Brag About Exploits, Go to Jail

Cathal Garvey cathalgarvey at cathalgarvey.me
Wed Jan 8 06:15:51 PST 2014 

> Snowden wanted to be identified, so it is alleged, and
> has been caught as intended.

I think the reasoning with Snowden was not so much to brag as to make
himself a hard-to-assassinate public figure. In his case, so few people
could have acquired the documents he did, that it was a matter of
(little) time before he was noticed to be conveniently absent as the
shit hit the fan.

If he wasn't in the public eye by that time, he'd have been disappeared
and/or shot in short order.

> Not to be overlooked: the essence of comsec and
> crypto is deception. So laugh at the open source ruse
> on the way to the pokey.

Funny that, I look at closed source as evidence of deception; without
deception, there is no reason to hide the source. As long as they keys
are secret, the protocol and code can be open, and should be if anyone's
to trust that they're A) beneficent and B) competent.

In the comparison of Cryptocat, which has tightened up radically because
of code audits enabled by Open Sourcing it, to Bittorrent Sync (which
used to advertise AES256 which was impossible with the keylength being
shared, now advertises AES128, nobody knows how they implement it but a
mistake like that screams "badly"), which is still unaudited snakeoil:
BTSync boast massive bandwidth usage implying a significant user uptake,
and moreso since the Snowden affair because of their snakeoil offering.
So the Open Source guy gets all the attention, audits and improvement,
while the closed source guys get no attention, no audits, and finally
notice internally that they're offering AES256 when they can't
physically accomplish it with the keylengths.

I'll take Open, thanks. At least I can see what's wrong if it errs.

On 08/01/14 12:55, John Young wrote:
> James Donald wrote:
> 
>> And if he had, like Snowden, kept a low profile, instead of flicking a
>> towel in their faces, they never would have detected it.
> 
> Swartz bragged to a slew of people and was caught.
> Manning bragged to Lamo and was caught.
> Kiriakou bragged to a journalist and was caught.
> Sabu bragged to cohorts and was caught.
> Barrett Brown bragged to the world and was caught.
> Several Anonymouses bragged and were caught.
> And so on, dozens in just the last decade.
> 
> Jim Bell bragged online and went to jail. So did Carl
> Johnson. Cops love braggarts, brag themselves to
> braggarts to keep prisons happylands.
> 
> How many did not brag and remained uncaught? There
> are likely thousands of them. Many of those work with
> or emulate spies who do not brag as rule number 1.
> 
> Snowden wanted to be identified, so it is alleged, and
> has been caught as intended.
> 
> Is this nuts or what, vainglorious stupidity, or a commonplace
> ruse to get the enemy to expose its capabilities, or to flaunt
> one's own hybrid of authentic and fake to spook the enemy,
> to seel products, to boost budgets, to manipulate public
> opinion. The fundamental purpose of leaks.
> 
> Keeping a non-existent profile is worth considering, along
> with a hundred pseudos.
> 
> And putting a high-profile out there is what the Internet
> was intended to do, fake, sock, pseudo, anon, sucker.
> 
> Not to be overlooked: the essence of comsec and
> crypto is deception. So laugh at the open source ruse
> on the way to the pokey.
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140108/e7754f44/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140108/e7754f44/attachment-0002.sig>

More information about the cypherpunks mailing list