[cryptome] Cryptome has been leaking its user logs for over a year

Travis Biehn tbiehn at gmail.com
Fri Oct 9 12:42:51 PDT 2015


Because they're two different threats, one that's within the users' purview
and the other is the service operator's.

1) Cloudflare is active MITM & payload delivery platform.
Use a throw-away to browse, you can't be sure of the integrity. Oops.


2) I hope IA and other parties don't know I was drooling over TS dox.
Use an anonymizing platform. If you're relying on the operator to 'not keep
logs' *you're doing it wrong*, not JY.

-Travis


On Fri, Oct 9, 2015 at 3:33 PM, Razer <Rayzer at riseup.net> wrote:

>
>
> On 10/09/2015 02:52 AM, rysiek wrote:
> > Why the fuck are people on this list slamming Snowden and freedom.press
> for
> > using Cloudflare, and at the same time defending JYA for sending out
> server
> > logs with dates and IP addresses?
> Because Cloudflare won't show anyone (except the feds) what they're
> logging.
>
> That SEEMS to give the feds a (snigger) monopolistic advantage.
>
> > CloudFlare,  which  boasts  that  4% of all web requests flows through
> > its network, in essence serves as gatekeeper to control the flow of
> > visitors to given sites and to verify that those visitors have a
> > legitimate purpose in visiting them. It has  advanced  detection
> > features  that  complicate  (or  thwart  entirely)  attempts  by
> > automated robots to scrape data from and monitor these forums,
> > including browser tests and so -called “captcha codes.”
> >
> > In fact, two of ISIS’ top three online chat forums — including the
> > notorious Alplatformmedia.com — are currently guarded by CloudFlare.
> > Without such protection from CloudFlare, these sites would almost
> > certainly succumb to the same relentless online attacks that have
> > completely collapsed several major jihadi web forums over the past two
> > years. In 2013, after CloudFlare was contacted by journalists over
> > allegations that their service was providing protection to terrorist
> > websites, the company’s CEO Matthew Prince published a full
> > explanation of their policy in this regard.
> >
> > According to Prince, it would not “be right for us to monitor the
> > content that flows through our network and make determinations on what
> > is and what is not politically appropriate. Frankly, that would be
> > creepy... Removing this, or any other site, from our network wouldn't
> > remove the content from the Internet: it would simply slow its
> > performance and make it more vulnerable to attack. ”
> >
> > In his response, Prince also asserted:
> >>
> >> “A website is speech. It is not a bomb. There is no imminent danger
> >> it creates and no provider has an affirmative obligation to monitor
> >> and make determinations about the theoretically harmful nature of
> >> speech a site may contain... There are lots of things on the web I
> >> find personally distasteful. I have political beliefs, but I don't
> >> believe those beliefs should color what is and is not allowed to flow
> >> over the network. As we have blogged about  before,  we  often  find
> >> ourselves  on  opposite  sides  of  political  conflicts.
> >> Fundamentally, we are consistent in the fact that our political
> >> beliefs will not color who we allow to be fast and safe on the web. ”
> >
> >
> > In June 2010, in the context of the case of Holder v. Humanitarian Law
> > Project, the U.S. Supreme Court upheld a strict view of the “expert
> > advice and assistance” clause of U.S. counter-terrorism laws, making
> > even nonviolent advocacy potentially an illicit form of material
> > support if it is carried out in conjunction with a proscribed
> > terrorist organization. The case had specifically centered on a group
> > of American civil rights activists who advertised their mission as
> > helping such groups “find peaceful ways to achieve [their] goals.”
> >
> > It is extremely difficult to reconcile the logical paradox that it is
> > currently illegal to give pro-bono assistance to a terrorist group in
> > order for them to adopt politics instead of violence, but it is
> > perfectly legal for CloudFlare to commercially profit from a terrorist
> > group by assisting them to communicate securely with recruits and to
> > publicly disseminate recordings of mass murder. Indeed, CloudFlare CEO
> > Matthew Prince has been adamant in his declarations that “ CloudFlare
> > abides by all applicable laws in the countries in which we operate and
> > we firmly support the due process of law.” Prince continues to insist,
> > “ We have never received a request to terminate the site in question
> > from any law enforcement authority, let alone a valid order from a
> > court.”
> >
> > In deference to CloudFlare, it is possible that the company has
> > received a formal request from law enforcement to continue providing
> > its services to such an illicit online forum.  Yet, even as one who
> > has repeatedly advocated leaving jihadi forums online in order to
> > study those who use them, this possibility gives me pause for
> > reflection.  If so, there must be a careful assessment of the
> > potential negative policy impacts of leaving ISIS recruitment
> > platforms online and unmolested in light of the recognition that
> > Western security services are abjectly failing to track, identify, and
> > stop all of those who are using these sites.  If so, there must be a
> > careful assessment of the potential negative policy impacts of leaving
> > ISIS recruitment platforms online and unmolested in light of the
> > recognition that Western security services are abjectly failing to
> > track, identify, and stop all of those who are using these sites.
> >
> Testimony of Evan F. Kohlmann with Laith Alkhouri and Alexandra Kassirer
>
> Before the House Committee on Foreign Affairs Subcommittee on Terrorism,
> Nonproliferation, and Trade
>
> "The Evolution of Terrorist Propaganda: The Paris Attack and Social Media"
>
>
> http://docs.house.gov/meetings/FA/FA18/20150127/102855/HHRG-114-FA18-Wstate-KohlmannE-20150127.pdf
>
>
>


-- 
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 7601 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151009/5cbe09df/attachment-0002.txt>


More information about the cypherpunks mailing list