Cryptome has been leaking its user logs for over a year

[Cathal (Phone)]

Which remains bollocks because if he really gave a crap he could still offer a self-signed cert with fingerprints out of band and leave it to the visitor to either verify or accept the fearful securoty warnings. As is, we have KARMA POLICE using cryptome visitors as a correlative data source, which it seems SSL would have been a barrier to (because KP was based on unencrypted streams and cookie/real ID/IP correlation).

On 8 October 2015 07:37:11 IST, oshwm <oshwm at openmailbox.org> wrote:
>John's point about SSL (TLS) was with regards to the CA system I think
>(he would be able to confirm/deny this in a suitable piece of Haiku).
>
>The CA System requires you to trust some of the world's largest (and US
>based) corporations not to share Certificate private keys with TLA's or
>the highest bidders.
>How could it possibly go wrong :D
>
>
>On 08/10/15 07:12, Cathal (Phone) wrote:
>> Everything John says is weird, and he's shown a wilful disregard for
>even the most basic forms of visitor security all along, from initially
>refusing SSL onwards. This is *entirely* in character for the
>caricature-JY I know through this list.
>> 
>> On 8 October 2015 07:05:51 IST, Georgi Guninski
><guninski at guninski.com> wrote:
>>> John's replies appear weird to me.
>>>
>>> Don't exclude the possibility the web server to be compromised (and
>>> likely all John's boxen, he had some troubles with PGP keys) and
>>> someone
>>> included the alleged logs on purpose.
>>>
>>> Recently read leaked presentation that TLAs use such operations.
>> 

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 2207 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20151008/e24865a2/attachment-0002.txt>