[cryptography] To Protect and Infect Slides

Laurens Vets laurens at daemon.be
Mon Jan 6 08:42:17 PST 2014 

On 2014-01-05 01:01, John Young wrote:
> If your server or ISP generates log files, as all do, you cannot
> be secure. If upstream servers generate log files, as all do,
> you cannot be secure. If local, regional, national and international
> servers generate log files, as all do, you cannot be secure.
> 
> So long as log files are ubiquitous on the Internet, no one can
> be secure.
> 
> Log files are the fundamental weakness of the Internet
> because system administrators claim the Internet cannot
> be managed and maintained without them.
> 
> This is not true, it is merely an urban legend to conceal
> the interests of system administrators and their customers
> to exploit Internet user data.
> 
> There is no fundamental need for log files, except to
> perpetuate the other urban legend, privacy policy, which
> conceals the abuse of log files by web site operators
> and their cooperation with "lawful" orders to reveal
> user data, most often by being paid to reveal that
> data to authorities, to sponsors, to funders, to
> advertisers, to scholars, to private investigators,
> to inside and outside lawyers, to serial cohorts,
> cartels and combines, to providers and purchasers
> of web sites, to educators of cyber employees,
> to courts, to cybersecurity firms, to journalists, to
> anybody who has the slightest justification to exploit
> Internet freedom of information by way of phony
> security, privacy and anonymizing schemes.
> 
> In this way, the Internet corrupts its advocates by
> inducing the gathering and exploiting user data, .
> It is likely your organizaion is doing this ubiquitous
> shit by pretending to ask for advice on security.
> As if there is any. NSA is us.

How would you monitor, maintain & troubleshoot administration & 
security issues on your servers if you do not have logs? Or are you 
talking about retention of said logs?

> At 05:44 PM 1/4/2014, you wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>> 
>> On 31/12/13 21:13, Jacob Appelbaum wrote:
>>> I'm also happy to answer questions in discussion form about the
>>> content of the talk and so on. I believe we've now released quite a
>>> lot of useful information that is deeply in the public interest.
>>> 
>>> All the best, Jacob
>> 
>> Hi people:
>> 
>> As most of the people around the world, I find really troubling all
>> these revelations. Of course we suspected this kind of shit, we just
>> didn't know the gory and surprising details.
>> 
>> I work in a libre-software e-voting project [0] which has been
>> deployed in some interesting initiatives already [1] and we strive to
>> make it as secure as possible [2], though our resources are currently
>> limited. Of course, anyone is welcome to join and help us.
>> 
>> Do you have any specific recommendation for securing the servers of
>> the authorities who do the tallying, in light of latest revelations?
>> it seems really difficult to get away from the NSA if they want to 
>> get
>> inside the servers.
>> 
>> Kind regards,
>> - --
>> [0] https://agoravoting.com
>> [1]
>> http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu
>> [2]
>> https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.22 (GNU/Linux)
>> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>> 
>> iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc
>> 1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7
>> =e6ab
>> -----END PGP SIGNATURE-----
>> _______________________________________________
>> cryptography mailing list
>> cryptography at randombit.net
>> http://lists.randombit.net/mailman/listinfo/cryptography

More information about the cypherpunks mailing list