[cryptome] Cryptome has been leaking its user logs for over a year

Georgi Guninski guninski at guninski.com
Sun Oct 11 01:33:12 PDT 2015


On Sat, Oct 10, 2015 at 10:45:21PM +0200, rysiek wrote:
> Dnia sobota, 10 października 2015 15:27:45 Georgi Guninski pisze:
> > On Sat, Oct 10, 2015 at 01:13:06PM +0200, rysiek wrote:
> > > Dnia piątek, 9 października 2015 15:42:51 Travis Biehn pisze:
> > > > 2) I hope IA and other parties don't know I was drooling over TS dox.
> > > > Use an anonymizing platform. If you're relying on the operator to 'not
> > > > keep
> > > > logs' *you're doing it wrong*, not JY.
> > > 
> > > This is classic "blaming the victim" move.
> > 
> > And who is the victim?
> 
> All whose IP addresses and metadata (date, time UA string, etc) got published 
> within the logfiles.
> 
> > > Should I take care of my own opsec? By all means.
> > > Is it okay to publish/sell logs by the service provider? No, no it
> > > isn't.
> > 
> > Selling logs to the customers you logged and who (if they notice) likely
> > will do the best to discredit you?
> 
> Selling logs with such data to anywone, really.
>

You know the majority of customers buying USBs almost surely regularly
browsed cryptome?

Selling THEIR logged info to them is definitely insane business plan.

IMHO in this incident cryptome made several mistakes (possibly with a
little help from their "friends"). If I were JYA I would apologize for
the mistakes.

Observe that running such site makes usa your adversary, so the task is
highly non-trivial.





More information about the cypherpunks mailing list