freedom.press, also the firstlook/intercept...

Shelley shelley at misanthropia.org
Thu Oct 1 15:09:40 PDT 2015


On October 1, 2015 3:01:55 PM Steve Kinney <admin at pilobilus.net> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 09/30/2015 04:02 PM, stef wrote:
> > and they host all the juicy bits on documents on documentcloud,
> > requiring anyone interested to expose themselves. it is not
> > possible to download the dumps anonymously in a simple zip
> > file, you really have to use goddamn javascript.
> >
> > this is totally unacceptable. when approached on this, you get
> > very irritated answers, if at all. to say "this stinks" is an
> > understatement. it's a goddamn trap.
>
> I am not inclined to believe that a "simple zip file" can be
> downloaded anonymously, without employing extraordinary OpSec
> procedures that would incidentally render javascript useless for
> tracking purposes.  Not if the adversaries in your threat model
> include any official agency of any of the FVEYE countries, or any
> of the major private contractors working with them.
>
> The network itself is the trap, with or without javascript, with
> or without obfuscation via TOR or etc.  I would be much more
> concerned with the handling of those downloaded files on the local
> machine - if a trap is suspected, zero day exploits hidden in the
> files should be assumed.
>
> :o)
>
>
> -----BEGIN PGP SIGNATURE-----

[Snip]

Agree with both sentiments, but - who the hell opens documents of dubious 
origin on a networked machine?  Even on an airgapped machine, I still use a 
VM...

-S





More information about the cypherpunks mailing list