 2005 23:55:48 -0700 > >At 09:14 AM 9/20/2005, Tyler Durden wrote: >>Very interesting CPunks reading, for a variety of reasons. >> >>http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 >> >>Of course, the fact that Lucent has been in shit shape financially must >>have nothing to do with what is effectively a state-sponsored protection >>of intellectual theft and profiting by Lucent (merely keeping the tech >>under wraps would have been possible in a closed-doors session. Remember >>that connectors can easily cost $50 per or more, so these guys were really >>ripped off and Lucent probably made out quite well.) > >[Cross posted from another list....] > >Ian G wrote: >What I don't understand about that case is that the >precedent already exists. If a defendent declines >to defend by supplying documents then the judge does >not force them to do so in a civil case, instead the >award goes against them. > >What is not clear is why the judge awarded in the >favour of the government. By not supplying files, >they clearly indicated they were using the patent. >And even that wasn't ever in doubt. He should have >just awarded summarily for the patent owners and >that would have been that. > >And, it was only for a measly half million. By >saving a half million in patent fees, Lucent and >the USG have reduced their reputation for fair >dealing, had the whole case blow up in their faces >and now we're all poking around looking for how >the patent was used by the _Jimmy Carter_.... From arrakistor at gmail.com Tue Sep 27 05:48:22 2005 From: arrakistor at gmail.com (Arrakis Tor) Date: Tue, 27 Sep 2005 07:48:22 -0500 Subject: Wikipedia & Tor Message-ID: This is a conversation with Jimmy Wales regarding how we can get Wikipedia to let Tor get through. ---------------------------------------------------------------------------- > Anyone with a port 80 can vandalize your website. Yes, but we notice that we can control a significant amount of vandalism by blocking ip numbers which have proven to be particularly problematic. TOR servers are among the absolute worst. And TOR operators don't seem to care. We go to the trouble > to block all the file sharing clients, and often abused ports and > protocols like IRC. Many of us typically block ports which do not have > any legitimate reason for being used. If all it take is a port 80 to > vandalize the wikipedia, of which port 80 is a public service, then > there is no point in discriminating against Tor users since every IP > is an equal opportunity offender. Equal *opportunity*, but we have very strong empirical evidence here. TOR ip numbers are the worst offenders that we have seen. People use TOR specifically to hide their identity, specifically to vandalize wikipedia. > You say that tor is quite irresponsibly managed. How would you propose > we manage tor servers differently? Ban users who vandalize wikipedia. That'd be a start. Rate limit edits at Wikipedia, that'd be good. Write an extension to your software which would help us to distinguish between "trusted" and "newbie" Tor clients. I completely fail to comprehend why Tor server operators consistently refuse to take responsibility for their crazed users. ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jamesd at echeque.com Tue Sep 27 08:43:44 2005 From: jamesd at echeque.com (James A. Donald) Date: Tue, 27 Sep 2005 08:43:44 -0700 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: References: <1127829729.433950e11eed7@mesmer.rant-central.com> Message-ID: <43390640.4653.40D9186@localhost> -- From: "Tyler Durden" > A very subtle attack, perhaps? If I were so-and-so, I > consider it a real coup to stop the kinds of > legitimate Wikipedia entries that might be made from > Tor users. And if this is the case, you can bet that > there are other "obvious" targets that have been > hammered through Tor. In the long run, reliable pseudonymity will prove more valuable than reliable anonymity. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG wE/La87xersBx39sShMCS6TkdqJr6DSYslVdXZkf 4GY6BRCS/b8OBic0E/U36X+dc1UIs2oNAkWyXXCQB From roy at rant-central.com Tue Sep 27 07:02:09 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 27 Sep 2005 10:02:09 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: <20050927125255.GQ2249@leitl.org> References: <20050927125255.GQ2249@leitl.org> Message-ID: <1127829729.433950e11eed7@mesmer.rant-central.com> Quoting Eugen Leitl : > ----- Forwarded message from Arrakis Tor ----- > This is a conversation with Jimmy Wales regarding how we can get > Wikipedia to let Tor get through. > I completely fail to comprehend why Tor server operators consistently > refuse to take responsibility for their crazed users. On one hand, this shows a deep misunderstanding of Tor and its purposes. On the other, I remain disappointed in the number of vandals that take advantage of Tor and other anonymizing services. On the gripping hand, perhaps the Wiki philosophy is flawed. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From camera_lumina at hotmail.com Tue Sep 27 07:51:33 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 27 Sep 2005 10:51:33 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: <1127829729.433950e11eed7@mesmer.rant-central.com> Message-ID: What's the problem here? The Wikipedia guy sees lots of garbage coming out of IP address set {X} so he blocks said address set. Somewhat regrettable but no suprise, is it? On the other hand, doesn't it seem a little -odd- that the Tor network is already being "used" in this way? Granted, even I the great Tyler Durden was able to get a Tor client up-and-running, but I find it suspicious that this early wave of Tor users also happen to have a high % of vandals...something stinks. A very subtle attack, perhaps? If I were so-and-so, I consider it a real coup to stop the kinds of legitimate Wikipedia entries that might be made from Tor users. And if this is the case, you can bet that there are other "obvious" targets that have been hammered through Tor. In other words, someone said, "Two can play at this game." -TD >From: "Roy M. Silvernail" >To: cypherpunks at jfet.org >Subject: Re: [arrakistor at gmail.com: Wikipedia & Tor] >Date: Tue, 27 Sep 2005 10:02:09 -0400 > >Quoting Eugen Leitl : > > > ----- Forwarded message from Arrakis Tor ----- > > > This is a conversation with Jimmy Wales regarding how we can get > > Wikipedia to let Tor get through. > > > I completely fail to comprehend why Tor server operators consistently > > refuse to take responsibility for their crazed users. > >On one hand, this shows a deep misunderstanding of Tor and its purposes. On >the >other, I remain disappointed in the number of vandals that take advantage >of >Tor and other anonymizing services. On the gripping hand, perhaps the Wiki >philosophy is flawed. >-- >Roy M. Silvernail is roy at rant-central.com, and you're not >"It's just this little chromium switch, here." - TFT >SpamAssassin->procmail->/dev/null->bliss >http://www.rant-central.com From nlothian at educationau.edu.au Mon Sep 26 18:35:31 2005 From: nlothian at educationau.edu.au (Nick Lothian) Date: Tue, 27 Sep 2005 11:05:31 +0930 Subject: [p2p-hackers] Re: [rest-discuss] Re: RESTful authorization Message-ID: > > p2p-hackers, meet rest-discuss. rest-discuss, I'd like to > introduce you to p2p-hackers. > > RESTafarians: there is a long-running conversation on > p2p-hackers about friendnets, also known as darknets, small > world networks, and F2F networks; also capabilities security, > sometimes known as smart contracts. An example thread begins > at http://zgp.org/pipermail/p2p-hackers/2005-August/002915.html > > p2p-hackers: Tyler Close' method for HTTP access control > using nothing but unguessable (and secret) URIs came up on > REST-discuss. That thread begins at > http://groups.yahoo.com/group/rest-discuss/message/5228 In > the context of friendnets, Tyler's scheme is a beautifully > simple way of controlling access using nothing but low-tech > means. Not only does it limit access to trusted parties, it > also allows for transitive relationships. (Warning: his > scheme is counterintuitive, since the dependence on secret > URLs smells like security through obscurity). > Interesting idea. It may not be security via obscurity, but it does appear to ignore a number of practical considerations. For instance, what about the secret URL being passed on in referrer headers to other pages? I think some browsers block it when you go from a secure page to a non-secure page on another site (although I'm unsure about that). The argument that users shouldn't put links to on a secured page is more surprising than the things it is trying to avoid (to me anyway). OTOH, all browsers block HTTP authenticaion credentials from being passed in the referrer header. Nick _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eol1 at yahoo.com Tue Sep 27 11:48:31 2005 From: eol1 at yahoo.com (Peter Thoenen) Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT) Subject: /. [How Chinese Evade Government's Web Controls] In-Reply-To: <20050927163337.GE2249@leitl.org> Message-ID: <20050927184832.34693.qmail@web51906.mail.yahoo.com> Chinese Web Controls and Tor ... a subject I happen to have close personal experience with. Just took a three week vacation to Dali, China and after hitting the Great Firewall of China (tm), hopped over to the eff site, downloaded tor and privoxy, and 10 minutes later was up and running bypassing the supposed Great Firewall. While I was at it, grabbed i2p and punched right through also utilizing the i2p www proxy. As much as folk want to rail against Tor for allowing malicious users to mask their identity, it really does serve a higher purpose. As for the WSJ article, EFF or I2P really needs advertise better. Why pay local Chinese Internet Cafe owners when you can punch right through for free. From eugen at leitl.org Tue Sep 27 03:05:59 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 27 Sep 2005 12:05:59 +0200 Subject: [nlothian@educationau.edu.au: RE: [p2p-hackers] Re: [rest-discuss] Re: RESTful authorization] Message-ID: <20050927100559.GY2249@leitl.org> ----- Forwarded message from Nick Lothian ----- From rah at shipwright.com Tue Sep 27 09:41:15 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 27 Sep 2005 12:41:15 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: <43390640.4653.40D9186@localhost> References: <1127829729.433950e11eed7@mesmer.rant-central.com> <43390640.4653.40D9186@localhost> Message-ID: At 8:43 AM -0700 9/27/05, James A. Donald wrote: >In the long run, reliable pseudonymity will prove more >valuable than reliable anonymity. Amen. And, at the extreme end of the curve, perfect psedudonymity *is* perfect anonymity. "Character. I wouldn't buy anything from a man with no character if he offered me all the bonds in Christendom." -- J. Pierpont Morgan, Testimony to Congress, 1913. Reputation is *everything* folks. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From roy at rant-central.com Tue Sep 27 10:07:36 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 27 Sep 2005 13:07:36 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] In-Reply-To: References: <1127829729.433950e11eed7@mesmer.rant-central.com> <43390640.4653.40D9186@localhost> Message-ID: <1127840856.43397c5882693@mesmer.rant-central.com> Quoting "R.A. Hettinga" : > At 8:43 AM -0700 9/27/05, James A. Donald wrote: > >In the long run, reliable pseudonymity will prove more > >valuable than reliable anonymity. > > Amen. And, at the extreme end of the curve, perfect psedudonymity *is* > perfect anonymity. > > "Character. I wouldn't buy anything from a man with no character if he > offered me all the bonds in Christendom." > -- J. Pierpont Morgan, Testimony to Congress, 1913. > > Reputation is *everything* folks. Damn good point. Now that I think of it, all the classic examples of "anonymous" publication were really pseudonymous. (Publius, et al) -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From rah at shipwright.com Tue Sep 27 10:40:05 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 27 Sep 2005 13:40:05 -0400 Subject: [arrakistor@gmail.com: Wikipedia & Tor] Message-ID: Speaking of "pseudonymity"... At 12:53 PM -0400 9/27/05, Somebody wrote: > >Argh! Not this again! Yes, again, and I'll keep repeating it until you get it. :-). >No, "anonymity" is "don't know who sent it". For some definitions of "who". To paraphrase a famous sink-washing president, it depends on "who" you mean by "who". :-) >Examples are anonymizing >remailers which give all incoming users the same outgoing name, or the >Anonymous Coward comments in /. (Disregard for now details such as the >/. admins being able to link an AC comment to an IP address.) Fine. Ignore the output thereof as noise, it's probably safe to do so. Though concordance programs are your friends. Behavior is biometric, after all. The words you use give you away, and can be filtered accordingly. Ask someone named Detweiller about that. Or, for that matter, Kaczynski. Or your trading patterns in market. Just like your "fist", in telegraphy. >"Perfect pseudonymity" is "can't tie it to meatspace". See "who", above. Since we haven't quite gotten AI down just yet, that's good enough for me, though I expect, like Genghis, and not True Names, we'll figure out that "intelligence" is an emergent property of *active* physical manifestation, and not a giant pile of data. > Different >communications from the same sender can be tied to each other. >Examples include most of the free email services, and digitally >signing a message sent through an anonymizer. Yup. That's what I mean by reputation, if I take your meaning right. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From eugen at leitl.org Tue Sep 27 05:52:55 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 27 Sep 2005 14:52:55 +0200 Subject: [arrakistor@gmail.com: Wikipedia & Tor] Message-ID: <20050927125255.GQ2249@leitl.org> ----- Forwarded message from Arrakis Tor ----- From CDEVWLXJNT at yahoo.com Tue Sep 27 04:07:39 2005 From: CDEVWLXJNT at yahoo.com (Jeremiah Mathews) Date: Tue, 27 Sep 2005 15:07:39 +0400 Subject: Rolex at 80% Off FiDhG Message-ID: <5267277.103133CDEVWLXJNT@yahoo.com> Highest qualities Replika Watches now HERE! We guarantees: - 99.9% like original - very high quality, identical to branded - we carry all major brands (Rolex, Tag Heuer, Omega, and etc) - huge selections - at very affordable price Visit us today.. http://043.enews21todaylivemail.com o-ut of mai-lling lisst: http://043.enews21todaylivemail.com/rm/ qH54 From arma at mit.edu Tue Sep 27 12:54:38 2005 From: arma at mit.edu (Roger Dingledine) Date: Tue, 27 Sep 2005 15:54:38 -0400 Subject: Wikipedia & Tor Message-ID: On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: > On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: > > everyone is so worried about it, but has any one ever been successfully been > > able to use tor to effectively spam anyone? > > No. Cf. > http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. > A potential for cooperation is the proposal below for authenticated > access to Wikipedia through Tor. I will not speak to any particular > design here, but if Wikipedia has a notion of clients trusted to post > to Wikipedia, it should be possible to work with them to have an > authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both "halves" of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to see better answers. --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From roy at rant-central.com Tue Sep 27 13:48:57 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Tue, 27 Sep 2005 16:48:57 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <20050927195750.GA2249@leitl.org> References: <20050927195750.GA2249@leitl.org> Message-ID: <1127854137.4339b039ac5dc@mesmer.rant-central.com> [yes, I know I'm preaching to the choir] > ----- Forwarded message from Roger Dingledine ----- > > A potential for cooperation is the proposal below for authenticated > > access to Wikipedia through Tor. I will not speak to any particular > > design here, but if Wikipedia has a notion of clients trusted to post > > to Wikipedia, it should be possible to work with them to have an > > authentication server that controls access to Wikipedia through Tor. > > As I understand it, Jimmy is hoping that we will develop and maintain > this notion. We would run both "halves" of the Tor network, and when they > complain about a user, we would cut that user out of the authenticated > side. A non-good idea, as it goes against what Tor is all about. The problem to be overcome here really has nothing to do with Tor, as such. > Wikipedia already needs this sort of thing because of AOL IPs -- they > have similar characteristics to Tor, in that a single IP produces lots > of behavior, some good some bad. So Wikipedia understands that the transport layer isn't to blame, yet they persist in asking for changes in the Tor transport to address the problem of malicious users? *groan* > (One might argue that it's hard for Wikipedia to change their perception > and learn about any good Tor uses, firstly because good users will > blend in and nobody will notice, and secondly because they've prevented > them all from editing so there are no data points either way.) That's not the perception they need to change. They need to realize that if an avenue for action without responsibility exists, someone will use it. Wikis get defaced all the time *without* AOL or Tor, because the philosophy allows anyone to edit. It is that philosophy that is in error, not the transport layers used by the vandals. Wiki, as someone mentioned to me in a private mail, is the SMTP of web publishing; it doesn't scale well in the presence of large concentrations of assholes. > In summary, I'm not too unhappy with the status quo for now. Tor needs > way more basic development / usability work still. In the absence of > actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve > the problem, I'm going to focus on continuing to make Tor better, so > down the road maybe we'll be able to see better answers. Roger gets it. The Wikipedians don't. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From cyphrpunk at gmail.com Tue Sep 27 17:25:07 2005 From: cyphrpunk at gmail.com (cypherpunk) Date: Tue, 27 Sep 2005 17:25:07 -0700 Subject: Hello directly from Jimbo at Wikipedia Message-ID: As an occasional Tor and Wikipedia user, let me add a couple of points. First, in case it is not obvious, the problem with the present system is that Tor users can no longer edit on Wikipedia. I have done so in the past, in what I like to think is a constructive manner, but cannot do so since this summer. I have valid although perhaps unpopular contributions to make, and not only is my freedom to express myself limited, the quality of the material on Wikipedia suffers due to the absence of my perspective. The status quo is not acceptable and we should work to find a solution. Looking at the proposals for authentication servers and such, I see a major issue which is not being addressed. That is, how does the web server distinguish "authenticated" Tor users from unathenticated ones? If this is via a complicated protocol, there is no point as the servers won't use it. The hard truth is this: the distinction must be done on the basis of IP address. That is, there must be a separate set of Tor exit nodes which are only for authenticated users. This does not necessarily mean building complex authentication protocols into the Tor network, and having two classes of traffic flowing around. It could be that this authenticated Tor is a separate network. It only lets users in who are authenticated, and owns a specific set of IP addresses which servers can whitelist. The regular Tor exit nodes can be blacklisted as they are now. The technical problem is then, how to achieve as much anonymity as possible in the authenticated network, while still providing the abuse prevention services which Wikipedia and other servers will require in order to whitelist the nodes. What does Wikipedia need? What is the minimum level of service they require? Presumably, it is similar to what they can get via ISPs, who also map many users to a fixed set of IP addresses. Wikipedia can complain to the ISP, and it will get back in some form to that user. Of course, Wikipedia does not know the details of how their complaint is handled. Is the user kicked off, banned temporarily, or merely given a stern warning? What matters to them is that, generally, users that they complain about don't keep coming back. Their complaints are effective, at least much or most of the time. This is the level of response which an authenticated Tor network would have to provide. The problem with this functionality from Tor's perspective is that unlike an ISP, Tor does not have knowledge of the mapping from users to IP addresses. Given a complaint that a certain IP was misused at a certain time, Tor has no information about which user to penalize. To solve the problem we would need to use some cryptographic mechanism. Let authenticated users gain credentials via some expensive, slow process. Let them embed the credentials in their messages such that they are revealed in some blinded form to the exit node. Let the exit nodes remember the credentials which were used at different times. When valid complaints arrive, let the exit nodes blacklist the credential which was in use at that time. This stops the abuser. There could be many such authenticated-Tor subnetworks. Each could have its own credential servers, its own abuse policies, and its own set of exit IP addresses. They would be like anonymous ISPs, from the POV of web server operators like Wikipedia. Those which are effectively able to suppress abuse will avoid blacklists and their users will be able to successfully use web based services. CP ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Tue Sep 27 14:28:59 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 27 Sep 2005 17:28:59 -0400 Subject: /. [How Chinese Evade Government's Web Controls] In-Reply-To: <20050927184832.34693.qmail@web51906.mail.yahoo.com> Message-ID: What the heck are you doing there for three weeks? Buying some golden triangle goods? I hear it's beautiful, however, but it's not like you took a direct international flight there... -TD >From: Peter Thoenen >To: Eugen Leitl , cypherpunks at jfet.org >Subject: Re: /. [How Chinese Evade Government's Web Controls] >Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT) > >Chinese Web Controls and Tor ... a subject I happen to have close personal >experience with. Just took a three week vacation to Dali, China and after >hitting the Great Firewall of China (tm), hopped over to the eff site, >downloaded tor and privoxy, and 10 minutes later was up and running >bypassing >the supposed Great Firewall. While I was at it, grabbed i2p and punched >right >through also utilizing the i2p www proxy. > >As much as folk want to rail against Tor for allowing malicious users to >mask >their identity, it really does serve a higher purpose. > >As for the WSJ article, EFF or I2P really needs advertise better. Why pay >local Chinese Internet Cafe owners when you can punch right through for >free. From camera_lumina at hotmail.com Tue Sep 27 14:41:02 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Tue, 27 Sep 2005 17:41:02 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <20050927195750.GA2249@leitl.org> Message-ID: Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course "reduce" a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [arma at mit.edu: Re: Wikipedia & Tor] >Date: Tue, 27 Sep 2005 21:57:50 +0200 > >----- Forwarded message from Roger Dingledine ----- > >From: Roger Dingledine >Date: Tue, 27 Sep 2005 15:54:38 -0400 >To: or-talk at freehaven.net >Subject: Re: Wikipedia & Tor >User-Agent: Mutt/1.5.9i >Reply-To: or-talk at freehaven.net > >On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: > > On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: > > > everyone is so worried about it, but has any one ever been >successfully >been > > > able to use tor to effectively spam anyone? > > > > No. Cf. > > http://tor.eff.org/faq-abuse.html#WhatAboutSpammers > >To be fair, this answer is yes. People have used Tor to deface Wikipedia >pages, along with Slashdot pages, certain IRC networks, and so on. I >think that counts as spam at least in a broad sense. > > > A potential for cooperation is the proposal below for authenticated > > access to Wikipedia through Tor. I will not speak to any particular > > design here, but if Wikipedia has a notion of clients trusted to post > > to Wikipedia, it should be possible to work with them to have an > > authentication server that controls access to Wikipedia through Tor. > >As I understand it, Jimmy is hoping that we will develop and maintain >this notion. We would run both "halves" of the Tor network, and when they >complain about a user, we would cut that user out of the authenticated >side. > >Jimmy and I talked about Tor-and-Wikipedia many months ago, and the >conclusion was that they (mediawiki) would be willing to try a variety of >technological solutions to see if they work (i.e. cut down on vandalism >and aren't too much of a burden to run). My favorite is to simply have >certain address classes where the block expires after 15 minutes or >so. Brandon Wiley proposed a similar idea but where the block timeout is >exponentially longer for repeated abuse, so services that are frequently >blocked will stay blocked longer. This is great. But somebody needs to >actually code it. > >Wikipedia already needs this sort of thing because of AOL IPs -- they >have similar characteristics to Tor, in that a single IP produces lots >of behavior, some good some bad. The two differences as I understand >them are that AOL will cancel user accounts if you complain loudly enough >(but there's constant tension here because in plenty of cases AOL decides >not to cancel the account, so Wikipedia has to deal some other way like >temporarily blocking the IP), and that it's not clear enough to the >Wikipedia operators that there *are* good Tor users. > >(One might argue that it's hard for Wikipedia to change their perception >and learn about any good Tor uses, firstly because good users will >blend in and nobody will notice, and secondly because they've prevented >them all from editing so there are no data points either way.) > >So I've been content to wait and watch things progress. Perhaps we will >find a volunteer who wants to help hack the mediawiki codebase to be more >authentication-friendly (or have more powerful blocking config options). >Perhaps we'll find a volunteer to help build the blind-signature >pseudonymous authenticated identity management infrastructure that Nick >refers to. Perhaps the Wikimedia operators will increasingly get a sense >that Tor has something to offer besides vandalism. (I presume this thread >re-surfaced because Tor users and operators are periodically telling >Wikipedia that they don't like being blocked.) Maybe we will come to >the point eventually that it makes sense to do something different than >blocking the Tor IP addresses from editing Wikipedia. (Which, we should >all remember compared the Gentoo forum situation, is a great step above >blocking them from both reading and writing.) > >It could be that we never reach that point. Certain services on the >Internet (like some IRC networks) that are really prone to abuse are >probably doing the right thing by blocking all Tor users (and all AOL >users, and all open proxies, and ...). And we want to keep Tor easy >to block, or we're really going to start getting the other communities >angry at us. > >In summary, I'm not too unhappy with the status quo for now. Tor needs >way more basic development / usability work still. In the absence of >actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve >the problem, I'm going to focus on continuing to make Tor better, so >down the road maybe we'll be able to see better answers. > >--Roger > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Tue Sep 27 09:33:37 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 27 Sep 2005 18:33:37 +0200 Subject: /. [How Chinese Evade Government's Web Controls] Message-ID: <20050927163337.GE2249@leitl.org> Link: http://slashdot.org/article.pl?sid=05/09/27/1235203 Posted by: CmdrTaco, on 2005-09-27 13:37:00 [1]Carl Bialik from the WSJ writes "China is moving to 'centralize all China-based Web news and opinion under a state regulator,' the Wall Street Journal reports, but determined citizens have found a way out of previous restrictions in what has become a cat-and-mouse game: '[2]Many Chinese Internet users, dismissing what they call government scare tactics, find ways around censorship. The government requires users of cybercafs to register with their state-issued ID cards on each visit, but some users avoid cybercaf registration by paying off owners. In response, the government has installed video cameras in some cafs and shut others. ... While certain words such as "democracy" are banned in online chat rooms, China's Web users sometimes transmit sensitive information as images, or simply speak in code, inserting special characters such as underscoring into typing.' Also noteworthy is that major portals seem to be cooperating with authorities' restrictions: 'Insiders who work for the big portal sites say they are already in regular contact with authorities about forbidden topics, such as the outlawed Falun Gong religious group, which their teams of Web editors pull off bulletin boards.'" References 1. mailto:wsjarticles at wsj.com 2. http://online.wsj.com/public/article/0,,SB112777213097452525-zRQZ3S8IZkZDPMZN ay0R6RUfXOw_20060926,00.html?mod=blogs ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jwales at wikia.com Tue Sep 27 16:50:52 2005 From: jwales at wikia.com (Jimmy Wales) Date: Tue, 27 Sep 2005 19:50:52 -0400 Subject: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]] Message-ID: Eugen Leitl wrote: >>Wikipedia already needs this sort of thing because of AOL IPs -- they >>have similar characteristics to Tor, in that a single IP produces lots >>of behavior, some good some bad. > > > So Wikipedia understands that the transport layer isn't to blame, yet they > persist in asking for changes in the Tor transport to address the problem of > malicious users? *groan* Actually, the transport layer *is* to blame. I don't know how much more clear I can be about it. Because Tor users are almost universally bad, because almost no good edits come out of the Tor network, we block them. Why is it that Tor users are so bad? The main reason is that the anonymity provides them with cover. AOL users are sort of bad, but not universally bad. Why is that? It is in part because of the way their transport layer is designed. > That's not the perception they need to change. They need to realize that if an > avenue for action without responsibility exists, someone will use it. We *do* realize that. That's exactly what I'm talking about. Tor provides an avenue for action without responsibility, and people do use it. > Wikis get defaced all the time *without* AOL or Tor, because the philosophy allows > anyone to edit. It is that philosophy that is in error, not the transport > layers used by the vandals. If what you're saying is "I think it is fine for Wikipedia to block Tor," then you really aren't contributing productively to this conversation. There are some facts we know: we can usefully reduce the amount of anonymous grief we get by blocking Tor exit servers. So, this is what we are currently doing. I consider this unfortunate, but there you go. We are not looking for a perfect solution. Yes, Wikis will be vandalized. We're prepared to deal with that, we do deal with that. But what I am seeking is some efforts to think usefully about how to helpfully reconcile our dual goals of openness and privacy. I don't say "privacy is wrong, so Tor should change their philosophy". I make no apologies for simply ignoring you if you say that "openness is wrong, so Wikipedia should change their philosophy." > Roger gets it. The Wikipedians don't. What is it that we don't get? This thread started off because a Tor server complained to me about the blocking, and part of my response is that one beef I have is that some people in the Tor community seem very happy to simply stick their heads in the sand and pretend that "Wikipedians don't get it". That's not helpful. --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From lists at kriptik.org Tue Sep 27 17:37:01 2005 From: lists at kriptik.org (lists) Date: Tue, 27 Sep 2005 20:37:01 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: References: Message-ID: <4339E5AD.9070600@kriptik.org> Tyler Durden wrote: > Sorry...I don't understand...why would psuedonymity services be provided > within Tor? > I find the concept of having both pseudonymous and anonymous traffic through TOR quite interesting. In some cases, you really do wish to just separate yourself from your meatspace identity but you may want the reputation of a bitspace identity; in other cases, you want to completely separate yourself from any identity. There are audited anonymizers that provide a form of pseudonymity, in that, they know who you are and can regulate your behavior accordingly. These are generally in the commercial space. Building a TOR nymspace would be much more interesting and distributed. TOR itself does not necessarily have to deal with this. There could be services flowing through TOR that provide this. However, TOR nodes implementing pseudonymous traffic for their own network seems more natural and easier to do. Entry/exit nodes, some nodes, all nodes, or whatever subset makes the most sense could then authenticate pseudonymous traffic and determine capabilities based on things like reputation. But, that was not a why. Anonymity has the property of removing responsibility from the actor for their actions, which is not always a good thing. I am sure TOR exit nodes are hit with the responsibility for those actors, which can lead to the end of exit nodes. At a minimum, pseudonymity can provide a degree of responsibility through reputation. Exit nodes could support either pseudo or anon, or both, depending on beliefs, risks, etc. Also, users could select anon or pseudo as needed. I like choice. Anyway, that is a why and an interesting topic, but TOR has other things to focus on. -Andrew From rah at shipwright.com Tue Sep 27 18:11:37 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Tue, 27 Sep 2005 21:11:37 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <4339E5AD.9070600@kriptik.org> References: <4339E5AD.9070600@kriptik.org> Message-ID: At 8:37 PM -0400 9/27/05, lists wrote: > Building a TOR nymspace would be much more >interesting and distributed. Since the first time I met Dingledine, he was talking pseudonymity, bigtime. I was curious when he went to play with onion routers, but maybe I'm not so surprised anymore... Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From goodell at eecs.harvard.edu Tue Sep 27 18:32:14 2005 From: goodell at eecs.harvard.edu (Geoffrey Goodell) Date: Tue, 27 Sep 2005 21:32:14 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: In case it was not painfully obvious, I posted two very critical messages about the policy of Wikipedia with respect to Tor nodes. I sent one of these messages in April and another just a few hours ago. I apologize for my tone in these messages. I contributed nothing of constructive value, and if I accomplished anything it was only to further polarize the community around the two perspectives. I have neither the intellect nor the disposition to be as level-headed about this as I would like to be, but I will try. I would like to make clear that what I intended to say was that as a researcher in the area of Internet transport, I believe that Tor is a crucial first step to achieving location-independence for Internet peers. I believe in location-independence to the extent that I would like to see every host on the Internet have the ability to communicate without revealing its network address. Since my research specifically revolves around using Tor to achieve location-independence, I tend to become overly frustrated when the providers of vital Internet services impose restrictions that may reduce support for Tor among developers and the general public. We ARE on the same side. I don't think that anyone on this list would question that Roger, Nick, and Jimbo have all worked hard to make the world a better place, and that to a significant extent, their visions of a better world have already been achieved as a result of their efforts. In the absence of a better solution, I am glad that Wikipedia blocks Tor nodes, since otherwise the world would quickly lose an important resource (and Tor would be blamed). In particular, the continued success of the Wikipedia project depends upon articles being accurate and unvandalized, and all potential threats to this goal may rightly be considered suspect. What worries me is that as of now we have not yet ensured that users seeking location-independence would be able to edit Wikipedia articles like everyone else. I do not view the use of Tor as a form of "lurking in shadows"; I think that it represents a happier future in which the use of network-layer addresses to censor the activity of Internet peers is difficult or impossible. It is not necessary to build a user-authentication mechanism into Tor. For example, any third party can build a proxy accessible via Tor that provides authentication considered suitable by Wikipedia, and clients can use that proxy when they want to edit Wikipedia articles. A similar approach that has been widely discussed was to build an authentication mechanism into Wikipedia that would be used only for clients contacting Wikipedia via hosts that would otherwise be filtered. The problem with these two potential solutions is that we still do not have a good idea of what kinds of authentication would actually work. For example, it may be undesirable to use credit card numbers or referrals from existing users. Wikipedia seeks to achieve a certain degree of openness and availability to contributors, and it would seem that mechanisms that authenticate and verify pose a threat to this openness and availability. Might it be possible to come up with a list of technical desiderata for a potential end-to-end Wikipedia access policy? It is my feeling that if we consider the requirements carefully, we will be able to devise a solution that satisfies all of our constraints. Geoff On Tue, Sep 27, 2005 at 01:46:13PM -0400, Jimmy Wales wrote: > I'd like to say thanks for the invitation to join this dialogue. > > Let me tell you what I love. I love the Chinese dissident who wants to > work on Wikipedia articles in safety. I love that Wikipedia is an open > platform that allows people to have that voice, and that we can have a > positive impact on the world in large part because we don't bow to > censorship and we are willing to reach out and work with people like Tor > to empower individuals to speak, no matter what sort of oppressive > conditions they face. > > WE ARE ON THE SAME SIDE. > > So it always dismays me to see conversations like this, and I think that > at least some cooler heads here will understand why I get frustrated and > why I make no apologizes for characterizing at least some people in the > Tor community as being irresponsible. > > "I share frustrations that the statements attributed to Jimmy Wales in > the record below and in previous messages seem to show some fundamental > misunderstandings and willful ignorance of Tor, and more broadly of > identity, identifiers, reputation, authentication, etc. in open > network communications" > > Willful ignorance? Not at all. What I know is that we are forced to > block Tor servers regularly due to persistent vandalism. That's a sad > fact to me. It's a difficult thing for those of us who are serious > about these issues. But the really sad thing is when elements of the > Tor community are not willing to face up to this as a legitimate and > difficult problem. > > "everyone is so worried about it, but has any one ever been successfully > been able to use tor to effectively spam anyone?" > > Yes, of course! We deal with it constantly. We have an effective means > of dealing with it: we block Tor servers from editing wikipedia. But is > that what any of us want? > > "Misbehaviour is in the eye of the observer, however." > > No, actually it isn't. There is such a thing as objectively > identifiable malicious behavior. We aren't Chinese censors here. We're > the good guys. We want to work with you. > > Yes, we could implement tight security to only allow people who identify > themselves (perhaps we'll require a credit card number, someone > suggests?)... but *cough*, aren't we supposed to care about privacy here? > > --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Tue Sep 27 12:57:50 2005 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 27 Sep 2005 21:57:50 +0200 Subject: [arma@mit.edu: Re: Wikipedia & Tor] Message-ID: <20050927195750.GA2249@leitl.org> ----- Forwarded message from Roger Dingledine ----- From nickm at freehaven.net Wed Sep 28 02:03:30 2005 From: nickm at freehaven.net (Nick Mathewson) Date: Wed, 28 Sep 2005 05:03:30 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: On Wed, Sep 28, 2005 at 02:45:35AM -0400, Jeffrey F. Bloss wrote: [...] > Has anyone considered applying a HashCash type solution to this? Hashcash is often considered, but commonly dismissed, because it limits identities based on the wrong resource: computers. If you haven't read the paper "'Proof-of-work' Proves Not To Work" by Ben Laurie and Richard Clayton, I recommend it highly. See http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf . It mostly discusses why hashcash can't prevent spam, but the arguments would seem to apply to wikipedia editing as well. [...] > > On the other hand, if there were an authentication service that gave > > you pseudonyms for Tor users who wanted pseudonyms, you could tell > > which pseudonyms contributed well, and which were jerks, and which > > were nonentities. > > The problem I see with this is that as the name implies, it's > pseudo-anonymous. Sorry, but you've stumbled a personal crusade of mine. The word is pseudonymous, not pseudo-anonymous. And the difference is importatant. "Pseudonymous" means "using false names," like calling yourself Batman instead of Bruce Wayne. "Anonymous" means "without a name," like writing "The Joker will pay for his crimes" and not signing it. "Pseudo-anonymous" isn't a real word, but if it were, it would mean "falsely anonymous", like the bank robber who disguised himself by wearing a motorcycle helmet with his name written on the back.{1} > Tor is an anonymous network by design. And there is a > difference. As one of the designers, I'd like to weigh in. Tor provides anonymity, but we've never opposed people who wanted to use an anonymous system to bootstrap per-service or cross-service pseudonymity. We will never, of course, alter Tor to make people have pseudonyms. But letting using pseudonyms is not against our overarching goals. The overarching goals are privacy and usability.{2} > It's real time nature also compounds any additional partitioning > problems a hard-keyed pseudonym setup brings with it. I don't see any iterable (that is, awful) partitioning attacks here. Assume a network where some users have pseudonyms and some don't. Assume that pseudonyms are first obtained through a blinded{3} process, so that an attacker can't tell which user has which pseudonym. Assume that the attacker is watching all authentication services (since this is probably the best point for these attacks). The attacker could tell when users create new pseudonyms, and when pseudonymous users are active. From this info, the attacker could rule out some users as possible owners of some pseudonyms, but that's about it. Correlation and intersection attacks are unlikely to work unless the attacker is watching the user as well as the auth server, and that's outside our threat model. > Although, this too might fall under that "good enough" umbrella as > long as the tor network were disjoined from the nym creation and key > distribution process as much as possible. The nyms would have to be > managed outside a tor egress point to maintain user's anonymity. Right. > I also question whether or not a system can be devised that makes > nym creation expensive enough to thwart nefarious users from simply > collection a lot of nyms. :( Right. I suspect that this is one of those social engineering problems that we won't solve except by trying things out and seeing whether they work. {1} There are all other kinds of great terms in the field. For example, "allonymous" is using a name belonging to someone else, like if the Joker writes a letter and signs it "Batman." Oddly, there is no classical term for using one's given name. {2} If you care about privacy and not usability, I recommend DC nets. If you care about usability and not privacy, I recommend turning Tor off. {3} Again see http://en.wikipedia.org/wiki/Blind_signature yrs, -- Nick Mathewson ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dep21 at hermes.cam.ac.uk Wed Sep 28 06:12:43 2005 From: dep21 at hermes.cam.ac.uk (dep21) Date: September 28, 2005 6:12:43 PM EDT Subject: for ip: eDonkey to close Message-ID: http://www.extremedrm.com/article/eDonkey+Chief+Blasts+Litigators+In+Senate+T estimony/161190_1.aspx EDonkey (MetaMachine) are to 'exit the business' of peer to peer after a cease and desist letter from the RIAA a few weeks ago. They "simply couldn't afford the protracted litigation" needed to "prove their case" in a court. david ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From roy at rant-central.com Wed Sep 28 06:10:10 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 28 Sep 2005 09:10:10 -0400 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] In-Reply-To: <20050928071114.GL2249@leitl.org> References: <20050928071114.GL2249@leitl.org> Message-ID: <1127913010.433a9632d9447@mesmer.rant-central.com> > ----- Forwarded message from Jimmy Wales ----- > > From: Jimmy Wales > Date: Tue, 27 Sep 2005 19:50:52 -0400 > To: or-talk at freehaven.net > Subject: Re: [roy at rant-central.com: Re: [arma at mit.edu: Re: Wikipedia & Tor]] > User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) > Reply-To: or-talk at freehaven.net > > > So Wikipedia understands that the transport layer isn't to blame, yet they > > persist in asking for changes in the Tor transport to address the problem > > of malicious users? *groan* > > Actually, the transport layer *is* to blame. I don't know how much more > clear I can be about it. Because Tor users are almost universally bad, > because almost no good edits come out of the Tor network, we block them. This is getting close to the 'agree to disagree' point, but I'll go one more round. No, the transport layer is not to blame. The malicious users are to blame. The subset of Tor users abusing Wikipedia may be "almost universally bad", but that is still a subset, and doesn't indight Tor itself. > If what you're saying is "I think it is fine for Wikipedia to block > Tor," then you really aren't contributing productively to this > conversation. There are some facts we know: we can usefully reduce the > amount of anonymous grief we get by blocking Tor exit servers. So, this > is what we are currently doing. I consider this unfortunate, but there > you go. What I'm saying is that Tor is designed to provide anonymity, and does this fairly well. That anonymity is at odds with the social contract where it provides an avenue for malicious action without responsibility, but that fact is not the fault of the anonymity or its enablers; it is the fault of the bad actors. > We are not looking for a perfect solution. Yes, Wikis will be > vandalized. We're prepared to deal with that, we do deal with that. > But what I am seeking is some efforts to think usefully about how to > helpfully reconcile our dual goals of openness and privacy. > > I don't say "privacy is wrong, so Tor should change their philosophy". > I make no apologies for simply ignoring you if you say that "openness is > wrong, so Wikipedia should change their philosophy." I'm not saying openness is wrong. I'm saying it has its costs, which you obviously already recognize, and reducing those costs may require embracing a less-than-fully-open philosophy. That modification may include blocking Tor exit nodes, based on the behavior of bad actors. That's unfortunate, but expedient. But trying to force-fit pseudonymity on the Tor anonymity model is an attempt to shift your costs onto Tor. > > Roger gets it. The Wikipedians don't. > > What is it that we don't get? That Tor is working as designed, and that the problem with bad actors using its cloak is a problem with the actors themselves. As Bob Hettinga noted elsewhere, "perfect pseudonymity *is* perfect anonymity". Arguably, perfect pseudonymity is a more useful construct, but it is a much harder problem than anonymity. And given that perfect pseudonyms are perfectly disposable, that still won't address the bad actor problem completely. Openness requires responsibility, and responsibility implies accountability, so the only "perfect" solution is 100% meatspace correlation to enable enforcement of the social contract. That might solve your vandalism problem, but it introduces other issues. > This thread started off because a Tor > server complained to me about the blocking, and part of my response is > that one beef I have is that some people in the Tor community seem very > happy to simply stick their heads in the sand and pretend that > "Wikipedians don't get it". > > That's not helpful. Those people are not sticking their heads in the sand. They're correctly noting that nothing is broken except the bad actors. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From eugen at leitl.org Wed Sep 28 00:11:14 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 09:11:14 +0200 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] Message-ID: <20050928071114.GL2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From roy at rant-central.com Wed Sep 28 06:26:55 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 28 Sep 2005 09:26:55 -0400 Subject: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia] In-Reply-To: <20050928081317.GM2249@leitl.org> References: <20050928081317.GM2249@leitl.org> Message-ID: <1127914015.433a9a1f67147@mesmer.rant-central.com> > ----- Forwarded message from cypherpunk ----- > > From: cypherpunk > Subject: Re: Hello directly from Jimbo at Wikipedia > As an occasional Tor and Wikipedia user, let me add a couple of points. > > First, in case it is not obvious, the problem with the present system > is that Tor users can no longer edit on Wikipedia. I have done so in > the past, in what I like to think is a constructive manner, but cannot > do so since this summer. I have valid although perhaps unpopular > contributions to make, and not only is my freedom to express myself > limited, the quality of the material on Wikipedia suffers due to the > absence of my perspective. The status quo is not acceptable and we > should work to find a solution. Leaving aside the qualitative discussion, let's remember that the freedom to express onesself does not imply the obligation for any other party to listen. > Looking at the proposals for authentication servers and such, I see a > major issue which is not being addressed. That is, how does the web > server distinguish "authenticated" Tor users from unathenticated ones? > If this is via a complicated protocol, there is no point as the > servers won't use it. The problem at hand does not require "authenticated" Tor users. It requires authenticated Wikipedia users. > This does not necessarily mean building complex authentication > protocols into the Tor network, and having two classes of traffic > flowing around. It could be that this authenticated Tor is a separate > network. It only lets users in who are authenticated, and owns a > specific set of IP addresses which servers can whitelist. The regular > Tor exit nodes can be blacklisted as they are now. Tor is transport layer. Authentication for a specific service (such as Wikipedia) is the responsibility of that service and belongs in the session layer. An authenticated network and an anonymizing network are mutually exclusive. > What does Wikipedia need? What is the minimum level of service they > require? Presumably, it is similar to what they can get via ISPs, who > also map many users to a fixed set of IP addresses. Wikipedia can > complain to the ISP, and it will get back in some form to that user. No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From jwales at wikia.com Wed Sep 28 06:27:12 2005 From: jwales at wikia.com (Jimmy Wales) Date: Wed, 28 Sep 2005 09:27:12 -0400 Subject: [roy@rant-central.com: Re: [jwales@wikia.com: Re: Message-ID: Eugen Leitl wrote: >>What is it that we don't get? > > That Tor is working as designed, and that the problem with bad actors using its > cloak is a problem with the actors themselves. "Finally, we note that exit abuse must not be dismissed as a peripheral issue: when a system's public image suffers, it can reduce the number and diversity of that system's users, and thereby reduce the anonymity of the system itself." I'm pleased to report that the original design documents rightly agree with me that the it is in the interest of the longterm success of the Tor project that an attitude of throwing up our hands in defeat is not enough. > Those people are not sticking their heads in the sand. They're correctly noting > that nothing is broken except the bad actors. That *is* sticking their heads in the sand. Yes, we can lay moral blame on the bad actors. That's fine. Let's all stop typing for a minute or two and just _hate_ them for it. Ok, now we all feel better. :-) But now we're back to the question: how can Tor be improved to deal with this very serious and important problem? What are the steps that might be taken, however imperfect, to reduce the amount of abuse coming from Tor nodes? --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From sparafina at comcast.net Wed Sep 28 06:33:03 2005 From: sparafina at comcast.net (Sonny Parafina) Date: Wed, 28 Sep 2005 09:33:03 -0400 Subject: [Geowanking] Google Earth Exposes the Indian Military Message-ID: Its funny when the tables are turned. Long before Google Maps or Earth was released, was Cryptome's Eyeball series, which used internet mapping and photos mined from internet sources to raise awareness about different places. For exampe here's a recent Eye-Ball report: http://cryptome.org/nonas-eyeball.htm The best one was when Cryptome published the address, maps, aerial photos to convicted/pardoned felon Admiral John Pointdexter who promoted the "Total Information Awareness" program in the wake of the 9/11 attacks. sonny Allan Doyle wrote: >See also this article in the Register > >http://www.theregister.co.uk/2005/09/13/ >google_earth_threatens_democracy/ > >and the quote about India on the first page: > >"India agrees. Reuters quotes an anonymous security official there as >confirming that "the issue of satellite imagery had been discussed at >the highest level but the government had concluded that 'technology >cannot be stopped'." >"We are aware that there are websites which give detailed pictures of >buildings like the president's house including every tree in the >compound. Our security agencies are aware of this but how can we stop >technology?" he added." > >At the end of the last page, there are links to other articles they >have been running about Google Earth. Very interesting stuff. > > Allan > > >On Sep 28, 2005, at 07:17, Shekhar Krishnan wrote: > >>Dear All: >> >>:: apologies for cross-posting :: >> >>This has caused quite an uproar in Mumbai, and the consequences will be >>interesting to follow. >> >>To read more about open geo-data and free mapping initiatives in India, >>see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | >>http://freemap.crit.org.in | http://www.freemap.in ). >> >>Please also visit and sign the open geo-data manifesto hosted by the >>Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and >>visit Mapping Hacks ( http://www.mappinghacks.com ). >> >> >>Best, >> >> >>Shekhar >>_____ >> >>Google Earth exposes IAF bases >> >>CHARLES ASSISI >>TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] >>http://timesofindia.indiatimes.com/articleshow/1243460.cms >> >> >>MUMBAI: Legally, you aren?t supposed to come within arm?s length of >>India?s military bases. Whether it is the naval dockyards in Mumbai or >>the air force bases in New Delhi, Bangalore and Hyderabad, they >>continue >>to be strictly out of bounds for unauthorised personnel. >> >>But technology, unerringly, finds ways to subvert the law. A little >>over >>two weeks ago, Google released fresh satellite images of New Delhi, >>south Mumbai, Bangalore and Hyderabad as part of its new initiative, >>Google Earth ( http://earth.google.com ). These images, available to >>anybody with access to the Net, provide users with images of earth from >>space. >> >>Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. >>After having taken a look at its lawns, take in a detailed perspective >>of Parliament building. Maybe, fly over the Prime Minister?s residence. >>And if that doesn?t satiates the voyeur in you, move over to Palam >>Airport where IAF planes are based. >> >>The level of detail even reveals the camouflage used to mask hangars. >> >>Pictures of Mumbai reveal with numbing clarity the docks where INS >>Viraat is berthed. Users can zoom close enough to take a reasonably >>good >>look at the deck of India?s lone aircraft carrier. Browse around and >>you >>can stroll past piers where warships of all kinds and submarines are >>docked. >> >>Pan across to take a long look at what lies beyond the fortified gates >>of Navy Nagar where access is normally controlled by gun-wielding >>guards. And if that isn?t enough, there are shots of a carrier under >>construction, which sources speculate, could be the top secret advanced >>technology vessel (ATV). >> >>It?s much the same thing with Bangalore. The air force base at >>Yelahanka >>with the jets and helicopters parked are available for all to view. And >>if it?s the HAL factory you?re interested in, zoom right in. >> >>-- >>______ >> >>Shekhar Krishnan >>9, Supriya, 2nd Floor >>709, Parsee Colony Road no.4 >>Dadar, Mumbai 400014 >>India >> >>http://www.crit.org.in/members/shekhar >>http://web.mit.edu/~shekhar/www >> >>_______________________________________________ >>Geowanking mailing list >>Geowanking at lists.burri.to >>http://lists.burri.to/mailman/listinfo/geowanking >> >> > _______________________________________________ Geowanking mailing list Geowanking at lists.burri.to http://lists.burri.to/mailman/listinfo/geowanking ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From roy at rant-central.com Wed Sep 28 06:33:26 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Wed, 28 Sep 2005 09:33:26 -0400 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] In-Reply-To: <20050928085320.GE1570@apb-laptoy.apb.alt.za> References: <20050928071114.GL2249@leitl.org> <20050928085320.GE1570@apb-laptoy.apb.alt.za> Message-ID: <1127914406.433a9ba626c5e@mesmer.rant-central.com> Quoting Alan Barrett : > > ----- Forwarded message from Jimmy Wales ----- > > We are not looking for a perfect solution. Yes, Wikis will be > > vandalized. We're prepared to deal with that, we do deal with that. > > But what I am seeking is some efforts to think usefully about how to > > helpfully reconcile our dual goals of openness and privacy. > > Wikipedia should allow Tor users to register Wikipedia nyms. > Then they could block: > Tor users trying to edit without a nym; > Tor users trying to edit with a nym that has a bad reputation; > and they could rate-limit > Tor users trying to edit with a nym that has insufficient history > to be classified as good or bad; > while not blocking > Tor users trying to edit with a nym that has a good reputation. s/Tor/all/g This is an excellent summation, except that there is no compelling reason to treat Tor-carried traffic differently than any other traffic. Credentialing and reputation tracking are good ideas, and should be applied universally. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From demonfighter at gmail.com Wed Sep 28 06:41:34 2005 From: demonfighter at gmail.com (Steve Furlong) Date: Wed, 28 Sep 2005 09:41:34 -0400 Subject: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia] In-Reply-To: <1127914015.433a9a1f67147@mesmer.rant-central.com> References: <20050928081317.GM2249@leitl.org> <1127914015.433a9a1f67147@mesmer.rant-central.com> Message-ID: <7d752ae3050928064135671d34@mail.gmail.com> On 9/28/05, Roy M. Silvernail wrote: A Wikiwhiner wrote > > I have valid although perhaps unpopular > > contributions to make, and not only is my freedom to express myself > > limited, the quality of the material on Wikipedia suffers due to the > > absence of my perspective. Wow. Nice ego there. > > The status quo is not acceptable and we > > should work to find a solution. > Leaving aside the qualitative discussion, let's remember that the freedom to > express onesself does not imply the obligation for any other party to listen. Nor the obligation for any other party to provide you with a soapbox. Operate your own wiki if you don't like their decisions. > Tor is transport layer. Authentication for a specific service (such as > Wikipedia) is the responsibility of that service and belongs in the session > layer. What Roy said. This Wikiwhiner might want to read up on the OSI model. Conveniently, there's a Wikipedia article on it: http://en.wikipedia.org/wiki/OSI_model > An authenticated network and an anonymizing network are mutually exclusive. True enough, but to make it clear, an anonymizing network is not exclusive with an authenticated application. (Not necessarily so, anyway. I haven't checked into TOR, but there's no good reason an HTML hidden field couldn't provide session continuity for an anonymous web surfer.) -- There are no bad teachers, only defective children. From goodell at eecs.harvard.edu Wed Sep 28 06:55:41 2005 From: goodell at eecs.harvard.edu (Geoffrey Goodell) Date: Wed, 28 Sep 2005 09:55:41 -0400 Subject: [roy@rant-central.com: Re: [jwales@wikia.com: Re: Message-ID: On Wed, Sep 28, 2005 at 09:27:12AM -0400, Jimmy Wales wrote: > But now we're back to the question: how can Tor be improved to deal with > this very serious and important problem? What are the steps that might > be taken, however imperfect, to reduce the amount of abuse coming from > Tor nodes? I think that we can agree that there are short-term and long-term solutions to this problem. In the short-term, we can block Tor nodes by routing address and develop special mechanisms to allow Tor users to edit Wikipedia content anyway. We can do this either via some sort of indirection or via some sort of special change to Wikipedia itself, working around the limitations in Mediawiki. We can focus on the short-term for now. However, I think that most proponents of Tor believe that in the long-term, Wikipedia should support location-independent users. So we need a plan going forward, and this plan should be sufficiently general to apply to any location-independent users, not just users of Tor. I think that many of us hope that some day the Internet will be flat and routing information will be useless in tracking identity or reputation. This will be difficult to achieve, but it is certainly my hope. As such, I am loath to encourage the design of systems that require any form of access control at the network layer, and I believe that the right thing to do is avoid such temptation, even if software tools like Mediawiki appear to be designed with network-layer access control in mind. Geoff ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Sep 28 01:13:17 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 10:13:17 +0200 Subject: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050928081317.GM2249@leitl.org> ----- Forwarded message from cypherpunk ----- From eugen at leitl.org Wed Sep 28 01:20:39 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 10:20:39 +0200 Subject: [goodell@eecs.harvard.edu: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050928082039.GP2249@leitl.org> ----- Forwarded message from Geoffrey Goodell ----- From camera_lumina at hotmail.com Wed Sep 28 07:45:02 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 28 Sep 2005 10:45:02 -0400 Subject: [shekhar@crit.org.in: [Geowanking] Google Earth Exposes the Indian Military] In-Reply-To: <20050928113736.GP2249@leitl.org> Message-ID: Stupid assholes. Despite all the tech work in India going on, their military apparently didn't realize that the world changed a long time ago (way before Google). And if they can somehow block google, then I can merely purchase the photos on the black market from a private satellite. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [shekhar at crit.org.in: [Geowanking] Google Earth Exposes the >Indian Military] >Date: Wed, 28 Sep 2005 13:37:36 +0200 > >----- Forwarded message from Shekhar Krishnan ----- > >From: Shekhar Krishnan >Date: Wed, 28 Sep 2005 12:17:23 +0100 >To: freemap at lists.crit.org.in, asiasource-l at lists.tacticaltech.org, > india-gii at lists.cpsr.org, fsf-friends at mm.gnu.org.in, > urbanstudygroup at sarai.net, commons-law at sarai.net, > geowanking at lists.burri.to, freegis-list at intevation.de >Cc: >Subject: [Geowanking] Google Earth Exposes the Indian Military >Organization: CRIT (Collective Research Initiatives Trust) >X-Mailer: Evolution 2.4.0 >Reply-To: geowanking at lists.burri.to > >Dear All: > >:: apologies for cross-posting :: > >This has caused quite an uproar in Mumbai, and the consequences will be >interesting to follow. > >To read more about open geo-data and free mapping initiatives in India, >see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | >http://freemap.crit.org.in | http://www.freemap.in ). > >Please also visit and sign the open geo-data manifesto hosted by the >Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and >visit Mapping Hacks ( http://www.mappinghacks.com ). > > >Best, > > >Shekhar >_____ > >Google Earth exposes IAF bases > >CHARLES ASSISI >TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] >http://timesofindia.indiatimes.com/articleshow/1243460.cms > > >MUMBAI: Legally, you aren???t supposed to come within arm???s length of >India???s military bases. Whether it is the naval dockyards in Mumbai or >the air force bases in New Delhi, Bangalore and Hyderabad, they continue >to be strictly out of bounds for unauthorised personnel. > >But technology, unerringly, finds ways to subvert the law. A little over >two weeks ago, Google released fresh satellite images of New Delhi, >south Mumbai, Bangalore and Hyderabad as part of its new initiative, >Google Earth ( http://earth.google.com ). These images, available to >anybody with access to the Net, provide users with images of earth from >space. > >Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. >After having taken a look at its lawns, take in a detailed perspective >of Parliament building. Maybe, fly over the Prime Minister???s residence. >And if that doesn???t satiates the voyeur in you, move over to Palam >Airport where IAF planes are based. > >The level of detail even reveals the camouflage used to mask hangars. > >Pictures of Mumbai reveal with numbing clarity the docks where INS >Viraat is berthed. Users can zoom close enough to take a reasonably good >look at the deck of India???s lone aircraft carrier. Browse around and you >can stroll past piers where warships of all kinds and submarines are >docked. > >Pan across to take a long look at what lies beyond the fortified gates >of Navy Nagar where access is normally controlled by gun-wielding >guards. And if that isn???t enough, there are shots of a carrier under >construction, which sources speculate, could be the top secret advanced >technology vessel (ATV). > >It???s much the same thing with Bangalore. The air force base at Yelahanka >with the jets and helicopters parked are available for all to view. And >if it???s the HAL factory you???re interested in, zoom right in. > >-- >______ > >Shekhar Krishnan >9, Supriya, 2nd Floor >709, Parsee Colony Road no.4 >Dadar, Mumbai 400014 >India > >http://www.crit.org.in/members/shekhar >http://web.mit.edu/~shekhar/www > >_______________________________________________ >Geowanking mailing list >Geowanking at lists.burri.to >http://lists.burri.to/mailman/listinfo/geowanking > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From apb at cequrux.com Wed Sep 28 01:53:20 2005 From: apb at cequrux.com (Alan Barrett) Date: Wed, 28 Sep 2005 10:53:20 +0200 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] In-Reply-To: <20050928071114.GL2249@leitl.org> References: <20050928071114.GL2249@leitl.org> Message-ID: <20050928085320.GE1570@apb-laptoy.apb.alt.za> > ----- Forwarded message from Jimmy Wales ----- > We are not looking for a perfect solution. Yes, Wikis will be > vandalized. We're prepared to deal with that, we do deal with that. > But what I am seeking is some efforts to think usefully about how to > helpfully reconcile our dual goals of openness and privacy. Wikipedia should allow Tor users to register Wikipedia nyms. Then they could block: Tor users trying to edit without a nym; Tor users trying to edit with a nym that has a bad reputation; and they could rate-limit Tor users trying to edit with a nym that has insufficient history to be classified as good or bad; while not blocking Tor users trying to edit with a nym that has a good reputation. This will require some changes to the MediaWiki software that Wikipedia uses. AFAIK, there's currently no way to rate-limit nyms that have insufficient history, and blocks on IP addresses are currently all or nothing. --apb (Alan Barrett) From jwales at wikia.com Wed Sep 28 08:00:58 2005 From: jwales at wikia.com (Jimmy Wales) Date: Wed, 28 Sep 2005 11:00:58 -0400 Subject: Wikipedia & Tor Message-ID: Paul Syverson wrote: > I want to emphasize a central aspect of my suggestion: The goal is not > just to provide a filter for abusive posts, it's to change incentives. This is exactly the right approach! > We can't know for sure without running the experiment, but my guess is > that if abusive posts through Tor never succeed (OK perhaps virtually > never), and if the process of posting through Tor informs posters of > that fact, then Tor will become worth it for your admins. The abusers > will disappear or greatly diminish because they will know from being > warned, and if necessary from experience, that their attempts will > fail. Posts through Tor will then mostly have value (in the sense of > not being abusive in the ways that prompted this discussion.) I would say that even some fairly slight changes to the incentive structure may help a lot. The less desirable Tor is for problem users, the more they will shift to traditional broken open proxies. We can play whack-a-mole with these as we do now, while at the same time leaving Tor more open. > Yes, I know (and I'm sure Jimmy knows) that this won't solve the > longterm underlying issues. Abusive posters will just move on to > another avenue than Tor. But I think it will be a quick, cheap, and > big win for both Tor and Wikipedia. Yes, but I don't really mind them moving to other avenues. That's the point. If I didn't love Tor, I wouldn't care about blocking Tor either. Let them abuse broken proxy servers, let them do whatever, that's fine, we can deal with it. We just want to open up to Tor. > Yes, as Marc Abel suggested you could implement passwords, pseudonyms, > or hell ZKPs. But this is stepping onto the slippery slope of trying > to solve the more longterm problem that using IP addresses in the way > Wikipedia does is a temporarily useful kludge. (Kludges are great, but > function creep is dangerous and can make for bigger problems in the > long run.) Let me see if I can explain a bit more of the math behind this. I'm just going to make up a hypothetical example. Suppose 100 out of every 1,000,000 edits to Wikipedia is malicious. And suppose we study them and discover, hmm, 25 of them come from Tor, which is easily blockable. 50 of them come from static ips or dynamic ips that are expensive for users to get new. 25 of them are from broken proxies. Now, our present solution is to block Tor, do various things in other situations, and this works reasonably well. Of the 25 bad edits we block from Tor, some portion of them surely shift to other means, but not all of them. So we find it to be a net win. Except. Except we don't really like to block Tor. Now, fast forward, and imagine that the "expensive ip" situation goes away in a few years, either due to widespread onion routing, or whatever you may want to dream up that makes our temporary kludge of using ips no longer functional. Then we'll still only have 100 out of every 1,000,000 edits to Wikipedia as being malicious. How we'll deal with that is how we'll deal with that, but that's fine. We'll manage. For now the key thing to do is to shift the incentives on the bad users so that Tor is less desirable for them than playing with the broken proxies or just doing whatever with a dialup account or aol addresses or whatever. --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Sep 28 02:10:29 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 11:10:29 +0200 Subject: [nickm@freehaven.net: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050928091029.GA2249@leitl.org> ----- Forwarded message from Nick Mathewson ----- From camera_lumina at hotmail.com Wed Sep 28 08:17:42 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 28 Sep 2005 11:17:42 -0400 Subject: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia] In-Reply-To: <1127914015.433a9a1f67147@mesmer.rant-central.com> Message-ID: Oh...-that's- your point: >No, Wikipedia needs to realize that the IP address correlation they enjoy >outside of Tor is a happy accident, and that they should stop treating IP >addressess as user credentials. If they want credentials, they need to >implement them. Well, is it reasonable to expect a creature to evolve to an environment that doesn't exist yet? On the other hand, I don't think the number of Tor IP addresses is anywhere near its hockeystick yet, and when it comes it will be changing far too fast for them to block. So they will ultimately have to change their model, methinks. -TD From camera_lumina at hotmail.com Wed Sep 28 08:25:46 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Wed, 28 Sep 2005 11:25:46 -0400 Subject: [cyphrpunk@gmail.com: Re: Hello directly from Jimbo at Wikipedia] In-Reply-To: <7d752ae3050928064135671d34@mail.gmail.com> Message-ID: Dont' agree here... >From: Steve Furlong >To: cypherpunks at jfet.org >Subject: Re: [cyphrpunk at gmail.com: Re: Hello directly from Jimbo at >Wikipedia] >Date: Wed, 28 Sep 2005 09:41:34 -0400 > >On 9/28/05, Roy M. Silvernail wrote: > >A Wikiwhiner wrote > > > > I have valid although perhaps unpopular > > > contributions to make, and not only is my freedom to express myself > > > limited, the quality of the material on Wikipedia suffers due to the > > > absence of my perspective. > >Wow. Nice ego there. If someone I knew wrote some detailed Wiki entries about Telecom DCC control channel protocol throughputs and attacks, he could objectively state that there would be very few people in the world up to the task. He might also want to maintain anonymity. Shutting down this source of wiki entries means that the general flow of Wikipedia content has been altered slightly, but I would argue significantly. I see no material issue with an individual claiming that the absence of his posts to Wiki is significant, even if this is in fact untrue for his particular case. The ego is not material to the essential point. -TD From shekhar at crit.org.in Wed Sep 28 04:17:23 2005 From: shekhar at crit.org.in (Shekhar Krishnan) Date: Wed, 28 Sep 2005 12:17:23 +0100 Subject: [Geowanking] Google Earth Exposes the Indian Military Message-ID: Dear All: :: apologies for cross-posting :: This has caused quite an uproar in Mumbai, and the consequences will be interesting to follow. To read more about open geo-data and free mapping initiatives in India, see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | http://freemap.crit.org.in | http://www.freemap.in ). Please also visit and sign the open geo-data manifesto hosted by the Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and visit Mapping Hacks ( http://www.mappinghacks.com ). Best, Shekhar _____ Google Earth exposes IAF bases CHARLES ASSISI TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] http://timesofindia.indiatimes.com/articleshow/1243460.cms MUMBAI: Legally, you aren???t supposed to come within arm???s length of India???s military bases. Whether it is the naval dockyards in Mumbai or the air force bases in New Delhi, Bangalore and Hyderabad, they continue to be strictly out of bounds for unauthorised personnel. But technology, unerringly, finds ways to subvert the law. A little over two weeks ago, Google released fresh satellite images of New Delhi, south Mumbai, Bangalore and Hyderabad as part of its new initiative, Google Earth ( http://earth.google.com ). These images, available to anybody with access to the Net, provide users with images of earth from space. Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. After having taken a look at its lawns, take in a detailed perspective of Parliament building. Maybe, fly over the Prime Minister???s residence. And if that doesn???t satiates the voyeur in you, move over to Palam Airport where IAF planes are based. The level of detail even reveals the camouflage used to mask hangars. Pictures of Mumbai reveal with numbing clarity the docks where INS Viraat is berthed. Users can zoom close enough to take a reasonably good look at the deck of India???s lone aircraft carrier. Browse around and you can stroll past piers where warships of all kinds and submarines are docked. Pan across to take a long look at what lies beyond the fortified gates of Navy Nagar where access is normally controlled by gun-wielding guards. And if that isn???t enough, there are shots of a carrier under construction, which sources speculate, could be the top secret advanced technology vessel (ATV). It???s much the same thing with Bangalore. The air force base at Yelahanka with the jets and helicopters parked are available for all to view. And if it???s the HAL factory you???re interested in, zoom right in. -- ______ Shekhar Krishnan 9, Supriya, 2nd Floor 709, Parsee Colony Road no.4 Dadar, Mumbai 400014 India http://www.crit.org.in/members/shekhar http://web.mit.edu/~shekhar/www _______________________________________________ Geowanking mailing list Geowanking at lists.burri.to http://lists.burri.to/mailman/listinfo/geowanking ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From m-abel at columbus.rr.com Wed Sep 28 09:17:40 2005 From: m-abel at columbus.rr.com (Marc Abel) Date: Wed, 28 Sep 2005 12:17:40 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: Hi Jimbo, My concern about pseudonyms is that they can compromised after-the-fact. Suppose Li Li is over in China writing blogs, and she selects Muzimei as her pseudonym and implements it with any of several digital signature schemes. Then she writes a bunch of blog entries, and possibly a few edits to her Wikipedia page. Wikipedia trusts her because of her reputation, and presumably no one knows her real name is Li Li. Except there's an eyewitness to one of her blogs, or the authorities raid her Linux box and her private key is compromised. Li Li has a serious problem, because all of her previous activity is signed by her Muzimei pseudonym, so after 36 hours of interrogation she confesses, is found guilty of separatism in an 18 minute trial, and executed 20 days later. I still lean in favor of approaches which protect Wikipedia on the basis of actual content submitted, instead of information about the submitter. This is why Paul Syverson and I are advancing these types of proposals. Once again, one way to check content (until machines can "think" better) is to have not-necessarily-anonymous parties with interests in specific subjects ok what would otherwise be anonymous posts prior to the posts showing up. This system would be only as efficient as these "approving" personnel for anonymous posts, but these people can be mutually selected in the sense that an anonymous editor can nominate anyone, and Wikipedia may refuse anyone. It's a little like any meeting held under Robert's Rules of Order. To discuss anything, someone must present a motion and someone else needs to second it. If the content's not pertinent enough for even a second, there really no need for the group to consider it. In the mechanism I am suggestion (as an intermediate-term approach to try), the mover may be anonymous if the seconder is willing not to be. Marc On Wed, 2005-09-28 at 08:36, Jimmy Wales wrote: > Marc Abel wrote: > > This has law enforcement implications; if you can prove that Alice took > > the cookie from the cookie jar, perhaps using eyewitnesses, you can now > > show that Alice did many other unreputable things. > > Can you explain this in more detail? > > --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From mgp at ucla.edu Wed Sep 28 12:39:43 2005 From: mgp at ucla.edu (Michael Parker) Date: Wed, 28 Sep 2005 12:39:43 -0700 Subject: [p2p-hackers] [Fwd: [Planetlab-users] Announcing: TCP NAT Traversal/Hole-Punching Library] Message-ID: I just got this by way of the PlanetLab mailing list... Definitely thought it would be of interest! - Mike ---------------------------- Original Message ---------------------------- Subject: [Planetlab-users] Announcing: TCP NAT Traversal/Hole-Punching Library From: "Saikat Guha" Date: Wed, September 28, 2005 3:46 am -------------------------------------------------------------------------- Hi all, (apologies if you get multiple copies of this) I am pleased to announce the availability of our open-source TCP NAT Traversal/Hole-Punching library based on our research published in [1]. [1] "Characterization and Measurement of TCP Traversal through NATs and Firewalls", S. Guha and P. Francis. IMC 2005. http://nutss.net/pub/imc05-tcpnat.pdf The key result of the paper is: TCP NAT traversal can work 85%-90% of the time today (without any special assumptions about NATs), and 100% of the time between pairs of certain popular, well-behaved NATs. See [1] for more details. An open-source Java library for TCP NAT Traversal is now available: webpage: http://nutss.net/stunt.php faq: http://nutss.net/jstunt-faq.php library and example: http://nutss.net/jstunt-examples.php The above library has been tested for pair-wise connectivity across 11 brands of NATs from Windows and Linux hosts. NATs tested were Linksys, DLink, Netgear, Belkin, 3Com, Netopia, Allied Telesyn, SMC, Trendnet, USR, Buffalo Tech. Out of the 121 possible pair-wise combinations, 113 connections are successful. The only ones that failed are when both the endpoints are behind the _same_ NAT device that does not support TCP hairpin-behavior yet (see [1]). The java library is released under LGPL; contact me if this does not meet your needs. Feel free to extend it/port it etc. Q: I am a P2P developer/researcher. How does this help me? A: The library adds TCP NAT traversal out-of-the-box. This increases the connectivity in your P2P network since two users behind their NATs can now exchange data without having to go through an intermediary node. You can: - Use this library as is (for development of P2P software, research, small deployments, etc in java) - Study it to provide TCP NAT Traversal in your existing P2P applications in your language of choice. - etc. If you have any questions, comments, suggestions, or problems, do not hesitate to contact me. Cheers, -- Saikat _______________________________________________ Users mailing list: Users at lists.planet-lab.org https://lists.planet-lab.org/mailman/listinfo/users ----- End forwarded message ----- _______________________________________________ Gnucla-devel mailing list Gnucla-devel at starsky.ee.ucla.edu http://starsky.ee.ucla.edu/cgi-bin/mailman/listinfo/gnucla-devel _______________________________________________ p2p-hackers mailing list p2p-hackers at zgp.org http://zgp.org/mailman/listinfo/p2p-hackers _______________________________________________ Here is a web page listing P2P Conferences: http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Sep 28 04:37:36 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 13:37:36 +0200 Subject: [shekhar@crit.org.in: [Geowanking] Google Earth Exposes the Indian Military] Message-ID: <20050928113736.GP2249@leitl.org> ----- Forwarded message from Shekhar Krishnan ----- From agl at imperialviolet.org Wed Sep 28 06:25:15 2005 From: agl at imperialviolet.org (Adam Langley) Date: Wed, 28 Sep 2005 14:25:15 +0100 Subject: Hello directly from Jimbo at Wikipedia Message-ID: On 9/28/05, Nick Mathewson wrote: > Hashcash is often considered, but commonly dismissed, because it > limits identities based on the wrong resource: computers. A similar scheme would be to make people perform many CAPTCHAs[1] in order to generate a login id. That way the resource is human time and it's difficult to generate lots of them [1]. Abuse from these accounts results in the account being deleted, which makes it costly. (More detail here: http://www.imperialviolet.org/page26.html#e509) The design of the CAPTCHA is actually far more difficult than I imagined because it turns out that the range of ability of people for solving them is very large - but there are several widly used CAPTCHAs which seems to be good for many of people. (Very unscientifically, it seems that computer minded people can solve them but other's have great problems. My mother can't even do the Google CAPTCHA). Although this seems possible it's tough to believe that it's worth doing for Wikipedia because I've already written a small (1500 line) patch for MediaWiki; the design of which was okayed in general by one of the developers. It was intended to make it easier to block and unblock IP ranges (like all Tor nodes) . The patch certainly wasn't perfect but, despite the efforts of several people, I never got any responce from anyone in MediaWiki about it. I don't mind - I've the attention span of a flea anyway. But it's not good for people who might be willing to do this work. AGL [1] http://en.wikipedia.org/wiki/Captcha [2] You could setup a sweatshop to do it, or you could distribute it and make setup a porn website which requires you to solve them to gain entry. Either way - it's quite a lot of effort. See http://www.boingboing.net/2004/01/27/solving_and_creating.html -- Adam Langley agl at imperialviolet.org http://www.imperialviolet.org (+44) (0)7906 332512 PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60 ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Wed Sep 28 06:33:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 15:33:10 +0200 Subject: [agl@imperialviolet.org: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050928133310.GT2249@leitl.org> ----- Forwarded message from Adam Langley ----- From eugen at leitl.org Wed Sep 28 06:41:06 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 15:41:06 +0200 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]]]] Message-ID: <20050928134106.GU2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From eugen at leitl.org Wed Sep 28 06:43:23 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 15:43:23 +0200 Subject: [sparafina@comcast.net: Re: [Geowanking] Google Earth Exposes the Indian Military] Message-ID: <20050928134323.GW2249@leitl.org> ----- Forwarded message from Sonny Parafina ----- From eugen at leitl.org Wed Sep 28 07:00:37 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 16:00:37 +0200 Subject: [goodell@eecs.harvard.edu: Re: [roy@rant-central.com: Re: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]]]] Message-ID: <20050928140037.GY2249@leitl.org> ----- Forwarded message from Geoffrey Goodell ----- From eugen at leitl.org Wed Sep 28 08:02:08 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 17:02:08 +0200 Subject: [jwales@wikia.com: Re: Wikipedia & Tor] Message-ID: <20050928150208.GA2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From eugen at leitl.org Wed Sep 28 09:20:19 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 18:20:19 +0200 Subject: [m-abel@columbus.rr.com: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050928162019.GE2249@leitl.org> ----- Forwarded message from Marc Abel ----- From dave at farber.net Wed Sep 28 15:33:21 2005 From: dave at farber.net (David Farber) Date: Wed, 28 Sep 2005 18:33:21 -0400 Subject: [IP] eDonkey to close Message-ID: Begin forwarded message: From bill.stewart at pobox.com Wed Sep 28 19:24:15 2005 From: bill.stewart at pobox.com (Bill Stewart) Date: Wed, 28 Sep 2005 19:24:15 -0700 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <4339E5AD.9070600@kriptik.org> References: <4339E5AD.9070600@kriptik.org> Message-ID: <6.2.1.2.0.20050928191458.03f1f068@pop.idiom.com> At 05:37 PM 9/27/2005, lists wrote: >Tyler Durden wrote: >>Sorry...I don't understand...why would psuedonymity services be provided >>within Tor? > >I find the concept of having both pseudonymous and anonymous traffic >through TOR quite interesting. In some cases, you really do wish to just >.... >TOR itself does not necessarily have to deal with this. There could be >services flowing through TOR that provide this. However, TOR nodes >implementing pseudonymous traffic for their own network seems more >natural and easier to do. One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. The reason to use Tor mechanisms is to make connection potentially easier by reducing the number of mechanisms a client needs; the reason to use different IP addresses is for Wikipedia's convenience. It's mainly useful in environments where you can use private address space, so if you're running it on a Tor-friendly location as opposed to Wikipedia's rack space, you might want to tunnel it across the Internet through something other mechanism such as GRE/L2TP/IPSEC/etc. From sunder at sunder.net Wed Sep 28 18:43:44 2005 From: sunder at sunder.net (sunder) Date: Wed, 28 Sep 2005 21:43:44 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: References: Message-ID: <433B46D0.4030903@sunder.net> Tyler Durden wrote: > Actually, depending on your App, this would seem to be th very > OPPOSITE of a moot point. > -TD > Indeed! I've been ignoring this list for a while, so sorry for the late posting. I remember sometime in late 99, I had one of the early blackberry pagers, the small ones that ate a single AA battery which lasted about a week or so, and had email + a small web browser inside of it. It wasn't the blackberry phone. Anyway, long story short, one day, said pager crashed (it is a computer after all) and I was trying to figure out how to reboot it, so I thought, fuck it, and removed the battery, the fucker stayed ON! For over 15 minutes! Gee, I wonder why anyone would design a cell phone or pager to be able to stay on after its battery is pulled out. Yeah, yeah, it's just a capacitor or an internal rechargeable battery, but why would you want such a feature? Fast forward to 2005. Most cell phones are after all small computers with a transceiver, microphone, and speaker, and recently GPS receivers. And now we have reports of the GPS info being transmitted all the time, "oops! it's a bug, we meant to turn it off." uh huh. Just how much work would it be to reprogram the soft power off key, so it shuts off all the lights, and display, but still transmits GPS info, just less often? Or also transmit audio? What are the odds that the code on the phone already comes with this feature built in? Of course, if it was legal to scan on cell phone frequencies, you might be able to confirm what it's sending and when, but of course, it's not legal to do that. Even to your own phone. Of course some phones are more equal than others. For example, T-Mobile SideKick, which if you write an email and decide to cancel it, but you're out of range, exposes its evil self with "Sorry, we can't let you delete the email you're composing, because it hasn't been sent to the server yet!" Gee, I wonder what that means? Nah, it's just a bug. (Of course, this is a totally owned platform, where T-Mobile owns your data, not you, oops, make that the hackers of a few months ago..) Oh and if said phone is running out of batteries, it starts to complain loudly until you recharge it. Um, yeah, it likes being on at all times. You can "hear" it transmit occasionally when it's near amplified computer speakers or your car radio. Fun that, but could be useful. Especially if you "heard" it transmit while it's supposedly "off." (I've honestly not heard it transmit while it's off) Are we just too paranoid? Nah, that's just a bug in human firmware, we'll fix that in the next brainwashing session. (BTW: what the fuck's up with all the weirdo subject lines? There's a perfectly good "From: " line in all SMTP headers, we don't need this shit in the subject line for fuck's sake! What's this, the return of Jim Choate?) From eugen at leitl.org Wed Sep 28 12:51:56 2005 From: eugen at leitl.org (Eugen Leitl) Date: Wed, 28 Sep 2005 21:51:56 +0200 Subject: [mgp@ucla.edu: [p2p-hackers] [Fwd: [Planetlab-users] Announcing: TCP NAT Traversal/Hole-Punching Library]] Message-ID: <20050928195156.GI2249@leitl.org> ----- Forwarded message from Michael Parker ----- From rah at shipwright.com Wed Sep 28 19:20:44 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Wed, 28 Sep 2005 22:20:44 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] In-Reply-To: <433B46D0.4030903@sunder.net> References: <433B46D0.4030903@sunder.net> Message-ID: At 9:43 PM -0400 9/28/05, sunder wrote: >Gee, I wonder why anyone would design a cell phone or pager to be able >to stay on after its battery is pulled out. To protect whatever's in the then-volatile memory? cf Pournelle on conspiracy and stupidity... >Are we just too paranoid? See below. Cheers, RAH -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "When I was your age we didn't have Tim May! We had to be paranoid on our own! And we were grateful!" --Alan Olsen From tortalk+Steven.Murdoch at cl.cam.ac.uk Wed Sep 28 16:27:51 2005 From: tortalk+Steven.Murdoch at cl.cam.ac.uk (Steven J. Murdoch) Date: Thu, 29 Sep 2005 00:27:51 +0100 Subject: Hello directly from Jimbo at Wikipedia Message-ID: On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote: > All I'm saying is that Tor could segregate users easily enough into two > clouds: "We sorta trust these ones, more or less, a little bit, but no > guarantees" -- "We don't trust these ones, we don't know them". This would be very difficult to do using the existing Tor design as it doesn't know anything about users or sessions. It lives at the TCP layer and all it does is shift packets from one IP address to another, giving some privacy to both ends. Adding higher layer functionality to Tor increases the chance that it will do neither job well, so here is a proposal which I think does what you want, but avoids this problem. The goal is to increase the cost for a Tor user to commit abuse on Wikipedia. It doesn't need to be full-proof, but just enough to make them go elsewhere. Wikipedia could require Tor users to log in before making edits, and ban accounts if they do something bad. However the cost of creating new accounts is not very high. The goal of this proposal is to impose a cost on creating accounts which can be used though Tor. Non-Tor access works as normal and the cost can be small, just enough to reduce the incentive of abuse. Suppose Wikipedia allowed Tor users to only read articles and create accounts, but not able to change anything. The Tor user then goes to a different website, call it the "puzzle server". Here the Tor user does some work, perhaps does a hashcash computation[1] or solves a CAPTCHA[2], then enters the solution along with their new Wikipedia username. The puzzle server (which may be run by Wikipedia or Tor volunteers), records the fact that someone has solved a puzzle along with the username entered. The puzzle server doesn't need the Wikipedia password as there is no reason for someone to do work for another person's account. Now when that Tor user logs into their Wikipedia account to edit something, the Wikipedia server asks the puzzle server whether this account has ever solved a puzzle. If it has, the user can make the edit, if not then the user is told to go to the puzzle server first. This check can be very simple - just an HTTP request to the puzzle server specifying the Wikipedia username, which returns "yes" vs "no", or "200" vs "403". For performance reasons this can be cached locally. There is no cryptography here, and I don't think it is needed, but it can be added without much difficulty. If the Tor user starts committing abuse, his account is cancelled. The puzzle server doesn't need to be told about this, as Wikipedia will not let that user make any edits. The reason this approach avoids the usual problems with proof-of-work schemes[3] is that good Tor users only have to solve the puzzle once, just after they create the account. Bad Tor users will need to solve another puzzle every time they are caught and had their account cancelled. So my question to Jimbo is: what type of puzzle do you think would be enough to reduce abuse through Tor to a manageable level? The difficulty of the puzzle can be tuned over time but what would be necessary for Wikipedia to try this out? Hope this helps, Steven Murdoch. [1] http://www.hashcash.org/ [2] http://www.captcha.net/ [3] "Proof-of-Work" Proves Not to Work by Ben Laurie and Richard Clayton: http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf -- w: http://www.cl.cam.ac.uk/users/sjm217/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From nickm at freehaven.net Wed Sep 28 21:38:01 2005 From: nickm at freehaven.net (Nick Mathewson) Date: Thu, 29 Sep 2005 00:38:01 -0400 Subject: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]] Message-ID: Hi again, Jimmy! On Wed, Sep 28, 2005 at 06:57:37AM -0400, Jimmy Wales wrote: [...] > I said no such thing. Tor servers exist for the sole purpose of aiding > people who have a genuine need for privacy. Tor operators by and large > are unhappy that Tor users can't edit Wikipedia, and are genuinely > interested in exploring solutions, especially solutions which involve > changes or enhancements to the Tor architecture which help solve the > problem not just for Wikipedia but for _all_ internet services which > desire to carefully balance a desire for privacy and openness against abuse. I think I've identified one of the reasons some people here are disturbed about your suggestions. When you talk about changing the Tor architecture, they think you mean changes to Tor that would require all users to have pseudonyms, or ostracize the users who didn't. When you say "Tor should do X," they think you mean "the Tor software should do X".{1} If that were what you meant, they would be right to be concerned. Pseudonymity is wrong for many users. Complicating the core Tor implementation would be bad. But these aren't your goals, if I understand correctly. Wikipedia doesn't ultimately care how Tor is implemented, or what it contains, so long as it is significantly less effective as a tool for Wikipedia abuse. Yes? This could be achieved, as some people fear, through modifying the core of Tor. But that isn't the only way to change matters. As discussed, introducing a separate pseudonymous authentication service (perhaps even an anonymous credential service, if we can find a way to do this without patent infringement) would serve just as well, and require no modifications to the Tor code. Users who didn't want to use such a service would be no worse off than they are today. Users who wanted to use Tor and edit Wikipedia at the same time could decide whether the implications of such a service were acceptable to them. {1} To be clear, I think that it's more accurate to talk about changes to the User/Tor/Wikipedia interaction, and to suggest a need for action by the Tor project and its supporters, than to talk about a need for changes in Tor's architecture, and a need for action by Tor. yrs, -- Nick Mathewson ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jason at lunkwill.org Wed Sep 28 18:49:26 2005 From: jason at lunkwill.org (Jason Holt) Date: Thu, 29 Sep 2005 01:49:26 +0000 (UTC) Subject: Pseudonymity for tor: nym-0.1 Message-ID: Per the recent discussion regarding tor and wikipedia, I've hacked together an implementation of the basic system from Chaum, Fiat and Naor's 1990 "Untraceable Electronic Cash" paper. This system allows CAs to blindly issue tokens (or "coins") which can then be "spent" elsewhere. It runs in perl, and comprises a CA, nym-maker, client application and auth checker (for the server). The tarball is here: http://www.lunkwill.org/src/nym/ Of course, it's useless at the moment since it gives out tokens indiscriminately (and probably has massive bugs), but if anyone actually cares about this idea, it will be (more or less) easy to do the following: * Put up a sample CA and server that people can use (potentially as hidden services). * Make the CA issue only one token per email address, or one token per IP address, one per computational puzzle, one for every $20 mailed in... * Automatically expire CA keys and generate new ones on a regular basis (rather than bothering with CRLs) * Instead of randomly generated tokens, have the CA sign an actual X.509 cert request, which will then become a perfectly valid X.509 cert useful as a client-side cert in unmodified browsers and web servers * Create some sort of aid for maintaining server-side (or CA) blacklists of improperly behaving users * Check to see if the protocol is actually still secure and properly implemented. Comments welcome. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jason at lunkwill.org Wed Sep 28 18:51:32 2005 From: jason at lunkwill.org (Jason Holt) Date: Thu, 29 Sep 2005 01:51:32 +0000 (UTC) Subject: Pseudonymity for tor: nym-0.1 (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 29 Sep 2005 01:49:26 +0000 (UTC) From: Jason Holt To: or-talk at seul.org Subject: Pseudonymity for tor: nym-0.1 Per the recent discussion regarding tor and wikipedia, I've hacked together an implementation of the basic system from Chaum, Fiat and Naor's 1990 "Untraceable Electronic Cash" paper. This system allows CAs to blindly issue tokens (or "coins") which can then be "spent" elsewhere. It runs in perl, and comprises a CA, nym-maker, client application and auth checker (for the server). The tarball is here: http://www.lunkwill.org/src/nym/ Of course, it's useless at the moment since it gives out tokens indiscriminately (and probably has massive bugs), but if anyone actually cares about this idea, it will be (more or less) easy to do the following: * Put up a sample CA and server that people can use (potentially as hidden services). * Make the CA issue only one token per email address, or one token per IP address, one per computational puzzle, one for every $20 mailed in... * Automatically expire CA keys and generate new ones on a regular basis (rather than bothering with CRLs) * Instead of randomly generated tokens, have the CA sign an actual X.509 cert request, which will then become a perfectly valid X.509 cert useful as a client-side cert in unmodified browsers and web servers * Create some sort of aid for maintaining server-side (or CA) blacklists of improperly behaving users * Check to see if the protocol is actually still secure and properly implemented. Comments welcome. -J --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rfugger at gmail.com Thu Sep 29 02:15:42 2005 From: rfugger at gmail.com (Ryan Fugger) Date: Thu, 29 Sep 2005 02:15:42 -0700 Subject: Ripple currency development begins Message-ID: This email is going out to all who have expressed interest in the Ripple decentralized currency project (http://ripple.sf.net/). I hope you are all doing well. Since I got bogged down trying to define a protocol for communication between hosts in a Ripple peer network, it seemed like a good idea to go back and start with a simpler single-host prototype. The other developer on the project is two-thirds done the initial coding in Python using the Django framework. We will be developing the initial single-host version of Ripple as proprietary software -- we don't want to allow multiple Ripple hosts that can't talk to each other. The fully decentralized multi-host protocol and software, if and when it is necessary, would be appropriately free and open. Our goal in either case is to build and administer a commercially viable Ripple payment service. Anyone wishing to put some energy (or money) into the project for a share of the venture, please let me know. Thanks for all your help, Ryan ----- End forwarded message ----- -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com _______________________________________________ FoRK mailing list http://xent.com/mailman/listinfo/fork ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From benfell at greybeard95a.com Thu Sep 29 02:59:44 2005 From: benfell at greybeard95a.com (David Benfell) Date: Thu, 29 Sep 2005 02:59:44 -0700 Subject: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]] Message-ID: On Thu, 29 Sep 2005 00:17:07 -0400, Nick Mathewson wrote: > > I assume that you're not just ignoring everybody else and replying > only to what Jimmy says, right? There have been other posts here > explaining why pseudonymity and Tor are not at odds, so long as > pseudonymity is user selected. Pseudonyms are a separate problem from Tor. As someone posted, Tor does not prevent people from using pseudonyms. If pseudonyms will solve Wikipedia's problem, then fine; a good portion of this argument has been about Wikipedia's need for authentication. See my comments following your footnote. > Wikipedia has user accounts and IP-based blocking. That's a kind of > authentication. Wikipedia does not require you to use a user account > to edit pages, and does not do much to ensure that user accounts > belong to real people. That's a lack of authentication. > Now why couldn't *he* say that? The man's involved with an encyclopedia project; he should be able to write. The way this particular aspect of our disagreement arose is that I accused him of wanting Tor to do his authentication for him. He claimed that Wikipedia does do its own authentication. Now you explain that Wikipedia does not *require* authentication. Which undermines the usefulness of offering authentication. > It's like how Tor blocks some highly-abusable services, like SMTP on > port 25, but doesn't do content filtering to try to hunt for abusive > behavior on exiting streams. We filter out some abuse, but we can't > filter out all abuse without turning off the network. An anti-Tor > rhetorician could say, "You filter abuse, but you don't filter abuse!" > But what would that prove? You are attempting to compare Tor's security policy to Wikipedia's security policy. Tor has a security policy. Tor's security policy is to protect originating IP addresses which might be connected to persons. We hope, in combination with Privoxy, it protects anonymity reasonably well. On the reasonable (I think) premise that other sites are primarily responsible for their own security, it only limits some abuse. Now, what is Wikipedia's security policy? With no authentication requirement, and a policy that allows anyone to edit (unless they're connecting from a blacklisted IP address), I might as well ask, "What is truth?" > {1} This case is more commonly known, in the literature, as > pseudonymous communication than anonymous communication. Then > again, if you're going to invoke dictionaries in a technical > discussion, anonymity becomes a very broad term. But Tor is about anonymity. Not about pseudonymity. Not about other forms of authentication. As it should be. >From a communication perspective, anonymity has a very specific meaning. It means we cannot identify a person. Note that the failure to identify a person makes no reference to kind of identification. There need be no preference for "real life" names versus pseudonyms versus IP addresses versus whatever else you can think of. Anything that identifies a person contradicts the concept that this person is anonymous. This has practical implications. For instance, as someone pointed out, when the Chinese police raid a dissident's apartment, and search his hard drive, they are able to tie the pseudonym to a "real life" identity. If the police can also connect the pseudonym to what they consider "crime," the distinction between a pseudonym and a "real life" name loses much of its value; hopefully, the pseudonym permitted the dissident to continue his activities for longer. Now, I will certainly agree, as someone else pointed out, that Tor should permit the use of pseudonyms or other forms of authentication. But the fact remains that any identification--as implied by authentication--contradicts anonymity; it is therefore something which Tor should not involve itself with. Simply put, it is not and cannot be Tor's problem. -- David Benfell, LCP benfell at parts-unknown.org --- Resume available at http://www.parts-unknown.org/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From roy at rant-central.com Thu Sep 29 01:16:13 2005 From: roy at rant-central.com (Roy M. Silvernail) Date: Thu, 29 Sep 2005 04:16:13 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <6.2.1.2.0.20050928191458.03f1f068@pop.idiom.com> References: <4339E5AD.9070600@kriptik.org> <6.2.1.2.0.20050928191458.03f1f068@pop.idiom.com> Message-ID: <1127981773.433ba2cdaafeb@mesmer.rant-central.com> Quoting Bill Stewart : > One way to build a psuedo-pseudonymous mechanism to hang off of Tor > that would be easy for the Wikipedians to deal with > would be to have a server that lets you connect to it using Tor, > log in using some authentication protocol or other, > then have it generate different outgoing addresses based on your ID. > So user #37 gets to initiate connections from 10.0.0.37, > user #258 gets to initiate connections from 10.0.1.2, etc. The problem I see with this is that it continues to train Wikipedia to use IP addresses as credentials. That's a Bad Thing IMHO. -- Roy M. Silvernail is roy at rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com From jwales at wikia.com Thu Sep 29 04:29:24 2005 From: jwales at wikia.com (Jimmy Wales) Date: Thu, 29 Sep 2005 07:29:24 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: Steven J. Murdoch wrote: > What needs to be done is to give Wikipedia a way to tell the > difference between legitimate Tor users and abusers. The basis for my > proposal is that abusers can currently get IP addresses quite easily, > through open proxies, zombie machines or simply rebooting their ADSL > modem, as well as through Tor. > > To mitigate abuse from Tor, the cost of committing abuse through Tor > needs to be just higher than the cost of an abuser getting another IP > address. This is not very high. I do not use Tor, and so at risk of offending those who already think that I "hate Tor", I will say that it has been said to me by some people that we're lucky that Tor is horribly slow, or lots of people would use it, making the problem much worse. :-) > Whether this will work depends on the type of abuse that Wikipedia > receives, and Jimbo is much more qualified to comment on this then me. The typical problem case, and I asked around for horror stories to confirm my impression, is that some lunatic first starts writing at Wikipedia in an incoherent, biased, offensive, etc. way. The community at first tries to work with them, because it does take a while to absorb our peaceful ways if you're used to Usenet or mailing list debates. But eventually, the worst offenders end up getting blocked. Then they go ballistic. Imagining themselves to be el1t3 h4xx0rs, they write (or find online somewhere) vandalbots and start using them to replace pages with "fuck you" or goatse images or... well, there seems to be no shortage of creativity in the world of the deranged and snubbed. We don't sweat this too much. We just block them and rever the changes. The problem is much worse for small wiki sites than it is for Wikipedia because we're fully staffed by hundreds of smart people 24 hours a day. The people on the frontlines tell me this isn't such a huge problem, because we do things to limit the abuse. One of the things we currently do is block Tor. I consider that a reasonable solution to the vandalism problem, but an unfortunate thing, since to my mind, Tor is something very good. It would be nice if we could look at the edits coming from Tor and say "Oh, these are fine, they are mostly responsible edits." It'd even be ok if we could look at the edits coming from Tor and say "Ok, so there's a touch more vandalism from these than from other ip pools, but there's also some good stuff coming through from places where we normally don't see a lot of editing activity. We'll put up with it." As it is now, we look at it and say "oh, jesus". --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jwales at wikia.com Thu Sep 29 04:40:41 2005 From: jwales at wikia.com (Jimmy Wales) Date: Thu, 29 Sep 2005 07:40:41 -0400 Subject: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]] Message-ID: Nick Mathewson wrote: > But these aren't your goals, if I understand correctly. Wikipedia > doesn't ultimately care how Tor is implemented, or what it contains, > so long as it is significantly less effective as a tool for Wikipedia > abuse. Yes? That's right. I'm not an expert in Tor-ish matters, and so despite my strident manner at times, I am very happy to learn more and understand why some initial suggestion I might have has already been considered and rejected with good cause. And as an ongoing gesture of goodwill, let me explain _why_ I want Tor to be significantly less effective as a tool for Wikipedia abuse. It isn't because Tor is a threat to our work. One of the nice things about how Tor is implemented is that we can easily get a list of the exit servers and block them. Problem solved. No, the reason I am interested in exploring possibilities for reducing the abuse is not to protect wikipedia, but to make it possible for Tor's goals to be achieved more effectively. > {1} To be clear, I think that it's more accurate to talk about changes > to the User/Tor/Wikipedia interaction, and to suggest a need for > action by the Tor project and its supporters, than to talk about a > need for changes in Tor's architecture, and a need for action by > Tor. Yes. The one thing I should caution against, though, is assuming that the right solution to the problem should involve anything complicated on the part of Wikipedia. We're willing to do whatever, but I'm also interested in how this problem can be solved more generally. In this way, tor servers can be allowed to post anonymously and in a hit-and-run fashion to blogs, for example. --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jwales at wikia.com Thu Sep 29 04:49:34 2005 From: jwales at wikia.com (Jimmy Wales) Date: Thu, 29 Sep 2005 07:49:34 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: Jeffrey F. Bloss wrote: > I was operating under the assumption that the problem was more along the lines > of nefarious juveniles selectively posting "Kilroy was here" graffiti. > Something along those lines. If I'm out in left field about the nature of the > attack against Wikipedia, I'd be happy to be corrected, and forced to agree > that HashCash would be unsuitable. I have no opinion about HashCash just yet. I have to think about it some more. The nefarious juveniles problem is partly what it is, yes. But that sort of random vandalism goes on all the time, and isn't particularly problematic. What is problematic is the lunatic on crack and steriods who is selectively posting "Kilroy sucked your mothers cock" graffiti, obsessively, hundreds of times. Our admins find it much more peaceful to just block open proxies and Tor servers than to deal with that for hours on end, days on end, weeks on end. I am not an expert on ideas like HashCah or anything of the sort. I am a bit of an expert on the behavior of problem users at Wikipedia. :-) And what I can say is that problem users at Wikipedia are problem users everywhere for the most part. Ordinary sane people don't go on a spree of Wikipedia vandalism. So the _degree_ of trust we need is actually quite small. It isn't "We certify this person to be a certain user, guaranteed, the same as ever". It's just "this packet is being sent to you from a source that has somehow tended generally to lead us to believe to some small extent that the person posting it has not been a jackass, by and large". Or, as has been brilliantly discussed here already, it could be "this packet has been sent to you via a mechanism that one might bother to use, were one a dissident really needing anonymity, but sufficiently bothersome that were one simply a lunatic on crack, one would more likely have simply switched to using anonymous proxies". It won't be perfect, but as an empirical matter, it's probably good enough. --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From rah at shipwright.com Thu Sep 29 06:21:32 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Thu, 29 Sep 2005 09:21:32 -0400 Subject: [Clips] Anon Terminology v0.23 Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Thu, 29 Sep 2005 09:20:55 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] Anon Terminology v0.23 Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Delivered-To: nymip-res-group at nymip.org From: Andreas Pfitzmann Date: Thu, 25 Aug 2005 10:49:12 +0200 To: Klimant Herbert , Siebert Karen , Friese Ingo , Bvhme Rainer , Dierstein R|diger , Dingledine Roger , Pfitzmann Birgit , Borcea-Pfitzmann Katrin , Golembiewski Claudia , "Boettcher Dipl.-Inf. Heiko" , Baum-Waidner Birgit , Wenning Rigo , PET GI FG , Labuschke Silvia , Danz Uwe , Wicke Guntram , Weber Thomas , Schvnfeld Dagmar , Kvpsell Stefan , Federrath Hannes , Vogel Anja , Gersonde Martina , Weik Peter , PRIME PRIME , Rost Martin , Wassim Haddad , Westfeld Andreas , Wahrig Hagen , Franz Elke , Ziemek Holger , Wolf Gritta , Schneidewind Antje , Pohl Hartmut , Waidner Michael , Weck Gerhard , Steinbrecher Sandra , Hansen Marit , Clauss Sebastian , Pvtzsch Stefanie , Kurze Martin , Zvllner Jan , FIDIS list , Berthold Oliver , Matyas Vaclav , Humann Petra , Zugenmaier Alf , Diaz Claudia , Liesebach Katja , Pernul G|nther , Behrendt Manuela , SPP Diskussion , Bergmann Mike , PET-board , Schunter Matthias , PET Mailinglist , Lazarek Horst , Donker Hilko , Kriegelstein Thomas , Langos Heinrich , nymip-res-group , Seto Gar Yeung , Jerichow Anja , Zeidler Stefan , Jozef Vyskoc Cc: Hansen Marit Subject: Terminology v0.23 Sender: nymip-res-group-bounces at nymip.org Hi all, Marit and myself are happy to announce Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology (Version v0.23 Aug. 25, 2005) for download at http://dud.inf.tu-dresden.de/Literatur_V1.shtml We added a new first page; a list of abbreviations and index, translation of essential terms into German, definitions of misinformation and disinformation, clarification of liability broker vs. value broker; some clarifying remarks suggested by Thomas Kriegelstein on credentials, identity, complete identity, system, subject, digital pseudonyms, and by Sebastian Clau_ on unlinkability. Enjoy - and we are happy to receive your feedback. Marit and Andreas -- Andreas Pfitzmann Dresden University of Technology Phone (mobile) +49 170 443 87 94 Department of Computer Science (office) +49 351 463 38277 Institute for System Architecture (secretary) +49 351 463 38247 01062 Dresden, Germany Fax +49 351 463 38255 http://dud.inf.tu-dresden.de e-mail pfitza at inf.tu-dresden.de _______________________________________________ NymIP-res-group mailing list NymIP-res-group at nymip.org http://www.nymip.org/mailman/listinfo/nymip-res-group --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From syverson at itd.nrl.navy.mil Thu Sep 29 06:56:19 2005 From: syverson at itd.nrl.navy.mil (Paul Syverson) Date: Thu, 29 Sep 2005 09:56:19 -0400 Subject: Hello directly from Jimbo at Wikipedia Message-ID: Some points of clarification that I hope will help: (1) On anonymity and authentication/pseudonymity/etc. All versions of Onion Routing, including Tor, were designed to separate identification from routing. The slogan way that I have put this for the last five or six years is: Onion Routing is about anonymizing the communication pipe, not what goes through it. The devil's always in the details, but as one-line summaries go, I think that sums it up pretty well.{1} (2) On various pseudonym authentication or anonym authentication{2}, etc. approaches to solving the problem at hand. Some of this is ultimately necessary for various applications, especially once the Internet looks as Geoff described it. (In fact I think it's one precondition to realizing anything like that vision.) But I'm dubious about any of those proposed to date here providing enough friction to identifier acquisition to deter abusers but not honest users in this context. They may be worth trying. Roger's suggestion about the temporary IP blocks and Steven's about the separate puzzle servers come to mind, probably some others I'm forgetting just now. But as Roger says, somebody's gotta code them up---and probably much more work---deploy them, maintain them, and evaluate their effectiveness, all on the Tor-Wikipedia frontier. I suspect that the abuser who goes postal as Jimmy described is willing to waste lots of time acquiring IDs, but perhaps stereotypes about attention span are close enough to true for some of the proposals to be effective. I had my own proposal that doesn't rely on any of this, and that could be implemented and deployed in a few days (OK after spending at least a few months or so thinking about the design, the engineering, and the implications.) In the spirit of mutt: All these ideas suck; I just think that one sucks a little less. ------------------------------------------------------------- {1} Some further specifics for (1) Anonymity and identification/authentication can be entirely compatible. By this I mean that one can be anonymous (to everyone) as far as one identifier goes but authenticated (to a specific protocol principal) wrt another as part of the same communication. This has been an intentional part of the design of every Onion Routing system including Tor. It contrasts with systems like Crowds, which was directed at distinct but related security properties, thus they made anonymity of the circuit inherently depend on the anonymity of the data passing over it. As a specific example of using Tor for authenticated communication over anonymous circuits, when travelling I often need to log back into NRL to check mail and do other things. I do this via ssh over Tor. That way the local hotel staff, ISP staff, any other network observers don't see me logging in to NRL. But I can assure you that I want to make sure I am going to NRL and no place else and that I want to make sure only I, and no one else, succeeds in accessing my account. (And Jimbo, in my experience, it has been realtime enough to be editing in vi or emacs with no noticeable trouble over this line. I can't say that someone who expects permanent T1 rate downloading is going to be happy with Tor, but you should check it out and see the performance for yourself over a few days, rather than relying on the reports you've heard.) I also discussed this in my testimony to the National Academy of Engineering panel that did a study of authentication and privacy several years ago. (Cf. _Who Goes There? Authentication Through the Lens of Privacy_ from the National Academies Press.) As many have noted, Tor has enough of a job trying to do one thing well. Trying to do more things will just mean it does that thing less well or later. But that does not preclude designing to be compatible with other things, e.g., privoxy to somewhat sanitize, i.e., anonymize web traffic over Tor, or connect to enable authenticated communication via ssh over Tor. (There's a program named `connect' in case you had trouble parsing that.) The discussion now is how to make Tor and Wikipedia compatible, the interface as Nick put it. {2} Yes you can authenticate someone who is anonymous from you. Besides various group signature approaches, cf., e.g., my papers on UST (Unlinkable Serial Transactions), or look at the proposal for common terminology (new version recently out) at http://dud.inf.tu-dresden.de/Anon_Terminology.shtml What we called an `anonym' in the UST work and elsewhere they call a `transaction pseudonym'. ------------------------------------------------------------- ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From camera_lumina at hotmail.com Thu Sep 29 06:57:54 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 29 Sep 2005 09:57:54 -0400 Subject: [arma@mit.edu: Re: Wikipedia & Tor] In-Reply-To: <6.2.1.2.0.20050928191458.03f1f068@pop.idiom.com> Message-ID: >One way to build a psuedo-pseudonymous mechanism to hang off of Tor >that would be easy for the Wikipedians to deal with >would be to have a server that lets you connect to it using Tor, >log in using some authentication protocol or other, >then have it generate different outgoing addresses based on your ID. >So user #37 gets to initiate connections from 10.0.0.37, > user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD From camera_lumina at hotmail.com Thu Sep 29 07:12:36 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 29 Sep 2005 10:12:36 -0400 Subject: [tortalk+Steven.Murdoch@cl.cam.ac.uk: Re: Hello directly from Jimbo at Wikipedia] In-Reply-To: <20050929120232.GY2249@leitl.org> Message-ID: No, this is important. If this isn't Cypherpunks material these days then nothing is. As for the Wikipedia folks, I can't imagine having a more intelligent batch of people disagree. There's is a very practical matter: Reducing the hassles, particularly when said hassles in general deteriorate the content/bullshit ratio they see. On the other hand, they seem to clearly "get" the value of Tor, and have practically extended an invitation for a solution that will truly make things better while not significantly increasing their hassles. That the Wikipedia reaction to TorSpam is perhaps regrettable is obvious, but given their goals (not particularly Cypherpunkly) it really does make sense: No one's paid at Wikipedia and no one's going to do all the work of cleaning up the slung feces. In other words, their clipping off one of the side-lobes but increasing the remaining signal-to-noise. Just brute force logic. Sorry. But the door is open for solutions and they do seem to understand the issues. Not bad, and the long-term solution may be very interesting... -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [tortalk+Steven.Murdoch at cl.cam.ac.uk: Re: Hello directly from >Jimbo at Wikipedia] >Date: Thu, 29 Sep 2005 14:02:32 +0200 > >Sorry for the flood, but this is winding down already. >What I didn't like about this discussion is that all >concerned parties seem to have been shouting into >space past each other, just trying to make a noise >instead of understanding and solving the problem. > >----- Forwarded message from "Steven J. Murdoch" > ----- > >From: "Steven J. Murdoch" >Date: Thu, 29 Sep 2005 00:27:51 +0100 >To: or-talk at freehaven.net >Cc: Jimmy Wales >Subject: Re: Hello directly from Jimbo at Wikipedia >User-Agent: Mutt/1.4.1i >Reply-To: or-talk at freehaven.net > >On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote: > > All I'm saying is that Tor could segregate users easily enough into two > > clouds: "We sorta trust these ones, more or less, a little bit, but no > > guarantees" -- "We don't trust these ones, we don't know them". > >This would be very difficult to do using the existing Tor design as it >doesn't know anything about users or sessions. It lives at the TCP >layer and all it does is shift packets from one IP address to another, >giving some privacy to both ends. Adding higher layer functionality to >Tor increases the chance that it will do neither job well, so here is >a proposal which I think does what you want, but avoids this problem. > >The goal is to increase the cost for a Tor user to commit abuse on >Wikipedia. It doesn't need to be full-proof, but just enough to make >them go elsewhere. Wikipedia could require Tor users to log in before >making edits, and ban accounts if they do something bad. However the >cost of creating new accounts is not very high. The goal of this >proposal is to impose a cost on creating accounts which can be used >though Tor. Non-Tor access works as normal and the cost can be small, >just enough to reduce the incentive of abuse. > >Suppose Wikipedia allowed Tor users to only read articles and create >accounts, but not able to change anything. The Tor user then goes to a >different website, call it the "puzzle server". Here the Tor user does >some work, perhaps does a hashcash computation[1] or solves a >CAPTCHA[2], then enters the solution along with their new Wikipedia >username. The puzzle server (which may be run by Wikipedia or Tor >volunteers), records the fact that someone has solved a puzzle along >with the username entered. The puzzle server doesn't need the >Wikipedia password as there is no reason for someone to do work for >another person's account. > >Now when that Tor user logs into their Wikipedia account to edit >something, the Wikipedia server asks the puzzle server whether this >account has ever solved a puzzle. If it has, the user can make the >edit, if not then the user is told to go to the puzzle server first. >This check can be very simple - just an HTTP request to the >puzzle server specifying the Wikipedia username, which returns "yes" >vs "no", or "200" vs "403". For performance reasons this can be >cached locally. There is no cryptography here, and I don't think it is >needed, but it can be added without much difficulty. > >If the Tor user starts committing abuse, his account is cancelled. The >puzzle server doesn't need to be told about this, as Wikipedia will >not let that user make any edits. The reason this approach avoids the >usual problems with proof-of-work schemes[3] is that good Tor users >only have to solve the puzzle once, just after they create the >account. Bad Tor users will need to solve another puzzle every time >they are caught and had their account cancelled. > >So my question to Jimbo is: what type of puzzle do you think would be >enough to reduce abuse through Tor to a manageable level? The >difficulty of the puzzle can be tuned over time but what would be >necessary for Wikipedia to try this out? > >Hope this helps, >Steven Murdoch. > >[1] http://www.hashcash.org/ >[2] http://www.captcha.net/ >[3] "Proof-of-Work" Proves Not to Work by Ben Laurie and Richard > Clayton: http://www.cl.cam.ac.uk/users/rnc1/proofwork.pdf >-- >w: http://www.cl.cam.ac.uk/users/sjm217/ > > > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From eugen at leitl.org Thu Sep 29 01:15:38 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 10:15:38 +0200 Subject: [nickm@freehaven.net: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] Message-ID: <20050929081538.GA2249@leitl.org> ----- Forwarded message from Nick Mathewson ----- From eugen at leitl.org Thu Sep 29 01:16:13 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 10:16:13 +0200 Subject: [jason@lunkwill.org: Pseudonymity for tor: nym-0.1 (fwd)] Message-ID: <20050929081613.GB2249@leitl.org> ----- Forwarded message from Jason Holt ----- From distobj at acm.org Thu Sep 29 07:31:33 2005 From: distobj at acm.org (Mark Baker) Date: Thu, 29 Sep 2005 10:31:33 -0400 Subject: [FoRK] [rfugger@gmail.com: Ripple currency development begins] Message-ID: A very munchkin-esque project. It appears to need a bootstrap though; the last thing I need is another social network to maintain. ----- Forwarded message from Ryan Fugger ----- From morlockelloi at yahoo.com Thu Sep 29 10:54:33 2005 From: morlockelloi at yahoo.com (Morlock Elloi) Date: Thu, 29 Sep 2005 10:54:33 -0700 (PDT) Subject: Wikipedia & Tor In-Reply-To: <20050928134106.GU2249@leitl.org> Message-ID: <20050929175433.61723.qmail@web40601.mail.yahoo.com> > But now we're back to the question: how can Tor be improved to deal with > this very serious and important problem? What are the steps that might > be taken, however imperfect, to reduce the amount of abuse coming from > Tor nodes? That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com From ptrei at rsasecurity.com Thu Sep 29 08:06:11 2005 From: ptrei at rsasecurity.com (Trei, Peter) Date: Thu, 29 Sep 2005 11:06:11 -0400 Subject: [dave@farber.net: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Message-ID: <017630AA6DF2DF4EBC1DD4454F8EE29706C9F8C1@rsana-ex-hq1.NA.RSA.NET> Sunder wrote: >I've been ignoring this list for a while, so sorry for the late posting. >I remember sometime in late 99, I had one of the early blackberry >pagers, the small ones that ate a single AA battery which lasted about a >week or so, and had email + a small web browser inside of it. It wasn't >the blackberry phone. Anyway, long story short, one day, said pager >crashed (it is a computer after all) and I was trying to figure out how >to reboot it, so I thought, fuck it, and removed the battery, the fucker >stayed ON! For over 15 minutes! >Gee, I wonder why anyone would design a cell phone or pager to be able >to stay on after its battery is pulled out. Yeah, yeah, it's just a >capacitor or an internal rechargeable battery, but why would you want >such a feature? There is a damn good reason. PDAs, pagers, and cellphones often hold a great deal of info the owner regards as valuable, and which they don't want to lose - phone lists, email, addresses, etc. Battery changes are a potential source of loss, since (until recently) all these devices used volatile memory. Adding a capacitor to give the user a few minutes grace to fumble with his AAs is an essential feature. Most users, for better or worse, aren't cypherpunks or terribly conscious about personal privacy, and regard preserving their data as a very high priority. All the PDAs I've dealt with (and I've written SW for a number of them) have a 'hard reset' protocol - usually pressing the power button while engaging the recessed reset button - which clears out all memory. Peter Trei From eugen at leitl.org Thu Sep 29 03:30:19 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 12:30:19 +0200 Subject: [benfell@greybeard95a.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] Message-ID: <20050929103019.GG2249@leitl.org> ----- Forwarded message from David Benfell ----- From eugen at leitl.org Thu Sep 29 03:56:16 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 12:56:16 +0200 Subject: [jason@lunkwill.org: Pseudonymity for tor: nym-0.1] Message-ID: <20050929105616.GK2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eugen at leitl.org Thu Sep 29 04:34:47 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 13:34:47 +0200 Subject: [jwales@wikia.com: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050929113447.GQ2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From eugen at leitl.org Thu Sep 29 04:42:52 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 13:42:52 +0200 Subject: [jwales@wikia.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] Message-ID: <20050929114252.GT2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From eugen at leitl.org Thu Sep 29 04:54:25 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 13:54:25 +0200 Subject: [jwales@wikia.com: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050929115425.GW2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From eugen at leitl.org Thu Sep 29 05:02:32 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 14:02:32 +0200 Subject: [tortalk+Steven.Murdoch@cl.cam.ac.uk: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050929120232.GY2249@leitl.org> Sorry for the flood, but this is winding down already. What I didn't like about this discussion is that all concerned parties seem to have been shouting into space past each other, just trying to make a noise instead of understanding and solving the problem. ----- Forwarded message from "Steven J. Murdoch" ----- From eugen at leitl.org Thu Sep 29 05:07:39 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 14:07:39 +0200 Subject: [dave@farber.net: [IP] eDonkey to close] Message-ID: <20050929120739.GA2249@leitl.org> Now we will see how good the anonymizing networks are, and how long it will take until they will become a target. I'm surprised it has taken them so long. I'd expect this would have happened at least 5 years ago. ----- Forwarded message from David Farber ----- From camera_lumina at hotmail.com Thu Sep 29 11:09:03 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Thu, 29 Sep 2005 14:09:03 -0400 Subject: Wikipedia & Tor In-Reply-To: <20050929175433.61723.qmail@web40601.mail.yahoo.com> Message-ID: >That's trivial: charge Tor-originated users for editing. That 0.0001% (all >three of them) that actually contributes to Wikipedia will be resourceful >enough to create untraceable payment accounts. ...and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD From George.Danezis at cl.cam.ac.uk Thu Sep 29 06:56:57 2005 From: George.Danezis at cl.cam.ac.uk (George Danezis) Date: Thu, 29 Sep 2005 14:56:57 +0100 Subject: Abuse resistant anonymous publishing Message-ID: Hi or-talk (and Ben), I am sorry to be jumping in the middle of the wikipedia-Tor debate, but Steven Murdoch just made me aware of it. A while back I had a short discussion with Roger about a possible way of mitigating abuse through anonymity systems like Tor on open publishing systems like wikipedia (and with additional precautions Indymedia). I have further discussed this with Ben Laurie at PET 2005. The basic idea is quite simple: anonymity allows users to avoid being associated with a persistent identifier that could be used to filter out abuse cheaply. It is in fact a Sybil attack, ie. one user can pretend to be multiple users. Note that this can also happen if one controls many nodes (through a bot net for example). The aim of our protocol is to be able to associate persistent identifiers, with posts that are controversial (through a process that is defined), to be used to filter abuse (note that these do not have to be an identity, but only be useful to filter abuse). We should also try to maintain the user's anonymity, and at least plausible deniability. My favorite approach in solving these problems is using and assuming the existence of social networks. In the case of Indymedia, I know they exist (people get teargassed together in the streets quite routinely -- this creates solid bonds), in the case of wikipedia it might be the case that they will have to be cultivated (through better flagging up who is the responsible editors for sections, who has been contributing so far to an article, and on-line chat forums where people can discuss). Thus I will assume that getting introduced in to someone that is involved in wikipedia is not hard, but getting introduced to all/many people as having different identities is hard! (gmail and orkut has proved that it is posible to have an invite only system with a small seed ending up being quite inclusive). As a result we can have a graph that describes who has been introduced by whom (lets call it the wikipedia introduction graph, or just intro graph). Furthermore this graph has a couple of 'roots' ie the people who are 'in-charge' of wikipedia, or multiple roots (by section for example -- if we chose the people that magame sections of the site). Example path from Root to User Charlie to be used in examples...: Root -> Alice -> Bob -> Charlie The protocol has three phases: 1) Introduction -- someone that is already in the intro graph 'introduces' a new user into the graph. They do this because they know the user or have chatted to him... From a technical point of view this provides the new user with the necessary (anonymous?) credentials to post to/modify the site. 2) Each action of the user is 'authenticated' using the credentials, and a 'signature' is generated. This signature provides any third parties with the Root that the user is attached. 3) Responsibility allocation: If the action is deemed abusive by the Root (or a collective mechanism like voting / veto / ...), then the Responsibility allocation mechanism is started by the Root. This means that step by step the path lining the user Charlie to the Root is walked (starting at the Root, then Alice, then Bob then Charlie) until someone 'takes responsibility for the post. This process can depend on Alice and Bob (ie it must not be possible to trace without their consent) but if they do not collaborate in the tracing they accept to take responsibility. The article is tagged with the full traced path from the Root to the principal that has taken responsibility. Mini-FAQ: Why is this helping at all against abuse? Assuming that it is hard to get multiple connections to the intro graph, persistent offenders can be identified, either by their own username or the username of the person who consistently introduces them. This is incentives compatible: you do not want to introduce people that may abuse the system otherwise abusive messages will be tagged with (and possible filtered on the bases of) your name! The chain from the Root to the user assuming responsibility for the article can them be used (very much like IPs or user names today) to implement filtering policies. Furthermore these policies can be specified by the users and do not need to be centralized and applied by the server. What about anonymity? No real IDs ever need to be traced! The design does not require step 1 to provide a real name at all, and in any case the design can ensure (through the use of crypto-fu?) that authentication only reveals the first hop (ie Alice). Others need to collaborate to ask further down the chain for someone to take responsibility. In any case the final user is no certain as we will see... Wait a sec, a bad user can connect other abusive users easily!? Yes as soon as an abuse user connects to the intro graph they can introduce as many of their friends as they like! This is the reason why filtering policies need to make use of the full path from the Root to the user that ultimately takes responsibility: a user that consistently introduces many other abusers will always be on the path, and can be used to filter stuff out! As a side effect of this one cannot (and should not) trust that the user that finally took responsibility is indeed the initiator of the abusive action. They could be a Sybil or another person up the chain that disagrees with the fact that this action constitutes abuse! Why are you calling it 'taking responsibility' instead of tracing? The point of the protocol is for someone to say 'I stand by this action' -- his path to the root can then be used for filtering such action out, by users that do consider it as abuse. Note that there is always contention in online communities about what constitutes abuse and this mechanism allows for differing opinions. Then there can be different policies filtering out different users in the chain. Possibly anyone (not just people on the Path between Root and Charlie) should be able to take responsibility and have the item tagged with their path. What about abusing the anti-abuse system? There is a risk that trolls will abuse the action of requesting tracing/taking responsibility for all actions, trying to get as much information as possible/wasting time/undermining confidence in the system. The conditions under which this mechanism is initiated is really not clear, (Root decides, voting, veto, ...). In any case it is a good idea for someone to take responsibility of the initiation of this process by tagging the request with their path to the Root. This way Root, Alice and Bob can filter out persistent abusers of the anti-abuse system :-). There is no contradiction there: anonymous political speech is a right (hence this complex system), but moderation (censorship?) has to be done transparently, and those doing it must come forward by tagging their action with their path to Root. It seems that Root has a lot of power in all this (== your system embodies fascist values!)? Yes, this is a problem. At the same time there is nothing stopping (aside from efficiency and the appropriate crypto-fu) full decentralization. Each person can be their own Root, and apply custom filtering according to the paths relative to them. Note that taking responsibility cannot be abused any more than before (since either you connect directly to the abuser, at which point you should know better, or you are still connected through nodes that will not consider your action abusive and will take responsibility for it!). Ok, so how do we do all this magic? It is clear that a trusted third party can do all this efficiently. Can we find a variant of certificate systems that allow delegation in an anonymous way to decentralize all this, and make sure that no one party can screw any other? Open research problem -- I am working on it! Any feedback is welcome! George ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Thu Sep 29 07:05:55 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 16:05:55 +0200 Subject: [George.Danezis@cl.cam.ac.uk: Abuse resistant anonymous publishing] Message-ID: <20050929140555.GL2249@leitl.org> ----- Forwarded message from George Danezis ----- From eugen at leitl.org Thu Sep 29 07:06:03 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 16:06:03 +0200 Subject: [syverson@itd.nrl.navy.mil: Re: Hello directly from Jimbo at Wikipedia] Message-ID: <20050929140603.GM2249@leitl.org> ----- Forwarded message from Paul Syverson ----- From eugen at leitl.org Thu Sep 29 07:36:28 2005 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 29 Sep 2005 16:36:28 +0200 Subject: [distobj@acm.org: [FoRK] [rfugger@gmail.com: Ripple currency development begins]] Message-ID: <20050929143628.GT2249@leitl.org> ----- Forwarded message from Mark Baker ----- From cyphrpunk at gmail.com Thu Sep 29 16:44:37 2005 From: cyphrpunk at gmail.com (cyphrpunk) Date: Thu, 29 Sep 2005 16:44:37 -0700 Subject: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]] Message-ID: One of the problems with the idea of a pseudonym service distinguishing between "good" and 'bad" users is that it has no way on its own of telling the difference. The service manages pseudonyms, which are intended to be used out on the web in some way. But the service can't tell if people are playing nicely or not. The only way this could happen is if the service receives *complaints*. This is the only feedback mechanism possible. I gather that Tor does in fact send out complaints about people who misbehave. Perhaps blog services do so as well. One problem is that these complaints generally don't arrive in real time. It takes time for a human being to notice that some vandalism has occured and register a complaint. If the pseudonym service is going to be able to respond, it has to know which pseudonym was active at the time the bad actions occured. Jimmy Wales very accurately describes the problem with pseudonyms at the web-server level. If Wikipedia or blog comments require the use of pseudonyms, these can be linked after the fact. I am very sensitive to this problem myself. The implied solution is that the pseudonym service would maintain the pseudonyms, but would not reveal them to the web service. Rather, it would only provide a certificate that the pseudonym is currently in good standing, i.e. it has not received (too many) complaints. This implies that the pseudonym service must maintain a record of recently used pseudonyms, and have some way of mapping them to what the web services (which issue the complaints, services like Wikipedia) would have seen. This mapping might be by IP address, or if Wikipedia and other services are willing to do more, it could perhaps be an opaque identifier which the pseudonym service provided at the time the web service (Wikipedia) asked whether this pseudonym was a "good guy" or not. As a specific example, the pseudonym service might have replied, to a query from Wikipedia, "Yes, this user is a good guy, and the sequence number of this reply is #1493002." Then later if abuse occured, Wikipedia (or the blog service, or other victim of vandalism) comes back and said "we had a problem with the user who was certified with sequence number #1493002". The pseudonym server would map this back to the pseudonym in use at that time, and invalidate the pseudonym (or at least give it a bad mark, with enough such marks killing the nym). The main problems with this solution are first, it requires considerable manual work on the part of the pseudonym server, similar to the work necessary at an ISP to resolve complaints about users. It could be a full time job. And second, it requires custom software at Wikipedia and other web services that might be willing to work to implement such a solution. The second problem could be alleviated by the use of a related service, a web proxy that is only for "good" pseudonyms. The web proxy would provide transparent pass-through similar to anonymizer.com, but only for users who were able to provide the kind of certification described above, from the pseudonym server. In this way, the outgoing IP addresses belonging to the web proxy would be "good" from the POV of Wikipedia and other web services. Those services could continue to use IP blocking as one of their main tools for handling misuse, treating the web proxy service as being like an ISP. The web proxy service could be bundled with the pseudonym service, or they could exist independently. CP ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jwales at wikia.com Thu Sep 29 15:26:48 2005 From: jwales at wikia.com (Jimmy Wales) Date: Thu, 29 Sep 2005 18:26:48 -0400 Subject: Abuse resistant anonymous publishing - Proposed solution to the Wikipedia issue. Message-ID: Ben Burch wrote: > The biggest problem I see is that if moderation is commissive, rather > than reactive, then if the original poster commits a crime (like > violating the Official Secrets Act) then the moderator who approves the > posting would likely be liable for the same crime. Well, at least with respect to Wikipedia there are a few misconceptions I should clear up. First, something like that wouldn't be appropriate for Wikipedia on editorial grounds. ("No original research") -- we have specific intellectual standards that would generally preclude that sort of thing. Second, 'moderation' at wikipedia is reactive. That is, people vandalize, and then we clean it up. > The only solution I can think of that would allow Tor and Wiki to > interoperate would be to have a Tor-Wikipedia Moderation Team who would > actively look for Wikipedia vandalism originating from Tor exit nodes, > and revert out vandal's postings promptly. > > The support we would need from Wikipedia would be minor; Wiki would > have to implement a Watch function for postings from Tor exit nodes > that the Tor-Wikipedia moderation team would get email notifications > on. There already are exit node listings that would allow Wikipedia to > create and refresh this list on a regular basis, and obviously they can > already do that as they have implemented a block. Wikipedia would have > to agree that the Tor-Wikipedia Moderation Team would have the right to > revert ANY change from a Tor exit node without discussion. Once the > vandals realize that they won't have any fun using Tor to vandalize > Wikipedia, the job of the TWMT would get quite easy, as I don't imagine > there would be more than a few dozen real edits on any given day from > the Tor cloud. > > Or am I barking up the wrong tree here? Well, it seems unlikely that we could recruit enough people to do this effectively. We already have a huge number of people monitoring the site, people who are (mostly) sympathetic to Tor's aims, but they get tired of it. --Jimbo ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From jason at lunkwill.org Thu Sep 29 16:32:48 2005 From: jason at lunkwill.org (Jason Holt) Date: Thu, 29 Sep 2005 23:32:48 +0000 (UTC) Subject: Pseudonymity for tor: nym-0.1 (fwd) Message-ID: ---------- Forwarded message ---------- Date: Thu, 29 Sep 2005 23:32:24 +0000 (UTC) From: Jason Holt To: Ian G Cc: cryptography at metzdowd.com Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) On Thu, 29 Sep 2005, Ian G wrote: >Couple of points of clarification - you mean here >CA as certificate authority? Normally I've seen >"Mint" as the term of art for the "center" in a >blinded token issuing system, and I'm wondering >what the relationship here is ... is this something >in the 1990 paper? Actually, it was just the closest paper at hand for what I was trying to do, which is "nymous accounts", just as you say. So I probably shouldn't have referred to "spending" at all. My thinking is that if all Wikipedia is trying to do is enforce a low barrier of pseudonymity (where we can shut off access to persons, based on a rough assumption of scarce IPs or email addresses), a trivial blind signature system should be easy to implement. No certs, no roles, no CRLs, just a simple blindly issued token. And in fact it took me about 4 hours (while the conversation on or-talk has been going on for several days...) There are two problems with what I wrote. First, the original system is intended for cash instead of pseudonymity, and thus leaves the spender a disincentive to duplicate other serial numbers (since you'd just be accused of double spending); this is a problem since if an attacker sees you use your token, he can get the same token signed for himself and besmirch your nym. And second, it would be a pain to glue my scripts into an existing authentication system. Both problems are overcome if, instead of a random token, the client blinds the hash of an X.509 client cert. Then the returned signature gives you a complete client cert you can plug into your web browser (and which web servers can easily demand). Of course, you can put anything you want in the cert, since the servers know that my CA only certifies 1 bit of data about users (namely, that they only get one cert per scarce resource). But the public key (and verification mechanisms built in to TLS) keeps abusers from being able to pretend they're other users, since they won't have the users' private keys. The frustrating part about this is the same reason why I'm getting out of the credential research business. People have solved this problem before (although I didn't know of any Free solutions; ADDS and SOX are hard to google -- are they Free?). I even came up with at least a proof of concept in an afternoon. And yet the argument on the list went on and on, /without even an acknowledgement of my solution/. Everybody just kept debating the definitions of anonymity and identity, and accusing each other of anarchy and tyranny. We go round and round when we talk about authentication systems, but never get off the merry-go-round. Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on "virtual cinematography", then The Matrix comes out in 1999 using his techniques and revolutionizes action movies. Sure, graphics is easier because it doesn't require everyone to agree on an /infrastructure/, but then, neither does the tor/wikipedia problem. I'm grateful for guys like Roger Dingledine and Phil Zimmerman who actually make a difference with a privacy system, but they seem to be the exception, rather than the rule. So thanks for at least taking notice. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From dewayne at warpspeed.com Fri Sep 30 09:44:43 2005 From: dewayne at warpspeed.com (Dewayne Hendricks) Date: September 30, 2005 9:44:43 PM EDT Subject: [Dewayne-Net] Wireless access for all? Google plan would Message-ID: offer free Internet throughout SF Reply-To: dewayne at warpspeed.com Wireless access for all? Google plan would offer free Internet throughout SF - Verne Kopytoff and Ryan Kim, Chronicle Staff Writers Friday, September 30, 2005 Google Inc. has proposed to blanket San Francisco with free wireless Internet access, placing a marquee name behind Mayor Gavin Newsom's effort to get all residents online whether they are at home, in a park or in a cafe. The offer by the Mountain View search engine was one of many competing bids received by the city before its deadline Friday. Officials will now review the submissions and make a decision about which, if any, of the candidates get the green light for so-called Wi- Fi service. In joining the competition, Google is showing yet another sign of its boundless ambition. In the past few months, the company has released a succession of new products including instant messaging and telephone service that take it further from its search engine roots. The proposal furthers existing speculation that Google intends to create a free national Wi-Fi network. If so, it could pose a serious challenge to existing Internet service providers, such as SBC-Yahoo, Earthlink, Comcast and America Online, which charge subscriptions for wire connections. "This is a great opportunity to provide a community service to the Bay Area," said Chris Sacca, who oversaw Google's wireless Internet bid in San Francisco. "This furthers the goal of providing access to all residents and visitors on as wide a scale as possible." Mayor Newsom unveiled a goal of a free, city-wide Wi-Fi network last year as part of his state of the city address. Since then, officials have been weighing how to carry out despite a tight budget, finally asking for proposals from over the summer. As part of its proposal, Google said it could do the job without charge to either the city or residents. Google is a neophyte in wireless Internet access. It's experience is limited to tests at a gym and cafe near its headquarters and at Bryant Park, in New York City. Separately, Google sponsors free Wi-Fi service in San Francisco's Union Square in conjunction with a local start-up, Feeva. Competitors who submitted responses to the city's request for comments said Google's proposal is not entirely surprising. But they questioned the company's ability to follow through on its plans. Donald Berryman, EVP and president of municipal networks for Earthlink, questioned if Google had the know-how to be an Internet service provider. He said providing the deal for free is also not sustainable in the long run. "We've looked into free service and we haven't found a model where free works," said Berryman. "At some point free becomes less sustainable because there's no way to upgrade service and the networks when no one's paying for it." Chuck Haas, CEO of MetroFi, which runs two wi-fi networks in Cupertino and Santa Clara, wondered if Google would be meet the city's goals for coverage. But he said the idea of free service is not entirely far-fetched. He said his company submitted a proposal in which wireless broadband would be free across San Francisco but would be paid for with ads and would have no technical support or services for users. For $19.99 a month, subscribers would get enhanced service with no ads and customer support. "I believe we'll have enough people that want full security and customer support with no ads that we could make money," Haas said. "But no matter who the city chooses, I don't think the city will have to pay for this network." SBC spokesman John Britton said his company encourages competition, but feels that governments should seek greater investment from private companies to increase broadband service. He said in San Francisco's case, the city is already served by SBC and enjoys more than 400 free wi-fi hotspots, more than any other in the country. "We feel there is already widespread broadband available today," Britton said. Vince Vasquez, a policy fellow with the Pacific Research Institute, which receives funding from SBC, said there has never been a company willing to volunteer this kind of a network. But even if it's free, it might represent too much involvement by the city in a sector that should left to private industries, he said. "Our concern is with public money and publicly controlled internet access," said Vasquez. "We take a lot of caution about how government should intervene in the market." URL: Weblog at: ------------------------------------- You are subscribed as eugen at leitl.org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From eugen at leitl.org Fri Sep 30 01:34:00 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 30 Sep 2005 10:34:00 +0200 Subject: [jason@lunkwill.org: Re: Pseudonymity for tor: nym-0.1 (fwd)] Message-ID: <20050930083400.GG2249@leitl.org> ----- Forwarded message from Jason Holt ----- From eugen at leitl.org Fri Sep 30 01:34:53 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 30 Sep 2005 10:34:53 +0200 Subject: [cyphrpunk@gmail.com: Re: [roy@rant-central.com: Re: [arma@mit.edu: Re: Wikipedia & Tor]]] Message-ID: <20050930083453.GH2249@leitl.org> ----- Forwarded message from cyphrpunk ----- From eugen at leitl.org Fri Sep 30 01:53:10 2005 From: eugen at leitl.org (Eugen Leitl) Date: Fri, 30 Sep 2005 10:53:10 +0200 Subject: [jwales@wikia.com: Re: Abuse resistant anonymous publishing - Proposed solution to the Wikipedia issue.] Message-ID: <20050930085310.GI2249@leitl.org> ----- Forwarded message from Jimmy Wales ----- From camera_lumina at hotmail.com Fri Sep 30 08:52:33 2005 From: camera_lumina at hotmail.com (Tyler Durden) Date: Fri, 30 Sep 2005 11:52:33 -0400 Subject: [jason@lunkwill.org: Re: Pseudonymity for tor: nym-0.1 (fwd)] In-Reply-To: <20050930083400.GG2249@leitl.org> Message-ID: Just a thought. Wikipedia entries from anonymous sources, such as Tor, should have an expiration date and revert back, unless a Wiki Admin or other trusted user OKs the new entry. -TD >From: Eugen Leitl >To: cypherpunks at jfet.org >Subject: [jason at lunkwill.org: Re: Pseudonymity for tor: nym-0.1 (fwd)] >Date: Fri, 30 Sep 2005 10:34:00 +0200 > >----- Forwarded message from Jason Holt ----- > >From: Jason Holt >Date: Thu, 29 Sep 2005 23:32:48 +0000 (UTC) >To: or-talk at seul.org >Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) >Reply-To: or-talk at freehaven.net > > > >---------- Forwarded message ---------- >Date: Thu, 29 Sep 2005 23:32:24 +0000 (UTC) >From: Jason Holt >To: Ian G >Cc: cryptography at metzdowd.com >Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) > > >On Thu, 29 Sep 2005, Ian G wrote: > >Couple of points of clarification - you mean here > >CA as certificate authority? Normally I've seen > >"Mint" as the term of art for the "center" in a > >blinded token issuing system, and I'm wondering > >what the relationship here is ... is this something > >in the 1990 paper? > >Actually, it was just the closest paper at hand for what I was trying to >do, >which is "nymous accounts", just as you say. So I probably shouldn't have >referred to "spending" at all. > >My thinking is that if all Wikipedia is trying to do is enforce a low >barrier of pseudonymity (where we can shut off access to persons, based on >a >rough assumption of scarce IPs or email addresses), a trivial blind >signature system should be easy to implement. No certs, no roles, no CRLs, >just a simple blindly issued token. And in fact it took me about 4 hours >(while the conversation on or-talk has been going on for several days...) > >There are two problems with what I wrote. First, the original system is >intended for cash instead of pseudonymity, and thus leaves the spender a >disincentive to duplicate other serial numbers (since you'd just be accused >of double spending); this is a problem since if an attacker sees you use >your token, he can get the same token signed for himself and besmirch your >nym. And second, it would be a pain to glue my scripts into an existing >authentication system. > >Both problems are overcome if, instead of a random token, the client blinds >the hash of an X.509 client cert. Then the returned signature gives you a >complete client cert you can plug into your web browser (and which web >servers can easily demand). Of course, you can put anything you want in >the >cert, since the servers know that my CA only certifies 1 bit of data about >users (namely, that they only get one cert per scarce resource). But the >public key (and verification mechanisms built in to TLS) keeps abusers from >being able to pretend they're other users, since they won't have the users' >private keys. > > >The frustrating part about this is the same reason why I'm getting out of >the credential research business. People have solved this problem before >(although I didn't know of any Free solutions; ADDS and SOX are hard to >google -- are they Free?). I even came up with at least a proof of concept >in an afternoon. And yet the argument on the list went on and on, /without >even an acknowledgement of my solution/. Everybody just kept debating the >definitions of anonymity and identity, and accusing each other of anarchy >and tyranny. We go round and round when we talk about authentication >systems, but never get off the merry-go-round. > >Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on "virtual >cinematography", then The Matrix comes out in 1999 using his techniques and >revolutionizes action movies. Sure, graphics is easier because it doesn't >require everyone to agree on an /infrastructure/, but then, neither does >the >tor/wikipedia problem. I'm grateful for guys like Roger Dingledine and >Phil >Zimmerman who actually make a difference with a privacy system, but they >seem to be the exception, rather than the rule. > > >So thanks for at least taking notice. > > -J > >----- End forwarded message ----- >-- >Eugen* Leitl leitl >______________________________________________________________ >ICBM: 48.07100, 11.36820 http://www.leitl.org >8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > >[demime 1.01d removed an attachment of type application/pgp-signature which >had a name of signature.asc] From arma at mit.edu Fri Sep 30 15:46:01 2005 From: arma at mit.edu (Roger Dingledine) Date: Fri, 30 Sep 2005 18:46:01 -0400 Subject: Why some Tor servers are slow (was Re: TOR Park Exit Node Question) Message-ID: On Fri, Sep 30, 2005 at 02:04:46PM +0300, Giorgos Pallas wrote: > >What I mean is, is it normal for the Tonga server to claim over 4 MB of > >bandwidth ? If so, why are other servers that are on a 100 Mbit link not > >reporting more bandwidth ? Tonga is using dual AMD64's. Moria also uses those CPUs. They seem to be extremely fast at crypto (and everything else). Tonga also advertises port 80 and 443, so it's useful for people stuck behind fascist firewalls. Tonga also opened up its exit policy to attract more traffic. Servers that have lots of unused capacity, and are fast and have high uptime, and offer unusual ports like the default file-sharing ports, will bootstrap themselves by advertising a little bit, attracting more clients, and so on. (I'm not sure I actually like the fact that Tonga opened up its file sharing ports, since it puts more load on the rest of the network too, but I guess since we're still in development, a little bit of stress like this can be good for us.) > >While typing this it occurred to me that the default > >MaxAdvertisedBandwith is 2 MB and that Tonga has probably set it higher... Actually, the default MaxAdvertisedBandwidth is 128 TB. I believe you're thinking of BandwidthRate. > Whis has also been a question of mine. Why my tor router handles a very > low traffic volume (~30 KB in and out) while at the same time has 100% > connectivity, 100Mbps of real bandwidth and stays up for more than a > week (until it crashes due to memory ;-)... Could anyone help with that? > It's frustrating wanting to share (bandwidth in our case) with the > community but not being able to do so! There is something wrong with the masquerade Tor server. You can see it yourself (you may have to try from someplace other than masquerade's LAN, though) -- run "telnet 155.207.113.227 9001" and hit enter about 10 times. Notice how it's really sluggish and takes a long time before it hangs up. Now run "telnet 82.94.251.206 443" and do the same thing. Notice how it realizes the ssl handshake has failed after about 5 lines. This is how it's supposed to be. So masquerade is somehow not putting much attention into its ssl handshakes. This could be because its network connection is actually through a proxy or a firewall that is dropping some of the packets or slowing things down tremendously. It could also be that it's running on a 100 mhz 486, or its ulimits are set to something crazy-low, or it's busy ray-tracing a movie, or something else. I'd be curious to learn what's up with it. I've seen this behavior before on Windows machines behind cable modems and crappy NAT boxes. --Roger ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] From RWYOKLYA at hotmail.com Fri Sep 30 21:39:11 2005 From: RWYOKLYA at hotmail.com (Jamie Sherwood) Date: Fri, 30 Sep 2005 21:39:11 -0700 Subject: Small Pen-is? IQgCyG Message-ID: <545504011246.j31CkQBj015841@..com> The Only Clinically Tested Penis Enlargement Pills that works.. - add 1-4 inches to your peniis - 20% thicker - 5x more enjoyable orgasm - or your monneyy back without question ask! Join millions of delighted users which has been benefited with Maxxlength3. http://maxx14.powersize.biz ifN From rah at shipwright.com Fri Sep 30 20:11:15 2005 From: rah at shipwright.com (R.A. Hettinga) Date: Fri, 30 Sep 2005 23:11:15 -0400 Subject: [Clips] nym-0.2 released (fwd) Message-ID: --- begin forwarded text Delivered-To: clips at philodox.com Date: Fri, 30 Sep 2005 23:10:27 -0400 To: "Philodox Clips List" From: "R.A. Hettinga" Subject: [Clips] nym-0.2 released (fwd) Reply-To: rah at philodox.com Sender: clips-bounces at philodox.com --- begin forwarded text Delivered-To: cryptography at metzdowd.com Date: Sat, 1 Oct 2005 02:18:55 +0000 (UTC) From: Jason Holt To: cryptography at metzdowd.com Subject: nym-0.2 released (fwd) Sender: owner-cryptography at metzdowd.com ---------- Forwarded message ---------- Date: Sat, 1 Oct 2005 02:18:43 +0000 (UTC) From: Jason Holt To: or-talk at seul.org Subject: nym-0.2 released nym-0.2 is now available at: http://www.lunkwill.org/src/nym/ My tor server is currently down, so I can't set up a public trial of this, but perhaps someone else will. This release makes the following improvements: * Tokens are now issued one-per-IP to clients via a "token" CGI script. Tokens are still blindly issued, so nobody (including the token issuer) can associate tokens with IP addresses. The list of already-served IPs could be periodically removed, allowing users to obtain new pseudonyms on a regular basis. (Abusers will then need to be re-blocked assuming they re-misbehave). * A token can be used to obtain a signature on a client certificate from a separate "CA" CGI script (potentially on a different machine). Tokens can only be "spent" to obtain one cert. Code to make a CA, client certs and have the certs signed is included. * The CA public key can be installed on a third web server (or proxy) to require that users have a valid client certificate. Servers can maintain a blacklist of misbehaving client certs. Misbehavers will then be unable to access the server until they obtain a new token and client cert (via a new IP). My proposal for using this to enable tor users to play at Wikipedia is as follows: 1. Install a token server on a public IP. The token server can optionally be provided Wikipedia's blocked-IP list and refuse to issue tokens to offending IPs. Tor users use their real IP to obtain a blinded token. 2. Install a CA as a hidden service. Tor users use their unblinded tokens to obtain a client certificate, which they install in their browser. 3. Install a wikipedia-gateway SSL web proxy (optionally also a hidden service) which checks client certs and communicates a client identifier to MediaWiki, which MediaWiki will use in place of the REMOTE_ADDR (client IP address) for connections from the proxy. When a user misbehaves, Wikipedia admins block the client identifier just as they would have blocked an offending IP address. -J --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _______________________________________________ Clips mailing list Clips at philodox.com http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- ----------------- R. A. Hettinga The Internet Bearer Underwriting Corporation 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' From jason at lunkwill.org Fri Sep 30 19:18:43 2005 From: jason at lunkwill.org (Jason Holt) Date: Sat, 1 Oct 2005 02:18:43 +0000 (UTC) Subject: nym-0.2 released Message-ID: nym-0.2 is now available at: http://www.lunkwill.org/src/nym/ My tor server is currently down, so I can't set up a public trial of this, but perhaps someone else will. This release makes the following improvements: * Tokens are now issued one-per-IP to clients via a "token" CGI script. Tokens are still blindly issued, so nobody (including the token issuer) can associate tokens with IP addresses. The list of already-served IPs could be periodically removed, allowing users to obtain new pseudonyms on a regular basis. (Abusers will then need to be re-blocked assuming they re-misbehave). * A token can be used to obtain a signature on a client certificate from a separate "CA" CGI script (potentially on a different machine). Tokens can only be "spent" to obtain one cert. Code to make a CA, client certs and have the certs signed is included. * The CA public key can be installed on a third web server (or proxy) to require that users have a valid client certificate. Servers can maintain a blacklist of misbehaving client certs. Misbehavers will then be unable to access the server until they obtain a new token and client cert (via a new IP). My proposal for using this to enable tor users to play at Wikipedia is as follows: 1. Install a token server on a public IP. The token server can optionally be provided Wikipedia's blocked-IP list and refuse to issue tokens to offending IPs. Tor users use their real IP to obtain a blinded token. 2. Install a CA as a hidden service. Tor users use their unblinded tokens to obtain a client certificate, which they install in their browser. 3. Install a wikipedia-gateway SSL web proxy (optionally also a hidden service) which checks client certs and communicates a client identifier to MediaWiki, which MediaWiki will use in place of the REMOTE_ADDR (client IP address) for connections from the proxy. When a user misbehaves, Wikipedia admins block the client identifier just as they would have blocked an offending IP address. -J ----- End forwarded message ----- -- Eugen* Leitl leitl ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]