[cryptography] To Protect and Infect Slides

John Young jya at pipeline.com
Mon Jan 6 09:32:55 PST 2014 

Logs needed run the Internet steadily, securely and cheaply
are not what logs files have grown into: Bloated, malicious,
exploitive and very lucrative spying on users. This is why there
are thousands of firms providing log files exploitation programs
and services. Every product manufacturer touts its spying
capabilities through innocent sounding "log files" ostensibly
serving administrative purpose but then just below that claim
are the burgeoning other uses of maximizing profits.

Log files are metadata of the Internet, the tip of a giant
iceberg of metadata. This is the dirty secret, the family
jewels, of the Internet, carefully rationalized and guarded
by sysadmins. Sysadmins have become the traitors, or
patriots, of the Internet. Traitors against the public, patriots
for the powerful exploiters of the Internet.

Exploitation of bloated little known, behind the public
scene log files exceeds that of all search engines combined.
Exceeds offiical spying in all nations. Indeed, facilitates
spying in all nations for generous fees and to diffuse
understanding of how cyber spying works, who its
architects are, what is the architecture. Snowden hints
are this but so far only pretty facades have been disclosed,
the underlying operation apparently to threatening to "national
security" to be revealed to the public. Sysadmins just adore
being foundational to this architecture of deceit

The argument log files are essential to run the Internet is
a cover for the huge industry which goes right through that
tiny aperture of access to construct an unbelievable spying
operation, far more insidious than that of the official spies,
which as we know merely copy the industry and buy a small
number of its products.

At 11:42 AM 1/6/2014, Laurens Vets wrote:
>On 2014-01-05 01:01, John Young wrote:
>>If your server or ISP generates log files, as all do, you cannot
>>be secure. If upstream servers generate log files, as all do,
>>you cannot be secure. If local, regional, national and international
>>servers generate log files, as all do, you cannot be secure.
>>So long as log files are ubiquitous on the Internet, no one can
>>be secure.
>>Log files are the fundamental weakness of the Internet
>>because system administrators claim the Internet cannot
>>be managed and maintained without them.
>>This is not true, it is merely an urban legend to conceal
>>the interests of system administrators and their customers
>>to exploit Internet user data.
>>There is no fundamental need for log files, except to
>>perpetuate the other urban legend, privacy policy, which
>>conceals the abuse of log files by web site operators
>>and their cooperation with "lawful" orders to reveal
>>user data, most often by being paid to reveal that
>>data to authorities, to sponsors, to funders, to
>>advertisers, to scholars, to private investigators,
>>to inside and outside lawyers, to serial cohorts,
>>cartels and combines, to providers and purchasers
>>of web sites, to educators of cyber employees,
>>to courts, to cybersecurity firms, to journalists, to
>>anybody who has the slightest justification to exploit
>>Internet freedom of information by way of phony
>>security, privacy and anonymizing schemes.
>>In this way, the Internet corrupts its advocates by
>>inducing the gathering and exploiting user data, .
>>It is likely your organizaion is doing this ubiquitous
>>shit by pretending to ask for advice on security.
>>As if there is any. NSA is us.
>
>How would you monitor, maintain & troubleshoot administration & 
>security issues on your servers if you do not have logs? Or are you 
>talking about retention of said logs?
>
>>At 05:44 PM 1/4/2014, you wrote:
>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>Hash: SHA256
>>>On 31/12/13 21:13, Jacob Appelbaum wrote:
>>>>I'm also happy to answer questions in discussion form about the
>>>>content of the talk and so on. I believe we've now released quite a
>>>>lot of useful information that is deeply in the public interest.
>>>>All the best, Jacob
>>>Hi people:
>>>As most of the people around the world, I find really troubling all
>>>these revelations. Of course we suspected this kind of shit, we just
>>>didn't know the gory and surprising details.
>>>I work in a libre-software e-voting project [0] which has been
>>>deployed in some interesting initiatives already [1] and we strive to
>>>make it as secure as possible [2], though our resources are currently
>>>limited. Of course, anyone is welcome to join and help us.
>>>Do you have any specific recommendation for securing the servers of
>>>the authorities who do the tallying, in light of latest revelations?
>>>it seems really difficult to get away from the NSA if they want to get
>>>inside the servers.
>>>Kind regards,
>>>- --
>>>[0] https://agoravoting.com
>>>[1]
>>>http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu
>>>[2]
>>>https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/
>>>-----BEGIN PGP SIGNATURE-----
>>>Version: GnuPG v2.0.22 (GNU/Linux)
>>>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>>>iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc
>>>1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7
>>>=e6ab
>>>-----END PGP SIGNATURE-----
>>>_______________________________________________
>>>cryptography mailing list
>>>cryptography at randombit.net
>>>http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cypherpunks mailing list