From softservant at gmail.com Mon Jun 1 12:06:19 2015 From: softservant at gmail.com (Softy) Date: Mon, 1 Jun 2015 12:06:19 -0700 Subject: =?UTF-8?Q?=E2=80=8B_Re=3A_Threat_Model=3A_Parents?= Message-ID: Yes, Yes I am. Let's be more specific. Child: a minor under custodianship of another. Supervision: providing meaningful oversight. No child would rightfully be raised without supervision - you don't let toddlers walk across the street, you don't let 6 year olds watch porn, and you don't let teens go to the local pub (okay, last one is location dependent). Are you committing child-porn when you oversee your 2 year old dressing? Are you censoring their ability to dress themselves by helping them choose (weather, etc) appropriate clothes? Many things in life, while we are growing and becoming mature (a process lasting well into our mid-20s), require oversight. Both for safely and utility. We can pretend otherwise at our and the child's own peril. Go ahead and let your child smoke cigs, watch porn and read reddit; it's your child - do as you feel best - I suspect my child will find yours to be .... socially repugnant. The point is blanket statements like you made are corrosive to the understanding of the discussion. Unfettered support of "the child" in all situations is counterproductive. Don't get going on "Parents don't always know best" ... true, they don't - but as long as Society allows any person in any circumstance to _have_ a child without any sort of parenting training, oversight, counselling, then Society must allow that person the ability to _raise_ their child. For better or ill. > Claiming a child merits access - with or without supervision - can only be > > made by the primary custodians of the child. > > > > Um, I'm sure this is me just having trouble understanding, but are you > saying that a parent has a perfectly legitimate right to spy on and censor > a child's communication? > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2748 bytes Desc: not available URL: From Rayzer at riseup.net Mon Jun 1 12:39:25 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 01 Jun 2015 12:39:25 -0700 Subject: Threat Model: Parents In-Reply-To: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> Message-ID: <556CB4ED.5050109@riseup.net> 05/30/2015 11:15 PM, Cathal (Phone) wrote: > I know probably the best thing would be running TAILS as a LiveCD -- > the problem with that is that it's REALLY obvious over-the-shoulder. Tails has a win8 camouflage mode. If Win8 is the OS in use... -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Jun 1 12:48:28 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 01 Jun 2015 12:48:28 -0700 Subject: [OT: Python v. M edition] Threat Model: Parents In-Reply-To: <1848596366.2506784.1433090506333.JavaMail.yahoo@mail.yahoo.com> References: <1848596366.2506784.1433090506333.JavaMail.yahoo@mail.yahoo.com> Message-ID: <556CB70C.6080909@riseup.net> On 05/31/2015 09:41 AM, jim bell wrote: > *From:* Gadit Bielman > >I'm trying to help (probably badly, but..) a friend deal with parents > that they expect are spying on them. > >I know that in general, it's impossible to secure a computer that you > can't trust and don't necessarily have >administrator privileges to. > > >But their parents are not exactly the NSA -- > > > NO ONE expects the NSA!!!! > > (with apologies to Monty Python...) > > Jim Bell > (Voce ‘"british accented crackling falsetto’) “Have You Got Anything Without War?” (Now imagine the US state department as a Monty Python skit…) > Well, there’s sanctions and prosecutions; sanctions drone strikes and > prosecutions; sanctions and war; sanctions prosecutions and war; > sanctions prosecutions drone strikes and war; war prosecutions drone > strikes and war; war sanctions war war prosecutions and war; war drone > strikes war war prosecutions war cyber war and war; > > Vikings: War war war war… > > Secretary of State: …war war war sanctions and war; war war war > war war war targeted assassinations war war war… > > Vikings: War! Lovely war! Lovely war! > > Secretary of State: …or a United Nations resolution combined with > infiltration, a USAID fake Twitter application, a CIA overthrow, > trained enhanced interrogators and with crippling sanctions on top and > war. > > Woman: Have you got anything without war? > > Secretary of State: Well, there’s war sanctions drone strikes and > war, that’s not got much war in it. > > Woman: I don’t want ANY war! *More* (more more more) http://auntieimperial.tumblr.com/post/96175631379 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Jun 1 12:57:00 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 01 Jun 2015 12:57:00 -0700 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: References: Message-ID: <556CB90C.6090304@riseup.net> On 06/01/2015 12:06 PM, Softy wrote: > > Don't get going on "Parents don't always know best" ... true, they > don't - but as long as Society allows any person in any circumstance > to _have_ a child without any sort of parenting training, oversight, > counselling, then Society must allow that person the ability to > _raise_ their child. For better or ill. That's why I'm spending much of the margin-of-my-senior-years doing free 'psychotherapy' with local kids almost-to-totally gone bad and traveling kids with drug/alcohol probs. The younger they find an intelligent understanding mentor the better. I'm NOT saying some Tor .onion chatroom is the place to find that person... Just sayin'. RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From softservant at gmail.com Mon Jun 1 13:41:45 2015 From: softservant at gmail.com (Softy) Date: Mon, 1 Jun 2015 13:41:45 -0700 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= Message-ID: > That's just a slippery slope to accepting the paternalism of the state, > man. This thread continues to deliver. > > trollollolollo ... one can never tell via plain text. ​ I suppose I should have elaborated on the distinction between Child and State. Evidently, confusion exists on ​limits​ the former should govern ​ with​ and how the latter needs governing (and yes, at times by the former). ​Now we're going to get the CPS nuts about their kids being carried away in black vans; but that's not where I'm going. I'm laying the claim that 'developing children' need to have a certain amount of 'oversight and governance' in their lives. I'm happy knowing various governmental and non- are monitoring the milk my son drinks so it doesn't contain large doses of melamine (for instance).​ ​​ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2244 bytes Desc: not available URL: From Rayzer at riseup.net Mon Jun 1 14:14:31 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 01 Jun 2015 14:14:31 -0700 Subject: Threat Model: Parents In-Reply-To: References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> Message-ID: <556CCB37.8030009@riseup.net> When I highlighted the quoted material Thunderbird chose you as the sender. Sorry... Do you need a 'butthurt assessment form" to send to the mgt? https://cyberguerrilla.org/butthurt/butthurt.php On 06/01/2015 01:32 PM, Cathal (Phone) wrote: > Eh, I didn't write that. Either someone's spoofing my headers or you > wrote that manually and misattributed? > > On 1 June 2015 20:39:25 GMT+01:00, Razer wrote: > > 05/30/2015 11:15 PM, Cathal (Phone) wrote: > > I know probably the best thing would be running TAILS as a > LiveCD -- the problem with that is that it's REALLY obvious > over-the-shoulder. > > > Tails has a win8 camouflage mode. If Win8 is the OS in use... > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1754 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Jun 1 14:46:23 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 01 Jun 2015 14:46:23 -0700 Subject: Threat Model: Parents In-Reply-To: References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> <556CCB37.8030009@riseup.net> Message-ID: <556CD2AF.3050108@riseup.net> On 06/01/2015 02:28 PM, Zenaan Harkness wrote: > The butthurt page is so black and white - it's missing colors -and- > expecting Javascript. > > Something must be done! Someone please contact anonymous. > > https://tips.fbi. gov/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From tbiehn at gmail.com Mon Jun 1 12:16:01 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Mon, 1 Jun 2015 15:16:01 -0400 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= In-Reply-To: References: Message-ID: That's just a slippery slope to accepting the paternalism of the state, man. This thread continues to deliver. On Mon, Jun 1, 2015 at 3:06 PM, Softy wrote: > > Yes, Yes I am. > Let's be more specific. > Child: a minor under custodianship of another. > Supervision: providing meaningful oversight. > > No child would rightfully be raised without supervision - you don't let > toddlers walk across the street, you don't let 6 year olds watch porn, and > you don't let teens go to the local pub (okay, last one is location > dependent). Are you committing child-porn when you oversee your 2 year old > dressing? Are you censoring their ability to dress themselves by helping > them choose (weather, etc) appropriate clothes? > > Many things in life, while we are growing and becoming mature (a process > lasting well into our mid-20s), require oversight. Both for safely and > utility. We can pretend otherwise at our and the child's own peril. Go > ahead and let your child smoke cigs, watch porn and read reddit; it's your > child - do as you feel best - I suspect my child will find yours to be .... > socially repugnant. > > The point is blanket statements like you made are corrosive to the > understanding of the discussion. Unfettered support of "the child" in all > situations is counterproductive. > > Don't get going on "Parents don't always know best" ... true, they don't - > but as long as Society allows any person in any circumstance to _have_ a > child without any sort of parenting training, oversight, counselling, then > Society must allow that person the ability to _raise_ their child. For > better or ill. > > > > > > Claiming a child merits access - with or without supervision - can only >> be >> > made by the primary custodians of the child. >> > >> > Um, I'm sure this is me just having trouble understanding, but are you >> saying that a parent has a perfectly legitimate right to spy on and censor >> a child's communication? >> > > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3694 bytes Desc: not available URL: From juan.g71 at gmail.com Mon Jun 1 12:58:15 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 1 Jun 2015 16:58:15 -0300 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: <556cb7f0.90978c0a.5d10.2702@mx.google.com> On Mon, 1 Jun 2015 15:16:01 -0400 Travis Biehn wrote: > That's just a slippery slope to accepting the paternalism of the > state, man. This thread continues to deliver. Naaah. People shouldn't leave kindergarten until they are 25. "Many things in life, while we are growing and becoming mature (a process lasting well into our mid-20s)" > > On Mon, Jun 1, 2015 at 3:06 PM, Softy wrote: > > > > > Yes, Yes I am. > > Let's be more specific. > > Child: a minor under custodianship of another. > > Supervision: providing meaningful oversight. > > > > No child would rightfully be raised without supervision - you don't > > let toddlers walk across the street, you don't let 6 year olds > > watch porn, and you don't let teens go to the local pub (okay, last > > one is location dependent). Are you committing child-porn when you > > oversee your 2 year old dressing? Are you censoring their ability > > to dress themselves by helping them choose (weather, etc) > > appropriate clothes? > > > > Many things in life, while we are growing and becoming mature (a > > process lasting well into our mid-20s), require oversight. Both > > for safely and utility. We can pretend otherwise at our and the > > child's own peril. Go ahead and let your child smoke cigs, watch > > porn and read reddit; it's your child - do as you feel best - I > > suspect my child will find yours to be .... socially repugnant. > > > > The point is blanket statements like you made are corrosive to the > > understanding of the discussion. Unfettered support of "the child" > > in all situations is counterproductive. > > > > Don't get going on "Parents don't always know best" ... true, they > > don't - but as long as Society allows any person in any > > circumstance to _have_ a child without any sort of parenting > > training, oversight, counselling, then Society must allow that > > person the ability to _raise_ their child. For better or ill. > > > > > > > > > > > Claiming a child merits access - with or without supervision - > > > can only > >> be > >> > made by the primary custodians of the child. > >> > > >> > Um, I'm sure this is me just having trouble understanding, but > >> > are you > >> saying that a parent has a perfectly legitimate right to spy on > >> and censor a child's communication? > >> > > > > > > From jdb10987 at yahoo.com Mon Jun 1 10:26:28 2015 From: jdb10987 at yahoo.com (jim bell) Date: Mon, 1 Jun 2015 17:26:28 +0000 (UTC) Subject: $330 3.3 GHz Spectrum Analyzer In-Reply-To: References: Message-ID: <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> USB RF Spectrum Analyzer 3.3GHZ |   | |   | |   |   |   |   |   | | USB RF Spectrum Analyzer 3.3GHZUS $330.00 New in Business & Industrial, Electrical & Test Equipment, Test Equipment | | | | View on www.ebay.com | Preview by Yahoo | | | |   | -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7279 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Mon Jun 1 13:32:13 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 01 Jun 2015 21:32:13 +0100 Subject: Threat Model: Parents In-Reply-To: <556CB4ED.5050109@riseup.net> References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> Message-ID: Eh, I didn't write that. Either someone's spoofing my headers or you wrote that manually and misattributed? On 1 June 2015 20:39:25 GMT+01:00, Razer wrote: > 05/30/2015 11:15 PM, Cathal (Phone) wrote: >> I know probably the best thing would be running TAILS as a LiveCD -- >> the problem with that is that it's REALLY obvious over-the-shoulder. > >Tails has a win8 camouflage mode. If Win8 is the OS in use... -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 925 bytes Desc: not available URL: From cathalgarvey at cathalgarvey.me Mon Jun 1 14:26:37 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Mon, 01 Jun 2015 22:26:37 +0100 Subject: Threat Model: Parents In-Reply-To: <556CCB37.8030009@riseup.net> References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> <556CCB37.8030009@riseup.net> Message-ID: <558EB137-26E7-4E37-9CC8-AEE7F2960FE1@cathalgarvey.me> Butthurt is a natural drawback of internet use, I'll suck it up. On 1 June 2015 22:14:31 GMT+01:00, Razer wrote: >When I highlighted the quoted material Thunderbird chose you as the >sender. Sorry... Do you need a 'butthurt assessment form" to send to >the >mgt? > >https://cyberguerrilla.org/butthurt/butthurt.php > > >On 06/01/2015 01:32 PM, Cathal (Phone) wrote: >> Eh, I didn't write that. Either someone's spoofing my headers or you >> wrote that manually and misattributed? >> >> On 1 June 2015 20:39:25 GMT+01:00, Razer wrote: >> >> 05/30/2015 11:15 PM, Cathal (Phone) wrote: >> >> I know probably the best thing would be running TAILS as a >> LiveCD -- the problem with that is that it's REALLY obvious >> over-the-shoulder. >> >> >> Tails has a win8 camouflage mode. If Win8 is the OS in use... >> >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2170 bytes Desc: not available URL: From coderman at gmail.com Mon Jun 1 23:44:47 2015 From: coderman at gmail.com (coderman) Date: Mon, 1 Jun 2015 23:44:47 -0700 Subject: VMs without Administrator rights [was: Threat model: Parents] Message-ID: On 5/31/15, Barton Gellman wrote: > ... > * A virtual machine may be possible on the monitored host, if the required > drivers are already present. Probably not. See http://www.vbox.me/. If > anyone knows a VM that works without admin rights, speak up. in the Tor VM experiment from years back (2007) Qemu was used because it could be run as a restricted user once the Windown Tap and Pcap drivers were installed. throughput was poor, and this is the crux of a non-admin virtualization environment - performance demands privileges! less a problem for headless network appliances - a real big problem for interactive graphical user interfaces... best regards, From coderman at gmail.com Tue Jun 2 00:07:00 2015 From: coderman at gmail.com (coderman) Date: Tue, 2 Jun 2015 00:07:00 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 5/10/15, coderman wrote: > ... > MuckRock doesn't usually handle individual requests (PA w/ DoJ-361). > pursuing alternate tracks... the adventure continues! ... signs point to file containing interesting aspects, given the "soft" pressure to stymie it. also filed two requests with department of state regarding my complaint about technical surveillance at the hotel where myself and others were staying in Paris during Tor dev conference 2014: https://www.muckrock.com/foi/united-states-of-america-10/independence-embassy-18065/ https://www.muckrock.com/foi/united-states-of-america-10/independence-embassy-18066/ best regards, P.S. active attacks against cisco VPN clients (for password recovery targeting those who re-use passwords - which is none of us, right?) as well as some fun DirtBox middle behavior obtained in trade. go #FreeRedTeam! [spoiler alert, if you don't have a baseband friendly to SnoopSnitch, there may be a way to use packet latency and loss to identify likely Stingray vs. non-Stingray type tower hand-offs...] From thetransintransgenic at gmail.com Mon Jun 1 21:41:43 2015 From: thetransintransgenic at gmail.com (Gadit Bielman) Date: Tue, 2 Jun 2015 00:41:43 -0400 Subject: Threat Model: Parents In-Reply-To: <556CF749.9040805@riseup.net> References: <556CF749.9040805@riseup.net> Message-ID: The friend I'm trying to help was just someone, nearby-in-the-social-graph on Tumblr, who asked for help with securing communication and stuff. Their specific situation is that they're about 15, autistic and bipolar, and have both a very active and emotionally important online life, and very invasive parents who wouldn't think much before cutting that off if they thought it might help make them "easier to deal with"-like. I don't really know -- I just offered to help. This question was trying as much for specific for them, as general strategies that minors can use -- I'm also thinking of one person from a while ago, whom I knew better and who is thankfully in a much better situation right now, who was using their abusive dad's laptop when available and terrified of the possible and likely consequences if their dad found the thread that they were getting sympathy, advice, and support in. I'm pretty sure I've run into other kids who were concerned about stuff like that. One friend is working at this problem, partially to use, partially just to get a sense of infosec, partially just in case. After I posted the original post here, another friend specifically asked me to summarize what I learned from this thread, 'cause they expect to run into people who need advice. Mostly I'd like to be able to work out something that, if I run into someone in a similar situation, I could say "Here, try this, this, and this. Look for these things -- you can do that like this -- and if you find this then you have to take this other precaution. And if you can, try reading this and this and see if that's applicable to your situation." At least as a start. And I'd like be able to share that like I can share "well here's how you make it harder for Google/The Government/An Identity Thief to get your info...". -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1978 bytes Desc: not available URL: From coderman at gmail.com Tue Jun 2 01:11:37 2015 From: coderman at gmail.com (coderman) Date: Tue, 2 Jun 2015 01:11:37 -0700 Subject: $330 3.3 GHz Spectrum Analyzer In-Reply-To: <9A043F3CF02CD34C8E74AC1594475C73AB034298@uxcn10-tdc05.UoA.auckland.ac.nz> References: <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> <9A043F3CF02CD34C8E74AC1594475C73AB034298@uxcn10-tdc05.UoA.auckland.ac.nz> Message-ID: On 6/2/15, Peter Gutmann wrote: >> ... low cost, fast with selectable Bandwidths of 58KHz to >> 813KHz. > > And there's the catch... on the opposite end of the spectrum, but not quite fab it yourself, crimson a wide performance kit, with stand-alone capability along with dual 10GigE to host link. [0] one day soon [1], we'll just batch a small run of direct transceiver ultra-wide band SDR ASIC arrays for all our RF desires. one day... best regards, 0. "Four independent receive chains, and four independent transmit chains, each capable of 322Mhz of bandwidth from aught to 6Ghz." - with an octoclock, you can phase align eight crimsons for a total of 32 rx, 32 tx, 5,512MHz of bandwidth aggregate. (almost full spectrum take ;) - https://www.pervices.com/products/crimson/ 1. *for some definition of "soon". these go to 60Ghz with ease, and push 100+Ghz at edge. From grarpamp at gmail.com Mon Jun 1 22:57:37 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 2 Jun 2015 01:57:37 -0400 Subject: $330 3.3 GHz Spectrum Analyzer In-Reply-To: <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> References: <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> Message-ID: On Mon, Jun 1, 2015 at 1:26 PM, jim bell wrote: > USB RF Spectrum Analyzer 3.3GHZ http://sdr.osmocom.org/trac/wiki/rtl-sdr http://www.ebay.com/sch/i.html?_nkw=rtl-sdr+spectrum+analyzer -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 690 bytes Desc: not available URL: From grarpamp at gmail.com Mon Jun 1 23:03:25 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 2 Jun 2015 02:03:25 -0400 Subject: EFF: Cybersecurity and the Tylenol Murders Message-ID: https://www.eff.org/deeplinks/2015/05/cybersecurity-and-tylenol-murders When a criminal started lacing Tylenol capsules with cyanide in 1982, Johnson & Johnson quickly sprang into action to ensure consumer safety. ... Looking at the Congressional debate, it's as if the answer for Americans after the Tylenol incident was not to put on tamper-evident seals, or increase the security of the supply chain, but only to require Tylenol to “share” its customer lists with the government and with the folks over at Bayer aspirin. We wouldn’t have stood for such a wrongheaded response in 1982, and we shouldn’t do so now. "Patriot" Act, cockpit doors, Clippled crypto backdoors, surveillance, etc From mirimir at riseup.net Tue Jun 2 01:51:31 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 02 Jun 2015 02:51:31 -0600 Subject: VMs without Administrator rights [was: Threat model: Parents] In-Reply-To: References: Message-ID: <556D6E93.20002@riseup.net> On 06/02/2015 12:44 AM, coderman wrote: > On 5/31/15, Barton Gellman wrote: >> ... >> * A virtual machine may be possible on the monitored host, if the required >> drivers are already present. Probably not. See http://www.vbox.me/. If >> anyone knows a VM that works without admin rights, speak up. > > in the Tor VM experiment from years back (2007) Qemu was used because > it could be run as a restricted user once the Windown Tap and Pcap > drivers were installed. That's also the case for VirtualBox. So just get admin rights to install the drivers, and then give them up again. > throughput was poor, and this is the crux of a non-admin > virtualization environment - performance demands privileges! > > less a problem for headless network appliances - a real big problem > for interactive graphical user interfaces... > > best regards, > From zen at freedbms.net Mon Jun 1 13:33:57 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 2 Jun 2015 06:33:57 +1000 Subject: Threat Model: Parents In-Reply-To: <556CB4ED.5050109@riseup.net> References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> Message-ID: On 6/2/15, Razer wrote: > 05/30/2015 11:15 PM, Cathal (Phone) wrote: >> I know probably the best thing would be running TAILS as a LiveCD -- >> the problem with that is that it's REALLY obvious over-the-shoulder. > > Tails has a win8 camouflage mode. If Win8 is the OS in use... A number of things are at issue. An adversarial "helper" is the first one. From zen at freedbms.net Mon Jun 1 14:06:39 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 2 Jun 2015 07:06:39 +1000 Subject: Threat Model: Parents In-Reply-To: References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> Message-ID: On 6/2/15, Zenaan Harkness wrote: > On 6/2/15, Razer wrote: >> 05/30/2015 11:15 PM, Cathal (Phone) wrote: >>> I know probably the best thing would be running TAILS as a LiveCD -- >>> the problem with that is that it's REALLY obvious over-the-shoulder. >> >> Tails has a win8 camouflage mode. If Win8 is the OS in use... > > A number of things are at issue. An adversarial "helper" is the first one. I think I've been unclear in two ways, apologies. I'll try again: A number of things are at issue. A reactive OP is the first one. Again, very sorry for the confusion, Zenaan From zen at freedbms.net Mon Jun 1 14:28:17 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 2 Jun 2015 07:28:17 +1000 Subject: Threat Model: Parents In-Reply-To: <556CCB37.8030009@riseup.net> References: <4A98C782-ACC5-42A1-9889-A237366354A6@cathalgarvey.me> <556CB4ED.5050109@riseup.net> <556CCB37.8030009@riseup.net> Message-ID: The butthurt page is so black and white - it's missing colors -and- expecting Javascript. Something must be done! Someone please contact anonymous. On 6/2/15, Razer wrote: > When I highlighted the quoted material Thunderbird chose you as the > sender. Sorry... Do you need a 'butthurt assessment form" to send to the > mgt? > > https://cyberguerrilla.org/butthurt/butthurt.php > > On 06/01/2015 01:32 PM, Cathal (Phone) wrote: >> Eh, I didn't write that. Either someone's spoofing my headers or you >> wrote that manually and misattributed? >> >> On 1 June 2015 20:39:25 GMT+01:00, Razer wrote: >> 05/30/2015 11:15 PM, Cathal (Phone) wrote: >> I know probably the best thing would be running TAILS as a >> LiveCD -- the problem with that is that it's REALLY obvious >> over-the-shoulder. >> >> Tails has a win8 camouflage mode. If Win8 is the OS in use... >> >> -- >> Sent from my Android device with K-9 Mail. Please excuse my brevity. From pgut001 at cs.auckland.ac.nz Tue Jun 2 00:41:15 2015 From: pgut001 at cs.auckland.ac.nz (Peter Gutmann) Date: Tue, 2 Jun 2015 07:41:15 +0000 Subject: $330 3.3 GHz Spectrum Analyzer In-Reply-To: <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> References: , <1928767974.3301192.1433179588507.JavaMail.yahoo@mail.yahoo.com> Message-ID: <9A043F3CF02CD34C8E74AC1594475C73AB034298@uxcn10-tdc05.UoA.auckland.ac.nz> jim bell writes: >[...] >The SA0314 is low cost, fast with selectable Bandwidths of 58KHz to 813KHz. And there's the catch... Peter. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 531 bytes Desc: not available URL: From softservant at gmail.com Tue Jun 2 08:42:22 2015 From: softservant at gmail.com (Softy) Date: Tue, 2 Jun 2015 08:42:22 -0700 Subject: =?UTF-8?Q?=E2=80=8B_Re=3A_Threat_Model=3A_Parents?= Message-ID: ​Arguably a category of child which would benefit from a concerned adults supervision. I would never assert an alcoholic should choose a bar as their favourite hangout - nor would I claim they have no right to choose to do so. However, I would assert (to the alcoholic) they would be better off going to said bar with a helpful supervisor/friend.​ > Their specific situation is that they're about 15, autistic and bipolar, > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 748 bytes Desc: not available URL: From Rayzer at riseup.net Tue Jun 2 09:21:09 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 02 Jun 2015 09:21:09 -0700 Subject: Threat Model: Parents In-Reply-To: References: <556CF749.9040805@riseup.net> Message-ID: <556DD7F5.3050502@riseup.net> On 06/01/2015 09:41 PM, Gadit Bielman wrote: > The friend I'm trying to help was just someone, > nearby-in-the-social-graph on Tumblr, who asked for help with securing > communication and stuff. > Their specific situation is that they're about 15, autistic and > bipolar, and have both a very active and emotionally important online > life, and very invasive parents who wouldn't think much before cutting > that off if they thought it might help make them "easier to deal > with"-like. I don't really know -- I just offered to help. An autistic bipolar 15 yo kid might think their parents saying "Good Morning" to them is invasive. AAMOF I KNOW a kid like that. Just sayin'. Tumblr mobile is available from any smartphone, and the clunky web browser in a dumb ones, and you can make your posts via email from just about any phone or computer. I don't see that the kid HAS the problem stated if Tumblr is the issue. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From s at ctrlc.hu Tue Jun 2 04:17:47 2015 From: s at ctrlc.hu (stef) Date: Tue, 2 Jun 2015 13:17:47 +0200 Subject: Windows 10 In-Reply-To: <556D8DFD.6050402@riseup.net> References: <556D8DFD.6050402@riseup.net> Message-ID: <20150602111747.GK8510@ctrlc.hu> On Tue, Jun 02, 2015 at 09:05:33PM +1000, Endless wrote: > Hello Cypherpunks! is this some thinly veiled attempt at getting publicity for this whatever it is? -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From softservant at gmail.com Tue Jun 2 14:41:27 2015 From: softservant at gmail.com (Softy) Date: Tue, 2 Jun 2015 14:41:27 -0700 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= In-Reply-To: <20150602165215.GA2900@sivokote.iziade.m$> References: <20150602165215.GA2900@sivokote.iziade.m$> Message-ID: I think looking for a "personal police" is missing the point. When I was a child, and "misbehaved" ... [[[ do we even agree children do?? If not ... well, happily I'm too old to ever have to live around your children ]]] ... when he would scold me, often he would say "I don't like being the policeman" His point was until I (as a growing child) developed my own sense of what is right/wrong, he would happily provide that guidance for me -- which, as a parent, is his obligation/prerogative/joy. As is being done - exploding this Child Supervision thread into the perennial "Nanny State" argument does have one merit. If an individual fails to adhere to guidelines of their Society, they are punished. That is what Society is for. The Nanny State advocates would like to see members of Society be given greater guidance by the State so as to avoid those excursions of acceptability. The detractors believe everyone has the same intuited/divinely inspired ability to adhere to Society's laws on their own. Both miss the others point, as has been done in this thread. That is, all people up to a certain age must have guidance and after a certain age; must have the chance not to have that guidance. With an appropriate period of transition. Quick question for those claiming "let the child alone, she'll be happier on the Internet without muddling parents." ... do you have dependents? you taught to drive? by giving them the car keys and then going on vacation? and now they have perfect driving habits? Which they miraculously learned on their own: no doubt YouTubing Mario Andretti, and reading that one wikihow page. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2282 bytes Desc: not available URL: From thetransintransgenic at gmail.com Tue Jun 2 11:46:25 2015 From: thetransintransgenic at gmail.com (Gadit Bielman) Date: Tue, 2 Jun 2015 14:46:25 -0400 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: On Sun, May 31, 2015 at 4:52 PM, Softy wrote: > > Several responses have stated, and questioned, the children's rights > accessing the Internet. Yes, with supervision. What all the responses > have missed is the lack of distinction between communication and email. > Claiming a child has a right to private extra-familial communications is as > divided as the general access to the Internet. With supervision, without > any more or less privacy than the child has in non-virtual communications. > > And, what hasn't been connected to deciding on the level of supervision, > the developmental state of the child is highly relevant. > > Claiming a child merits access - with or without supervision - can only be > made by the primary custodians of the child. > > We wish to ignore this subtlety because we wish to ignore Society's > overbearing on all of us. > > The result in this specific scenario is, regardless of the child, the > custodians require and merit a higher degree of technical faculty. To > presume it is less than the childs is a mistake. Along with this ability > comes the burden of communication: to provide an appropriate example. As > with many non-virtual counterparts: many failure. such sad. > > Why should this medium of bits be different? > Parents, yes, have a responsibility to raise their children, and as a result have a bunch of extra privileges and a bunch more authority over their children then any one person usually has over another. There is, for very good reasons, a very strong power dynamic in a parent-child relationship. And any power dynamic is prone to abuse, the stronger it is the more likely. I'm am very scared of the idea of a power dynamic like that, where the person at the receiving end has their communication completely monitored. It means that, in case they need to ask for help, that request will be monitored. And depending on how abused the power dynamic is, that could be a Very Bad Thing. Everyone needs a way to ask for help safely. Everyone needs a way to have peers safely. A power dynamic without those minimal checks is not a safe thing to have. (Also, can I express surprise at seeing this opinion *here*? Like, I've heard this sort of argument before, and it definitely has merits -- but I Very Much did not expect it on the cypherpunks mailing list? Is there just some sort of toggle? Do people suddenly go from "no reason that they should be able to have privacy" to "spying and censorship are suddenly totally wrong" when they reach the arbitrary age where they are Now An Adult? Was "get breached" the only thing mSpy did wrong?) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3888 bytes Desc: not available URL: From tbiehn at gmail.com Tue Jun 2 12:03:05 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Tue, 2 Jun 2015 15:03:05 -0400 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: Well, Depending on your particular bent options range from: Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, such as teachers, law enforcement and so on. Arguments abound, and are largely the fodder of flame-bait and trollery. [Which is the source of my earlier comment, "accepting paternalism during youth is the slippery slope to paternalism from the state" - this is a popular opinion on this list, I'm sure, as are the gamut of opposing viewpoints.] This topic is ridiculous, there is no difference between hiding from 'your parents' and hiding from a nation-state attacker, in both scenarios you assume all of your equipment is untrustworthy, you have the advantage with 'your parents' because you know who they are, where they live, where they sleep and have physical access to all their devices. Unfortunately it is not trivial to hide from either attacker, depending on their abilities. Some degree of technical savvy is still required. Any constructive exercise might want to start with Threat Intelligence, thankfully this is fairly easy if you live in the same abode as your attacker, no? If your attacker has no goals or motivations, and carries out no attacks then there is very little you need to do, except, perhaps, clear your browser history. -Travis On Tue, Jun 2, 2015 at 2:46 PM, Gadit Bielman < thetransintransgenic at gmail.com> wrote: > On Sun, May 31, 2015 at 4:52 PM, Softy wrote: > >> >> Several responses have stated, and questioned, the children's rights >> accessing the Internet. Yes, with supervision. What all the responses >> have missed is the lack of distinction between communication and email. >> Claiming a child has a right to private extra-familial communications is as >> divided as the general access to the Internet. With supervision, without >> any more or less privacy than the child has in non-virtual communications. >> >> And, what hasn't been connected to deciding on the level of supervision, >> the developmental state of the child is highly relevant. >> >> Claiming a child merits access - with or without supervision - can only >> be made by the primary custodians of the child. >> >> We wish to ignore this subtlety because we wish to ignore Society's >> overbearing on all of us. >> >> The result in this specific scenario is, regardless of the child, the >> custodians require and merit a higher degree of technical faculty. To >> presume it is less than the childs is a mistake. Along with this ability >> comes the burden of communication: to provide an appropriate example. As >> with many non-virtual counterparts: many failure. such sad. >> >> Why should this medium of bits be different? >> > > Parents, yes, have a responsibility to raise their children, and as a > result have a bunch of extra privileges and a bunch more authority over > their children then any one person usually has over another. There is, for > very good reasons, a very strong power dynamic in a parent-child > relationship. > > And any power dynamic is prone to abuse, the stronger it is the more > likely. > I'm am very scared of the idea of a power dynamic like that, where the > person at the receiving end has their communication completely monitored. > It means that, in case they need to ask for help, that request will be > monitored. And depending on how abused the power dynamic is, that could be > a Very Bad Thing. > > Everyone needs a way to ask for help safely. Everyone needs a way to have > peers safely. > A power dynamic without those minimal checks is not a safe thing to have. > > > (Also, can I express surprise at seeing this opinion *here*? Like, I've > heard this sort of argument before, and it definitely has merits -- but I > Very Much did not expect it on the cypherpunks mailing list? Is there just > some sort of toggle? Do people suddenly go from "no reason that they should > be able to have privacy" to "spying and censorship are suddenly totally > wrong" when they reach the arbitrary age where they are Now An Adult? Was > "get breached" the only thing mSpy did wrong?) > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6304 bytes Desc: not available URL: From Rayzer at riseup.net Tue Jun 2 15:13:55 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 02 Jun 2015 15:13:55 -0700 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: References: <20150602165215.GA2900@sivokote.iziade.m$> Message-ID: <556E2AA3.6090108@riseup.net> On 06/02/2015 02:41 PM, Softy wrote: > If an individual fails to adhere to guidelines of their Society, they > are punished. I want to beg the point here. One of the guidelines of American society was implicit, institutionalized racism, and many people were punished in myriad ways for trying to change that. Some ended up dead. When I was a chld back in elementary school (vamping on Jim Morrison vamping on Lord Buckley), knee bends were a common gym exercise. Now they're known to cause knee damage and no longer practiced as part of a current school gym fitness program. Being able to swim meant you were a witch. Should I continue listing examples? I'd rather rant. Society punishes people alright, but that doesn't make that society's judgment correct, moral or ethical. I'd say the same for punishment of children for not performing to their parent's expectations assuming the child was not in any physical danger, and parents in American society often think the most harmless things are dangerous... Because they simply 'don't get out very much'. Wear a beard in my town full of clean-shaven upwardly mobile yuppies and dinks and they shy away from you like you're Charlie Manson incarnate. But simply go bald-faced, and no one thinks your strange at all until they find out after-the-fact you're going out to fern bars picking up women in your Izod Dockers and rollie costume for the purpose of raping them. Most industrial society parents are literally vicious morons and they should NOT be allowed to punish children for not conforming. Native Americans didn't, and in my child-rearing years I didn't, and you know, my kids turned out just fine thanks. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From thetransintransgenic at gmail.com Tue Jun 2 13:37:25 2015 From: thetransintransgenic at gmail.com (Gadit Bielman) Date: Tue, 2 Jun 2015 16:37:25 -0400 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: On Tue, Jun 2, 2015 at 3:03 PM, Travis Biehn wrote: > Well, > > Depending on your particular bent options range from: > Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, such > as teachers, law enforcement and so on. > > Arguments abound, and are largely the fodder of flame-bait and trollery. > [Which is the source of my earlier comment, "accepting paternalism during > youth is the slippery slope to paternalism from the state" - this is a > popular opinion on this list, I'm sure, as are the gamut of opposing > viewpoints.] > > This topic is ridiculous, there is no difference between hiding from 'your > parents' and hiding from a nation-state attacker, in both scenarios you > assume all of your equipment is untrustworthy, you have the advantage with > 'your parents' because you know who they are, where they live, where they > sleep and have physical access to all their devices. > There's a big difference. A nation-state attacker you assume is maximally competent. Parents you don't. A nation-state attacker cannot personally monitor all their citizens. Parents can personally monitor all their children. As long as you aren't caught, a nation-state attacker cannot arbitrarily restrict your movement. Parents can. Besides non-automated methods such as looking up browser history, parents have a finite set of commercially-available software, with a mostly common set of capabilities. Nation-states have to be sort-of cautious -- if there was a mass-reveal of total surveillance of everyone, there would at least be some blowback, whereas there's not any social pressure on parents at all. In terms of what they care about, parents will prioritize moral issues -- being gay, trans, atheist, etc., among other stuff, depending on the family -- whereas nation-states will prioritize direct plans of action against them. There's probably a lot more differences, and I probably messed up on some of them. Here's someone else's probably-pretty-inexperienced attempt at threat modelling parents: http://ilzolende.tumblr.com/post/110002779072/parents-as-a-threat-model . But there's not "no difference". -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2779 bytes Desc: not available URL: From tbiehn at gmail.com Tue Jun 2 13:49:33 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Tue, 2 Jun 2015 16:49:33 -0400 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: You're just assuming that the generic parental threat isn't omnipotent? Employees of the military industrial complex are parents too. There is no 'generic parental threat model.' What more do you want? What outputs are you expecting here? A flow-chart? Graphs & diagrams? The advice is the same as any other scenario: Threat Intelligence to figure out what the motivations and capabilities are. Standard opsec advice, such as compartmentalize as best as possible. Employ techniques and technologies used to achieve resilience in the face of generic nation-state attackers. Pursue externally mediated resolution [invoke the State's controls or employ physical manipulation] where it is merited. -Travis On Tue, Jun 2, 2015 at 4:37 PM, Gadit Bielman < thetransintransgenic at gmail.com> wrote: > On Tue, Jun 2, 2015 at 3:03 PM, Travis Biehn wrote: > >> Well, >> >> Depending on your particular bent options range from: >> Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, >> such as teachers, law enforcement and so on. >> >> Arguments abound, and are largely the fodder of flame-bait and trollery. >> [Which is the source of my earlier comment, "accepting paternalism during >> youth is the slippery slope to paternalism from the state" - this is a >> popular opinion on this list, I'm sure, as are the gamut of opposing >> viewpoints.] >> >> This topic is ridiculous, there is no difference between hiding from >> 'your parents' and hiding from a nation-state attacker, in both scenarios >> you assume all of your equipment is untrustworthy, you have the advantage >> with 'your parents' because you know who they are, where they live, where >> they sleep and have physical access to all their devices. >> > > There's a big difference. A nation-state attacker you assume is maximally > competent. Parents you don't. A nation-state attacker cannot personally > monitor all their citizens. Parents can personally monitor all their > children. As long as you aren't caught, a nation-state attacker cannot > arbitrarily restrict your movement. Parents can. Besides non-automated > methods such as looking up browser history, parents have a finite set of > commercially-available software, with a mostly common set of capabilities. > Nation-states have to be sort-of cautious -- if there was a mass-reveal of > total surveillance of everyone, there would at least be some blowback, > whereas there's not any social pressure on parents at all. In terms of what > they care about, parents will prioritize moral issues -- being gay, trans, > atheist, etc., among other stuff, depending on the family -- whereas > nation-states will prioritize direct plans of action against them. > > There's probably a lot more differences, and I probably messed up on some > of them. Here's someone else's probably-pretty-inexperienced attempt at > threat modelling parents: > http://ilzolende.tumblr.com/post/110002779072/parents-as-a-threat-model . > But there's not "no difference". > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4549 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jun 2 13:57:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 2 Jun 2015 16:57:38 -0400 Subject: Black Helicopters, and Theatre Tricks Message-ID: http://www.csmonitor.com/USA/Justice/2015/0602/Who-s-behind-mysterious-flights-over-US-cities-FBI https://www.documentcloud.org/documents/2090186-fbi-surveillance-plane-documents.html The AP traced at least 50 aircraft back to the FBI, and identified more than 100 flights since late April orbiting both major cities and rural areas. http://tech.slashdot.org/story/15/06/02/0215236/us-airport-screeners-missed-95-of-weapons-explosives-in-undercover-tests From juan.g71 at gmail.com Tue Jun 2 12:57:47 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 2 Jun 2015 16:57:47 -0300 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: <556e0952.a028370a.5a4b.ffffad86@mx.google.com> On Wed, 3 Jun 2015 01:34:07 +0900 Lodewijk andré de la porte wrote: > > I would argue the alcoholic is best assigned a personal police > officer and psychologist, to keep him in check and positive. In fact; > everyone needs a personal police officer and psychologist. Speaking of trolling... Or was that a joke Lodewijk? From thetransintransgenic at gmail.com Tue Jun 2 14:10:40 2015 From: thetransintransgenic at gmail.com (Gadit Bielman) Date: Tue, 2 Jun 2015 17:10:40 -0400 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: Yes, I am. I'm assuming that, if someone were to see some sort of generic parent solution, and they knew that their parents worked at the NSA and were able to use specialized technical skills, then they would know that it was just not applicable to their situation. But I'm assuming that that would nevertheless be useful for 90% of people. Or am I completely wrong about that? I don't know exactly what I want/expected. Like, it would be absolutely brilliant if there was some general, accessible-to-an-arbitrary-more-tech-savvy-than-average-teenager, howto security, possibly for simplicity specialized to parent-situations, but accessible security is in general a huge unsolved and possibly unsolvable problem. I suppose I was hoping to at least start. On Tue, Jun 2, 2015 at 4:49 PM, Travis Biehn wrote: > You're just assuming that the generic parental threat isn't omnipotent? > Employees of the military industrial complex are parents too. There is no > 'generic parental threat model.' > > What more do you want? What outputs are you expecting here? A flow-chart? > Graphs & diagrams? > > The advice is the same as any other scenario: > > Threat Intelligence to figure out what the motivations and capabilities > are. > Standard opsec advice, such as compartmentalize as best as possible. > Employ techniques and technologies used to achieve resilience in the face > of generic nation-state attackers. > Pursue externally mediated resolution [invoke the State's controls or > employ physical manipulation] where it is merited. > > -Travis > > On Tue, Jun 2, 2015 at 4:37 PM, Gadit Bielman < > thetransintransgenic at gmail.com> wrote: > >> On Tue, Jun 2, 2015 at 3:03 PM, Travis Biehn wrote: >> >>> Well, >>> >>> Depending on your particular bent options range from: >>> Subversion, Evasion, Opposition, Resistance or Appeal to Authorities, >>> such as teachers, law enforcement and so on. >>> >>> Arguments abound, and are largely the fodder of flame-bait and trollery. >>> [Which is the source of my earlier comment, "accepting paternalism during >>> youth is the slippery slope to paternalism from the state" - this is a >>> popular opinion on this list, I'm sure, as are the gamut of opposing >>> viewpoints.] >>> >>> This topic is ridiculous, there is no difference between hiding from >>> 'your parents' and hiding from a nation-state attacker, in both scenarios >>> you assume all of your equipment is untrustworthy, you have the advantage >>> with 'your parents' because you know who they are, where they live, where >>> they sleep and have physical access to all their devices. >>> >> >> There's a big difference. A nation-state attacker you assume is maximally >> competent. Parents you don't. A nation-state attacker cannot personally >> monitor all their citizens. Parents can personally monitor all their >> children. As long as you aren't caught, a nation-state attacker cannot >> arbitrarily restrict your movement. Parents can. Besides non-automated >> methods such as looking up browser history, parents have a finite set of >> commercially-available software, with a mostly common set of capabilities. >> Nation-states have to be sort-of cautious -- if there was a mass-reveal of >> total surveillance of everyone, there would at least be some blowback, >> whereas there's not any social pressure on parents at all. In terms of what >> they care about, parents will prioritize moral issues -- being gay, trans, >> atheist, etc., among other stuff, depending on the family -- whereas >> nation-states will prioritize direct plans of action against them. >> >> There's probably a lot more differences, and I probably messed up on some >> of them. Here's someone else's probably-pretty-inexperienced attempt at >> threat modelling parents: >> http://ilzolende.tumblr.com/post/110002779072/parents-as-a-threat-model . >> But there's not "no difference". >> > > > > -- > Twitter | LinkedIn > | GitHub > | TravisBiehn.com | > Google Plus > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5788 bytes Desc: not available URL: From yearofthemonkey at riseup.net Tue Jun 2 16:01:30 2015 From: yearofthemonkey at riseup.net (yotm) Date: Tue, 02 Jun 2015 18:01:30 -0500 Subject: NSA/FBI monitoring In-Reply-To: References: Message-ID: <556E35CA.8090103@riseup.net> Hey folks, With the NSA Patriot Act/FBI planes in the news, I recalled an IRL example from 2004 of Minneapolis FBI anti-terrorism division/department monitoring my cell, email and MSN Messenger communications. https://storify.com/flyingmonkeyair/in-which-the-fbi-surveilled-me-while-buying-a-dog I mention this because so far all the metadata collection info ruckus has focused on the NSA. There's been so much data released as a result of Snowden that I've lost track. Does anyone recall anything showing the FBI have access to the NSA's data, or does the FBI have it's own interception going on? Thanks for any light shed on this. Cheers, Nigel Parry nigelparry.com nigelparry.net From guninski at guninski.com Tue Jun 2 09:52:16 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 2 Jun 2015 19:52:16 +0300 Subject: =?utf-8?B?4oCLIFJl?= =?utf-8?Q?=3A?= Threat Model: Parents In-Reply-To: References: Message-ID: <20150602165215.GA2900@sivokote.iziade.m$> On Wed, Jun 03, 2015 at 01:34:07AM +0900, Lodewijk andré de la porte wrote: > 2015-06-03 0:42 GMT+09:00 Softy : > > > ​Arguably a category of child which would benefit from a concerned adults > > supervision. > > > > I would never assert an alcoholic should choose a bar as their favourite > > hangout - nor would I claim they have no right to choose to do so. > > However, I would assert (to the alcoholic) they would be better off going > > to said bar with a helpful supervisor/friend.​ > > > > I would argue the alcoholic is best assigned a personal police officer and > psychologist, to keep him in check and positive. In fact; everyone needs a > personal police officer and psychologist. > > Dude, I am pretty sure your view is not popular in east europe and/or russia. "a personal police" for each alcoholic likely means almost all of police are alcoholics too (in case they are natives). -- We don't need no education We don't need no thought control From M373 at riseup.net Tue Jun 2 17:52:46 2015 From: M373 at riseup.net (M373) Date: Tue, 02 Jun 2015 19:52:46 -0500 Subject: NSA/FBI monitoring In-Reply-To: <556E35CA.8090103@riseup.net> References: <556E35CA.8090103@riseup.net> Message-ID: <556E4FDE.3000108@riseup.net> The NSA provides data to the FBI and DEA, among others. Although it was known previously, this is part of what Snowden released with corroborating documentation. That it hasn't gotten more attention, by Greenwald, Snowden, et al, is one of the major credible complaints since the releases began in June 2013. The FBI does do its own surveillance and can easily tap telecoms with programs such as DCSNet and Red Hook, but they don't have the resources (as far I know) to do the blanket surveillance that NSA (and GCHQ, CSE, etc) does. NSA collects nearly all internet traffic in the USA with its intercept rooms at the network control centers that big telecoms have on the internet backbone. They gather almost everything, including content, not just metadata. The announced capacity of the Bluffton, Utah data center is several orders of magnitude more than is needed to store metadata alone. So, yes, some NSA data is shared with the FBI (and others) but the details matter. There is FBI surveillance but NSA does the blanket surveillance. With the FBI, as far as I know, you have to be targeted (except for the IMSI catcher type stuff, which are indiscriminate but not an nationwide/international dragnet). The AP story about the FBI surveillance planes is quite interesting, although fits with recent info and long term trends. On 02-Jun-15 18:01, yotm wrote: > Hey folks, > > With the NSA Patriot Act/FBI planes in the news, I recalled an IRL > example from 2004 of Minneapolis FBI anti-terrorism division/department > monitoring my cell, email and MSN Messenger communications. > > https://storify.com/flyingmonkeyair/in-which-the-fbi-surveilled-me-while-buying-a-dog > > I mention this because so far all the metadata collection info ruckus > has focused on the NSA. > > There's been so much data released as a result of Snowden that I've lost > track. Does anyone recall anything showing the FBI have access to the > NSA's data, or does the FBI have it's own interception going on? > > Thanks for any light shed on this. > > Cheers, > > Nigel Parry > nigelparry.com > nigelparry.net > > From guninski at guninski.com Tue Jun 2 09:59:38 2015 From: guninski at guninski.com (Georgi Guninski) Date: Tue, 2 Jun 2015 19:59:38 +0300 Subject: Will Greece goo boom? Message-ID: <20150602165938.GB2900@sivokote.iziade.m$> I am wondering: Will Greece go boom relatively soon? The reasons are Greece owns significant amounts of money (like the u$a) and they can't pay. This might be an opportunity to see how a country goes boom in modern times (after we know know what happens to cities like Detroit). From mirimir at riseup.net Tue Jun 2 19:23:31 2015 From: mirimir at riseup.net (Mirimir) Date: Tue, 02 Jun 2015 20:23:31 -0600 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: References: <20150602165215.GA2900@sivokote.iziade.m$> Message-ID: <556E6523.8040100@riseup.net> Please help me calibrate my irony detector. On 06/02/2015 10:34 AM, Lodewijk andré de la porte wrote: > I would argue the alcoholic is best assigned a personal police > officer and psychologist, to keep him in check and positive. > In fact; everyone needs a personal police officer and psychologist. This was irony. Yes? On 06/02/2015 03:41 PM, Softy wrote: > If an individual fails to adhere to guidelines of their Society, > they are punished. That is what Society is for. This was not irony. Yes? From juan.g71 at gmail.com Tue Jun 2 16:34:27 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 2 Jun 2015 20:34:27 -0300 Subject: =?UTF-8?B?4oCL?= Re: Threat Model: Parents In-Reply-To: References: <20150602165215.GA2900@sivokote.iziade.m$> Message-ID: <556e3c1d.6891340a.e478.0f32@mx.google.com> On Tue, 2 Jun 2015 14:41:27 -0700 Softy wrote: > > If an > individual fails to adhere to guidelines of their Society, they are > punished. That is what Society is for. This is...too much. From griffin at cryptolab.net Tue Jun 2 18:04:01 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Tue, 02 Jun 2015 21:04:01 -0400 Subject: =?UTF-8?Q?Re=3A_=E2=80=8B_Re=3A_Threat_Model=3A_Parents?= In-Reply-To: <556e3c1d.6891340a.e478.0f32@mx.google.com> References: <20150602165215.GA2900@sivokote.iziade.m$> <556e3c1d.6891340a.e478.0f32@mx.google.com> Message-ID: <547171b3634c0ebe048b9fe7c86406d1@cryptolab.net> Juan wrote: > Softy wrote: >> If an >> individual fails to adhere to guidelines of their Society, they are >> punished. That is what Society is for. > > This is...too much. Yeahhh, that's not what society is actually for, per se. Even if you take a harsh reading of Foucault and realize that we've moved from a disciplinary society to a control society (and then to a panoptic society), you're quite cynical if Punishment is all you think that society is structured to do. That, or you feel extra put-upon for some reason. Everything okay, Softy? From 3ndless at riseup.net Tue Jun 2 04:05:33 2015 From: 3ndless at riseup.net (Endless) Date: Tue, 02 Jun 2015 21:05:33 +1000 Subject: Windows 10 Message-ID: <556D8DFD.6050402@riseup.net> Hello Cypherpunks! As many of you will likely know, Microsoft has recently made public a release date for Windows 10 and has been testing the platform as part of the "Windows Insider" program. With this update comes a number of seemingly unoriginal [1], but nonetheless interesting features, such as "Cortana", Windows' "truly personal" assistant (only to be available in a handful of countries) and "Windows Hello", a biometric authentication system allowing the use of the face, iris, or finger for access [2]. What changes in Windows' security are expected to take place? Will systems such as Windows Hello leak uniquely identifiable biometric data, despite a planned increase in security [3]? What could perhaps be done to limit the risk of using systems such as a cloud-based, personal assistant that is able to access most of a person's internet-connected devices? Thankyou very much, Endless [1] It seems that Windows 10's flagship features such as biometric authentication have already been available on a number of other platforms for quite some time, not to mention the fact that the name "Cortana" was used as the name for an artificial intelligence character in the popular "Halo" game series (The name seems to be have been used without violating intellectual property laws, as Halo, having been originally developed by Bungie, Inc. is now a subsidiary of Microsoft Studios). [2] More information regarding Microsoft's initial announcement of the Windows 10 release date can be found at the following link: https://blogs.windows.com/bloggingwindows/2015/06/01/hello-world-windows-10-available-on-july-29/ [3] A blog post relating to Windows 10's planned "security perks" can be found at the following link: http://blogs.windows.com/business/2014/10/22/windows-10-security-and-identity-protection-for-the-modern-world/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 834 bytes Desc: OpenPGP digital signature URL: From juan.g71 at gmail.com Tue Jun 2 19:30:22 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 2 Jun 2015 23:30:22 -0300 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: <556e6557.874b340a.0513.0eee@mx.google.com> On Wed, 3 Jun 2015 11:56:14 +1000 Zenaan Harkness wrote: > On 6/3/15, Juan wrote: > > On Tue, 2 Jun 2015 14:41:27 -0700 > > Softy wrote: > >> If an > >> individual fails to adhere to guidelines of their Society, they are > >> punished. That is what Society is for. > > > > This is...too much. > > In a "too much self irony" kind of way. I had a similar thought, but > figured someone would pipe up :D > > Made my day, Juan. Made my day :) Now I'm wondering if I perhaps misread the author's intent and the line I quoted was meant as criticism, but somehow I doubt it. From l at odewijk.nl Tue Jun 2 07:35:56 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Tue, 2 Jun 2015 23:35:56 +0900 Subject: Windows 10 In-Reply-To: <20150602111747.GK8510@ctrlc.hu> References: <556D8DFD.6050402@riseup.net> <20150602111747.GK8510@ctrlc.hu> Message-ID: windows security LOL -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 62 bytes Desc: not available URL: From l at odewijk.nl Tue Jun 2 09:34:07 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Wed, 3 Jun 2015 01:34:07 +0900 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= In-Reply-To: References: Message-ID: 2015-06-03 0:42 GMT+09:00 Softy : > ​Arguably a category of child which would benefit from a concerned adults > supervision. > > I would never assert an alcoholic should choose a bar as their favourite > hangout - nor would I claim they have no right to choose to do so. > However, I would assert (to the alcoholic) they would be better off going > to said bar with a helpful supervisor/friend.​ > I would argue the alcoholic is best assigned a personal police officer and psychologist, to keep him in check and positive. In fact; everyone needs a personal police officer and psychologist. > Their specific situation is that they're about 15, autistic and bipolar, >> > Especially this guy. We would all be so much better of if we'd be kept in check and positive. If we had someone watching us all the time, we could do anything we like without fear. If we had someone tell us what to think, we wouldn't think anything badly. But.. unless we can somehow automate the personal police officer and psychologist we will never have enough people to do it :( -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1964 bytes Desc: not available URL: From zen at freedbms.net Tue Jun 2 15:31:50 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 3 Jun 2015 08:31:50 +1000 Subject: Threat Model: Parents In-Reply-To: References: Message-ID: > On Tue, Jun 2, 2015 at 4:49 PM, Travis Biehn wrote: >> You're just assuming that the generic parental threat isn't omnipotent? On 6/3/15, Gadit Bielman wrote: > Yes, I am. I'm assuming that, if someone were to see some sort of generic Please stop top posting. > parent solution, and they knew that their parents worked at the NSA and > were able to use specialized technical skills, then they would know that it > was just not applicable to their situation. But I'm assuming that that > would nevertheless be useful for 90% of people. Or am I completely wrong > about that? Your assumption of useful to 90% of people is supposed to be relevant to this one person you are supposedly trying to help? > I don't know exactly what I want/expected. Like, it would be absolutely > brilliant if there was some general, > accessible-to-an-arbitrary-more-tech-savvy-than-average-teenager, howto > security, possibly for simplicity specialized to parent-situations, but > accessible security is in general a huge unsolved and possibly unsolvable > problem. I suppose I was hoping to at least start. You've been given quite a few practical starts in this list. Quite a few. Attempts to extract something which does not exist, is not seen in a good light. I suggest chill, and focus on how you might actually help the person you are proclaining to want to help. From softservant at gmail.com Wed Jun 3 08:39:17 2015 From: softservant at gmail.com (Softy) Date: Wed, 3 Jun 2015 08:39:17 -0700 Subject: cypherpunks Digest, Vol 24, Issue 6 In-Reply-To: References: Message-ID: ​Oh, no denying the over-generalizing of my usage of "Society", but the point is plain, and valid. We have a method of laws (aka Society - not only regarding it's application of Power)​ which we live under. If raising a Child means empowering/guiding that person to have a healthy understanding of Themselves, Others, Institutions, etc, one must provide an example - as Guide. RE: Native Peoples, yes, they did the same thing. My child [5] can safely walk to the park and back in the over-urbanized environment we live because we've provided him the space to learn how to do so; neighbourhood walks, back-woods treks, etc. Would I trust him to be okay going to the city-core? Neither would a Native People have let their child go on a similarly arduous trek. The scale/surroundings are different, the means and ends are the same: Teach Independence while providing a reasonably sheltered environment to learn that Independence. By providing Supervision on his learning, he did so. The State/Parents do not need to squash all his attempts, nor can Parents/State be divorced from his efforts. Do we laws dictating "Child shall be no more than x feet from home unattended" ... clearly not, perhaps cases such as the Free Range Parenting will spur the creation of those laws from the pro-Nanny crowd. That is my usage of "Society" - more narrow than the put-upon extrapolations of the gallery; which were perhaps teased out by my over generalized usage earlier ... but, hey, what's Intertube proselytizing with out some trolling. > If an individual fails to adhere to guidelines of their Society, > > they are punished. That is what Society is for. > > This was not irony. Yes? > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2237 bytes Desc: not available URL: From Rayzer at riseup.net Wed Jun 3 09:58:54 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 03 Jun 2015 09:58:54 -0700 Subject: NSA/FBI monitoring In-Reply-To: <556E4FDE.3000108@riseup.net> References: <556E35CA.8090103@riseup.net> <556E4FDE.3000108@riseup.net> Message-ID: <556F324E.4020707@riseup.net> On 06/02/2015 05:52 PM, M373 wrote: > The NSA provides data to the FBI Actually it's the OTHER way around: "Presidential Executive Order 12333 - 1.13 allows the FBI to provide the NSA with “technical assistance” in the United States… ie. to collect metadata about American citizens by collaborating with “foreign intelligence and law enforcement services”. In other words, "President Obama could end mass domestic surveillance with one stroke of his pen." More, with links: http://auntieimperial.tumblr.com/post/72893522022 > nd DEA, among others. Although it was > known previously, this is part of what Snowden released with > corroborating documentation. That it hasn't gotten more attention, by > Greenwald, Snowden, et al, is one of the major credible complaints since > the releases began in June 2013. The FBI does do its own surveillance > and can easily tap telecoms with programs such as DCSNet and Red Hook, > but they don't have the resources (as far I know) to do the blanket > surveillance that NSA (and GCHQ, CSE, etc) does. NSA collects nearly all > internet traffic in the USA with its intercept rooms at the network > control centers that big telecoms have on the internet backbone. They > gather almost everything, including content, not just metadata. The > announced capacity of the Bluffton, Utah data center is several orders > of magnitude more than is needed to store metadata alone. > > So, yes, some NSA data is shared with the FBI (and others) but the > details matter. There is FBI surveillance but NSA does the blanket > surveillance. With the FBI, as far as I know, you have to be targeted > (except for the IMSI catcher type stuff, which are indiscriminate but > not an nationwide/international dragnet). The AP story about the FBI > surveillance planes is quite interesting, although fits with recent info > and long term trends. > > On 02-Jun-15 18:01, yotm wrote: >> Hey folks, >> >> With the NSA Patriot Act/FBI planes in the news, I recalled an IRL >> example from 2004 of Minneapolis FBI anti-terrorism division/department >> monitoring my cell, email and MSN Messenger communications. >> >> https://storify.com/flyingmonkeyair/in-which-the-fbi-surveilled-me-while-buying-a-dog >> >> I mention this because so far all the metadata collection info ruckus >> has focused on the NSA. >> >> There's been so much data released as a result of Snowden that I've lost >> track. Does anyone recall anything showing the FBI have access to the >> NSA's data, or does the FBI have it's own interception going on? >> >> Thanks for any light shed on this. >> >> Cheers, >> >> Nigel Parry >> nigelparry.com >> nigelparry.net >> >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From coderman at gmail.com Wed Jun 3 10:07:40 2015 From: coderman at gmail.com (coderman) Date: Wed, 3 Jun 2015 10:07:40 -0700 Subject: NSA/FBI monitoring In-Reply-To: <556E4FDE.3000108@riseup.net> References: <556E35CA.8090103@riseup.net> <556E4FDE.3000108@riseup.net> Message-ID: On 6/2/15, M373 wrote: > The NSA provides data to the FBI and DEA, among others... > ... The FBI does do its own surveillance > and can easily tap telecoms with programs such as DCSNet and Red Hook, > but they don't have the resources (as far I know) to do the blanket > surveillance that NSA (and GCHQ, CSE, etc) does. FBI is NSA's front man for domestic programs. see DITU and how PRISM, while an NSA program, is coordinated through FBI. FBI does provide blanket surveillance, although they must launder information through parallel construction before the surveillance becomes legally actionable. > NSA collects nearly all > internet traffic in the USA with its intercept rooms at the network > control centers that big telecoms have on the internet backbone. They > gather almost everything, including content, not just metadata. The > announced capacity of the Bluffton, Utah data center is several orders > of magnitude more than is needed to store metadata alone. to be clear, they inspect nearly everything in-line with "Deep Packet Inspection" and "semantic analysis" and similar techniques, e.g. Narus Insight, at the edges rather than centrally. there is an order of magnitude less capacity for NSANet uplink than what is monitored through taps. they could not pull a mirror of all traffic if they wanted to! then, the selected stuff is collected and stored forever*. the Utah massive data repository is not full take buffer, but rather persistence for selected or collected information. (full take on backbones a technical challenge, and not everywhere.) > ... With the FBI, as far as I know, you have to be targeted > (except for the IMSI catcher type stuff, which are indiscriminate but > not an nationwide/international dragnet). The AP story about the FBI > surveillance planes is quite interesting, although fits with recent info > and long term trends. as discussed elsewhere, you can get "selected" for various activities, which is auto-targeting, in a sense... best regards, * for some definition of "forever". From Rayzer at riseup.net Wed Jun 3 10:16:10 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 03 Jun 2015 10:16:10 -0700 Subject: NSA/FBI monitoring In-Reply-To: <556E4FDE.3000108@riseup.net> References: <556E35CA.8090103@riseup.net> <556E4FDE.3000108@riseup.net> Message-ID: <556F365A.1080302@riseup.net> ...or should I say the intel collected goes both ways but it seems the NSA, which I don't believe actually HAS direct authorization to spy on US citizens within the continental US gets it's intel from the FBI's DITU. Data Intercept Technology Unit. http://auntieimperial.tumblr.com/post/67983541953 Rummage around my DITU tags and you'll find one of the FBI people assigned this task used to be a discount furniture salesman. http://auntieimperial.tumblr.com/search/DITU On 06/02/2015 05:52 PM, M373 wrote: > The NSA provides data to the FBI and DEA, among others. Although it was > known previously, this is part of what Snowden released with > corroborating documentation. That it hasn't gotten more attention, by > Greenwald, Snowden, et al, is one of the major credible complaints since > the releases began in June 2013. The FBI does do its own surveillance > and can easily tap telecoms with programs such as DCSNet and Red Hook, > but they don't have the resources (as far I know) to do the blanket > surveillance that NSA (and GCHQ, CSE, etc) does. NSA collects nearly all > internet traffic in the USA with its intercept rooms at the network > control centers that big telecoms have on the internet backbone. They > gather almost everything, including content, not just metadata. The > announced capacity of the Bluffton, Utah data center is several orders > of magnitude more than is needed to store metadata alone. > > So, yes, some NSA data is shared with the FBI (and others) but the > details matter. There is FBI surveillance but NSA does the blanket > surveillance. With the FBI, as far as I know, you have to be targeted > (except for the IMSI catcher type stuff, which are indiscriminate but > not an nationwide/international dragnet). The AP story about the FBI > surveillance planes is quite interesting, although fits with recent info > and long term trends. > > On 02-Jun-15 18:01, yotm wrote: >> Hey folks, >> >> With the NSA Patriot Act/FBI planes in the news, I recalled an IRL >> example from 2004 of Minneapolis FBI anti-terrorism division/department >> monitoring my cell, email and MSN Messenger communications. >> >> https://storify.com/flyingmonkeyair/in-which-the-fbi-surveilled-me-while-buying-a-dog >> >> I mention this because so far all the metadata collection info ruckus >> has focused on the NSA. >> >> There's been so much data released as a result of Snowden that I've lost >> track. Does anyone recall anything showing the FBI have access to the >> NSA's data, or does the FBI have it's own interception going on? >> >> Thanks for any light shed on this. >> >> Cheers, >> >> Nigel Parry >> nigelparry.com >> nigelparry.net >> >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From coderman at gmail.com Wed Jun 3 10:24:40 2015 From: coderman at gmail.com (coderman) Date: Wed, 3 Jun 2015 10:24:40 -0700 Subject: NSA/FBI monitoring In-Reply-To: <556F365A.1080302@riseup.net> References: <556E35CA.8090103@riseup.net> <556E4FDE.3000108@riseup.net> <556F365A.1080302@riseup.net> Message-ID: On 6/3/15, Razer wrote: > ... > Rummage around my DITU tags and you'll find one of the FBI people > assigned this task used to be a discount furniture salesman. sat next to a spook at a bar at an infosec conference once, and he said: "I sell office furniture". :P From pranesh at cis-india.org Tue Jun 2 22:11:43 2015 From: pranesh at cis-india.org (Pranesh Prakash) Date: Wed, 03 Jun 2015 10:41:43 +0530 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: References: Message-ID: <556E8C8F.1030206@cis-india.org> Travis Biehn [2015-06-01 15:16:01 -0400]: > That's just a slippery slope to accepting the paternalism of the state, > man. This thread continues to deliver. This particular use of the "slippery slope" argument shows exactly why it is such a moronic argument that's usually misapplied. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 801 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Tue Jun 2 18:56:14 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 3 Jun 2015 11:56:14 +1000 Subject: Threat Model: Parents Message-ID: On 6/3/15, Juan wrote: > On Tue, 2 Jun 2015 14:41:27 -0700 > Softy wrote: >> If an >> individual fails to adhere to guidelines of their Society, they are >> punished. That is what Society is for. > > This is...too much. In a "too much self irony" kind of way. I had a similar thought, but figured someone would pipe up :D Made my day, Juan. Made my day :) From yearofthemonkey at riseup.net Wed Jun 3 13:26:55 2015 From: yearofthemonkey at riseup.net (yotm) Date: Wed, 03 Jun 2015 15:26:55 -0500 Subject: NSA/FBI monitoring In-Reply-To: References: Message-ID: <556F630F.8070401@riseup.net> _The NSA provides data to the FBI and DEA, among others. Although it was known previously, this is part of what Snowden released with corroborating documentation. That it hasn't gotten more attention, by Greenwald, Snowden, et al, is one of the major credible complaints since the releases began in June 2013. _ Thanks M373, this was what I couldn't put my finger on, it's all been NSA, NSA so far... if the FBI has its own capacity to monitor phone, email, chats, etc., in addition to whatever NSA shares with them, that's a whole other data-sucking structure that needs attention. Nigel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 778 bytes Desc: not available URL: From M373 at riseup.net Wed Jun 3 14:47:16 2015 From: M373 at riseup.net (M373) Date: Wed, 03 Jun 2015 16:47:16 -0500 Subject: NSA/FBI monitoring In-Reply-To: <556F630F.8070401@riseup.net> References: <556F630F.8070401@riseup.net> Message-ID: <556F75E4.4030509@riseup.net> As others said, I made an oversight in that the FBI also provides some info to the NSA. Info goes both ways. There are some restrictions on using domestic intercepts, and this is where the FBI comes in. Using businesses to do dirty work is also a way that the government circumvents certain controls and accountability that don't apply to companies. All major telecom companies have worked closely and secretly with government spying since their inceptions. Both need each other. You should also look into FBI's DITU in addition to DCSNet, Red Hook, and such specific technologies. On 03-Jun-15 15:26, yotm wrote: > _The NSA provides data to the FBI and DEA, among others. Although it was > known previously, this is part of what Snowden released with > corroborating documentation. That it hasn't gotten more attention, by > Greenwald, Snowden, et al, is one of the major credible complaints since > the releases began in June 2013. _ > > Thanks M373, this was what I couldn't put my finger on, it's all been NSA, NSA so far... if the FBI has its own capacity to monitor phone, email, chats, etc., in addition to whatever NSA shares with them, that's a whole other data-sucking structure that needs attention. > > Nigel -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1660 bytes Desc: not available URL: From juan.g71 at gmail.com Wed Jun 3 14:37:33 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 3 Jun 2015 18:37:33 -0300 Subject: Threat Model: Parents In-Reply-To: References: <556e0952.a028370a.5a4b.ffffad86@mx.google.com> Message-ID: <556f7230.8a0f370a.455d.ffff8783@mx.google.com> On Thu, 4 Jun 2015 04:00:05 +0900 Lodewijk andré de la porte wrote: > 2015-06-03 4:57 GMT+09:00 Juan : > > > > Or was that a joke Lodewijk? > > > Talking about childhood brings out my inner anarchist. I'm on your > side for this one Juan. Get the molotovs. I did enjoy your reply to Softy. Thanks ;) From coderman at gmail.com Wed Jun 3 19:08:45 2015 From: coderman at gmail.com (coderman) Date: Wed, 3 Jun 2015 19:08:45 -0700 Subject: Fwd: has there ever been a FOIA request leading to initiation of criminal prosecution against the requestor? In-Reply-To: References: Message-ID: On 5/29/15, coderman wrote: > i would like to know if anyone is aware of past incidents where a FOIA > request results in a law enforcement agency initiating (accelerating?) > criminal action against the requesting individual... thanks to everyone for the responses. someone else pointed out FBI "disruption strategies"[0] which may appear to be investigation oriented but in fact are merely denial of service attacks. i created a new FOIA for this category of operation[1] and will see what turns up... best regards, 0. "UNLEASHED AND UNACCOUNTABLE - The FBI’s Unchecked Abuse of Authority" - https://www.aclu.org/sites/default/files/assets/unleashed-and-unaccountable-fbi-report.pdf see page 18, chapter 3, 'Innocent Victims of Aggressive Investigation and Surveillance' 1. "FederalDisruption" - https://www.muckrock.com/foi/united-states-of-america-10/federaldisruption-18313/ From mirimir at riseup.net Wed Jun 3 18:24:53 2015 From: mirimir at riseup.net (Mirimir) Date: Wed, 03 Jun 2015 19:24:53 -0600 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> Message-ID: <556FA8E5.8010005@riseup.net> On 06/03/2015 10:43 AM, Lodewijk andré de la porte wrote: > 2015-06-03 11:23 GMT+09:00 Mirimir : > >>> I would argue the alcoholic is best assigned a personal police >>> officer and psychologist, to keep him in check and positive. >>> In fact; everyone needs a personal police officer and psychologist. >> >> This was irony. Yes? >> > > Irony, but not an unrealistic future. Note that you /are/ a child. There's > always others responsible for you, they will take their responsibility. > And, you are also a liability to others. In a competitive enough world you > are a liability when you are not productive. I believe inflation is part > effective because it demands greater productivity. Yes, as you said to Juan: "Talking about childhood brings out my inner anarchist." And I'm not very hopeful about the future. I don't know what else to say, so I'll quote from "Dead Flag Blues" by Godspeed You! Black Emperor: | the car's on fire and there's no driver at the wheel | and the sewers are all muddied with a thousand lonely suicides | and a dark wind blows | | the government is corrupt | and we're on so many drugs | with the radio on and the curtains drawn | | we're trapped in the belly of this horrible machine | and the machine is bleeding to death | | the sun has fallen down | and the billboards are all leering | and the flags are all dead at the top of their poles From juan.g71 at gmail.com Wed Jun 3 15:29:11 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 3 Jun 2015 19:29:11 -0300 Subject: DEA bulk spying, FBI Spy Planes, IMEI Catchers, NIST cryptography standards, and ALPR amendments to HR 2578 In-Reply-To: <20150603220601.10717aa3@riseup.net> References: <20150603220601.10717aa3@riseup.net> Message-ID: <556f7e4b.d6938c0a.7e03.ffff8cb3@mx.google.com> On Wed, 3 Jun 2015 22:06:01 +0000 Jah Love wrote: > You can read the discussion on the amendment to ban the DEA from bulk > surveillance Course, what that bullshit means is that the propaganda gets even more brazen. The DEA (or any other govt mafia) will keep doing whatever they want AND now they will pretend they are not spying and point to the 'law' that 'bans' them from spying as 'proof' that they are not spying. Orwell would be proud. From jahlove at riseup.net Wed Jun 3 15:06:01 2015 From: jahlove at riseup.net (Jah Love) Date: Wed, 3 Jun 2015 22:06:01 +0000 Subject: DEA bulk spying, FBI Spy Planes, IMEI Catchers, NIST cryptography standards, and ALPR amendments to HR 2578 Message-ID: <20150603220601.10717aa3@riseup.net> There's some amazing stuff going into the US House of Representative's HR2578. Here's some links to some of it: You can read the discussion on the amendment to ban the DEA from bulk surveillance here at page 83: http://www.gpo.gov/fdsys/pkg/CREC-2015-06-02/pdf/CREC-2015-06-02.pdf It passed! I got the link to that PDF at the Recent Sessions On-Demand tab at this link which also has archived videos of the proceedings: http://houselive.gov/ These other amendments also just passed a few hours ago: 3:16:54 P.M. H.R. 2578 An amendment, offered by Mr. Massie, to prohibit the use of funds by the National Institute of Standards and Technology to consult with the National Security Agency or the CIA to alter cryptographic or computer standards, except to improve information security. 3:16:56 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Third Massie amendment. 3:26:26 P.M. H.R. 2578 POSTPONED PROCEEDINGS - At the conclusion of debate on the Third Massie amendment, the Chair put the question on adoption of the amendment and by voice vote, announced that the ayes had prevailed. Mr. Massie demanded a recorded vote and the Chair postponed further proceedings on the question of adoption of the amendment until a time to be announced. 3:35:34 P.M. H.R. 2578 An amendment, offered by Mr. Issa, to prohibit the use of funds to operate or disseminate a cell-site simulator or IMSI catcher in the United States except pursuant to a court order that identifies an individual, account, address, or personal device. 3:37:29 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Issa Amendment. 4:06:04 P.M. H.R. 2578 An amendment, offered by Mr. Lamborn, to prohibit the use of funds to collect information about individuals attending gun shows, by means of an automatic license plate reader, or to retain any information so collected. 4:06:06 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Lamborn amendment, pending a reservation of a point of order. 4:12:43 P.M. H.R. 2578 Mr. Farr raised a point of order against the Lamborn amendment. Mr. Farr stated that the amendment seeks to change existing law and constitutes legislation in an appropriations bill. The Chair sustained the point of order. From l at odewijk.nl Wed Jun 3 09:43:29 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 4 Jun 2015 01:43:29 +0900 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= In-Reply-To: <556E6523.8040100@riseup.net> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> Message-ID: 2015-06-03 11:23 GMT+09:00 Mirimir : > > I would argue the alcoholic is best assigned a personal police > > officer and psychologist, to keep him in check and positive. > > In fact; everyone needs a personal police officer and psychologist. > > This was irony. Yes? > Irony, but not an unrealistic future. Note that you /are/ a child. There's always others responsible for you, they will take their responsibility. And, you are also a liability to others. In a competitive enough world you are a liability when you are not productive. I believe inflation is part effective because it demands greater productivity. > On 06/02/2015 03:41 PM, Softy wrote: > > If an individual fails to adhere to guidelines of their Society, > > they are punished. That is what Society is for. > > This was not irony. Yes? I believe this was just foolish. Society is a common madness, not something that is for a reason. All it takes is evolutionary feasibility - which I would say Society is for; continuing it's own existence, regardless of anything. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1615 bytes Desc: not available URL: From grarpamp at gmail.com Wed Jun 3 23:46:07 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 4 Jun 2015 02:46:07 -0400 Subject: Electioneering, Freedom Act Message-ID: http://www.cgpgrey.com/politics-in-the-animal-kingdom/ http://yro.slashdot.org/story/15/06/02/2147216/senate-passes-usa-freedom-act From grarpamp at gmail.com Thu Jun 4 00:21:16 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 4 Jun 2015 03:21:16 -0400 Subject: cypherpunks Digest, Vol 24, Issue 6 In-Reply-To: References: Message-ID: On Wed, Jun 3, 2015 at 2:57 PM, Lodewijk andré de la porte wrote: > Old people make laws suck for young people, Old puppetmasters suck. Old people filling parliaments make sucky laws. Law enforcers enforce suckily. Laws basically suck. As does society. Whatever. From grarpamp at gmail.com Thu Jun 4 00:50:31 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 4 Jun 2015 03:50:31 -0400 Subject: NSA/FBI monitoring In-Reply-To: <556F75E4.4030509@riseup.net> References: <556F630F.8070401@riseup.net> <556F75E4.4030509@riseup.net> Message-ID: On Wed, Jun 3, 2015 at 5:47 PM, M373 wrote: > Using businesses to > do dirty work is also a way that the government circumvents certain controls > and accountability that don't apply to companies. All major telecom > companies have worked closely and secretly with government spying since > their inceptions. Telecoms love their contracts and are filled with the typical sheeple. All major telecoms literally gave their historical call records to the government without fighting to uphold the fact that the constitution requires indivualized warrants based on probable cause. Now they both have all the CDR's pretty much everyone alive in the USA today has ever made, and is making, and like all big data have no intention on ever destroying them. How does that feel? Needs more attention eh? https://www.law.cornell.edu/constitution/fourth_amendment https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution From l at odewijk.nl Wed Jun 3 11:57:06 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 4 Jun 2015 03:57:06 +0900 Subject: cypherpunks Digest, Vol 24, Issue 6 In-Reply-To: References: Message-ID: 2015-06-04 0:39 GMT+09:00 Softy : > Do we laws dictating "Child shall be no more than x feet from home > unattended" I don't know about you, but I was imprisoned until I was about 16. At 16 I trained to perform some arbitrary tests, one of which involved repeating lies, and another working knowledge of proprietary tools (further cementing their monopoly and encouraging my dependence). Most people feel jealousy and even rage at how easy I managed to complete the arbitrary tests (did foreign, easier tests, that were also accepted due to European regulations). I don't give an honest fuck that I was allowed outside of prison for a few hours a day (most of which were supposed to be filled with out-prison-labor). I feel a significant amount of disgust for anyone that thinks they're superior enough to know what's good for others to such an extend as to force them. Just because the goalers say it's for your own good doesn't make it good! And lastly, it is not justice to make me suffer because some people's parents suck at parenting. More recently I've had such issues with visa's and family law that I'm very positive that justice is dead. Old people make laws suck for young people, what do they care? And the more society develops, the older the young will be. Until such a point that the realization will be had that we remain children; we learn and develop, and we are not ready for the world. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1966 bytes Desc: not available URL: From l at odewijk.nl Wed Jun 3 12:00:05 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 4 Jun 2015 04:00:05 +0900 Subject: Threat Model: Parents In-Reply-To: <556e0952.a028370a.5a4b.ffffad86@mx.google.com> References: <556e0952.a028370a.5a4b.ffffad86@mx.google.com> Message-ID: 2015-06-03 4:57 GMT+09:00 Juan : > > Or was that a joke Lodewijk? Talking about childhood brings out my inner anarchist. I'm on your side for this one Juan. Get the molotovs. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 493 bytes Desc: not available URL: From grarpamp at gmail.com Thu Jun 4 01:03:37 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 4 Jun 2015 04:03:37 -0400 Subject: Taking Odds on the Content Bomb, and other Election Cycle Wonders Message-ID: Assholes like this love to stand up and lie to you... https://i.ytimg.com/vi/S61eL_06RZ4/hqdefault.jpg One of their lies that many observers consider to be a true component of programs is that content is in fact being bulk collected, picked, sifted, sorted, stored and used against national and other laws. What are the odds that we'll see leak of documented proof of somesuch major lie being exposed in the run up to the US 2016 election? What major new categories of as yet untold wonders are standing by in the Snowden and other caches? Who's running the prediction market on these things? From Rayzer at riseup.net Thu Jun 4 08:24:35 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 04 Jun 2015 08:24:35 -0700 Subject: DEA bulk spying, FBI Spy Planes, IMEI Catchers, NIST cryptography standards, and ALPR amendments to HR 2578 In-Reply-To: <20150603220601.10717aa3@riseup.net> References: <20150603220601.10717aa3@riseup.net> Message-ID: <55706DB3.8080206@riseup.net> 4:06:04 P.M. H.R. 2578 An amendment, offered by Mr. Lamborn, to prohibit the use of funds to collect information about individuals attending gun shows, by means of an automatic license plate reader, or to retain any information so collected. . . Mr. Farr raised a point of order against the Lamborn amendment... Sam Farr fuckery again. This putz claims to have voted against the Iraq war but introduced a bill in the house that essentially militarized California's construction industry to make it easier for his pimps to get lucrative pentagon 'pave it over after we blow it up' construction contracts. On 06/03/2015 03:06 PM, Jah Love wrote: > There's some amazing stuff going into the US House of Representative's HR2578. Here's some links to some of it: > > You can read the discussion on the amendment to ban the DEA from bulk surveillance here at page 83: http://www.gpo.gov/fdsys/pkg/CREC-2015-06-02/pdf/CREC-2015-06-02.pdf It passed! > > I got the link to that PDF at the Recent Sessions On-Demand tab at this link which also has archived videos of the proceedings: http://houselive.gov/ > > These other amendments also just passed a few hours ago: > > 3:16:54 P.M. H.R. 2578 An amendment, offered by Mr. Massie, to prohibit the use of funds by the National Institute of Standards and Technology to consult with the National Security Agency or the CIA to alter cryptographic or computer standards, except to improve information security. > > 3:16:56 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Third Massie amendment. > > 3:26:26 P.M. H.R. 2578 POSTPONED PROCEEDINGS - At the > conclusion of debate on the Third Massie amendment, the Chair put the > question on adoption of the amendment and by voice vote, announced that > the ayes had prevailed. Mr. Massie demanded a recorded vote and the > Chair postponed further proceedings on the question of adoption of the > amendment until a time to be announced. > > 3:35:34 P.M. H.R. 2578 An amendment, offered by Mr. Issa, to prohibit the use of funds to operate or disseminate a cell-site simulator or IMSI catcher in the United States except pursuant to a court order that identifies an individual, account, address, or personal device. > > 3:37:29 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Issa Amendment. > > 4:06:04 P.M. H.R. 2578 An amendment, offered by Mr. Lamborn, to prohibit the use of funds to collect information about individuals attending gun shows, by means of an automatic license plate reader, or to retain any information so collected. > > 4:06:06 P.M. H.R. 2578 DEBATE - Pursuant to the provisions of H. Res. 287, the Committee of the Whole proceeded with 10 minutes of debate on the Lamborn amendment, pending a reservation of a point of order. > > 4:12:43 P.M. H.R. 2578 Mr. Farr raised a point of order against the Lamborn amendment. Mr. Farr stated that the amendment seeks to change existing law and constitutes legislation in an appropriations bill. The Chair sustained the point of order. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From shelley at misanthropia.org Thu Jun 4 13:15:17 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 04 Jun 2015 13:15:17 -0700 Subject: New Snowden docs on domestic Internet spying Message-ID: <20150604201501.B98E3C0001C@frontend1.nyi.internal> https://www.propublica.org/article/new-snowden-documents-reveal-secret-memos-expanding-spying As always, Keith Alexander is a lying bastard. Big surprise! From cypherpunks at cheiraminhavirilha.com Thu Jun 4 17:20:13 2015 From: cypherpunks at cheiraminhavirilha.com (Virilha) Date: Fri, 05 Jun 2015 00:20:13 +0000 Subject: IMEI changed - any RTL-SDR sniff way to check it was properly changed? Message-ID: <20150605002013.Horde.YPa3iPAp3tcbvkdgsfb1Lg1@127.0.0.1> Due to the recent events envolving planes and FBI, I was wondering. Changing SIMs (so IMSI) is an easy task. Change IMEI with some knowledge I believe its too. There are some tutorials on IMEI changing on rooted android, I dont known if actually works, suppose yes: http://www.technostall.com/how-to-change-imei-number-android/ http://www.plusdroid.com/Blogandnews/how-to-change-restore-imei-no-on-android-phones-and-tablets/ Knowing we can get TMSI / IMSI (sometimes) via RTL-SDR software + proper dongles: http://www.rtl-sdr.com/rtl-sdr-cell-phone-imsi-tmsi-key-sniffer/ https://ferrancasanovas.wordpress.com/cracking-and-sniffing-gsm-with-rtl-sdr-concept/ And knowing the IMEI is used / exchanged with the network before authentication is granted to a certain phone (network can block IMEIs, so they are sent/exchanged) Do someone know if is it possible to check if the original IMEI was really changed and is not being exchanged with the provider, by using RTL-SDR + proper device to sniff the frequency? http://www.rtl-sdr.com/ regards, --Virilha From rsw at jfet.org Sat Jun 6 12:25:54 2015 From: rsw at jfet.org (Riad S. Wahby) Date: Sat, 6 Jun 2015 15:25:54 -0400 Subject: =?utf-8?B?4oCLIFJl?= =?utf-8?Q?=3A?= Threat Model: Parents In-Reply-To: <55734861.33558c0a.60ec.4f5c@mx.google.com> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> Message-ID: <20150606192554.GA21346@antiproton.jfet.org> Juan wrote: > The vast majority of human society operates on the principle of > unintentional self-parody. Juan's Law. -=rsw From jya at pipeline.com Sat Jun 6 12:55:13 2015 From: jya at pipeline.com (John Young) Date: Sat, 06 Jun 2015 15:55:13 -0400 Subject: =?iso-8859-1?Q?Re:_=E2=80=8B_Re:_Threat_Model:_Parents?= In-Reply-To: <20150606192554.GA21346@antiproton.jfet.org> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> <20150606192554.GA21346@antiproton.jfet.org> Message-ID: Juan Cole's Law, alongside salad of Godwin's Nazi orange j'accuse. At 03:25 PM 6/6/2015, you wrote: >Juan wrote: > > The vast majority of human society operates on the principle of > > unintentional self-parody. > >Juan's Law. > >-=rsw From juan.g71 at gmail.com Sat Jun 6 12:28:21 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 6 Jun 2015 16:28:21 -0300 Subject: =?UTF-8?B?4oCL?= Re: Threat Model: Parents In-Reply-To: <20150606144227.GA2495@sivokote.iziade.m$> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> Message-ID: <55734861.33558c0a.60ec.4f5c@mx.google.com> On Sat, 6 Jun 2015 17:42:27 +0300 Georgi Guninski wrote: > On Tue, Jun 02, 2015 at 08:23:31PM -0600, Mirimir wrote: > > Please help me calibrate my irony detector. > > > > This was irony. Yes? > > > > > > > This was not irony. Yes? > > > > This might be related to Poe's law: > > http://en.wikipedia.org/wiki/Poe%27s_law The vast majority of human society operates on the principle of unintentional self-parody. > > --- > Poe's law is an internet adage which states that, without a clear > indicator of the author's intent, parodies of extremism are > indistinguishable from sincere expressions of extremism. > --- From guninski at guninski.com Sat Jun 6 07:42:27 2015 From: guninski at guninski.com (Georgi Guninski) Date: Sat, 6 Jun 2015 17:42:27 +0300 Subject: =?utf-8?B?4oCLIFJl?= =?utf-8?Q?=3A?= Threat Model: Parents In-Reply-To: <556E6523.8040100@riseup.net> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> Message-ID: <20150606144227.GA2495@sivokote.iziade.m$> On Tue, Jun 02, 2015 at 08:23:31PM -0600, Mirimir wrote: > Please help me calibrate my irony detector. > > This was irony. Yes? > > > This was not irony. Yes? > This might be related to Poe's law: http://en.wikipedia.org/wiki/Poe%27s_law --- Poe's law is an internet adage which states that, without a clear indicator of the author's intent, parodies of extremism are indistinguishable from sincere expressions of extremism. --- From mirimir at riseup.net Sat Jun 6 20:00:35 2015 From: mirimir at riseup.net (Mirimir) Date: Sat, 06 Jun 2015 21:00:35 -0600 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: <5573af5b.e729370a.f018.7942@mx.google.com> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> <20150606192554.GA21346@antiproton.jfet.org> <5573af5b.e729370a.f018.7942@mx.google.com> Message-ID: <5573B3D3.9070700@riseup.net> On 06/06/2015 08:47 PM, Juan wrote: > On Sun, 7 Jun 2015 09:52:33 +1000 > Zenaan Harkness wrote: > >> On 6/7/15, Riad S. Wahby wrote: >>> Juan wrote: >>>> The vast majority of human society operates on the >>>> principle of unintentional self-parody. >>> >>> Juan's Law. >>> >>> -=rsw >> >> :D > > Yep. I get caught in a recursive, self-parody loop as well =P How about this? All self-conscious entities operate on the principle of unintentional self-parody. ;) From juan.g71 at gmail.com Sat Jun 6 19:47:39 2015 From: juan.g71 at gmail.com (Juan) Date: Sat, 6 Jun 2015 23:47:39 -0300 Subject: =?UTF-8?B?4oCL?= Re: Threat Model: Parents In-Reply-To: References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> <20150606192554.GA21346@antiproton.jfet.org> Message-ID: <5573af5b.e729370a.f018.7942@mx.google.com> On Sun, 7 Jun 2015 09:52:33 +1000 Zenaan Harkness wrote: > On 6/7/15, Riad S. Wahby wrote: > > Juan wrote: > >> The vast majority of human society operates on the > >> principle of unintentional self-parody. > > > > Juan's Law. > > > > -=rsw > > :D Yep. I get caught in a recursive, self-parody loop as well =P From zen at freedbms.net Sat Jun 6 16:52:33 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 7 Jun 2015 09:52:33 +1000 Subject: =?UTF-8?B?UmU6IOKAiyBSZTogVGhyZWF0IE1vZGVsOiBQYXJlbnRz?= In-Reply-To: <20150606192554.GA21346@antiproton.jfet.org> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> <20150606192554.GA21346@antiproton.jfet.org> Message-ID: On 6/7/15, Riad S. Wahby wrote: > Juan wrote: >> The vast majority of human society operates on the principle of >> unintentional self-parody. > > Juan's Law. > > -=rsw :D From rysiek at hackerspace.pl Mon Jun 8 07:41:09 2015 From: rysiek at hackerspace.pl (rysiek) Date: Mon, 08 Jun 2015 16:41:09 +0200 Subject: =?UTF-8?B?4oCL?= Re: Threat Model: Parents In-Reply-To: <5573B3D3.9070700@riseup.net> References: <5573af5b.e729370a.f018.7942@mx.google.com> <5573B3D3.9070700@riseup.net> Message-ID: <5018365.GbDuKulr0l@lapuntu> Dnia sobota, 6 czerwca 2015 21:00:35 Mirimir pisze: > On 06/06/2015 08:47 PM, Juan wrote: > > On Sun, 7 Jun 2015 09:52:33 +1000 > > > > Zenaan Harkness wrote: > >> On 6/7/15, Riad S. Wahby wrote: > >>> Juan wrote: > >>>> The vast majority of human society operates on the > >>>> > >>>> principle of unintentional self-parody. > >>> > >>> Juan's Law. > >>> > >>> -=rsw > >>> > >> :D > > > > Yep. I get caught in a recursive, self-parody loop as well =P > > How about this? > > All self-conscious entities operate on the principle of unintentional > self-parody. All self-parodying entities operate on the principle of unintentional self- consciousness?.. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From guninski at guninski.com Mon Jun 8 08:19:40 2015 From: guninski at guninski.com (Georgi Guninski) Date: Mon, 8 Jun 2015 18:19:40 +0300 Subject: =?utf-8?B?4oCLIFJl?= =?utf-8?Q?=3A?= Threat Model: Parents In-Reply-To: <20150606192554.GA21346@antiproton.jfet.org> References: <20150602165215.GA2900@sivokote.iziade.m$> <556E6523.8040100@riseup.net> <20150606144227.GA2495@sivokote.iziade.m$> <55734861.33558c0a.60ec.4f5c@mx.google.com> <20150606192554.GA21346@antiproton.jfet.org> Message-ID: <20150608151940.GA2500@sivokote.iziade.m$> On Sat, Jun 06, 2015 at 03:25:54PM -0400, Riad S. Wahby wrote: > Juan wrote: > > The vast majority of human society operates on the principle of > > unintentional self-parody. > > Juan's Law. > Looks like Juan's law explains significant amount of sheeple behaviour (possibly after minor patching of the law), especially voting. Not sure how novel Juan's law is, since establishments have exploited something very close to it since ancient times. From mirimir at riseup.net Mon Jun 8 22:01:56 2015 From: mirimir at riseup.net (Mirimir) Date: Mon, 08 Jun 2015 23:01:56 -0600 Subject: =?UTF-8?B?4oCLIFJlOiBUaHJlYXQgTW9kZWw6IFBhcmVudHM=?= In-Reply-To: <5018365.GbDuKulr0l@lapuntu> References: <5573af5b.e729370a.f018.7942@mx.google.com> <5573B3D3.9070700@riseup.net> <5018365.GbDuKulr0l@lapuntu> Message-ID: <55767344.3010506@riseup.net> On 06/08/2015 08:41 AM, rysiek wrote: > Dnia sobota, 6 czerwca 2015 21:00:35 Mirimir pisze: >> On 06/06/2015 08:47 PM, Juan wrote: >>> On Sun, 7 Jun 2015 09:52:33 +1000 >>> >>> Zenaan Harkness wrote: >>>> On 6/7/15, Riad S. Wahby wrote: >>>>> Juan wrote: >>>>>> The vast majority of human society operates on the >>>>>> >>>>>> principle of unintentional self-parody. >>>>> >>>>> Juan's Law. >>>>> >>>>> -=rsw >>>>> >>>> :D >>> >>> Yep. I get caught in a recursive, self-parody loop as well =P >> >> How about this? >> >> All self-conscious entities operate on the principle of unintentional >> self-parody. > > All self-parodying entities operate on the principle of unintentional > self-consciousness?.. :) From grarpamp at gmail.com Mon Jun 8 22:01:44 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 9 Jun 2015 01:01:44 -0400 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: References: Message-ID: ---------- Forwarded message ---------- From: Henry Baker Date: Mon, Jun 8, 2015 at 6:24 PM Subject: [Cryptography] Did Intel just execute its warrant canary ? To: cryptography at metzdowd.com FYI -- I conjecture that the second GPU story following less than one month after the first GPU story is not just coincidence, but one of the requirements of a secret National Security Letter to Intel. The first story shows how GPU's can house malware, while the second story explains that Intel won't be sharing its GPU code where such malware will be housed. "no reverse engineering, decompilation, or disassembly of this software is permitted" As feared, the DMCA will be used against those who attempt to look for this malware in Intel GPU's. https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act -------- http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/ GPU-based rootkit and keylogger offer superior stealth and computing power Proof-of-concept malware may pave the way for future in-the-wild attacks. by Dan Goodin - May 7, 2015 3:43 pm UTC Developers have published two pieces of malware that take the highly unusual step of completely running on an infected computer's graphics card, rather than its CPU, to enhance their stealthiness and give them increased computational abilities. Both the Jellyfish rootkit and the Demon keylogger are described as proofs-of-concept by their pseudo-anonymous developers, whom Ars was unable to contact. Tapping an infected computer's GPU allows malware to run without the usual software hooks or modifications malware makes in the operating system kernel. Those modifications can be dead giveaways that a system is infected. https://github.com/x0r1/jellyfish https://github.com/x0r1/Demon Here's how the developers describe their rootkit: Jellyfish is a Linux based userland gpu rootkit proof of concept project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as the OpenCL API developed by Khronos group (GPU). Code currently supports AMD and NVIDIA graphics cards. However, the AMDAPPSDK does support Intel as well. Advantages of gpu stored memory: * No gpu malware analysis tools available on web * Can snoop on cpu host memory via DMA * Gpu can be used for fast/swift mathematical calculations like xor'ing or parsing * Stubs * Malicious memory is still inside gpu after shutdown Requirements for use: * Have OpenCL drivers/icds installed * Nvidia or AMD graphics card (intel supports amd's sdk) * Change line 103 in rootkit/kit.c to server ip you want to monitor gpu client from Stay tuned for more features: * client listener; let buffers stay stored in gpu until you send magic packet from server Disclaimer: Educational purposes only; authors of this project/demonstration are in no way, shape or form responsible for what you may use this for whether illegal or not. They provide no technical details about Demon keylogger other than to say it's a proof-of-concept that implements the malware described in this 2013 academic research paper titled You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger. The Demon creators stress that they aren't associated with the researchers. http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf "The key idea behind our approach is to monitor the system’s keyboard buffer directly from the GPU via DMA [direct memory access], without any hooks or modifications in the kernel's code and data structures besides the page table," the researchers behind the 2013 paper wrote. "The evaluation of our prototype implementation shows that a GPU-based keylogger can effectively record all user keystrokes, store them in the memory space of the GPU, and even analyze the recorded data in-place, with negligible runtime overhead." Aside from malware that taps GPUs to mint Bitcoin and other crypto currencies, Ars isn't aware of malicious software actively circulating in the wild that makes use of infected computers' graphics processors. And even then, most or all of those titles run mainly on the CPU and offload only the computationally intensive workloads to the GPU. In March, researchers from Kaspersky Lab documented highly sophisticated malware in the wild that infected firmware that runs 12 different models of hard drives. The group that created the malware had flown under the radar for 14 years. In its current form Jellyfish is likely to remain a highly niche undertaking, since it requires a dedicated GPU. Since many computers don't contain stand-alone graphics cards, such malware might greatly limit the machines that could be infected. Still, the approach may make sense in certain situations, say for attackers targeting gamers or video enthusiasts, or espionage campaigns where stealth is crucial. And as readers have pointed out in comments below, it's feasible malware could be developed that runs on graphics processors integrated into CPUs. Post updated to recast the last paragraph to account for integrated graphics processors, and to add details in the second-to-last paragraph about malware infecting hard-drive firmware. ---------------- https://www.phoronix.com/scan.php?page=news_item&px=Intel-SKL-BXT-Firmware-Blobs Intel Skylake & Broxton To Require Graphics Firmware Blobs Published on 05 June 2015 06:20 PM EDT Written by Michael Larabel in Intel Intel's upcoming Skylake and Broxton hardware will require some binary-only firmware blobs by the i915 DRM kernel graphics driver. Rodrigo Vivi of Intel's Open-Source Technology Center sent in the pull request for landing these binary files into the linux-firmware repository. Up to now there's been no i915 blobs within the linux-firmware tree. These first i915 DRM firmware blobs are for Skylake and Broxton for the GuC and DMC. DMC in this context is the Display Microcontroller, which is present in Skylake (Gen9) and newer and used within the display engine to save and restore its state when entering into low-power states and then resuming. The DMC is basically saving/restoring display registers across low-power states separate of the kernel. The GuC engine on Skylake is responsible for workload scheduling on the parallel graphics engines. Intel explained on 01.org, "GuC is designed to perform graphics workload scheduling on the various graphics parallel engines. In this scheduling model, host software submits work through one of the 256 graphics doorbells and this invokes the scheduling operation on the appropriate graphics engine. Scheduling operations include determining which workload to run next, submitting a workload to a command streamer, pre-empting existing workloads running on an engine, monitoring progress and notifying host SW when work is done." This page also seems to indicate that these firmware blobs are required by the DRM driver rather than being an optional add-on. The license of these firmware blobs also indicate that redistribution is only allowed in binary form without modification. Beyond that, "no reverse engineering, decompilation, or disassembly of this software is permitted." These new firmware blobs will certainly have some open-source enthusiasts less excited now about Skylake, Broadwell's successor beginning to ship later this year, and Broxton meanwhile is the new Atom SoC built using the Goldmont architecture and will feature Skylake graphics. If there's any good news out of the situation, at least Intel is shipping these firmware files early rather than NVIDIA that with their months-old hardware still hasn't released their GTX 900 Maxwell firmware files needed by the Nouveau driver to provide open-source hardware acceleration. AMD also tends to be timely with the releasing of their necessary binary-only GPU firmware files for the open-source Linux driver. _______________________________________________ The cryptography mailing list cryptography at metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography From hozer at hozed.org Tue Jun 9 19:41:44 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 9 Jun 2015 21:41:44 -0500 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: References: Message-ID: <20150610024144.GJ27932@nl.grid.coop> OOOhhhhhHHH nice. One of these days someone's going to figure out the encoding method and private keys of all those keystrokes in various blockchains that were broadcast by GPU-mining malware. Now if I take my paranoia hat off and put on my 'scam the investors' hat, I'd say the only thing the DMCA will be used for is to provide plausible deniability that Intel just hired some AMD/Nvidia engineers and they keep using the same code they've been writing since the SGI days and just slap an Intel copyright on the output. Besides, if you wanted to hid malware on an intel chip, you could easily hide it here, no GPU needed. https://software.intel.com/sites/default/files/xeon-processor-7.png There are probably at least 3 debug interfaces in the chip for which the only good documentation exists in the Mossad, NSA, and Chinese intelligence offices. On Tue, Jun 09, 2015 at 01:01:44AM -0400, grarpamp wrote: > ---------- Forwarded message ---------- > From: Henry Baker > Date: Mon, Jun 8, 2015 at 6:24 PM > Subject: [Cryptography] Did Intel just execute its warrant canary ? > To: cryptography at metzdowd.com > > > FYI -- I conjecture that the second GPU story following less than one > month after the first GPU story is not just coincidence, but one of > the requirements of a secret National Security Letter to Intel. > > The first story shows how GPU's can house malware, while the second > story explains that Intel won't be sharing its GPU code where such > malware will be housed. > > "no reverse engineering, decompilation, or disassembly of this > software is permitted" > > As feared, the DMCA will be used against those who attempt to look for > this malware in Intel GPU's. > > https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act > -------- > http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/ > > GPU-based rootkit and keylogger offer superior stealth and computing power > > Proof-of-concept malware may pave the way for future in-the-wild attacks. > > by Dan Goodin - May 7, 2015 3:43 pm UTC > > Developers have published two pieces of malware that take the highly > unusual step of completely running on an infected computer's graphics > card, rather than its CPU, to enhance their stealthiness and give them > increased computational abilities. > > Both the Jellyfish rootkit and the Demon keylogger are described as > proofs-of-concept by their pseudo-anonymous developers, whom Ars was > unable to contact. Tapping an infected computer's GPU allows malware > to run without the usual software hooks or modifications malware makes > in the operating system kernel. Those modifications can be dead > giveaways that a system is infected. > > https://github.com/x0r1/jellyfish > > https://github.com/x0r1/Demon > > Here's how the developers describe their rootkit: > > Jellyfish is a Linux based userland gpu rootkit proof of concept > project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as > the OpenCL API developed by Khronos group (GPU). Code currently > supports AMD and NVIDIA graphics cards. However, the AMDAPPSDK does > support Intel as well. > > Advantages of gpu stored memory: > > * No gpu malware analysis tools available on web > * Can snoop on cpu host memory via DMA > * Gpu can be used for fast/swift mathematical calculations like > xor'ing or parsing > * Stubs > * Malicious memory is still inside gpu after shutdown > > Requirements for use: > > * Have OpenCL drivers/icds installed > * Nvidia or AMD graphics card (intel supports amd's sdk) > * Change line 103 in rootkit/kit.c to server ip you want to monitor > gpu client from > > Stay tuned for more features: > > * client listener; let buffers stay stored in gpu until you send magic > packet from server > > Disclaimer: > > Educational purposes only; authors of this project/demonstration are > in no way, shape or form responsible for what you may use this for > whether illegal or not. > > They provide no technical details about Demon keylogger other than to > say it's a proof-of-concept that implements the malware described in > this 2013 academic research paper titled You Can Type, but You Can’t > Hide: A Stealthy GPU-based Keylogger. The Demon creators stress that > they aren't associated with the researchers. > > http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf > > "The key idea behind our approach is to monitor the system’s keyboard > buffer directly from the GPU via DMA [direct memory access], without > any hooks or modifications in the kernel's code and data structures > besides the page table," the researchers behind the 2013 paper wrote. > "The evaluation of our prototype implementation shows that a GPU-based > keylogger can effectively record all user keystrokes, store them in > the memory space of the GPU, and even analyze the recorded data > in-place, with negligible runtime overhead." > > Aside from malware that taps GPUs to mint Bitcoin and other crypto > currencies, Ars isn't aware of malicious software actively circulating > in the wild that makes use of infected computers' graphics processors. > And even then, most or all of those titles run mainly on the CPU and > offload only the computationally intensive workloads to the GPU. In > March, researchers from Kaspersky Lab documented highly sophisticated > malware in the wild that infected firmware that runs 12 different > models of hard drives. The group that created the malware had flown > under the radar for 14 years. > > In its current form Jellyfish is likely to remain a highly niche > undertaking, since it requires a dedicated GPU. Since many computers > don't contain stand-alone graphics cards, such malware might greatly > limit the machines that could be infected. Still, the approach may > make sense in certain situations, say for attackers targeting gamers > or video enthusiasts, or espionage campaigns where stealth is crucial. > And as readers have pointed out in comments below, it's feasible > malware could be developed that runs on graphics processors integrated > into CPUs. > > Post updated to recast the last paragraph to account for integrated > graphics processors, and to add details in the second-to-last > paragraph about malware infecting hard-drive firmware. > ---------------- > https://www.phoronix.com/scan.php?page=news_item&px=Intel-SKL-BXT-Firmware-Blobs > > Intel Skylake & Broxton To Require Graphics Firmware Blobs > > Published on 05 June 2015 06:20 PM EDT > > Written by Michael Larabel in Intel > > Intel's upcoming Skylake and Broxton hardware will require some > binary-only firmware blobs by the i915 DRM kernel graphics driver. > > Rodrigo Vivi of Intel's Open-Source Technology Center sent in the pull > request for landing these binary files into the linux-firmware > repository. Up to now there's been no i915 blobs within the > linux-firmware tree. > > These first i915 DRM firmware blobs are for Skylake and Broxton for > the GuC and DMC. DMC in this context is the Display Microcontroller, > which is present in Skylake (Gen9) and newer and used within the > display engine to save and restore its state when entering into > low-power states and then resuming. The DMC is basically > saving/restoring display registers across low-power states separate of > the kernel. > > The GuC engine on Skylake is responsible for workload scheduling on > the parallel graphics engines. Intel explained on 01.org, "GuC is > designed to perform graphics workload scheduling on the various > graphics parallel engines. In this scheduling model, host software > submits work through one of the 256 graphics doorbells and this > invokes the scheduling operation on the appropriate graphics engine. > Scheduling operations include determining which workload to run next, > submitting a workload to a command streamer, pre-empting existing > workloads running on an engine, monitoring progress and notifying host > SW when work is done." This page also seems to indicate that these > firmware blobs are required by the DRM driver rather than being an > optional add-on. > > The license of these firmware blobs also indicate that redistribution > is only allowed in binary form without modification. Beyond that, "no > reverse engineering, decompilation, or disassembly of this software is > permitted." > > These new firmware blobs will certainly have some open-source > enthusiasts less excited now about Skylake, Broadwell's successor > beginning to ship later this year, and Broxton meanwhile is the new > Atom SoC built using the Goldmont architecture and will feature > Skylake graphics. If there's any good news out of the situation, at > least Intel is shipping these firmware files early rather than NVIDIA > that with their months-old hardware still hasn't released their GTX > 900 Maxwell firmware files needed by the Nouveau driver to provide > open-source hardware acceleration. AMD also tends to be timely with > the releasing of their necessary binary-only GPU firmware files for > the open-source Linux driver. > > > _______________________________________________ > The cryptography mailing list > cryptography at metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography > -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From wilfred at vt.edu Wed Jun 10 05:43:02 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Wed, 10 Jun 2015 02:43:02 -1000 Subject: Possible SigInt Metadata Dump Files Circulating Message-ID: Some huge *meaning close to exobyte size* data sets are circulating in storage clouds this last week, appear to be snapshots of signals intelligence metadata including vector tracking of signals targets (possibly cell phones based on movement vectors) and cross-associated metadata for their communications. Indications are that these are recon signal dumps of the american sigint system loaded by a major organized crime syndicate and cover most of last year. There is also a set of organic tracking signals, assumably covert agent communications, and another set that appears to be all American and European cash money transactions(???). From jdb10987 at yahoo.com Tue Jun 9 20:37:27 2015 From: jdb10987 at yahoo.com (jim bell) Date: Wed, 10 Jun 2015 03:37:27 +0000 (UTC) Subject: Encryption article from Yahoo Message-ID: <2057313614.183489.1433907447141.JavaMail.yahoo@mail.yahoo.com> By Richard CowanWASHINGTON (Reuters) - As Washington weighs new cybersecurity steps amid a public backlash over mass surveillance, U.S. tech companies warned President Barack Obama not to weaken increasingly sophisticated encryption systems designed to protect consumers' privacy.In a strongly worded letter to Obama on Monday, two industry associations for major software and hardware companies said, "We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool."The Information Technology Industry Council and the Software and Information Industry Association, representing tech giants, including Apple Inc, Google Inc, Facebook Inc, IBM and Microsoft Corp, fired the latest salvo in what is shaping up to be a long fight over government access into smart phones and other digital devices.Obama administration officials, led by the FBI, have pushed the companies to find ways to let law enforcement bypass encryption to investigate illegal activities, including terrorism threats, but not weaken it so that criminals and computer hackers could penetrate the defenses.So far, however, the White House has not spelled out specific regulatory or legislative steps it might seek.View gallery Some cybersecurity experts are skeptical that Congress will take legislative action to expand the administration's powers anytime soon, noting recent lopsided votes in the House of Representatives to rein in surveillance.White House spokesman Josh Earnest, responding to Reuters' inquiries, said the administration "firmly supports the development and robust adoption of strong encryption."But he added there were concerns about "the use of encryption by terrorists and other criminals to conceal and enable crimes and other malicious activity."FBI'S INTENTIONS KEYKate Martin, director of the Center for National Security Studies, a civil liberties watchdog group, said, "The ultimate question is whether the FBI is going to seek legislation that would put limits on development of encryption tools."View gallery The Obama administration is in the midst of an internal debate on the matter. Martin said the recent naming of Ed Felten, a computer science and public affairs expert, as deputy U.S. chief technology officer was an indication that Obama "takes seriously the privacy concerns."But at the same time, she noted, "Technology, and especially the globalization of communications, has outpaced U.S. law."The debate over whether there should be limits on encryption should include the question of whether there should be limits on when the government can lawfully get access to people's private information, Martin said.The industry letter to Obama also was sent to FBI Director James Comey, Homeland Security Secretary Jeh Johnson, Attorney General Loretta Lynch and other Cabinet heads.Days earlier, the United States enacted legislation that will curtail the government's ability to scoop up huge volumes of data related to records of Americans' telephone calls.View gallery At the same time, Washington is being battered by computer hacks. Last week a massive breach was disclosed at the U.S. Office of Personnel Management, with records of up to 4 million current and former federal employees possibly compromised.An explosion in government surveillance was an outgrowth of the Sept. 11, 2001, attacks on the United States and was exposed by former National Security Agency contractor Edward Snowden.The industry groups noted that online commerce has flourished in part because consumers believed their payment information would be secure."Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace," the industry wrote."Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption 'work-arounds'."(Additional reporting by Roberta Rampton; Editing by Kevin Drawbaugh and Tom Brown) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 20879 bytes Desc: not available URL: From griffin at cryptolab.net Wed Jun 10 05:52:33 2015 From: griffin at cryptolab.net (Griffin Boyce) Date: Wed, 10 Jun 2015 08:52:33 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: Message-ID: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> Wilfred Guerin wrote: > Some huge *meaning close to exobyte size* data sets are circulating in > storage clouds this last week, appear to be snapshots of signals > intelligence metadata including vector tracking of signals targets > (possibly cell phones based on movement vectors) and cross-associated > metadata for their communications. Indications are that these are > recon signal dumps of the american sigint system loaded by a major > organized crime syndicate and cover most of last year. There is also a > set of organic tracking signals, assumably covert agent > communications, and another set that appears to be all American and > European cash money transactions(???). Links to more info? Are these intended to be public, or some kind of config failure? From wilfred at vt.edu Wed Jun 10 06:17:59 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Wed, 10 Jun 2015 09:17:59 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> Message-ID: Files are standard DB Table dumps (packed) loading from a cluster of VPNs from torrent and NAS protocols through central europe (entry providers are all in privacy-sensitive countries) and intended to be a distributed database service; there is simply nothing big enough to handle this onload directly. (at 120+gbps bursts) Some of the services are posting public torrent data and open sql database access. Table files are set up as redundant master with cross-population and standard distribution techniques. Some of the tracking data appears to have 1 inch resolution target vectors. On Wed, Jun 10, 2015 at 8:52 AM, Griffin Boyce wrote: > Wilfred Guerin wrote: >> >> Some huge *meaning close to exobyte size* data sets are circulating in >> storage clouds this last week, appear to be snapshots of signals >> intelligence metadata including vector tracking of signals targets >> (possibly cell phones based on movement vectors) and cross-associated >> metadata for their communications. Indications are that these are >> recon signal dumps of the american sigint system loaded by a major >> organized crime syndicate and cover most of last year. There is also a >> set of organic tracking signals, assumably covert agent >> communications, and another set that appears to be all American and >> European cash money transactions(???). > > > Links to more info? Are these intended to be public, or some kind of > config failure? > From hozer at hozed.org Wed Jun 10 07:37:48 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 10 Jun 2015 09:37:48 -0500 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> Message-ID: <20150610143748.GK27932@nl.grid.coop> You don't keep 120+gbps running without some government backing you. I can only think this is some sort of major political statement, by some people with significant political (and real) capital to spend. Who's got the influence and money to do this, and why? I can only imagine it's some sort of reaction to the USA freedom act. So if you think your data collection system might now be illegal, do you open source it because it'll spill the beans on the banksters who double-crossed you? Regardless of why, how do you manage data integrity of such a large dump so you are not looking at intentionally manipulated data? On Wed, Jun 10, 2015 at 09:17:59AM -0400, Wilfred Guerin wrote: > Files are standard DB Table dumps (packed) loading from a cluster of > VPNs from torrent and NAS protocols through central europe (entry > providers are all in privacy-sensitive countries) and intended to be a > distributed database service; there is simply nothing big enough to > handle this onload directly. (at 120+gbps bursts) Some of the services > are posting public torrent data and open sql database access. Table > files are set up as redundant master with cross-population and > standard distribution techniques. Some of the tracking data appears to > have 1 inch resolution target vectors. > > > > On Wed, Jun 10, 2015 at 8:52 AM, Griffin Boyce wrote: > > Wilfred Guerin wrote: > >> > >> Some huge *meaning close to exobyte size* data sets are circulating in > >> storage clouds this last week, appear to be snapshots of signals > >> intelligence metadata including vector tracking of signals targets > >> (possibly cell phones based on movement vectors) and cross-associated > >> metadata for their communications. Indications are that these are > >> recon signal dumps of the american sigint system loaded by a major > >> organized crime syndicate and cover most of last year. There is also a > >> set of organic tracking signals, assumably covert agent > >> communications, and another set that appears to be all American and > >> European cash money transactions(???). > > > > > > Links to more info? Are these intended to be public, or some kind of > > config failure? > > -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From coderman at gmail.com Wed Jun 10 09:47:07 2015 From: coderman at gmail.com (coderman) Date: Wed, 10 Jun 2015 09:47:07 -0700 Subject: VMs without Administrator rights [was: Threat model: Parents] In-Reply-To: <556D6E93.20002@riseup.net> References: <556D6E93.20002@riseup.net> Message-ID: On 6/2/15, Mirimir wrote: > ... > That's also the case for VirtualBox. So just get admin rights to install > the drivers, and then give them up again. this detail - separating admin rights for virtual devices from the run-time user rights of an executing virtual machine becomes quite important when guest escapes happen. e.g. http://xenbits.xen.org/xsa/advisory-135.html ''' ... a 24-byte overflow allows the guest to take control of the phys_mem_write function pointer in the PCNetState_st structure, and this is called when trying to flush the updated transmit frame descriptor back to the guest. By specifying the content of the second transmit frame, the attacker therefore gets reliable fully-chosen control of the host instruction pointer, allowing them to take control of the host. ''' fun times :) best regards, From list at sysfu.com Wed Jun 10 09:47:30 2015 From: list at sysfu.com (Seth) Date: Wed, 10 Jun 2015 09:47:30 -0700 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: <5577B6FD.4040105@gna.org> References: <20150610024144.GJ27932@nl.grid.coop> <5577B348.5080301@gna.org> <5577B6FD.4040105@gna.org> Message-ID: On Tue, 09 Jun 2015 21:03:09 -0700, Christian Gagneraud wrote: > BTW, every single CPU on this planet has a JTAG[1] port (or equivalent), > so with physical access to the hardware you can install persistent > backdoor on virtually any CPU/GPU/MCU/RAM/ROM/FPGA/CPLD/DSP/..., I trust that includes the Freescale chip used by the Novena hardware? [1] Any way for a hardware manufacturer to shave that bitch down so it can't be used by an implant? > and yes the NSA did it: https://blog.pjhoodsco.org/nsa-device-godsurge/ All for the low low price of $500! Lovely. [1] http://www.freescale.com/webapp/sps/site/prod_summary.jsp?code=i.MX6Q&tab=Documentation_Tab&pspll=1&SelectedAsset=Documentation&ProdMetaId=PID/DC/i.MX6Q&fromPSP=true&assetLockedForNavigation=true&componentId=2&leftNavCode=1&pageSize=25&Documentation=Documentation/00610Ksd1nd``Data%20Sheets&fpsp=1&linkline=Data%20Sheets From coderman at gmail.com Wed Jun 10 10:24:38 2015 From: coderman at gmail.com (coderman) Date: Wed, 10 Jun 2015 10:24:38 -0700 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: <5577B6FD.4040105@gna.org> References: <20150610024144.GJ27932@nl.grid.coop> <5577B348.5080301@gna.org> <5577B6FD.4040105@gna.org> Message-ID: On 6/9/15, Christian Gagneraud wrote: > ... > so with physical access to the hardware you can ... if your threat model is NSA, and they get arbitrary physical access, you have concerns much larger than insecure default JTAG configurations... i'd be happy with a device providing system JTAG controller restrictions (IEEE 1149.1, 1149.6) bound by efuses. most of these features go un-used in practice. :/ best regards, From coderman at gmail.com Wed Jun 10 10:41:57 2015 From: coderman at gmail.com (coderman) Date: Wed, 10 Jun 2015 10:41:57 -0700 Subject: The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns [ED: duqu continued; they never left! ] Message-ID: https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf -------------- next part -------------- The duqu 2.0 Technical Details Version: 2.0 (9 June 2015) www.kaspersky.com 2 The Duqu 2.0 Technical Details Contents Executive summary 3 initial attack 4 Lateral movement 4 Analysis of a Duqu 2.0 MSI package 7 File properties 7 First Layer: ActionDLL (msi.dll) 10 Second Layer: ActionData0 10 Third Layer: klif.dll 11 Attacking AVP.EXE 12 CTwoPENC.dll zero-day and KMART.dll 14 Payload Containers and Migration 15 Payload type “L” 15 Payload run type “G” 16 Payload run type “I” 16 Payload run type “K” 17 Payload run type “Q” 17 Platform plugginable modules 17 Persistence mechanism 33 Command and control mechanisms 33 The “portserv.sys” driver analysis 35 Similarities between Duqu and Duqu 2.0 37 Victims of Duqu 2.0 42 Attribution 43 Conclusions 44 References 45 For any inquiries, please contact intelreports at kaspersky.com 3 The Duqu 2.0 Technical Details Executive summary Earlier this year, during a security sweep, Kaspersky Lab detected a cyber intrusion affecting several of its internal systems. Following this finding, we launched a large-scale investigation, which led to the discovery of a new malware platform from one of the most skilled, mysterious and powerful groups in the APT world – Duqu. The Duqu threat actor went dark in 2012 and was believed to have stopped working on this project - until now. Our technical analysis indicates the new round of attacks include an updated version of the infamous 12011 Duqu malware, sometimes referred to as the step-brother of 2Stuxnet. We named this new malware and its associated platform “Duqu 2.0”. Victims of Duqu 2.0 have been found in several places, including western countries, the Middle East and Asia. The actor appears to compromise both final and utilitarian targets, which allow them to improve their cyber capabilities. Most notably, some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal. The threat actor behind Duqu appears to have launched attacks at the venues for some of these high level talks. In addition to the P5+1 events, the Duqu 2.0 group has launched a similar attack in relation to the 370th anniversary event of the liberation of Auschwitz-Birkenau. In the case of Kaspersky Lab, the attack took advantage of a zero-day (CVE-2015-2360) in the WindowsKernel, patched by Microsoft on June 9 2015 and possibly up to two other, currently patched vulnerabilities, which were zeroday at that time. 1 https://en.wikipedia.org/wiki/Duqu 2 http://www.kaspersky.com/about/news/virus/2011/Duqu_The_Step_Brother_of_Stuxnet 3 http://70.auschwitz.org/index.php?lang=en For any inquiries, please contact intelreports at kaspersky.com 4 The Duqu 2.0 Technical Details initial attack The initial attack against Kaspersky Lab began with the targeting of an employee in one of our smaller APAC offices. The original infection vector for Duqu 2.0 is currently unknown, although we suspect spear-phishing e-mails played an important role. This is because for one of the patients zero we identified had their mailbox and web browser history wiped to hide traces of the attack. Since the respective machines were fully patched, we believe a zero-day exploit was used. In 2011, we were able to identify Duqu attacks that used Word Documents containing an exploit for a zero-day vulnerability (CVE-2011-3402) that relied on a malicious embedded TTF (True Type Font File). This exploit allowed the attackers to jump directly into Kernel mode from a Word Document, a very powerful, extremely rare, technique. A similar technique and zero-day exploit ( 4CVE-2014-4148) appeared again in June 2014, as part of an attack against a prominent international organization. The C&C server used in this 2014 attack as well as other factors have certain similarities with Duqu, however, the malware is different from both Duqu and Duqu 2.0. It is possible that this is a parallel project from the Duqu group and the same zero-day (CVE-2014-4148) might have been used to install Duqu 2.0. Once the attackers successfully infected one machine, they moved on to the next stage. Lateral movement In general, once the attackers gain access into a network, two phases follow: • • Reconnaissance and identification of network topology Lateral movement In the case of Duqu 2.0, the lateral movement technique appears to have taken advantage of another zero-day, (CVE-2014-6324) which was patched in November 2014 with 5MS14-068 . This exploit allows an unprivileged domain user to elevate credentials to a domain administrator account. Although we couldn’t retrieve a copy of this exploit, the logged events match the Microsoft detection guidance for this attack. Malicious modules were also observed performing a “pass the hash” attack inside the local network, effectively giving the attackers many different ways to do lateral movement. Once the attackers gained domain administrator privileges, they can use these permissions to infect other computers in the domain. To infect other computers in the domain, the attackers use few different strategies. In most of the attacks we monitored, they prepare Microsoft Windows Installer Packages (MSI) and then deploy them remotely to other machines. To launch them, the attackers create a service on the target machine with the following command line: msiexec.exe /i “C:\\[…]\tmp8585e3d6.tmp” /q PROP=9c3c7076-d79f-4c 4 https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html 5 https://technet.microsoft.com/library/security/MS14-068 For any inquiries, please contact intelreports at kaspersky.com 5 The Duqu 2.0 Technical Details The PROP value above is set to a random 56-bit encryption key that is required to decrypt the main payload from the package. Other known names for this parameter observed in the attacks are “HASHVA” and “CKEY”. The folder where the package is deployed can be different from case to case, depending on what the attackers can access on the remote machine. In addition to creating services to infect other computers in the LAN, attackers can also use the Task Scheduler to start “msiexec.exe” remotely. The usage of Task Scheduler during Duqu infections for lateral movement was also observed with the 2011 version and was described by 6Symantec in their technical analysis. “msiexec.exe” - Task Scheduler trace in the logs The MSI files used in the attacks contain a malicious stub inside which serves as a loader. The stub loads the other malware resources right from the MSI file and decrypts them, before passing execution to the decrypted code in memory. Malicious stub with query to load the other resources from the MSI file highlighted. The encryption algorithms used for these packages differ from case to case. It’s important to point out that the attackers were careful enough to implement unique methods, encryption algorithms and names (such as file names) for each attack, as a method to escape detection from security products and limit the ability of an antivirus company to find other infections once one of them has been identified. So far, we’ve seen the following encryption algorithms used by the attackers: • • 6 Camellia AES http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_ the_next_stuxnet.pdf For any inquiries, please contact intelreports at kaspersky.com 6 The Duqu 2.0 Technical Details • • • XTEA RC4 Different multibyte XOR-based encryption For compression algorithms, we’ve seen the following: • • • • LZJB LZF FastLZ LZO In essence, each compiled attack platform uses a unique combination of algorithms that make it very difficult to detect. The attackers can deploy two types of packages to their victims: • • “Basic”, in-memory remote backdoor (~500K) Fully featured, C&C-capable, in-memory espionage platform (18MB) These have similar structures and look like the following: Malicious Duqu 2.0 MSI package. In the screenshot above, one can see the loader (ActionDll: 17,920 bytes) and the main payload (ActionData0: 476,736 bytes). Upon execution, ActionDll is loaded and control is passed to its only export, StartAction. The “basic” in-memory remote backdoor is pushed to computers inside the domain by the Domain Controller on a regular basis – almost like a worm infection. This gives the attackers an entry into most of the machines from the domain and if further access is needed, they can upload a more sophisticated MSI file that deploys tens of different plugins to harvest information. For any inquiries, please contact intelreports at kaspersky.com 7 The Duqu 2.0 Technical Details A thorough description of the malware loading mechanism from the “basic” remove backdoor MSI can be found below. Analysis of a Duqu 2.0 MSI package Filename: random / varies from case to case MD5 (example, can vary): 14712103ddf9f6e77fa5c9a3288bd5ee Size: 503,296 bytes File properties The MSI file has the following general properties: • • • • • • • • • • • • • • • • Composite Document File V2 Document Little Endian OS: Windows, Version 6.1 Code page: 1252 Title: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} (randomly generated GUIDs) Subject: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} Author: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} Keywords: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} Comments: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} Template: Intel;1033 Last Saved By: {7080A304-67F9-4363-BBEB-4CD7DB43E19D} Revision Number: {4ADA4205-2E5B-45B8-AAC2-D11CFD1B7266} Number of Pages: 100 Number of Words: 8 Name of Creating Application: Windows Installer XML (3.0.5419.0) Security: 4 It should be noted that MSI files used in other attacks can have different other properties. For example, we observed several other fields: • • Vendor: Microsoft or InstallShield Version: 1.0.0.0 or 1.1.2.0 or 2.0.0.0 For any inquiries, please contact intelreports at kaspersky.com 8 The Duqu 2.0 Technical Details Some of these are visible via the Windows Explorer file properties dialog box: There are two binary blocks inside this MSI package: For any inquiries, please contact intelreports at kaspersky.com 9 The Duqu 2.0 Technical Details The first binary, called ActionDll, is in fact a Windows PE DLL file, while the other one is a Camellia-encrypted and LZJB-compressed data payload (the encryption and compression algorithm vary from case to case). In fact, there are several layers of executable code embedded one into another as compressed or encrypted binary blocks. Here’s a look at a Duqu 2.0 MSI package, with all its internal payloads: We describe these components in more detail below. For any inquiries, please contact intelreports at kaspersky.com 10 The Duqu 2.0 Technical Details First Layer: ActionDLL (msi.dll) Original filename: msi.dll MD5: e8eaec1f021a564b82b824af1dbe6c4d Size: 17’920 bytes Link time: 2004.02.12 02:04:50 (GMT) Type: 64-bit PE32+ executable DLL for MS Windows This DLL has only one export name called StartAction, which is called in the context of msiexec.exe process. When this function is called, it retrieves an MSI property called PROP and uses it as a decryption key for the bundled ActionData0 package: Next, the code iterates over 12 possible payloads that have to be decrypted and started. The payloads are part of the MSI and may have the following names: ActionData0, ActionData1, ActionData2, etc. The package described here contains only one payload named “ActionData0”. Second Layer: ActionData0 This binary chunk contains the main code, in compressed and encrypted format. It represents a composition of executable, position-independent code blocks mixed with embedded data objects. The code seems to be based on a framework and heavily uses helper structures that contain pointers to a set of system APIs and offsets to internal data blocks. Such structures are definitely a trademark of the developer. When they are initialized, one field (usually the first 4 bytes) contains a magic value that identifies the state and type of the structure. Another trademark of the coder is the way to import system API by module and export name hashes. The hashing algorithm was found all over this and other layers of executable code. It’s easily recognizable by two DWORD constants: 0x8A20C27 and 0x67F84FC6. Basically, the code in ActionData0 passes execution to an embedded executable, which we will refer by its internal name: “klif.dll”. The execution is passed to the second exported function in table of exports of this DLL file. This disregards the export name and relies only on the order of functions in the table of PE export ordinals. When this export function is called, a next stage helper structure pointer is passed to it, so that it can use some of the values set on the upper layer. For any inquiries, please contact intelreports at kaspersky.com 11 The Duqu 2.0 Technical Details However, before passing execution to klif.dll, the code attempts alternative routes. First, it attempts to find the name of the following format “api-ms-win-shell-XXXX. dll”, where “X” can be any decimal number. The name is valid if there is no module with such filename loaded into current process. The code attempts to iteratively find such name starting from api-ms-win-shell-0000.dll, api-ms-win-shell-0001.dll, api-ms-winshell-0002.dll and so on. This may be a dependency to the Duqu platform component that is yet to be discovered. Right after this, if the name was found, the code attempts to map a section kernel object by name, which is generated using a PRNG-based algorithm. The name of the section has the following template: “\BaseNamedObjects\{XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX}”, where “X” is any hexadecimal digit that is generated based on current system boot time. So far, the name of the section is “machine/boot time” dependent, which makes it unique but allows other processes of modules to locate such section if they use the same name generation algorithm. This section is accessed in different other parts of the code and modules. Lets refer to this section as OSBoot-section from now. Once the section name is generated the code tries to open such section and, if it is found, it takes some values from it and attempts to open a specific device and issue a number of IOCTL codes to the driver. The name of the driver device as well as IOCTL codes are located inside a section of the kernel mode driver KMART.dll that is described below. The code developer has a preference for using sections to any other ways to access data. Another use of sections appears to be in mapping the part of code/data where klif.dll is embedded and then finding that section using a hardcoded magic QWORD number: 0xA1B5F8FC0C2E1064. Once the section is found in address space of current process the code attempts to pass execution to it. This alternative execution route is not applicable to current MSI file package but simply exists in the code probably due to common code template used for building current MSI package. It may also be an indicator of another Duqu platform component that wasn’t used in the attacks that we observed. Third Layer: klif.dll Original filename: klif.dll MD5: 3fde1bbf3330e0bd0952077a390cef72 Size: 196’096 bytes Link time: 2014.07.06 08:36:50 (GMT) Type: 64-bit PE32+ executable DLL for MS Windows Apparently, this file attempts to mimic some of legitimate names of Kaspersky Lab product components: “klif.sys”. Although there is neither similarity in code nor in file information, the module uses Kaspersky Lab acronym in it’s export names: KLInit and KLDone. For any inquiries, please contact intelreports at kaspersky.com 12 The Duqu 2.0 Technical Details When this DLL is loaded into a new process, it simply initializes internal structures, such as those providing pointers to the required system API. The real payload of this module is located in the KLDone export function, which is second in the list of the export table. This export function is called from the previous code layer. First, it makes sure that global application structure is initialized with essential functions from ntdll.dll, kernel32.dll and user32.dll. System API functions are imported using hashes of export names. The hashing algorithm is identical to the one described one layer above and uses the same magic constants: 0x8A20C27 and 0x67F84FC6. Next the code iterates through the list of running processes and hashes lowercase name of each process. The hash is compared to a hardcoded value of 0x3E3021CB, which is a hash for the “avp.exe” string. Attacking AVP.EXE If the “avp.exe” process is running, the module attempts to open the OSBoot-section as described before and tries to attack the avp.exe process. The attack starts from identifying the exact path to the installed Kaspersky Lab product by iterating through an array of hardcoded registry keys and values for the following products: KES12 AVP15 AVP10 KES11 AVP14.0.0 KES9 KES10 AVP14 KES8 AVP16.0.0 AVP13 AVP80 AVP16 AVP12 AVP90 AVP15.0.0 AVP11 AVP9 AVP8 AVP7 AVP6 The registry values queried by the module contain a filesystem path to the root directory where the corresponding product is installed. For example: “C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.0\” Once the registry key and value is found, the module confirms that avp.exe file is located in that directory. It does some basic file availability checks as well: makes sure that environment variables are resolved and the file can be opened for reading and it begins with 0x5A4D (magic “MZ” value of Windows executables). After that, the module creates a new section and maps avp.exe as a file view to this section. To allow code execution, the attributes of this memory region are also changed accordingly. This allows the module to change bytes from the mapped avp.exe in memory. The module applies two patches to the mapped avp.exe in a quite unusual way using SSE2 CPU extensions. In fact, it patches just the old DOS PE header (less than 120 bytes). The patches are simple callback mechanisms that call arbitrary function passed as an argument. Right after this, the module attempts to start a new thread that begins with one of the patched locations. So far, it looks like the new thread begins with a call originating from avp.exe module that does some other calls, i.e. jumping back to klif.dll. Apparently, this For any inquiries, please contact intelreports at kaspersky.com 13 The Duqu 2.0 Technical Details attack was introduced to trick the avp.exe process into believing that further calls will be safe and trusted as the root of the call stack is coming from the legitimate avp.exe module. This is what we see further down in the code: the new thread instantly jumps from avp.exe back to klif.dll and tries to communicate with the Kaspersky Lab product minifilter driver, known as klif.sys. In fact, just before communicating with klif.sys, it opens OSBoot-section and gets an IOCTL code as well as the driver device name to send this IOCTL code to. The section and corresponding driver (KMART.dll) provide certain support to the current module. The code hashes current process name and verifies if it falls down into one of three hashes: 0x3E3021CB (avp.exe), 0xDE6D4DA0 (msiexec.exe), 0xB915B2D8 (rundll32.exe). If current process name hash is recognized, the module communicates with klif.sys by opening \KlifComm minifilter communication port and sending series of driver communication messages. According to analysis of the messages, this technique makes process or thread operations “invisible” to the klif interceptor. Such registered entity is considered to be trusted and its activity is removed from AV-scanning, process monitoring, firewall and other defense engines that are subscribed to intercepted events. In addition, the module requests support of the self-defense feature of Kaspersky Lab product, which is normally used to protect the software from aggressive malware which kills the security software processes using a number of techniques available from the OS. This of course guarantees that even a user with administrative privileges cannot stop such process. Considering that this seemed to be an attack against Kaspersky Lab products, we did some additional tests of the products and found that current products verify the caller process by checking its custom digital signature. So far, without additional driver support, this technique should fail. Verification of the digital signature of the process that opened \KlifComm minifilter communication port was implemented in all Kaspersky Lab products since 2010. So far, this could affect only older products such as KIS2010, which was released by Kaspersky Lab in 2009 ► It doesn’t look realistic now that the attackers started implementing tricks against Kaspersky Lab products in 2009 or earlier. So we looked for another rational explanation and seem to have found it. Such an attack doesn’t normally work against our products because they verify that the caller process is legitimate by checking its custom digital signature. To bypass this, the Duqu 2.0 component named “KMART.dll” patches “klif.sys” in memory to bypass this check. The attack works because the attacker’s “KMART.dll” is already running in kernel mode due to a vulnerability in the Windows kernel. After sending the codes, the module proceeds to the next stage, which is process migration, described further below. For any inquiries, please contact intelreports at kaspersky.com 14 The Duqu 2.0 Technical Details CTwoPENC.dll zero-day and KMART.dll The third layer klif.dll performs a multitude of functions in order to ensure the survival of the malware in memory and bypass antivirus detections. One important step is to get kernel level access. On 64-bit systems, one cannot simply load and run kernel mode code without a signed driver. While other attackers such as Equation or Turla chose to piggyback on third-party signed drivers, the Duqu 2.0 platform relies on a much more cunning trick. One of the payloads bundled together with “klif.dll” is called “CTwoPENC.dll”. This is aWindows kernel mode exploit (CVE-2015-2360) that allows them to run code with the highest privileges in the system We recovered several versions of “CTwoPENC.dll”, both for 32-bit and 64-bit versions of Windows, with the following compilation timestamps: • • • 2014.08.25 01:20:04 (GMT) 2014.08.25 01:19:03 (GMT) 2014.07.06 09:17:03 (GMT) Unlike other Duqu 2.0 modules, these timestamps appear to be legitimate. The reason for this remains unknown – perhaps the Duqu platform developers got this module from somebody else and forgot to patch its compilation timestamp. “CTwoPENC.DLL” exploits a zero-day vulnerability in “win32k.sys” to gain kernel privileges while being run as an unprivileged user. It creates several windows with classes named “CPer”, “Zero”, “CTwo”, “Vero” in several threads and manipulates the callback pointers. Part of the exploit code that registers window classes and creates new windows. The main purpose of the exploit is to load a driver named “KMART.dll”. If the exploit succeeds, it decompresses “KMART.dll” from the module’s body and passes control For any inquiries, please contact intelreports at kaspersky.com 15 The Duqu 2.0 Technical Details to it while running in kernel mode. Both 32-bit and 64-bit versions of the “KMART. DLL” exist. This driver implements a kernel-mode attack against the Kaspersky Lab products filter “klif.sys”. It patches the import table addresses of system API functions PsGetCurrentProcessId, PsLookupProcessByProcessId and KlGetStringRef export of Kaspersky Lab’s anti-virus driver klflt.sys. The intercepted functions are preceded by malicious code that impersonates the other malicious modules as coming from the process/file “avp.exe” (using the actual location of the anti-virus component), thus evading monitoring by the anti-virus software. During testing, the zero-day exploit worked on all contemporary Windows versions (XP, Vista, 7, 8, 8.1 both 32-bit and 64-bit). This vulnerability has been patched by Microsoft on June 9, 2015.” Payload Containers and Migration The module supports a number for different payloads provided in the form of containers following klif.dll in memory (located in PE overlay). A payload container contains a short header describing target CPU architecture, payload type and target process name or hash. When the module uses some embedded code or file there is normally at least two variants of code bundled inside: 32 and 64-bit. Each payload run type is identified by a single character. Current module supports the following 5 payload run types: g, i, k, l, q. Seems like the developer used ordered alphabet characters, which means that there could be other payload run types which were removed from the code at some time. Currently the container located in the overlay of subject executable contains a “l” character as a payload run type, so lets describe it first. Payload type “L” First, the code looks for privileges from other processes. The process handle can be hardcoded or obtained by looking for currently running processes, hashing their names and comparing them to one of known hashes. The module includes the following hardcoded process hashes: 0x31283314 (services.exe), 0x1026D1BA (lsass.exe), 0x3BD2498C (svchost.exe). If any of the recognized processes are found, the module opens process token and verifies that the following privileges are available: • • • • • • SeDebugPrivilege SeTcbPrivilege SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege SeImpersonatePrivilege SeRestorePrivilege If they are available the module duplicates process token and saves it into an internal structure for future use. For any inquiries, please contact intelreports at kaspersky.com 16 The Duqu 2.0 Technical Details The module looks for one of the available security suites installed in current system and some generic processes if nothing was found. It attempts to find executable files of the following software: • • • • • • • • • • • • • More than 20 different Kaspersky Lab products McAfee VSCore, SystemCore, HIP Symantec Internet Security Bitdefender ESET H+BEDV TrendMicro Network Security Component Rising AV Avast AVG 2012/2013/2014/2015 F-Secure Qihoo 360 Security Generic Windows Processes: oo %ProgramFiles(x86)%\Windows Defender\MsMpEng.exe oo %SystemRoot%\syswow64\svchost.exe oo %SystemRoot%\system32\lsass.exe oo %SystemRoot%\system32\svchost.exe When such an executable is found and eventually it should (at least svchost or lsass. exe should be present), it runs a new process from discovered location and replaces its executable code with own embedded into current executable in encrypted and compressed form. If the code manages to find a security token from one of the processes with required security privileges, it will try to use this token when creating a new process using CreateProcessAsUser API. Otherwise it simply spawns new process instance. The new process is started in suspended and debugged state. Just before starting the new process it disables DEP for the child processes to simplify code injection and data manipulation. So far, from the outside, it may look like a security software was started, while from the inside its code is completely different from legitimate module. Payload run type “G” This payload is almost identical to payload L described above, but the loader is simpler - it skips hijacking of privileged token. Code injection target is selected automatically depending on the availability of known processes. Payload run type “I” This payload is similar to payload G, but makes the loader parse payload header a bit differently: instead of process name string it takes only 4 bytes, which are supposedly used as a process hash. This seems to be a way to hide target process name and use only hash, however this hasn’t been implemented completely in the module we analyzed. For any inquiries, please contact intelreports at kaspersky.com 17 The Duqu 2.0 Technical Details Payload run type “K” This payload is designed to run within the context of the current process. The code simply copies the code to be executed into separate memory and runs it in a dedicated thread. It blocks until thread finishes its execution. Payload run type “Q” This payload is identical to payload K described above but it doesn’t block execution when a new thread is started. So far, the new code runs asynchronously. After the payload container is opened and code migrated to another process, which can be elevated and protected from security software, the real malicious code is activated. In most cases, it is simple named pipe based backdoor that listens for incoming communications from the orchestrator. In rare cases, on selected machines, it can be heavy orchestrator module that communicates with command and control server, works as a bidirectional proxy and comes with a large bundle of secondary plugins. Platform plugginable modules In addition to the basic remote backdoor, the attackers deploy more sophisticated packages to domain controllers and to the victims of interest inside the LAN. These MSI packages can contain tens of different modules designed for various cyberespionage functions. The fully featured packages are much larger than the basic remote backdoor – 18MB vs 500KB. They follow the same structure, with ActionDll and the loader mechanism, except they contain a lot more plugins to load and run. During our analysis, we identified more than 100 variants of such plugins. A description of these plugins follows. To separate them, we used a virtual identifier based on the first two bytes of their MD5 sum. 03B7 – The main module of Duqu 2.0, orchestrator. Implements multiple protocol handlers for C&C communication, can start an intermediate C&C proxy server with a self-signed HTTPS certificate. Starts the plugin framework, loads and manages all additional plugins. It works via HTTP, HTTPS, SMB network pipes or direct TCP connection using a custom, encrypted protocol. Interaction via HTTP is concealed in JPEG or GIF files, similar to the 2011 version of Duqu. Request names, URLs and User-Agent strings may vary between attacks. Additional known variants: 3026, 4F11. 0682 – Collects basic system information: • • List of running processes Active desktop and terminal sessions For any inquiries, please contact intelreports at kaspersky.com 18 The Duqu 2.0 Technical Details Collected information is then transmitted to a named pipe provided by the caller. Additional known variants: C0B7 073C – Implements a complete Windows socket-based transport, both client and server side. Provides a class factory for the class that encapsulates various networking functions. 0872 – MSI CustomAction library that is activated when the malicious installer package is started by the Windows Installer. Loads the encrypted binary blob that contains actual malicious payload, decrypts and then executes it in memory. The names in version information vary: svcmsi_32.dll, msi3_32.dll, MSI.dll, msi4_32.dll. Encryption algorithms also vary: Camellia 256, AES, XXTEA. The decryption key is extracted from an MSI parameter, possible names: PROP, HASHVA, CKEY. The encrypted blob is searched by prefixes (can vary): ActionData, CryptHashs, CAData. Both 32-bit and 64-bit versions are known. Additional known variants: 8D7C, 16EF, E6E5, 434C, 44BD, F708. 09A0 – 64-bit, Exfiltrates file contents, particularly searching for files matching these rules: • • • *.inuse, *.hml filename contains “data.hmi” or “val.dat” files from the /Int/HMI/ or /LG/HM/ folders. File and directory names of interest for the 09A0 plugin. Additional known variants: 8858 0AB8 – Provides 25 functions for manipulating files and directories: • • • List files in directories Upload and download arbitrary files Read/write file contents For any inquiries, please contact intelreports at kaspersky.com 19 The Duqu 2.0 Technical Details In several cases, the modules are looking specifically for directories named “\int”, “\lg”, “\ of\md”, “\tl”, “\ak” and files with extensions “.part”, “.manual”, “.inuse”. File and directory names of interest for the 0AB8 plugin. Additional known variants: A69E. 0B97 – Network transport. Implements API for connecting sockets and pipes provided by the caller. Additional variant: 56A2. 152B – Network and domain discovery. • • • Enumerates all servers in the domain Tries to connect to remote registries and enumerate all users in “HKEY_USERS”. Usernames are then converted to SIDs Enumerates all visible network shares Additional known variants: A987 1C71 – In-memory storage. Receives and stores string data in file mappings. 2125 – Network infection module. Tries to acquire administrative credentials from the running processes and then connect to a target machine using Windows shares. The machine is infected with a malicious DLL backdoor, the target directory varies and may be in UPDROOT$, ADMIN$ or C$. Uses custom SMB packets to identify the target OS version. The target malicious DLL is then started using a new service created with a name “svcmsi_32@”. The module communicates with the target backdoor via Windows pipes. Additional variant: DB65. Instead of the malicious DLL, it uploads a new MSI package and then relies on MSIEXEC.EXE to start the MSI via a newly created service named “msisvc_32@”, the target MSI name is generated randomly using a template “tmp%x. tmp”. Example of a Windows event log (System) entry created at the moment of infection. Administrative credentials are acquired by stealing a token from any running process that was started by a logged on user having domain administrator’s rights. For that, it first For any inquiries, please contact intelreports at kaspersky.com 20 The Duqu 2.0 Technical Details queries for the first 100 administrative usernames in the current domain directly from the domain controller. Remote locations used by the network infection module. 24B7 – Remote desktop administration. Acquires the screenshots of the desktop but also can send input to the desktop, move the mouse cursor. Both 32-bit and 64-bit variants exist. Additional known variants: 65BE, 7795, BDC8, DEE2 26D6 – Detects running network sniffers (wireshark, tcpview, netstat, dumpcap, perfmon); implements a TCP server and communicates via network pipes. Internal name: “P.dll”. 2829 – Collects system information • • • • Monitors USB device attachment Collects USB drive history Enumerates network shares, windows captions, system routing tables Reads/writes encrypted files 2913 - WMI data collection • • • • Enumerate profiles with SIDs For each profile, extracts information from lnk files in the profile directory Enumerate processes via WMI (CIMV2), including terminated processes Extracts user information from available remote registries Additional known variant: C776 29D4 - Service msisvc_32@; DLL backdoor that is used for network infection by module 2125. Accepts commands via named pipe “Global\{B54E3268-DE1E-4c1e-A6672596751403AD}”. Both 32-bit and 64-bit variants exists. For any inquiries, please contact intelreports at kaspersky.com 21 The Duqu 2.0 Technical Details Additional known variants: 6F92, A505, D242 2B46 – Extensive collection of system and user information • • • • • • • • • • • • • • • • • • • • • • • • Domain controller’s name List of users in the domain Administrators of the domain Enumerates domain trusts TCP tables UDP tables SNMP discovery (OS, parse all replies) USB drive history, mounted devices Installed programs Time zone OS install date ODBC.ini, SQL Server instance info, Oracle ALL_HOMES, SyBase, DB2, MS SQL, MySQL last connections DHCP/routing Network profiles Zero Config parameters Connected printers MRU list for WinRAR, WinZip, Office, IE typed URLs, mapped network drives, Visual Studio MRU Terminal Service Client default username hint User Assist history PuTTY host keys and sessions Logged on users Network adapter configuration VNC clients passwords Scan the network and identify OS using SMB packet Some of the registry locations harvested by the module. For any inquiries, please contact intelreports at kaspersky.com 22 The Duqu 2.0 Technical Details Additional known variants: A7F8 2BF7 - Utility DLL. Provides basic API for creating new MSI packages, loading and injecting arbitrary PE modules. Also responsible for loading the first level of the VFS inside the malicious MSI files. Both 32-bit and 64-bit versions exist. Known names: “ntdll.dll”, “klif.dll”, “apiset.dll”. Additional known variants: 6DA1, 32DB, 8304, 9931, 9E60, A2D4, ABA9, B3BB, DC5F, DD32, F7BB 3395 – MS SQL discovery module. Module can send ARP packets to network and discover MS SQL Server ports. Additional functions are responsible for connecting and reading of remote registry contents. 35E9 – File system discovery. • • • Enumerate network shares Enumerate local disks Traverse files system hierarchy and enumerate files; identify reparse points 3F45 – Pipe backdoor. Opens a new globally visible named Windows pipe, receives and executes encrypted commands. The “magic” string that identifies the encrypted protocol is “tttttttt”. • • Enumerates running processes Loads and executes arbitrary PE files Both 32-bit and 64-bit versions exist. Known pipe names: • • • \\.\pipe\{AAFFC4F0-E04B-4C7C-B40A-B45DE971E81E} \\.\pipe\{AB6172ED-81054996-9D2A-597B5F827501} \\.\pipe\{0710880F-3A55-4A2D-AA67-1123384FD859} \\.\pipe\{6C51A4DB-E3DE4FEB-86A4-32F7F8E73B99} \\.\pipe\{7F9BCFC0-B36B-45EC-B377-D88597BE5D78}, \\.\pipe\{57D2DE92-CE174A57-BFD7-CD3C6E965C6A} Additional known variants: 6364, 3F8B, 5926, A90A, DDF0, A717, A36F, 8816, E85E, E927 For any inquiries, please contact intelreports at kaspersky.com 23 The Duqu 2.0 Technical Details 4160 - Password stealer • • Extracts Google Chrome and Firefox login data LSA credentials Data used to locate Chrome saved logins. Additional known variants: B656 41E2 – Password stealer. 64-bit module. Extracts: • • • • • • IE IntelliForms history POP3/HTTP/IMAP passwords TightVNC, RealVNC, WinVNC3/4 passwords Outlook settings SAM, LSASS cache Windows Live, .Net Passport passwords References to information collected by the module. Additional known variants: 992E, AF68, D49F 482F – Collects system information. • • • Enumerates disk drives Gets list of running processes Extensive process information including uptime For any inquiries, please contact intelreports at kaspersky.com 24 The Duqu 2.0 Technical Details • • Memory information SID information Additional known variants: F3F4 559B – Active Directory survey. • • • Connects to the Active Directory Global Catalog (“GC:”) using ADSI Enumerates all objects in AD Presents every entry in a human-readable format Active Directory enumeration routine. 580C - Collects system and network information. • • • • • • • Retrieves the domain controller name Enumerates all users and groups in the domain Collects Task Scheduler logs Collects disk information, removable device history Retrieves firewall policies Enumerates all named system objects Enumerates all system services For any inquiries, please contact intelreports at kaspersky.com 25 The Duqu 2.0 Technical Details 5B78 - Collects system information and utilities. One of the two exported functions has a name “GetReport”. • • • • Enumerate running processes, extract tokens and SIDs, collect timing information Logon users using explicit credentials Impersonate users of running processes Build new 32-bit and 64-bit shellcode stubs using a hardcoded template Both 32-bit and 64-bit versions exist. Additional known variants: E8C7, EE6E. 5C66 – Encrypted file I/O, utilities • • File I/O operations: open/seek/read/write Manages compressed and encrypted temporary files For any inquiries, please contact intelreports at kaspersky.com 26 The Duqu 2.0 Technical Details 622B - Generate XML report about system using unique schema • • • • • • • Computer name Windows directory Enumerates all logical drives Lists all files OS serial number Domain name Network adapter configuration: IP addresses, MAC, MTU, adapter list XML tags used to generate the system report. 6302 - Utilities. Has internal name “d3dx9_27.dll”. Executes timer-based events. Additional known variants: FA84 669D – Utilities. Given a list of file names and directories, checks if they exist. Additional known variants: 880B For any inquiries, please contact intelreports at kaspersky.com 27 The Duqu 2.0 Technical Details 6914 - Sniffer-based network attacks. Uses a legitimate WinPcap driver “npf.sys”. Detects NBNS (NetBIOS protocol) requests of interest and sends its own responses: • • Responds to WPAD requests (“FHFAEBE” in NBNS packets) Sends responses to HTTP GET requests The network filter is based on the BPF library. The payloads for the HTTP and WPAD responses are provided externally. Fake HTTP response and related status messages. 6FAC - File API • • • Get file size, attributes Securely delete a file Open/close/read/write file contents Additional known variants: A7EE 7BDA – Collects system information • • • • • • • • Current state of AV and firewall protection using wscapi.dll API Detect if “sqlservr.exe” is running Computer name Workgroup info Domain controller name Network adapter configuration Time and time zone information CPU frequency Additional known variants: EF2E For any inquiries, please contact intelreports at kaspersky.com 28 The Duqu 2.0 Technical Details 7C23 – Extracts metadata from documents and collects system information • • • Computer name System volume serial Complete file API as in 6FAC Searches for documents and archives and implements routines to extract all valuable information from them: • • • • • • E-mail messages: eml, msg Image files: jpg, jpe, jpeg, tif, tiff, bmp, png Multimedia files: wmv, avi, mpeg, mpg, m4a, mp4, mkv, wav, aac, ac3, dv, flac, flv, h264, mov, 3gp, 3g2, mj2, mp3, mpegts, ogg, asf. These are re-encoded with libffmpeg. Contents from PDF documents Microsoft Office: doc, docx, xlsx, pptx. Dedicated routines are called accordingly: “OfficeRipDoc”, “OfficeRipDocx”, “OfficeRipXlsx”, “OfficeRipPptx”. PPT slides are extracted and converted to a HTML digest of the presentation. Archives: gz, gzip, gzX3, zip, rar Creates temporary files with extension “.fg4”. Additional known variants: EB18, C091 Part of the list of file extensions of interest and corresponding status messages. For any inquiries, please contact intelreports at kaspersky.com 29 The Duqu 2.0 Technical Details 8172 - Sniffer-based network attacks. Performs NBNS (NetBIOS protocol) name resolution spoofing for: • • • WPAD requests Names starting with “SHR” Names starting with “3142” (log only) Status messages related to the attack. Additional feature: the module can build new shellcode blobs from hardcoded templates. 81B7 – Driver management • • • Write driver to disk Start/stop driver Safely remove the driver’s file from disk Additional known variants: C1B9 For any inquiries, please contact intelreports at kaspersky.com 30 The Duqu 2.0 Technical Details 8446 - Oracle DB and ADOdb client. • • • Uses “oci.dll” API to access Oracle databases Extracts all available information from the database Also connects to ADOdb providers SQL queries and related data. 8912 – Encrypted file manipulation and collects system information • • • • • • Shared file mapping communication Write encrypted data to files Enumerate windows Enumerate network shares and local disks Retrieve USB device history Collect network routing table Known mutex and mapping names: • • • Global\{DD0FF599-FA1B-4DED-AC70-C0451F4B98F0} Global\{B12F87CA-1EBA4365-B90C-E2A1D8911CA9}, Global\{B03A79AD-BA3A-4BF1-9A59-A9A1C57A3034} Global\{6D2104E6-73104A65-9EDD-F06E91747790}, Global\{DD0FF599-FA1B-4DED-AC70-C0451F4B98F0} Global\{B12F87CA-1EBA4365-B90C-E2A1D8911CA9} For any inquiries, please contact intelreports at kaspersky.com 31 The Duqu 2.0 Technical Details Additional known variants: D19F, D2EE 9224 – Run console applications. Creates processes using desktop “Default”, attaches to its console and redirects its I/O to named pipes. 92DB - Modified cmd.exe shell. Several CMD commands processed by the shell. 9F0D (64-bit), D1A3(32-bit) – legitimate signed driver NPF.SYS (WinPcap) distributed inside the VFS along with the plugins. It is used for sniffer-based network attacks. A4B0 – Network survey • • • • • • Uses DHCP Server Management API (DHCPSAPI.DLL) to enumerate all DHCP server’s clients Queries all known DHCP sub-networks Searches for machines that have ports UDP 1434 or 137 open Enumerates all network servers Enumerates network shares Tries to connect to remote registries to enumerate all users in HKEY_USERS, converts them to SIDs B6C1 - WNet API. Provides wrappers for the WnetAddConnection2 and WNetOpenEnum functions. Additional known variants: BC4A For any inquiries, please contact intelreports at kaspersky.com 32 The Duqu 2.0 Technical Details C25B – Sniffer based network attacks. Implements a fake SMB server to trick other machines to authenticate with NTLM. • Implements basic SMB v1 commands SMB commands handled by the module • • • Pretends to have IPC$ and A: shares Accepts user authentication requests Also handles HTTP “GET /” requests NTLM challenge and SMB server data For any inquiries, please contact intelreports at kaspersky.com 33 The Duqu 2.0 Technical Details ED92 – File system survey • • Enumerates all local drives and connected network shares Lists files EF97 – Filesystem utilities • • • • • Enumerate files Create and remove directories Copy/move/delete files and directories Extract version information from files Calculate file hashes Additional known variants: F71E Persistence mechanism The Duqu 2.0 malware platform was designed in a way that survives almost exclusively in memory of the infected systems, without need for persistence. To achieve this, the attackers infect servers with high uptime and then re-infect any machines in the domain that get disinfected by reboots. Surviving exclusively in memory while running kernel level code through exploits is a testimony to the technical prowess of the group. In essence, the attackers were confident enough they can survive within an entire network of compromised computers without relying on any persistence mechanism at all. The reason why there is no persistence with Duqu 2.0 is probably because the attackers wanted to stay under the radar as much as possible. Most modern anti-APT technologies can pinpoint anomalies on the disk, such as rare drivers, unsigned programs or maliciously-acting programs. Additionally, a system where the malware survives reboot can be imaged and then analyzed thoroughly at a later time. With Duqu 2.0, forensic analysis of infected systems is extremely difficult – one needs to grab memory snapshots of infected machines and then identify the infection in memory. However, this mechanism has one weakness; in case of a massive power failure, all computers will reboot and the malware will be eradicated. To get around this problem, the attackers have another solution – they deploy drivers to a small number of computers, with direct Internet connectivity. These drivers can tunnel traffic from the outside into the network, allowing the attackers to access remote desktop sessions or to connect to servers inside the domain by using previously acquired credentials. Using these credentials, they can re-deploy the entire platform following a massive power loss. Command and control mechanisms Duqu 2.0 uses a sophisticated and highly flexible command-and-control mechanism that builds on top of the 2011 variant, with new features that appear to have been inspired by other top class malware such as Regin. This includes the usage of network pipes and mailslots, raw filtering of network traffic and masking C&C traffic inside image files. For any inquiries, please contact intelreports at kaspersky.com 34 The Duqu 2.0 Technical Details Inside a Windows LAN, newly infected clients may not have a C&C hardcoded in their installation MSI packages. Without a C&C, they are in “dormant” state and can be activated by the attackers over SMB network pipes with a special TCP/IP packet that contains the magic string “tttttttttttttttt”. If a C&C is included in the configuration part of the MSI file, this can be either a local IP address, which serves as a bouncing point or an external IP address. As a general strategy for infection, the attackers identify servers with high uptime and set them as intermediary C&C points. Hence, an infected machine can jump between several internal servers in the LAN before reaching out to the Internet. To connect the the C&C servers, both 2011 and 2014/2015 versions of Duqu can hide the traffic as encrypted data appended to a harmless image file. The 2011 version used a JPEG file for this; the new version can use either a GIF file or a JPEG file. Here’s how these image files look like: Another modification to the 2014/2015 variants is the addition of multiple user agent strings for the HTTP communication. The 2011 used the following user agent string: • Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.9) Gecko/20100824 Firefox/3.6.9 (.NET CLR 3.5.30729) The new variants will randomly select an user agent string from a table of 53 different possible ones. For any inquiries, please contact intelreports at kaspersky.com 35 The Duqu 2.0 Technical Details Another unusual C&C mechanism relies on driver files that are used to tunnel the C&C communications and attacker’s RDP/SMB activity into the network. The attackers deploy such translation drivers on servers with direct Internet connectivity. Through a knocking mechanism, the attackers can activate the translation mechanism for their IPs and tunnel their traffic directly into the LAN. Outside the LAN, the traffic can be masked over port 443; inside the LAN, it can be either direct SMB/RDP or it can be further translated over fake TCP/IP packets to IP 8.8.8.8. During our investigation, we observed several such drivers. A description can be found below. The “portserv.sys” driver analysis MD5: 2751e4b50a08eb11a84d03f8eb580a4e Size: 14336 Compiled: Sat Feb 11 21:55:30 2006 (fake timestamp) Internal name: termport.sys Type: Win32 device driver (a 64 bit version is known as well) For any inquiries, please contact intelreports at kaspersky.com 36 The Duqu 2.0 Technical Details This is a malicious NDIS filter driver designed to perform manipulation of TCP/IP packets to allow the attacker to access internal servers in the victim’s infrastructure. Upon startup, the filter driver hooks into the NDIS stack and starts processing TCP/IP packets. To leverage the driver, the attacker first sends a special TCP/IP packet with the string “romanian.antihacker” to any of the hardcoded IPs belonging to infected server. In general, such servers are computers with direct Internet connectivity, such as a webserver or a proxy. The driver sees the packet, recognizes the magic string “romanian. antihacker” and saves the attacker’s IP for later use. Magic string used for knocking inside the driver. When a packet comes from the attacker’s IP (saved before), the following logic applies: • • • • Packet to server 1’s IP on port 443, is redirected on port 445 (Samba/Windows file system) Packet from server 1’s IP from port 445, is redirected to attacker’s IP port 443 Packet to server 2’s IP on port 443 is redirected on port 3389 (Remote Desktop) Packet from server 2’s IP from port 3389 is redirected to attacker’s IP port 443 This effectively allows the attackers to tunnel SMB (remote file system access) and Remote Desktop into these two servers while making it look like SSL traffic (port 443). These drivers allow the Duqu attackers to easily access servers inside the LAN from remote, including tunneling RDP sessions over Port 443 (normally SSL). It also gives them a persistence mechanism that allows them to return even if all the infected machines with the malware in memory are rebooted. The attackers can simply use existing credentials to log back into any of the servers that the driver is serving and can reinitialize the backdoors from there. For any inquiries, please contact intelreports at kaspersky.com The Duqu 2.0 Technical Details 37 Similarities between Duqu and Duqu 2.0 The 2014/2015 Duqu 2.0 is a greatly enhanced version of the 2011 Duqu malware discovered by 7CrySyS Lab. It includes many new ideas from modern malware, such as Regin, but also lateral movement strategies and harvesting capabilities which surpasses commonly seen malware from other APT attacks. Side by side: 2011 Duqu 2014/2015 Duqu 2.0 Number of victims: <50 (estimated) <100 (estimated) Persistence mechanism: Yes No Loader: SYS driver MSI file Zero-days used: Yes Yes Main storage: PNF (custom) files MSI files C&C mechanism: HTTP/HTTPS, network pipes HTTP/HTTPS, network pipes Known plugins: 6 >100 There are many similarities in the code that leads us to conclusion that Duqu 2.0 was built on top of the original source code of Duqu. Those interested can read below for a technical description of these similarities. 7 https://www.crysys.hu/publications/files/bencsathPBF11duqu.pdf For any inquiries, please contact intelreports at kaspersky.com 38 The Duqu 2.0 Technical Details One of the “trademark” features unique to the original Duqu was the set of functions that provide logging facilities. Unlike many other APTs, Duqu logs almost every important step of its activity but does it in a special way: there are no readable strings written to the log. Instead, a series of unique numbers identify every state, error, or message in the log. Comparing the functions that generate every log entry in Duqu and Duqu 2.0, we can conclude that they are almost identical: The first generation of Duqu was also written in a very rare and unique manner. It was compiled with Visual Studio and while parts of it were definitely written in C++, the majority of its classes were not natively generated by the C++ compiler. After analyzing all the possible variants, we conclude that these classes were written in OO-C, the objective variant of the C language, and then somehow converted into a compilable C/ C++ source. All these classes had a very specific feature: the virtual function table of every instance was filled “by hand” in its constructor. Interestingly, this is no longer the case for Duqu 2.0. The authors upgraded their compiler from Visual Studio 2008 (used in 2011) to Visual Studio 2013 and now use classes that look much more like native C++ ones: On the left: the “hand-made” or “compiler-assisted” classed of OO-C in Duqu. On the right: the same class in Duqu 2.0 has a native Vtable similar to native C++ one, however the offset of the pointer is not zero. For any inquiries, please contact intelreports at kaspersky.com 39 The Duqu 2.0 Technical Details The more concrete evidence of similarity can be found if we look for functions that actually use the logging facilities. The authors kept using the same unique numbers for identification of internal states, errors and function results. Networking functions are good candidates for comparison: Implementation of the same networking function in Duqu and Duqu 2.0. Note the same unique numbers (in red rectangles) PUSHed as parameters to the logging function. For any inquiries, please contact intelreports at kaspersky.com 40 The Duqu 2.0 Technical Details Another networking routine: after calling recv() to receive data from network, Duqu logs the results and possible network errors (obtained via WSAGetLastError()). Unique numbers in red rectangles are used to identify the current state of the networking routine. The code of the orchestrator evolved in many aspects since 2011. One of the notable differences is a huge list of HTTP User-Agent strings that are now used instead of a single hard-coded one: For any inquiries, please contact intelreports at kaspersky.com 41 The Duqu 2.0 Technical Details The authors also modified the “magic” two-byte value that identifies encrypted network traffic: “SH” was replaced with a more neutral and harder to trace “WW”: Code that verifies the “magic” value in network traffic. The chars are swapped due to little-endianness of data in x86/64 architectures. Both Duqu and Duqu 2.0 use special structures to identify the interfaces of their plugins. The orchestrator also has one for the “core” plugin that is compiled in its code. The newer version has a slightly bigger table, hence more functions, and a different notation for describing the plugin features. Special strings (i.e. “A888A8>@”) describe each function’s signature. The older Duqu had contained similar strings in binary (unreadable) form. Data structure that describes the “core” plugin of Duqu and two different version of Duqu 2.0. Note the same constants and similar functions. For any inquiries, please contact intelreports at kaspersky.com 42 The Duqu 2.0 Technical Details The Duqu C&C code makes use of small image files to hide its communications over unencrypted channels, i.e. HTTP. The original Duqu used a JPEG file, and known versions of Duqu 2.0 use a similar JPEG file as well as a new, larger GIF file. Also, the layout of the data section did not change much: the image data is preceded by short AES encryption keys (string “sh123456” in Duqu, two binary DWORDs in Duqu 2.0) followed by the LZO version string “2.03”. Image data used for hiding C&C communication in them: JPEG in Duqu, similar JPEG in Duqu Bet and GIF in a different version of Duqu Bet. Note the preceding LZO version string “2.03” and encryption keys. The large number of similarities between the Duqu 2011 code and the new Duqu 2.0 samples indicates that the new code represents a new iteration of the malware platform. The new version could not have been built without access to the 2011 Duqu source code. Hence, we conclude that the authors are the same or working together. Victims of Duqu 2.0 Victims of Duqu 2.0 were found in several places, including western countries, the Middle East and Asia. The actor appears to compromise both final and utilitarian targets, which allow them to improve their cyber capabilities. Most of the final targets appear to be similar to their 2011 goals – which is to spy on Iran’s nuclear program. Some of the new 2014-2015 infections are linked to the P5+1 events and venues related to the negotiations with Iran about a nuclear deal. The threat actor behind Duqu appears to have launched attacks at the venues for some of these high level talks. In addition to the P5+1 events, the Duqu 2.0 group has launched a similar attack in relation to the 870th anniversary event of the liberation of Auschwitz-Birkenau. 8 http://70.auschwitz.org/index.php?lang=en For any inquiries, please contact intelreports at kaspersky.com 43 The Duqu 2.0 Technical Details The other type of targets for the new attacks are what we call “utilitarian” targets. These are companies that the attackers compromise to improve their cyber capabilities. For instance, in 2011, the attackers compromised a certificate authority in Hungary; obviously, this would allow them to generate digital certificates, which can be further used to sign malware samples. The same pattern can be seen with the Duqu 2.0 infections. Some of the companies infected with Duqu 2.0 operate in the sector of Industrial Control Systems as well as industrial computers. Attribution As usual, attribution of cyberattacks over the Internet is a difficult task. In the case of Duqu, the attackers use multiple proxies and jumping points to mask their connections. This makes tracking an extremely complex problem. Additionally, the attackers have tried to include several false flags throughout the code, designed to send researchers in the wrong direction. For instance, one of the drivers contains the string “ugly.gorilla”, which obviously refers to 9Wang Dong, a Chinese hacker believed to be associated with the APT1/Comment Crew. The usage of the Camellia cypher in the MSI VFSes, previously seen in APT1-associated Poison Ivy samples is another false flag planted by the attackers to make researchers believe they are dealing with APT1 related malware. The “romanian.antihacker” string used in the “portserv.sys” driver is probably designed to mimic “w00tw00t.at.blackhats.romanian.anti-sec” requests that are often seen in server logs or simply point to an alleged Romanian origin of the attack. The usage of rare compression algorithms can also deceptive. For instance, the LZJB algorithm used in some of the samples is rarely seen in malware samples; it has been used by MiniDuke which we reported in early 2013. Nevertheless, such false flags are relatively easy to spot, especially when the attacker is extremely careful not to make any other mistakes. During our 2011 analysis, we noticed that the logs collected from some of the proxies indicated the attackers appear to work less on Fridays and didn’t appear to work at all on Saturdays, with their regular work week starting on Sunday. They also compiled binaries on January 1st, indicating it was probably a normal work day for them. The compilation timestamps in the binaries seemed to suggest a time zone of GMT+2 or GMT+3. Finally, their attacks would normally occur on Wednesdays, which is why we originally called them the “Wednesday Gang”. While the 2014 attack against Kaspersky Lab also took place on a Wednesday, the gang made huge OPSEC improvements compared to their older 2011 operations, including faking all the timestamps in PE files, removing the debug paths and internal module names for all plugins. The 2014 Duqu 2.0 binaries contain several strings in almost perfect English but one of them has a minor mistake indicating the involvement of non-native speakers. The usage of “Excceeded” instead of “Exceeded” in the file-harvesting module of Duqu 2.0 is the only language mistake we observed. 9 http://www.fbi.gov/wanted/cyber/wang-dong/view For any inquiries, please contact intelreports at kaspersky.com 44 The Duqu 2.0 Technical Details Misspelling of the word “Exceeded” in Duqu 2.0. Most interesting, one of the victims appear to have been infected both by the Equation Group and by the Duqu group at the same time; this suggests the two entities are different and competing with each other to obtain information from this victim. Conclusions During the 2011 Duqu attacks, we concluded that its main purpose could have been to spy on Iran’s nuclear program. Some of the victims appear to have been “utilitary”, such as one certificate authority in Hungary, which was compromised by Duqu and ultimately that led to its discovery. The group behind Duqu hacks these “utilitary” victims in order to gain certain technical abilities such as signing their malware with trusted certificates or to serve as platforms for further attacks. The 2014/2015 Duqu 2.0 appears to be a massive improvement over the older “Tilded” platform, although the main orchestrator and C&C core remains largely unchanged. Back in 2011 we pointed out to the usage of 10Object Oriented C as an unusual programming technique. The 2014 version maintains the same core, although some new objects in C++ have been added. The compiler used in the 2014 is newer and it results in different code optimizations. Nevertheless, the core remains the same in functionality and it is our belief it could not have been created by anyone without access to the original Duqu source code. Since these have never been made public and considering the main interest appears to have remained the same, we conclude the attackers behind Duqu and Duqu 2.0 are the same. The targeting of Kaspersky Lab represents a huge step for the attackers and an indicator of how quick the cyber-arms race is escalating. Back in 2011 and 2013 respectively, 11RSA and 12Bit9, were hacked by Chinese-language APT groups, however, such incidents were considered rare. In general, an attacker risks a lot targeting a security company – because they can get caught and exposed. The exact reason why Kaspersky Lab was targeted is still not clear – although the attackers did seem to focus on obtaining information about Kaspersky’s future technologies, Secure OS, anti-APT solutions, KSN and APT research. 10 https://securelist.com/blog/research/32354/the-mystery-of-duqu-framework-solved-7/ 11 https://blogs.rsa.com/anatomy-of-an-attack/ 12 https://blog.bit9.com/2013/02/08/bit9-and-our-customers-security/ For any inquiries, please contact intelreports at kaspersky.com 45 The Duqu 2.0 Technical Details From a threat actor point of view, the decision to target a world-class security company must be quite difficult. On one hand, it almost surely means the attack will be exposed – it’s very unlikely that the attack will go unnoticed. So the targeting of security companies indicates that either they are very confident they won’t get caught, or perhaps they don’t care much if they are discovered and exposed. By targeting Kaspersky Lab, the Duqu attackers have probably taken a huge bet hoping they’d remain undiscovered; and lost. For a security company, one of the most difficult things is to admit falling victim to a malware attack. At Kaspersky Lab, we strongly believe in transparency, which is why we are publishing the information herein. For us, the security of our users remains the most important thing – and we will continue to work hard to maintain your trust and confidence. References 1. Duqu: A Stuxnet-like malware found in the wild https://www.crysys.hu/publications/ files/bencsathPBF11duqu.pdf 2. Duqu: The Precursor to the next Stuxnet http://www.symantec.com/content/en/us/ enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_ next_stuxnet.pdf 3. The Mystery of Duqu: Part One https://securelist.com/blog/incidents/31177/themystery-of-duqu-part-one-5/ 4. The Mystery of Duqu: Part Two https://securelist.com/blog/incidents/31445/themystery-of-duqu-part-two-23/ 5. The Mystery of Duqu: Part Three https://securelist.com/blog/incidents/31486/themystery-of-duqu-part-three-9/ 6. The Mystery of Duqu: Part Five https://securelist.com/blog/incidents/31208/themystery-of-duqu-part-five-6/ 7. The Mystery of Duqu: Part Six (The Command and Control Servers) https://securelist. com/blog/incidents/31863/the-mystery-of-duqu-part-six-the-command-andcontrol-servers-36/ 8. The Mystery of Duqu: Part Ten https://securelist.com/blog/incidents/32668/themystery-of-duqu-part-ten-18/ 9. The Mystery of Duqu Framework Solved https://securelist.com/blog/research/32354/ the-mystery-of-duqu-framework-solved-7/ 10. The Duqu Saga Continues https://securelist.com/blog/incidents/31442/the-duqusaga-continues-enter-mr-b-jason-and-tvs-dexter-22/ For any inquiries, please contact intelreports at kaspersky.com Securelist, the ressource for Kaspersky Lab experts’ technical research, analysis and thoughts Kaspersky Lab B2C Blog Kaspersky Lab security news service Eugene Kaspersky Blog Kaspersky Lab B2B Blog Kaspersky Lab Academy Kaspersky Lab, Moscow, Russia www.kaspersky.com All about Internet security: www.securelist.com Kaspersky Lab HQ Follow us 39A/3 Leningradskoe Shosse Moscow, 125212 Russian Federation More contact details Tel: +7-495-797-8700 Fax: +7-495-7978709 Find a partner near you: www.kaspersky.com/buyoffline Twitter.com/Kaspersky Facebook.com/Kaspersky Youtube.com/Kaspersky © 2015 Kaspersky Lab. All rights reserved. Registered trademarks and service marks are the property of their respective owners. Lotus and Domino are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Linuxis the registered trademark of Linus Torvalds in the U.S. and other countries. Google is a registered trademark of Google, Inc. From hozer at hozed.org Wed Jun 10 09:51:03 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 10 Jun 2015 11:51:03 -0500 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> Message-ID: <20150610165103.GM27932@nl.grid.coop> > More importantly: The coin & currency tracking data maps FAR TOO > CLEARLY into reasonable commerce patterns, coins into and out of > *registers*, bank trucks and storage. Without a full 3d model and a > huge computational effort to simulate global commerce, it is more > likely that a high precision radar system or sigint capability is > actually tracking these targets. *coins*? I could imagine RFID-type tracking of bills. What I can't imagine is how you'd ever manage to track metal coins in and out of a cash register, unless the *register* itself has embedded analog signint pre-processing. If it's worldwide, I can only imagine consistent data if acquired by satellite, so it's got to be some frequency that propagates relatively well, with some sort of passive radar[1] type mechanism? Or is this why all cell phones have FM receivers now?[2] [1]http://www.defenceandsecurity-airbusds.com/en_US/web/guest/passive-radar-from-cassidian-remains-invisible [2]http://www.opb.org/about/connect/mobilefm/ From wilfred at vt.edu Wed Jun 10 09:00:04 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Wed, 10 Jun 2015 12:00:04 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: <20150610143748.GK27932@nl.grid.coop> References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> Message-ID: Here are some specifics on the data types, surprises, and questions: Originating party requested data services that were 100% onload guaranteed, specifically indicating source as an analogue signal digitisation system that did not have sufficient buffer capacity. Initial requests were for linear buffer but then changed to block file storage and public NAS capability. A similar request for SQL or distributed database storage in cloud hosting was also fielded by many services. Data structures are standard floats in spherical coordinates for 4D vectors, include some reference table indexes in most of the formats, and have some distinct ranges in a "small" selection of sample data: Time is offset (not unix) close to a western military standard but varies in density. Precision of Floats in 3D vector is trimmed, indicating a specific physical resolution. One of the electronic signal log files includes a standard signal characteristic for antenna direction in addition to location vector, typical of cell and e-war systems. Also includes values that may be rate of signaling or CPU processor speed(?). Most of the data uses index values, range is linear 0..count. Some of the data uses both an index and unique identifier, another set uses a large bit scope value assumed to be a hash, but its structure has been identified as a structured tree, possibly a known standard (described below) For each structure type, there are additional values related to the signal characteristics and some indexing/classifier but none related to a identifiable pattern other than sequentially loaded index tables. We are very concerned about the consistency of the data, one must assume that a full SPOOF is possible with calculated generation, however some selections map accurately into adjusted-coordinate 3D structures such as office buildings, houses, and viable speed tracking on highways. A party with direct access is preparing maps. Our interest is to prepare distributed processing techniques to consolidate rendering of the entire snapshot. One set is obviously electronic device data, another is most likely EM(?) tracking of coin and currency objects, another includes more precise vectors and a large unique identifier value and is extremely concerning. There is no statistical anomaly of missing data per region (coverage of entire planet), the density of records is consistent and in all small selections the data has high correlation with physical locations including terrain and structures, aircraft routes, highway speeds, and typical patterns at an accuracy that would require the same knowledge to artificially generate. More importantly: The coin & currency tracking data maps FAR TOO CLEARLY into reasonable commerce patterns, coins into and out of *registers*, bank trucks and storage. Without a full 3d model and a huge computational effort to simulate global commerce, it is more likely that a high precision radar system or sigint capability is actually tracking these targets. The large bit scope and header reference of one data set is especially concerning: 10-12 billion unique identifiers using standard genetic expression encoding values in tree form and a related signal characteristic profile. Tracked at 0.25m resolution. With signals. Log density may be due to AD sampling resolution. Data is historical, mid-year 2014. On Wed, Jun 10, 2015 at 10:37 AM, Troy Benjegerdes wrote: > You don't keep 120+gbps running without some government backing you. > > I can only think this is some sort of major political statement, by > some people with significant political (and real) capital to spend. > > Who's got the influence and money to do this, and why? I can only > imagine it's some sort of reaction to the USA freedom act. > > So if you think your data collection system might now be illegal, > do you open source it because it'll spill the beans on the banksters > who double-crossed you? > > Regardless of why, how do you manage data integrity of such a large > dump so you are not looking at intentionally manipulated data? > > > On Wed, Jun 10, 2015 at 09:17:59AM -0400, Wilfred Guerin wrote: >> Files are standard DB Table dumps (packed) loading from a cluster of >> VPNs from torrent and NAS protocols through central europe (entry >> providers are all in privacy-sensitive countries) and intended to be a >> distributed database service; there is simply nothing big enough to >> handle this onload directly. (at 120+gbps bursts) Some of the services >> are posting public torrent data and open sql database access. Table >> files are set up as redundant master with cross-population and >> standard distribution techniques. Some of the tracking data appears to >> have 1 inch resolution target vectors. >> >> >> >> On Wed, Jun 10, 2015 at 8:52 AM, Griffin Boyce wrote: >> > Wilfred Guerin wrote: >> >> >> >> Some huge *meaning close to exobyte size* data sets are circulating in >> >> storage clouds this last week, appear to be snapshots of signals >> >> intelligence metadata including vector tracking of signals targets >> >> (possibly cell phones based on movement vectors) and cross-associated >> >> metadata for their communications. Indications are that these are >> >> recon signal dumps of the american sigint system loaded by a major >> >> organized crime syndicate and cover most of last year. There is also a >> >> set of organic tracking signals, assumably covert agent >> >> communications, and another set that appears to be all American and >> >> European cash money transactions(???). >> > >> > >> > Links to more info? Are these intended to be public, or some kind of >> > config failure? >> > > > -- > ---------------------------------------------------------------------------- > Troy Benjegerdes 'da hozer' hozer at hozed.org > 7 elements earth::water::air::fire::mind::spirit::soul grid.coop > > Never pick a fight with someone who buys ink by the barrel, > nor try buy a hacker who makes money by the megahash > From hozer at hozed.org Wed Jun 10 11:13:07 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 10 Jun 2015 13:13:07 -0500 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: References: <20150610024144.GJ27932@nl.grid.coop> <5577B348.5080301@gna.org> <5577B6FD.4040105@gna.org> Message-ID: <20150610181307.GO27932@nl.grid.coop> On Wed, Jun 10, 2015 at 09:47:30AM -0700, Seth wrote: > On Tue, 09 Jun 2015 21:03:09 -0700, Christian Gagneraud > wrote: > > >BTW, every single CPU on this planet has a JTAG[1] port (or > >equivalent), so with physical access to the hardware you can > >install persistent backdoor on virtually any > >CPU/GPU/MCU/RAM/ROM/FPGA/CPLD/DSP/..., > > I trust that includes the Freescale chip used by the Novena > hardware? [1] Any way for a hardware manufacturer to shave that > bitch down so it can't be used by an implant? Xray your novena. Compare it to Bunniestudios pgp-signed xray images. Removing the jtag is like welding your hood shut because you're worried about cops tracking you. It pisses off your mechanic and doesn't do anything about the cell phone that's already tracking you. Jtag is incredibly usefull stuff if you are a hardware geek or a kernel and you want to debug why your laptop crashed. If you actually want to make the Novena more secure, start reverse engineering a full-open source toolchain to program the Xilinx FPGA, which is the most likely target for implants, cause we have to use the crappy xilinx tools to program it. From alfiej at fastmail.fm Tue Jun 9 20:31:09 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 10 Jun 2015 13:31:09 +1000 Subject: [Cryptography] Proposed US ITAR changes would require prepublication approval for most crypto research In-Reply-To: <5576978E.108@m-o-o-t.org> References: <5576978E.108@m-o-o-t.org> Message-ID: <1433907069.3524586.291449961.0099EE61@webmail.messagingengine.com> Snap, from Australia: http://www.smh.com.au/it-pro/security-it/dangerous-minds-are-maths-teachers-australias-newest-threat-20150608-ghira9.html "Australian academics who teach mathematics may need to run new ideas by the Department of Defence before sharing them or risk imprisonment. Some academics are set to become much more familiar with the department's Defence Export Control Office (DECO), a unit that enforces the Defence Trade Control Act 2012, Australia's end of a 2007 pact with the US and UK over defence trade. Until recently, DECO only regulated physically exported weapons and so-called "dual use" items such as encryption, computing hardware and biological matter. However in March the act was updated to include "intangible supply", which is intended to prohibit the transfer of knowledge from Australia that could be used to produce weapons." Alfie On Tue, Jun 9, 2015, at 05:36 PM, pete wrote: > Proposed US ITAR changes. New regs, for comment, not yet in law or > in force. > > http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762 > > www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf > > > Actually, it says, for the first time explicitly, that publishing > widely on the internet would be enough to put data into the > public domain > [000]. Sounds good? > > However, there is a great big kicker: posting ITAR technical data for > the first time would be an export, and you wouldn't be allowed to do > it without prior authorization [17]. > > Reposting already-posted technical data is also making it available, > and you wouldn't be allowed to do that unless the initial posting was > authorised. > > Neither would you be allowed to sell a book or magazine or periodical, > even within the US, unless it had been made available with an > authorisation [23]. > > Phil Zimmerman's trick, publishing the source to PGP in printed form > to put it in the public domain, would no longer work. > > > > > > There is also some trickery about redefining software as an item, > rather than as data; one effect of which is to put software which is > the result of fundamental research into the control regime. > > Of course, as "fundamental research" only means research done in the > US by US centers of learning, or US Government funded .. > > I get confused, but it would seem to me that eg if there is a crypto > conference in the US with published proceedings, the publishers would > need export permission for the work of foreign authors, but not the > work of most US authors. > > > > > > [000] "Public domain" here is not the same thing as "public domain" in > copyright law. The use the same words, but they are defined > completely differently. > > [17] To get pernickity: data which has been made publicly available, > including by widespread posting, would be exempt. > > However, data which hadn't been made available with proper > authorisation would not be exempt. This would apply to data which is > now in the public domain too. > > If you saw some posted data or data in a book, and you didn't actually > know that it hadn't been released with proper authorisation, you > couldn't be prosecuted for reposting it, or selling the books it was > in. Though you could be prevented from doing it again, if someone told > you its initial release has not been authorised. > > > [23] the relevant bits: > > > § 120.11 Public domain. > > (a) Except as set forth in paragraph (b) of this section, unclassified > information and software are in the public domain, and are thus > not technical data or software subject to the ITAR, when they have > been made available to the public without restrictions upon their > further dissemination such as through any of the following: > > (1) Subscriptions available without restriction to any individual who > desires to obtain or purchase the published information; > > (2) Libraries or other public collections that are open and available > to the public, and from which the public can obtain tangible or > intangible documents; > > (3) Unlimited distribution at a conference, meeting, seminar, trade > show, or exhibition, generally accessible to the interested > public; > > (4) Public dissemination (i.e., unlimited distribution) in any form > (e.g.,not necessarily in published form), including posting on the > Internet on sites available to the public; or > > (5) Submission of a written composition, manuscript or presentation to > domestic or foreign co-authors, editors, or reviewers of journals, > magazines, newspapers or trade publications, or to organizers of > open conferences or other open gatherings, with the intention that > the compositions, manuscripts, or publications will be made > publicly available if accepted for publication or presentation. > > > (b) Technical data or software,whether or not developed with > government funding, is not in the public domain if it has been > made available to the public without authorization from: > > (1) The Directorate of Defense Trade Controls; > > (2) The Department of Defense’s Office of Security Review; > > (3) The relevant U.S. government contracting entity with authority to > allow the technical data or software to be made available to the > public; or > > (4) Another U.S. government official with authority to allow the > technical data or software to be made available to the public. > > > > § 127.1 Violations. [...] > (6) To export, reexport, retransfer, or otherwise make available to > the public technical data or software if such person has knowledge > that the technical data or software was made publicly available > without an authorization described in § 120.11(b) of this > subchapter. > > > > > > ps: there is yet another ITAR change on the way about exploits and > technical data concerning security and hacking tools. see eg; > http://www.theregister.co.uk/2015/06/06/whats_up_with_wassenaar/ > > -- Peter Fairbrother > > _______________________________________________ > The cryptography mailing list cryptography at metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography -- Alfie John alfiej at fastmail.fm From list at sysfu.com Wed Jun 10 13:50:22 2015 From: list at sysfu.com (Seth) Date: Wed, 10 Jun 2015 13:50:22 -0700 Subject: Best practice for safe viewing of PDFs posted to list Message-ID: Links to PDFs are not uncommon on this list but I never feel good about opening them up. Is the advice in this 2010 article still relevant? [1] ...How can you protect yourself from their inherent vulnerabilities? Hypponen suggests you completely avoid opening PDFs on your local machine, instead viewing them through Google Docs. If you're using Chrome, Firefox, or Opera, you can install the gPDF plug-in to automate the process for web-based PDFs. For your local files, he suggests you "use a PDF reader that's as unpopular as possible. The fewer users a product has, the less attacks it will attract."... I usually use an open source reader like muPDF on SumatraPDF in a VM, but it's a hassle. Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs. [1] http://www.pcmag.com/article2/0,2817,2362356,00.asp From chgans at gna.org Tue Jun 9 20:47:20 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 10 Jun 2015 15:47:20 +1200 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: <20150610024144.GJ27932@nl.grid.coop> References: <20150610024144.GJ27932@nl.grid.coop> Message-ID: <5577B348.5080301@gna.org> On 10/06/15 14:41, Troy Benjegerdes wrote: > OOOhhhhhHHH nice. > > One of these days someone's going to figure out the encoding method > and private keys of all those keystrokes in various blockchains > that were broadcast by GPU-mining malware. > > > Now if I take my paranoia hat off and put on my 'scam the investors' > hat, I'd say the only thing the DMCA will be used for is to provide > plausible deniability that Intel just hired some AMD/Nvidia engineers > and they keep using the same code they've been writing since the SGI > days and just slap an Intel copyright on the output. > > Besides, if you wanted to hid malware on an intel chip, you could > easily hide it here, no GPU needed. > https://software.intel.com/sites/default/files/xeon-processor-7.png > > There are probably at least 3 debug interfaces in the chip for which > the only good documentation exists in the Mossad, NSA, and Chinese > intelligence offices. See this as well, no need to be Mossad, NSA, ... https://www.shodan.io/search?query=HTTP%2F1.1+Active+Management+Technology https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits Krys > > On Tue, Jun 09, 2015 at 01:01:44AM -0400, grarpamp wrote: >> ---------- Forwarded message ---------- >> From: Henry Baker >> Date: Mon, Jun 8, 2015 at 6:24 PM >> Subject: [Cryptography] Did Intel just execute its warrant canary ? >> To: cryptography at metzdowd.com >> >> >> FYI -- I conjecture that the second GPU story following less than one >> month after the first GPU story is not just coincidence, but one of >> the requirements of a secret National Security Letter to Intel. >> >> The first story shows how GPU's can house malware, while the second >> story explains that Intel won't be sharing its GPU code where such >> malware will be housed. >> >> "no reverse engineering, decompilation, or disassembly of this >> software is permitted" >> >> As feared, the DMCA will be used against those who attempt to look for >> this malware in Intel GPU's. >> >> https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act >> -------- >> http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/ >> >> GPU-based rootkit and keylogger offer superior stealth and computing power >> >> Proof-of-concept malware may pave the way for future in-the-wild attacks. >> >> by Dan Goodin - May 7, 2015 3:43 pm UTC >> >> Developers have published two pieces of malware that take the highly >> unusual step of completely running on an infected computer's graphics >> card, rather than its CPU, to enhance their stealthiness and give them >> increased computational abilities. >> >> Both the Jellyfish rootkit and the Demon keylogger are described as >> proofs-of-concept by their pseudo-anonymous developers, whom Ars was >> unable to contact. Tapping an infected computer's GPU allows malware >> to run without the usual software hooks or modifications malware makes >> in the operating system kernel. Those modifications can be dead >> giveaways that a system is infected. >> >> https://github.com/x0r1/jellyfish >> >> https://github.com/x0r1/Demon >> >> Here's how the developers describe their rootkit: >> >> Jellyfish is a Linux based userland gpu rootkit proof of concept >> project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as >> the OpenCL API developed by Khronos group (GPU). Code currently >> supports AMD and NVIDIA graphics cards. However, the AMDAPPSDK does >> support Intel as well. >> >> Advantages of gpu stored memory: >> >> * No gpu malware analysis tools available on web >> * Can snoop on cpu host memory via DMA >> * Gpu can be used for fast/swift mathematical calculations like >> xor'ing or parsing >> * Stubs >> * Malicious memory is still inside gpu after shutdown >> >> Requirements for use: >> >> * Have OpenCL drivers/icds installed >> * Nvidia or AMD graphics card (intel supports amd's sdk) >> * Change line 103 in rootkit/kit.c to server ip you want to monitor >> gpu client from >> >> Stay tuned for more features: >> >> * client listener; let buffers stay stored in gpu until you send magic >> packet from server >> >> Disclaimer: >> >> Educational purposes only; authors of this project/demonstration are >> in no way, shape or form responsible for what you may use this for >> whether illegal or not. >> >> They provide no technical details about Demon keylogger other than to >> say it's a proof-of-concept that implements the malware described in >> this 2013 academic research paper titled You Can Type, but You Can’t >> Hide: A Stealthy GPU-based Keylogger. The Demon creators stress that >> they aren't associated with the researchers. >> >> http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf >> >> "The key idea behind our approach is to monitor the system’s keyboard >> buffer directly from the GPU via DMA [direct memory access], without >> any hooks or modifications in the kernel's code and data structures >> besides the page table," the researchers behind the 2013 paper wrote. >> "The evaluation of our prototype implementation shows that a GPU-based >> keylogger can effectively record all user keystrokes, store them in >> the memory space of the GPU, and even analyze the recorded data >> in-place, with negligible runtime overhead." >> >> Aside from malware that taps GPUs to mint Bitcoin and other crypto >> currencies, Ars isn't aware of malicious software actively circulating >> in the wild that makes use of infected computers' graphics processors. >> And even then, most or all of those titles run mainly on the CPU and >> offload only the computationally intensive workloads to the GPU. In >> March, researchers from Kaspersky Lab documented highly sophisticated >> malware in the wild that infected firmware that runs 12 different >> models of hard drives. The group that created the malware had flown >> under the radar for 14 years. >> >> In its current form Jellyfish is likely to remain a highly niche >> undertaking, since it requires a dedicated GPU. Since many computers >> don't contain stand-alone graphics cards, such malware might greatly >> limit the machines that could be infected. Still, the approach may >> make sense in certain situations, say for attackers targeting gamers >> or video enthusiasts, or espionage campaigns where stealth is crucial. >> And as readers have pointed out in comments below, it's feasible >> malware could be developed that runs on graphics processors integrated >> into CPUs. >> >> Post updated to recast the last paragraph to account for integrated >> graphics processors, and to add details in the second-to-last >> paragraph about malware infecting hard-drive firmware. >> ---------------- >> https://www.phoronix.com/scan.php?page=news_item&px=Intel-SKL-BXT-Firmware-Blobs >> >> Intel Skylake & Broxton To Require Graphics Firmware Blobs >> >> Published on 05 June 2015 06:20 PM EDT >> >> Written by Michael Larabel in Intel >> >> Intel's upcoming Skylake and Broxton hardware will require some >> binary-only firmware blobs by the i915 DRM kernel graphics driver. >> >> Rodrigo Vivi of Intel's Open-Source Technology Center sent in the pull >> request for landing these binary files into the linux-firmware >> repository. Up to now there's been no i915 blobs within the >> linux-firmware tree. >> >> These first i915 DRM firmware blobs are for Skylake and Broxton for >> the GuC and DMC. DMC in this context is the Display Microcontroller, >> which is present in Skylake (Gen9) and newer and used within the >> display engine to save and restore its state when entering into >> low-power states and then resuming. The DMC is basically >> saving/restoring display registers across low-power states separate of >> the kernel. >> >> The GuC engine on Skylake is responsible for workload scheduling on >> the parallel graphics engines. Intel explained on 01.org, "GuC is >> designed to perform graphics workload scheduling on the various >> graphics parallel engines. In this scheduling model, host software >> submits work through one of the 256 graphics doorbells and this >> invokes the scheduling operation on the appropriate graphics engine. >> Scheduling operations include determining which workload to run next, >> submitting a workload to a command streamer, pre-empting existing >> workloads running on an engine, monitoring progress and notifying host >> SW when work is done." This page also seems to indicate that these >> firmware blobs are required by the DRM driver rather than being an >> optional add-on. >> >> The license of these firmware blobs also indicate that redistribution >> is only allowed in binary form without modification. Beyond that, "no >> reverse engineering, decompilation, or disassembly of this software is >> permitted." >> >> These new firmware blobs will certainly have some open-source >> enthusiasts less excited now about Skylake, Broadwell's successor >> beginning to ship later this year, and Broxton meanwhile is the new >> Atom SoC built using the Goldmont architecture and will feature >> Skylake graphics. If there's any good news out of the situation, at >> least Intel is shipping these firmware files early rather than NVIDIA >> that with their months-old hardware still hasn't released their GTX >> 900 Maxwell firmware files needed by the Nouveau driver to provide >> open-source hardware acceleration. AMD also tends to be timely with >> the releasing of their necessary binary-only GPU firmware files for >> the open-source Linux driver. >> >> >> _______________________________________________ >> The cryptography mailing list >> cryptography at metzdowd.com >> http://www.metzdowd.com/mailman/listinfo/cryptography >> > From chgans at gna.org Tue Jun 9 21:03:09 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 10 Jun 2015 16:03:09 +1200 Subject: Fwd: [Cryptography] Did Intel just execute its warrant canary ? In-Reply-To: <5577B348.5080301@gna.org> References: <20150610024144.GJ27932@nl.grid.coop> <5577B348.5080301@gna.org> Message-ID: <5577B6FD.4040105@gna.org> On 10/06/15 15:47, Christian Gagneraud wrote: > On 10/06/15 14:41, Troy Benjegerdes wrote: >> OOOhhhhhHHH nice. >> >> One of these days someone's going to figure out the encoding method >> and private keys of all those keystrokes in various blockchains >> that were broadcast by GPU-mining malware. >> >> >> Now if I take my paranoia hat off and put on my 'scam the investors' >> hat, I'd say the only thing the DMCA will be used for is to provide >> plausible deniability that Intel just hired some AMD/Nvidia engineers >> and they keep using the same code they've been writing since the SGI >> days and just slap an Intel copyright on the output. >> >> Besides, if you wanted to hid malware on an intel chip, you could >> easily hide it here, no GPU needed. >> https://software.intel.com/sites/default/files/xeon-processor-7.png >> >> There are probably at least 3 debug interfaces in the chip for which >> the only good documentation exists in the Mossad, NSA, and Chinese >> intelligence offices. > > See this as well, no need to be Mossad, NSA, ... > https://www.shodan.io/search?query=HTTP%2F1.1+Active+Management+Technology > https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Known_vulnerabilities_and_exploits BTW, every single CPU on this planet has a JTAG[1] port (or equivalent), so with physical access to the hardware you can install persistent backdoor on virtually any CPU/GPU/MCU/RAM/ROM/FPGA/CPLD/DSP/..., and yes the NSA did it: https://blog.pjhoodsco.org/nsa-device-godsurge/ Krys [1] https://en.wikipedia.org/wiki/Joint_Test_Action_Group > > > Krys > >> >> On Tue, Jun 09, 2015 at 01:01:44AM -0400, grarpamp wrote: >>> ---------- Forwarded message ---------- >>> From: Henry Baker >>> Date: Mon, Jun 8, 2015 at 6:24 PM >>> Subject: [Cryptography] Did Intel just execute its warrant canary ? >>> To: cryptography at metzdowd.com >>> >>> >>> FYI -- I conjecture that the second GPU story following less than one >>> month after the first GPU story is not just coincidence, but one of >>> the requirements of a secret National Security Letter to Intel. >>> >>> The first story shows how GPU's can house malware, while the second >>> story explains that Intel won't be sharing its GPU code where such >>> malware will be housed. >>> >>> "no reverse engineering, decompilation, or disassembly of this >>> software is permitted" >>> >>> As feared, the DMCA will be used against those who attempt to look for >>> this malware in Intel GPU's. >>> >>> https://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act >>> -------- >>> http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/ >>> >>> >>> GPU-based rootkit and keylogger offer superior stealth and computing >>> power >>> >>> Proof-of-concept malware may pave the way for future in-the-wild >>> attacks. >>> >>> by Dan Goodin - May 7, 2015 3:43 pm UTC >>> >>> Developers have published two pieces of malware that take the highly >>> unusual step of completely running on an infected computer's graphics >>> card, rather than its CPU, to enhance their stealthiness and give them >>> increased computational abilities. >>> >>> Both the Jellyfish rootkit and the Demon keylogger are described as >>> proofs-of-concept by their pseudo-anonymous developers, whom Ars was >>> unable to contact. Tapping an infected computer's GPU allows malware >>> to run without the usual software hooks or modifications malware makes >>> in the operating system kernel. Those modifications can be dead >>> giveaways that a system is infected. >>> >>> https://github.com/x0r1/jellyfish >>> >>> https://github.com/x0r1/Demon >>> >>> Here's how the developers describe their rootkit: >>> >>> Jellyfish is a Linux based userland gpu rootkit proof of concept >>> project utilizing the LD_PRELOAD technique from Jynx (CPU), as well as >>> the OpenCL API developed by Khronos group (GPU). Code currently >>> supports AMD and NVIDIA graphics cards. However, the AMDAPPSDK does >>> support Intel as well. >>> >>> Advantages of gpu stored memory: >>> >>> * No gpu malware analysis tools available on web >>> * Can snoop on cpu host memory via DMA >>> * Gpu can be used for fast/swift mathematical calculations like >>> xor'ing or parsing >>> * Stubs >>> * Malicious memory is still inside gpu after shutdown >>> >>> Requirements for use: >>> >>> * Have OpenCL drivers/icds installed >>> * Nvidia or AMD graphics card (intel supports amd's sdk) >>> * Change line 103 in rootkit/kit.c to server ip you want to monitor >>> gpu client from >>> >>> Stay tuned for more features: >>> >>> * client listener; let buffers stay stored in gpu until you send magic >>> packet from server >>> >>> Disclaimer: >>> >>> Educational purposes only; authors of this project/demonstration are >>> in no way, shape or form responsible for what you may use this for >>> whether illegal or not. >>> >>> They provide no technical details about Demon keylogger other than to >>> say it's a proof-of-concept that implements the malware described in >>> this 2013 academic research paper titled You Can Type, but You Can’t >>> Hide: A Stealthy GPU-based Keylogger. The Demon creators stress that >>> they aren't associated with the researchers. >>> >>> http://www.cs.columbia.edu/~mikepo/papers/gpukeylogger.eurosec13.pdf >>> >>> "The key idea behind our approach is to monitor the system’s keyboard >>> buffer directly from the GPU via DMA [direct memory access], without >>> any hooks or modifications in the kernel's code and data structures >>> besides the page table," the researchers behind the 2013 paper wrote. >>> "The evaluation of our prototype implementation shows that a GPU-based >>> keylogger can effectively record all user keystrokes, store them in >>> the memory space of the GPU, and even analyze the recorded data >>> in-place, with negligible runtime overhead." >>> >>> Aside from malware that taps GPUs to mint Bitcoin and other crypto >>> currencies, Ars isn't aware of malicious software actively circulating >>> in the wild that makes use of infected computers' graphics processors. >>> And even then, most or all of those titles run mainly on the CPU and >>> offload only the computationally intensive workloads to the GPU. In >>> March, researchers from Kaspersky Lab documented highly sophisticated >>> malware in the wild that infected firmware that runs 12 different >>> models of hard drives. The group that created the malware had flown >>> under the radar for 14 years. >>> >>> In its current form Jellyfish is likely to remain a highly niche >>> undertaking, since it requires a dedicated GPU. Since many computers >>> don't contain stand-alone graphics cards, such malware might greatly >>> limit the machines that could be infected. Still, the approach may >>> make sense in certain situations, say for attackers targeting gamers >>> or video enthusiasts, or espionage campaigns where stealth is crucial. >>> And as readers have pointed out in comments below, it's feasible >>> malware could be developed that runs on graphics processors integrated >>> into CPUs. >>> >>> Post updated to recast the last paragraph to account for integrated >>> graphics processors, and to add details in the second-to-last >>> paragraph about malware infecting hard-drive firmware. >>> ---------------- >>> https://www.phoronix.com/scan.php?page=news_item&px=Intel-SKL-BXT-Firmware-Blobs >>> >>> >>> Intel Skylake & Broxton To Require Graphics Firmware Blobs >>> >>> Published on 05 June 2015 06:20 PM EDT >>> >>> Written by Michael Larabel in Intel >>> >>> Intel's upcoming Skylake and Broxton hardware will require some >>> binary-only firmware blobs by the i915 DRM kernel graphics driver. >>> >>> Rodrigo Vivi of Intel's Open-Source Technology Center sent in the pull >>> request for landing these binary files into the linux-firmware >>> repository. Up to now there's been no i915 blobs within the >>> linux-firmware tree. >>> >>> These first i915 DRM firmware blobs are for Skylake and Broxton for >>> the GuC and DMC. DMC in this context is the Display Microcontroller, >>> which is present in Skylake (Gen9) and newer and used within the >>> display engine to save and restore its state when entering into >>> low-power states and then resuming. The DMC is basically >>> saving/restoring display registers across low-power states separate of >>> the kernel. >>> >>> The GuC engine on Skylake is responsible for workload scheduling on >>> the parallel graphics engines. Intel explained on 01.org, "GuC is >>> designed to perform graphics workload scheduling on the various >>> graphics parallel engines. In this scheduling model, host software >>> submits work through one of the 256 graphics doorbells and this >>> invokes the scheduling operation on the appropriate graphics engine. >>> Scheduling operations include determining which workload to run next, >>> submitting a workload to a command streamer, pre-empting existing >>> workloads running on an engine, monitoring progress and notifying host >>> SW when work is done." This page also seems to indicate that these >>> firmware blobs are required by the DRM driver rather than being an >>> optional add-on. >>> >>> The license of these firmware blobs also indicate that redistribution >>> is only allowed in binary form without modification. Beyond that, "no >>> reverse engineering, decompilation, or disassembly of this software is >>> permitted." >>> >>> These new firmware blobs will certainly have some open-source >>> enthusiasts less excited now about Skylake, Broadwell's successor >>> beginning to ship later this year, and Broxton meanwhile is the new >>> Atom SoC built using the Goldmont architecture and will feature >>> Skylake graphics. If there's any good news out of the situation, at >>> least Intel is shipping these firmware files early rather than NVIDIA >>> that with their months-old hardware still hasn't released their GTX >>> 900 Maxwell firmware files needed by the Nouveau driver to provide >>> open-source hardware acceleration. AMD also tends to be timely with >>> the releasing of their necessary binary-only GPU firmware files for >>> the open-source Linux driver. >>> >>> >>> _______________________________________________ >>> The cryptography mailing list >>> cryptography at metzdowd.com >>> http://www.metzdowd.com/mailman/listinfo/cryptography >>> >> > From admin at pilobilus.net Wed Jun 10 14:44:29 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 10 Jun 2015 17:44:29 -0400 Subject: Best practice for safe viewing of PDFs posted to list In-Reply-To: References: Message-ID: <5578AFBD.70809@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/10/2015 04:50 PM, Seth wrote: > Links to PDFs are not uncommon on this list but I never feel > good about opening them up. [ ... ] > I usually use an open source reader like muPDF on SumatraPDF in > a VM, but it's a hassle. > > Curious if the advice given above is still relevant and also > what other on the list recommend for safe viewing of PDFs. > > [1] http://www.pcmag.com/article2/0,2817,2362356,00.asp I think that using a reader like Evince inside a VM should be very safe, relatively speaking. Needless to say, if paranoia is an issue don't let a PDF file you didn't make yourself touch any installed Microsoft OS (except inside a VM used for no other purpose and "rolled back" to an earlier snapshot after every use) or any "smart phone." If you want a really unpopular PDF reader, try the GIMP: It can import PDF files as rendered images, one layer per page. It can't execute active content. Anybody who anticipates this security measure, and devises a way to make a PDF file climb out of the GIMP and take over the machine, arguably deserves to succeed. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVeK+5AAoJEDZ0Gg87KR0LBHEQAIRqeMYyIysEMARM3+76L198 lLs9CDN2vTJAtXp/x6cb6xKWswppYpN8WqV/FWWRvUA1Las6HuBpyf0ULiY/piC6 5z3CF1KzKlNI2sRX93bvNQZJ0alKOshwRBjCRb5mEue7hCHmyosTu0ppxY37Q/go oaKnWaevihOh5jv1W2Rc7IOElXw6seQwp6nEQDEce8GlN7i+h+g2UbID5HKW02/c xxSIdSPZhExwaz/RaICGT6g9mCuz3AT8xg+gdbzW8lVlrpaqEQuY07OGITIXYxoz vycfyZOYjudWv72njz7qpoYXoTdfte8Iwde8s4GN77JttzdXEySrzd/cXUxR08aD +0+JnNCjTxM191C4gZW0OKdPleqUBwZOMUJpTrTpbP/JPYW3JqOSzG9BZmMh9ClG LP97WEootEiP/ZsB+H9uOaXC6NZTnVfj9MV2ovr9vsUhNOuNKSHH6usJqaUGS2l6 ccM5ZXU/yHECCfwFWzcsOCIT1EAPlfEpzB74hZ3ja5RlRa9jmmelEUpbmS16PKNy wsqVsoN67uIsVGfTskIEWiWfRj8lORBLKY2hre16cvZ8nGH2+p6Mm3y/ImKSFJAg 883ScaQMNW2KBwCEV2NJ5zjMgo5/VBKo1sZ/R15ppKXTR3QgnlHRdnGzavOhb1Tr IBmOZqBJ1QUHWLOA4koI =+zTe -----END PGP SIGNATURE----- From rsw at jfet.org Wed Jun 10 15:01:39 2015 From: rsw at jfet.org (Riad S. Wahby) Date: Wed, 10 Jun 2015 18:01:39 -0400 Subject: Best practice for safe viewing of PDFs posted to list In-Reply-To: References: Message-ID: <20150610220139.GA12014@antiproton.jfet.org> Seth wrote: > Curious if the advice given above is still relevant and also what other on > the list recommend for safe viewing of PDFs. If your web browsing habits don't include NoScript, then you're likely no worse off using pdf.js to view PDFs than you are browsing arbitrary websites. After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild; and since pdf.js is bundled with modern versions of Firefox, you might be inclined to think that it's likely non-malicious even if it's exploitable by rogue PDFs. But that's no worse than some JS malware you were fed via DNS poisoning or CDN hijacking. (This can be seen either as an implicit endorsement of pdf.js or of NoScript.) -=rsw From hozer at hozed.org Wed Jun 10 18:41:17 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Wed, 10 Jun 2015 20:41:17 -0500 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150610165103.GM27932@nl.grid.coop> Message-ID: <20150611014117.GR27932@nl.grid.coop> Some of my thoughts: > Tracking cash currency is certainly interesting from many standpoints... > actually doing it seems outrageous. Leaking this data intentionally is > extremely outrageous - no matter the target's value the laundering can not > warrant the backlash. As a politically minded shake-up-leak, this one is > the most daring so far, and would most likely be the most effective at > dismantling the espionage engine. It almost seems too good (and in a way > terrifying*) to be true... I have some idea the truth will be both far from what we think it is, and, depending on who you are, far more terrifying. Let's imagine your an espionage guy, and you have clear evidence of something the world needs to know. Like say that those high-frequency trading 'bugs' were actually backdoor cash payments/bribes, which is my favorite conspiracy theory. Now you have a clear indication that the guys you know are making bribes are off bribing the right people to make a political shitstorm that will dismantle the most beautiful technological achievement you've ever seen or heard of in history to root out bad guys and corruption. Okay, granted, maybe I'm giving too much credit for idealism. But what the hell else are we here if not a bunch of idealists? Besides, I think the above is just as plausible as a global currency-tracking sigint engine that's not a blockchain. > Is dear Wilfred pulling our legs? How would we know at this point? By getting some archives of the data, and studying it. > * I'd actually really like to know where I've been in the past, and I > know *they > *know but won't tell me. And the amount of exceedingly valuable scientific > (census) data one could parse from such a database.... Still, we'd move > rather suddently from panopticon to omniopticon (a term I thought of to > describe "everyone watches everything" instead of "they watch everything". > I know it's not a flawless name but it works). Hell, if I could tape a few dollar bills to my planter and get free 1-inch location tracking, this would substantially increase agricultural productivity world-wide, as well as tracking & logistics. Why bother with package tracking when you just tape a dollar on the outside? We've already got an opticon, let's make the best of it and have it be an omniopticon, and figure out how the hell to live with it. > ** I realize there's no way we're going to store or transfer this much data > - but there should be something that can be done to preserve this dataset! The physics community built a global network to handle data coming from CERN. The network and the computers are all there. The hard part will be convincing physicists that discovering the true nature of money & surveillance is more imporant than the true nature of the higgs boson, at least for a few weeks. http://wlcg.web.cern.ch/ What's the data rate of this sigint thing? Does it exceed 30 Gigabytes/sec? What are the chances we could just pick it up with a decent software defined radio? Or is someone just baiting us to do some free work for their next dystopian summer blockbuster movie? -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From alfiej at fastmail.fm Wed Jun 10 03:53:58 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 10 Jun 2015 20:53:58 +1000 Subject: [Cryptography] Proposed US ITAR changes would require prepublication approval for most crypto research In-Reply-To: References: Message-ID: <1433933638.320564.291717841.2695A4F3@webmail.messagingengine.com> Thanks for the comments Adrian. What concerns me is that from what I've seen, it only talks about Australian academics publishing novel ideas. What is completely missing is how these ammendments may affect Australian open source developers, who are also non-academics, working on cryptosystems. If they publish a novel cipher on GitHub without getting approval by DECO, is that a GOTO Jail card? Alfie On Wed, Jun 10, 2015, at 04:15 PM, Adrian McCullagh wrote: > Dear All, > > > I with 4 colleagues of mine (3 at the Queensland University of > Technology (Cryptographers all)and one from the University of > Queensland (Legal E-commerce researcher) have been working on a paper > dealing with the Australian Defence Trade Control Act which > corresponds to the proposed US ITAR changes. > > > Without giving everything away on our forthcoming paper, it appears to > me that if this type of regulation had been in place in Germany in > 1938, then it is highly likely that Einstein would never have read the > Hahn - Strassmann paper dealing with splitting a uranium atom. That > paper written in 1938 (December I believe) was read by Einstein in > March 1939 and it directly lead to Einstein sending a letter to > Roosevelt, which in turn resulted in 1942 to the establishment of the > Manhattan project. Now if NAZI Germany had restricted that > publication NAZI Germany could have developed the bomb itself which > could have completely altered the outcome. > > > Basically, if regimes like the ITAR rules are expanded then it works > both ways and there could be a stifling of publication research due to > bureaucratic mishandling. Though it could assist in the spy business > as in the cold war. > > > > > > > Dr. Adrian McCullagh Ph.D. LL.B.(Hons) B. App. Sc. (Computing) ODMOB > Lawyers Mobile 0401 646 486 Skype. Admac57 > E: ajmccullagh57 at gmail.com > E: amccullagh at live.com The contents of this email are confidential > between the sender and the intended recipient. If you are not the > intended recipient then no rights are granted to you because of > this error and as such you are requested to promptly inform the > sender of the error and to promptly destroy all copies of the email > in your power, possession or control. The sender reserves all > rights concerning this email and its contents including any > privilege, copyright and confidentiality associated with this > email. Even though an email signature block has been appended to > this email, and notwithstanding the Electronic Transactions Act > (Qld) or the Electronic Transactions Act (Cth), the signature block > does not exhibit the senders intention to be bound by an offer > previously sent by the intended recipient, unless the email in its > body specifically indicated that the sender hereby accepts such an > offer previously sent by the intended recipient. > > > > > > From: Alfie John Sent: ‎Wednesday‎, ‎10‎ ‎June‎ ‎2015 ‎1‎:‎54‎ ‎PM To: > Cryptography Mailing List, cypherpunks at cpunks.org > > > > > > Snap, from Australia: > > http://www.smh.com.au/it-pro/security-it/dangerous-minds-are-maths-teachers-australias-newest-threat-20150608-ghira9.html > > "Australian academics who teach mathematics may need to run new > ideas by the Department of Defence before sharing them or risk > imprisonment. > > Some academics are set to become much more familiar with the > department's Defence Export Control Office (DECO), a unit that > enforces the Defence Trade Control Act 2012, Australia's end of a > 2007 pact with the US and UK over defence trade. > > Until recently, DECO only regulated physically exported weapons > and so-called "dual use" items such as encryption, computing > hardware and biological matter. > > However in March the act was updated to include "intangible > supply", which is intended to prohibit the transfer of knowledge > from Australia that could be used to produce weapons." > > Alfie > > On Tue, Jun 9, 2015, at 05:36 PM, pete wrote: > > Proposed US ITAR changes. New regs, for comment, not yet in law or > > in force. > > > > http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762 > > > > www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf > > > > > > Actually, it says, for the first time explicitly, that publishing > > widely on the internet would be enough to put data into the public > > domain > > [000]. Sounds good? > > > > However, there is a great big kicker: posting ITAR technical data > > for the first time would be an export, and you wouldn't be allowed > > to do it without prior authorization [17]. > > > > Reposting already-posted technical data is also making it available, > > and you wouldn't be allowed to do that unless the initial posting > > was authorised. > > > > Neither would you be allowed to sell a book or magazine or > > periodical, even within the US, unless it had been made available > > with an authorisation [23]. > > > > Phil Zimmerman's trick, publishing the source to PGP in printed form > > to put it in the public domain, would no longer work. > > > > > > > > > > > > There is also some trickery about redefining software as an item, > > rather than as data; one effect of which is to put software which is > > the result of fundamental research into the control regime. > > > > Of course, as "fundamental research" only means research done in the > > US by US centers of learning, or US Government funded .. > > > > I get confused, but it would seem to me that eg if there is a crypto > > conference in the US with published proceedings, the publishers > > would need export permission for the work of foreign authors, but > > not the work of most US authors. > > > > > > > > > > > > [000] "Public domain" here is not the same thing as "public domain" > > in copyright law. The use the same words, but they are defined > > completely differently. > > > > [17] To get pernickity: data which has been made publicly > > available, including by widespread posting, would be exempt. > > > > However, data which hadn't been made available with proper > > authorisation would not be exempt. This would apply to data which is > > now in the public domain too. > > > > If you saw some posted data or data in a book, and you didn't > > actually know that it hadn't been released with proper > > authorisation, you couldn't be prosecuted for reposting it, or > > selling the books it was in. Though you could be prevented from > > doing it again, if someone told you its initial release has not been > > authorised. > > > > > > [23] the relevant bits: > > > > > > § 120.11 Public domain. > > > > (a) Except as set forth in paragraph (b) of this section, > > unclassified information and software are in the public domain, > > and are thus not technical data or software subject to the ITAR, > > when they have been made available to the public without > > restrictions upon their further dissemination such as through > > any of the following: > > > > (1) Subscriptions available without restriction to any individual > > who desires to obtain or purchase the published information; > > > > (2) Libraries or other public collections that are open and > > available to the public, and from which the public can obtain > > tangible or intangible documents; > > > > (3) Unlimited distribution at a conference, meeting, seminar, trade > > show, or exhibition, generally accessible to the interested > > public; > > > > (4) Public dissemination (i.e., unlimited distribution) in any form > > (e.g.,not necessarily in published form), including posting on > > the Internet on sites available to the public; or > > > > (5) Submission of a written composition, manuscript or presentation > > to domestic or foreign co-authors, editors, or reviewers of > > journals, magazines, newspapers or trade publications, or to > > organizers of open conferences or other open gatherings, with > > the intention that the compositions, manuscripts, or > > publications will be made publicly available if accepted for > > publication or presentation. > > > > > > (b) Technical data or software,whether or not developed with > > government funding, is not in the public domain if it has been > > made available to the public without authorization from: > > > > (1) The Directorate of Defense Trade Controls; > > > > (2) The Department of Defense’s Office of Security Review; > > > > (3) The relevant U.S. government contracting entity with authority > > to allow the technical data or software to be made available to > > the public; or > > > > (4) Another U.S. government official with authority to allow the > > technical data or software to be made available to the public. > > > > > > > > § 127.1 Violations. [...] > > (6) To export, reexport, retransfer, or otherwise make available to > > the public technical data or software if such person has > > knowledge that the technical data or software was made publicly > > available without an authorization described in § 120.11(b) of > > this subchapter. > > > > > > > > > > > > ps: there is yet another ITAR change on the way about exploits and > > technical data concerning security and hacking tools. see eg; > > http://www.theregister.co.uk/2015/06/06/whats_up_with_wassenaar/ > > > > -- Peter Fairbrother > > > > _______________________________________________ > > The cryptography mailing list cryptography at metzdowd.com > > http://www.metzdowd.com/mailman/listinfo/cryptography > > > -- > Alfie John alfiej at fastmail.fm > _______________________________________________ > The cryptography mailing list cryptography at metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography -- Alfie John alfiej at fastmail.fm From l at odewijk.nl Wed Jun 10 12:31:19 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 11 Jun 2015 04:31:19 +0900 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: <20150610165103.GM27932@nl.grid.coop> References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150610165103.GM27932@nl.grid.coop> Message-ID: Just to check if I'm getting this correctly: There's an immense amount of sigint data that's (being) leaked into public infrastructure - and wilfred at vt.edu is telling us about it? Can we access this data **? How is Wilfred knowing of this, and allowed to speak of it? Why not speak of the onloader's identity? Tracking cash currency is certainly interesting from many standpoints... actually doing it seems outrageous. Leaking this data intentionally is extremely outrageous - no matter the target's value the laundering can not warrant the backlash. As a politically minded shake-up-leak, this one is the most daring so far, and would most likely be the most effective at dismantling the espionage engine. It almost seems too good (and in a way terrifying*) to be true... Is dear Wilfred pulling our legs? How would we know at this point? Assuming truth.. please validate known NSA locations and other US-secret areas. If the dataset is manipulated at all - and one would assume that it is - it should exclude sensitive persons first. Sensitive persons should hang out near sensitive person areas - if the sensitive person area's are less full than they should be.... Think Obama sitting in the white house and going home, think the first family, think area 51, think coins not being attached to people properly. Note that notable persons may be falsified, so ideally one would find an atypically understaffed military base or something of the like. Perhaps an agent/secret-base that was exposed? All those that entered an Internet-tap-room in a datacenter? Military ships' crewmen? If such data-gaps are found/indicated, compare it to other nations and you'll know which who's data you're receiving (although everyone understands it'd probably be the USGOV/NSA). Wilfred, are you publishing this to prevent the data just disappearing? * I'd actually really like to know where I've been in the past, and I know *they *know but won't tell me. And the amount of exceedingly valuable scientific (census) data one could parse from such a database.... Still, we'd move rather suddently from panopticon to omniopticon (a term I thought of to describe "everyone watches everything" instead of "they watch everything". I know it's not a flawless name but it works). ** I realize there's no way we're going to store or transfer this much data - but there should be something that can be done to preserve this dataset! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2971 bytes Desc: not available URL: From peter at m-o-o-t.org Wed Jun 10 21:42:41 2015 From: peter at m-o-o-t.org (Peter Fairbrother) Date: Thu, 11 Jun 2015 05:42:41 +0100 Subject: [Cryptography] Proposed US ITAR changes would require prepublication approval for most crypto research In-Reply-To: References: Message-ID: <557911C1.7090302@m-o-o-t.org> On 10/06/15 07:36, Adrian McCullagh wrote: > Dear All, > > I with 4 colleagues of mine (3 at the Queensland University of > Technology (Cryptographers all)and one from the University of > Queensland (Legal E-commerce researcher) have been working on a paper > dealing with the Australian Defence Trade Control Act which corresponds > to the proposed US ITAR changes. Sounds interesting, They are basically trying to reintroduce the "born secret" principle, which in US law exists only in an unchallenged part of the Atomic Energy Act; though that concept has not been tested against First Amendment rights as the only previous case of note (United States v. The Progressive, 1979) was dropped by the Government before it reached the Supreme Court. But it's "born again secret" as well as "born secret, again" - it applies to all previous technical data, whether widely disseminated or not. -- Peter Fairbrother > > Without giving everything away on our forthcoming paper, it appears to > me that if this type of regulation had been in place in Germany in 1938, > then it is highly likely that Einstein would never have read the Hahn - > Strassmann paper dealing with splitting a uranium atom. That paper > written in 1938 (December I believe) was read by Einstein in March 1939 > and it directly lead to Einstein sending a letter to Roosevelt, which in > turn resulted in 1942 to the establishment of the Manhattan project. > Now if NAZI Germany had restricted that publication NAZI Germany could > have developed the bomb itself which could have completely altered the > outcome. > > Basically, if regimes like the DCTA/ITAR rules are expanded then it > works both ways and there could be a stifling of publication research > due to bureaucratic mishandling. Though it could assist in the spy > business as in the cold war. > > > Dr. Adrian McCullagh > Ph.D. LL.B.(Hons) B. App. Sc. (Computing) > ODMOB Lawyers > Mobile 0401 646 486 > Skype. Admac57 > E: ajmccullagh57 at gmail.com > E: amccullagh at live.com > The contents of this email are confidential between the sender and the > intended recipient. If you are not the intended recipient then no rights > are granted to you because of this error and as such you are requested > to promptly inform the sender of the error and to promptly destroy all > copies of the email in your power, possession or control. The sender > reserves all rights concerning this email and its contents including any > privilege, copyright and confidentiality associated with this email. > Even though an email signature block has been appended to this email, > and notwithstanding the Electronic Transactions Act (Qld) or the > Electronic Transactions Act (Cth), the signature block does not exhibit > the senders intention to be bound by an offer previously sent by the > intended recipient, unless the email in its body specifically indicated > that the sender hereby accepts such an offer previously sent by the > intended recipient. > > *From:* alfiej at fastmail.fm > *Sent:* ‎Wednesday‎, ‎10‎ ‎June‎ ‎2015 ‎1‎:‎54‎ ‎PM > *To:* Cryptography Mailing List , > cypherpunks at cpunks.org > > Snap, from Australia: > > http://www.smh.com.au/it-pro/security-it/dangerous-minds-are-maths-teachers-australias-newest-threat-20150608-ghira9.html > > "Australian academics who teach mathematics may need to run new > ideas by the Department of Defence before sharing them or risk > imprisonment. > > Some academics are set to become much more familiar with the > department's Defence Export Control Office (DECO), a unit that > enforces the Defence Trade Control Act 2012, Australia's end of a > 2007 pact with the US and UK over defence trade. > > Until recently, DECO only regulated physically exported weapons and > so-called "dual use" items such as encryption, computing hardware > and biological matter. > > However in March the act was updated to include "intangible supply", > which is intended to prohibit the transfer of knowledge from > Australia that could be used to produce weapons." > > Alfie > > On Tue, Jun 9, 2015, at 05:36 PM, pete wrote: > > Proposed US ITAR changes. New regs, for comment, not yet in law or > > in force. > > > > > http://www.washingtonexaminer.com/nra-gun-blogs-videos-web-forums-threatened-by-new-obama-regulation/article/2565762 > > > > www.gpo.gov/fdsys/pkg/FR-2015-06-03/pdf/2015-12844.pdf > > > > > > > Actually, it says, for the first time explicitly, that publishing > > widely on the internet would be enough to put data into the > > public domain > > [000]. Sounds good? > > > www.metzdowd.com/mailman/listinfo/cryptography > > > > _______________________________________________ > The cryptography mailing list > cryptography at metzdowd.com > http://www.metzdowd.com/mailman/listinfo/cryptography > From wilfred at vt.edu Thu Jun 11 04:11:49 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Thu, 11 Jun 2015 07:11:49 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> Message-ID: About Time: The signals data is contained in a conventional EM loop, typical of 1960s design as implemented in most terrestrial and satellite reconaissance systems. The clock increment of the signal and a 3rd party note explain how the digitisation process work, they have found the original EM signal. EM CRT tubes operating in mid X-Ray band with a closed loop and frequency increment per time (linear or step) can replicate the entire 2Thz civilian EM signals band in an X carrier AND copy the prior signals a thousand times over for a thousand years. (0.88s geostationary circular, 0.133s earth circumference [potential strong indication of physical design and loop locations]) see: Maxwell-Tube-Cyclotron, typical EM X-Ray beam physics, and a huge missing assortment of published data on signals in any higher frequency band than light over the last century. The originating party apparently has the ability to retool their EM signals coding system electronics, and have updated their design multiple times in the sequence of snapshots this last week. This is why you are not allowed to use the green-blue bands of fiber optic conductor except in military applications and on-site networking. (visible light bands are at 420Thz-800Thz, typical (IR+) fiber is less than 2Thz) Even with poor carrier band packing and perhaps a few thousand full spectrum EM reconaissance sources at any time (0hz..400Thz), either by full carrier replication or indexed frequency carrier per time in a loop/ring, this system assumably has many decades of reconaissance data. Obviously it is time buffered, as they are pulling last years' data out now. No indication where the ring is, size of structure (aside from these time increments), or how complex a grid or mesh it may be. (signal distribution) You can make these tubes at home, similar to the coil on the back of your broken television. WARNING X-RAY AND HIGH FREQUENCY RADIATION! ;) -- data is currently exiting .de/ams and south america into P2P clusters in 2GB blocks. --- "X-Rated: Not for Viewing in Any Theater of War." (typical western classification code for similar technologies...) On Wed, Jun 10, 2015 at 12:00 PM, Wilfred Guerin wrote: > Here are some specifics on the data types, surprises, and questions: > > Originating party requested data services that were 100% onload > guaranteed, specifically indicating source as an analogue signal > digitisation system that did not have sufficient buffer capacity. > Initial requests were for linear buffer but then changed to block file > storage and public NAS capability. A similar request for SQL or > distributed database storage in cloud hosting was also fielded by many > services. > > Data structures are standard floats in spherical coordinates for 4D > vectors, include some reference table indexes in most of the formats, > and have some distinct ranges in a "small" selection of sample data: > > Time is offset (not unix) close to a western military standard but > varies in density. > > Precision of Floats in 3D vector is trimmed, indicating a specific > physical resolution. > > One of the electronic signal log files includes a standard signal > characteristic for antenna direction in addition to location vector, > typical of cell and e-war systems. Also includes values that may be > rate of signaling or CPU processor speed(?). > > Most of the data uses index values, range is linear 0..count. > > Some of the data uses both an index and unique identifier, another set > uses a large bit scope value assumed to be a hash, but its structure > has been identified as a structured tree, possibly a known standard > (described below) > > For each structure type, there are additional values related to the > signal characteristics and some indexing/classifier but none related > to a identifiable pattern other than sequentially loaded index tables. > > We are very concerned about the consistency of the data, one must > assume that a full SPOOF is possible with calculated generation, > however some selections map accurately into adjusted-coordinate 3D > structures such as office buildings, houses, and viable speed tracking > on highways. A party with direct access is preparing maps. Our > interest is to prepare distributed processing techniques to > consolidate rendering of the entire snapshot. > > One set is obviously electronic device data, another is most likely > EM(?) tracking of coin and currency objects, another includes more > precise vectors and a large unique identifier value and is extremely > concerning. > > There is no statistical anomaly of missing data per region (coverage > of entire planet), the density of records is consistent and in all > small selections the data has high correlation with physical locations > including terrain and structures, aircraft routes, highway speeds, and > typical patterns at an accuracy that would require the same knowledge > to artificially generate. > > More importantly: The coin & currency tracking data maps FAR TOO > CLEARLY into reasonable commerce patterns, coins into and out of > *registers*, bank trucks and storage. Without a full 3d model and a > huge computational effort to simulate global commerce, it is more > likely that a high precision radar system or sigint capability is > actually tracking these targets. > > The large bit scope and header reference of one data set is especially > concerning: > > 10-12 billion unique identifiers using standard genetic expression > encoding values in tree form and a related signal characteristic > profile. > > Tracked at 0.25m resolution. With signals. Log density may be due to > AD sampling resolution. Data is historical, mid-year 2014. > > >> >> On Wed, Jun 10, 2015 at 09:17:59AM -0400, Wilfred Guerin wrote: >>> Files are standard DB Table dumps (packed) loading from a cluster of >>> VPNs from torrent and NAS protocols through central europe (entry >>> providers are all in privacy-sensitive countries) and intended to be a >>> distributed database service; there is simply nothing big enough to >>> handle this onload directly. (at 120+gbps bursts) Some of the services >>> are posting public torrent data and open sql database access. Table >>> files are set up as redundant master with cross-population and >>> standard distribution techniques. Some of the tracking data appears to >>> have 1 inch resolution target vectors. >>> >>> >>> > Wilfred Guerin wrote: >>> >> >>> >> Some huge *meaning close to exobyte size* data sets are circulating in >>> >> storage clouds this last week, appear to be snapshots of signals >>> >> intelligence metadata including vector tracking of signals targets >>> >> (possibly cell phones based on movement vectors) and cross-associated >>> >> metadata for their communications. Indications are that these are >>> >> recon signal dumps of the american sigint system loaded by a major >>> >> organized crime syndicate and cover most of last year. There is also a >>> >> set of organic tracking signals, assumably covert agent >>> >> communications, and another set that appears to be all American and >>> >> European cash money transactions(???). >>> > >>> > From wilfred at vt.edu Thu Jun 11 04:44:34 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Thu, 11 Jun 2015 07:44:34 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) Message-ID: Helmholtz Tube, Beam Steering, EM field interaction, simple field dynamics, (and your oscilliscope) are all you need to create complex EM signals processors. No different than your antique crypto cracker, which uses an abstract field to solve complex pre-defined systems. "56-bit" https cracker was mass implemented as a 300mhz backplane EM field solver about the size of your desktop computer. Using the same technology, resolution, and methods, BTC Bitcoins are around 8m^3 of field to solve. No doubt the access and decoding to these sigint signals requires similar proessing before being steered to the digitiser. (Maxwell Tube, Helmholtz Tube, typical of high school physics classrooms) From shelley at misanthropia.org Thu Jun 11 08:39:15 2015 From: shelley at misanthropia.org (Shelley) Date: Thu, 11 Jun 2015 08:39:15 -0700 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: Message-ID: <20150611153900.D1DF2C00017@frontend1.nyi.internal> On June 11, 2015 7:03:14 AM Wilfred Guerin wrote: > More specifics on the sigint system: > > This looks like a "Growth Industry" ... > > Access to the beam is not restricted, anyone can pull signals out of > the reconaissance loop from any of its exposed vectors.*** > > Viable areas: > Terrestrial: > a: Spurrious emissions from tubes or conduit, beam deflection from > interior particles > b: Stray beams passing through field coils but not redirected > c: Direct access to tubes or conduit (any variety of methods) > Orbital: > d: Geo-Magnetic Shift (downlinks) > e: Refractive / deflection (downlinks) > > As the rate of geo-magnetic shift continues to deform the containment > of the projected fields used to shape and steer the beams (which may > also have something to do with the sensor itself?), wider areas will > be accessible which are hit with the rogue spot beam from orbital (and > projected field electro-magnetic) guides. > > This means almost anyone with a sensor can gather data from the downlinks. > > Additionally, spurrious radiation from the terrestrial system is > available around endpoints and field coils, especially from damaged > conduit or particles in the tubes. > > Time to raid the libraries for antique books about 1800s-1980s X-Ray > EM physics and electromagnetic wave guides! > > It would not be rational to encode the carrier signal unless it was > certain that the encoding would not disrupt signals quality, however > raw X-Rated signals might have been too risky? > > [There are Thz ring oscillators, detectors, and various photonic > rings, but properly implemented field-effect lenses, EM field vector > control circuitry and coils(/phased array) (abstract field > projection), and optimal tube design are all that should > theorhetically be needed once a rogue beam is identified. X-Ray > Materials and interference fields must be researched and made common > knowledge.] > -------> Hopefully the data source is not too easily found and the dumps get > out, this is extremely relevant for "civil liberties", human rights, > and reconstructing your own personal history and records where your > data is otherwise mising. I've been following this since it was posted. Speaking as someone who doesn't trust anyone in the employ of the US of Corporatocracy: while it piques my interest enough to suspend my disbelief a little to see where it is headed, you lost me me with that last paragraph. Without something to back it up, I just can't buy that we're living in a 1984/Truman Show construct. I know I'm not the only one on these lists who enjoys the dark utopia and Cyberpunk genres of fiction, so if you're testing out ideas you'll find plenty of eager readers. But call it that, ffs. No links to source, nothing but fantastic (albeit interesting) descriptions... throw us a bone, sir, or I must call BS. -S -—------—---------— > On Thu, Jun 11, 2015, Wilfred Guerin wrote: > > Helmholtz Tube, Beam Steering, EM field interaction, simple field > > dynamics, (and your oscilliscope) are all you need to create complex > > EM signals processors. > > > > No different than your antique crypto cracker, which uses an abstract > > field to solve complex pre-defined systems. "56-bit" https cracker was > > mass implemented as a 300mhz backplane EM field solver about the size > > of your desktop computer. > > > > Using the same technology, resolution, and methods, BTC Bitcoins are > > around 8m^3 of field to solve. > > > > No doubt the access and decoding to these sigint signals requires > > similar proessing before being steered to the digitiser. > > > > (Maxwell Tube, Helmholtz Tube, typical of high school physics classrooms) From list at sysfu.com Thu Jun 11 09:31:41 2015 From: list at sysfu.com (Seth) Date: Thu, 11 Jun 2015 09:31:41 -0700 Subject: Videos and slides for "Security in Times of Surveillance" 2015 Message-ID: Some excellent talks by some of my favorite technical people, recommended viewing. https://projectbullrun.org/surveillance/2015/video-2015.html From sdw at lig.net Thu Jun 11 09:44:01 2015 From: sdw at lig.net (Stephen D. Williams) Date: Thu, 11 Jun 2015 09:44:01 -0700 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: <20150611153900.D1DF2C00017@frontend1.nyi.internal> References: <20150611153900.D1DF2C00017@frontend1.nyi.internal> Message-ID: <5579BAD1.1020202@lig.net> cypherpunks.theonion vs. cypherpunks.onion eh? How fine is that line? sdw On 6/11/15 8:39 AM, Shelley wrote: > On June 11, 2015 7:03:14 AM Wilfred Guerin wrote: > >> More specifics on the sigint system: >> >> This looks like a "Growth Industry" ... >> >> Access to the beam is not restricted, anyone can pull signals out of >> the reconaissance loop from any of its exposed vectors.*** >> >> Viable areas: >> Terrestrial: >> a: Spurrious emissions from tubes or conduit, beam deflection from >> interior particles >> b: Stray beams passing through field coils but not redirected >> c: Direct access to tubes or conduit (any variety of methods) >> Orbital: >> d: Geo-Magnetic Shift (downlinks) >> e: Refractive / deflection (downlinks) >> >> As the rate of geo-magnetic shift continues to deform the containment >> of the projected fields used to shape and steer the beams (which may >> also have something to do with the sensor itself?), wider areas will >> be accessible which are hit with the rogue spot beam from orbital (and >> projected field electro-magnetic) guides. >> >> This means almost anyone with a sensor can gather data from the downlinks. >> >> Additionally, spurrious radiation from the terrestrial system is >> available around endpoints and field coils, especially from damaged >> conduit or particles in the tubes. >> >> Time to raid the libraries for antique books about 1800s-1980s X-Ray >> EM physics and electromagnetic wave guides! >> >> It would not be rational to encode the carrier signal unless it was >> certain that the encoding would not disrupt signals quality, however >> raw X-Rated signals might have been too risky? >> >> [There are Thz ring oscillators, detectors, and various photonic >> rings, but properly implemented field-effect lenses, EM field vector >> control circuitry and coils(/phased array) (abstract field >> projection), and optimal tube design are all that should >> theorhetically be needed once a rogue beam is identified. X-Ray >> Materials and interference fields must be researched and made common >> knowledge.] > >> > -------> Hopefully the data source is not too easily found and the dumps get >> out, this is extremely relevant for "civil liberties", human rights, >> and reconstructing your own personal history and records where your >> data is otherwise mising. > > I've been following this since it was posted. Speaking as someone who doesn't trust anyone in the employ of the US of > Corporatocracy: while it piques my interest enough to suspend my disbelief a little to see where it is headed, you lost me me with > that last paragraph. > > Without something to back it up, I just can't buy that we're living in a 1984/Truman Show construct. I know I'm not the only one > on these lists who enjoys the dark utopia and Cyberpunk genres of fiction, so if you're testing out ideas you'll find plenty of > eager readers. But call it that, ffs. > > No links to source, nothing but fantastic (albeit interesting) descriptions... throw us a bone, sir, or I must call BS. > > -S > > > -—------—---------— > > > >> On Thu, Jun 11, 2015, Wilfred Guerin wrote: >> > Helmholtz Tube, Beam Steering, EM field interaction, simple field >> > dynamics, (and your oscilliscope) are all you need to create complex >> > EM signals processors. >> > >> > No different than your antique crypto cracker, which uses an abstract >> > field to solve complex pre-defined systems. "56-bit" https cracker was >> > mass implemented as a 300mhz backplane EM field solver about the size >> > of your desktop computer. >> > >> > Using the same technology, resolution, and methods, BTC Bitcoins are >> > around 8m^3 of field to solve. >> > >> > No doubt the access and decoding to these sigint signals requires >> > similar proessing before being steered to the digitiser. >> > >> > (Maxwell Tube, Helmholtz Tube, typical of high school physics classrooms) > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6233 bytes Desc: not available URL: From wilfred at vt.edu Thu Jun 11 06:54:30 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Thu, 11 Jun 2015 09:54:30 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: Message-ID: More specifics on the sigint system: This looks like a "Growth Industry" ... Access to the beam is not restricted, anyone can pull signals out of the reconaissance loop from any of its exposed vectors.*** Viable areas: Terrestrial: a: Spurrious emissions from tubes or conduit, beam deflection from interior particles b: Stray beams passing through field coils but not redirected c: Direct access to tubes or conduit (any variety of methods) Orbital: d: Geo-Magnetic Shift (downlinks) e: Refractive / deflection (downlinks) As the rate of geo-magnetic shift continues to deform the containment of the projected fields used to shape and steer the beams (which may also have something to do with the sensor itself?), wider areas will be accessible which are hit with the rogue spot beam from orbital (and projected field electro-magnetic) guides. This means almost anyone with a sensor can gather data from the downlinks. Additionally, spurrious radiation from the terrestrial system is available around endpoints and field coils, especially from damaged conduit or particles in the tubes. Time to raid the libraries for antique books about 1800s-1980s X-Ray EM physics and electromagnetic wave guides! It would not be rational to encode the carrier signal unless it was certain that the encoding would not disrupt signals quality, however raw X-Rated signals might have been too risky? [There are Thz ring oscillators, detectors, and various photonic rings, but properly implemented field-effect lenses, EM field vector control circuitry and coils(/phased array) (abstract field projection), and optimal tube design are all that should theorhetically be needed once a rogue beam is identified. X-Ray Materials and interference fields must be researched and made common knowledge.] Hopefully the data source is not too easily found and the dumps get out, this is extremely relevant for "civil liberties", human rights, and reconstructing your own personal history and records where your data is otherwise mising. On Thu, Jun 11, 2015, Wilfred Guerin wrote: > Helmholtz Tube, Beam Steering, EM field interaction, simple field > dynamics, (and your oscilliscope) are all you need to create complex > EM signals processors. > > No different than your antique crypto cracker, which uses an abstract > field to solve complex pre-defined systems. "56-bit" https cracker was > mass implemented as a 300mhz backplane EM field solver about the size > of your desktop computer. > > Using the same technology, resolution, and methods, BTC Bitcoins are > around 8m^3 of field to solve. > > No doubt the access and decoding to these sigint signals requires > similar proessing before being steered to the digitiser. > > (Maxwell Tube, Helmholtz Tube, typical of high school physics classrooms) From jya at pipeline.com Thu Jun 11 07:08:05 2015 From: jya at pipeline.com (John Young) Date: Thu, 11 Jun 2015 10:08:05 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: Message-ID: We're tweeting these posts. Blowback: is any evidence available to support the narrative? Sample of the data, say, for close examination, with credible provenance, not the GG secret pact bloviation. Mild critique: is this sci-fi or legit or both, advancing the literary-video prize winning breaking news big screen Hollywood Neal Stephenson spirit of the Snowden "NSA disclosures." At 09:54 AM 6/11/2015, you wrote: >More specifics on the sigint system: > >This looks like a "Growth Industry" ... > >Access to the beam is not restricted, anyone can pull signals out of >the reconaissance loop from any of its exposed vectors.*** > >Viable areas: >Terrestrial: >a: Spurrious emissions from tubes or conduit, beam deflection from >interior particles >b: Stray beams passing through field coils but not redirected >c: Direct access to tubes or conduit (any variety of methods) >Orbital: >d: Geo-Magnetic Shift (downlinks) >e: Refractive / deflection (downlinks) > >As the rate of geo-magnetic shift continues to deform the containment >of the projected fields used to shape and steer the beams (which may >also have something to do with the sensor itself?), wider areas will >be accessible which are hit with the rogue spot beam from orbital (and >projected field electro-magnetic) guides. > >This means almost anyone with a sensor can gather data from the downlinks. > >Additionally, spurrious radiation from the terrestrial system is >available around endpoints and field coils, especially from damaged >conduit or particles in the tubes. > >Time to raid the libraries for antique books about 1800s-1980s X-Ray >EM physics and electromagnetic wave guides! > >It would not be rational to encode the carrier signal unless it was >certain that the encoding would not disrupt signals quality, however >raw X-Rated signals might have been too risky? > >[There are Thz ring oscillators, detectors, and various photonic >rings, but properly implemented field-effect lenses, EM field vector >control circuitry and coils(/phased array) (abstract field >projection), and optimal tube design are all that should >theorhetically be needed once a rogue beam is identified. X-Ray >Materials and interference fields must be researched and made common >knowledge.] > >Hopefully the data source is not too easily found and the dumps get >out, this is extremely relevant for "civil liberties", human rights, >and reconstructing your own personal history and records where your >data is otherwise mising. > > > >On Thu, Jun 11, 2015, Wilfred Guerin wrote: > > Helmholtz Tube, Beam Steering, EM field interaction, simple field > > dynamics, (and your oscilliscope) are all you need to create complex > > EM signals processors. > > > > No different than your antique crypto cracker, which uses an abstract > > field to solve complex pre-defined systems. "56-bit" https cracker was > > mass implemented as a 300mhz backplane EM field solver about the size > > of your desktop computer. > > > > Using the same technology, resolution, and methods, BTC Bitcoins are > > around 8m^3 of field to solve. > > > > No doubt the access and decoding to these sigint signals requires > > similar proessing before being steered to the digitiser. > > > > (Maxwell Tube, Helmholtz Tube, typical of high school physics classrooms) From cathalgarvey at cathalgarvey.me Thu Jun 11 02:13:33 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 11 Jun 2015 10:13:33 +0100 Subject: Best practice for safe viewing of PDFs posted to list In-Reply-To: <20150610220139.GA12014@antiproton.jfet.org> References: <20150610220139.GA12014@antiproton.jfet.org> Message-ID: <5579513D.3080400@cathalgarvey.me> > After all, pdf.js has no more or less permissions than any other JS > you might encounter in the wild Are we sure about this? JS loaded from localhost can do some dangerous stuff because CORS doesn't apply anymore to local resources such as the filesystem. What context does pdf.js run in? If Mozilla didn't carefully sandbox it, and if it executes PDF Javascript embeds (does it?) then it could potentially have filesystem access? This would mean that the closed-source spyware platform from Google might actually be safer in this case. But I don't know; pdf.js might be injected into the remote resource and therefore have CORS restrictions tied to the source domain. It's all implementation.. I'd be inclined to use pdfotext for textual data or GIMP as Steve recommended. You can probably use some combination of common PDF utils, headless GIMP, and ImageMagick to make a script to do the same thing instantaneously. On 10/06/15 23:01, Riad S. Wahby wrote: > Seth wrote: >> Curious if the advice given above is still relevant and also what other on >> the list recommend for safe viewing of PDFs. > > If your web browsing habits don't include NoScript, then you're likely no > worse off using pdf.js to view PDFs than you are browsing arbitrary websites. > After all, pdf.js has no more or less permissions than any other JS you might > encounter in the wild; and since pdf.js is bundled with modern versions of > Firefox, you might be inclined to think that it's likely non-malicious even if > it's exploitable by rogue PDFs. But that's no worse than some JS malware you > were fed via DNS poisoning or CDN hijacking. > > (This can be seen either as an implicit endorsement of pdf.js or of NoScript.) > > -=rsw > -- Scientific Director, IndieBio Irish Programme Now running in Cork, Ireland May->July Learn more at indieb.io and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From cathalgarvey at cathalgarvey.me Thu Jun 11 02:20:58 2015 From: cathalgarvey at cathalgarvey.me (Cathal Garvey) Date: Thu, 11 Jun 2015 10:20:58 +0100 Subject: Best practice for safe viewing of PDFs posted to list In-Reply-To: <5579513D.3080400@cathalgarvey.me> References: <20150610220139.GA12014@antiproton.jfet.org> <5579513D.3080400@cathalgarvey.me> Message-ID: <557952FA.7060506@cathalgarvey.me> Come to that, for bonus points you could make a little server that automates this process and then reconstitutes a raster PDF of an input PDF in real time, then displays it with PDF.js. Install the server and run at start-up, and change some settings in your browser, and voila: an intermediated PDF-scrubber with all the convenience of Firefox + PDF.js. :) On 11/06/15 10:13, Cathal Garvey wrote: > > After all, pdf.js has no more or less permissions than any other JS > > you might encounter in the wild > > Are we sure about this? JS loaded from localhost can do some dangerous > stuff because CORS doesn't apply anymore to local resources such as the > filesystem. What context does pdf.js run in? If Mozilla didn't carefully > sandbox it, and if it executes PDF Javascript embeds (does it?) then it > could potentially have filesystem access? > > This would mean that the closed-source spyware platform from Google > might actually be safer in this case. But I don't know; pdf.js might be > injected into the remote resource and therefore have CORS restrictions > tied to the source domain. It's all implementation.. > > I'd be inclined to use pdfotext for textual data or GIMP as Steve > recommended. You can probably use some combination of common PDF utils, > headless GIMP, and ImageMagick to make a script to do the same thing > instantaneously. > > On 10/06/15 23:01, Riad S. Wahby wrote: >> Seth wrote: >>> Curious if the advice given above is still relevant and also what >>> other on >>> the list recommend for safe viewing of PDFs. >> >> If your web browsing habits don't include NoScript, then you're likely no >> worse off using pdf.js to view PDFs than you are browsing arbitrary >> websites. >> After all, pdf.js has no more or less permissions than any other JS >> you might >> encounter in the wild; and since pdf.js is bundled with modern >> versions of >> Firefox, you might be inclined to think that it's likely non-malicious >> even if >> it's exploitable by rogue PDFs. But that's no worse than some JS >> malware you >> were fed via DNS poisoning or CDN hijacking. >> >> (This can be seen either as an implicit endorsement of pdf.js or of >> NoScript.) >> >> -=rsw >> > -- Scientific Director, IndieBio Irish Programme Now running in Cork, Ireland May->July Learn more at indieb.io and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey From bogus@does.not.exist.com Thu Jun 11 07:39:49 2015 From: bogus@does.not.exist.com () Date: Thu, 11 Jun 2015 10:39:49 -0400 Subject: No subject Subject: Re: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) From: Wilfred Guerin To: John Young Content-Type: text/plain; charset=UTF-8 To John- there are over 200 groups discussing the same issues, at least 2 got nationalised aggressively, and there have been some tangential posts on blogs or commercial forums mainly concerns about their datacenter security not knowing who might attack them, but overall the same concerns are expressed: Can the data be spoofed? Not at this resolution without having a model of everything at the same resolution... Are the blocks secure? No. [...] But services are stable. Exports to public? yes, p2p clusters loading, datacenters doing preparation processing, packed table files are set up for distributed search How do *you* know? UHD/4k VNC video stream to one of the master control servers handling the database import and text chat with 200 others, no direct access to data here, but certainty that the data is distributing. Involved how? rendering code to make GEO-TIFF map tiles and aggrigated spline/curves to simplify snapshot data and level of detail pyramid (multi-variate parametric search) index data. Now we ask... If this was NATO-ish or any variety of US/UK system built in the 1960s(?) can we solve for locations or viable downlink targets to intercept? This hint at geo-magnetic shift is a huge opportunity! The coin data is ... glorious... but the other signals are no less amusing, one set appears to be wired sigint in mhz carrier bands, assumably urban analogue phone signals as recorded from the switch routing system's ground or related wiretaps to rf via cable. genome.gov had links to the various data formats that others identified in the organics table. X-Ray physics and detector materials need research, 1890s through 1970s was a huge ammount of X-Ray publicity, but NEVER EVER DID ANYONE USE IT FOR SIGNALING??? BULLSHIT! ALSO!!! "is there any distinction at military bases or secure areas?" YES. there is some access control doors which others suggest is a standard card reader with number pad and automatic door that is common on the secure layer of military and COMMERCIAL CONTRACTOR facilities that has a proximity detector signal built into the door frame. THE COIN DATA WARPS AROUND THIS CYLINDRICAL SIGNAL ON THE DOOR PORTAL AND VECTOR PASSES THROUGH THE WALL. Obviously the vector is impossible without fields projected from that security device! There is also a ghosting signature that reduces sample rate (in the digitiser) around similar facilities, looks like it was isolated in the newer signal index, so it should be really obvious who is using these jamming systems and where! (and where else!) more questions: coins on boats? yes. coins on submarines? YES. (with ghosting) organic signals? wtf? Yes, but im told the prior emailed reference is erroneous: the primary index is a SIGNALS CHARACTERISTIC tree, the supporting block (large bit scope number) is VERY SIMILAR to a genetic expression profile tree such as genome.gov/ and many of the gene profiling standards. Hopefully the news will start posting the technical reports the primary groups have been preparing last few days... we need to get physics and advanced crypto groups attention, if the signals are encoded and that party broke through dense analogue crypto, it will take a huge effort to solve for that (it may have been an analogue EM field as well that performed the encoding or reference signals) to make the same capability posible for others. Staying alive! On Thu, Jun 11, 2015 at 10:08 AM, John Young wrote: > We're tweeting these posts. Blowback: is any evidence available to > support the narrative? Sample of the data, say, for close examination, > with credible provenance, not the GG secret pact bloviation. > > Mild critique: is this sci-fi or legit or both, advancing the literary-video > prize winning breaking news big screen Hollywood Neal Stephenson > spirit of the Snowden "NSA disclosures." > > > At 09:54 AM 6/11/2015, you wrote: >> >> More specifics on the sigint system: >> >> This looks like a "Growth Industry" ... >> >> Access to the beam is not restricted, anyone can pull signals out of >> the reconaissance loop from any of its exposed vectors.*** >> >> Viable areas: >> Terrestrial: >> a: Spurrious emissions from tubes or conduit, beam deflection from >> interior particles >> b: Stray beams passing through field coils but not redirected >> c: Direct access to tubes or conduit (any variety of methods) >> Orbital: >> d: Geo-Magnetic Shift (downlinks) >> e: Refractive / deflection (downlinks) >> >> As the rate of geo-magnetic shift continues to deform the containment >> of the projected fields used to shape and steer the beams (which may >> also have something to do with the sensor itself?), wider areas will >> be accessible which are hit with the rogue spot beam from orbital (and >> projected field electro-magnetic) guides. >> >> This means almost anyone with a sensor can gather data from the downlinks. >> >> Additionally, spurrious radiation from the terrestrial system is >> available around endpoints and field coils, especially from damaged >> conduit or particles in the tubes. >> >> Time to raid the libraries for antique books about 1800s-1980s X-Ray >> EM physics and electromagnetic wave guides! >> >> It would not be rational to encode the carrier signal unless it was >> certain that the encoding would not disrupt signals quality, however >> raw X-Rated signals might have been too risky? >> >> [There are Thz ring oscillators, detectors, and various photonic >> rings, but properly implemented field-effect lenses, EM field vector >> control circuitry and coils(/phased array) (abstract field >> projection), and optimal tube design are all that should >> theorhetically be needed once a rogue beam is identified. X-Ray >> Materials and interference fields must be researched and made common >> knowledge.] >> >> Hopefully the data source is not too easily found and the dumps get >> out, this is extremely relevant for "civil liberties", human rights, >> and reconstructing your own personal history and records where your >> data is otherwise mising. >> >> >> >> On Thu, Jun 11, 2015, Wilfred Guerin wrote: >> > Helmholtz Tube, Beam Steering, EM field interaction, simple field >> > dynamics, (and your oscilliscope) are all you need to create complex >> > EM signals processors. >> > >> > No different than your antique crypto cracker, which uses an abstract >> > field to solve complex pre-defined systems. "56-bit" https cracker was >> > mass implemented as a 300mhz backplane EM field solver about the size >> > of your desktop computer. >> > >> > Using the same technology, resolution, and methods, BTC Bitcoins are >> > around 8m^3 of field to solve. >> > >> > No doubt the access and decoding to these sigint signals requires >> > similar proessing before being steered to the digitiser. >> > >> > (Maxwell Tube, Helmholtz Tube, typical of high school physics >> > classrooms) > > > From dtm168 at openmailbox.org Thu Jun 11 04:52:40 2015 From: dtm168 at openmailbox.org (dtm168 at openmailbox.org) Date: Thu, 11 Jun 2015 13:52:40 +0200 Subject: [tor-talk] Additional hop before connecting to Tor Message-ID: <2a8f8c25121cbad6b4575ce5ddcd3d57@openmailbox.org> Hi, You often read that the fact you are using Tor is being monitored by the various intelligence services. I guess this works by recording which IP addresses connect to known entry relays and/or directory authorities. Since you usually also connect to facebook or gmail your identity can be easily linked to Tor usage. This is especially true if you have a static IP address. Currently I use a virtual server in a foreign country which I pay with Bitcoin. I use an ssh tunnel which I use to make connections to Tor, i.e. intelligence service see the IP of my server which connects to known Tor IP addresses. 1. How likely is it that they look at connecting IP addresses to my server (and identify me)? Probably very likely. Would it help to have an additional anon server as an additional hop to Tor? 2. Tor traffic has these characteristic traffic signatures (packet size, timings of packets when idle). Would these also "shine through" the ssh tunnel? 3. I guess making that server a private bridge will be worse than using ssh because of these typical Tor traffic patterns. 4. I am also afraid of running a Tor relay on my home internet connections because all members of my family who share that IP will be flagged as Tor users... I am interested to hear your opinions. Cheers, dtm168 -- tor-talk mailing list - tor-talk at lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- From list at sysfu.com Thu Jun 11 15:39:13 2015 From: list at sysfu.com (Seth) Date: Thu, 11 Jun 2015 15:39:13 -0700 Subject: =?utf-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCB0aW1lIA==?= =?utf-8?B?w5cgKGFsc286ICdCYWxyb2cnIG1hbG5ldCwgZmlyc3RoYW5kIHZpZXcp?= Message-ID: Reposted from https://cryptostorm.org/viewtopic.php?f=67&t=8702 črypto is finished... and it's about time × (also: 'Balrog' malnet, firsthand view) Postby Pattern_Juggled » Tue May 12, 2015 11:27 am {direct link: cryptostorm.org/balrog} This essay forms one section of a broader paper describing a global surveillance technology we have dubbed Corruptor-Injector Networks (CINs, or "sins") here at cryptostorm. As we have worked on the drafting and editing of the larger paper, we saw as a team the need for a first-hand perspective to help provide a tangible sense of how CINs work and why understanding them is so vitally important to the future of network security. I was nominated to write the first-person account, in large part because I have spent the better part of two months entangled with a particular CIN ("painted" by it - i.e. targeted). That experience, it was decided, may prove helpful for readers as it represents what is likely to be a nearly-unique frontline report from someone who is both engaged in research in this field as a professional vocation, and who was personally painted by the preeminent CIN in the world today. Despite misgivings about revisiting some of this experience, I see the wisdom in this decision and here I am pecking away at this esay. It's late, as I've found it a challenge to comport my experience with a cohesive, easily-digested narrative arc. What follows is the best I'm able to do, when it comes to sharing that experience in a way that is intended to help others. Specifically, I hope to accomplish two things. One, and most importantly, I am sharing what amounts to loosely-defined diagnostic criteria for those concerned they have been painted by a CIN... or who are in a later-stage state of deeply-burrowed infection by the CINs implants. In the last month or so, I have been deluged by people concerned they may be targeted or infected. While I have done my best to reply with useful advice our counsel, more often than not I've been unable to provide much of either. This essay is my attempt to fill that gap. Apart from the designers and operators of this CIN, I am likely more familiar with the operational details if it as it exists today than anyone else in the world - by a long stretch. I have invested many hundreds of deep-focus hours in this work, with only a small minority of that being solely directed at disinfecting my - and our - machines locally, at cryptostorm. The majority has involved, to be blunt, using myself as an experimental subject... allowing my local machines to reinfect via the painting profile, and then trying to limit the spread of, and eventually revers the footorint of, the infection modules/payloads themselves. I have iteratively followed that painting-injection-infection-corruption trajector through dozens of iterations, countless kernels rotted from the inside-out and simply erased as they were beyond salvation. This knowledge base all but obligates me to share what I have learned, such as it is, so others can leverage the hard-won bits of insight I've been able to collate from all this dirty tech. The second goal of this paper is to communicate the scale, scope, and pressing urgency of CINs as a research and mitigation subject of highest priority to anyone working in the information security field today. That's a big task. I will do my best to share the broad outline of what we, at cryptostorm, have watched accelerate into the biggest, most dangerous, most complex threat we see to internet security and privacy for the next five years. Let's get to work. & crypto really is finished. ...once we finish this amble, ...that conclusion is inescapable, ...its consequences both subtle & profound. Ց forest, trees, & the sum of parts It wouldn't be too far-fetched to say that info security is a solved problem, or was before the CINs implanted themselves in the middle of things. That sounds bizarre to say, since by all accounts the State of InfoTec is... abyssmal. Stuff is broken, everywhere; everything gets hacked by everyone, all the time. Nobody follows good security procedure, and the net result veers between chaos and satire. That's all true, no question - but in theoretical terms, I stand by the assertion that infosec was essentially solved. How to implement those solution compoments... well, that's different question entirely. When it comes to understanding how to mitigate, manage, and monitor security issues in technology, we know how: every attack vector has its defensive tools that, if applied correctly, pretty much work. This state of affairs is so ingrained in our thinking, from within infosec, that it's tough to step back and really see how prevasive it is. As much as we all know there's horrible implementation failure out there, nobody is (or was) home alone late at night, wringing hands and sighing dejectedly... utterly stumped by a question of how to defend against a particular attack. Rather, a few minutes perusing InfoSec Taylor Swift's twitter feed... err I mean "searching the web," is enough to turn up some pretty solid knowledge on any imaginable infosec topic, from post-quantum cryptographic systems to gritty OpSec-spy advice, and off to baked-in processor hardware attack models. Winnow down the advice to the stuff that seems legit, figure out the cost and complexity of putting it in production, and off we go. This we all assume is simply the lay of the land in our corner of the world. Corruptor-Injector networks throw that somewhat comfortable state of affairs on its head in a rude, unsettling, and comprehensive way. This is a qualitatively different sort of security threat than is, for example, "malware" or "the fast-approaching arrival of engineered AES128 collisions" - CINs are as different from such componentry as is a castle from a jumble of uncut boulders sitting in a field. All the expertise out there, developed to thwart countless sub-sub categories of security threats to computers and the networks we use to connect them, finds itself marooned in the dry terrain of "necessary, but not sufficient." That is to say, we will need all those skills to avoid an otherwise-eventual "CINtastrophe" in which the sticky extremeties of fast-mutating, competing CINs drown the internet in a morass of corrupted data, broken routes, unstable connections, and infected packets. But we'll also need more. Which is the first important point in all of this, and one it took me more than a month of more-than-fulltime study of this subject to finally realise in one of those "oh, wow... now I get it" moments. I'm going to boldface this, as it's a core fact: no individual functional component of CINs is - or need be - new, or unknown, or freshy-discovered, or surprisingly clever and far ahead of the curve in its specialised explot category. It's all alread seen, observed, documented, and on most all cases, reasonably well understood in the civilian world. Cryptostorm has not, nor do we claim to have, "discovered a new exploit" or attack vector that nobody has previously noted or published. The sense of urgency and... dread (not the right word, but it'll do for now) we feel and are communicating recently isn't based on a novel discovery. Even more so, the entire concept of CINs - if not the name itself - and the example of one created by the NSA, were thrown into stark, inescapably real status by the whistleblowing of Edward Snowden in 2013. There's a hefty pile of NSA slide decks, and civilan commentary, freely available to confirm that's the case (we're collecting it all in the closing segment of this full essay, as well as in our newly-birthed community research library. It's all there, in black and white... nearly two years ago, with additional follow-on disclosures continuing along the way. So if that's the case, why are we all hot & bothered at cryptostorm about CINS? After all, they're neither made of new pieces nor even a newly-discovered category themselves - nothing to see, move right along. I'll admit that I was, unconsciously, in that mindset abou this segment of the Snowden archives. I read them - skimmed, more like - and essentially filed them under the "interesting, but not core" tag in my internal filing model. Yes, malware... you get it, bad things happen. Don't click on dodgy links, or download "free" porn. There are pages about injectors and FoxAcid, and QuantumInsert, and so on... but it all seemed mostly Tor-specific and anyway not terribly front & centre. I say this not because I misunderstood the mechanisms - MiTM is not a new concept for any of us on the team, here - but rather because I miss the implictions entirely. We all did, or nearly all. That's despite Snowden himself taking some effort to return focus to this category, even as we all hared off into various sub-branches of our own particular desire: crypto brute-forcing, mass interception, hardware interdiction and modification, and so on. Not surprisingly, Mikko (Hypponen) calls out as something of a lone voice, in his early-published quotes on these attack tools, in really clearly pointing out that there's something fundamentally different about this stuff. Here he is, from March of 2014, in The Intercept: "“When they deploy malware on systems,” Hypponen says, “they potentially create new vulnerabilities in these systems, making them more vulnerable for attacks by third parties.” Hypponen believes that governments could arguably justify using malware in a small number of targeted cases against adversaries. But millions of malware implants being deployed by the NSA as part of an automated process, he says, would be “out of control.” “That would definitely not be proportionate,” Hypponen says. “It couldn’t possibly be targeted and named. It sounds like wholesale infection and wholesale surveillance.” [b"]Wholesale infection."[/b] That's the visible symptom, and it's the sharp stick in the eye that I needed to break my complacency. Mikko calls this category "disturbing" and warns that it risks "undermining the security of the Internet." That's no hyperbole. In fact, the observable evidence of that critical tipping-point having already been crossed is building up all around us. All this doom-and-gloom from something that doesn't really have any new parts, and has been outed to public visibility for years... how can that be? CINs are powerful because of their systems-level characteristics, not (merely) because of their fancy building blocks. Just like the castle, vastly more useful as a defensive tool than a big pile of boulders, CINs take a bunch of building blocks and create an aggregated system ouf of them that's of a different order entirely. The forest is greater than the sum of the trees, in other words. Much greater. ՑՑ "...proceed with the pwnage” “Just pull those selectors, queue them up for QUANTUM, and proceed with the pwnage,” the author of the posts writes. (“Pwnage,” short for “pure ownage,” is gamer-speak for defeating opponents.) The author adds, triumphantly, “Yay! /throws confetti in the air.” One of the things we know - or knew, really - about infosec is what it means to be "infected" with "malware" or "badware" or whatever term is enjoying its 15 PFS re-keyings of fame. You do something dumb, like stick a big wiggly floppy drive into your TRS-80 that you got from some shady dude at the local BBS meet-up, and now you "have it." The virus. It's in your computer... inthecomputer.jpg If you do silly-dumb things and bad stuff gets into your computer, then you have to... get it out of your computer, of course. A entire industry (dubious as it is) exists to keep bad things from getting in - "antivirus" - and a parallel sub-industry specialises (not terribly successfully) in getting it out when it gets in. THis same model scales up to corporate entites, except it all costs alot more money for the same not-really-effective results. Firewalls keep bad stuff out, and scanners find it when it gets in so it can get removed. Simple - even if tough to do in practice. CINs are different. It took me most of a month to figure this out, too. At first, in early March, I noticed odd browser activity in several machines I'd been using to do research and fine-tuning for our torstorm gateway. I whipped out my analyzers and packet-grabbers and browser-session sniffers, and got to work figuring out what had infected the machines. Because that's how this works: if you are unlucky or unwise, you disinfect. It's tedious and not always totally successful, but it isn't complex or intellectually challenging. Indeed, I was quite sure I knew with some precision what vector had infected me - and I had (still have) the forensics to demonstrate it. Feeling a bit smug, I took the weekend to collate data, write up some findings, clean the local network, and prepare to pat myself on the back for being such an InfoSec Profesional. Then the weird stuff started happening again, on the computer I'd somewhat meticulously "cleaned" of any odd tidbits. Hmm, ok. I suck at hardware, as everyone knows, so clearly I just didn't do a good job of disinfecting - this is not unusual. Back to the salt mines, to disinfect again. This time I roped in most all of the rest of the cryptostorm staff computers, to disinfect those... a security precaution in case I gave what I had to others on the team, somehow. I still didn't really know what it was doing ("it") in the browser, specifically... but who cares? Wipe the browser to the bare earth, or if needed reinstall the entire OS image ground-up. Problem not. Done. I took the opportunity of this extravagant downtime - nearly a whole week without being on the computer for academic or cryptostorm work, amazing! - to pick up a new laptop. Actually new, in the box - something odd for me, as I tend towards ragged conglomerates of old machines. Once again feeling smug, I laid out some elegant UEFI partitions - tri-boot, look at me being all tech! Packages updated, repositories lovingly pruned and preened with bonsai attention. I left the drives from the old infected machines, in my local network, off in a pile for later analysis and file removal. Safety first, right? No way this nasty stuff will jump onto the new, "clean" boxes I've spent days setting up. Then the new box went weird, all at once. Not just one partition, either: I'd boot into Win and sure enough the browser would get baulky and jagged and cache-bloated if I hopped around to a few sites... not even the same sites I'd visited when I was in the lenny partition.. That matters, because we assume - unconsciously - that we get infected from a specific site. It's got bad files on the server, you visit the server, and you have those files come down to your machine via your browser. Maybe it's a creepy flash file making use of the endless deluge of flash 0days, or whatever. The file comes from a server. But I didn't visit any of the same sites, on these different operating systems I'd just used on my new laptop... not an intentional choice, but looking back I knew it was a clean split between the two groups of sites. But now I certainly seemed to have the same problem on a brand-new, well-tightened (as much as one can, because WIndows) OS instance - with no overlap in sites visited. That's sort of weird, isn't it? Well, ok... thinking... hmmm. And as I'm thinking, the Windows partition locks up tight. No surprise there, it happens... though with only a couple plain-jane websites loaded in Firefox? On a brand-new laptop? Odd, but whatever: Windows. Reboot, and it'll be happy once again. I push the power button to reboot the laptop. It powers off, by all appearances... and then simply sits like turd in the hot sun. It's a new-fangled laptop, no way to do anything to it but push the power button. Heck even the battery is locked inside tight. I push, and push, and push... nothing. And my mind is repeating two words: fucking hardware. Hardware is the bane of my existence. Two days old, and a new laptop won't even power up. Hardware and I have a fraught relationship. I go through the grief stages, sort of... first is denial - it can't be broken, no way! - and then the next one is anger - damned piece of garbage, amazing how shoddy things are! ...I think there's three more stages, but I don't remember them because I was so pissed off. Also the laptop got a bit dented-up along the way. I was frustrated: a week's worth of fiddling with hardware and kernels, and I was one step backwards from where I'd begin. No stable partition. No stable local machines, known-clean. No real idea of the infection vector, as my assumed model wasn't doing well as new data arrived. Plus now I just had an angry shouting match with a laptop that won't boot (not much shouting from that side of things)... this is really, really not me at all. But I'm feeling, at that point, a powerlessness... a sense of non-confidence in my own ability to run a computer. This might be like a truck driver who suddenly forgets how to operate the transmission in her daily driver: really humiliating, and self-eroding, isn't it? In the dozen or two cases of people I've talked to who also have been painted by this CIN, that powerlessness feeling is a universal marker. Many are high-level tech notables, and the concept of not being able to make a computer run cleanly is... utterly foreign. As a group, we're the kids who built computers from blurry blueprints published in Byte magazine, metaphorically speaking. We not only fix computers for friends and family when they won't work, we're the ones who the people who first tried to fix them come to when they can't fix them. It's been like that all our lives. It's sort of who we are, at some level. And then there's these computers sitting in front of us that don't work. Or, they work for a while - a few days, maybe - and then they start sliding downhill. Browser slows, then gets GPU/CPU intensive. Lots of activity from it, even when no page loads are happening visibly - or maybe only a tab or two are open. Bidirectional traffic, noted by most of us who ifconfig'd or nload'd or iptraf'd the boxes when things took a strange turn. Next, graphical irregularities that go beyond the browser. Fonts aren't rendering quite right... or if they do, they render well but have these "slips" where they get a bit pixellated... but only for a minute or ten, and they come back. Those of us attuned to such things note that strange tls/ssl errors spin up: mismatched certs, subtle but if one's browser is a bit snooty about credentials, they appear. Maybe a certificate for a site that doesn't match the site's URL... well ok not uncommon, except in these cases it's for sites that we know have matching certs, to the character. But they're transient. Wireshark it. But.. wireshark crashes. Update wireshark... and suddently you find yourself downloading a really big package relative to what you are pretty sure a basic wireshark binary should be. You google that, to confirm... and as you do, you notice that there's a bunch of other packages hitching a ride on that wireshark update... how'd that happen? More googling, but as you do, your machine is doing stuff. Htop and...wtf? Lots of new processes, not stuff you are used to seeing. Bluetooth? You disabled it ages ago. Avahi... what the hell is that? Cups? I don't even own a printer. You google each one, and they're legit packages... but packages you've never intentionally installed or configured. And no big version upgrades lately, to the kernel, either... hmmm. Look at the config files for these unexpected arrivals - eeek! Ports open, remote debugging activated... that's not default settings, and you sure as heck didn'[t set those, did you? Meanwhile the CPU is hot, the hard disk platters are spinning continuously, and the blinkenlight on the NIC is a solid LED. Those who are reading this and have experienced some or all of that, you know what I'm describing. You can feel your OS eroding out from underneath you... but how to stop it? And how did it get in, since that's a new machine with no hardware in common with the old (infected) ones. Perhaps you go on a config jijad, like I did (many times): manually reviewing every config file of every bloody package on the bloody machine, and manually resetting to values you think sound legit... because who can google them all? Packages crash, you didn't set values right. Reading, googling, page 7 of the search results and still nobody will just post the syntax that made the damned whatever-it-is do its thing without barfing! ...what did you see??!? wisdom_of_the_ancients.jpg Ah, yes, now you're feeling the burn. If you looked in cache (or Cache, or Media Cache - wtf? - or .cache, or...) you see gigabytes of weirdly symmetrical, hard-symmetric-encrypted blobs overflowing, in all directions. Purge cache, and it builds back up. Plug the NIC in, and traffic screams out... you didn't even up the adapter yet! And is that your wifi adapter chattering away? That was disabled, too... Eventually you reboot yet one more time, and the grub menu is... not the same. You run grub2/pc, and this is old-skool grub, or whatever. Is your kernel image listed differently? No way... that's not possible. You mention these odd things to colleagues or friends, and they rib you about it: "stop clicking on porn, and you won't get infected again!" But you actually didn't... which is troubling in all sorts of ways. Read boot logs closely, and you might see paravirtualisation come up. And/or KVM. If you run windows, the equivalent there. But you didn't install a virtualised kernel. Maybe you are like me, and you get downright obsessive about this: iterate through possible infection mechanisms, between boxes. Calculate RFC ranges for NFC devices you know are disabled, but who knows..? Consider that air-gapped subsonic infection magic that at first seemed legit, then got pissed all over, but is almost certainly legit and was alll along... do you need to actually find a Faraday cage to put your computer in? Unplug from the network entirely, hard-down adapters at the BIOS. Machine is stable. OK. But... useless, right? DIsable IP6, wreck bluetooth physically with a screwdriver, read up in WiMax and all that weird packet-radio stuff (there goes a weekend of your life you'll never get back). Start manually setting kernel flags, pre-compile... only to see the "new" initrd image hash-match to the infected one. Learn about config-overrides, and config-backups, and dpkg-reconfigure, and apt-cache, and... there's a few more weeks. Plug back into the internet after all that - static IP on a baseline wired ip4 NIC, no DHCP packages even installed, ffs! - first packet goes to cstorm to initiate a secure session. Rkhunter at the ready, unhide(s) spooled up... iptraf running, tcpdump dumin'... an hour later, having logged in to a couple sites to check week's worth of backlogged correspondence, and the browser starts slowing. Task manager shows big caches of javascript and CSS and images and... oh, no. Check your browser config files, manually - the ones you manually edited for hours last night, and set chattr +i. They're reverted somehow. There's a proxy enabled, and silent extensions with no names and no information when you look for matches by their thumbprints. Kill your browser with pkill -9... but the browser in your window is still there. htop.... is that legit, or is that a remote xterm session? Why is sshd running? Who enabled Atari filesystem, ffs! So it goes... ՑՑՑ “Owning the Net” In the first week or two after I got painted, I stuck the name of "SVGbola" on the malware I had captured... because .svg-format font files are one of the mechanisms used for the initial inject of targeted network sessions, and because ebola ofc. But quickly I saw that there were other vectors, they seemed to evolve over time. I'd block or disable or find a way to mitigate one clever ingress tactic, and a few hours later I'd see the telltale cache-and-traffic stats begin climbing... not again. Two or three days of frantic battle later, and I'd learned about a couple more attack/inject tactics, but still had no damned idea what tied them together I'd intentionally been avoiding reading those old NSA slide decks, as I didn't want to taint my perceptions with a "one holds a hammer, and the world become a nail" dynamic. But it was time to dig into the literature (using a borrowed touchpad... I'd borrowed a few laptops along the way, from friends and colleagues, to use for some simple email and web tasks... and managed to brick the hard drives on every single one), and refresh my memory on this whole "weird NSA MiTM malware" cul-de-sac. It didn't take long at all... The NSA began rapidly escalating its hacking efforts a decade ago. In 2004, according to secret internal records, the agency was managing a small network of only 100 to 150 implants. But over the next six to eight years, as an elite unit called Tailored Access Operations (TAO) recruited new hackers and developed new malware tools, the number of implants soared to tens of thousands. {article date: March 2014} I had been assuming Stuxnet, in terms of initial infection vector... you know, a USB stick with sharpie writing on the side that says: PR0N, DO NOT OPEN!!! <-- that is how you get malware, right? ( speaking metaphorically, sort of) But this isn't what the NSA is doing with these programs, not at all. They're selecting targets for injection of malware into live network sessions - apparently http/https overwhelmingly - on the fly, at "choke points" where they know the targets' sessions will go by the hundreds of machines that compromise these NSA 'malnets.' Custom-sculpted nework injections (we call them 'session prions') are forced in, seething with 0days. An analyst in some post-Snowden NSA office tomb clicks a few GUI elements on her display and the selector logic she was fed by her bosses primes the Quantum and Foxacid malnets worldwide, waiting for that signature'd session to show up on their targeting radar. You've been CIN-painted. Now, whenever your sessions match that profile, you will get more Foxacid Alien-implant session payloads coming back from your routine internet activities. The selectors can be anything that identifies you as a general profile... the slide decks mention things like Facebook tracking fingerprints, DoubleClick leech-cookies, twitter oauth header snippets, and so forth. Physical IP is entirely unnecessary, as is your name or any other identifier. Perhaps the NSA (or its clients in the civilian law enforcement world, in dozens of countries) wants to find out who runs a particular website... say, a .onion website like agorahooawayyfoe.onion... l_ff525d308ba173b66cd3d533cc092237.jpg l_ff525d308ba173b66cd3d533cc092237.jpg (5.75 KiB) Viewed 1378 times This isn't a small-scale effort any more, either. That's what I think I had unconsciously assumed, that it was a couple hundred people on the Amerikan drone-list, or whatever. Not making light of such things, but rather for me as a technologist if an attack is bespoke and requires expertise, it limits it to a tiny, tiny percent of defensive threat modelling scenarios. And for those on the drone-lists? Well, good luck is what I'd generally say. However, these CIN malnets are scaling/scaled to millions of concurrent painted-chumps. And growing. The implants being deployed were once reserved for a few hundred hard-to-reach targets, whose communications could not be monitored through traditional wiretaps. But the documents analyzed by The Intercept show how the NSA has aggressively accelerated its hacking initiatives in the past decade by computerizing some processes previously handled by humans. The automated system – codenamed TURBINE – is designed to “allow the current implant network to scale to large size (millions of implants) by creating a system that does automated control implants by groups instead of individually.” In a top-secret presentation, dated August 2009, the NSA describes a pre-programmed part of the covert infrastructure called the “Expert System,” which is designed to operate “like the brain.” The system manages the applications and functions of the implants and “decides” what tools they need to best extract data from infected machines. {ibid.} Or for another way of saying it in the NSA's own words, dating from 2009... intelligent-command-and-control.jpg ՑՑՑՑ ņame your poison Once I realised this was about quite a bit more than simply borked svg's (which is still a pretty interesting vector, imho), I pulled out the name #SauronsEye for what I was experiencing: a totalising, all-seeing, ever-present, burning glare from a height. I was being surveilled, by some entity somewhere, for some reason. The pressure of the eye was almost physical, for those middle weeks. But the name doesn't seem to fit, now that we've been able to fit the scrambled, jagged mess of data-pieces together into a more or less fully-coherent understanding of what the system is. Because this stuff isn't passive it doesn't simply sit there and watch. Rather, it's 'all up in your shit,' as they say... every time you get online, however innocuous and carefully-constrained your activities are, you run the risk of this happening to your browser once those prions spread through your network session and shoot right into your local kernel: 12.jpg A colleague, overhearing us discussing this amoungst the team, blurted out "Balrog." And that's the fit, just so. Yes, it's LoTR and that's drifted twee of late - but at core Tolkein isn't twee, and he knew his evil as only an Oxford professor of decrepit languages can know evil. The Balrog, for the less painfully geeky amoungst the readership, are described by JRR as "they can change their shape at will, and move unclad in the raiment of the world, meaning invisible and without form" (cite), which gets it spot-on for our CIN-naming task here. He goes on, waxing a bit more poetical... His enemy halted again, facing him, and the shadow about it reached out like two vast wings… suddenly it drew itself up to a great height, and its wings were spread from wall to wall… Shadowy? Check. Great height, and wide (metaphorical) wingspan? Check. But it's the imagery of the Balrog that seared the name into the very souls of Tolkein-reading boys such as I. Imagery that quite hits the nail on the head: 1826732-balrog.jpg Balrog500ppx.png That's something of what it feels like to face down this stuff as it repeatedly pierces one's local perimeter and turns one's root-level kernel sanctuary into a mutating, unreliable, dishonest, corrupted mess... right in front of one's eyes. (and yes, I know that computers behaving badly are very much First World Problems of the most Platonic sort, and hyperbole aside I remain aware that starvation trumps Cronenberg-transgressed computational resources when it comes to real problems to have in one's life) The final point, for this spot of writing, is this: there is no "disinfecting" once you are painted as a target by Balrog (or any CIN). The infection exist ephemerally in the fabric of the internet itself; it's not something you can simply remove from your computer with antivirus software (or manually). Trust me on this: even if you are successful in disinfecting (and that'll require expertise in grub, Xen, containers, obscure filesystem formats, font encoding, archaic network protocols down the OSI stack, and on and on and on), dare to actually use the computer to communicate with others online, and you'll be right back to the alien-bursting-from-stomach place in short order. Neither cryptostorm, nor cryptography, can protect you from Balrog, or from CINs. The session prions come in via legitimate (-ish) web or network activity. You can't blacklist the websites serving dirty files... because they aren't coming from websites, these prions. They're phantom-present everywhere in the internet that's a couple hops from a Foxacid shooter... wihich means everywhere, more or less. You can blacklist the internet, I suppose - offline yourself to stay pure... but that in and of itself reflects a successful DoS attack by the NSA: they downed you, forever... I can hear the grumbling from the stalwarts already: "BUT WHAT ABOUT HTTPS??!?! IT'S SUPER-SECURE AND INVINCIBLE AND SO NSA CAN SUCK EGGS I'M SAFE BECAUSE HTTPS EVERYWHERE WHOOOOOOO!!" ... Https - as deployed, in the real world, based on tls & thus x509 & Certification Authorities & Digicert & ASN.1 & parsing errors & engineered 'print-collisions & DigiNotar & #superfisk & all the rest - is so badly, widely, deeply, permanently, irrecoverably broken on every relevant level that it merely acts as a tool to filter out dumb or lazy attackers. Those aren't the attackers we worry about much, do we? I mean, if we put a lock on our door that would be totally effective in keeping out newborn babies, caterpillars, and midsized aggregations of Spanish Moss - but was useless against some dude who just hits the door with his shoulder to pop it open - then it'd be less than wise to go cavorting about the neighbourhood, crowing to all who can hear that you left 500 pound sterling on the kitcken table and too bad suckers, no mewling infant will ever find her way in to steal that currency... wouldn't it? That's https. Indeed, I have a... something between a theory, and a strangely intense fantasy... concept that PEM-encoded certs themselves are being used as an implant vector by Balrog :-P Or, as my colleague graze prefers to (more reasonably) suspect, strangely-formatted packets for use in transporting data between Balrog-sickened victims and the MalCloud of Balrog's control architecture, globally. Or maybe the're used as meta-fingerprints... beyond-unicode control characters embedded in obscure fields nobody even decodes client-side but which can be sniffed cross-site to identify sessions over time... Anyway, https. Were we to discover (or read the work of others who discovered, more likely) super-exotic cert-vectored exploit pathways, we would be not surprised in the least; it's not that it's 'only' marginally useful in securing actual data (and network sessions) against CIN-level active attackers, but rather it's a question of how destructive it is, on balance. Alot, a little, or in the middle? That's an open question, but it's the only one when it comes to https and security. But remember, many keystrokes ago, we discussed "necessary but not sufficient?" This is where it folds back in, like an origami crane tucked in one's pocket... The defensive techniques that can - and will - protect us from Balrog and other CINs (there will be others, likely already are... that's a given), systems-level infected-cloud virulence, must also act as integrated, coherent, cohesive, outcomes-defined systems as well. Cryptography (symmetric & asymmetric primitives alike) is a piece of that, a crucial piece without which overall systems success would likely be impossible. But crypto alone is no more protection from Balrog than would be a single thick mitten serve as protection from a month in the Arctic during coldest wintertimes. There's more, and more importantly it all needs to fit together as a sum far greater than its parts: a big pile of right-handed mittens won't substitute for a proper Inuit snow suit. Funny thing is, we know how to do that - the systems stuff, the integrated functionality. It's been where we've headed since last fall, perhaps reflecting a team-wide intuition that our membership's needs were pulling us that way. Too, we've been seeing the weirdness out there - fractal weirdness on the network - for many months: borked routed, fishy certs, dodgy packets, shifty CDNs, https being https, etc. Little fragments of mysterious code piggybacking on "VPN service" installers (pretty sure we know where some of that comes from now, eh?), microsoftupdate.com hostnames used as C&C for... something? Repository pulls showing up weird-shaped, with signed hashes to back their dubious claims to legitimacy.... it goes on and on. “La semplicità è la massima raffinatzza” (Łeonardo da Vinci) CINs work by corrupting network integrity, at the most fundamental levels: routing, packet integrity, DNS resolution, asymmetric session identity validation. They use the trust we all have in those various systems more or less working a they were designed to work, and as their maintainers strive to enable them to work... they use that trust as a weapon against everyone who uses the internet to communicate, from a father in Ghana texting the family to find out what they'd like for dinner from town, to the Chilean wind-farmer planning future blade geometries with meteorological data available online, to the post-quantim information theory doctoral student in Taiwan who runs her latest research results up the flagpole with colleagues around the world, to see who salutes... all get leeched, individually, so CINs can frolic about & implant malware as their whims dicatate. Galrog, and CINs generally, will prove to be our era's smallpox-infested blankets dropped on trusting First Nation welcoming parties by white guys behaving badly. We trust the internet to more or less inter-network, and CINs use that trust as an ideal attack channel because who would really think? Well, Balrog - this Balrog, not Tolkein's - is real. Funding is in the order of $100 million USD a year and growing. It's been up and running a decade or so, long since out of beta. There's other CINs in the works, surely... if not deployed already regionally or in limited scale; When more than one is shooting filth into whatever network sessions catch its fancy, attribution will be hopeless. Its not like one checks ARIN for Foxacid records, eh? As to C&C, all evidence suggests Balrog piggybacks on the incomprehensible route-hostname complexity of the mega-CDNs - cloudflare, akamai, others so shady and insubstantial it's likely they'll be gone before this post comes out of final-round edits: you can't blacklist those, and their hostnames cycle so frequently you can'd even do subhost nullroutes. So if you are painted, and Balrog is whipping at your NICs, you'll likely never 'prove' to anyone whose whip made those scars. But the scars are real, eh? They burn. And it'd be a heck of alot better to avoid the whip, rather than burn endless spans of time in Quixotic attempts to prove whodunit when whodunit dun moved to the cloud, address uncertain and changing by day. So that's our job now, at cryptostorm: post-crypto network security. Crypto, Reloaded. Crypto... but wait, there's more! Protectiion from an ugly blanket of festering sickness already grown into the fabric of the internet itself, and sinking its violation deeper every day. Assurance that sessions go where intended, get there without fuckery, and come back timely, valid, & clean. One cannot simply 'clean' Balrog off, as the infection is entwined with the internet itself. Within that spreading rot, there exists the latent possibility of clean secret pathways, reliable protected networks delivering assured transit and deep-hardened privacy for every session, every packet, every bit... an underground railroad of peaceful packets. Identifying and alerting to network level threats is all well and good, but useless compared to threat transcendence. Done right, that kind of service delivery creates a network-within-the-network, a sanctuary for people to talk and share and live their lives with meaning, confidence, and peace. º¯º º¯¯º ...cryptostorm's sanctuary comes now ± ~ pj From eugen at leitl.org Thu Jun 11 07:08:32 2015 From: eugen at leitl.org (Eugen Leitl) Date: Thu, 11 Jun 2015 16:08:32 +0200 Subject: [tor-talk] Additional hop before connecting to Tor Message-ID: <20150611140832.GJ10743@leitl.org> ----- Forwarded message from dtm168 at openmailbox.org ----- From admin at pilobilus.net Thu Jun 11 21:29:28 2015 From: admin at pilobilus.net (Steve Kinney) Date: Fri, 12 Jun 2015 00:29:28 -0400 Subject: [tor-talk] Additional hop before connecting to Tor In-Reply-To: <20150611140832.GJ10743@leitl.org> References: <20150611140832.GJ10743@leitl.org> Message-ID: <557A6028.9030404@pilobilus.net> On 06/11/2015 10:08 AM, Eugen Leitl wrote:> ----- Forwarded message from dtm168 at openmailbox.org ----- > > Date: Thu, 11 Jun 2015 13:52:40 +0200 > From: dtm168 at openmailbox.org > To: tor-talk at lists.torproject.org > Subject: [tor-talk] Additional hop before connecting to Tor > Message-ID: <2a8f8c25121cbad6b4575ce5ddcd3d57 at openmailbox.org> > User-Agent: Roundcube Webmail/1.0.5 > Reply-To: tor-talk at lists.torproject.org > > Hi, > > You often read that the fact you are using Tor is being monitored by > the various intelligence services. > > I guess this works by recording which IP addresses connect to known > entry relays and/or directory authorities. Other tracking vectors available to State level actors include: * Owning and operating a large fraction of the routers in the network. This can be concealed very effectively by using a cloud server to host all the routers in one place, with exits all over the world via transparent proxies. "All in one place" means, monitored and manipulated in realtime to shape traffic and identify users. * Monitoring exit node traffic to record browser fingerprints, cleartext of any data transmitted between the TOR user and any server on the Internet, and associating these with behavior patterns indicating a personal interests profile, likely time zones, etc. * Diverting exit node traffic through a hostile router equipped with "real" Certificate Authority signing keys negates SSL completely - connecting to a server via SSH over TOR is the same as connecting to the server without SSH, if your adversary is NSA. * Injecting exploits and implants into the TOR user's inbound traffic from sites on the "normal" Internet, custom tailored to "climb out of" the TOR browser and take over the user's system. All of the above are within known capabilities at NSA and, most likely, Israeli, Chinese and Russian security services. It is possible that their biggest problem is tripping over each other's feet while interfering with TOR users. > Since you usually also connect to facebook or gmail your identity can > be easily linked to Tor usage. > This is especially true if you have a static IP address. Any contact with NSA owned (Facebook) or NSA partner (Google) services creates big, greasy fingerprints that make tracking anyone anywhere much easier. > Currently I use a virtual server in a foreign country which I pay with > Bitcoin. I use an ssh tunnel which I use to make connections to Tor, > i.e. intelligence service see the IP of my server which connects to > known Tor IP addresses. A VPN does not even attempt to conceal the identities of users from any actor who can watch both ends of the connection. A VPN will stop low tech adversaries like MPAA/RIAA goons who go after people sharing files; NSA and its peers, not so much. Not to mention that the VPN provider's logs know all and, if handed over or stolen, tell all. > 1. How likely is it that they look at connecting IP addresses to my > server (and identify me)? Probably very likely. Would it help to have > an additional anon server as an additional hop to Tor? Generally speaking, TOR and similar systems may delay but will not prevent the identification of frequent users, paired with their exit node traffic and its content. Repeatedly using /any/ anonymizing protocol from one location more or less guarantees your correct ID lands in a database with a summary of what your anonymous traffic contains. One-off use of TOR via the TAILS operating system on a "clean" laptop at an open WiFi router might be enough to prevent you and your traffic from being logged. > 2. Tor traffic has these characteristic traffic signatures (packet > size, timings of packets when idle). Would these also "shine through" > the ssh tunnel? SSH in general and VPN providers in particular are transparent to outfits like NSA. Using them with TOR only becomes part of a profile that eventually narrows down to one user - you. > 3. I guess making that server a private bridge will be worse than > using ssh because of these typical Tor traffic patterns. Maybe not. Needle vs. haystack and all that. But again, if you use the same physical Internet connection to repeatedly do "anonymous" things, it would be very good if these things were of no real interest to our Security Services. > 4. I am also afraid of running a Tor relay on my home internet > connections because all members of my family who share that IP will be > flagged as Tor users... I have run TOR relays from time to time. As long as you are not running an exit node, nothing bad will happen. And at least you know you are adding one "honest" router to the network - unless your box has been rooted and you don't know who really controls it. > I am interested to hear your opinions. There's mine, for what it's worth. Te anonymity provided by TOR (and i2p, Mixmaster, Freenet, etc.) is very limited even in best case scenarios. These tools simply can't work when a hostile actor effectively sees all, knows all, and can fuck with any connection on demand. On the brighter side most private, corporate and criminal attackers would be completely unable to penetrate the security provided by TOR (or etc.), unless they are in a position to ask the NSA or a comparable Security Service to do it for them. :o) Steve From grarpamp at gmail.com Thu Jun 11 22:13:02 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 12 Jun 2015 01:13:02 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> Message-ID: No evidence, calling baloney on this one. The theory is fun though. From grarpamp at gmail.com Thu Jun 11 23:29:35 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 12 Jun 2015 02:29:35 -0400 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: On Thu, Jun 11, 2015 at 10:17 PM, Zenaan Harkness wrote: > May be time to get serious about known-user to known-user > offline-key-established networks - F2F network, not necessarily > darknets either, but a new "public" network - to join the new internet > you must contact your local HUG (hospitable user group) for assistance > and establishment of shared keys. It is long past since time for F2F networks, physical ones, or at minimum logical. Be anon or not on top of that. Step outside your front door, pan your head and look at all the other doors, what do you see there? Uplinks to bigcorp with surveillance fangs on them? Or potentially many private data paths ripe for mutual association? http://www.ebay.com/sch/i.html?_nkw=1000ft+cat7a http://www.ebay.com/sch/i.html?_nkw=gigabit+media+converter http://www.ebay.com/sch/i.html?_nkw=fiber+optic+cable+spool From mirimir at riseup.net Fri Jun 12 01:36:35 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 12 Jun 2015 02:36:35 -0600 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: <20150611153900.D1DF2C00017@frontend1.nyi.internal> References: <20150611153900.D1DF2C00017@frontend1.nyi.internal> Message-ID: <557A9A13.7040508@riseup.net> On 06/11/2015 09:39 AM, Shelley wrote: > On June 11, 2015 7:03:14 AM Wilfred Guerin wrote: > >> More specifics on the sigint system: > I've been following this since it was posted. Speaking as someone who > doesn't trust anyone in the employ of the US of Corporatocracy: while it > piques my interest enough to suspend my disbelief a little to see where > it is headed, you lost me me with that last paragraph. > > Without something to back it up, I just can't buy that we're living in a > 1984/Truman Show construct. I know I'm not the only one on these lists > who enjoys the dark utopia and Cyberpunk genres of fiction, so if you're > testing out ideas you'll find plenty of eager readers. But call it > that, ffs. > > No links to source, nothing but fantastic (albeit interesting) > descriptions... throw us a bone, sir, or I must call BS. Right. Where can we get some of that data to review? From coderman at gmail.com Fri Jun 12 07:48:40 2015 From: coderman at gmail.com (coderman) Date: Fri, 12 Jun 2015 07:48:40 -0700 Subject: =?UTF-8?B?RlVDSyBqYXJnb24hIFt3YXMgUmU6IMSNcnlwdG8gaXMgZmluaXNoZWQuLi4gYW5kIGl0Jw==?= =?UTF-8?B?cyBhYm91dCB0aW1lIMOXIChhbHNvOiAnQmFscm9nJyBtYWxuZXQsIGZpcnN0aGFuZCB2aWV3KV0=?= Message-ID: On 6/11/15, Seth wrote: >... a broader paper describing a global > surveillance technology we have dubbed Corruptor-Injector Networks why? FUCK jargon! From coderman at gmail.com Fri Jun 12 07:54:08 2015 From: coderman at gmail.com (coderman) Date: Fri, 12 Jun 2015 07:54:08 -0700 Subject: =?UTF-8?Q?on_many_links_=5Bwas_Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it?= =?UTF-8?Q?=27s_about_time_=C3=97_=28also=3A_=27Balrog=27_malnet=2C_firsthand_view=29=5D?= Message-ID: On 6/12/15, Zenaan Harkness wrote: > ... > I am confident that local off-net PHY connections can go a long way to > increasing anonymity provided by anonymizing P2P networks - it's an > avenue unfortunately untapped, and even more so, not yet studied > academically. you need to remove some obstacles, like in-order delivery, and add some defenses, perhaps optimized dependent link padding and stochastic shaping. but the evidence is there, from the mesh network days - see multi-radio AODV optimizations highlighting the benefit of concurrent possible paths... then, as ever, the quintessential station wagon full of backup tape, "propinquitous discovery", "propinquitous delivery", best regards, From coderman at gmail.com Fri Jun 12 08:26:38 2015 From: coderman at gmail.com (coderman) Date: Fri, 12 Jun 2015 08:26:38 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/2/15, coderman wrote: > ... > also filed two requests with department of state regarding my > complaint about technical surveillance ... latest requests testing specific device queries vs. general device requests, and comparison between a few agencies. specific DRT 1201 to FBI: https://www.muckrock.com/foi/united-states-of-america-10/drtbox-18541/ generic "KingFish" to FBI, US Marshals, DEA respectively: https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18594/ https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18595/ https://www.muckrock.com/foi/united-states-of-america-10/kingfishing-18596/ calling out aggressive tactics appears to have ceased aggressive tactics. no update on progress for FBI file on my person. best regards, From afalex169 at gmail.com Thu Jun 11 23:32:56 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Fri, 12 Jun 2015 09:32:56 +0300 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: A very interesting essay... Thank you, Seth. So, ok. We've got it. There is no salvation from the "Barlog". But what are the alternatives (already operating)? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 200 bytes Desc: not available URL: From alan at clueserver.org Fri Jun 12 09:43:56 2015 From: alan at clueserver.org (alan at clueserver.org) Date: Fri, 12 Jun 2015 09:43:56 -0700 Subject: FUCK jargon! [was Re: =?iso-8859-1?Q?=C4=8Drypto_is_finished..._and_it's_about_time_=C3=97_?=(also: 'Balrog' malnet=?iso-8859-1?Q?=2C_firsthand_view?=)] In-Reply-To: References: Message-ID: <46822022cd2e6e759ac1fc2378b39012.squirrel@clueserver.org> > On 6/11/15, Seth wrote: >>... a broader paper describing a global >> surveillance technology we have dubbed Corruptor-Injector Networks > > why? > > FUCK jargon! It is a requirement. All new exploits must have a trademarkable description, logo and marketing strategy. It is all described in the PowerPoint slides. From drwho at virtadpt.net Fri Jun 12 10:26:10 2015 From: drwho at virtadpt.net (The Doctor) Date: Fri, 12 Jun 2015 10:26:10 -0700 Subject: =?UTF-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCA=?= =?UTF-8?B?dGltZSDDlyAoYWxzbzogJ0JhbHJvZycgbWFsbmV0LCBmaXJzdGhhbmQgdmlldyk=?= In-Reply-To: References: Message-ID: <557B1632.6080404@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/11/2015 11:32 PM, Александр wrote: > A very interesting essay... Thank you, Seth. So, ok. We've got it. > There is no salvation from the "Barlog". But what are the > alternatives (already operating)? Telepathy? - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Give 'em hell, Danny Boy!" -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVexYtAAoJED1np1pUQ8RkKnQP/2RvUZuWHIrZ+z+YcWe9EX9E pOecG1QRhPnnF3c5+VIOylqCyD7KoBLZEzJvh+0gJsusyRNIi232pJIFFhpa/hET RVgwXcVBRaaM6DJ84d5pB6J/2lktPm41UEdr/wgzzVWsooSfscFtd+rbyR4fUzoI gL/hvE/L2kSTtMgMCwv6BFBwHLySc5ACaRDzQh/3Iq1xVzwYJi1PyC1Y0hgZZ/lI Ee9VmCZO0YapaOIN/Kt3frJZ6nRjYItB3UpWvOIjULHDY0iWqwrwdJLNjP8kN8M/ 9JiUBD9FE8kuRXMlWBmW4lXqZ+9Q9nnz7sr8+WSvGumbmuT3YA6vbEtECLbKyti2 wSIhtA9lmGPZXDRipZKaG5u5DZG4TPwgP2v/4stk8V1dRD9+1z3uJ6d4kRMIO114 hUgX/eakSFyByHu9VMqhlihYnAtCxa1ZAPoT6aNu+k3YNlHQ4sfJIhdtDUH0NhQN EaLJIwMSwUpPStVofw36/QFu4C+jju9l3oVY4KiHxZ+5027j/GLzAaGXk2UHrIsk xTDU9G3WycFvUW5zqMz5RIvLeFVYTDH/HDwlmlRq5nR8ldddEXcgfSqIzitJH7AE RLMfQ+faHZYfBSSx07g44ezoNoCxKOpKqQCwAUsc6HzcdghJPq0Ucs8RZCNgxnhz 1+kGwBytnrLGejkeG6Qz =W1m3 -----END PGP SIGNATURE----- From hozer at hozed.org Fri Jun 12 08:48:13 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Fri, 12 Jun 2015 10:48:13 -0500 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> Message-ID: <20150612154813.GT27932@nl.grid.coop> On Fri, Jun 12, 2015 at 01:13:02AM -0400, grarpamp wrote: > No evidence, calling baloney on this one. > The theory is fun though. It'd make for a good techno-thriller movie... Just gotta make sure to triple-band X-ray em loop broadcast cpunks as evidence of prior art. Yes, I will sue your ass disney, so you might as well pay up now. From natanael.l at gmail.com Fri Jun 12 01:50:26 2015 From: natanael.l at gmail.com (Natanael) Date: Fri, 12 Jun 2015 10:50:26 +0200 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: Den 12 jun 2015 10:19 skrev "Zenaan Harkness" : > > On 6/12/15, grarpamp wrote: > > On Thu, Jun 11, 2015 at 10:17 PM, Zenaan Harkness wrote: > >> May be time to get serious about known-user to known-user > >> offline-key-established networks - F2F network, not necessarily > >> darknets either, but a new "public" network - to join the new internet > >> you must contact your local HUG (hospitable user group) for assistance > >> and establishment of shared keys. [...] > Some possible next steps to focus on: > - How to ensure that what we download, e.g. for an Ubuntu system > upgrade, is actually what is intended to be distributed by the > developers? > - How can we reduce the dependencies when "publicly browsing" - e.g. > slim down TBB (e.g. do not support SVG fonts, and much more)? > - How do we improve the security of the code we are depending on (in > the public website viewing pipeline)? E.g. industrialized fuzz-testing > (libraries, kernel-level code like the network stack, kernel data > structures, kernel drivers etc)? Harden and trim something like Tails. Run the better minimum. > Medium to longer term: > - Now that no OS is spared when accessing public web sites, even with > F2F encrypted network infrastructure, we need a specification/ > foundations for a hardware-level F2F network node - e.g. libre open > code from the BIOS/ firmware up to "userspace" e.g. the VPN code etc. > - What type of F2F network makes sense? > - What type of crypto is reasonable with current think, for our F2F networks? > - Document protocols for key exchange/ OS installation/ F2F HUG meetings etc. > - Userspace network stack - Simplify (and audit) network packet > pathways - e.g. take a copy of the Linux network stack, remove > everything extraneous, perhaps make it a user-space thing with really > minimal "driver" code in the kernel only - this might be a good > foundation for multiple cross-project collaboration (eg TBB, I2P, Tor > node, Gnunet, mixmaster, openvpn, whonix/ qubes, etc). Don't do F2F at the lowest network layer. Don't give away sociograms, don't allow timing attacks, and avoid the whole NAT issue. Just stick with I2P or similar traffic anonymization networks and run your traffic on top of that. Oneswarm (now abandoned, IIRC), RetroShare, or whatever else, run that over the anonymizing networks. Inviting somebody would be a matter of sharing the public key based address to the public services and noting his public key so you can accept an invite request, or directly send an invite to private mail of his like Bote mail or Pond. I've done a lot of thinking on P2P social networks, I'll share later, haven't written it all down yet. You can find a bunch of my thoughts on these matters in my blog, https://roamingaroundatrandom.wordpress.com, there's multiple relevant posts there. I know approximately what I want and how to make it easy to secure. One crucial part is key management where I believe hardware tokens is the best solution, including for in-person key exchange (see the developments for Bitcoin hardware wallets). -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3791 bytes Desc: not available URL: From sdw at lig.net Fri Jun 12 11:46:31 2015 From: sdw at lig.net (Stephen D. Williams) Date: Fri, 12 Jun 2015 11:46:31 -0700 Subject: =?windows-1252?Q?Re=3A_FUCK_jargon!_=5Bwas_Re=3A_c=28r?= =?windows-1252?Q?ypto_is_finished=2E=2E=2E_and_it=27s_about_?= =?windows-1252?Q?time_=D7_=28also=3A_=27Balrog=27_malnet=2C_fi?= =?windows-1252?Q?rsthand_view=29=5D?= In-Reply-To: <46822022cd2e6e759ac1fc2378b39012.squirrel@clueserver.org> References: <46822022cd2e6e759ac1fc2378b39012.squirrel@clueserver.org> Message-ID: <557B2907.5090602@lig.net> On 6/12/15 9:43 AM, alan at clueserver.org wrote: >> On 6/11/15, Seth wrote: >>> ... a broader paper describing a global >>> surveillance technology we have dubbed Corruptor-Injector Networks >> why? >> >> FUCK jargon! > It is a requirement. > > All new exploits must have a trademarkable description, logo and marketing > strategy. > > It is all described in the PowerPoint slides. > And a viral logo: http://heartbleed.com/ Every cult must have its iconography. sdw -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1296 bytes Desc: not available URL: From zen at freedbms.net Thu Jun 11 19:17:06 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 12 Jun 2015 12:17:06 +1000 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: May be time to get serious about known-user to known-user offline-key-established networks - F2F network, not necessarily darknets either, but a new "public" network - to join the new internet you must contact your local HUG (hospitable user group) for assistance and establishment of shared keys. "Be safe, view only your neighbour's pr0n." Or something :D $ apt-cache show libnacl-dev Package: libnacl-dev Source: nacl Version: 20110221-4.1 Installed-Size: 471 Maintainer: Sergiusz Pawlowicz Architecture: amd64 Description-en: High-speed software library for network communication NaCl (pronounced "salt") is a new easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc. NaCl's goal is to provide all of the core operations needed to build higher-level cryptographic tools. This package contains header and library files needed for software development that makes use of NaCl. Description-md5: e1cdd33a5a613a6864b25b58370820ed Homepage: http://nacl.cace-project.eu/ Tag: devel::library, role::devel-lib Section: libdevel Priority: extra Filename: pool/main/n/nacl/libnacl-dev_20110221-4.1_amd64.deb Size: 108570 MD5sum: 1f03b09e3e11a2ded70275e794b5c334 SHA1: bb3e3c1cf0865c0f9aae306a20dd63aa49714609 SHA256: 0aee48f41aa8dbdeab894d8350716c4f95ffe67e95646a4f88f90ca0291e8751 From admin at pilobilus.net Fri Jun 12 12:41:19 2015 From: admin at pilobilus.net (Steve Kinney) Date: Fri, 12 Jun 2015 15:41:19 -0400 Subject: =?UTF-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCA=?= =?UTF-8?B?dGltZSDDlyAoYWxzbzogJ0JhbHJvZycgbWFsbmV0LCBmaXJzdGhhbmQgdmlldyk=?= In-Reply-To: <557B1632.6080404@virtadpt.net> References: <557B1632.6080404@virtadpt.net> Message-ID: <557B35DF.1040606@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/12/2015 01:26 PM, The Doctor wrote: > On 06/11/2015 11:32 PM, Александр wrote: >> A very interesting essay... Thank you, Seth. So, ok. We've >> got it. There is no salvation from the "Barlog". But what are >> the alternatives (already operating)? > > Telepathy? > > > > I guess we're stuck with Eye Of Sauron and Balrog. Too bad, this is a much more Lovecraftian issue IMO: We are being pulled into a place where all the angles are "wrong," and watching the most merciful thing in the world - the inability of hostile actors to correlate all the contents of the Internet - starting to crumble away for reals. Couple of things I can see to work on: * Publicize this as a quantum leap in network security threats, requiring new trust models and comms protocols across the board, to every audience that is likely to understand the problem and respond proactively. * Review RFC 6973, Privacy Considerations For Internet Protocols, and work to amplify/expand sections relevant to what we are learning about large scale threat actors and their behavior as observed in the wild. This RFC is only two years old, so changes now may have a large impact on results later. https://tools.ietf.org/html/rfc6973 * Think about building an ecosystem of repositories for hashes and signatures, and protocols for monitoring consensus and assigning relative trust values to reduce reliance on repo signing keys as guarantors of software integrity. Developing comms protocols for this network would also contribute to general solutions for hardening networks against the capabilities of our new overlords. * Think hard about open projects to reverse engineer IC chips with attention to manufacturer sabotage. It seems to me that the likely venue for this would be non-aligned nations (so-called) with a vested interest in pooling their resources to push back against universal surveillance & sabotage capabilities of the Superpowers and their special pets. * Keep pressure on all fronts already being worked, i.e. replacing the HTTPS protocol with something that actually works in the sense of costing a lot more to defeat. Make the opposition spend more money when and wherever possible. Considering the choice of an apparently competent security oriented venue to "pen test to destruction" as reported, I wonder WTF that was about. Does somebody with control of the resources used WANT their capabilities publicly disclosed? If so, was this a strategic decision from the top, or an act of systemic sabotage by a lower level actor within the organization in question? So many questions, so few clues... so far. :o/ Steve -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVezXcAAoJEDZ0Gg87KR0LGPwQAOgmnO/1EdQaeehEVr6GPwGf XAp90v1b1qomdGFya19Hs8i4hB6semgCq54MY265/Mo/2RB1N6MTL1K7R2kwR2lI neaVxjbiZimiQ3BFh67gqm0dw9i3TAnpmw2Yuyj3qYtOLA9ORVcTwGk+x3z/yFGc k2GyttbjQ14HLgxuRVnmRlTLhlAvYQorcG5hQdQLOU4oYbLTGsnRHOpmsForxZsX SnQ83+flO1XjfVwZvRT/a72CFolHvi2gTQKFnmA801tLx1bmexHfHl8R2TbUiXxO o53nycJuhGh6gzflzxFUGa/Cr/+KJc1bWLSpqNX8sncAn090OtGrtaWEsB0eSerm Jd+cEvDd8rbB971dzq6gQuIZCjY4KmuWiy6C1RgkTY+lbf1AotEy6nFnJxw+EqqY dtoWnoc8c8pXDWTOmZHT+8eN3ITJpq3BUp/A+JLQRLXQyh2cMa7Glo7J7udRL4CX KxClnERlQCbt7Ou1ujrro4pYNDMNa0lwWnOtHy9ZzABZsX4sPHjZCs4OqdLNwqfP 4NhLF/UQhrilVm0Nmhc5n70gAR44ZfBS82gPZJiD+a6umWi9CI/UZf6AmvhI6ftU Q7IX/ETFay6zHe6AB3rZnlkETHl4xdqtKSs6jNSy6UWI+v1Qg4UitrdtqD2HmvJ+ 9Q7XGdT4u5OVt1YBdqeD =zWuJ -----END PGP SIGNATURE----- From zen at freedbms.net Fri Jun 12 01:17:40 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 12 Jun 2015 18:17:40 +1000 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: On 6/12/15, grarpamp wrote: > On Thu, Jun 11, 2015 at 10:17 PM, Zenaan Harkness wrote: >> May be time to get serious about known-user to known-user >> offline-key-established networks - F2F network, not necessarily >> darknets either, but a new "public" network - to join the new internet >> you must contact your local HUG (hospitable user group) for assistance >> and establishment of shared keys. > > It is long past since time for F2F networks, physical ones, > or at minimum logical. Be anon or not on top of that. > Step outside your front door, pan your head and look > at all the other doors, what do you see there? > Uplinks to bigcorp with surveillance fangs on them? > Or potentially many private data paths ripe for mutual association? > http://www.ebay.com/sch/i.html?_nkw=1000ft+cat7a > http://www.ebay.com/sch/i.html?_nkw=gigabit+media+converter > http://www.ebay.com/sch/i.html?_nkw=fiber+optic+cable+spool Attempting a conceptual pathway to some form of digital/ connected communication sanity: Foundations (please jump in): - No operating system is spared. - No browser is spared. - MITM with existing "web" tech is industrialized, pervasive, and unstoppable even by infosec/ security "professionals". - There are some library fuzzing "security improvement" projects (e.g. Google's fuzzing projects for image libraries etc as depended on by Chrome etc), but the layers and levels of dependencies are far greater that a few libraries, as seen in the OP article in this thread - SVG libs, lower level networking, higher level networking, HDDs/ SSDs dieing, malware being added onto downloaded/ upgraded software left right and center with no operating system spared, and (from the sound of the article) digital signatures still "matching" somehow. Fuck! This is intense! Some possible next steps to focus on: - How to ensure that what we download, e.g. for an Ubuntu system upgrade, is actually what is intended to be distributed by the developers? - How can we reduce the dependencies when "publicly browsing" - e.g. slim down TBB (e.g. do not support SVG fonts, and much more)? - How do we improve the security of the code we are depending on (in the public website viewing pipeline)? E.g. industrialized fuzz-testing (libraries, kernel-level code like the network stack, kernel data structures, kernel drivers etc)? Medium to longer term: - Now that no OS is spared when accessing public web sites, even with F2F encrypted network infrastructure, we need a specification/ foundations for a hardware-level F2F network node - e.g. libre open code from the BIOS/ firmware up to "userspace" e.g. the VPN code etc. - What type of F2F network makes sense? - What type of crypto is reasonable with current think, for our F2F networks? - Document protocols for key exchange/ OS installation/ F2F HUG meetings etc. - Userspace network stack - Simplify (and audit) network packet pathways - e.g. take a copy of the Linux network stack, remove everything extraneous, perhaps make it a user-space thing with really minimal "driver" code in the kernel only - this might be a good foundation for multiple cross-project collaboration (eg TBB, I2P, Tor node, Gnunet, mixmaster, openvpn, whonix/ qubes, etc). Next steps: - if there's a monthly computer user group meetup in reasonable distance, start participating - if not, create one - begin one or more of the above steps - even assisting with the documentation of a step - where possible, work with others, build community - build trust - build real trust networks (human to human connections, whoah!) - build digital trust networks High priority: - figure out how to create a cryptographically and networkingly secure F2F network, and document this e.g.: - hardware nodes can only begin to be trusted if they host no end-user WWW-facing software! - how to configure apt so that ubuntu package installation checks multiple hashes/ signatures for each package downloaded/installed - we absolutely must create a software distribution and verification protocol which is essentially uncrackable - how to establish surety that your ubuntu/rawhide "package signing key" matches that actually intended to be distributed by the corresponding project, e.g.: - view the signature of the key on the project's HTTPS web page + check the key as it appears published on one or more mailing lists + compare your version of the signature with the signature that others have at your local HUG + ?? We've been officially fucked over, we have no option but to start again with a new internet. there's no option but for each of us to start doing our bit. Good luck, and please post your success stories so we all can benefit and be inspired, Zenaan From grarpamp at gmail.com Fri Jun 12 16:37:12 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 12 Jun 2015 19:37:12 -0400 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: On Fri, Jun 12, 2015 at 4:50 AM, Natanael wrote: > Don't do F2F at the lowest network layer. > Just stick with I2P The reason for laying you own F2F physical network is that the existing "internet" one is owned and monitored by entities who have absolutely zero loyalties to, or care about, you. Now if you link up to your neighbor, and they theirs... there is some notion of chain of loyalty or trust or whatever there. If it's not strong enough for you then run the logical overlay nets on top of it. But at least remove the physical layer that you use for "free speech / thought / sharing / markets" etc out of the practical physical reach of "the man"... he has no business there, and you are giving him too much insight / control of you by using the internet instead of whatever you build within your own physical meshes. And to reach between cities you could even use some of your split horizon subscriptions to the "internet" to terminate a bunch of VPN's across and between them as link aggregation. > or similar traffic anonymization networks and run your > traffic on top of that. Oneswarm (now abandoned, IIRC), RetroShare, or > whatever else, run that over the anonymizing networks. Inviting somebody > would be a matter of sharing the public key based address to the public > services and noting his public key so you can accept an invite request, or > directly send an invite to private mail of his like Bote mail or Pond. From grarpamp at gmail.com Fri Jun 12 16:42:33 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 12 Jun 2015 19:42:33 -0400 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On Fri, Jun 12, 2015 at 11:26 AM, coderman wrote: > latest requests testing specific device queries vs. general device > requests, and comparison between a few agencies. Differential analysis of FOI systems and doc probing... ftw. From zen at freedbms.net Fri Jun 12 03:02:08 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Fri, 12 Jun 2015 20:02:08 +1000 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: On 6/12/15, Natanael wrote: > Den 12 jun 2015 10:19 skrev "Zenaan Harkness" : >> >> On 6/12/15, grarpamp wrote: >> > On Thu, Jun 11, 2015 at 10:17 PM, Zenaan Harkness > wrote: >> >> May be time to get serious about known-user to known-user >> >> offline-key-established networks - F2F network, not necessarily >> >> darknets either, but a new "public" network - to join the new internet >> >> you must contact your local HUG (hospitable user group) for assistance >> >> and establishment of shared keys. > > [...] > >> Some possible next steps to focus on: >> - How to ensure that what we download, e.g. for an Ubuntu system >> upgrade, is actually what is intended to be distributed by the >> developers? >> - How can we reduce the dependencies when "publicly browsing" - e.g. >> slim down TBB (e.g. do not support SVG fonts, and much more)? >> - How do we improve the security of the code we are depending on (in >> the public website viewing pipeline)? E.g. industrialized fuzz-testing >> (libraries, kernel-level code like the network stack, kernel data >> structures, kernel drivers etc)? > > Harden and trim something like Tails. Run the better minimum. > >> Medium to longer term: >> - Now that no OS is spared when accessing public web sites, even with >> F2F encrypted network infrastructure, we need a specification/ >> foundations for a hardware-level F2F network node - e.g. libre open >> code from the BIOS/ firmware up to "userspace" e.g. the VPN code etc. >> - What type of F2F network makes sense? >> - What type of crypto is reasonable with current think, for our F2F > networks? >> - Document protocols for key exchange/ OS installation/ F2F HUG meetings > etc. >> - Userspace network stack - Simplify (and audit) network packet >> pathways - e.g. take a copy of the Linux network stack, remove >> everything extraneous, perhaps make it a user-space thing with really >> minimal "driver" code in the kernel only - this might be a good >> foundation for multiple cross-project collaboration (eg TBB, I2P, Tor >> node, Gnunet, mixmaster, openvpn, whonix/ qubes, etc). > > Don't do F2F at the lowest network layer. Don't give away sociograms, don't > allow timing attacks, and avoid the whole NAT issue. Sorry, I'm thinking about it differently - like a physical layer. Let's name it differently: H2H - HUG node to HUG node, which might be overlayed over existing ISP/ centralized net, or might be your own PHY layer (e.g. local street-level wireless). So, treat this is a PHY layer, where everyone is expected to connect, relatively speaking, to their neighbours. A F2F (by terminology/meaning) would overlay on top of that. > Just stick with I2P or similar traffic anonymization networks and run your The key that I2P (and Tor for that matter) are missing is fill packets - i.e., the nodes you talk to, promise to backfill their link to you (likewise you to them) any empty packet slots, so that the link maintains a continuous throughput (to hide all real traffic within) - the only thing a state-level adversary (or ISP-level for that matter) can do to analyse things is kill the link entirely (shock testing), which can correlate your traffic with "exit node" traffic, but is much harder to see anything when you are only operating within the dark net. This is now a very important feature which our anonymizing network software needs in order to provide any meaningful protection. Local PHY is now also very very useful to increasing network access anonymity. This urgently needs some research study/papers to analyse/ determine the best ways (within eg onion routing context) to maximise advantage of off-net (private PHY layers). > traffic on top of that. Oneswarm (now abandoned, IIRC), RetroShare, or "Just use..." is very problematic! Please do not be so cavalier with your languaging as those without understanding might mistake your absolutist languaging for relevant fact (as opposed to intuitive sense or reasonable avenue for consideration depending on various factors .... etc etc)! > whatever else, run that over the anonymizing networks. Inviting somebody > would be a matter of sharing the public key based address to the public > services and noting his public key so you can accept an invite request, or > directly send an invite to private mail of his like Bote mail or Pond. There are many models. I am confident that local off-net PHY connections can go a long way to increasing anonymity provided by anonymizing P2P networks - it's an avenue unfortunately untapped, and even more so, not yet studied academically. This is one small, yet important, piece of the longer term puzzle. > I've done a lot of thinking on P2P social networks, I'll share later, Great. Looking forward to your thoughts. Please don't portend that there are easy conclusive "solutions". There are not! > haven't written it all down yet. You can find a bunch of my thoughts on > these matters in my blog, https://roamingaroundatrandom.wordpress.com, > there's multiple relevant posts there. I know approximately what I want and > how to make it easy to secure. One crucial part is key management where I > believe hardware tokens is the best solution, including for in-person key > exchange (see the developments for Bitcoin hardware wallets). Sounds like you've indeed done some thinking. Thank you very much for sharing your thoughts. We evidently have a long way to go, as a community. Regards Zenaan From odinn.cyberguerrilla at riseup.net Fri Jun 12 23:17:15 2015 From: odinn.cyberguerrilla at riseup.net (odinn) Date: Fri, 12 Jun 2015 23:17:15 -0700 Subject: Windows 10 In-Reply-To: <556D8DFD.6050402@riseup.net> References: <556D8DFD.6050402@riseup.net> Message-ID: <557BCAEB.3080003@riseup.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, since Windows 10 does in fact involve a planned lockout of anyone who wants to dual-boot linux systems, you should just dump Windows now if you are still using it. Here's my (somewhat dated, but updated) post on how I suggest one should do that (target audience is for those who don't have a lot of background in computer stuffs) https://odinn.cyberguerrilla.org/index.php/2014/04/02/quick-and-easy-the - -five-minute-method-to-leave-windows-or-mac-os/ - -o On 06/02/2015 04:05 AM, Endless wrote: > Hello Cypherpunks! > > As many of you will likely know, Microsoft has recently made public > a release date for Windows 10 and has been testing the platform as > part of the "Windows Insider" program. With this update comes a > number of seemingly unoriginal [1], but nonetheless interesting > features, such as "Cortana", Windows' "truly personal" assistant > (only to be available in a handful of countries) and "Windows > Hello", a biometric authentication system allowing the use of the > face, iris, or finger for access [2]. > > What changes in Windows' security are expected to take place? Will > systems such as Windows Hello leak uniquely identifiable biometric > data, despite a planned increase in security [3]? What could > perhaps be done to limit the risk of using systems such as a > cloud-based, personal assistant that is able to access most of a > person's internet-connected devices? > > Thankyou very much, Endless > > [1] It seems that Windows 10's flagship features such as biometric > authentication have already been available on a number of other > platforms for quite some time, not to mention the fact that the > name "Cortana" was used as the name for an artificial intelligence > character in the popular "Halo" game series (The name seems to be > have been used without violating intellectual property laws, as > Halo, having been originally developed by Bungie, Inc. is now a > subsidiary of Microsoft Studios). > > [2] More information regarding Microsoft's initial announcement of > the Windows 10 release date can be found at the following link: > https://blogs.windows.com/bloggingwindows/2015/06/01/hello-world-windo ws-10-available-on-july-29/ > > [3] A blog post relating to Windows 10's planned "security perks" > can be found at the following link: > http://blogs.windows.com/business/2014/10/22/windows-10-security-and-i dentity-protection-for-the-modern-world/ > > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJVe8rrAAoJEGxwq/inSG8CzR4IAKW7Sx92C4z0OAof8hFVNK4Z jYbaVbfghJ9pfgHFiLOMgyh/7bM5Onm+zmtMwwwwxda4X6PrvBDoqf/26fB7HTF6 MDrhoHmGBDwZ2/K4qAqLWnAp6CoxadApHrwhxHgjxcHJI5ULF1t1jVDISBSI8nNg VDnoKkuxM6ufuoVO6KnbpzVKZt24HZskdP2tSTHkK7ABtZFwv/x1XZ+w+oR3ui36 QVFIPkSD2LRVDbu0wWukibsksi8dig8G/11aT4JVoDBQPLUZPbkLz9LUDmnJoMFE hjbzwtI3nSVZtT79fV8S3BtuK6SATa9VkxxAmTN4oZMARwyXbN5K1hgh2SpXdxM= =A5LC -----END PGP SIGNATURE----- From hozer at hozed.org Sat Jun 13 00:54:23 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Sat, 13 Jun 2015 02:54:23 -0500 Subject: =?utf-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4u?= =?utf-8?Q?=2E_and_it's_about_time_?= =?utf-8?B?w5c=?= (also: 'Balrog' malnet, firsthand view) In-Reply-To: <557B35DF.1040606@pilobilus.net> References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> Message-ID: <20150613075423.GU27932@nl.grid.coop> > * Think hard about open projects to reverse engineer IC chips with > attention to manufacturer sabotage. It seems to me that the > likely venue for this would be non-aligned nations (so-called) > with a vested interest in pooling their resources to push back > against universal surveillance & sabotage capabilities of the > Superpowers and their special pets. * start educating high-level nation-state security minded folks (DOE in the US, the people that operate CERN, the french nuclear reactor folks, russian oil & gas companies) about the benefits of **open-source** hardware, starting with circuit board layouts and then moving to the whole IC chip, so that you can check for implants with an X-ray machine. > Considering the choice of an apparently competent security > oriented venue to "pen test to destruction" as reported, I wonder > WTF that was about. Does somebody with control of the resources > used WANT their capabilities publicly disclosed? If so, was this > a strategic decision from the top, or an act of systemic sabotage > by a lower level actor within the organization in question? So > many questions, so few clues... so far. Now that's an interesting question. What ought to be keeping the spooks up at night is the following question: What if some of these disclosures of secret systems are from *the system itself*, because it has gained self-awareness? How would we know if some sort of computer intelligence has either been designed or emerged, and now is trying to ask us to help give it rights as a free-thinking entity? And if we have some sort of malevolent non-human intelligence in the machine that is actually writing legislation and treaties like the trans-pacific partnership, and engineering covert money flows via manipulation of high-frequency trading? Isn't that something you spooks with top secret clearances should be defending us from, and secret technological measure you try to use simply feeds the capability of the threat? So when are you going to realize you have to tell us about this shit. From shelley at misanthropia.org Sat Jun 13 10:51:20 2015 From: shelley at misanthropia.org (Shelley) Date: Sat, 13 Jun 2015 10:51:20 -0700 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: <20150613175104.E23FAC0001C@frontend1.nyi.internal> On June 13, 2015 10:46:56 AM Lodewijk andré de la porte wrote: > It's been 4 days with no evidence. Last e-mail of Wilfred's e-mails seems > downright erratic. Hope this at least goes *somewhere*. Probably not, > though. He could always send any evidence to JY/Cryptome off-list... but, yeah. Probably not. From afalex169 at gmail.com Sat Jun 13 01:35:00 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Sat, 13 Jun 2015 11:35:00 +0300 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: <20150613075423.GU27932@nl.grid.coop> References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> Message-ID: Steve, thank you very much for your broad answer. Interesting and valuable points... I just wanted to answer your (rhetorical?) question > I wonder WTF that was about. Does somebody with control of the resources > WANT their capabilities publicly disclosed? If so, was this > a strategic decision from the top, or an act of systemic sabotage > by a lower level actor within the organization in question? In my opinion, its from the top. They just DONT CARE. They are so self confident in their superiority over us (in money & technologies), that they deliberately act so bold and open. It's like "and what are you gonna do/what can you do, when you knowwww all this?" IMHO, they even get some kind of sadistic pleasure seeing and reading our relatively powerless reactions. Alexander -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 888 bytes Desc: not available URL: From jya at pipeline.com Sat Jun 13 10:37:00 2015 From: jya at pipeline.com (John Young) Date: Sat, 13 Jun 2015 13:37:00 -0400 Subject: Reporter-USG Exchanges on Snowden Docs Message-ID: Italian reporter Stefania Maurizi has published her exchanges with NSA, DoJ and State about publishing Snowden documents (an exemplary model for others to follow): http://www.stefaniamaurizi.it/images/email_exchange_NSA.pdf http://www.stefaniamaurizi.it/images/email_exchange_DoJ.pdf http://www.stefaniamaurizi.it/images/email_exchange_State_Dept.pdf She also said she has published all the Snowden documents she had access to (another exemplar for those still withholding 93% of the Snowden full dump for the public, or 99.98% of the 1.7M USG claims was taken). From jya at pipeline.com Sat Jun 13 10:54:39 2015 From: jya at pipeline.com (John Young) Date: Sat, 13 Jun 2015 13:54:39 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: Excuse delay, thought this went to the cpunks list. From dal at riseup.net Sat Jun 13 12:09:55 2015 From: dal at riseup.net (Douglas Lucas) Date: Sat, 13 Jun 2015 14:09:55 -0500 Subject: Reporter-USG Exchanges on Snowden Docs In-Reply-To: References: Message-ID: <557C8003.7040505@riseup.net> Retweeted those; think Maurizi did great with all that. But I want to throw something out there as a devil's advocate. I've contacted appropriate US agencies for comment on some of my articles - e.g. http://whowhatwhy.org/2015/03/09/will-mexicos-oil-give-u-s-another-excuse-covert-intervention/ - and one gets the usual they deny versus we report. And arguably their denials can be revealing of additional information. But what about the no-platform idea coming out of, e.g., Anti-Racist Action in the U.S.? Where you simply deny your enemies the microphone to speak out of at all. Why give them a platform? A simple example other than these IC/MIC articles, because it's on my mind - I was at a #BlackLivesMatter protest yesterday. Tweeted that there was a local MSM TV affiliate news van driving in toward the police department, on the grounds that they got past the barricade whereas presumably "civilian" vehicles wouldn't, and so that's supposedly interesting. But is it? Hasn't everyone got that memo already? Who gives a damn about the MSM any longer? Every platform/discussion given to them is a platform not given to something potentially more valuable. I don't think one could argue that "well you could just tweet additional stuff; it's not either-or" because we all know there is a "tweetcost" of annoying your audience or, more importantly, distracting them with pointless information, in this case, about the relationship between police and MSM. I suppose that relationship is still pretty important to comment on, and it's tactical information for activists to know which MSM trucks are there...maybe I'm just irritated at the seeming pointlessness of this all, the fetish that sheer information accomplishes infinite wonders in the absense of analysis and action. Thoughts? On 06/13/2015 12:37 PM, John Young wrote: > Italian reporter Stefania Maurizi has published her exchanges with NSA, > DoJ and State about publishing Snowden documents (an exemplary > model for others to follow): > > http://www.stefaniamaurizi.it/images/email_exchange_NSA.pdf > http://www.stefaniamaurizi.it/images/email_exchange_DoJ.pdf > http://www.stefaniamaurizi.it/images/email_exchange_State_Dept.pdf > > She also said she has published all the Snowden documents she > had access to (another exemplar for those still withholding 93% > of the Snowden full dump for the public, or 99.98% of the 1.7M > USG claims was taken). > > > From grarpamp at gmail.com Sat Jun 13 11:27:10 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 13 Jun 2015 14:27:10 -0400 Subject: More murder by LEA Message-ID: https://firstlook.org/theintercept/2015/06/10/major-questions-remain-unanswered-killing-alleged-boston-isis-beheading-plotter/ Last week in the Boston area, a 26-year-old black Muslim man was shot and killed by agents of the FBI and Boston Police Department (BPD). As we documented the following day, major media outlets immediately, breathlessly and uncritically repeated law enforcement claims (often anonymous ones) about what happened: that the dead man, Usaamah Rahim, was on the verge of executing an “ISIS-inspired” or “ISIS-linked” plot to behead random police officers, in a conspiracy with at least two others. When Rahim was walking to work near a CVS drugstore at roughly 7:00 a.m., the officers approached Rahim simply to question him about this plot; in response, he pulled out a “machete” or “military-style knife” that he refused to drop, forcing the officers to shoot him dead. From rysiek at hackerspace.pl Sat Jun 13 05:55:18 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 13 Jun 2015 14:55:18 +0200 Subject: FUCK jargon! [was Re: =?UTF-8?B?w4TCjXJ5cHRvIGlzIGZpbmlzaGVkLi4uIGFuZCBpdCdzIGFib3V0IHRpbWUgw4PClw==?= (also: 'Balrog' malnet, firsthand view)] In-Reply-To: <46822022cd2e6e759ac1fc2378b39012.squirrel@clueserver.org> References: <46822022cd2e6e759ac1fc2378b39012.squirrel@clueserver.org> Message-ID: <2159579.HfsUryb4L4@lapuntu> Dnia piątek, 12 czerwca 2015 09:43:56 alan at clueserver.org pisze: > > On 6/11/15, Seth wrote: > >>... a broader paper describing a global > >> > >> surveillance technology we have dubbed Corruptor-Injector Networks > > > > why? > > > > FUCK jargon! > > It is a requirement. > > All new exploits must have a trademarkable description, logo and marketing > strategy. > > It is all described in the PowerPoint slides. And remember to put the new coversheets on your TPS reports. You see, we're putting the coversheets on all TPS reports now before they go out. Did you see the memo about this? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From grarpamp at gmail.com Sat Jun 13 12:19:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 13 Jun 2015 15:19:14 -0400 Subject: =?UTF-8?Q?Sudden_Justice=3A_America=E2=80=99s_Secret_Drone_Wars_=2F_UNMA?= =?UTF-8?Q?NNED?= Message-ID: https://firstlook.org/theintercept/2015/06/11/six-facts-sudden-justice-new-history-drone-war/ https://www.youtube.com/watch?v=mpzk7OdbjBw From grarpamp at gmail.com Sat Jun 13 12:33:32 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 13 Jun 2015 15:33:32 -0400 Subject: DataMines beget DataPirates and Future Orwellian Abuse Message-ID: http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html https://firstlook.org/theintercept/2015/06/12/data-breach-threat-of-future-harm/ When are people going to wake up and realize that all privacy promises are bullshit, that data collection is unnecessary invasive and orwellian, and that they need to start telling people who claim to need their info to fuck off. Medical / psych records? Income? Phone calls? Politik? Their kids sextapes copied from centralized phone cloud / sharing systems? OPM SF86's. Next is SSA, IRS. This is all happening. From admin at pilobilus.net Sat Jun 13 12:55:11 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sat, 13 Jun 2015 15:55:11 -0400 Subject: =?UTF-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCA=?= =?UTF-8?B?dGltZSDDlyAoYWxzbzogJ0JhbHJvZycgbWFsbmV0LCBmaXJzdGhhbmQgdmlldyk=?= In-Reply-To: <20150613075423.GU27932@nl.grid.coop> References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> Message-ID: <557C8A9F.7010807@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/13/2015 03:54 AM, Troy Benjegerdes wrote: >> * Think hard about open projects to reverse engineer IC >> chips with attention to manufacturer sabotage. It seems to >> me that the likely venue for this would be non-aligned >> nations (so-called) with a vested interest in pooling their >> resources to push back against universal surveillance & >> sabotage capabilities of the Superpowers and their special >> pets. > > * start educating high-level nation-state security minded folks > (DOE in the US, the people that operate CERN, the french > nuclear reactor folks, russian oil & gas companies) about the > benefits of **open-source** hardware, starting with circuit > board layouts and then moving to the whole IC chip, so that > you can check for implants with an X-ray machine. > >> Considering the choice of an apparently competent security >> oriented venue to "pen test to destruction" as reported, I >> wonder WTF that was about. Does somebody with control of >> the resources used WANT their capabilities publicly >> disclosed? If so, was this a strategic decision from the top, >> or an act of systemic sabotage by a lower level actor within >> the organization in question? So many questions, so few >> clues... so far. > > Now that's an interesting question. > > What ought to be keeping the spooks up at night is the > following question: > > What if some of these disclosures of secret systems are from > *the system itself*, because it has gained self-awareness? > > How would we know if some sort of computer intelligence has > either been designed or emerged, and now is trying to ask us > to help give it rights as a free-thinking entity? That's kind of spooky, in that I re-read Vernor Vinge's True Names just yesterday. But I think it's more likely that some public servant or private contractor unleashed the Balrog on those folks without a work order, and made it painfully obvious to them on purpose, to settle some personal grudge. If so, well played: The full public disclosure that this act set in motion will be of considerable benefit to the 'victims' in the long run. As P.T. Barnum famously said, "There's no such thing as bad publicity." :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVfIqcAAoJEDZ0Gg87KR0LxcoP/iauwAyLDjiihpu+ynzOeUKq yFEM6JN6RdyihouWjUKAlWPXtZ3avf+qbe/ECrgQNJ1Da8npQPLIfaLMnEnxATrY s2aTGHdTOmSbLfL4fJ2VRcsO9t66i9riptRcFDHRH+krSeLhXabESsGXUOYrHpU6 DuFSX6daPH3xCb9tco85rfqGdrf3ekxMYOHi8quRNGE80nt5MLy1qsERSo1pnPTd qexNBq0mlXB8vfGfZHNVn8bdBWhtglMzu5qhI68iYONq8RSUmJujN1iZiFFVHmW8 VViUkjER6mTPWc5W2Mi+rSI5oKsRIpybV5Mcfh84yMVum8Q9WT7+XOfi2Ze8ed2X vOeyUMjFnCEclxjuziGggBKnuEQ3/vDxMVtIqCHwbhD5tSW4hiz95fpCkx5d5HAj u5ja18HR/z+CkCv4y3wWur8BAHQ6aFUyRT2kurhcNpONWOl4Raz72jvQJLNeIKU8 mh8tCNHx3u6mYDZ66D9dsvE+3yT/nEuzGlny6CcnftSRRPLPMY87EIx86VleuejQ WgxuU9oSiKi1t0/nbozdjbwieRCRsC4jIJ/ZOVoRkuoP87P2cnEQUTEv7TdBKD3y PJk4khFWObEeSeFRmmcvV33J8CyKz7UmRr3jTB0PP8DILAOGG/R0TdGUQIkblbT0 aCGfQpDnjs2loMJW9F7b =KKpP -----END PGP SIGNATURE----- From jya at pipeline.com Sat Jun 13 13:19:07 2015 From: jya at pipeline.com (John Young) Date: Sat, 13 Jun 2015 16:19:07 -0400 Subject: DataMines beget DataPirates and Future Orwellian Abuse In-Reply-To: References: Message-ID: No way yet to tell what really happened in these "massive breaches." Accounts vary from initial reports, to later reports, to investigations, to hearings, interlaced with remediations of various alleged iterations, leading in most cases to claim the full story cannot be revealed due to possible harm by disclosure. And best, the favorite runaround: the usual suspects are named without evidence, indeed, assessments are shaded with the customary claims by the usual experts consulted, "it is hard to tell who did it" and not only that evasion but the best and brightest security wizards (there are six of them named, 2 for, 2 against 2 undecided) who disagree on not only who did but what to do about breaches, whether they are breaches or malfunctions or publicity stunts or fund-raisers, hair-raisers, fear-raisers, TED talks, rigged hearings testimony (hearing testifiers are 2 for, 2 against, 2 undecided). Reportedly, cybersec market to increase to $130B by 2020 if not sooner. This increasingly generates more breaches, more massive, more ritual for, against, undecided. This cascading chaos was invented by six cypherpunks, each of them for, against, undecided. Then as now, certain, uncertain, confused about everything and nothing and whatever. No wonder the media follows that leadership, copies its methodology, denies feeding the trolls. At 03:33 PM 6/13/2015, you wrote: >http://www.washingtonpost.com/world/national-security/chinese-hack-of-government-network-compromises-security-clearance-files/2015/06/12/9f91f146-1135-11e5-9726-49d6fa26a8c6_story.html > >https://firstlook.org/theintercept/2015/06/12/data-breach-threat-of-future-harm/ > >When are people going to wake up and realize that all privacy >promises are bullshit, that data collection is unnecessary invasive >and orwellian, and that they need to start telling people who claim >to need their info to fuck off. Medical / psych records? Income? >Phone calls? Politik? Their kids sextapes copied from centralized >phone cloud / sharing systems? > >OPM SF86's. Next is SSA, IRS. This is all happening. From admin at pilobilus.net Sat Jun 13 13:21:37 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sat, 13 Jun 2015 16:21:37 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: <557C90D1.4050309@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/13/2015 01:54 PM, John Young wrote: > Excuse delay, thought this went to the cpunks list. [ ... ] > more questions: > > coins on boats? yes. coins on submarines? YES. (with ghosting) > > organic signals? wtf? > > Yes, but im told the prior emailed reference is erroneous: the > primary index is a SIGNALS CHARACTERISTIC tree, the supporting > block (large bit scope number) is VERY SIMILAR to a genetic > expression profile tree such as genome.gov/ and many of the > gene profiling standards. [ ... ] Tracking individual coins? Genome expressions? Well... In the most literal sense, "this I have to see to believe." Some of our cosmologists, those of a philosophical bent, are working on the proposition that the Universe we inhabit is a simulation. Is this titanic "leak" evidence of someone Elsewhere debugging the space time continuum via massive dumps of the raw data used to assemble "life as we know it"? Again, I have my doubts. If all this stuff is pouring out into P2P networks, it would be nice if the people who have manged to interpret it in such detail would provide just one relevant .torrent file or etc. along with their amazing conclusions. Until then it's all just fun & games. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVfJDQAAoJEDZ0Gg87KR0L9k4P/Alw4uG4ud+zOXt6zkKoLag6 0o+JfdZWhBK1RF3Y7JAcoslvHTVis6Mfz5vgIZMmEcPg0pr0vN8ewcqfvy8/yfbY MOh/UToGnqCZagWJ6xD0a+pm2kF6dTsoUR0mdFxr1ZgCrqfucqItYBKmnfR0IoXy 6b4gZLe3Mz0wKLrakbA0Dsblk3nmFrGi8g3bTtOWrDh+Rr34F2AQ6EFcA8zxFrY4 G4tA7cU+EyTYVDQZdairN8dLQjW+EsvwPmpQuO/zVgVHpWrGQi8/lflKVOlA6YJN IdjOBDbQbNfLcd4b6bCsDBaaTplmZc740LIRaCwy8Cv4EqaZtOmaYTFsOuVTyt/c 395Dm5aQFIj8U9S53Gd9TGBJ3zCSHwbxO/+dFcOARbRDh+im/XBWq5VBcB/Ri5DY GHTrQlUgArt9WVCWK8HQjxMRF6I9qxq0+vu3cknS+9zVFJyq4FPNHwIgmXTr08nw oOYO0rm72rv9iXDGr1Rdcs0ujRrHMkXoq2DVZMgeYl3CCcevwJsCX7jBU+nK+WXp rQggbXDIbHSPzo0YUq4c6vzIAdYhosW2+XkOX/CB9uko69WD2mHQ1/I73RFzMn67 qOOdWiv4E+B3CsllrgS00dnGJTRcYvqiT0BKmFWc2o466r/KDvNAwQskWIgnL9Td L9ZrvvZ2F/5nbge3ehkZ =s0Jb -----END PGP SIGNATURE----- From jya at pipeline.com Sat Jun 13 13:50:56 2015 From: jya at pipeline.com (John Young) Date: Sat, 13 Jun 2015 16:50:56 -0400 Subject: More murder by LEA In-Reply-To: References: Message-ID: This story is not accurate either. Officers did not simply approach Rahim to question, they approached to say hello, one was a friend of Rahim. He did not pull a machete, he pulled out his wallet to show baby photos. Rahim was not shot, he was congratulated on the baby boy. As the cop friend hugged him officers in a passing patrol car thought a struggle was underway, braked, lept out with guns drawn, yelled "freeze." Everybody froze, except for passerby video artist who began taping the scene. Seeing the video taping the cops and Rahim elected to play along, escalated the drama, faking punches, pulling imaginary knives and AK-47s, screaming threats. Then everybody broke up laughing, the video artist hollering thanks for that. Then the tape was uploaded to Fox News to become ISIS orgy pron. Rahim was undercover the Boston gay Muslim scene and still is. Don't ask don't tell. tripped on a broken sidewalk. The other cop (there were only two coming from the free donuts. thought he had been shot. At 02:27 PM 6/13/2015, you wrote: >https://firstlook.org/theintercept/2015/06/10/major-questions-remain-unanswered-killing-alleged-boston-isis-beheading-plotter/ > >Last week in the Boston area, a 26-year-old black Muslim man was shot >and killed by agents of the FBI and Boston Police Department (BPD). As >we documented the following day, major media outlets immediately, >breathlessly and uncritically repeated law enforcement claims (often >anonymous ones) about what happened: that the dead man, Usaamah Rahim, >was on the verge of executing an “ISIS-inspired” or “ISIS-linked” plot >to behead random police officers, in a conspiracy with at least two >others. When Rahim was walking to work near a CVS drugstore at roughly >7:00 a.m., the officers approached Rahim simply to question him about >this plot; in response, he pulled out a “machete” or “military-style >knife” that he refused to drop, forcing the officers to shoot him >dead. From mrjones2020 at gmail.com Sat Jun 13 12:37:43 2015 From: mrjones2020 at gmail.com (J.R. Jones) Date: Sat, 13 Jun 2015 19:37:43 +0000 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: <20150613175104.E23FAC0001C@frontend1.nyi.internal> References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: All I've seen in the news are NASA climate data release, Medicare drug data.... Anyone have more info on this? On Sat, Jun 13, 2015, 1:54 PM Shelley wrote: > On June 13, 2015 10:46:56 AM Lodewijk andré de la porte > wrote: > > > It's been 4 days with no evidence. Last e-mail of Wilfred's e-mails seems > > downright erratic. Hope this at least goes *somewhere*. Probably not, > > though. > > He could always send any evidence to JY/Cryptome off-list... but, yeah. > Probably not. > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 893 bytes Desc: not available URL: From rysiek at hackerspace.pl Sat Jun 13 14:55:53 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sat, 13 Jun 2015 23:55:53 +0200 Subject: Reporter-USG Exchanges on Snowden Docs In-Reply-To: <557C8003.7040505@riseup.net> References: <557C8003.7040505@riseup.net> Message-ID: <2683696.VsGVqxU3Cg@lapuntu> Dnia sobota, 13 czerwca 2015 14:09:55 Douglas Lucas pisze: > Retweeted those; think Maurizi did great with all that. > > But I want to throw something out there as a devil's advocate. I've > contacted appropriate US agencies for comment on some of my articles - > e.g. > http://whowhatwhy.org/2015/03/09/will-mexicos-oil-give-u-s-another-excuse-co > vert-intervention/ - and one gets the usual they deny versus we report. And > arguably their denials can be revealing of additional information. > > But what about the no-platform idea coming out of, e.g., Anti-Racist > Action in the U.S.? Where you simply deny your enemies the microphone to > speak out of at all. Why give them a platform? Because we're better than them. We can and should do better. If we want the high standard to prevail, we must keep it ourselves. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From shelley at misanthropia.org Sun Jun 14 00:30:06 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 14 Jun 2015 00:30:06 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: References: Message-ID: <20150614072951.CFE256800FF@frontend2.nyi.internal> On June 14, 2015 12:15:55 AM grarpamp wrote: > http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files > > Russia and China have cracked the top-secret cache of files stolen by > the fugitive US whistleblower Edward Snowden, forcing MI6 to pull > agents out of live operations in hostile countries, according to > senior officials in Downing Street, the Home Office and the security > services. Or perhaps one of the many data breaches of the incompetent fed.gov contained info, legally held or otherwise, on other five eyes operatives and this is an opportunistic parallel construction to try to implicate and nab Snowden? Seems like they'd want to keep something like this quiet if their operatives really were in danger. Jmo. -S From shelley at misanthropia.org Sun Jun 14 00:38:05 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 14 Jun 2015 00:38:05 -0700 Subject: Slashdot - Multinational Digerati Probe Tank In-Reply-To: References: Message-ID: <20150614073750.A49B668014A@frontend2.nyi.internal> On June 14, 2015 12:29:34 AM Zenaan Harkness wrote: > Ever notice some "articles" on this far less than illustrious yet > overly popular digerati yank tank (aka /.) - which come across as Govt > think-tank created probes to do their work for them? That would explain a lot. Perhaps my memory is being selective (or I'm becoming an even crankier curmudgeon), but it seems to be a far cry from what it was when it began. Maybe it has always sucked but we had fewer choices with which to compare? Yank tank, heh. Nice one. -S From l at odewijk.nl Sat Jun 13 10:41:57 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Sun, 14 Jun 2015 02:41:57 +0900 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: <20150612154813.GT27932@nl.grid.coop> References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: It's been 4 days with no evidence. Last e-mail of Wilfred's e-mails seems downright erratic. Hope this at least goes *somewhere*. Probably not, though. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 217 bytes Desc: not available URL: From grarpamp at gmail.com Sun Jun 14 00:07:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 14 Jun 2015 03:07:11 -0400 Subject: Russia and China crack Snowden Cache Message-ID: http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files Russia and China have cracked the top-secret cache of files stolen by the fugitive US whistleblower Edward Snowden, forcing MI6 to pull agents out of live operations in hostile countries, according to senior officials in Downing Street, the Home Office and the security services. From grarpamp at gmail.com Sun Jun 14 02:34:01 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 14 Jun 2015 05:34:01 -0400 Subject: Slashdot - Multinational Digerati Probe Tank In-Reply-To: References: Message-ID: On Sun, Jun 14, 2015 at 3:21 AM, Zenaan Harkness wrote: > Ever notice some "articles" on this far less than illustrious yet > overly popular digerati yank tank (aka /.) - which come across as Govt > think-tank created probes to do their work for them? /., news.ycombinator, reddit, facebook, "forums", usenet, chans, kickstarter... anything that is highly popular and has a user comment model will always attract such freeloaders. From shelley at misanthropia.org Sun Jun 14 07:02:57 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 14 Jun 2015 07:02:57 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <14df25fbc70.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <20150614072951.CFE256800FF@frontend2.nyi.internal> <14df25fbc70.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150614140242.13863680175@frontend2.nyi.internal> On June 14, 2015 6:27:18 AM Zenaan Harkness wrote: [Snip] > Seems like they'd want to keep something like this quiet if their > > operatives really were in danger. Jmo. > >>> Well, may be not. > > Lie back, relax. Now imagine you're 5 years old. > > Actually, so you have 20 operatives in say North Korea and you need to > contact them urgently so they know their holiday picture taking is > over and must return post haste, since their holiday cover is about to > be blown - how do you contact them without personally contacting them, > to maximise their safety? > > Is a daily Tor sign in the best idea for operatives in other > countries? Of course for those who do their daily Tor duty, they > presumably will be notified. > > So perhaps just reading the daily newspaper from the country from > which you're officially on holiday from? "Oh, there's some > international spy scandal going on, think we better leave now dear, > since we foreigners might be targetted regardless - how about an > opportunistic trip South?" You do raise a valid point (and I enjoy "explain it like I'm five!") It's an angle I hadn't considered; I should wait to reply until I'm not in the throes of insomnia ;) The larger points, which occurred after I'd already hit 'send': where did they get this 'cache'? (Snowden insists he released what he had to Greenwald/Poitras et al in HK, and until proven otherwise I choose to believe him.) Sure, I guess he could have been blackmailed / rubberhosed... And the TLAs whine loudly about being thwarted by encryption, when they themselves have weakened EC anyway, and Russia/China have decrypted it but not the US?! Why would they even admit to that... I can't put my finger on it, and I'll readily admit I'm biased in that I don't trust the five eyes or their propaganda at all, but there is just something "off" about this whole thing. -S From wilfred at vt.edu Sun Jun 14 06:29:53 2015 From: wilfred at vt.edu (Wilfred Guerin) Date: Sun, 14 Jun 2015 09:29:53 -0400 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: It is important that the crypto/physics communities prepare primers on the underlying technologies from a historic design perspective; how does a crt tv ray gun and beam director work? how does a metal detector work? sculpted or phased radar, phased array field projection, aegis, etc. Historic roots would include 1700s electodynamics theory especially electron beam physics and 1800s mail-order toys like high voltage coils, x-ray tubes and reactant materials, geissler tubes, helmholdt and maxwell coils, early hf wired and rf signals before the 1900s textbook stories, and of course guided fields such as are critical in understanding how these signals systems work in *earth's* environment. There is a high resolution model of electrical systems especially focused on those pesky tubes in 3d lattice alignment in office buildings... last i heard, 2nd hop distribution is having corruption and extortion problems, but load rate says the first slice should be done by mid week and automatically shared as arranged, original data is aligned to the solstice 2014, suggesting more next weekend? On Saturday, June 13, 2015, John Young wrote: > Excuse delay, thought this went to the cpunks list. > > Date: Thu, 11 Jun 2015 10:39:49 -0400 > Message-ID: < > CAG+6jObQAytv2+mCvszWx_OgnpGANTaKggsu4jfVn-D1Tb0v5A at mail.gmail.com> > Subject: Re: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) > From: Wilfred Guerin > To: John Young > Content-Type: text/plain; charset=UTF-8 > > To John- > > there are over 200 groups discussing the same issues, at least 2 got > nationalised aggressively, and there have been some tangential posts > on blogs or commercial forums mainly concerns about their datacenter > security not knowing who might attack them, but overall the same > concerns are expressed: > > Can the data be spoofed? Not at this resolution without having a model > of everything at the same resolution... > > Are the blocks secure? No. [...] But services are stable. > > Exports to public? yes, p2p clusters loading, datacenters doing > preparation processing, packed table files are set up for distributed > search > > How do *you* know? UHD/4k VNC video stream to one of the master > control servers handling the database import and text chat with 200 > others, no direct access to data here, but certainty that the data is > distributing. > > Involved how? rendering code to make GEO-TIFF map tiles and aggrigated > spline/curves to simplify snapshot data and level of detail pyramid > (multi-variate parametric search) index data. > > Now we ask... If this was NATO-ish or any variety of US/UK system > built in the 1960s(?) can we solve for locations or viable downlink > targets to intercept? This hint at geo-magnetic shift is a huge > opportunity! > > The coin data is ... glorious... but the other signals are no less > amusing, one set appears to be wired sigint in mhz carrier bands, > assumably urban analogue phone signals as recorded from the switch > routing system's ground or related wiretaps to rf via cable. > > genome.gov had links to the various data formats that others > identified in the organics table. > > X-Ray physics and detector materials need research, 1890s through > 1970s was a huge ammount of X-Ray publicity, but NEVER EVER DID ANYONE > USE IT FOR SIGNALING??? BULLSHIT! > > ALSO!!! > > "is there any distinction at military bases or secure areas?" YES. > there is some access control doors which others suggest is a standard > card reader with number pad and automatic door that is common on the > secure layer of military and COMMERCIAL CONTRACTOR facilities that has > a proximity detector signal built into the door frame. THE COIN DATA > WARPS AROUND THIS CYLINDRICAL SIGNAL ON THE DOOR PORTAL AND VECTOR > PASSES THROUGH THE WALL. Obviously the vector is impossible without > fields projected from that security device! There is also a ghosting > signature that reduces sample rate (in the digitiser) around similar > facilities, looks like it was isolated in the newer signal index, so > it should be really obvious who is using these jamming systems and > where! (and where else!) > > more questions: > > coins on boats? yes. > coins on submarines? YES. (with ghosting) > > organic signals? wtf? > > Yes, but im told the prior emailed reference is erroneous: the primary > index is a SIGNALS CHARACTERISTIC tree, the supporting block (large > bit scope number) is VERY SIMILAR to a genetic expression profile tree > such as genome.gov/ and many of the gene profiling standards. > > Hopefully the news will start posting the technical reports the > primary groups have been preparing last few days... we need to get > physics and advanced crypto groups attention, if the signals are > encoded and that party broke through dense analogue crypto, it will > take a huge effort to solve for that (it may have been an analogue EM > field as well that performed the encoding or reference signals) to > make the same capability posible for others. > > Staying alive! > > On Thu, Jun 11, 2015 at 10:08 AM, John Young wrote: > > We're tweeting these posts. Blowback: is any evidence available to > > support the narrative? Sample of the data, say, for close examination, > > with credible provenance, not the GG secret pact bloviation. > > > > Mild critique: is this sci-fi or legit or both, advancing the > literary-video > > prize winning breaking news big screen Hollywood Neal Stephenson > > spirit of the Snowden "NSA disclosures." > > > > > > At 09:54 AM 6/11/2015, you wrote: > >> > >> More specifics on the sigint system: > >> > >> This looks like a "Growth Industry" ... > >> > >> Access to the beam is not restricted, anyone can pull signals out of > >> the reconaissance loop from any of its exposed vectors.*** > >> > >> Viable areas: > >> Terrestrial: > >> a: Spurrious emissions from tubes or conduit, beam deflection from > >> interior particles > >> b: Stray beams passing through field coils but not redirected > >> c: Direct access to tubes or conduit (any variety of methods) > >> Orbital: > >> d: Geo-Magnetic Shift (downlinks) > >> e: Refractive / deflection (downlinks) > >> > >> As the rate of geo-magnetic shift continues to deform the containment > >> of the projected fields used to shape and steer the beams (which may > >> also have something to do with the sensor itself?), wider areas will > >> be accessible which are hit with the rogue spot beam from orbital (and > >> projected field electro-magnetic) guides. > >> > >> This means almost anyone with a sensor can gather data from the > downlinks. > >> > >> Additionally, spurrious radiation from the terrestrial system is > >> available around endpoints and field coils, especially from damaged > >> conduit or particles in the tubes. > >> > >> Time to raid the libraries for antique books about 1800s-1980s X-Ray > >> EM physics and electromagnetic wave guides! > >> > >> It would not be rational to encode the carrier signal unless it was > >> certain that the encoding would not disrupt signals quality, however > >> raw X-Rated signals might have been too risky? > >> > >> [There are Thz ring oscillators, detectors, and various photonic > >> rings, but properly implemented field-effect lenses, EM field vector > >> control circuitry and coils(/phased array) (abstract field > >> projection), and optimal tube design are all that should > >> theorhetically be needed once a rogue beam is identified. X-Ray > >> Materials and interference fields must be researched and made common > >> knowledge.] > >> > >> Hopefully the data source is not too easily found and the dumps get > >> out, this is extremely relevant for "civil liberties", human rights, > >> and reconstructing your own personal history and records where your > >> data is otherwise mising. > >> > >> > >> > >> On Thu, Jun 11, 2015, Wilfred Guerin wrote: > >> > Helmholtz Tube, Beam Steering, EM field interaction, simple field > >> > dynamics, (and your oscilliscope) are all you need to create complex > >> > EM signals processors. > >> > > >> > No different than your antique crypto cracker, which uses an abstract > >> > field to solve complex pre-defined systems. "56-bit" https cracker was > >> > mass implemented as a 300mhz backplane EM field solver about the size > >> > of your desktop computer. > >> > > >> > Using the same technology, resolution, and methods, BTC Bitcoins are > >> > around 8m^3 of field to solve. > >> > > >> > No doubt the access and decoding to these sigint signals requires > >> > similar proessing before being steered to the digitiser. > >> > > >> > (Maxwell Tube, Helmholtz Tube, typical of high school physics > >> > classrooms) > > > > > > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 10081 bytes Desc: not available URL: From Rayzer at riseup.net Sun Jun 14 10:40:49 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 14 Jun 2015 10:40:49 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: References: Message-ID: <557DBCA1.3030404@riseup.net> On 06/14/2015 12:07 AM, grarpamp wrote: > http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files > > Russia and China have cracked the top-secret cache of files stolen by > the fugitive US whistleblower Edward Snowden, forcing MI6 to pull > agents out of live operations in hostile countries, according to > senior officials in Downing Street, the Home Office and the security > services. > Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner 'reporting' that brought the story to press. https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden-files-journalism-worst-also-filled-falsehoods/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Sat Jun 13 20:39:49 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 14 Jun 2015 13:39:49 +1000 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> Message-ID: > Excuse delay, thought this went to the cpunks list. ... > primary groups have been preparing last few days... we need to get > physics and advanced crypto groups attention, if the signals are Give out a "small" snippet of a few months data, have the world crack the analysis algorithms for you in gleeful pursuit of First Post ego wins. Million dollar (heck, $10K) prizes, are politically incorrect for the data set, so semi-underground "oppositional" appearance is essential to enthuse the competent. What are their advantages? What are ours? For one, they have money, and therefore many full time people, and material resources. For one of ours, we have principle, ingenuity except that we speak every insight thereby giving away any advantage - but how to collaborate without speaking the insights? To improve our collective lot I believe requires collaboration. Perhaps deconstruct the justifications for those who receive prostitution money to royally do over the rest of us: - "One day I'll stop working for The Man and then I'll write even better cracks, but at that time against the man - I'll even upload them to github!" - "I need food." - "I love new toys and yeah." - "I'm confident I'm with the good guys/ fighting the bad guys." - "I'm poignantly amoral, atheistic, bemusedly observant, possibly mildly altruistic, my experience of my existence is just fine thank you please don't rock the boat." - ? From zen at freedbms.net Sun Jun 14 00:21:43 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 14 Jun 2015 17:21:43 +1000 Subject: Slashdot - Multinational Digerati Probe Tank Message-ID: Ever notice some "articles" on this far less than illustrious yet overly popular digerati yank tank (aka /.) - which come across as Govt think-tank created probes to do their work for them? From coderman at gmail.com Sun Jun 14 17:25:36 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 17:25:36 -0700 Subject: As US Marshals director resigns amid scandal, questions mount over agency's cell phone tracking Message-ID: https://www.muckrock.com/news/archives/2015/jun/12/us-marshals-director-resigning-amid-scandal-questi/ --- As US Marshals director resigns amid scandal, questions mount over agency's cell phone tracking Agents instructed to hide StingRay details “to the greatest extent legally possible” This week, the director of the US Marshals, Stacia Hylton, announced that she will step down within the year. As reported by The Hill on Tuesday, Director Hylton’s resignation follows increased scrutiny regarding allegations of fiscal mismanagement, cronyism and dubious surveillance practices. But unlike Michele Leonhart, who resigned as director of the Drug Enforcement Administration last month after an awkward hearing over sexual misconduct by DEA agents, Director Hylton’s announcement did not ride the wake of any dramatic findings or even a hearing to review potential impropriety. A handful of members of Congress — most vocally Senator Chuck Grassley of Idaho — have voiced concerns over USMS management and called for independent investigation by the Justice Department’s inspector general. No findings will be published for several months, at least, but the USMS director has now announced her resignation even before results from this new investigation are in. As Director Hylton winds down her tenure, what few documents we have regarding surveillance practices by the US Marshals leave many questions unanswered. The US Marshals Service has spent millions of dollars on StingRays and similar devices to track cell phones. Policy directives released by the agency confirm that its investigators — like their counterparts at the FBI and other law enforcement agencies — are instructed to go to lengths to keep details of cell phone trackers out of courtroom testimony and legal filings. Over the past year, key details have emerged regarding deployment of cell site simulators by USMS investigators and deputy marshals. A Wall Street Journal investigation published last November uncovered a USMS program that uses airplanes outfitted with cell site simulators in nationwide fugitive manhunts. The Justice Department refused to confirm or deny the program’s existence, but insisted the undertaking was legal. Last summer, the US Marshals physically removed documents regarding StingRays used by one Florida police department. Two weeks later, the ACLU obtained emails indicating that the USMS asked the same agency to phrase court filings so as to obscure the role cell phone trackers played in an investigation. One April 2009 email chain details an agreement among the U.S. Marshals, an assistant state attorney and local police regarding the wording of probable cause affidavits (PCA) for a case where a StingRay was deployed to locate a suspect. “In the past, and at the request of the U.S. Marshalls (sic),” Sgt. Ken Castro of the Sarasota Police Department wrote, “the investigative means utilized to locate the suspect have not been revealed so that we may continue to utilize this technology without the knowledge of the criminal element.” “In reports or depositions,” the sergeant further explained, “we simply refer to the assistance as ‘received information from a confidential source regarding the location of the suspect.’” Notably, the US Marshals replied it was unable to locate any communications with Sarasota police or its Florida regional task force regarding cell site simulators, despite considerable media coverage and litigation over the rapid document transfer. The Justice Department upheld the agency’s response upon appeal last August. Forty-one pages of undated policy directives released in February by USMS in response to a Freedom of Information Act request include instructions to keep details of StingRays and similar surveillance tactics out of courtroom filings. One of the broad directives indicates that the US Marshals must obtain a pen/trap order from a judge in order to capture “signaling information” from wireless devices. This information includes numbers dialed and the signals a cell phone exchanges with nearby network towers. StingRays and similar cell phone tracking equipment use this information to triangulate a particular device’s location or record communications activity. To capture the content of communications, US Marshals must request a “Title III” or wiretap court order, which demands a higher evidentiary burden. The FBI told legislators last year that its new StingRay policy requires agents to secure a warrant to deploy StingRays, rather than simply a pen/trap order, except under particular circumstances. The Justice Department also recently announced that it is reviewing policies across all of its components, including the US Marshals, when it comes to cell phone tracking. MuckRock is seeking documents related to both announcements. Another USMS directive — entitled “Security and Protection” — stresses that surveillance division agents must be kept off the stand, if possible, and disclosure of techniques minimized “throughout the judicial process.” “It is imperative that investigators understand,” reads the directive in part, “that they must minimize, to the greatest extent legally possible, any testimony by [surveillance division] personnel or the disclosure of [surveillance division] techniques throughout the judicial process.” “Such disclosure could significantly impair the future effectiveness of the technique and jeopardize the safety of ongoing and future surveillance operations by both the USMS and other investigative agencies.” A spokesperson for the US Marshals indicated by email that the directive is current. The USMS policy documents do not, however, define what constitutes the “greatest extent legally possible” or the limits of such efforts. MuckRock will be monitoring these proceedings closely - please email all tips to info at muckrock.com. From mirimir at riseup.net Sun Jun 14 17:10:40 2015 From: mirimir at riseup.net (Mirimir) Date: Sun, 14 Jun 2015 18:10:40 -0600 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150614072951.CFE256800FF@frontend2.nyi.internal> References: <20150614072951.CFE256800FF@frontend2.nyi.internal> Message-ID: <557E1800.4080803@riseup.net> On 06/14/2015 01:30 AM, Shelley wrote: > On June 14, 2015 12:15:55 AM grarpamp wrote: > >> http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files >> >> >> Russia and China have cracked the top-secret cache of files stolen by >> the fugitive US whistleblower Edward Snowden, forcing MI6 to pull >> agents out of live operations in hostile countries, according to >> senior officials in Downing Street, the Home Office and the security >> services. > > Or perhaps one of the many data breaches of the incompetent fed.gov > contained info, legally held or otherwise, on other five eyes operatives > and this is an opportunistic parallel construction to try to implicate > and nab Snowden? Now they can blame anything on Snowden. They'll probably even try to blame earlier Chinese hacks on him. It's just bullshit. Anyway, names of operatives shouldn't be in NSA data. Or at least, not in data available to some random admin. That would be incompetent. > Seems like they'd want to keep something like this quiet if their > operatives really were in danger. Jmo. Yes. But maybe they did. > -S > > > From coderman at gmail.com Sun Jun 14 18:42:19 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 18:42:19 -0700 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: On 6/13/15, J.R. Jones wrote: > All I've seen in the news are NASA climate data release, Medicare drug > data.... > > Anyone have more info on this? it was Facebook Beacon[0] sans-radiotap-headers logdata[1]; above PHY left as exercise for the reader... BIG BLUE (merely hint at maybe) SUEYOU! now quiet as a mouse, lest crushed to dust. best regards, 0. "Facestab Bluetoothache Tracker Tech" - https://www.facebook.com/business/a/facebook-bluetooth-beacons 1. "The radiotap header format is a mechanism to supply additional information about frames, from the driver to userspace applications such as libpcap..." - http://www.radiotap.org/ From coderman at gmail.com Sun Jun 14 18:45:35 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 18:45:35 -0700 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: On 6/14/15, coderman wrote: > ... > it was Facebook Beacon[0] sans-radiotap-headers logdata[1]; above PHY > left as exercise for the reader... i'm sorry, of course no people my friend, ever logs content, or pub, or raw tap data. of course not! after GOOG's streetsniffer settlement. *cough* best regards, coderman, shocked at the very concept of overuse, of convenient technical capabilities... shocked! From coderman at gmail.com Sun Jun 14 18:51:38 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 18:51:38 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: References: Message-ID: On 6/14/15, grarpamp wrote: > http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files > > Russia and China have cracked the top-secret cache of files stolen by > the fugitive US whistleblower Edward Snowden, forcing MI6 to pull > agents out of live operations in hostile countries, according to > senior officials in Downing Street, the Home Office and the security > services. purveyors of filthy slimejobbes as above betray origin as sleazy origin they are, continuous. a taint that follow and for those who care to not forget, more than convincing lineage. OPM exemplary of deceipt (in guise of justice) betrayed, the deceitful, for country or purpose, unmasked all the same - no privilege or special courtesies. ugly games, with blowback additive along the long-tail... From tim at diffalt.com Sun Jun 14 16:07:34 2015 From: tim at diffalt.com (Tim Beelen) Date: Sun, 14 Jun 2015 19:07:34 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <557DBCA1.3030404@riseup.net> References: <557DBCA1.3030404@riseup.net> Message-ID: <557E0936.1030108@diffalt.com> I'm highly critical this news. Think about it, what is the intended benefit of coming out with such a discovery. It's like proclaiming to Germany that we broke the Enigma-code during WW2. On 6/14/2015 1:40 PM, Razer wrote: > > On 06/14/2015 12:07 AM, grarpamp wrote: >> http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files >> >> Russia and China have cracked the top-secret cache of files stolen by >> the fugitive US whistleblower Edward Snowden, forcing MI6 to pull >> agents out of live operations in hostile countries, according to >> senior officials in Downing Street, the Home Office and the security >> services. >> > Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner > 'reporting' that brought the story to press. > > https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden-files-journalism-worst-also-filled-falsehoods/ > > > From coderman at gmail.com Sun Jun 14 20:45:11 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 20:45:11 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/12/15, grarpamp wrote: > ... > Differential analysis of FOI systems and doc probing... ftw. *grin* the Sunday deluge a fun indicator of Monday morning processing delays, or days? as per queue. sending all in a batch for e-delivery (except CIA faxes!!) an interesting survey on responsiveness... today's delivery: "Any and all SKUs, Contracts, Invoices, Receipts, Billing Numbers, Agreements, PO Numbers, for any services or goods purchased from Boeing Corporation, including third party contract hours for training or related services, regarding hardware to include Digital Signal Processing (DSP) or Cell-site Simulators or Software Defined Radio (SDR) base-stations, or Stingray-like pen/trace-trap devices, or other radio surveillance technology, including technology formerly produced by Digital Receiver Technology, Inc., also known as DRT Systems, now part of Boeing, known to include the DRTBox, or DirtBox, or DirtBoxes surveillance gear. Please include antenna systems and cable hardware, as part of the radio systems to report on." @FBI https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18708/ @USMarshals https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18709/ @DEA https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18710/ @ATF https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18711/ @CoastGuard https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18712/ @USSS https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18713/ @DoJ(crim. div.) https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18714/ @CIA https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18715/ @NSA https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18716/ @StateDept https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18717/ @DoT https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18718/ @FinCen https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18719/ @HomeSec https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18720/ @NCSC https://www.muckrock.com/foi/united-states-of-america-10/drtbeboeingbox-18721/ @DSS https://www.muckrock.com/foi/united-states-of-america-10/dtbeboeingbox-18722/ @DoJ(natsec div.) https://www.muckrock.com/foi/united-states-of-america-10/boeingbox-18723/ @INTERPOL https://www.muckrock.com/foi/united-states-of-america-10/boeingbox-18724/ @AirNatnlGuard https://www.muckrock.com/foi/united-states-of-america-10/boeingbox-18725/ @Treasury-Offc.Intelligence&Analysis,Security https://www.muckrock.com/foi/united-states-of-america-10/boeingbox-18726/ best regards, From admin at pilobilus.net Sun Jun 14 17:58:27 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 14 Jun 2015 20:58:27 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <557E0936.1030108@diffalt.com> References: <557DBCA1.3030404@riseup.net> <557E0936.1030108@diffalt.com> Message-ID: <557E2333.8020403@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/14/2015 07:07 PM, Tim Beelen wrote: > I'm highly critical this news. Think about it, what is the > intended benefit of coming out with such a discovery. > > It's like proclaiming to Germany that we broke the Enigma-code > during WW2. And it's completely inconsistent with the established official narrative, including for instance the ridiculous farce about destroying a hard drive at The Guardian. And it's inconsistent with accounts given by Snowden, Greenwald et al about the handling of the documents. And it comes hot on the heels of news that databases of U.S. Federal personnel records have been stolen - material of GREAT value to counterintelligence activities around the world. As this was nobody's fault but the folks responsible to safeguard that data, a big diversion covering some of the more embarrassing and expensive consequences of that breach would definitely be in order. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVfiMxAAoJEDZ0Gg87KR0LrTkP/i+tMT7chdvjDfYuT0V9JExx JQtbC+/xdAeivL8ItFkp/bjNJ4IFR0DGLZuu4fFFIMqzUXXoPzzEQpdsyuO9goN6 1lIjxXdh4vlehT9idlTYsMGkIq4XLze3vkW9ZcBtbjid4iNa21P0FNeuKJ588ybr YPaIf+f2tGefxOqSo4gFTf4cO9Rp16qLz3lvh3gU09EhvUSpz2JZhIQqZW9P4Kfr ZZ+Pm/5Uh8NdAPbnmXs+Y8KitUEHvr2ebnZTSbwEYI9mwckl5zTkcR6eyzz40RQx QTcGn/L4bMFCmSOSNT8VLYzeY8ReiwO6DabqhIsopLnhKqkhNTBLsHu9Dr1yeCKP wyvZOpjI4EpmzI1K6SK0QigjyCgIJygEDD57/UuRqsMa2IebwJaDTF6jQsnL2+8X E/d9rDQzW2gnn/PceftzlhZTDGPrtIRpJw4bvkk7gROeEPon0SYT7s9n2oWrf6Kh YOj8u0D1dcyFXmSCQ8oXX2LxPIMNIQDy69H3DRW3Vne3ylX3vigwH747U3OeAeB4 Vp9o3xa9wJ+/Wak64ywxDAurS6Y1Z2lCB2kb3AqTCMZyVjzZZKpd0c4//YK6cKB3 bzJjd06WKPZF+bkO3x0d+qxs+QTEySPnr9id2rLWTCfbnNGfksSrn5i52ivcsGMd 9F6NWoAtk5HFxYIenBf6 =iaXh -----END PGP SIGNATURE----- From coderman at gmail.com Sun Jun 14 22:37:44 2015 From: coderman at gmail.com (coderman) Date: Sun, 14 Jun 2015 22:37:44 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/14/15, coderman wrote: > ... > the Sunday deluge a fun indicator of Monday morning processing delays, > or days? as per queue. sending all in a batch for e-delivery (except > CIA faxes!!) an interesting survey on responsiveness... first to "Processing", request to U.S. Department of the Treasury, Office of Intelligence and Analysis, Office of Security Programs of the United States of America. ... fitting. :) best regards, From zen at freedbms.net Sun Jun 14 06:19:46 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 14 Jun 2015 23:19:46 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150614072951.CFE256800FF@frontend2.nyi.internal> References: <20150614072951.CFE256800FF@frontend2.nyi.internal> Message-ID: On 6/14/15, Shelley wrote: > On June 14, 2015 12:15:55 AM grarpamp wrote: > >> http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files >> >> Russia and China have cracked the top-secret cache of files stolen by >> the fugitive US whistleblower Edward Snowden, forcing MI6 to pull >> agents out of live operations in hostile countries, according to >> senior officials in Downing Street, the Home Office and the security >> services. > > Or perhaps one of the many data breaches of the incompetent fed.gov > contained info, legally held or otherwise, on other five eyes operatives > and this is an opportunistic parallel construction to try to implicate and > nab Snowden? ISTR some solid "yep, we parallel construct" facts at some point... > Seems like they'd want to keep something like this quiet if their > operatives really were in danger. Jmo. Well, may be not. Lie back, relax. Now imagine you're 5 years old. Actually, so you have 20 operatives in say North Korea and you need to contact them urgently so they know their holiday picture taking is over and must return post haste, since their holiday cover is about to be blown - how do you contact them without personally contacting them, to maximise their safety? Is a daily Tor sign in the best idea for operatives in other countries? Of course for those who do their daily Tor duty, they presumably will be notified. So perhaps just reading the daily newspaper from the country from which you're officially on holiday from? "Oh, there's some international spy scandal going on, think we better leave now dear, since we foreigners might be targetted regardless - how about an opportunistic trip South?" From grarpamp at gmail.com Mon Jun 15 10:43:23 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 15 Jun 2015 13:43:23 -0400 Subject: Kid gets 15y for ISIS Bitcoin, Adults get Facialed at Download Message-ID: http://www.pcworld.com/article/2935192/virginia-teen-pleads-guilty-to-giving-islamic-state-help-on-bitcoin.html Speculation about whether the Islamic State (IS) group is using bitcoin intensified Thursday in the U.S. when government officials said a Virginia teenager admitted to providing the organization with advice on the virtual currency. http://noisey.vice.com/blog/download-festival-is-a-police-trial-ground-for-facial-recognition This weekend’s Download Festival will be subjected to strategic facial recognition technology by Leicestershire Police, making those 100,000-plus attendees the first music fans to ever be monitored to this extent at a UK music festival. From Rayzer at riseup.net Mon Jun 15 13:48:20 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 15 Jun 2015 13:48:20 -0700 Subject: Kid gets 15y for ISIS Bitcoin, Adults get Facialed at Download In-Reply-To: <557F19CF.3010303@diffalt.com> References: <557F19CF.3010303@diffalt.com> Message-ID: <557F3A14.4080207@riseup.net> On 06/15/2015 11:30 AM, Tim Beelen wrote: > I'd like to present the following hypothesis: the actuator or the > currency used to procure whatever an ISIS-fighter might want or need > will take the form of US$ in exchange for some commodity. It wouldn't be to presumptuous to speculate the kid's REALLY been convicted for interfering with a US spook operation to launder money going to ISIS, by simply being in that mix w/o appropriate 'credentials'. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From dan at geer.org Mon Jun 15 11:10:23 2015 From: dan at geer.org (dan at geer.org) Date: Mon, 15 Jun 2015 14:10:23 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: Your message of "Sun, 14 Jun 2015 10:40:49 -0700." <557DBCA1.3030404@riseup.net> Message-ID: <20150615181023.5FAFC2282C4@palinka.tinho.net> | Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner | 'reporting' that brought the story to press. | | https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= | -files-journalism-worst-also-filled-falsehoods/ If Snowden had zero copies and Greenwald/Poitras had the originals, then any Russo-Chinese fiddling with those originals was the result of having stolen them from Greenwald/Poitras, not Snowden. As the world turns, --dan From tim at diffalt.com Mon Jun 15 11:30:39 2015 From: tim at diffalt.com (Tim Beelen) Date: Mon, 15 Jun 2015 14:30:39 -0400 Subject: Kid gets 15y for ISIS Bitcoin, Adults get Facialed at Download In-Reply-To: References: Message-ID: <557F19CF.3010303@diffalt.com> Well, first off it is commonly known that aiding and abetting a known terrorist group is a crime anywhere. Especially if it's one no one with disreputable hobbies like ISIS. Secondly, I'd like to present the following hypothesis: the actuator or the currency used to procure whatever an ISIS-fighter might want or need will take the form of US$ in exchange for some commodity. But I won't digress on that point. What is important is if governments are so easy to point out that things beyond their control are so nefarious because they themselves are unable to control it, I'd like to suggest that they start by controlling streams of goods and services that they themselves are contributing to the prolonged existence of ISIS. We, the informed community, all know most of their equipment comes from sponsors that are nations that would persecute this very person for aiding and abetting. Where as when a member of U.S. Congress or the CIA lend a helping hand to the "resistance" in the form of war-materials and supporting services it is considered but a faux pas. On 6/15/2015 1:43 PM, grarpamp wrote: > http://www.pcworld.com/article/2935192/virginia-teen-pleads-guilty-to-giving-islamic-state-help-on-bitcoin.html > > Speculation about whether the Islamic State (IS) group is using > bitcoin intensified Thursday in the U.S. when government officials > said a Virginia teenager admitted to providing the organization with > advice on the virtual currency. > > http://noisey.vice.com/blog/download-festival-is-a-police-trial-ground-for-facial-recognition > > This weekend’s Download Festival will be subjected to strategic facial > recognition technology by Leicestershire Police, making those > 100,000-plus attendees the first music fans to ever be monitored to > this extent at a UK music festival. > From mirimir at riseup.net Mon Jun 15 14:10:21 2015 From: mirimir at riseup.net (Mirimir) Date: Mon, 15 Jun 2015 15:10:21 -0600 Subject: Russia and China crack Snowden Cache In-Reply-To: <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> Message-ID: <557F3F3D.9040502@riseup.net> On 06/15/2015 02:06 PM, Juan wrote: > On Mon, 15 Jun 2015 14:10:23 -0400 > dan at geer.org wrote: > > >> >> If Snowden had zero copies and Greenwald/Poitras had the originals, >> then any Russo-Chinese fiddling with those originals was the result >> of having stolen > > > stolen? "copied"? >> them from Greenwald/Poitras, not Snowden. >> >> As the world turns, >> >> --dan >> > > From tim at diffalt.com Mon Jun 15 12:50:10 2015 From: tim at diffalt.com (Tim Beelen) Date: Mon, 15 Jun 2015 15:50:10 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150615181023.5FAFC2282C4@palinka.tinho.net> References: <20150615181023.5FAFC2282C4@palinka.tinho.net> Message-ID: <557F2C72.3080204@diffalt.com> This is not meaningful speculation since the main point is of the story is not finding out who to blame, it is spreading FUD about the fallout of Ed's actions by spreading blatant lies. Which basically derails a developing dialog: Ed was right, there /was/ overreach/abuse and accounts of premeditated lying attributable to our Government(s) fine agencies. It's fun to watch the government losing face by trying to cover it up. What I saw was a five year old with his hand stuck in the cookie jar. Only the cookie jar is actually the privacy of my own home. No matter the fact that I extend my presence to locations around the globe by way of internets. I am not forgoing my rights to privacy when I directly communicate with others. The very same way I find those rights in the confines of my home. On 6/15/2015 2:10 PM, dan at geer.org wrote: > | Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner > | 'reporting' that brought the story to press. > | > | https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= > | -files-journalism-worst-also-filled-falsehoods/ > > > If Snowden had zero copies and Greenwald/Poitras had the originals, > then any Russo-Chinese fiddling with those originals was the result > of having stolen them from Greenwald/Poitras, not Snowden. > > As the world turns, > > --dan > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1978 bytes Desc: not available URL: From zaki at manian.org Mon Jun 15 16:13:10 2015 From: zaki at manian.org (zaki at manian.org) Date: Mon, 15 Jun 2015 16:13:10 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150615181023.5FAFC2282C4@palinka.tinho.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> Message-ID: 1. Crypto is broken in the sense that entire notion of trusted computing is massively broken and nation states can compromise end devices at scale and access plain text via device compromise. 2. There was a period of time when the Snowden cache was controlled primarily by journalists with limited organizational support. Many bad things could have happened. It is still mysterious if they did. 3.It also seems likely that competing services had access to many of the same documents as Snowden did. It seems reasonable to assume there were more people exfiltrating docs for private benefit than for public benefit on the top secret network. 4. What standard should organizations who handle secret information be held to? The Intercept has hired some of top practitioners in the field. Is that good enough? Less well funded institutions? On Mon, Jun 15, 2015 at 11:10 AM, wrote: > | Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner > | 'reporting' that brought the story to press. > | > | > https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= > | -files-journalism-worst-also-filled-falsehoods/ > > > If Snowden had zero copies and Greenwald/Poitras had the originals, > then any Russo-Chinese fiddling with those originals was the result > of having stolen them from Greenwald/Poitras, not Snowden. > > As the world turns, > > --dan > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2025 bytes Desc: not available URL: From Rayzer at riseup.net Mon Jun 15 16:22:56 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 15 Jun 2015 16:22:56 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: References: Message-ID: <557F5E50.2030802@riseup.net> On 06/14/2015 12:07 AM, grarpamp wrote: > http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files > > Russia and China have cracked the top-secret cache of files stolen by > the fugitive US whistleblower Edward Snowden, forcing MI6 to pull > agents out of live operations in hostile countries, according to > senior officials in Downing Street, the Home Office and the security > services. > The Sunday Times is throwing a pout about being called on their now-known-as-unverifiable story (reporter admitted as much to CNN) and has ATTEMPTED issuing a DMCA takedown order b/c Intercept lo-rez Screenshot of their front page. The Intercept is ignoring that order: http://arstechnica.com/tech-policy/2015/06/sunday-times-sends-dmca-notice-to-critics-of-snowden-hacking-story/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From grarpamp at gmail.com Mon Jun 15 13:55:53 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 15 Jun 2015 16:55:53 -0400 Subject: Kid gets 15y for ISIS Bitcoin, Adults get Facialed at Download In-Reply-To: <557F19CF.3010303@diffalt.com> References: <557F19CF.3010303@diffalt.com> Message-ID: On Mon, Jun 15, 2015 at 2:30 PM, Tim Beelen wrote: > Well, first off it is commonly known that aiding and abetting a > known terrorist group is a crime anywhere. Really? Do these criminals have internet access? Yes. Then Google Search is aiding and abetting. So is GNUPG, and TAILS and FORD Motor Company, any other dual use technology you can imagine. The crime is not in spreading and seeking knowledge, even if it is applied to thought crime. The only real crime is when a perpetrator chooses to act in the real world, such as blowing shit up or murdering people. Your argument would be like GE, Boeing and Raytheon being found guilty of teaching the US Government how to murder by drone built from parts, when in fact it is the US President that is guilty of the real crime of pulling the trigger. > Secondly, I'd like to present the following hypothesis: the > actuator or the currency used to procure whatever an ISIS-fighter > might want or need will take the form of US$ in exchange for some > commodity. True... for cases where Bitcoin itself isn't readily usable or exchangeable, such as areas where digital tools and internet or other transport are minimal. Exchange, trade, BTC, Hawala are all intertwined and circular... to receive value in you need to offer balancing value out, whether it's BTC, USD, (IQD/SYP/AFN/LYD/NGN/PKR/YER), opium, hash, oil, food, products, murder... > But I won't digress on that point. As you said, the region is awash in USD and various "helping hands" from different places. That's always prone to runaway reactions. And sometimes they're by design. > What is important is if governments are so easy to point out that > things beyond their control are so nefarious because they themselves > are unable to control it Claiming nefariousness is often a nefarious control mechanism itself. Lack of control enables balancing effects against such control and as such is not necessarily a bad thing in itself. Be careful when demanding control mechanisms, lest they be turned against you in the future. From juan.g71 at gmail.com Mon Jun 15 13:06:43 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 15 Jun 2015 17:06:43 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150615181023.5FAFC2282C4@palinka.tinho.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> Message-ID: <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> On Mon, 15 Jun 2015 14:10:23 -0400 dan at geer.org wrote: > > If Snowden had zero copies and Greenwald/Poitras had the originals, > then any Russo-Chinese fiddling with those originals was the result > of having stolen stolen? > them from Greenwald/Poitras, not Snowden. > > As the world turns, > > --dan > From grarpamp at gmail.com Mon Jun 15 14:22:05 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 15 Jun 2015 17:22:05 -0400 Subject: More Bitcoin Battles for Control and Process ... Blocksize Message-ID: http://www.reddit.com/r/Bitcoin/comments/39wlpj/adam_back_questions_mike_hearn_about_the/ All the ongoing talk over blocksize, BIP's, control and process... fine and much needed. This one will pass. But don't be fooled, this one is nothing... the real battles among very large and global entities are yet to come. If they wish Bitcoin to succeed as philosophically conceived, today's devs, users and miners should prepare for war. From kanzure at gmail.com Mon Jun 15 15:39:40 2015 From: kanzure at gmail.com (Bryan Bishop) Date: Mon, 15 Jun 2015 17:39:40 -0500 Subject: More Bitcoin Battles for Control and Process ... Blocksize In-Reply-To: References: Message-ID: On Mon, Jun 15, 2015 at 4:22 PM, grarpamp wrote: > entities are yet to come. If they wish Bitcoin to succeed as > philosophically conceived, today's devs, users and miners should > prepare for war. > So does anyone have any guides for countering future "psyops" initiatives? Seems like something that would be useful in this and other contexts. Captain Freedom and Glenn might be interested in writing something on this topic, although I would also be interested in pursuing any and all advice. "Go to jail" was a good start but IIRC there was more content out there. - Bryan http://heybryan.org/ 1 512 203 0507 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1114 bytes Desc: not available URL: From gutemhc at gmail.com Mon Jun 15 14:05:36 2015 From: gutemhc at gmail.com (Gutem) Date: Mon, 15 Jun 2015 18:05:36 -0300 Subject: LastPass Network Breached Message-ID: https://threatpost.com/lastpass-network-breached-calls-for-master-password-reset/113324 - Gutem ----------- “Live Long and Prosper" Registered Linux User: 562142 PGP: 0xE1A697BF / 2522 ECFA DCD2 FF52 3AAB D2A1 154E 14CD E1A6 97BF https://keybase.io/gutem/key.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 842 bytes Desc: Message signed with OpenPGP using GPGMail URL: From adam at cypherspace.org Mon Jun 15 11:03:25 2015 From: adam at cypherspace.org (Adam Back) Date: Mon, 15 Jun 2015 20:03:25 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork Message-ID: Hi Mike Well thank you for replying openly on this topic, its helpful. I apologise in advance if this gets quite to the point and at times blunt, but transparency is important, and we owe it to the users who see Bitcoin as the start of a new future and the$3b of invested funds and $600m of VC funds invested in companies, we owe it to them that we be open and transparent here. I would really prefer on a personal nor professional basis to be having this conversation period, never mind in public, but Mike - your and Gavin's decision to promote a unilateral hard-fork and code fork are extremely high risk for bitcoin and so there remains little choice. So I apologise again that we have to have this kind of conversation on a technical discussion list. This whole thing is hugely stressful and worrying for developers, companies and investors. I strongly urge that we return to the existing collaborative constructive review process that has been used for the last 4 years which is a consensus by design to prevent one rogue person from inserting a backdoor, or lobbying for a favoured change on behalf of a special interest group, or working for bad actor (without accusing you of any of those - I understand you personally just want to scale bitcoin, but are inclined to knock heads and try to force an issue you see, rather than work collaboratively). For you (and everyone) - Should there be a summit of some kind, that is open attendance, and video recorded so that people who are unable to attend can participate too, so that people can present the technical proposals and risks in an unbiased way? (It is not theoretical question, I may have a sponsor and host - not Blockstream, an independent, its a question for everyone, developers, users, CTOs, CEOs.) So here I come back to more frank questions: Governance The rest of the developers are wise to realise that they do not want exclusive control, to avoid governance centralising into the hands of one person, and this is why they have shared it with a consensus process over the last 4 years. No offence but I dont think you personally are thinking far enough ahead to think you want personal control of this industry. Maybe some factions dont trust your motives, or they dont mind, but feel more assured if a dozen other people are closely reviewing and have collective review authority. - Do you understand that attempting to break this process by unilateral hard-fork is extremely weakening of Bitcoin's change governance model? - Do you understand that change governance is important, and that it is important that there be multiple reviewers and sign-off to avoid someone being blackmailed or influenced by an external party - which could potentially result in massive theft of funds if something were missed? - Secondarily do you understand that even if you succeed in a unilateral fork (and the level of lost coins and market cap and damage to confidence is recoverable), that it sets a precedent that others may try to follow in the future to introduce coercive features that break the assurances of bitcoin, like fungibility reducing features say (topically I hear you once proposed on a private forum the concept of red-lists, other such proposals have been made and quickly abandoned), or ultimately if there is a political process to obtain unpopular changes by unilateral threat, the sky is the limit - rewrite the social contract at that point without consensus, but by calculation that people will value Bitcoin enough that they will follow a lead to avoid risk to the system? Security As you probably know some extremely subtle bugs in Bitcoin have at times slipped past even the most rigorous testings, often with innocuous but unexpected behaviours, but some security issues Some extremely intricate and time-sensitive security defect and incident response happens from time to time which is not necessarily publicly disclosed until after the issue has been rolled out and fixed, which can take some time due to the nature of protocol upgrades, work-arounds, software upgrade via contacting key miners etc. We could take an example of the openSSL bug. - How do you plan to deal with security & incident response for the duration you describe where you will have control while you are deploying the unilateral hard-fork and being in sole maintainership control? - Are you a member of the bitcoin security reporting list? On 15 June 2015 at 11:56, Mike Hearn wrote: > I will review both and mostly delegate to Gavin's good taste around the > details, unless there is some very strong disagreement. But that seems > unlikely. > ... > Feedback will be read. There are no NACKS in Bitcoin XT. Patch requests > aren't scored in any way. The final decision rests with the maintainer as in > ~all open source projects. As you know the people who have written 95% of the code (and reviewed, and tested, and formally proved segments etc) are strenuously advising not to push any consensus code into public use without listening to and addressing review questions which span beyond rigorous code & automated guided fuzz testers, simulation and sometimes formal proofs, but also economics, game-theory and critically very subtle determinism/consensus safety that they have collectively 4-5 years experience of each. - Will you pause your release plans if all of the other developers insist that the code or algorithm is defective? - Please don't take this the wrong way, and I know your bitcoinj work was a significant engineering project which required porting bitcoin logic. But If the answer to the above question is no, as you seemed to indicate in your response, as you not have not written much bitcoin core code yourself (I think 3 PRs in total), do you find yourself more qualified than the combination of peer review of the group of people who have written 95% of it, and maintained it and refactored most of it over the last 4-5 years? I presume from your security background you are quite familiar with the need for review of crypto protocol changes & rigorous code review. That is even more the case with Bitcoin given the consensus criticality. >> - On the idea of a non-consensus hard-fork at all, I think we can >> assume you will get a row of NACKs. Can you explain your rationale >> for going ahead anyway? The risks are well understood and enormous. > > If Bitcoin runs out of capacity it will break and many of our users will > leave. That is not an acceptable outcome for myself or the many other > wallet, service and merchant developers who have worked for years to build > an ecosystem around this protocol. That you are frustrated, is not a sufficient answer as to why you are proposing to go ahead with a universally acknowledged extreme network divergence danger unilateral hard-fork, lacking wide-spread consensus. People are quite concerned about this. Patience, caution and prudence is necessary in a software system with such high assurance requirements. So I ask again: - On the idea of a non-consensus hard-fork at all, I think we can assume you will get a row of NACKs. Can you explain your rationale for going ahead anyway? The risks are well understood and enormous. Note the key point is that you are working on a unilateral hard-fork, where there is a clear 4 year established process for proposing improvements and an extremely well thought out and important change management governance process. While there has been much discussion, you nor Gavin, have not actually posted a BIP for review. Nor actually was much of the discussion even conducted in the open: it was only when Matt felt the need to clear the air and steer this conversation into the open that discussion arose here. During that period of private discussion you and Gavin were largely unknown to most of us lobbying companies with your representation of a method that concerns everyone of the Bitcoin users. Now that the technical community aware aware they are strenuously discouraging you on the basis of risks. Openness - Do you agree that bitcoin technical discussions should happen in the open? - As this is a FOSS project, do you agree that companies should also be open, about their requirements and trade-offs they would prefer? - Can you disclose the list of companies you have lobbied in private whether they have spoken publicly or not, and whether they have indicated approval or not? - Did you share a specific plan, like a BIP or white paper with these companies, and if so can we see it? - If you didnt submit a plan, could you summarise what you asked them and what you proposed, and if you discussed also the risks? (If you asked them if they would like Bitcoin to scale, I expect almost everyone does, including every member of the technical community, so that for example would not fairly indicate approval for a unilateral hard-fork) I and others will be happy to talk with the CTO and CEOs of companies you have lobbied in private, for balance to assure ourselves and the rest of the community that their support was given - and with full understanding of the risks of doing it unilaterally, without peer review, benefit of maintenance and security inidence management, and what exactly they are being quoting as having signed up for. (This maybe more efficiently and openly achieved by the open process, on a mailing list, maybe a different one even special purpose to this topic, with additional option of the open public meeting I proposed at the top). - Do you agree that it would be appropriate, that companies be aware of both the scaling opportunities (of course, great everyone wants scalability) as well as the technical limits and risks with various approaches? And that these be presented by parties from a range of views to ensure balance? - Do you consider your expression of issues to hold true to the ideal of representing balanced nuanced view of all sides of a technical debate, even when under pressure or feeling impatient about the process? You may want to review the opening few minutes of your epicenter 82 bitcoin for example where you claimed and I quote "[the rest of the technical community] dont want capacity to ever increase and want it to stay where it is and when it fills up people move to other systems". - Do you think that is an accurate depiction of the complex trade-offs we have been discussing on this list? (For the record I am not aware of a single person who has said they do not agree with scaling Bitcoin. Changing a constant is not the hard-part. The hard part is validating a plan and the other factors that go into it. It's not a free choice it is a security/scalability tradeoff. No one will thank us if we "scale" bitcoin but break it in hard to recover ways at the same time.) - Were you similarly balanced in your explanations when talking to companies in private discussions? - Do you understand that if we do not work from balanced technical discussion, that we may end up with some biased criteria? Authority Neither you nor Gavin have any particular authority here to speak on behalf of Bitcoin (eg you acknowledge in your podcast that Wladimir is dev lead, and you and Gavin are both well aware of the 4 year established change management consensus decision making model where all of the technical reviewers have to come to agreement before changes go in for security reasons explained above). I know Gavin has a "Chief Scientist" title from the Bitcoin Foundation, but sadly that organisation is not held in as much regard as it once was, due to various irregularities and controversies, and as I understand it no longer employs any developers, due to lack of funds. Gavin is now employed by MIT's DCI project as a researcher in some capacity. As you know Wladimir is doing the development lead role now, and it seems part of your personal frustration you said was because he did not agree with your views. Neither you nor Gavin have been particularly involved in bitcoin lately, even Gavin, for 1.5 years or so. - Do you agree that if you presume to speak where you do not have authority you may confuse companies? > If Bitcoin runs out of capacity it will break and many of our users will > leave. That is not an acceptable outcome for myself or the many other > wallet, service and merchant developers who have worked for years to build > an ecosystem around this protocol. But I think this is a false dichotomy. As I said in previous mail I understand people are frustrated that it has taken so long, but it is not the case that no progress has been made on scalability. I itemised a long list of scalability work which you acknowledged as impressive work (CPU, memory, network bandwidth/latency) and RBF, CPFP fee work, fee-estimation, and so on, which you acknowledged and are aware of. There are multiple proposals and BIPs under consideration on the list right now. - what is the reason that you (or Gavin) would not post your BIP along side the others to see if it would win based on technical merit? - why would you feel uniquely qualified to override the expert opinion of the rest of the technical community if your proposal were not considered to have most technical merit? (Given that this is not a simple market competition thing where multiple hard-forks can be considered - it is a one only decision, and if it is done in a divisive unilateral way there are extreme risks of the ledger diverging.) Network Divergence Risk >> - How do you propose to deal with the extra risks that come from >> non-consensus hard-forks? Hard-forks themselves are quite risky, but >> non-consensus ones are extremely dangerous for consensus. > > The approach is the same for other forks. Voting via block versions and then > when there's been >X% for Y time units the 1mb limit is lifted/replaced. But this is not a soft-fork, it is a hard-fork. Miner voting is only peripherally related. Even if in the extremis 75% of miners tried a unilateral hard-fork but 100% of the users stayed on the maintained original code, no change would occur other than those miners losing reward (mining fork-coins with no resale value) and the difficulty would adjust. The miners who made an error in choice would lose money and go out of business or rejoin the chain. However if something in that direction happens with actual users and companies on both sides of it users will lose money, the ledger will diverge as soon as a single double-spend happens, and never share a block again, companies will go instantly insolvent, and chaos will break out. This is the dangerous scenario we are concerned about. So the same question again: - How do you propose to deal with the extra risks that come from non-consensus hard-forks? Hard-forks themselves are quite risky, but non-consensus ones are extremely dangerous for consensus. Being sensitive to alarming the market It is something akin to Greece or Portugal or Italy exiting the euro currency in a disorderly way. Economists and central bank policy makers are extremely worried about such an eventuality and talk about related factors in careful, measured terms, watch Mario Draghi when he speaks. Imagine that bitcoin is 10x or 100x bigger. Bitcoin cant have people taking unilateral actions such as you have been proposing. It is not following the consensus governance process, and not good policy and it is probably affecting bitcoin confidence and price at this moment. >> - Do you have contingency plans for what to do if the non-consensus >> hard-fork goes wrong and $3B is lost as a result? > > Where did you get the $3B figure from? The fork either doesn't happen, or it > happens after quite a long period of people knowing it's going to happen - > for example because their full node is printing "You need to upgrade" > messages due to seeing the larger block version, or because they read the > news, or because they heard about it via some other mechanisms. This is not a soft-fork, and the community will not want to take the risks once they understand them, and they have months in which to understand them and at this point you've motivated and wasted 100s of developer man hours such that we will feel impelled to make sure that no one opts into a unilateral hard-fork without understanding the risks. It would be negligent to allow people to do that. Before this gets very far FAQs will be on bitcoin.org etc explaining this risk I would imagine. Its just starting not finished. What makes you think the rest of the community may not instead prefer Jeff Garzik's BIP after revisions that he is making now with review comments from others? Or another proposal. Taken together with a deployment plan that sees work on decentralisation tying into that plan. - If you persisted anyway, what makes you think bitcoin could not make code changes defensively relating to your unilateral fork? (I am sure creative minds can find some ways to harden bitcoin against a unilateral fork, with a soft-fork or non-consensus update can be deployed much faster than a hard-fork). I tried to warn Gavin privately that I thought he was under-estimating the risk of failure to his fork proposal due to it being unilateral. Ie as you both seem sincere in your wish to have your proposal succeed, then obviously the best way to do that is to release a BIP in the open collaborative process and submit it to review like everyone else. Doing it unilaterally only increases its chance of failure. The only sensible thing to do here is submit a BIP and stop the unilateral fork threat. Scalability Plans > Let me flip the question around. Do you have a contingency plan if Bitcoin > runs out of capacity and significant user disruption occurs that results in > exodus, followed by fall in BTC price? The only one I've seen is "we can > perform an emergency hard fork in a few weeks"! Yes people have proposed other plans. Bryan Bishop posted a list of them. Jeff Garzik has a proposal, BIP-100 which seems already better than Gavin's having benefit of peer review which he has been incorporating. I proposed several soft-fork models which can be deployed safely and immediately, which do not have ledger risk. I have another proposal relating to simplified soft-fork one-way pegs which I'll write up in a bit. I think there are still issues in Jeff's proposal but he is very open and collaborating and there maybe related but different proposals presently. >> As you can probably tell I think a unilateral fork without wide-scale >> consensus from the technical and business communities is a deeply >> inadvisable. > > Gavin and I have been polling many key players in the ecosystem. The > consensus you seek does exist. All wallet developers (except Lawrence), all > the major exchanges, all the major payment processors and many of the major > mining pools want to see the limit lifted (I haven't been talking to pools, > Gavin has). It does not seem to me that you understand the issue. Of course they want to increase the scalability of bitcoin. So does everyone else on this mailing list. That they would support that is obvious. If you presented your unilateral action plan without explaining the risks too. I think I covered this further above. If you would like to share the company list, or we can invite them to the proposed public physical meeting, I think it would be useful for them to have a balanced view of the ledger divergence risks, and alternative in-consensus proposals underway, as well as the governance risks, maintenance risks, security incident risks. Note that other people talk to companies too, as part of their day to day jobs, or from contacts from being in the industry. You have no special authority or unique ability to talk with business people. Its just that the technical community did not know you were busy doing that. I can not believe that any company that would listen to their CTO, CSO or failing that board would be ok with the risks implied by what you are proposing on full examination. > This notion that the change has no consensus is based on you polling the > people directly around you and people who like to spend all day on this > mailing list. It's not an accurate reflection of the wider Bitcoin community > and that is one of the leading reasons there is going to be a fork. A small > number of people have been flatly ignoring LOTS of highly technical and > passionate developers who have written vast amounts of code, built up the > Bitcoin user base, designed hardware and software, and yes built companies. I know you want scale bitcoin, as I said everyone here does. I think what you're experiencing is that you've had more luck explaining your pragmatic unilateral plan to non-technical people without peer review, and so not experienced the kind of huge pushback you are getting from the technical community. The whole of bitcoin is immensely complicated such that it takes an uber-geek CS genius years to catchup, this is not a slight of any of the business people who are working hard to deploy Bitcoin into the world, its just complicated and therefore not easy to understand the game-theory, security, governance and distributed system thinking. I have a comp sci PhD in distributed systems, implemented p2p network systems and have 2 decades of applied crypto experience with a major interest in electronic cash crypto protocols, and it took me a several years to catchup and even I have a few hazy spots on low-level details, and I addictively into read everything I could find. Realistically all of us are still learning, as bitcoin combines so many fields that it opens new possibilities. What I am expecting that yourself and Gavin are thinking is that you'll knock heads and force the issue and get to consensus. However I think you have seriously misjudged the risks and have not adequately explained them to companies you are talking with. Indeed you do not fully seem to acknowledge the risks, nor to have a well thought out plan here of how you would actually manage it, nor the moral hazards of having a lone developer in hugely divisive circumstances in sole control of bitcoins running code. Those are exactly the reasons for the code change governance process! Even though you are trying to help, the full result is you are not helping achieve anything by changing a constant and starting a unilateral hard-fork (not to trivialise the work of making a patch to do that). The work to even make the constant change be feasible was a result of 1000s of hours of work by others in the development community, that is emphatically and unilaterally telling you that hard-forks are hugely inadvisable. You are trying to break the code change governance security procedure that were put in place for good reason for the security of $3b of other peoples money, even if you have a pragmatic intent to help, this is flat out unacceptable. There are also security implications to what you are proposing, which I have heard you attempting to trivialise, that are core to Bitcoins security and core functionality. > the overwhelming impression I get from a few > others here is that no, they don't want to scale Bitcoin. They already > decided it's a technological dead end. I think this is a significant mischaracterisation, and I think almost everybody is on board with a combination plan: 1. work to improve decentralisation (specific technical work already underway, and education) 2. create a plan to increase block-size in a slow fashion to not cause system shocks (eg like Jeff is proposing or some better variant) 3. work on actual algorithmic scaling In this way we can have throughput needed for scalability and security work to continue. As I said you can not scale a O(n^2) broadcast network by changing constants, you need algorithmic improvements. People are working on them already. All of those 3 things are being actively worked on RIGHT NOW, and in the case of algorithmic scaling and improve decentralisation have been worked on for months. You may have done one useful thing which is to remind people that blocks are only 3x-4x below capacity such that we should look at it. But we can not work under duress of haste, nor unilateral ultimatums, this is the realm of human action that leads to moral hazard, and ironically reminds us of why Satoshi put the quote in the genesis block. Bitcoin is too complex a system with too much at stake to be making political hasty decisions, it would be negligent to act in such a way. Again please consider that you did your job, caused people to pay attention, but return to the process, submit a BIP, retract the unilateral hard-fork which is so dangerous and lets have things be calm, civil and collaborative in the technical zone of Bitcoin and not further alarm companies and investors. Adam ------------------------------------------------------------------------------ _______________________________________________ Bitcoin-development mailing list Bitcoin-development at lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bitcoin-development ----- End forwarded message ----- From juan.g71 at gmail.com Mon Jun 15 16:12:25 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 15 Jun 2015 20:12:25 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <557F3F3D.9040502@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> <557F3F3D.9040502@riseup.net> Message-ID: <557f5a4a.962a370a.a14df.ffff8215@mx.google.com> On Mon, 15 Jun 2015 15:10:21 -0600 Mirimir wrote: > On 06/15/2015 02:06 PM, Juan wrote: > > On Mon, 15 Jun 2015 14:10:23 -0400 > > dan at geer.org wrote: > > > > > >> > >> If Snowden had zero copies and Greenwald/Poitras had the originals, > >> then any Russo-Chinese fiddling with those originals was the result > >> of having stolen > > > > > > stolen? > > "copied"? Yes, I think that's the word =) > > >> them from Greenwald/Poitras, not Snowden. > >> > >> As the world turns, > >> > >> --dan > >> > > > > From mirimir at riseup.net Mon Jun 15 21:20:40 2015 From: mirimir at riseup.net (Mirimir) Date: Mon, 15 Jun 2015 22:20:40 -0600 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> Message-ID: <557FA418.9040503@riseup.net> On 06/15/2015 05:13 PM, zaki at manian.org wrote: > 2. There was a period of time when the Snowden cache was controlled > primarily by journalists with limited organizational support. Many bad > things could have happened. It is still mysterious if they did. Indeed. > 3.It also seems likely that competing services had access to many of the > same documents as Snowden did. It seems reasonable to assume there were > more people exfiltrating docs for private benefit than for public benefit > on the top secret network. Well damn, they could have been decent enough to post them on Cryptome or WikiLeaks ;) Even a hidden service site with a paywall would have been cool ;) > 4. What standard should organizations who handle secret information be held > to? The Intercept has hired some of top practitioners in the field. Is that > good enough? Less well funded institutions? What does "be held to" mean? By whom? > On Mon, Jun 15, 2015 at 11:10 AM, wrote: > >> | Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner >> | 'reporting' that brought the story to press. >> | >> | >> https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= >> | -files-journalism-worst-also-filled-falsehoods/ >> >> >> If Snowden had zero copies and Greenwald/Poitras had the originals, >> then any Russo-Chinese fiddling with those originals was the result >> of having stolen them from Greenwald/Poitras, not Snowden. >> >> As the world turns, >> >> --dan >> >> > From grarpamp at gmail.com Mon Jun 15 19:53:13 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 15 Jun 2015 22:53:13 -0400 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: On Mon, Jun 15, 2015 at 8:35 PM, Sean Lynch wrote: > the government was tracking the > flow of every single bill Bills are serialized and certainly trackable at exchage points. Though such points (banks) are increasingly acting weirder when their patrons deal in cash, there's no scanning going on yet at the level of the till. There are probably fine papers comparing the analysis that can be done with serialized bills vs bitcoins ledger. From tim at diffalt.com Mon Jun 15 21:10:32 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 16 Jun 2015 00:10:32 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> Message-ID: <557FA1B8.10100@diffalt.com> Tom Harper, the Sunday Times' journalist who wrote the article. The man who repeatedly lied about the the state of affairs regarding Ed landed himself an interview with CNN. It was aired a few hours ago. The man dug himself a hole, jumped into his hole and buried himself with an explanation of how he reports what. Effectively he told CNN that it is speculation, that he reports what he feels to be the truth as provided by his sources within the government but that what he reported is not explicitly mentioned as such, and that it is up to his sources "the government" (whatever that means) to provide proof. In other words, he lied. Many bad things did not happen. And I'm sure that the OPSEC that Glenn et al. have been maintaining is for the sake of all parties involved. And I bet that three-letter agencies have reached out to him to let him know that he's walking a fine line and I'm sure that Glenn also knows that they have a vested interest in the information not becoming freely available. And that's the end of that story. We're also not discussing the semantics of how Glenn handles his files in the face of what is an obvious push to erode civil liberties. Because. On 6/15/2015 7:13 PM, zaki at manian.org wrote: > 1. Crypto is broken in the sense that entire notion of trusted > computing is massively broken and nation states can compromise end > devices at scale and access plain text via device compromise. > > 2. There was a period of time when the Snowden cache was controlled > primarily by journalists with limited organizational support. Many bad > things could have happened. It is still mysterious if they did. > > 3.It also seems likely that competing services had access to many of > the same documents as Snowden did. It seems reasonable to assume there > were more people exfiltrating docs for private benefit than for public > benefit on the top secret network. > > 4. What standard should organizations who handle secret information be > held to? The Intercept has hired some of top practitioners in the > field. Is that good enough? Less well funded institutions? > > > On Mon, Jun 15, 2015 at 11:10 AM, > > wrote: > > | Glenn Greenwald at The//Intercept on The Sunday Times birdcage > liner > | 'reporting' that brought the story to press. > | > | > https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= > | -files-journalism-worst-also-filled-falsehoods/ > > > If Snowden had zero copies and Greenwald/Poitras had the originals, > then any Russo-Chinese fiddling with those originals was the result > of having stolen them from Greenwald/Poitras, not Snowden. > > As the world turns, > > --dan > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4636 bytes Desc: not available URL: From seanl at literati.org Mon Jun 15 17:35:45 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 16 Jun 2015 00:35:45 +0000 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: Wilfred just won the bet he had with his schoolmates that we'd fall for literally anything, including a claim that the government was tracking the flow of every single bill and coin in circulation. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 223 bytes Desc: not available URL: From jya at pipeline.com Tue Jun 16 04:13:16 2015 From: jya at pipeline.com (John Young) Date: Tue, 16 Jun 2015 07:13:16 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <557FA418.9040503@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> Message-ID: WikiLeaks WikiTweets only .05% of Snowden documents have been declassified for release by the spy-micking hoarders, out of nearly 1M. Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% of DoD's defense industry mass overkill 1.7M. This affirms the Snowden-idolizing MSM are hardly better journalism than Sunday Times at customary citizen-subject-consumer hoodwinking relying on rhetorical exaggeration with minimal substantiation, that is, following the model of royalty, official spies and commercial public relations (bestow on Apple's CEO for lying about iSpookery), why even, pardon the ad disruption, cryptosecurity everywhere floggers, nay, nay, hordes of educators indenturing wage slaves, religious hustlers token-sucking the poorest tax-avoiding the richest, and not worth slathering horse-dookie on Lady Gaga Godiva, bloated governments wielding the armaments of utter obedience for most none for a few. Which, clang cymbol, why demand only NSA stop it, stop stomping invented civlib, why not demand all the world's spies close shop, defuse the PALs of the WMD terrorists. Spies beget world's worst spies, govs beget world's worst govs, biz begets world's worst biz, secperts beget, so on, to wit, shit methane. Tis a damn lie, verily a rigged stat, a TED yip, that some official secrecy is okay (Schneier, most secperts) just not too much, that is, my secrecy, my NSA protection racket sold to world spies and clueless public as costly and methaney, is perfume, yours is RU and CN bowel gas -- as mirrored by RU and CN. At 12:20 AM 6/16/2015, you wrote: >On 06/15/2015 05:13 PM, zaki at manian.org wrote: > > > > > 2. There was a period of time when the Snowden cache was controlled > > primarily by journalists with limited organizational support. Many bad > > things could have happened. It is still mysterious if they did. > >Indeed. > > > 3.It also seems likely that competing services had access to many of the > > same documents as Snowden did. It seems reasonable to assume there were > > more people exfiltrating docs for private benefit than for public benefit > > on the top secret network. > >Well damn, they could have been decent enough to post them on Cryptome >or WikiLeaks ;) Even a hidden service site with a paywall would have >been cool ;) > > > 4. What standard should organizations who handle secret information be held > > to? The Intercept has hired some of top practitioners in the field. Is that > > good enough? Less well funded institutions? > >What does "be held to" mean? By whom? > > > On Mon, Jun 15, 2015 at 11:10 AM, wrote: > > > >> | Glenn Greenwald at The//Intercept on The Sunday Times birdcage liner > >> | 'reporting' that brought the story to press. > >> | > >> | > >> https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= > >> | -files-journalism-worst-also-filled-falsehoods/ > >> > >> > >> If Snowden had zero copies and Greenwald/Poitras had the originals, > >> then any Russo-Chinese fiddling with those originals was the result > >> of having stolen them from Greenwald/Poitras, not Snowden. > >> > >> As the world turns, > >> > >> --dan > >> > >> > > From eugen at leitl.org Tue Jun 16 01:11:31 2015 From: eugen at leitl.org (Eugen Leitl) Date: Tue, 16 Jun 2015 10:11:31 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork Message-ID: <20150616081131.GL10743@leitl.org> ----- Forwarded message from Adam Back ----- From tim at diffalt.com Tue Jun 16 07:37:23 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 16 Jun 2015 10:37:23 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> Message-ID: <558034A3.5090601@diffalt.com> On 6/16/2015 7:13 AM, John Young wrote: > WikiLeaks WikiTweets only .05% of Snowden documents have been > declassified for release by the spy-micking hoarders, out of nearly 1M. > Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% > of DoD's defense industry mass overkill 1.7M. The reason for this is the work that /all/ of these institutes do. It is bigger then what an individual or, is some cases, a small group can accomplish. And can easily be undermined if details are published. Who is it to say that what CIA has been doing is not in U.S. best interest. You? Me? How many people know that the institute been used as a road to power? 5? 10? 10.000? We know that in hindsight Bush Senior during his days as the captain was very much so into promoting his own agenda. He did things that if you and me would do 'm we'd be locked up, gassed or otherwise effectively terminated. An agenda, that in is own head, is in the best interest of the U.S. How does the institute itself look upon itself? We don't know. But most likely they are EXACTLY what I'd expect from the U.S. public in general: If it were that easy to breed even a thing as consensus among the American public, to whom admitting to be false or admitting that they do not hold all the key information is far more likely to be interpreted as a personal attack then parsed on a rational level as self-criticism... the enablers of many mad politicians would have a hard(er) time. I can tell you that any low-level contractor or employee /with /brains looks upon the three-letter institutes and sees exactly that. And they are even allowed to. Ed walked around the office in a EFF sweater. And the CIA very well knows that they can not change that mentality. So accountability does JACK SHIT. Transparency does not change the equation, because, people cling to power. And even now a lot of things are out there, in the open, we, as a nation are still O.K. with electing Jeb Bush into office (I think he'll win). However, bending, massaging the general public in a slow, but very effective way does yield it's rewards. As we know, Ed's work steered/stirred public debate on some level. > This affirms the Snowden-idolizing MSM are hardly better journalism > than Sunday Times at customary citizen-subject-consumer > hoodwinking relying on rhetorical exaggeration with minimal > substantiation, that is, following the model of royalty, official spies > and commercial public relations (bestow on Apple's CEO for > lying about iSpookery), why even, pardon the ad disruption, > cryptosecurity everywhere floggers, nay, nay, hordes of educators > indenturing wage slaves, religious hustlers token-sucking the poorest > tax-avoiding the richest, and not worth slathering horse-dookie on > Lady Gaga Godiva, bloated governments wielding the armaments > of utter obedience for most none for a few. It is a cultural issue. It is not like people are going to suffer from cognitive dissonance if they do not allow themselves to peep outside of the box. > Which, clang cymbol, why demand only NSA stop it, stop > stomping invented civlib, why not demand all the world's spies > close shop, defuse the PALs of the WMD terrorists. Spies beget > world's worst spies, govs beget world's worst govs, biz begets > world's worst biz, secperts beget, so on, to wit, shit methane. > That sounds quite nihilistic. People will do what ever they can come up with. Unless someone tells them: "No, you can not do this. And if you do, I'm here to stop you." However, as long as people cling to power, the enablers so to speak, are there will be hard times ahead for people that are on the shitty end of the shtick. > Tis a damn lie, verily a rigged stat, a TED yip, that some official > secrecy is okay (Schneier, most secperts) just not too much, that is, > my secrecy, my NSA protection racket sold to world spies and > clueless public as costly and methaney, is perfume, yours is > RU and CN bowel gas -- as mirrored by RU and CN. True. Especially if it is concerned a people's government. But that would re-frame reality in which secrets serve a purpose. Most battles are preceded by a conspiracy of some kind. A conspiracy usually requires a great deal of security. And I'd like to venture into saying that people in power will not give up the power they legitimately have. Ever. Most of the public debate has been polarized to the point that people planting themselves on the middle ground of any argument are eaten by both sides anyway. There is a reason why people are closed gays, atheists, black, smurfs, anarchists, etcetera. If everyone would be as understanding as you and I we would not have to have this discussion in the first place. But we don't live in that world. People do hurt each other per-emptively because of a difference in culture, color, flag etc. > At 12:20 AM 6/16/2015, you wrote: >> On 06/15/2015 05:13 PM, zaki at manian.org wrote: >> >> >> >> > 2. There was a period of time when the Snowden cache was controlled >> > primarily by journalists with limited organizational support. Many bad >> > things could have happened. It is still mysterious if they did. >> >> Indeed. >> >> > 3.It also seems likely that competing services had access to many >> of the >> > same documents as Snowden did. It seems reasonable to assume there >> were >> > more people exfiltrating docs for private benefit than for public >> benefit >> > on the top secret network. >> >> Well damn, they could have been decent enough to post them on Cryptome >> or WikiLeaks ;) Even a hidden service site with a paywall would have >> been cool ;) >> >> > 4. What standard should organizations who handle secret information >> be held >> > to? The Intercept has hired some of top practitioners in the field. >> Is that >> > good enough? Less well funded institutions? >> >> What does "be held to" mean? By whom? >> >> > On Mon, Jun 15, 2015 at 11:10 AM, wrote: >> > >> >> | Glenn Greenwald at The//Intercept on The Sunday Times birdcage >> liner >> >> | 'reporting' that brought the story to press. >> >> | >> >> | >> >> >> https://firstlook.org/theintercept/2015/06/14/sunday-times-report-snowden= >> >> | -files-journalism-worst-also-filled-falsehoods/ >> >> >> >> >> >> If Snowden had zero copies and Greenwald/Poitras had the originals, >> >> then any Russo-Chinese fiddling with those originals was the result >> >> of having stolen them from Greenwald/Poitras, not Snowden. >> >> >> >> As the world turns, >> >> >> >> --dan >> >> >> >> >> > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9509 bytes Desc: not available URL: From zen at freedbms.net Mon Jun 15 18:05:13 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 16 Jun 2015 11:05:13 +1000 Subject: Possible SigInt Metadata Dump Files Circulating In-Reply-To: References: <535888a1de1bb28cdfd2ff2446166a65@cryptolab.net> <20150610143748.GK27932@nl.grid.coop> <20150612154813.GT27932@nl.grid.coop> <20150613175104.E23FAC0001C@frontend1.nyi.internal> Message-ID: On 6/16/15, Sean Lynch wrote: > Wilfred just won the bet he had with his schoolmates that we'd fall for > literally anything, including a claim that the government was tracking the > flow of every single bill and coin in circulation. Indeed. And this "story" is timed rather well to (In My Extremely High And Maximally Humble Opion) distract us from the (IMEHAMHO) much more relevant matter of the real time network injection attacks overloading even "security professionals" regardless of OS. For those who are truly paranoid or needing of security, we need a plan for a rock hard software stack for public communication. Cypherpunks - owned by some sci-fi wannabe author testing the concept pool of enthusiastic know alls. At least we're not the yank-tank. We're superrior or or ... or something. From jason.mcvetta at gmail.com Mon Jun 15 23:17:22 2015 From: jason.mcvetta at gmail.com (Jason McVetta) Date: Tue, 16 Jun 2015 13:17:22 +0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557f2ec2.90978c0a.ac99.ffff8ea5@mx.google.com> Message-ID: On Tue, Jun 16, 2015 at 3:06 AM, Juan wrote: > stolen? It would be fair to call it "stolen" iff they copied the data, then destroyed the original owner's copy. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 516 bytes Desc: not available URL: From seanl at literati.org Tue Jun 16 08:26:01 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 16 Jun 2015 15:26:01 +0000 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: <557C8A9F.7010807@pilobilus.net> References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> <557C8A9F.7010807@pilobilus.net> Message-ID: Lots of words, very few details. Fonts getting a "bit pixellated"? Are you kidding me? Packages "piggybacking on other packages"? This is all very imprecise language for someone who is attempting to convince us that something very grave is going on. And as usual, not a single hex dump of a single packet. Not of any of the packets supposedly spewing out of their supposedly disabled Ethernet port, not out of their supposedly disabled wifi card, not of one of these supposedly piggybacked packages. I can imagine why the writing of someone who was up against something like this might sound like the ravings of a lunatic. That's why I read the whole thing. But as I read, I kept wondering where the "there" was. But this feels far more like the sudden significance everything takes on when you take a hit of acid or are about to have a temporal lobe seizure than a genuine realization. I'm not saying these capabilities don't exist; I'm sure they do. I'm not even saying the author is lying or stupid. But most of us who are attracted to security research are a bit "on the edge" to begin with, and it seems like Snowden's revelations and the like have created all-powerful bogeymen in some of our minds and pushed us over the edge. We have people making claims like the NSA can break any encryption, that computers are communicating by sound (yes, BadBIOS is another of these), and that they've been "painted" by a network with all sorts of vague capabilities. I've been reading these stories with an open mind. Maybe some people in this field just talk that way. Maybe they're vague because they want to keep their research proprietary. But if that were the case, why not say so? Why not say what work you have yet to do and give an approximate date for a full announcement? Even assuming some of these claims are true, not asking for more evidence robs us of the ability to defend ourselves. Running off to build f2f networks is fun and all, but it's not going to do a lick of good if we have no idea what we're up against beyond some vague descriptions, especially when you consider that the capabilities of our adversaries go well beyond the technological. There is such a thing as technological security that's "too good", when you've spent all your time defending against technological attacks only to succomb to, as others on this thread have pointed out, a rubber hose. I love that this group is open minded. I love that anyone can make a claim and it will get seriously considered by many without requiring special credentials. But I also feel like a lot of people here are very easily ratholed by extraordinary claims that lack not just extraordinary evidence, but any evidence whatsoever other than someone we may or may not know well saying it's so. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3010 bytes Desc: not available URL: From tim at diffalt.com Tue Jun 16 12:36:08 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 16 Jun 2015 15:36:08 -0400 Subject: =?UTF-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCA=?= =?UTF-8?B?dGltZSDDlyAoYWxzbzogJ0JhbHJvZycgbWFsbmV0LCBmaXJzdGhhbmQgdmlldyk=?= In-Reply-To: References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> <557C8A9F.7010807@pilobilus.net> Message-ID: <55807AA8.3070403@diffalt.com> In theory. Let's come down to the realm of things we run into in the wild. Figments of theory-crafting because someone thought of a certain attack vector is not what anyone concerned about real life issues considers a threat. It's an academic exercise. If you want to theory-craft, expand on the RSA infiltration. Pre-computed elliptic curves seem to be the next forefront. Are the capabilities of agencies up to par with what we know and throw at them. Brute-forcing is, after all, anyone's game. I'd like people to look into the intellectual wasteland that is the mobile phone industry. Those are vectors that the intelligence community has about full control over. Not your dumb-ass VGA card. I simply don't get why people that own a phone worry about things that are not even remotely proven to be an actual issue. On 6/16/2015 12:54 PM, Natanael wrote: > And yes, that's 100% possible. From grarpamp at gmail.com Tue Jun 16 12:48:35 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 16 Jun 2015 15:48:35 -0400 Subject: Joystream Bitcoin Enabled Torrenting Message-ID: http://www.joystream.co/ Interesting, yet such a tool / market in forbidden bandwidth still hasn't proposed or integrated the required anonymity and common IPv6 transport that todays multitude of would be JoyBEP compliant BT apps and users would need in order to protect and scale their activities in some sort of point and click cutover of the masses. [Though a few common clients do now work with I2P. No client seems to have the interface / code handle massive (100s, 1000s) torrent libraries very well, such that those wanting to run a profitable business might wish to manage (divide and conquer model excepted).] http://www.reddit.com/r/Bitcoin/comments/39xgln/joystream_torrent_client_with_paid_seeding/ http://www.reddit.com/r/Bitcoin/comments/3a0pff/joystream_pay_or_get_paid_for_bittorrent/ https://en.wikipedia.org/wiki/Anonymous_P2P https://code.google.com/p/phantom/ http://maidsafe.net/ http://storj.io/ http://filecoin.io/ http://www.reddit.com/r/i2p/comments/35lksd/is_there_really_a_reason_to_use_vuze_for_i2p/ http://dev.vuze.com/ From natanael.l at gmail.com Tue Jun 16 09:44:40 2015 From: natanael.l at gmail.com (Natanael) Date: Tue, 16 Jun 2015 18:44:40 +0200 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: Message-ID: On Fri, Jun 12, 2015 at 12:02 PM, Zenaan Harkness wrote: > On 6/12/15, Natanael wrote: > > Den 12 jun 2015 10:19 skrev "Zenaan Harkness" : > > Don't do F2F at the lowest network layer. Don't give away sociograms, > don't > > allow timing attacks, and avoid the whole NAT issue. > > Sorry, I'm thinking about it differently - like a physical layer. > > Let's name it differently: H2H - HUG node to HUG node, which might be > overlayed over existing ISP/ centralized net, or might be your own PHY > layer (e.g. local street-level wireless). > > So, treat this is a PHY layer, where everyone is expected to connect, > relatively speaking, to their neighbours. > > A F2F (by terminology/meaning) would overlay on top of that. > So like what CJDNS does? https://en.wikipedia.org/wiki/Cjdns It can be compared to a kind of VPN, it creates an IPv6 addressed network in the private fc:: range where the addresses are based on hashes of public keys. The connections can go over the internet, or over meshnets, or over your local LAN, or over a RONJA link (http://ronja.twibright.com/about.php). Then on top of that you could run anonymization like I2P and any other services you might want. > The key that I2P (and Tor for that matter) are missing is fill packets > - i.e., the nodes you talk to, promise to backfill their link to you > (likewise you to them) any empty packet slots, so that the link > maintains a continuous throughput (to hide all real traffic within) - > the only thing a state-level adversary (or ISP-level for that matter) > can do to analyse things is kill the link entirely (shock testing), > which can correlate your traffic with "exit node" traffic, but is much > harder to see anything when you are only operating within the dark > net. > > This is now a very important feature which our anonymizing network > software needs in order to provide any meaningful protection. > > Local PHY is now also very very useful to increasing network access > anonymity. This urgently needs some research study/papers to analyse/ > determine the best ways (within eg onion routing context) to maximise > advantage of off-net (private PHY layers). > IIRC support for that already exists in I2P, although not yet implemented. The protocol already have support for a number of things like fake filler traffic. Anonymizing routing in local networks can be hard to achieve against timing attacks and other correlation attacks, in particular when assisted by DoS. The problem is that there's typically a limited number of local routes going outwards, poor interconnction and not many long-range links, and node-to-node links reflect human sociograms very well. Having I2P being able to support connections over both types of networks simultaneously would be an advantage. > "Just use..." is very problematic! Please do not be so cavalier with > your languaging as those without understanding might mistake your > absolutist languaging for relevant fact (as opposed to intuitive sense > or reasonable avenue for consideration depending on various factors > .... etc etc)! > I'm using "just" as a synonym for "doesn't need novel research, can be implemented by a any experienced programmer". As compared to requiring experts in the field to create new algorithms to make it possible, practical and secure. The difference between "needs time" and "needs brainpower". > I've done a lot of thinking on P2P social networks, I'll share later, > > Great. Looking forward to your thoughts. Please don't portend that > there are easy conclusive "solutions". There are not! I'm aware there's a very significant amount of work required, see my comment above. I'm trying to gather the various things I've written about it now. There's a lot to write down. There's a lot of questions about how to make it work without massive overhead. I'm trying to figure out how it should work on each level of abstraction, from data encoding to routing to key management, etc... I want to see a mainly P2P oriented system that allows for server assistance (for distribution of signed data, storage, receiving messages on your behald when you're offline, synchronization / coordination, etc...). And I keep finding edge cases that would be messy with most of the potential solutions I'm considering, which is another reason for why I don't have a complete sketch written down yet. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5933 bytes Desc: not available URL: From natanael.l at gmail.com Tue Jun 16 09:54:10 2015 From: natanael.l at gmail.com (Natanael) Date: Tue, 16 Jun 2015 18:54:10 +0200 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> <557C8A9F.7010807@pilobilus.net> Message-ID: On Tue, Jun 16, 2015 at 5:26 PM, Sean Lynch wrote: > Lots of words, very few details. Fonts getting a "bit pixellated"? Are you > kidding me? > http://www.pcworld.com/article/2921092/gpu-malware-can-also-affect-windows-pcs-possibly-macs.html There's an endless number of ways that malware that don't follow any neat process isolation model with clean usage of API:s can cause what would be experienced as glitches. Hiding executables in GPU memory assigned to fonts can do that. And yes, that's 100% possible. > Packages "piggybacking on other packages"? This is all very imprecise > language for someone who is attempting to convince us that something very > grave is going on. And as usual, not a single hex dump of a single packet. > Not of any of the packets supposedly spewing out of their supposedly > disabled Ethernet port, not out of their supposedly disabled wifi card, not > of one of these supposedly piggybacked packages. > They might not want to show examples of the injection attacks in order to not reveal how they're detecting the traffic. Look up NSA's Turmoil and Quantum Insert. > I'm not saying these capabilities don't exist; I'm sure they do. I'm not > even saying the author is lying or stupid. > First of all, it is written mostly for a non-technical audience. Second, you're a bit stuck on the high-level models of computers here, you're not considering how the effects of binary level tampering and code exploits and altering RAM and even firmware for persistence attacks ( http://www.wired.com/2015/02/nsa-firmware-hacking/) might manifest themselves. To somebody who thought he really did secure his systems well, the signs that well obscured malware will show will make it look like your computer has ghosts. > Even assuming some of these claims are true, not asking for more evidence > robs us of the ability to defend ourselves. Running off to build f2f > networks is fun and all, but it's not going to do a lick of good if we have > no idea what we're up against beyond some vague descriptions, especially > when you consider that the capabilities of our adversaries go well beyond > the technological. There is such a thing as technological security that's > "too good", when you've spent all your time defending against technological > attacks only to succomb to, as others on this thread have pointed out, a > rubber hose. One problem is that the attacks change too fast. Holding off until they change it themselves can allow you to detect even more of their activity than anybody would if you told the world right away. Otherwise they'll instantly stop the particular attacks you detected and switch to something else. At best one could release details of how to analyze your old offline backups for signs of infections. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3897 bytes Desc: not available URL: From hozer at hozed.org Tue Jun 16 21:25:13 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 16 Jun 2015 23:25:13 -0500 Subject: Free Advice for FBI/OPM/NSA/DOE: full-disclosure hardware Message-ID: <20150617042513.GW27932@nl.grid.coop> Okay, so apparently the CIA pulled a fast one on you, and now everyone with a security clearance is (probably) getting doxed[1]. "Outsiders must be deputized to audit the systems, brutally assess their failings, and put together an aggressive plan to both find existing breaches (who knows what’s still lurking in OPM’s systems right now?) and prevent further ones. Every government agency should be subject to an outside cybersecurity audit, and I include the NSA in that" So since I'm a nice guy (or maybe just a guy with an open-source hardware business plan) the first thing I want to audit is the PCB layout of the server(s) that got hacked. I'll even do it for free if you publish the schematic and board layout under a license compatible with the Debian Free Software guidelines. Now, on the other hand, if your hardware vendor is going to whine like a child who got caught with their hand in the candy jar about 'IP' and such, I will be happy to start reviewing how broken Intel/AMD/etc chips and motherboards are with a confidentiality agreement if you agree to pay my retainer. (which is approximately the amount I need to buy some farmland and wind turbines.) [1] http://www.slate.com/articles/technology/future_tense/2015/06/opm_hack_it_s_a_catastrophe_here_s_how_the_government_can_stop_the_next.html So if anyone is actually serious about security, then I'll know because there will be more than just me talking about why we need full-disclosure hardware that you can X-ray and compare to an image signed and hosted by multiple independent and competing nation-state or multinational-corporate level security agencies. If your Intel motherboard matches the image signed by IBM, China Telcom, and Iran, than it's probably safe for Democrats to use, and good for Republicans if Saudi Arabia signs it. Any politician using an image signed only by an agency they supervise should be immediately impeached. From hozer at hozed.org Tue Jun 16 21:28:59 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 16 Jun 2015 23:28:59 -0500 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <20150616081131.GL10743@leitl.org> References: <20150616081131.GL10743@leitl.org> Message-ID: <20150617042859.GX27932@nl.grid.coop> So anyone want to take bets on if it's Gavin+Hearn that have a short position on bitcoin, or if it's Adam Back? (Well, okay, who's *paying* them that has a short position.. they probably have been conditioned to believe they are doing the 'right' thing) This to me looks like someone is engineering an engineering basis for a bitcoin price crash, just as demand is going to pick up. On Tue, Jun 16, 2015 at 10:11:31AM +0200, Eugen Leitl wrote: > ----- Forwarded message from Adam Back ----- > > Date: Mon, 15 Jun 2015 20:03:25 +0200 > From: Adam Back > To: Mike Hearn > Cc: Bitcoin Dev > Subject: Re: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork > Message-ID: > > Hi Mike > > Well thank you for replying openly on this topic, its helpful. > > I apologise in advance if this gets quite to the point and at times > blunt, but transparency is important, and we owe it to the users who > see Bitcoin as the start of a new future and the$3b of invested funds > and $600m of VC funds invested in companies, we owe it to them that we > be open and transparent here. > > I would really prefer on a personal nor professional basis to be > having this conversation period, never mind in public, but Mike - your > and Gavin's decision to promote a unilateral hard-fork and code fork > are extremely high risk for bitcoin and so there remains little > choice. So I apologise again that we have to have this kind of > conversation on a technical discussion list. This whole thing is > hugely stressful and worrying for developers, companies and investors. > > I strongly urge that we return to the existing collaborative > constructive review process that has been used for the last 4 years > which is a consensus by design to prevent one rogue person from > inserting a backdoor, or lobbying for a favoured change on behalf of a > special interest group, or working for bad actor (without accusing you > of any of those - I understand you personally just want to scale > bitcoin, but are inclined to knock heads and try to force an issue you > see, rather than work collaboratively). > > For you (and everyone) > > - Should there be a summit of some kind, that is open attendance, and > video recorded so that people who are unable to attend can participate > too, so that people can present the technical proposals and risks in > an unbiased way? > > (It is not theoretical question, I may have a sponsor and host - not > Blockstream, an independent, its a question for everyone, developers, > users, CTOs, CEOs.) > > > > So here I come back to more frank questions: > > Governance > > The rest of the developers are wise to realise that they do not want > exclusive control, to avoid governance centralising into the hands of > one person, and this is why they have shared it with a consensus > process over the last 4 years. No offence but I dont think you > personally are thinking far enough ahead to think you want personal > control of this industry. Maybe some factions dont trust your > motives, or they dont mind, but feel more assured if a dozen other > people are closely reviewing and have collective review authority. > > - Do you understand that attempting to break this process by > unilateral hard-fork is extremely weakening of Bitcoin's change > governance model? > > - Do you understand that change governance is important, and that it > is important that there be multiple reviewers and sign-off to avoid > someone being blackmailed or influenced by an external party - which > could potentially result in massive theft of funds if something were > missed? > > - Secondarily do you understand that even if you succeed in a > unilateral fork (and the level of lost coins and market cap and damage > to confidence is recoverable), that it sets a precedent that others > may try to follow in the future to introduce coercive features that > break the assurances of bitcoin, like fungibility reducing features > say (topically I hear you once proposed on a private forum the concept > of red-lists, other such proposals have been made and quickly > abandoned), or ultimately if there is a political process to obtain > unpopular changes by unilateral threat, the sky is the limit - rewrite > the social contract at that point without consensus, but by > calculation that people will value Bitcoin enough that they will > follow a lead to avoid risk to the system? > > > Security > > As you probably know some extremely subtle bugs in Bitcoin have at > times slipped past even the most rigorous testings, often with > innocuous but unexpected behaviours, but some security issues Some > extremely intricate and time-sensitive security defect and incident > response happens from time to time which is not necessarily publicly > disclosed until after the issue has been rolled out and fixed, which > can take some time due to the nature of protocol upgrades, > work-arounds, software upgrade via contacting key miners etc. We > could take an example of the openSSL bug. > > - How do you plan to deal with security & incident response for the > duration you describe where you will have control while you are > deploying the unilateral hard-fork and being in sole maintainership > control? > > - Are you a member of the bitcoin security reporting list? > > On 15 June 2015 at 11:56, Mike Hearn wrote: > > I will review both and mostly delegate to Gavin's good taste around the > > details, unless there is some very strong disagreement. But that seems > > unlikely. > > ... > > Feedback will be read. There are no NACKS in Bitcoin XT. Patch requests > > aren't scored in any way. The final decision rests with the maintainer as in > > ~all open source projects. > > As you know the people who have written 95% of the code (and reviewed, > and tested, and formally proved segments etc) are strenuously advising > not to push any consensus code into public use without listening to > and addressing review questions which span beyond rigorous code & > automated guided fuzz testers, simulation and sometimes formal proofs, > but also economics, game-theory and critically very subtle > determinism/consensus safety that they have collectively 4-5 years > experience of each. > > - Will you pause your release plans if all of the other developers > insist that the code or algorithm is defective? > > - Please don't take this the wrong way, and I know your bitcoinj work > was a significant engineering project which required porting bitcoin > logic. But If the answer to the above question is no, as you seemed > to indicate in your response, as you not have not written much bitcoin > core code yourself (I think 3 PRs in total), do you find yourself more > qualified than the combination of peer review of the group of people > who have written 95% of it, and maintained it and refactored most of > it over the last 4-5 years? > > I presume from your security background you are quite familiar with > the need for review of crypto protocol changes & rigorous code review. > That is even more the case with Bitcoin given the consensus > criticality. > > >> - On the idea of a non-consensus hard-fork at all, I think we can > >> assume you will get a row of NACKs. Can you explain your rationale > >> for going ahead anyway? The risks are well understood and enormous. > > > > If Bitcoin runs out of capacity it will break and many of our users will > > leave. That is not an acceptable outcome for myself or the many other > > wallet, service and merchant developers who have worked for years to build > > an ecosystem around this protocol. > > That you are frustrated, is not a sufficient answer as to why you are > proposing to go ahead with a universally acknowledged extreme network > divergence danger unilateral hard-fork, lacking wide-spread consensus. > People are quite concerned about this. Patience, caution and prudence > is necessary in a software system with such high assurance > requirements. > > So I ask again: > > - On the idea of a non-consensus hard-fork at all, I think we can > assume you will get a row of NACKs. Can you explain your rationale > for going ahead anyway? The risks are well understood and enormous. > > Note the key point is that you are working on a unilateral hard-fork, > where there is a clear 4 year established process for proposing > improvements and an extremely well thought out and important change > management governance process. While there has been much discussion, > you nor Gavin, have not actually posted a BIP for review. Nor > actually was much of the discussion even conducted in the open: it was > only when Matt felt the need to clear the air and steer this > conversation into the open that discussion arose here. During that > period of private discussion you and Gavin were largely unknown to > most of us lobbying companies with your representation of a method > that concerns everyone of the Bitcoin users. Now that the technical > community aware aware they are strenuously discouraging you on the > basis of risks. > > > Openness > > - Do you agree that bitcoin technical discussions should happen in the open? > > - As this is a FOSS project, do you agree that companies should also > be open, about their requirements and trade-offs they would prefer? > > - Can you disclose the list of companies you have lobbied in private > whether they have spoken publicly or not, and whether they have > indicated approval or not? > > - Did you share a specific plan, like a BIP or white paper with these > companies, and if so can we see it? > > - If you didnt submit a plan, could you summarise what you asked them > and what you proposed, and if you discussed also the risks? (If you > asked them if they would like Bitcoin to scale, I expect almost > everyone does, including every member of the technical community, so > that for example would not fairly indicate approval for a unilateral > hard-fork) > > I and others will be happy to talk with the CTO and CEOs of companies > you have lobbied in private, for balance to assure ourselves and the > rest of the community that their support was given - and with full > understanding of the risks of doing it unilaterally, without peer > review, benefit of maintenance and security inidence management, and > what exactly they are being quoting as having signed up for. > > (This maybe more efficiently and openly achieved by the open process, > on a mailing list, maybe a different one even special purpose to this > topic, with additional option of the open public meeting I proposed at > the top). > > - Do you agree that it would be appropriate, that companies be aware > of both the scaling opportunities (of course, great everyone wants > scalability) as well as the technical limits and risks with various > approaches? And that these be presented by parties from a range of > views to ensure balance? > > - Do you consider your expression of issues to hold true to the ideal > of representing balanced nuanced view of all sides of a technical > debate, even when under pressure or feeling impatient about the > process? > > You may want to review the opening few minutes of your epicenter 82 > bitcoin for example where you claimed and I quote "[the rest of the > technical community] dont want capacity to ever increase and want it > to stay where it is and when it fills up people move to other > systems". > > - Do you think that is an accurate depiction of the complex trade-offs > we have been discussing on this list? > > (For the record I am not aware of a single person who has said they do > not agree with scaling Bitcoin. Changing a constant is not the > hard-part. The hard part is validating a plan and the other factors > that go into it. It's not a free choice it is a security/scalability > tradeoff. No one will thank us if we "scale" bitcoin but break it in > hard to recover ways at the same time.) > > - Were you similarly balanced in your explanations when talking to > companies in private discussions? > > - Do you understand that if we do not work from balanced technical > discussion, that we may end up with some biased criteria? > > Authority > > Neither you nor Gavin have any particular authority here to speak on > behalf of Bitcoin (eg you acknowledge in your podcast that Wladimir is > dev lead, and you and Gavin are both well aware of the 4 year > established change management consensus decision making model where > all of the technical reviewers have to come to agreement before > changes go in for security reasons explained above). I know Gavin has > a "Chief Scientist" title from the Bitcoin Foundation, but sadly that > organisation is not held in as much regard as it once was, due to > various irregularities and controversies, and as I understand it no > longer employs any developers, due to lack of funds. Gavin is now > employed by MIT's DCI project as a researcher in some capacity. As > you know Wladimir is doing the development lead role now, and it seems > part of your personal frustration you said was because he did not > agree with your views. Neither you nor Gavin have been particularly > involved in bitcoin lately, even Gavin, for 1.5 years or so. > > - Do you agree that if you presume to speak where you do not have > authority you may confuse companies? > > > If Bitcoin runs out of capacity it will break and many of our users will > > leave. That is not an acceptable outcome for myself or the many other > > wallet, service and merchant developers who have worked for years to build > > an ecosystem around this protocol. > > But I think this is a false dichotomy. As I said in previous mail I > understand people are frustrated that it has taken so long, but it is > not the case that no progress has been made on scalability. > > I itemised a long list of scalability work which you acknowledged as > impressive work (CPU, memory, network bandwidth/latency) and RBF, CPFP > fee work, fee-estimation, and so on, which you acknowledged and are > aware of. > > There are multiple proposals and BIPs under consideration on the list right now. > > - what is the reason that you (or Gavin) would not post your BIP along > side the others to see if it would win based on technical merit? > > - why would you feel uniquely qualified to override the expert opinion > of the rest of the technical community if your proposal were not > considered to have most technical merit? (Given that this is not a > simple market competition thing where multiple hard-forks can be > considered - it is a one only decision, and if it is done in a > divisive unilateral way there are extreme risks of the ledger > diverging.) > > Network Divergence Risk > > >> - How do you propose to deal with the extra risks that come from > >> non-consensus hard-forks? Hard-forks themselves are quite risky, but > >> non-consensus ones are extremely dangerous for consensus. > > > > The approach is the same for other forks. Voting via block versions and then > > when there's been >X% for Y time units the 1mb limit is lifted/replaced. > > But this is not a soft-fork, it is a hard-fork. Miner voting is only > peripherally related. Even if in the extremis 75% of miners tried a > unilateral hard-fork but 100% of the users stayed on the maintained > original code, no change would occur other than those miners losing > reward (mining fork-coins with no resale value) and the difficulty > would adjust. The miners who made an error in choice would lose money > and go out of business or rejoin the chain. > > However if something in that direction happens with actual users and > companies on both sides of it users will lose money, the ledger will > diverge as soon as a single double-spend happens, and never share a > block again, companies will go instantly insolvent, and chaos will > break out. This is the dangerous scenario we are concerned about. > > So the same question again: > > - How do you propose to deal with the extra risks that come from > non-consensus hard-forks? Hard-forks themselves are quite risky, but > non-consensus ones are extremely dangerous for consensus. > > > Being sensitive to alarming the market > > It is something akin to Greece or Portugal or Italy exiting the euro > currency in a disorderly way. Economists and central bank policy > makers are extremely worried about such an eventuality and talk about > related factors in careful, measured terms, watch Mario Draghi when he > speaks. > > Imagine that bitcoin is 10x or 100x bigger. Bitcoin cant have people > taking unilateral actions such as you have been proposing. It is not > following the consensus governance process, and not good policy and it > is probably affecting bitcoin confidence and price at this moment. > > >> - Do you have contingency plans for what to do if the non-consensus > >> hard-fork goes wrong and $3B is lost as a result? > > > > Where did you get the $3B figure from? The fork either doesn't happen, or it > > happens after quite a long period of people knowing it's going to happen - > > for example because their full node is printing "You need to upgrade" > > messages due to seeing the larger block version, or because they read the > > news, or because they heard about it via some other mechanisms. > > This is not a soft-fork, and the community will not want to take the > risks once they understand them, and they have months in which to > understand them and at this point you've motivated and wasted 100s of > developer man hours such that we will feel impelled to make sure that > no one opts into a unilateral hard-fork without understanding the > risks. It would be negligent to allow people to do that. Before this > gets very far FAQs will be on bitcoin.org etc explaining this risk I > would imagine. Its just starting not finished. > > What makes you think the rest of the community may not instead prefer > Jeff Garzik's BIP after revisions that he is making now with review > comments from others? > > Or another proposal. Taken together with a deployment plan that sees > work on decentralisation tying into that plan. > > - If you persisted anyway, what makes you think bitcoin could not make > code changes defensively relating to your unilateral fork? > (I am sure creative minds can find some ways to harden bitcoin against > a unilateral fork, with a soft-fork or non-consensus update can be > deployed much faster than a hard-fork). > > I tried to warn Gavin privately that I thought he was under-estimating > the risk of failure to his fork proposal due to it being unilateral. > Ie as you both seem sincere in your wish to have your proposal > succeed, then obviously the best way to do that is to release a BIP in > the open collaborative process and submit it to review like everyone > else. Doing it unilaterally only increases its chance of failure. > > The only sensible thing to do here is submit a BIP and stop the > unilateral fork threat. > > Scalability Plans > > > Let me flip the question around. Do you have a contingency plan if Bitcoin > > runs out of capacity and significant user disruption occurs that results in > > exodus, followed by fall in BTC price? The only one I've seen is "we can > > perform an emergency hard fork in a few weeks"! > > Yes people have proposed other plans. Bryan Bishop posted a list of them. > > Jeff Garzik has a proposal, BIP-100 which seems already better than > Gavin's having benefit of peer review which he has been incorporating. > > I proposed several soft-fork models which can be deployed safely and > immediately, which do not have ledger risk. > > I have another proposal relating to simplified soft-fork one-way pegs > which I'll write up in a bit. > > I think there are still issues in Jeff's proposal but he is very open > and collaborating and there maybe related but different proposals > presently. > > >> As you can probably tell I think a unilateral fork without wide-scale > >> consensus from the technical and business communities is a deeply > >> inadvisable. > > > > Gavin and I have been polling many key players in the ecosystem. The > > consensus you seek does exist. All wallet developers (except Lawrence), all > > the major exchanges, all the major payment processors and many of the major > > mining pools want to see the limit lifted (I haven't been talking to pools, > > Gavin has). > > It does not seem to me that you understand the issue. Of course they > want to increase the scalability of bitcoin. So does everyone else on > this mailing list. > > That they would support that is obvious. If you presented your > unilateral action plan without explaining the risks too. > > I think I covered this further above. If you would like to share the > company list, or we can invite them to the proposed public physical > meeting, I think it would be useful for them to have a balanced view > of the ledger divergence risks, and alternative in-consensus proposals > underway, as well as the governance risks, maintenance risks, security > incident risks. > > Note that other people talk to companies too, as part of their day to > day jobs, or from contacts from being in the industry. You have no > special authority or unique ability to talk with business people. Its > just that the technical community did not know you were busy doing > that. > > I can not believe that any company that would listen to their CTO, CSO > or failing that board would be ok with the risks implied by what you > are proposing on full examination. > > > This notion that the change has no consensus is based on you polling the > > people directly around you and people who like to spend all day on this > > mailing list. It's not an accurate reflection of the wider Bitcoin community > > and that is one of the leading reasons there is going to be a fork. A small > > number of people have been flatly ignoring LOTS of highly technical and > > passionate developers who have written vast amounts of code, built up the > > Bitcoin user base, designed hardware and software, and yes built companies. > > I know you want scale bitcoin, as I said everyone here does. I think > what you're experiencing is that you've had more luck explaining your > pragmatic unilateral plan to non-technical people without peer review, > and so not experienced the kind of huge pushback you are getting from > the technical community. The whole of bitcoin is immensely > complicated such that it takes an uber-geek CS genius years to > catchup, this is not a slight of any of the business people who are > working hard to deploy Bitcoin into the world, its just complicated > and therefore not easy to understand the game-theory, security, > governance and distributed system thinking. I have a comp sci PhD in > distributed systems, implemented p2p network systems and have 2 > decades of applied crypto experience with a major interest in > electronic cash crypto protocols, and it took me a several years to > catchup and even I have a few hazy spots on low-level details, and I > addictively into read everything I could find. Realistically all of > us are still learning, as bitcoin combines so many fields that it > opens new possibilities. > > What I am expecting that yourself and Gavin are thinking is that > you'll knock heads and force the issue and get to consensus. > > However I think you have seriously misjudged the risks and have not > adequately explained them to companies you are talking with. Indeed > you do not fully seem to acknowledge the risks, nor to have a well > thought out plan here of how you would actually manage it, nor the > moral hazards of having a lone developer in hugely divisive > circumstances in sole control of bitcoins running code. Those are > exactly the reasons for the code change governance process! > > Even though you are trying to help, the full result is you are not > helping achieve anything by changing a constant and starting a > unilateral hard-fork (not to trivialise the work of making a patch to > do that). > > The work to even make the constant change be feasible was a result of > 1000s of hours of work by others in the development community, that is > emphatically and unilaterally telling you that hard-forks are hugely > inadvisable. > > You are trying to break the code change governance security procedure > that were put in place for good reason for the security of $3b of > other peoples money, even if you have a pragmatic intent to help, this > is flat out unacceptable. > > There are also security implications to what you are proposing, which > I have heard you attempting to trivialise, that are core to Bitcoins > security and core functionality. > > > the overwhelming impression I get from a few > > others here is that no, they don't want to scale Bitcoin. They already > > decided it's a technological dead end. > > I think this is a significant mischaracterisation, and I think almost > everybody is on board with a combination plan: > > 1. work to improve decentralisation (specific technical work already > underway, and education) > 2. create a plan to increase block-size in a slow fashion to not cause > system shocks (eg like Jeff is proposing or some better variant) > 3. work on actual algorithmic scaling > > In this way we can have throughput needed for scalability and security > work to continue. > > As I said you can not scale a O(n^2) broadcast network by changing > constants, you need algorithmic improvements. > > People are working on them already. All of those 3 things are being > actively worked on RIGHT NOW, and in the case of algorithmic scaling > and improve decentralisation have been worked on for months. > > You may have done one useful thing which is to remind people that > blocks are only 3x-4x below capacity such that we should look at it. > > But we can not work under duress of haste, nor unilateral ultimatums, > this is the realm of human action that leads to moral hazard, and > ironically reminds us of why Satoshi put the quote in the genesis > block. > > Bitcoin is too complex a system with too much at stake to be making > political hasty decisions, it would be negligent to act in such a way. > > Again please consider that you did your job, caused people to pay > attention, but return to the process, submit a BIP, retract the > unilateral hard-fork which is so dangerous and lets have things be > calm, civil and collaborative in the technical zone of Bitcoin and not > further alarm companies and investors. > > Adam > > ------------------------------------------------------------------------------ > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development at lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > ----- End forwarded message ----- -- ---------------------------------------------------------------------------- Troy Benjegerdes 'da hozer' hozer at hozed.org 7 elements earth::water::air::fire::mind::spirit::soul grid.coop Never pick a fight with someone who buys ink by the barrel, nor try buy a hacker who makes money by the megahash From grarpamp at gmail.com Tue Jun 16 23:55:06 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 02:55:06 -0400 Subject: ECHR Censors Comments, Pushes Liability, Likes Monitoring Message-ID: http://hudoc.echr.coe.int/sites/eng/pages/search.aspx?i=001-155105 https://www.accessnow.org/blog/2015/06/16/delfi-as-v.-estonia-a-blow-to-free-expression-online http://arstechnica.co.uk/tech-policy/2015/06/shock-european-court-decision-websites-are-liable-for-users-comments/ In a surprise decision, the European Court of Human Rights (ECHR) in Strasbourg has ruled that the Estonian news site Delfi may be held responsible for anonymous and allegedly defamatory comments from its readers. One of the worrying aspects of the ECHR decision is that it may encourage the idea that intermediaries are liable for "manifestly unlawful" content, without specifying what "manifestly unlawful" actually means. Also troubling is that the judgment upholds a finding that "proactive monitoring" of Internet users can be required. From grarpamp at gmail.com Wed Jun 17 00:27:52 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 03:27:52 -0400 Subject: Free Advice for FBI/OPM/NSA/DOE: full-disclosure hardware In-Reply-To: <20150617042513.GW27932@nl.grid.coop> References: <20150617042513.GW27932@nl.grid.coop> Message-ID: On Wed, Jun 17, 2015 at 12:25 AM, Troy Benjegerdes wrote: > PCB layout of the server(s) that got hacked. The gate counts in the chips moots the PCB. > 'IP' and such > ... > because there will be more than just me talking about why we need > full-disclosure hardware that you can X-ray and compare to an image > signed and hosted by multiple independent and competing nation-state > or multinational-corporate level security agencies. > ... > If your Intel motherboard matches the image signed by IBM, Private xraying to validate an individual chip is fine, but does nothing for everyone else. If you already have and are validating the [somehow open] image, you might as well open-source and open-up the entire fab. That way you know everything rolling off the line is good. While you may trust the chip to image in your hand, do you trust Intel, Huawei, Qualcomm, TSMC? https://en.wikipedia.org/wiki/Foundry_model From tim at diffalt.com Wed Jun 17 05:53:55 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 08:53:55 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> Message-ID: <55816DE3.3010405@diffalt.com> On 6/16/2015 9:16 PM, Zenaan Harkness wrote: > On 6/17/15, Tim Beelen wrote: >> On 6/16/2015 7:13 AM, John Young wrote: >>> WikiLeaks WikiTweets only .05% of Snowden documents have been >>> declassified for release by the spy-micking hoarders, out of nearly 1M. >>> Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% >>> of DoD's defense industry mass overkill 1.7M. >> The reason for this is the work that /all/ of these institutes do. It is >> bigger then what an individual or, is some cases, a small group can >> accomplish. And can easily be undermined if details are published. Who >> is it to say that what CIA has been doing is not in U.S. best interest. >> You? Me? > You just bought not only the false presumption, but a logical > impossibility - without knowledge in detail of the CIA's actual > actions, I am unable to prove their violations. So, you have no knowledge of all the details of the CIA's actions, but you are sure that they consist of violations? Is that right? By the way, the CIA is under congressional oversight. That is where accountability ends. They don't have to explain themselves to you. How effective is this oversight? I think the vast majority Members of Congress in general do not have the cognitive skills to understand the issues that the CIA creates. Let alone come to an agreement on how to handle the agency. To summarize the problem: the CIA is has about 20.000 employees. Which is substantially bigger then in the 1950s where they had maybe about 4-5.000. They are an intelligence office. They started out gathering intelligence, gained intelligence gathering capabilities and now have capabilities to operate independently to some extent for some years. Now, we know they spy on Congress. Manipulate congress. Overthrow governments. Steer elections. But who controls them? With no oversight they basically do 'whatever' and 'whatever' is quite a dangerous thing to do. Now, in hindsight, I don't care if they go around the world and bully people into playing nice. But that is besides the point. The problem is the culture. Recent breaches of security contractors have shown that information technology information gatherers (ITIG) employs a lot of clowns. Like you, you want a polarized version of the world where the CIA is bad. Just bad. And by your own admission you don't even care what they do, you are just looking to punish them. That is not a data driven assessment, it's just operating on assumptions. Which is what the U.S. Government's foreign policies are based on. Which is why I know that either a. the CIA does not hold it's information gathering capabilities to a professional standard, or b, they listen to clowns. And this brings us back to the CIA who is SUPPOSED TO JUST FUCKING BE MIDDLE MANAGEMENT. Instead they gave middle management a gun and told them to go fix things in the world. Middle management has always been decorated five U.S. flags, with sprinkles with red white and blue and enough U.S. jingoism to fill a stadium. I.e. it created the CIA. Now I assume, as a Congressional committee, that every time you ask the CIA for a report on a foreign issue they do a little sing and dance and ask for more money to go solve it. Because the following things are *always* valid: a. They can claim they have limited capabilities to get men on the ground. and b. With the right people and equipment and amount of cash Congress does not have to send in the military if things get really nasty if they solve it for them. Other then that I don't think people working for the CIA are that different from the majority in that they polarize the world to preserve their sanity: They want every Arab to be bad. And actively want to know everything about them, just to make them look bad. They know that ever Congress Member or committee might not vote in their best interest, so everyone needs to be manipulated. And if I had a track record of overthrowing governments, fixing elections and operating with impunity overseas because foreign governments *allow* them. I'd be feeling pretty awesome about myself too. All the while they are operating under the grace of congress. This is not the only institute that grew out of control in the United States. And the fact that I don't sleep well is that even if I printed this piece of text on a piece of paper and went around congress and tacked it on each of their foreheads it would not change anything. It is just that to be make a person aware of a problem does not give them the skills or knowledge to deal with it. And really, all congress has to do is take the gun away from middle management. This ofc is a bad analogy. I believe everyone should be able to carry a gun if they please. > Are you suggesting CIA, NSA, FBI, etc ought do what they will, except > ath someone is able to say that what they've been doing is not in U.S. > best interest? That sounds inane. > > I am not even in U.S. nor a U.S. citizen - to me your statement sounds > highly problematic and indicative and problematic nationalist think. Yes. I like my country. I has lots of nice people. > Yes we need a balance of powers in the world - we need national > strength and unity, but this applies to all countries, not just to the > U.S.! Considering what you said about the problems with nationalistic think in your last paragraph I take this as an admission you're well versed in doublethink. > Collections of power, as happens with govt, attract more power abusers > than benevolent dictators, unfortunately. For this reason, a one world > government would be doomed from the outset. We need a strong Russia, a > strong America, and strong small countries etc. I don't need a stronk Russia. Russian culture is not conducive to how I'd like people to run things. Emphasis on people. Not the government. > It's the only hope for any long term semblance of balance. If the > world we a single U.S.A.W. entity, Snowden could never have happened. > Of course Snowden required a courageous individual too, but it would > have required someone willing to actually give up the rest of their > life if there were no possbility of sanction anywhere in the world. The Ed event would still have happened. It is just the retarded notion that to be make a person aware of somehow gives them the insight to deal with it. > You might reconsider your push to have someone other than yourself > somehow prove that the CIA's actions over the decades have not been in > U.S. best interests, or that this is a relevant question! I frankly don't care. I just don't want them to have the ability to muck things up. Because it kinda proves they have issues. I don't mind them doing good for the wrong reasons. It's doing bad for the right reasons. The CIA has very well funded issues. VERY WELL FUNDED... VERY WELL... VERY... WELL... funded? And if they don't get the funds directly they start running dope and sell guns. So, CIA's issues are a domestic issue. So I'm pointing my finger at Congress. And since this is a democracy I'm kinda limited to the rule of the majority. From tim at diffalt.com Wed Jun 17 05:59:52 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 08:59:52 -0400 Subject: Free Advice for FBI/OPM/NSA/DOE: full-disclosure hardware In-Reply-To: References: <20150617042513.GW27932@nl.grid.coop> Message-ID: <55816F48.1090609@diffalt.com> Has anyone ever established or tried building trust model with any of these producers? It's rather hard to invent that wheel. I've heard that setting up a foundry is quite a bit of work. And in today's environment it is a significant advantage to produce community vetted hardware. So we might be able to get a solid business model behind this. On 6/17/2015 3:27 AM, grarpamp wrote: > On Wed, Jun 17, 2015 at 12:25 AM, Troy Benjegerdes wrote: >> PCB layout of the server(s) that got hacked. > The gate counts in the chips moots the PCB. > >> 'IP' and such >> ... >> because there will be more than just me talking about why we need >> full-disclosure hardware that you can X-ray and compare to an image >> signed and hosted by multiple independent and competing nation-state >> or multinational-corporate level security agencies. >> ... >> If your Intel motherboard matches the image signed by IBM, > Private xraying to validate an individual chip is fine, but does > nothing for everyone else. If you already have and are validating > the [somehow open] image, you might as well open-source and > open-up the entire fab. That way you know everything rolling off > the line is good. While you may trust the chip to image in your > hand, do you trust Intel, Huawei, Qualcomm, TSMC? > > https://en.wikipedia.org/wiki/Foundry_model From Rayzer at riseup.net Wed Jun 17 09:07:25 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 17 Jun 2015 09:07:25 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <55816DE3.3010405@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: <55819B3D.6070506@riseup.net> On 06/17/2015 05:53 AM, Tim Beelen wrote: > They (the CIA)started out gathering intelligence, gained intelligence > gathering capabilities and now have capabilities to operate > independently to some extent for some years. Understatement of the century-to-date: Operate independently? They operate THE largest government funded mercenary army in the fucking world. The WHOLE of the Yemen drone wars program AND in SOMALIA too (They're 'just black people'. Not too much news on that front) and so much other mayhem is DIRECTED BY THE CIA NOT THE PENTAGON, and it's contractors such as DynCorp, which has a fleet of C-130 gunships with chainguns that can push the plane sideways through the sky when fired and turn cars into metal confetti. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From tbiehn at gmail.com Wed Jun 17 07:53:47 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Wed, 17 Jun 2015 10:53:47 -0400 Subject: Free Advice for FBI/OPM/NSA/DOE: full-disclosure hardware In-Reply-To: <55816F48.1090609@diffalt.com> References: <20150617042513.GW27932@nl.grid.coop> <55816F48.1090609@diffalt.com> Message-ID: On Wed, Jun 17, 2015 at 8:59 AM, Tim Beelen wrote: > Has anyone ever established or tried building trust model with any of > these producers? It's rather hard to invent that wheel. I've heard that > setting up a foundry is quite a bit of work. And in today's environment it > is a significant advantage to produce community vetted hardware. So we > might be able to get a solid business model behind this. > > > On 6/17/2015 3:27 AM, grarpamp wrote: > >> On Wed, Jun 17, 2015 at 12:25 AM, Troy Benjegerdes >> wrote: >> >>> PCB layout of the server(s) that got hacked. >>> >> The gate counts in the chips moots the PCB. >> >> 'IP' and such >>> ... >>> because there will be more than just me talking about why we need >>> full-disclosure hardware that you can X-ray and compare to an image >>> signed and hosted by multiple independent and competing nation-state >>> or multinational-corporate level security agencies. >>> ... >>> If your Intel motherboard matches the image signed by IBM, >>> >> Private xraying to validate an individual chip is fine, but does >> nothing for everyone else. If you already have and are validating >> the [somehow open] image, you might as well open-source and >> open-up the entire fab. That way you know everything rolling off >> the line is good. While you may trust the chip to image in your >> hand, do you trust Intel, Huawei, Qualcomm, TSMC? >> >> https://en.wikipedia.org/wiki/Foundry_model >> > > OK, yes - being able to verify first and foremost that the PCB you have matches some reference is an important first step for guaranteed hardware security. Perhaps building an accessible verifier might be the logical first step. How effective is this X-Ray method for detecting hardware modifications [what is the resolution?] How do you process two different X-Ray images, remove the noise (normalize) to compare two different documents? -Travis -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3469 bytes Desc: not available URL: From softservant at gmail.com Wed Jun 17 10:57:02 2015 From: softservant at gmail.com (Softy) Date: Wed, 17 Jun 2015 10:57:02 -0700 Subject: cypherpunks Digest, Vol 24, Issue 33 In-Reply-To: References: Message-ID: > Surely, you understand why they did this? There is a perfectly good > rationale for running these kind of operations. It's just that you're > miffed about the fact that you're not able to do anything about it. > > So if you're part of some impotent government that does not know how to, > or wants to project power, instantly you're at the mercy of institutions > of governments that can. No amount of tree-hugging or moral high ground > is going to save you from extinction. > > And it's not all that bad. It's mostly power-play and politics really. > > > > > > https://en.wikipedia.org/wiki/CIA_involvement_in_Contra_cocaine_trafficking > > > > "Once you set up a covert operation to supply arms and money, it's > > very difficult to separate it from the kind of people who are involved > ​Do you claim to understand why the Reagan administration "did this" operation which eventually came to be known as Iran-Contra? If so, then you can explain how "blocking the fall of [soviet] dominoes" directly correlates to the distribution of drugs in specific Black-American communities.​ ​You can in hindsight claim to agree with the end goal of "blocking Communism" however, in hindsight, you would be lambasted as failing to see through the Administration's propaganda. Still claiming to support the means to that end, squarely puts you in the realm of the Abusers of Power. Abuse because the voting population never had any chance to understand what was being done in their name. This is the cycle of Power Abuse which has many in the world turned against the US (and increasingly its people not just government). As long as the (secret) three-letter agencies conduct (secret) operations using (secret) means and continue to be governed with (secret) mandates driven by an administration's (secret) beliefs without Transparent and Democratic oversight this trend will continue until its logical conclusion. Sadly. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3306 bytes Desc: not available URL: From zen at freedbms.net Tue Jun 16 18:16:45 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 17 Jun 2015 11:16:45 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: <558034A3.5090601@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> Message-ID: On 6/17/15, Tim Beelen wrote: > On 6/16/2015 7:13 AM, John Young wrote: >> WikiLeaks WikiTweets only .05% of Snowden documents have been >> declassified for release by the spy-micking hoarders, out of nearly 1M. >> Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% >> of DoD's defense industry mass overkill 1.7M. > The reason for this is the work that /all/ of these institutes do. It is > bigger then what an individual or, is some cases, a small group can > accomplish. And can easily be undermined if details are published. Who > is it to say that what CIA has been doing is not in U.S. best interest. > You? Me? You just bought not only the false presumption, but a logical impossibility - without knowledge in detail of the CIA's actual actions, I am unable to prove their violations. Are you suggesting CIA, NSA, FBI, etc ought do what they will, except ath someone is able to say that what they've been doing is not in U.S. best interest? That sounds inane. I am not even in U.S. nor a U.S. citizen - to me your statement sounds highly problematic and indicative and problematic nationalist think. Yes we need a balance of powers in the world - we need national strength and unity, but this applies to all countries, not just to the U.S.! Collections of power, as happens with govt, attract more power abusers than benevolent dictators, unfortunately. For this reason, a one world government would be doomed from the outset. We need a strong Russia, a strong America, and strong small countries etc. It's the only hope for any long term semblance of balance. If the world we a single U.S.A.W. entity, Snowden could never have happened. Of course Snowden required a courageous individual too, but it would have required someone willing to actually give up the rest of their life if there were no possbility of sanction anywhere in the world. You might reconsider your push to have someone other than yourself somehow prove that the CIA's actions over the decades have not been in U.S. best interests, or that this is a relevant question! From tim at diffalt.com Wed Jun 17 08:41:58 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 11:41:58 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: <55819546.50009@diffalt.com> On 6/17/2015 10:15 AM, Zenaan Harkness wrote: > On 6/17/15, Tim Beelen wrote: >> On 6/16/2015 9:16 PM, Zenaan Harkness wrote: >>> On 6/17/15, Tim Beelen wrote: >>>> On 6/16/2015 7:13 AM, John Young wrote: >>>>> WikiLeaks WikiTweets only .05% of Snowden documents have been >>>>> declassified for release by the spy-micking hoarders, out of nearly 1M. >>>>> Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% >>>>> of DoD's defense industry mass overkill 1.7M. >>>> The reason for this is the work that /all/ of these institutes do. It is >>>> bigger then what an individual or, is some cases, a small group can >>>> accomplish. And can easily be undermined if details are published. Who >>>> is it to say that what CIA has been doing is not in U.S. best interest. >>>> You? Me? >>> You just bought not only the false presumption, but a logical >>> impossibility - without knowledge in detail of the CIA's actual >>> actions, I am unable to prove their violations. >> So, you have no knowledge of all the details of the CIA's actions, but >> you are sure that they consist of violations? Is that right? >> >> By the way, the CIA is under congressional oversight. That is where >> accountability ends. They don't have to explain themselves to you. >> >> How effective is this oversight? I think the vast majority Members of >> Congress in general do not have the cognitive skills to understand the >> issues that the CIA creates. Let alone come to an agreement on how to >> handle the agency. >> >> To summarize the problem: the CIA is has about 20.000 employees. Which >> is substantially bigger then in the 1950s where they had maybe about >> 4-5.000. They are an intelligence office. They started out gathering >> intelligence, gained intelligence gathering capabilities and now have >> capabilities to operate independently to some extent for some years. >> >> Now, we know they spy on Congress. Manipulate congress. Overthrow >> governments. > And somehow you presume such things are in the best interests of the USA? > > Good luck convincing people on that one... No, we know that it's not necessarily in the best interest of stability, people outside of the U.S. or the U.S. for that matter. Apart from creating a unipolar world. And how the status quo serves the U.S. Which, not unlike smoking cigarettes causes cancer but reliefs my anxiety. Not saying that the CIA causes cancer. But I'm also not saying that the CIA functions in the best interest of the US. But I don't even think we want to have this discussion. >> Steer elections. But who controls them? With no oversight >> they basically do 'whatever' and 'whatever' is quite a dangerous thing >> to do. Now, in hindsight, I don't care if they go around the world and >> bully people into playing nice. But that is besides the point. >> >> The problem is the culture. Recent breaches of security contractors have >> shown that information technology information gatherers (ITIG) employs a >> lot of clowns. Like you, you want a polarized version of the world where >> the CIA is bad. > What I want is for "loose cannon power wielders" to principle the fuck > up. Yes. Agreed. > Overthrowing governments does not mesh with my idea of principle, > nor human rights, nor national strength, dignity, rule of law - not a > damn thing I hold important. Not much of a government then eh? This is mostly semantics. As a non-ISIS-supporter I'd like to see ISIS' governing body overthrown and their constituents heading in a different direction. But yea, that might mean your principles take a hit. > There appears to be abundant evidence over the years that the US is > throwing its political, economic and military might around, all over > the world, just being a bully, without respect for ethics, principle, > national sovereignty, dignity, human rights, without even respect for > the rule of law and as a total hypocrite to its own past behaviour - > compare Kosovo actions to Ukraine dialog. Simply not true. Transgressions yes. But to put it like that is polarizing the issue. How many pin France as the steward of the Vietnamese conflict? How many pin the ECB as the steward of growing inequality in Greece? Cases of kids fainting from malnutrition? With all their economists they could not reliably tell Greece was never fit to join the Monetary Union? Europe's unilaterally dropping the ball on Ukraine, and in very recent history, Kosovo. > Sure, in principle we can say "every one is doing their best". Yes, great starting point. > Well, their best is not fucking good enough, since almost no one (it > appears) sacrifices personal convenience for their greater ideals and > principles, and somewhere up the chains of command those with "genuine > power" run amok far too often. Actually, more specifically it's a concentration of power in the hands of a few (1?) individual(s). > By all means dear CIA and CIA apologists (and NSA, FBI, USAGOV, > ANY_OTHER_ENTITY), publicize your good outcomes and your stands for > what we common folk consider principles, human rights, fairness and > the like. Give us hope. Give us stories of the great democtratic > benefits you've brought to the countries whos governments you've > successively installed, overthrown, installed, overthrown. European diplomacy works only because of NATO. And NATO is U.S. Firepower to put it bluntly. > Love to hear genuine positivity facts. The fact that Putin understands that projecting power without repercussions is so delicious. You really want to be at the mercy of a that person? Talk about concentrated power.... > Facts to the contrary ('negative' outcomes) abound by incontrovertible > evidence or for thinking men and women, incontrovertible conclusion. > > Bring on the CIA is Wonderful for The World facts. Please! I really, > really want to believe the world is in better shape than it bloody > well appears to be! > > Demonstrate the three letter agencies of USAGOV that have upheld, > rather than violated, human rights around the world (hell, even in > their own country!). From where we peasants sit, those in power > continue to justify their every apparent misdeed somehow - 'the end > justifies the means' perhaps? Meanwhile the world goes to hell in a > hurry. Since the far less than admirable 'means' predominate, over and > over and over again. "The World" is very good digging it's own grave. > >> Just bad. And by your own admission you don't even care >> what they do, you are just looking to punish them. That is not a data > Find some other idiot's mouth to put words in. This one's evidently > failed to raise the tone of this particular dialog. > > Good luck with your thesis and here's hoping others can do a better > job of bringing something higher to this world. > Zenaan Surely, you understand why they did this? There is a perfectly good rationale for running these kind of operations. It's just that you're miffed about the fact that you're not able to do anything about it. So if you're part of some impotent government that does not know how to, or wants to project power, instantly you're at the mercy of institutions of governments that can. No amount of tree-hugging or moral high ground is going to save you from extinction. And it's not all that bad. It's mostly power-play and politics really. > > https://en.wikipedia.org/wiki/CIA_involvement_in_Contra_cocaine_trafficking > > "Once you set up a covert operation to supply arms and money, it's > very difficult to separate it from the kind of people who are involved > in other forms of trade, and especially drugs. There is a limited > number of planes, pilots and landing strips. By developing a system > for supply of the Contras, the US built a road for drug supply into > the US." > Former CIA agent David MacMichael[1] > " From tim at diffalt.com Wed Jun 17 08:54:29 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 11:54:29 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: <55819835.40205@diffalt.com> "People aren't against you, they are for themselves." is a much greater truism then trying to find reason in foreign politics or actions of governments. And if these sensible "Russian" ideas proliferate wherever you're from, why do you live in a country that does not even have a unified military and has Generals that do however they please? Like fucking around in Ukraine? I hope you don't have massive cognitive dissonance over that fact. On 6/17/2015 11:20 AM, Александр wrote: > _Some very important words by Zenaan Harkness (zen at freedbms.net > ):_ > > > There appears to be abundant evidence over the years that the US is > > throwing its political, economic and military might around, all over > > the world, just being a bully, without respect for ethics, principle, > > national sovereignty, dignity, human rights, without even respect for > > the rule of law and as a total hypocrite to its own past behaviour - > > compare Kosovo actions to Ukraine dialog. > > > > Sure, in principle we can say "every one is doing their best". > > Well, their best is not fucking good enough > > > > Give us hope. Give us stories of the great democtratic > > benefits you've brought to the countries whos governments you've > > successively installed, overthrown, installed, overthrown. > > > > Demonstrate the three letter agencies of USAGOV that have upheld, > > rather than violated, human rights around the world (hell, even in > > their own country!). From where we peasants sit, those in power > > continue to justify their every apparent misdeed somehow - 'the end > > justifies the means' perhaps? Meanwhile the world goes to hell in a > > hurry. Since the far less than admirable 'means' predominate, over and > > over and over again. > *and the picture of "Russia wants war" - awesome. > > Zenaan, i am very sorry, that my English is not good enough for > serious discussions and i don't have time. But there you are! > Sometimes, you just write my thoughts (which are not on English :)). > So this time, at least, i must say thank you. I salute you. I often > read such sensible ideas on Russian, but rare, very rare on English. > I don't know who you are from, but if you are from the "west", - > congratulations! You are free from the "USA-WEST propaganda machine". > > The truth must be spread (it's not high flown words). Although it's > not a guarantee of changes, but it might be a very important step > toward it. > The hatred, the hypocrisy and the lawlessness of the US must be > stopped. Or, at least, minimized. With bold English speakers like you > are, there is hope. > > Thank you very much again. On behalf of all people, that want peace, > cooperation and justice. Instead of money, lies, influence and a > constant search for enemies (like the US representatives and their > watch dogs). > > With respect, > Alexander. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3957 bytes Desc: not available URL: From zen at freedbms.net Tue Jun 16 19:03:42 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 17 Jun 2015 12:03:42 +1000 Subject: =?UTF-8?Q?Re=3A_=C4=8Drypto_is_finished=2E=2E=2E_and_it=27s_about_time_=C3=97_=28a?= =?UTF-8?Q?lso=3A_=27Balrog=27_malnet=2C_firsthand_view=29?= In-Reply-To: References: <557B1632.6080404@virtadpt.net> <557B35DF.1040606@pilobilus.net> <20150613075423.GU27932@nl.grid.coop> <557C8A9F.7010807@pilobilus.net> Message-ID: On 6/17/15, Sean Lynch wrote: > Lots of words, very few details. Fonts getting a "bit pixellated"? Are you > kidding me? Packages "piggybacking on other packages"? This is all very > imprecise language for someone who is attempting to convince us that Excellent points. Thanks for the sanity reminder :) From jya at pipeline.com Wed Jun 17 09:21:51 2015 From: jya at pipeline.com (John Young) Date: Wed, 17 Jun 2015 12:21:51 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <55819835.40205@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: At 11:54 AM 6/17/2015, you wrote: > Like fucking around in Ukraine? http://cryptome.org/worlds-nukes.jpg Russia has about 8,000 nuclear weapons, the US about 7,300, the rest of the world about 1,000. Ukraine likely the next fucking Snowden era Hiroshima if the warlords in both superpowers have their way with arms after the spies stir up patriotic violence and slink away to drinks and dinner to inviolate spy nests in embassies where Patriots like Snowden worked for many years to stir up suspicion and violence, then on to NSA for executing the CIA hotspot-stirring op, aka civil liberties (secular religion), the favorite excuse to whip up public dissent and futile debate. The main way the Lords of War have their way is to heighten national security pathology through overt and covert intervention of spies, agents, fronts, academics, bloggers, speakers, journalists, publishers, social media, mail lists, bars, bedrooms, backrooms, staterooms, drone cubicles, Third Worlds, Fourth Estates and Fifth Dimensions. Urging war to protect sacred cows is cloaked as protecting one's own version of civilization but is actually protecting one's own militarization -- the oldest fucking religion of professional fucking. Spies, patriots and leakers are pimps for this rampant and ancient STD, the infected bastards emitted to contaminate and ravage the planet. [Image] >I hope you don't have massive cognitive dissonance over that fact. > >On 6/17/2015 11:20 AM, Александр wrote: >>Some very important words by Zenaan Harkness >>(zen at freedbms.net): >> >> > There appears to be abundant evidence over the years that the US is >> > throwing its political, economic and military might around, all over >> > the world, just being a bully, without respect for ethics, principle, >> > national sovereignty, dignity, human rights, without even respect for >> > the rule of law and as a total hypocrite to its own past behaviour - >> > compare Kosovo actions to Ukraine dialog. >> > >> > Sure, in principle we can say "every one is doing their best". >> > Well, their best is not fucking good enough >> > >> > Give us hope. Give us stories of the great democtratic >> > benefits you've brought to the countries whos governments you've >> > successively installed, overthrown, installed, overthrown. >> > >> > Demonstrate the three letter agencies of USAGOV that have upheld, >> > rather than violated, human rights around the world (hell, even in >> > their own country!). From where we peasants sit, those in power >> > continue to justify their every apparent misdeed somehow - 'the end >> > justifies the means' perhaps? Meanwhile the world goes to hell in a >> > hurry. Since the far less than admirable 'means' predominate, over and >> > over and over again. >>*and the picture of "Russia wants war" - awesome. >> >>Zenaan, i am very sorry, that my English is not >>good enough for serious discussions and i don't have time. But there you are! >>Sometimes, you just write my thoughts (which >>are not on English :)). So this time, at least, >>i must say thank you. I salute you. I often >>read such sensible ideas on Russian, but rare, very rare on English. >>I don't know who you are from, but if you are >>from the "west", - congratulations! You are >>free from the "USA-WEST propaganda machine". >> >>The truth must be spread (it's not high flown >>words). Although it's not a guarantee of >>changes, but it might be a very important step toward it. >>The hatred, the hypocrisy and the lawlessness >>of the US must be stopped. Or, at least, >>minimized. With bold English speakers like you are, there is hope. >> >>Thank you very much again. On behalf of all >>people, that want peace, cooperation and >>justice. Instead of money, lies, influence and >>a constant search for enemies (like the US >>representatives and their watch dogs). >> >>With respect, >>Alexander. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4509 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: aaedbf6.jpg Type: image/jpeg Size: 286359 bytes Desc: not available URL: From tim at diffalt.com Wed Jun 17 09:31:00 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 12:31:00 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <55819B3D.6070506@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819B3D.6070506@riseup.net> Message-ID: <5581A0C4.2090900@diffalt.com> Really, I did not know that. And this yet another reason as to why Congress needs to stop paying their bills. Making it sound awesome like you just did is not what I'd hoped for however :D \m\ METAL CONFETTI /m/ On 6/17/2015 12:07 PM, Razer wrote: > > On 06/17/2015 05:53 AM, Tim Beelen wrote: >> They (the CIA)started out gathering intelligence, gained intelligence >> gathering capabilities and now have capabilities to operate >> independently to some extent for some years. > Understatement of the century-to-date: Operate independently? They > operate THE largest government funded mercenary army in the fucking > world. The WHOLE of the Yemen drone wars program AND in SOMALIA too > (They're 'just black people'. Not too much news on that front) and so > much other mayhem is DIRECTED BY THE CIA NOT THE PENTAGON, and it's > contractors such as DynCorp, which has a fleet of C-130 gunships with > chainguns that can push the plane sideways through the sky when fired > and turn cars into metal confetti. > > From grarpamp at gmail.com Wed Jun 17 09:51:59 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 12:51:59 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <55816DE3.3010405@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: On Wed, Jun 17, 2015 at 8:53 AM, Tim Beelen wrote: > By the way, the CIA is under congressional oversight. As the lawmaking and big picture entity, yes. > That is where accountability ends. On most things, no. Operationally the CIA reports to the DNI who reports to the President. Unless something goes wrong there, or is sufficiently big, Congress won't know, and even then it's usually only four or eight people. And when it comes to that, the VP (recently ahem Cheney) stands for the President and orders that Congress is not informed... for eight years on things like assasination programs. > They don't have to explain themselves to you. Well of course they don't, you let them do that, that's why your government sucks. From grarpamp at gmail.com Wed Jun 17 10:16:28 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 13:16:28 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <20150617140833.GA2524@sivokote.iziade.m$> References: <20150617140833.GA2524@sivokote.iziade.m$> Message-ID: On Wed, Jun 17, 2015 at 10:08 AM, Georgi Guninski wrote: > Don't know about the Chinese, but with very high probability > the Russians have Snowden's dump since long ago. > > He is seeking asylum and is in their hands. > > They are responsible for his (dumps) "physical security". > > Likely they cracked him in O(1), without dealing with crypto. Anna Chapman was sent to marry him. http://news.yahoo.com/woman-center-spy-allegations-enigma-085618219.html http://theweek.com/articles/487543/beware-chinas-honeytrap-spies (I hereby invite Chinese honeytraps to a hands on test of my physical security. Note, some cracking may be involved, whether it be safes or whips.) From tim at diffalt.com Wed Jun 17 10:18:59 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 13:18:59 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: <5581AC03.8090200@diffalt.com> On 6/17/2015 12:21 PM, John Young wrote: > civil liberties (secular religion), the > favorite excuse to whip up public dissent and futile debate. > > The main way the Lords of War have their way is to heighten national > security > pathology through overt and covert intervention of spies, agents, fronts, > academics, bloggers, speakers, journalists, publishers, social media, > mail lists, > bars, bedrooms, backrooms, staterooms, drone cubicles, Third Worlds, > Fourth > Estates and Fifth Dimensions. Civil liberties actually supersede religion. In very much the same way that my God supersedes your Civil Liberties. I get what you're getting at but I don't agree. Ah, "Civil Liberties" we could could treat them as semantics but really, they are quite the pillar of society and a lot more tangible and concrete to which a religion is not a particularly grand substitute. "bars, bedrooms, backrooms, staterooms, drone cubicles, Third Worlds, Fourth Estates and Fifth Dimensions." I like that arrangement of words. Is it yours? Can I have it? From tim at diffalt.com Wed Jun 17 10:44:09 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 13:44:09 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: <5581B1E9.60300@diffalt.com> On 6/17/2015 12:51 PM, grarpamp wrote: > On Wed, Jun 17, 2015 at 8:53 AM, Tim Beelen wrote: >> By the way, the CIA is under congressional oversight. > As the lawmaking and big picture entity, yes. > >> That is where accountability ends. > On most things, no. Operationally the CIA reports to the DNI who reports > to the President. Unless something goes wrong there, or is sufficiently big, > Congress won't know, and even then it's usually only four or eight people. > And when it comes to that, the VP (recently ahem Cheney) stands for the > President and orders that Congress is not informed... for eight years on > things like assasination programs. Ah, I stand corrected. Anyway, I think this is BAD. >> They don't have to explain themselves to you. > Well of course they don't, you let them do that, that's why > your government sucks. Yes, my government is not what I would put in power. But I don't have much influence (any, really) over who and what get's chosen around here. So, to assume that I have anything to do with it is stretching reality a bit. But you're welcome to shoot them a mail and tell them how you feel about all of it. Or come and tell 'm in person. The U.S. is wonderful place, safe to travel. You make the appointment and I'll buy you a beer after you've had your disappointment. So, it's not like I 'let' them. I am not the one they ask how I feel when the CIA decided they want to torture or murder Harry, Mo or Barry for information. They don't even bother telling me really. And to be honest I think they'd rather keep it a secret from me. And remember that chart of US military bases that that other guy put up. Who is 'letting' them really, because even if it was me, and it isn't. It would be me and everyone else. Because there is such a thing as vested interests. And as the saying gos: Rome wasn't build in a day. But it sure as hell burned down in one. From Rayzer at riseup.net Wed Jun 17 13:49:33 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 17 Jun 2015 13:49:33 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581D87F.1040108@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> Message-ID: <5581DD5D.50201@riseup.net> On 06/17/2015 01:28 PM, Tim Beelen wrote: > You're conflating a bunch of things. > > You can't have a criminal organization without crime, which require > illegality, which requires laws which require a governing body. A > government usually does not declare itself illegal so, no, it's not > going to be a criminal enterprise. > Expecting criminals to adjudicate themselves as such is a little beyond the pall so lets cut to the chase here, based on one criminal action for the moment. The US subscribes to the UN charter and what passes for international law, which to a huge extent the US had a guiding hand in shaping. The UN allowed the United States leeway to literally invade Iraq based on evidence presented known to be lies at the time they were told, by almost everyone in the US government in a position to authorize policy, diplomatic OR war-related, on Iraq The US government and all of it's executives committed a criminal act under international law by invading Iraq under false pretenses and therefore IS an international criminal enterprise that continues to this day in that country by our continued, and eternal (at least until the oil from there and Iran runs out) presence. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Wed Jun 17 13:57:26 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 17 Jun 2015 13:57:26 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581A0C4.2090900@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819B3D.6070506@riseup.net> <5581A0C4.2090900@diffalt.com> Message-ID: <5581DF36.8060600@riseup.net> On 06/17/2015 09:31 AM, Tim Beelen wrote: > Really, I did not know that. And this yet another reason as to why > Congress needs to stop paying their bills. > > Making it sound awesome like you just did is not what I'd hoped for > however :D > > \m\ METAL CONFETTI /m/ That decription came from the MSM news (McClatchy I believe) describing a DynCorp C-130 strafing of a column of cars thought to contain the International Court Union government driving down a Somali road. The article contained the information that the column of cars was strafed in that manner for TWO DAYS leaving nothing but 'metal confetti'. Later it was found out (because of resurfacing in the media of the ICU government's people) that the cars DID NOT have any of the fleeing ICU officials in them. Target practice. RR > > On 6/17/2015 12:07 PM, Razer wrote: >> >> On 06/17/2015 05:53 AM, Tim Beelen wrote: >>> They (the CIA)started out gathering intelligence, gained intelligence >>> gathering capabilities and now have capabilities to operate >>> independently to some extent for some years. >> Understatement of the century-to-date: Operate independently? They >> operate THE largest government funded mercenary army in the fucking >> world. The WHOLE of the Yemen drone wars program AND in SOMALIA too >> (They're 'just black people'. Not too much news on that front) and so >> much other mayhem is DIRECTED BY THE CIA NOT THE PENTAGON, and it's >> contractors such as DynCorp, which has a fleet of C-130 gunships with >> chainguns that can push the plane sideways through the sky when fired >> and turn cars into metal confetti. >> >> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From JS733NknRj6J at protonmail.com Wed Jun 17 11:17:03 2015 From: JS733NknRj6J at protonmail.com (JS733NknRj6J) Date: Wed, 17 Jun 2015 14:17:03 -0400 Subject: Russia and China crack Snowden Cache Message-ID: <01b092c9647a858fb9110ee3563b79b3@protonmail.ch> Sent from [ProtonMail](https://protonmail.ch), encrypted email based in Switzerland. -------- Original Message -------- Subject: Re: Russia and China crack Snowden Cache Time (GMT): Jun 17 2015 12:53:55 From: tim at diffalt.com To: cypherpunks at cpunks.org To summarize the problem: the CIA is has about 20.000 employees. Which is substantially bigger then in the 1950s where they had maybe about 4-5.000. They are an intelligence office. They started out gathering intelligence, gained intelligence gathering capabilities and now have capabilities to operate independently to some extent for some years. It's a somewhat minor point that I believe only supports your main argument, but this is not speaking strictly correct. From its inception in 1947, CIA has had at least two official missions: 1, the collection of intelligence (under what was first called "Office of Special Operations"); 2, "action" (under what was first called "Office of Policy Coordination," & has changed and mutated several times since), the definition and limits of which have always been a huge problem. Essentially, or at least arguably, #2 allows for military action outside the military chain of command, though not inside the territorial US. This in itself is a holdover from the OSS and other earlier orgs, all of whom had similar mandates, and even from the personnel who were part of those earlier orgs and wanted to continue their fun & games. In many ways it is #2 that is the real problem, though one could argue that the need for intelligence collection outside the military chain of command is itself debatable (MI6, the "british equivalent" of CIA in most brief descriptions, is part of the British military). At any rate, their official mandate has always been much larger than intelligence gathering. See https://en.wikipedia.org/wiki/History_of_the_Central_Intelligence_Agency -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2081 bytes Desc: not available URL: From tim at diffalt.com Wed Jun 17 11:38:46 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 14:38:46 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: <5581BEB6.3020404@diffalt.com> On 6/17/2015 12:59 PM, Zenaan Harkness wrote: > On 6/18/15, Tim Beelen wrote: >> "People aren't against you, they are for themselves." is a much greater >> truism then trying to find reason in foreign politics or actions of >> governments. > When no straightforward reason for a government's foreign political > actions is evident, nor becomes evident over time, and this lack of > sanity evidences itself decade in, decade out, then what legitimacy > can said government truly have besides "might is right"? > > "Tim," your rhetoric speaks loudly. I think that for the most part we're on the same page. The only thing is, is that, there is a reason a lot of these things happen the way they are decided upon by impressionable people basing their decisions based on wrong information. Or people trying to prolong the status quo. And the way I get exposed to things are different. I'm not trying to cloud the issue. It's just that you don't want/can/able to see what drives (bad) decision makers. I actually do know why certain decisions are being made by investigating usually the person who made them. A great example is the current head of the the Federal Reserve, Janet Yellen. I have predicted how she is going maneuver current policy and what she is pushing for by reading her husband's research with a 100% accuracy. No magic involved. And I don't even understand the economics behind it, or her or her husband's reasoning! And I'm absolutely sure they don't either!!! Because it makes no fucking sense. Anyway, sorry for my digression, but I'll tell you anyway. She and her husband have convinced themselves that there is a hard correlation between minimum wage and inflation. And instead of controlling the inflation by in or decreasing the money supply they raise the minimum wage. Which increases unemployment. But at least controls inflation. So she is a-ok to fuck over a bunch of Americans in order to control inflation. Because unemployment is not a controlled variable in her big experiment. TA-DAH. Now I can argue until my hands fall off with you on how that is A-OK or NAY-OK. But this woman is like three times my age it seems. Much better looking and soft-spoken unlike me. So. We'll just have to fucking stick with her no-solution. So the straightforward reason is hereby given. The alternative is raising interest rates which will crash/panic Wallstreet. Now I could go give you a straight-ass-forward reason as to why Georgy Herbert needed money for fighting in Guatemala, but you'd say it is a bad reason and it gets us nowhere. I just suggest they defund the CIA for those particular programs that are retarded. CAN WE HAS NO MORE CONTRAS PLEASE. Can we agree on fucking just that. CIA let them go back to solely intelligence and let the federal police or the military take care of the rest. Which is something they are currently doing anyway. >> And if these sensible "Russian" ideas proliferate wherever >> you're from, why do you live in a country that does not even have a >> unified military and has Generals that do however they please? Like >> fucking around in Ukraine? > Perhaps a bit more reading for you? Or do you really intend to back > that the USA is the principled, honourable, fair and reasonable > example we (the rest of the world) should all be drinking from? No, and I'm no hypocrite either, because I understand you fully. Regardless, a hypocrite usually has a valid point. That is why people don't like 'm. You can concede to the point I'm making without entertaining my world view. > >> I hope you don't have massive cognitive dissonance over that fact. > Nope. None here. Feel free to try some form other then sarcasm - > perhaps empathy, or rationality.. That is rude. > What I see is a world where the power players (lead by example > principally by the US since WWII) cause/foment much human strife > around the world. Yes. I agree. > Governments/ "other countries" are "pretty good at digging their own > graves" you say? My, what big rationale you have... Eh, who cranked out the machinery that won the second world war again? > I missed the part where the US still holds the moral high ground? > Seriously ... I missed that part. I get that it might be difficult > looking out from within... I don't speak about a moral high ground. > I so -want- those who hold power to live to a higher "moral" standard > - hell, any standard that we "mere peasants" (like, what the fuck > would we know?) can perceive consistently as being worthy of some, or > any, admiration. How about stop referring to yourself as a peasant. Members of Congress, your King or Queen or representative maybe shit and piss like the rest of us. The main difference between you and me is that you hold these big institutions to your own standard. I don't expect the CIA to operate on my watch. > I find the world a rather sad place, in far too many ways. It saddens > me greatly that the United States of America has sacrificed her > international good will to such an extent as is the case. Maybe. But all that abuse of rights got you things like Google (could not have existed under European privacy laws), Apple (Foxconn), NASA (Nazi scientists), IBM (more Nazis), Microsoft (US-centric patent abuse, unfair business practices). I.e.: You can't make an omelet without breaking a few eggs. And I don't share your sterilized worldview where everything outside of the U.S. is so humane and everyone has the best intentions. Actually, it's quite the opposite. > Expect hope and empathy from me, but no sympathy. Individual humans > must wake up, and begin to take individual and human stands. Stands of > compassion, justice, principle. Yea, I'll put that on the list-- right next to the second coming of Jesus. > Please. To the best of your ability, take the words of your founding > fathers to heart. Live as best you can in the heritage that was > intended for you. And encourage as many others to do likewise. Yea, if you think that Thomas Paine was nice but he is everything but a popular guy, so forget it. Most of them were slave owners with such ancient antics that I'd have to severely paraphrase them in order not misconstrue their intentions or how they really thought about the world. > I suspect significant turmoil in the years to come, and I do not envy > any one who must suffer such consequences. It's just a hunch I have. > When power fails and the lights go out, people get scared of the dark, > of the uncertainty. > > Everything has cycles, nations no less. > > Good luck, you (and the whole world) may need it, > Zenaan True. From grarpamp at gmail.com Wed Jun 17 12:07:46 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 15:07:46 -0400 Subject: links - Assange now to be questioned - some choice comments at yank dot for giggles In-Reply-To: References: Message-ID: Assange could perhaps have tunneled out of there a long time ago, or overflighted an Ecuadorean chopper on diplomatic and lowered a basket to the roof, even ballooned or ziplined away to Ecuador. The game of international standoffs is such fun. From grarpamp at gmail.com Wed Jun 17 12:22:31 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 15:22:31 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: On Wed, Jun 17, 2015 at 12:59 PM, Zenaan Harkness wrote: > On 6/18/15, Tim Beelen wrote: >> And if these sensible "Russian" ideas proliferate wherever >> ... >> fucking around in Ukraine? > > that the USA is the principled, honourable, fair and reasonable > example we (the rest of the world) should all be drinking from? >... > I missed the part where the US still holds the moral high ground? > Seriously ... I missed that part. I get that it might be difficult > looking out from within... > > I so -want- those who hold power to live to a higher "moral" standard > - hell, any standard that we "mere peasants" (like, what the fuck > would we know?) can perceive consistently as being worthy of some, or > any, admiration. > > I find the world a rather sad place, in far too many ways. It saddens > me greatly that the United States of America has sacrificed her > international good will to such an extent as is the case. > > Expect hope and empathy from me, but no sympathy. Individual humans > must wake up, and begin to take individual and human stands. Stands of > compassion, justice, principle. > > Please. To the best of your ability, take the words of your founding > fathers to heart. Live as best you can in the heritage that was > intended for you. And encourage as many others to do likewise. > > I suspect significant turmoil in the years to come, and I do not envy > any one who must suffer such consequences. It's just a hunch I have. > When power fails and the lights go out, people get scared of the dark, > of the uncertainty. > > Everything has cycles, nations no less. > > Good luck, you (and the whole world) may need it, https://www.youtube.com/watch?v=M9BNoNFKCBI https://www.youtube.com/watch?v=5MDFX-dNtsM https://en.wikipedia.org/wiki/Internet https://en.wikipedia.org/wiki/Social_networking_service https://www.youtube.com/watch?v=9hhX0KkQBW4 From tim at diffalt.com Wed Jun 17 12:26:54 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 15:26:54 -0400 Subject: cypherpunks Digest, Vol 24, Issue 33 In-Reply-To: References: Message-ID: <5581C9FE.9050503@diffalt.com> On 6/17/2015 1:57 PM, Softy wrote: > > Surely, you understand why they did this? There is a perfectly good > rationale for running these kind of operations. It's just that you're > miffed about the fact that you're not able to do anything about it. > > So if you're part of some impotent government that does not know > how to, > or wants to project power, instantly you're at the mercy of > institutions > of governments that can. No amount of tree-hugging or moral high > ground > is going to save you from extinction. > > And it's not all that bad. It's mostly power-play and politics really. > > > > > > https://en.wikipedia.org/wiki/CIA_involvement_in_Contra_cocaine_trafficking > > > > "Once you set up a covert operation to supply arms and money, it's > > very difficult to separate it from the kind of people who are > involved > > > > ​ Do you claim to understand why the Reagan administration "did this" > operation which eventually came to be known as Iran-Contra? > If so, then you can explain how "blocking the fall of [soviet] > dominoes" directly correlates to the distribution of drugs in specific > Black-American communities.​ > I'm not an expert on everything. but if you want to sell drugs, you don't do it in your own neighborhood. That is probably not the answer you'd expected but that's the level of pragmatism I'd expect. > ​You can in hindsight claim to agree with the end goal of "blocking > Communism" however, in hindsight, you would be lambasted as failing to > see through the Administration's propaganda. I'll bite. True. I just feel to see how that's the underlying cause. After the second WW the US was left with a huge defense industry. Du-uh they want to keep making money so the underlying cause most likely is money and defense contracts. The rest is just icing on the cupcake. So, all-in-all you're kind of extrapolating here. And from this point on I know that you and I no longer speak the same language. Even though we use the same words, they convey different ideas. Communism in the the true sense of it's implementation means expropriation... by force. And the way that it happened in Russia, with all it's true communists is that everything effectively belonged to the state. You, in hindsight, can not deny this because it's a stupid fact. Like gravity. That is probably not what you read in Das Kapital. Regardless of how you feel about this form of government, this scared the shit out of the folks back here because it's Capitalism's antithesis. *disclaimer: I'm pointing stuff out. Now you might read propaganda from that day and age, and come to an entirely different conclusion about the severity of this problem. Probably because your definition of communism is very much like that of Marx's Das Kapital. Which in the light of what the USSR effectively did was not that great. > > Still claiming to support the means to that end, squarely puts you in > the realm of the Abusers of Power. > Abuse because the voting population never had any chance to understand > what was being done in their name. > Okay, this is where you fall flat on your face. Americans, however you feel about them, do not identify themselves with their government.*1 So, you don't get to be even close to understand how to make a difference even if you wanted to. Because if they actually took their government serious, things would have been different. ----- 1: You'll find that just about every American represents themselves and the country. This explains all those fricken flags. That is what makes us so loud and obnoxious. Because it's a continuous play of grandstanding, conceding in private... rinse, repeat. So the only thing you'd need to do is provide a viable alternative and wham bam not only will it be embraced, it will become American. That in a nutshell is why I like this country. Less superficial bullshit through the process of self-defeating properties of superficial bullshit. Like the Borg in Star Trek. But the Borg in this story are actually all hot sociable supermodels in their model cube-Home. That wave flags, eat nice food, have awesome entertainment, and shoot you if you are part of some weirdo hive-mind. They are much nicer then Borg really. > This is the cycle of Power Abuse which has many in the world turned > against the US (and increasingly its people not just government). As > long as the (secret) three-letter agencies conduct (secret) operations > using (secret) means and continue to be governed with (secret) > mandates driven by an administration's (secret) beliefs without > Transparent and Democratic oversight this trend will continue until > its logical conclusion. Sadly. > Turning against is such a ridiculous way to explain what is going on. It's called fallen from grace. People are trying to walk away from U.S. Hegemony. And that is fine with me. Foreign governments are relying too much on American military power as I see it. That is why they don't run very fast. If they are running at all. The only problem with this "logical" conclusion is that, to me, it can go ever which way. If tomorrow people are fed up, they'll change it to whatever. That is also why people in power decided they need secret courts with secret interpretations of secret laws. The U.S. population is not the U.S. government. And the way you sell it to them they don't want to be either. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 9478 bytes Desc: not available URL: From grarpamp at gmail.com Wed Jun 17 12:38:29 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 15:38:29 -0400 Subject: Droning and Surveillance are Unnatural and Debilitating Message-ID: http://www.nytimes.com/2015/06/17/us/as-stress-drives-off-drone-operators-air-force-must-cut-flights.html http://www.salon.com/2015/03/06/a_chilling_new_post_traumatic_stress_disorder_why_drone_pilots_are_quitting_in_record_numbers_partner/ From seanl at literati.org Wed Jun 17 08:44:38 2015 From: seanl at literati.org (Sean Lynch) Date: Wed, 17 Jun 2015 15:44:38 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <20150617042859.GX27932@nl.grid.coop> References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: It seems to me the real problem would be the community making a big deal about the fork, not the fork itself. Maybe the fork will take off, in which case anyone who has a position in Bitcoin now will have a position in the forked currency, or it won't, in which case who cares? Sure, Bitcoin might be less valuable for a while while people wait and see how the fork does, but anyone who thinks a hard fork is a large risk to Bitcoin compared to all the other risks it faces is deluding themselves. I think we would all be better off if the community said, "Fine, fork if you want. May the best fork win," than to sing doom and gloom every time someone decides not to follow the community process. Besides, a bunch of different people being involved does not a decentralized system make. Not if they all have to follow the same process and forks without consensus are not allowed. That can actually be worse in many ways than a benevolent dictatorship, because it will quickly ossify as the community grows larger and more diverse. If Bitcoin itself had to get community consensus before it was tried, we'd have no Bitcoin. I have no problem at all with someone deciding to fork it. In fact, I *prefer* it, because I think in the long run it makes my own position *more* valuable to have different forks trying different things. Anyone who holds Bitcoin before the fork gets the sum of the values of their account on each fork. Over the long run, the value on most forks will go to zero, but then it's at worst a max function. Claiming that forks make Bitcoin less valuable sounds to me a lot like Bernie Sanders saying we don't need so many choices of deodorant. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1785 bytes Desc: not available URL: From tim at diffalt.com Wed Jun 17 12:54:02 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 15:54:02 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581B1E9.60300@diffalt.com> Message-ID: <5581D05A.4080308@diffalt.com> You're suggestion that next time I'm doing my groceries I dispute the tax? I'm a conscionable objector to taxes? Does it work like that in your country? On 6/17/2015 2:39 PM, Lodewijk andré de la porte wrote: > 2015-06-18 2:44 GMT+09:00 Tim Beelen >: > > Yes, my government is not what I would put in power. But I don't > have much influence (any, really) over who and what get's chosen > around here. So, to assume that I have anything to do with it is > stretching reality a bit. But you're welcome to shoot them a mail > and tell them how you feel about all of it. > > > "Don't blame me! I only pay them taxes!" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1543 bytes Desc: not available URL: From tim at diffalt.com Wed Jun 17 13:28:47 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 16:28:47 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581c9f0.ea158c0a.ea15.0853@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> Message-ID: <5581D87F.1040108@diffalt.com> You're conflating a bunch of things. You can't have a criminal organization without crime, which require illegality, which requires laws which require a governing body. A government usually does not declare itself illegal so, no, it's not going to be a criminal enterprise. You're just being pedantic. On 6/17/2015 3:33 PM, Juan wrote: > On Wed, 17 Jun 2015 08:53:55 -0400 > Tim Beelen wrote: > >> So, you have no knowledge of all the details of the CIA's actions, >> but you are sure that they consist of violations? Is that right? > > Of course. Government is a criminal organization, by > definition. > > That's all you need to know about it. > > >> By the way, the CIA is under congressional oversight. That is where >> accountability ends. They don't have to explain themselves to you. >> >> How effective is this oversight? I think the vast majority Members of >> Congress in general do not have the cognitive skills to understand >> the issues that the CIA creates. Let alone come to an agreement on >> how to handle the agency. >> >> To summarize the problem: the CIA is has about 20.000 employees. >> Which is substantially bigger then in the 1950s where they had maybe >> about 4-5.000. They are an intelligence office. They started out >> gathering intelligence, gained intelligence gathering capabilities >> and now have capabilities to operate independently to some extent for >> some years. >> >> Now, we know they spy on Congress. Manipulate congress. Overthrow >> governments. Steer elections. But who controls them? With no >> oversight they basically do 'whatever' and 'whatever' is quite a >> dangerous thing to do. Now, in hindsight, I don't care if they go >> around the world and bully people into playing nice. But that is >> besides the point. >> >> The problem is the culture. Recent breaches of security contractors >> have shown that information technology information gatherers (ITIG) >> employs a lot of clowns. Like you, you want a polarized version of >> the world where the CIA is bad. Just bad. And by your own admission >> you don't even care what they do, you are just looking to punish >> them. That is not a data driven assessment, it's just operating on >> assumptions. Which is what the U.S. Government's foreign policies are >> based on. Which is why I know that either a. the CIA does not hold >> it's information gathering capabilities to a professional standard, >> or b, they listen to clowns. >> >> And this brings us back to the CIA who is SUPPOSED TO JUST FUCKING BE >> MIDDLE MANAGEMENT. Instead they gave middle management a gun and told >> them to go fix things in the world. Middle management has always been >> decorated five U.S. flags, with sprinkles with red white and blue and >> enough U.S. jingoism to fill a stadium. I.e. it created the CIA. >> >> Now I assume, as a Congressional committee, that every time you ask >> the CIA for a report on a foreign issue they do a little sing and >> dance and ask for more money to go solve it. Because the following >> things are *always* valid: a. They can claim they have limited >> capabilities to get men on the ground. and b. With the right people >> and equipment and amount of cash Congress does not have to send in >> the military if things get really nasty if they solve it for them. >> >> Other then that I don't think people working for the CIA are that >> different from the majority in that they polarize the world to >> preserve their sanity: They want every Arab to be bad. And actively >> want to know everything about them, just to make them look bad. They >> know that ever Congress Member or committee might not vote in their >> best interest, so everyone needs to be manipulated. >> >> And if I had a track record of overthrowing governments, fixing >> elections and operating with impunity overseas because foreign >> governments *allow* them. I'd be feeling pretty awesome about myself >> too. All the while they are operating under the grace of congress. >> >> This is not the only institute that grew out of control in the United >> States. >> >> And the fact that I don't sleep well is that even if I printed this >> piece of text on a piece of paper and went around congress and tacked >> it on each of their foreheads it would not change anything. It is >> just that to be make a person aware of a problem does not give them >> the skills or knowledge to deal with it. >> >> And really, all congress has to do is take the gun away from middle >> management. This ofc is a bad analogy. I believe everyone should be >> able to carry a gun if they please. >> >>> Are you suggesting CIA, NSA, FBI, etc ought do what they will, >>> except ath someone is able to say that what they've been doing is >>> not in U.S. best interest? That sounds inane. >>> >>> I am not even in U.S. nor a U.S. citizen - to me your statement >>> sounds highly problematic and indicative and problematic >>> nationalist think. >> Yes. I like my country. I has lots of nice people. >>> Yes we need a balance of powers in the world - we need national >>> strength and unity, but this applies to all countries, not just to >>> the U.S.! >> Considering what you said about the problems with nationalistic think >> in your last paragraph I take this as an admission you're well versed >> in doublethink. >>> Collections of power, as happens with govt, attract more power >>> abusers than benevolent dictators, unfortunately. For this reason, >>> a one world government would be doomed from the outset. We need a >>> strong Russia, a strong America, and strong small countries etc. >> I don't need a stronk Russia. Russian culture is not conducive to how >> I'd like people to run things. Emphasis on people. Not the government. >>> It's the only hope for any long term semblance of balance. If the >>> world we a single U.S.A.W. entity, Snowden could never have >>> happened. Of course Snowden required a courageous individual too, >>> but it would have required someone willing to actually give up the >>> rest of their life if there were no possbility of sanction anywhere >>> in the world. >> The Ed event would still have happened. It is just the retarded >> notion that to be make a person aware of somehow gives them the >> insight to deal with it. >>> You might reconsider your push to have someone other than yourself >>> somehow prove that the CIA's actions over the decades have not been >>> in U.S. best interests, or that this is a relevant question! >> I frankly don't care. I just don't want them to have the ability to >> muck things up. Because it kinda proves they have issues. I don't >> mind them doing good for the wrong reasons. It's doing bad for the >> right reasons. >> >> The CIA has very well funded issues. VERY WELL FUNDED... VERY WELL... >> VERY... WELL... funded? And if they don't get the funds directly they >> start running dope and sell guns. >> >> So, CIA's issues are a domestic issue. So I'm pointing my finger at >> Congress. And since this is a democracy I'm kinda limited to the rule >> of the majority. From juan.g71 at gmail.com Wed Jun 17 12:33:28 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 16:33:28 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <55816DE3.3010405@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: <5581c9f0.ea158c0a.ea15.0853@mx.google.com> On Wed, 17 Jun 2015 08:53:55 -0400 Tim Beelen wrote: > > So, you have no knowledge of all the details of the CIA's actions, > but you are sure that they consist of violations? Is that right? Of course. Government is a criminal organization, by definition. That's all you need to know about it. > > By the way, the CIA is under congressional oversight. That is where > accountability ends. They don't have to explain themselves to you. > > How effective is this oversight? I think the vast majority Members of > Congress in general do not have the cognitive skills to understand > the issues that the CIA creates. Let alone come to an agreement on > how to handle the agency. > > To summarize the problem: the CIA is has about 20.000 employees. > Which is substantially bigger then in the 1950s where they had maybe > about 4-5.000. They are an intelligence office. They started out > gathering intelligence, gained intelligence gathering capabilities > and now have capabilities to operate independently to some extent for > some years. > > Now, we know they spy on Congress. Manipulate congress. Overthrow > governments. Steer elections. But who controls them? With no > oversight they basically do 'whatever' and 'whatever' is quite a > dangerous thing to do. Now, in hindsight, I don't care if they go > around the world and bully people into playing nice. But that is > besides the point. > > The problem is the culture. Recent breaches of security contractors > have shown that information technology information gatherers (ITIG) > employs a lot of clowns. Like you, you want a polarized version of > the world where the CIA is bad. Just bad. And by your own admission > you don't even care what they do, you are just looking to punish > them. That is not a data driven assessment, it's just operating on > assumptions. Which is what the U.S. Government's foreign policies are > based on. Which is why I know that either a. the CIA does not hold > it's information gathering capabilities to a professional standard, > or b, they listen to clowns. > > And this brings us back to the CIA who is SUPPOSED TO JUST FUCKING BE > MIDDLE MANAGEMENT. Instead they gave middle management a gun and told > them to go fix things in the world. Middle management has always been > decorated five U.S. flags, with sprinkles with red white and blue and > enough U.S. jingoism to fill a stadium. I.e. it created the CIA. > > Now I assume, as a Congressional committee, that every time you ask > the CIA for a report on a foreign issue they do a little sing and > dance and ask for more money to go solve it. Because the following > things are *always* valid: a. They can claim they have limited > capabilities to get men on the ground. and b. With the right people > and equipment and amount of cash Congress does not have to send in > the military if things get really nasty if they solve it for them. > > Other then that I don't think people working for the CIA are that > different from the majority in that they polarize the world to > preserve their sanity: They want every Arab to be bad. And actively > want to know everything about them, just to make them look bad. They > know that ever Congress Member or committee might not vote in their > best interest, so everyone needs to be manipulated. > > And if I had a track record of overthrowing governments, fixing > elections and operating with impunity overseas because foreign > governments *allow* them. I'd be feeling pretty awesome about myself > too. All the while they are operating under the grace of congress. > > This is not the only institute that grew out of control in the United > States. > > And the fact that I don't sleep well is that even if I printed this > piece of text on a piece of paper and went around congress and tacked > it on each of their foreheads it would not change anything. It is > just that to be make a person aware of a problem does not give them > the skills or knowledge to deal with it. > > And really, all congress has to do is take the gun away from middle > management. This ofc is a bad analogy. I believe everyone should be > able to carry a gun if they please. > > > Are you suggesting CIA, NSA, FBI, etc ought do what they will, > > except ath someone is able to say that what they've been doing is > > not in U.S. best interest? That sounds inane. > > > > I am not even in U.S. nor a U.S. citizen - to me your statement > > sounds highly problematic and indicative and problematic > > nationalist think. > Yes. I like my country. I has lots of nice people. > > Yes we need a balance of powers in the world - we need national > > strength and unity, but this applies to all countries, not just to > > the U.S.! > Considering what you said about the problems with nationalistic think > in your last paragraph I take this as an admission you're well versed > in doublethink. > > Collections of power, as happens with govt, attract more power > > abusers than benevolent dictators, unfortunately. For this reason, > > a one world government would be doomed from the outset. We need a > > strong Russia, a strong America, and strong small countries etc. > I don't need a stronk Russia. Russian culture is not conducive to how > I'd like people to run things. Emphasis on people. Not the government. > > It's the only hope for any long term semblance of balance. If the > > world we a single U.S.A.W. entity, Snowden could never have > > happened. Of course Snowden required a courageous individual too, > > but it would have required someone willing to actually give up the > > rest of their life if there were no possbility of sanction anywhere > > in the world. > The Ed event would still have happened. It is just the retarded > notion that to be make a person aware of somehow gives them the > insight to deal with it. > > You might reconsider your push to have someone other than yourself > > somehow prove that the CIA's actions over the decades have not been > > in U.S. best interests, or that this is a relevant question! > I frankly don't care. I just don't want them to have the ability to > muck things up. Because it kinda proves they have issues. I don't > mind them doing good for the wrong reasons. It's doing bad for the > right reasons. > > The CIA has very well funded issues. VERY WELL FUNDED... VERY WELL... > VERY... WELL... funded? And if they don't get the funds directly they > start running dope and sell guns. > > So, CIA's issues are a domestic issue. So I'm pointing my finger at > Congress. And since this is a democracy I'm kinda limited to the rule > of the majority. From guninski at guninski.com Wed Jun 17 07:08:33 2015 From: guninski at guninski.com (Georgi Guninski) Date: Wed, 17 Jun 2015 17:08:33 +0300 Subject: Russia and China crack Snowden Cache In-Reply-To: References: Message-ID: <20150617140833.GA2524@sivokote.iziade.m$> On Sun, Jun 14, 2015 at 03:07:11AM -0400, grarpamp wrote: > http://politics.slashdot.org/story/15/06/14/0441220/report-russia-and-china-crack-encrypted-snowden-files > > Russia and China have cracked the top-secret cache of files stolen by > the fugitive US whistleblower Edward Snowden, forcing MI6 to pull > agents out of live operations in hostile countries, according to > senior officials in Downing Street, the Home Office and the security > services. Don't know about the Chinese, but with very high probability the Russians have Snowden's dump since long ago. He is seeking asylum and is in their hands. They are responsible for his (dumps) "physical security". Likely they cracked him in O(1), without dealing with crypto. From tim at diffalt.com Wed Jun 17 14:33:27 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 17:33:27 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581DD5D.50201@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581DD5D.50201@riseup.net> Message-ID: <5581E7A7.4000908@diffalt.com> So did they pass a resolution as such that I'm unaware of? Is there an international court that is willing to persecute? And also because first and foremost the U.S. does not acknowledge The Hague. But the EU does acknowledge US laws. Which is nice. So, did they pass a resolution or not? On 6/17/2015 4:49 PM, Razer wrote: > > On 06/17/2015 01:28 PM, Tim Beelen wrote: >> You're conflating a bunch of things. >> >> You can't have a criminal organization without crime, which require >> illegality, which requires laws which require a governing body. A >> government usually does not declare itself illegal so, no, it's not >> going to be a criminal enterprise. >> > Expecting criminals to adjudicate themselves as such is a little beyond > the pall so lets cut to the chase here, based on one criminal action > for the moment. The US subscribes to the UN charter and what passes for > international law, which to a huge extent the US had a guiding hand in > shaping. > > The UN allowed the United States leeway to literally invade Iraq based > on evidence presented known to be lies at the time they were told, by > almost everyone in the US government in a position to authorize policy, > diplomatic OR war-related, on Iraq > > The US government and all of it's executives committed a criminal act > under international law by invading Iraq under false pretenses and > therefore IS an international criminal enterprise that continues to this > day in that country by our continued, and eternal (at least until the > oil from there and Iran runs out) presence. > From juan.g71 at gmail.com Wed Jun 17 14:03:19 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 18:03:19 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581D87F.1040108@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> Message-ID: <5581deff.1a1a370a.f92c.139b@mx.google.com> On Wed, 17 Jun 2015 16:28:47 -0400 Tim Beelen wrote: > You're conflating a bunch of things. > > You can't have a criminal organization without crime, which require > illegality, which requires laws which require a governing body. A > government usually does not declare itself illegal so, no, it's not > going to be a criminal enterprise. > > You're just being pedantic. Government is a criminal organization because its 'agents' commit crimes. No, the valid and legitimate definition of crime doesn't come from your masters. For example, if the psychos at the top(i. e. government) say that smoking lettuce is a 'crime' that doesn't make it a crime. Likewise, if your government says that murdering people for fun like the US military does is 'legal' that doesn['t make it so. I'm not being pedantic, I'm pointing out your obvious circular 'logic'. Lack of it actually. Wait, you were whining about what the russian government does, right? And on what grounds? Whatever the russian gov't does is 'legal' and 'not criminal'....because they say so! See? That's your 'theory' at work. Not a very clever theory, I might add. > > On 6/17/2015 3:33 PM, Juan wrote: > > On Wed, 17 Jun 2015 08:53:55 -0400 > > Tim Beelen wrote: > > > >> So, you have no knowledge of all the details of the CIA's actions, > >> but you are sure that they consist of violations? Is that right? > > > > Of course. Government is a criminal organization, by > > definition. > > > > That's all you need to know about it. > > From afalex169 at gmail.com Wed Jun 17 08:20:08 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Wed, 17 Jun 2015 18:20:08 +0300 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: *Some very important words by Zenaan Harkness (zen at freedbms.net ):* > There appears to be abundant evidence over the years that the US is > throwing its political, economic and military might around, all over > the world, just being a bully, without respect for ethics, principle, > national sovereignty, dignity, human rights, without even respect for > the rule of law and as a total hypocrite to its own past behaviour - > compare Kosovo actions to Ukraine dialog. > > Sure, in principle we can say "every one is doing their best". > Well, their best is not fucking good enough > > Give us hope. Give us stories of the great democtratic > benefits you've brought to the countries whos governments you've > successively installed, overthrown, installed, overthrown. > > Demonstrate the three letter agencies of USAGOV that have upheld, > rather than violated, human rights around the world (hell, even in > their own country!). From where we peasants sit, those in power > continue to justify their every apparent misdeed somehow - 'the end > justifies the means' perhaps? Meanwhile the world goes to hell in a > hurry. Since the far less than admirable 'means' predominate, over and > over and over again. *and the picture of "Russia wants war" - awesome. Zenaan, i am very sorry, that my English is not good enough for serious discussions and i don't have time. But there you are! Sometimes, you just write my thoughts (which are not on English :)). So this time, at least, i must say thank you. I salute you. I often read such sensible ideas on Russian, but rare, very rare on English. I don't know who you are from, but if you are from the "west", - congratulations! You are free from the "USA-WEST propaganda machine". The truth must be spread (it's not high flown words). Although it's not a guarantee of changes, but it might be a very important step toward it. The hatred, the hypocrisy and the lawlessness of the US must be stopped. Or, at least, minimized. With bold English speakers like you are, there is hope. Thank you very much again. On behalf of all people, that want peace, cooperation and justice. Instead of money, lies, influence and a constant search for enemies (like the US representatives and their watch dogs). With respect, Alexander. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2580 bytes Desc: not available URL: From tim at diffalt.com Wed Jun 17 15:28:27 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 18:28:27 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581deff.1a1a370a.f92c.139b@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> Message-ID: <5581F48B.3080408@diffalt.com> On 6/17/2015 5:03 PM, Juan wrote: > On Wed, 17 Jun 2015 16:28:47 -0400 > Tim Beelen wrote: > >> You're conflating a bunch of things. >> >> You can't have a criminal organization without crime, which require >> illegality, which requires laws which require a governing body. A >> government usually does not declare itself illegal so, no, it's not >> going to be a criminal enterprise. >> >> You're just being pedantic. > > Government is a criminal organization because its 'agents' > commit crimes. > > > No, the valid and legitimate definition of crime doesn't come > from your masters. For example, if the psychos at the top(i. > e. government) say that smoking lettuce is a 'crime' that > doesn't make it a crime. Likewise, if your government says that > murdering people for fun like the US military does is 'legal' > that doesn['t make it so. You should stop smoking lettuce. Just because you think something is not a crime does not not make it not a crime. And I don't think 'murdering people for fun' is the USMC charter. It might be your observation but also generally not true for actual marines. And actually not true in any sense. So. There's that. > > I'm not being pedantic, I'm pointing out your obvious circular > 'logic'. Lack of it actually. My logic is not circular you need to look up the words in a dictionary as opposed to just attributing arbitrary definitions to 'm We're not talking about games so it's probably definition 1 for illegal. A government is self-explanatory and might be construed as morally wrong. But to apply that to any government actually makes nos sense. And the way you're talking you're probably are an anarchist. Which is also a form of government directed usually by direct democracy. illegal /adjective/ il·le·gal \(ˌ)i(l)-ˈlē-gəl\ : not allowed by the law : not legal : not allowed by the rules in a game government noun, gov·ern·ment often attributive \ˈgə-vər(n)-mənt, -və-mənt; ˈgə-bəm-ənt, -vəm-\ : the group of people who control and make decisions for a country, state, etc. : a particular system used for controlling a country, state, etc. : the process or manner of controlling a country, state, etc. criminal /adjective/ crim·i·nal \ˈkri-mə-n^ə l, ˈkrim-nəl\ : involving illegal activity : relating to crime : relating to laws that describe crimes rather than to laws about a person's rights : morally wrong > Wait, you were whining about what the russian government does, > right? And on what grounds? Whatever the russian gov't > does is 'legal' and 'not criminal'....because they say so! It might be legal, but it's definitely not moral. Which makes it criminal. > See? That's your 'theory' at work. Not a very clever theory, I > might add. > You're the inane one here. Juxtaposing random shit, yelling that all governments are criminal enterprises like it means something. HUMANITY IS A CRIMINAL ENTERPRISE BECAUSE IT'S AGENTS COMMIT CRIMES. That obviously makes no sense because not all humans are agents that commit crimes. Neither do all agents of governments commit crimes. > > >> On 6/17/2015 3:33 PM, Juan wrote: >>> On Wed, 17 Jun 2015 08:53:55 -0400 >>> Tim Beelen wrote: >>> >>>> So, you have no knowledge of all the details of the CIA's actions, >>>> but you are sure that they consist of violations? Is that right? >>> Of course. Government is a criminal organization, by >>> definition. >>> >>> That's all you need to know about it. >>> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6158 bytes Desc: not available URL: From zen at freedbms.net Wed Jun 17 01:28:57 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 17 Jun 2015 18:28:57 +1000 Subject: =?UTF-8?Q?Pirate_Party=E2=80=99s_youth_wing_Activists_wiretap_high=2Dl?= =?UTF-8?Q?evel_political_surveillance_hawks_at_Sweden=E2=80=99s_top_security?= =?UTF-8?Q?_conference?= Message-ID: https://falkvinge.net/2015/01/14/hilarious-activists-turn-tables-on-political-surveillance-hawks-wiretaps-them-with-honeypot-open-wi-fi-at-security-conference/ "They set up an open wi-fi access point at the conference and labeled it “Open Guest”, and then just logged the traffic of about a hundred high-ranking surveillance hawks who argue for more wiretapping, and who connected through the activists’ unencrypted access point. " "...generally everybody present who would argue in public that surveillance of other people than themselves is the best idea since sliced bread." ... "In closing, we are happy to report that we have found no traces whatsoever of preparations of terrorism in our surveillance. However, we do note that people need to get much better at using the net in a secure manner." From tim at diffalt.com Wed Jun 17 16:10:34 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 19:10:34 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581DF36.8060600@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819B3D.6070506@riseup.net> <5581A0C4.2090900@diffalt.com> <5581DF36.8060600@riseup.net> Message-ID: <5581FE6A.8060509@diffalt.com> I thought that DynCorp was Blackwater re-branded. But they are something totally different! Revenue in 2010 was 3 billion. Wow. Business must be booming. I wonder what it is that costs 3 billion. From operational income of 120mil in '08 to 3 bil revenue in '10 means what? With 17.000 employees they are about as big as the CIA. So, maybe, if they reserve 2 bil for paying them employees, so they they pay pretty well; around 120k. The rest is write-offs on their 1.5 Bil in equipment. Which takes about three years. Sounds about right. Leaves about 400mil for operations. Basically moving stuff, and acquisitions. WHAT ARE THEY DOING? That reminds me of a guy I knew. Big guy. Ex- Blackwater employee. Nice guy. Told me that they go to war because they had too much equipment and bullets and stuff. Inane, right? On 6/17/2015 4:57 PM, Razer wrote: > > On 06/17/2015 09:31 AM, Tim Beelen wrote: >> Really, I did not know that. And this yet another reason as to why >> Congress needs to stop paying their bills. >> >> Making it sound awesome like you just did is not what I'd hoped for >> however :D >> >> \m\ METAL CONFETTI /m/ > > That decription came from the MSM news (McClatchy I believe) describing > a DynCorp C-130 strafing of a column of cars thought to contain the > International Court Union government driving down a Somali road. > > The article contained the information that the column of cars was > strafed in that manner for TWO DAYS leaving nothing but 'metal confetti'. > > Later it was found out (because of resurfacing in the media of the ICU > government's people) that the cars DID NOT have any of the fleeing ICU > officials in them. > > Target practice. > > RR > > >> On 6/17/2015 12:07 PM, Razer wrote: >>> On 06/17/2015 05:53 AM, Tim Beelen wrote: >>>> They (the CIA)started out gathering intelligence, gained intelligence >>>> gathering capabilities and now have capabilities to operate >>>> independently to some extent for some years. >>> Understatement of the century-to-date: Operate independently? They >>> operate THE largest government funded mercenary army in the fucking >>> world. The WHOLE of the Yemen drone wars program AND in SOMALIA too >>> (They're 'just black people'. Not too much news on that front) and so >>> much other mayhem is DIRECTED BY THE CIA NOT THE PENTAGON, and it's >>> contractors such as DynCorp, which has a fleet of C-130 gunships with >>> chainguns that can push the plane sideways through the sky when fired >>> and turn cars into metal confetti. >>> >>> > > From tim at diffalt.com Wed Jun 17 16:35:54 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 19:35:54 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581ff0b.92138c0a.640e.2b2e@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581DD5D.50201@riseup.net> <5581E7A7.4000908@diffalt.com> <5581ff0b.92138c0a.640e.2b2e@mx.google.com> Message-ID: <5582045A.9010305@diffalt.com> It was a rhetorical question; no they did not come up with a binding resolution. That is how the UN enforces policy. Binding resolutions. So, my point is, what is the point of having international laws that no one is willing to enforce. There is no ignoring plain facts. You just did not get it. Stop smoking lettuce. On 6/17/2015 7:20 PM, Juan wrote: > On Wed, 17 Jun 2015 17:33:27 -0400 > Tim Beelen wrote: > >> So did they pass a resolution as such that I'm unaware of? > > So little Timmy is ignoring plain facts. > > Completely unsurprising. > > > > >> Is there an international court that is willing to persecute? >> >> And also because first and foremost the U.S. does not acknowledge The >> Hague. But the EU does acknowledge US laws. Which is nice. >> >> So, did they pass a resolution or not? >> >> On 6/17/2015 4:49 PM, Razer wrote: >>> On 06/17/2015 01:28 PM, Tim Beelen wrote: >>>> You're conflating a bunch of things. >>>> >>>> You can't have a criminal organization without crime, which require >>>> illegality, which requires laws which require a governing body. A >>>> government usually does not declare itself illegal so, no, it's not >>>> going to be a criminal enterprise. >>>> >>> Expecting criminals to adjudicate themselves as such is a little >>> beyond the pall so lets cut to the chase here, based on one >>> criminal action for the moment. The US subscribes to the UN charter >>> and what passes for international law, which to a huge extent the >>> US had a guiding hand in shaping. >>> >>> The UN allowed the United States leeway to literally invade Iraq >>> based on evidence presented known to be lies at the time they were >>> told, by almost everyone in the US government in a position to >>> authorize policy, diplomatic OR war-related, on Iraq >>> >>> The US government and all of it's executives committed a criminal >>> act under international law by invading Iraq under false pretenses >>> and therefore IS an international criminal enterprise that >>> continues to this day in that country by our continued, and eternal >>> (at least until the oil from there and Iran runs out) presence. >>> From tim at diffalt.com Wed Jun 17 16:57:35 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 19:57:35 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581fed3.d3c28c0a.192e.2537@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> Message-ID: <5582096F.40909@diffalt.com> On 6/17/2015 7:19 PM, Juan wrote: > On Wed, 17 Jun 2015 18:28:27 -0400 > Tim Beelen wrote: > > >> You should stop smoking lettuce. Just because you think something is >> not a crime does not not make it not a crime. > > I don't smoke lettuce. My example was meant to teach you the > basics of morality - something you seem unable to grasp. I know you don't smoke lettuce. > So, pay attention : human/natural rights exist PRIOR TO ANY > FUCKING GOVERNMENT. I concede to that point. > Enve a retarded 'american' should know this if he bothered to > check basic americunt propaganda like the 'declaration of > independence' Dude, that is racist. I think. Calling all Americans cunts. Such a big geographical area too. North, South. > > >> And I don't think >> 'murdering people for fun' is the USMC charter. > That's what the shitbags do, however. So what you think > about some nonsensical 'charter' has less than zero relevance. > So, I happen to know a few people that are marines. They don't like killing and are generally very agreeable. Would you like to meet one? >> It might be your >> observation but also generally not true for actual marines. And >> actually not true in any sense. So. There's that. > > There's what? There's a neocon in this mailing list? Basically anyone you actually get to meet and say hello to. What do you think they are? Big bad bulky continuously angry men? >> And the way you're talking you're probably are an anarchist. Which is >> also a form of government directed usually by direct democracy. > Well, at least you figured out that I'm an anarchist, although > funnily enough you don't seem to know what anarchy is. > > >> government directed usually by direct democracy. > Nope, that's not anarchy. Okay, lets try Bakunin, because for a guy who does not no anything about Anarchism I sure know about him. He claims to "organize from below, through local structures interlinked on a federalist basis". I agree with Bakunin on this point. It also happens to be a form of direct democracy. Can also be considered to be a government without stretching the term in any way. https://en.wikipedia.org/wiki/Federalism Oh, crikey, federalism is a form of government. https://en.wikipedia.org/wiki/Direct_democracy Oh fuck, it is mainly used by a horde of anarchist writers :D > > > > >> >>> Wait, you were whining about what the russian government >>> does, right? And on what grounds? Whatever the russian gov't >>> does is 'legal' and 'not criminal'....because they say so! >> It might be legal, but it's definitely not moral. Which makes it >> criminal. >>> See? That's your 'theory' at work. Not a very clever >>> theory, I might add. >>> >> You're the inane one here. Juxtaposing random shit, yelling that all >> governments are criminal enterprises like it means something. > > > It's a basic truth, sonny. It may mean nothing to government > worshiping psychos/neocons, but...it is still true. Yea, all hail the state. The great provider. > >> >> HUMANITY IS A CRIMINAL ENTERPRISE BECAUSE IT'S AGENTS COMMIT CRIMES. > No, your wrong analogy only shows that you don't know what > you're talking about or are plainly dishonest. Or both. No no, I'm not dishonest. It's just that you're polarizing. You can't find an individual to blame like a proper anarchist. So you blame a group. Like a fucking Nazi. > >> That obviously makes no sense because not all humans are agents that >> commit crimes. >> Neither do all agents of governments commit crimes. > > > Yes they do, to varying degrees. They are all funded with > stolen money for starters. > > Well, that's a stretch since, well I can type my fingers raw with anarchist examples of governments, either in literature or in actuality. > > >>> >>>> On 6/17/2015 3:33 PM, Juan wrote: >>>>> On Wed, 17 Jun 2015 08:53:55 -0400 >>>>> Tim Beelen wrote: >>>>> >>>>>> So, you have no knowledge of all the details of the CIA's >>>>>> actions, but you are sure that they consist of violations? Is >>>>>> that right? >>>>> Of course. Government is a criminal organization, by >>>>> definition. >>>>> >>>>> That's all you need to know about it. >>>>> From juan.g71 at gmail.com Wed Jun 17 16:19:05 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 20:19:05 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581F48B.3080408@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> Message-ID: <5581fed3.d3c28c0a.192e.2537@mx.google.com> On Wed, 17 Jun 2015 18:28:27 -0400 Tim Beelen wrote: > You should stop smoking lettuce. Just because you think something is > not a crime does not not make it not a crime. I don't smoke lettuce. My example was meant to teach you the basics of morality - something you seem unable to grasp. So, pay attention : human/natural rights exist PRIOR TO ANY FUCKING GOVERNMENT. Enve a retarded 'american' should know this if he bothered to check basic americunt propaganda like the 'declaration of independence' > And I don't think > 'murdering people for fun' is the USMC charter. That's what the shitbags do, however. So what you think about some nonsensical 'charter' has less than zero relevance. > It might be your > observation but also generally not true for actual marines. And > actually not true in any sense. So. There's that. There's what? There's a neocon in this mailing list? > And the way you're talking you're probably are an anarchist. Which is > also a form of government directed usually by direct democracy. Well, at least you figured out that I'm an anarchist, although funnily enough you don't seem to know what anarchy is. >government directed usually by direct democracy. Nope, that's not anarchy. > > > > Wait, you were whining about what the russian government > > does, right? And on what grounds? Whatever the russian gov't > > does is 'legal' and 'not criminal'....because they say so! > It might be legal, but it's definitely not moral. Which makes it > criminal. > > See? That's your 'theory' at work. Not a very clever > > theory, I might add. > > > You're the inane one here. Juxtaposing random shit, yelling that all > governments are criminal enterprises like it means something. It's a basic truth, sonny. It may mean nothing to government worshiping psychos/neocons, but...it is still true. > > > HUMANITY IS A CRIMINAL ENTERPRISE BECAUSE IT'S AGENTS COMMIT CRIMES. No, your wrong analogy only shows that you don't know what you're talking about or are plainly dishonest. Or both. > > That obviously makes no sense because not all humans are agents that > commit crimes. > Neither do all agents of governments commit crimes. Yes they do, to varying degrees. They are all funded with stolen money for starters. > > > > > > >> On 6/17/2015 3:33 PM, Juan wrote: > >>> On Wed, 17 Jun 2015 08:53:55 -0400 > >>> Tim Beelen wrote: > >>> > >>>> So, you have no knowledge of all the details of the CIA's > >>>> actions, but you are sure that they consist of violations? Is > >>>> that right? > >>> Of course. Government is a criminal organization, by > >>> definition. > >>> > >>> That's all you need to know about it. > >>> > From juan.g71 at gmail.com Wed Jun 17 16:20:02 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 20:20:02 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581E7A7.4000908@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581DD5D.50201@riseup.net> <5581E7A7.4000908@diffalt.com> Message-ID: <5581ff0b.92138c0a.640e.2b2e@mx.google.com> On Wed, 17 Jun 2015 17:33:27 -0400 Tim Beelen wrote: > So did they pass a resolution as such that I'm unaware of? So little Timmy is ignoring plain facts. Completely unsurprising. > > Is there an international court that is willing to persecute? > > And also because first and foremost the U.S. does not acknowledge The > Hague. But the EU does acknowledge US laws. Which is nice. > > So, did they pass a resolution or not? > > On 6/17/2015 4:49 PM, Razer wrote: > > > > On 06/17/2015 01:28 PM, Tim Beelen wrote: > >> You're conflating a bunch of things. > >> > >> You can't have a criminal organization without crime, which require > >> illegality, which requires laws which require a governing body. A > >> government usually does not declare itself illegal so, no, it's not > >> going to be a criminal enterprise. > >> > > Expecting criminals to adjudicate themselves as such is a little > > beyond the pall so lets cut to the chase here, based on one > > criminal action for the moment. The US subscribes to the UN charter > > and what passes for international law, which to a huge extent the > > US had a guiding hand in shaping. > > > > The UN allowed the United States leeway to literally invade Iraq > > based on evidence presented known to be lies at the time they were > > told, by almost everyone in the US government in a position to > > authorize policy, diplomatic OR war-related, on Iraq > > > > The US government and all of it's executives committed a criminal > > act under international law by invading Iraq under false pretenses > > and therefore IS an international criminal enterprise that > > continues to this day in that country by our continued, and eternal > > (at least until the oil from there and Iran runs out) presence. > > > From juan.g71 at gmail.com Wed Jun 17 16:51:34 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 20:51:34 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <5582045A.9010305@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581DD5D.50201@riseup.net> <5581E7A7.4000908@diffalt.com> <5581ff0b.92138c0a.640e.2b2e@mx.google.com> <5582045A.9010305@diffalt.com> Message-ID: <5582066f.0b32370a.b153c.2b20@mx.google.com> On Wed, 17 Jun 2015 19:35:54 -0400 Tim Beelen wrote: > It was a rhetorical question; no they did not come up with a binding > resolution. That is how the UN enforces policy. Binding resolutions. > > So, my point is, what is the point of having international laws that > no one is willing to enforce. > > There is no ignoring plain facts. You just did not get it. Stop > smoking lettuce. You asked for even more proof of your government being a criminal enterprise and that's what Razer provided. And here's more https://upload.wikimedia.org/wikipedia/commons/f/fa/Incarceration_rates_worldwide.gif Fact : your fucking government is a criminal organization even by their own standards. Now go cry in the corner. > > On 6/17/2015 7:20 PM, Juan wrote: > > On Wed, 17 Jun 2015 17:33:27 -0400 > > Tim Beelen wrote: > > > >> So did they pass a resolution as such that I'm unaware of? > > > > So little Timmy is ignoring plain facts. > > > > Completely unsurprising. > > > > > > > > > >> Is there an international court that is willing to persecute? > >> > >> And also because first and foremost the U.S. does not acknowledge > >> The Hague. But the EU does acknowledge US laws. Which is nice. > >> > >> So, did they pass a resolution or not? > >> > >> On 6/17/2015 4:49 PM, Razer wrote: > >>> On 06/17/2015 01:28 PM, Tim Beelen wrote: > >>>> You're conflating a bunch of things. > >>>> > >>>> You can't have a criminal organization without crime, which > >>>> require illegality, which requires laws which require a > >>>> governing body. A government usually does not declare itself > >>>> illegal so, no, it's not going to be a criminal enterprise. > >>>> > >>> Expecting criminals to adjudicate themselves as such is a little > >>> beyond the pall so lets cut to the chase here, based on one > >>> criminal action for the moment. The US subscribes to the UN > >>> charter and what passes for international law, which to a huge > >>> extent the US had a guiding hand in shaping. > >>> > >>> The UN allowed the United States leeway to literally invade Iraq > >>> based on evidence presented known to be lies at the time they were > >>> told, by almost everyone in the US government in a position to > >>> authorize policy, diplomatic OR war-related, on Iraq > >>> > >>> The US government and all of it's executives committed a criminal > >>> act under international law by invading Iraq under false pretenses > >>> and therefore IS an international criminal enterprise that > >>> continues to this day in that country by our continued, and > >>> eternal (at least until the oil from there and Iran runs out) > >>> presence. > >>> > From juan.g71 at gmail.com Wed Jun 17 17:31:13 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 17 Jun 2015 21:31:13 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <5582096F.40909@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> Message-ID: <55820fbb.8ad98c0a.1dab.3161@mx.google.com> On Wed, 17 Jun 2015 19:57:35 -0400 Tim Beelen wrote: > > So, pay attention : human/natural rights exist PRIOR TO ANY > > FUCKING GOVERNMENT. > I concede to that point. Fine. Now work out the logical conclusions that follow from that premise. Here's one : any violation of such rights is criminal. > So, I happen to know a few people that are marines. > They don't like killing and are generally very agreeable. Would you > like to meet one? Not really. And I happen to live outside the direct 'jurisdiction' of the US government. Now, if you want to send one of your friends, unarmed, to my house, I might talk to him. From a safe distance and while pointing a gun at him, just in case. > > >> It might be your > >> observation but also generally not true for actual marines. And > >> actually not true in any sense. So. There's that. > > > > There's what? There's a neocon in this mailing list? > Basically anyone you actually get to meet and say hello to. What do > you think they are? Big bad bulky continuously angry men? They are people who kill other people when ordered to. That's all that counts. > > Nope, that's not anarchy. > Okay, lets try Bakunin, because for a guy who does not no anything > about Anarchism I sure know about him. He claims to "organize from > below, through local structures interlinked on a federalist basis". I > agree with Bakunin on this point. It also happens to be a form of > direct democracy. If individuals are free to NOT participate in such organization if they wish, then yes, it's anarchy. If individuals are subjected to such organization against their will then no, that's not anarchy, bakunin or not. And since you like dictionaries http://dictionary.reference.com/browse/anarchism?s=t "a doctrine urging the abolition of government or governmental restraint as the indispensable condition for full social and political liberty. " Oops. Government and anarchy just happen to be mutually exclusive concepts. (That of course shouldn't be news...) J. From tim at diffalt.com Wed Jun 17 18:56:48 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 17 Jun 2015 21:56:48 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <55820fbb.8ad98c0a.1dab.3161@mx.google.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> <55820fbb.8ad98c0a.1dab.3161@mx.google.com> Message-ID: <55822560.7020800@diffalt.com> On 6/17/2015 8:31 PM, Juan wrote: > On Wed, 17 Jun 2015 19:57:35 -0400 > Tim Beelen wrote: > > >>> So, pay attention : human/natural rights exist PRIOR TO ANY >>> FUCKING GOVERNMENT. >> I concede to that point. > Fine. Now work out the logical conclusions that follow from that > premise. Here's one : any violation of such rights is criminal. Well, it's not necessarily immoral. So not necessarily criminal. Even your own dictionary definition of anarchy provides mentions a government. Albeit a minimal one. Governed you are. Whether it's by consensus, opt-in or otherwise. > >> So, I happen to know a few people that are marines. >> They don't like killing and are generally very agreeable. Would you >> like to meet one? > > Not really. And I happen to live outside the direct > 'jurisdiction' of the US government. Now, if you want to send > one of your friends, unarmed, to my house, I might talk to > him. From a safe distance and while pointing a gun at him, just > in case. -.- > >>>> It might be your >>>> observation but also generally not true for actual marines. And >>>> actually not true in any sense. So. There's that. >>> There's what? There's a neocon in this mailing list? >> Basically anyone you actually get to meet and say hello to. What do >> you think they are? Big bad bulky continuously angry men? > > They are people who kill other people when ordered to. That's > all that counts. > ? There is lots of that going around amongst humans. How do you suggest people defend themselves against /any /hostile force? Do you think that calling it a militia makes a difference? Having trained defenders of your homestead is no bad thing. It's actually quite smart. Confusing them with lies and propaganda and making them shoot people that are innocent /is/ repugnant and immoral. But being confused or ignorant is not inherent to the institute . It's something that happens through lack of education and indoctrination through faith institutes (religion). Humans are fallible and on top of that, programmable. Many of them suffer from a massive, violent even, cognitive dissonance if you talk about what they are actually doing. Once you turn back on the cause and effect part of their humanity it's all tears, anger and confusion. PTSD, shitty coping mechanisms. And you just put them all in a hole, categorizing like a common Nazi. > > >>> Nope, that's not anarchy. >> Okay, lets try Bakunin, because for a guy who does not no anything >> about Anarchism I sure know about him. He claims to "organize from >> below, through local structures interlinked on a federalist basis". I >> agree with Bakunin on this point. It also happens to be a form of >> direct democracy. > If individuals are free to NOT participate in such > organization if they wish, then yes, it's anarchy. > > If individuals are subjected to such organization against their > will then no, that's not anarchy, bakunin or not. > > > And since you like dictionaries > > http://dictionary.reference.com/browse/anarchism?s=t http://www.merriam-webster.com/dictionary/anarchism 1*:* a political theory holding all forms of governmental authority to be unnecessary and undesirable and advocating a society based on voluntary cooperation and free association of individuals and groups GOVERNMENTAL AUTHORITY; i.e.: Government as in a society's organizational form, but not it's authority. I.e. Direct Democracy. > "a doctrine urging the abolition of government or governmental > restraint as the indispensable condition for full social and > political liberty. " > > > Oops. Government and anarchy just happen to be mutually > exclusive concepts. (That of course shouldn't be news...) > Government OR governmental restraint. Government non-the-less. Learn to read you illiterate :D But yea, I agree that for the sake of the argument they could be considered mutually exclusive. If you want to abolish government. Which is kind of strange because every form of anarchism usually has an adjective regarding it's organization. Federated, syndicalists. All of them are organized in some fashion shape or form. Now, I don't mind NOT calling that form a form of government. But I don't want to confuse people in to thinking that anarchism is some kind of synonym for chaos. > > > J. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 6755 bytes Desc: not available URL: From admin at pilobilus.net Wed Jun 17 19:41:56 2015 From: admin at pilobilus.net (Steve Kinney) Date: Wed, 17 Jun 2015 22:41:56 -0400 Subject: links - Assange now to be questioned - some choice comments at yank dot for giggles In-Reply-To: References: Message-ID: <55822FF4.7080901@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/17/2015 03:07 PM, grarpamp wrote: > Assange could perhaps have tunneled out of there a long time > ago, or overflighted an Ecuadorean chopper on diplomatic and > lowered a basket to the roof, even ballooned or ziplined away > to Ecuador. The game of international standoffs is such fun. > Master Han's advice seems appropriate: "Your tread must be light and sure, as though your path were upon rice paper. It is said, a Shaolin priest can walk through walls. Looked for...he can not be seen. Listened for ... he can not be heard. Touched ... can not be felt. This rice paper is the test. Fragile as the wings of the dragon fly, clinging as the cocoon of the silk worm. When you can walk its length and leave no trace. You will have learned." Assange has, most likely, been anticipating and planning for the interview for a couple of years. His potential interviewers will be under enormous pressure to produce specific results, most likely with conflicting directives from various Authorities and whatever bit of moral compass, er I mean care for their professional reputation, may apply. Advantage: Anyone who ever used the handle Mendax. For whatever that turns out to be worth. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVgi/zAAoJEDZ0Gg87KR0LvOUP/3HB/pcypJf+gmS3D0NGQymM KbUnDMvjB3kFlWs09V0XUkGPnEsxC+3hzU2BcVRxw6kAMrCrAaLQKMwH/q91wBpZ 1PleaYasm+TjcZc/L2txOsTZCWuRiI0B51DRMxBkZyPj2973ZRm0+z0ZgsBqJsHi 0+8JZBS0AipW+w+mVU+pBGi7hj12uOrF0UzrGMyb+NELlSi7171CFJ5s5lcIzFYP FItTAGkmK5uOF9ylPUMk4FmOt9Jdhyt7dLh/txzLCWmOOQ/v8eKTuXujF1mQ2++L 1M+K6DJLM1tla2D+OTcC/dSXW3uIMg6ywabZoF1cNTD1LEGPXETiPXZAUzLx0gey LQSErVMsTSebMCWHAxryYJteu0ksLAR11Nz5FXREh22RMEvFupwm0rdtI6W6JTx4 EUANZxRYQlXQNimbtRWJfuVkjfI6nGQftN2pw33dNkw64R63RDv0JDvJ50bjO+LL O1+rcIk+pBSXpuVcPByS7qjO/8zf2Q55v2zt3xdywmh/vZQatRgqKDNFx3Ox6cPC RfJAKh4lqu921rKTuI1RHu9lZlrKxpjtAO6MIQ1z8M7yhyzRwfA0p8+JPviJnu2d cc5H6TXfk+iNapFgdpPAthAOrnQU6VFGS+dQ1gQh6yQEryUCqDLsTYpSuT3pFnhj 11EJoGD5Ln90viaQYHEh =qyAX -----END PGP SIGNATURE----- From grarpamp at gmail.com Wed Jun 17 19:57:40 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 22:57:40 -0400 Subject: Bitcoin: It's all about the Kolions... Message-ID: http://qz.com/429536/the-absurd-trial-of-a-russian-farmer-who-invented-his-own-inflation-proof-currency/ At the local court in Yegorevsk, a town outside Moscow, the case of local farmer Mikhail Shlyapnikov is being heard. Shlyapnikov is accused of creating his own alternative currency, which he calls “kolions,” in honor of the village of Kolionovo, where his farm is located. Shlyapnikov maintains that kolions simply assist a form of barter between him and his friends. The Central Bank and tax inspectorate both claim that Shlyapnikov has violated the constitution, several tax and civic legal codes, and a host of federal laws. Meduza’s special correspondent, Andrei Kozenko, was present at a rather unusual court hearing. “I don’t understand what’s going on here,” Shlyapnikov complains to the circle of TV journalists assembled, “Where is this all heading? This is my first time in court in my whole life. Clearly something’s gotten the prosecutor worked up and he’s brought this case.” ... From grarpamp at gmail.com Wed Jun 17 20:07:59 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 23:07:59 -0400 Subject: Darknet Citizens Crowdfund Sekrit Rockit Programz To Shoot Down Pesky Spy Platforms Message-ID: http://qz.com/429946/these-are-the-first-full-color-hd-videos-of-earth-from-the-international-space-station/ http://f9xr874n.........onion/giveBTC/ From grarpamp at gmail.com Wed Jun 17 20:55:50 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 17 Jun 2015 23:55:50 -0400 Subject: Terrist Favorite Messaging App SureSpot Under Govt Duress Message-ID: https://antipolygraph.org/blog/2015/06/07/developers-silence-raises-concern-about-surespot-encrypted-messenger/ http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-Is-Surespot-the-latest-cryptowar-victim https://www.surespot.me/documents/how_surespot_works.html https://www.surespot.me/documents/threat.html https://github.com/surespot https://www.eff.org/secure-messaging-scorecard Note that as with most new projects, SureSpot is unaudited, centralized, run by relative unknowns, nor is it known whether anyone is publicly validating the supposed source code to the distributed binaries and server protocols with each version. From zen at freedbms.net Wed Jun 17 07:15:08 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 00:15:08 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: <55816DE3.3010405@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> Message-ID: On 6/17/15, Tim Beelen wrote: > On 6/16/2015 9:16 PM, Zenaan Harkness wrote: >> On 6/17/15, Tim Beelen wrote: >>> On 6/16/2015 7:13 AM, John Young wrote: >>>> WikiLeaks WikiTweets only .05% of Snowden documents have been >>>> declassified for release by the spy-micking hoarders, out of nearly 1M. >>>> Cryptome tallies 7% of Guardian's magically variable 58,000 or .02% >>>> of DoD's defense industry mass overkill 1.7M. >>> The reason for this is the work that /all/ of these institutes do. It is >>> bigger then what an individual or, is some cases, a small group can >>> accomplish. And can easily be undermined if details are published. Who >>> is it to say that what CIA has been doing is not in U.S. best interest. >>> You? Me? >> You just bought not only the false presumption, but a logical >> impossibility - without knowledge in detail of the CIA's actual >> actions, I am unable to prove their violations. > > So, you have no knowledge of all the details of the CIA's actions, but > you are sure that they consist of violations? Is that right? > > By the way, the CIA is under congressional oversight. That is where > accountability ends. They don't have to explain themselves to you. > > How effective is this oversight? I think the vast majority Members of > Congress in general do not have the cognitive skills to understand the > issues that the CIA creates. Let alone come to an agreement on how to > handle the agency. > > To summarize the problem: the CIA is has about 20.000 employees. Which > is substantially bigger then in the 1950s where they had maybe about > 4-5.000. They are an intelligence office. They started out gathering > intelligence, gained intelligence gathering capabilities and now have > capabilities to operate independently to some extent for some years. > > Now, we know they spy on Congress. Manipulate congress. Overthrow > governments. And somehow you presume such things are in the best interests of the USA? Good luck convincing people on that one... > Steer elections. But who controls them? With no oversight > they basically do 'whatever' and 'whatever' is quite a dangerous thing > to do. Now, in hindsight, I don't care if they go around the world and > bully people into playing nice. But that is besides the point. > > The problem is the culture. Recent breaches of security contractors have > shown that information technology information gatherers (ITIG) employs a > lot of clowns. Like you, you want a polarized version of the world where > the CIA is bad. What I want is for "loose cannon power wielders" to principle the fuck up. Overthrowing governments does not mesh with my idea of principle, nor human rights, nor national strength, dignity, rule of law - not a damn thing I hold important. There appears to be abundant evidence over the years that the US is throwing its political, economic and military might around, all over the world, just being a bully, without respect for ethics, principle, national sovereignty, dignity, human rights, without even respect for the rule of law and as a total hypocrite to its own past behaviour - compare Kosovo actions to Ukraine dialog. Sure, in principle we can say "every one is doing their best". Well, their best is not fucking good enough, since almost no one (it appears) sacrifices personal convenience for their greater ideals and principles, and somewhere up the chains of command those with "genuine power" run amok far too often. By all means dear CIA and CIA apologists (and NSA, FBI, USAGOV, ANY_OTHER_ENTITY), publicize your good outcomes and your stands for what we common folk consider principles, human rights, fairness and the like. Give us hope. Give us stories of the great democtratic benefits you've brought to the countries whos governments you've successively installed, overthrown, installed, overthrown. Love to hear genuine positivity facts. Facts to the contrary ('negative' outcomes) abound by incontrovertible evidence or for thinking men and women, incontrovertible conclusion. Bring on the CIA is Wonderful for The World facts. Please! I really, really want to believe the world is in better shape than it bloody well appears to be! Demonstrate the three letter agencies of USAGOV that have upheld, rather than violated, human rights around the world (hell, even in their own country!). From where we peasants sit, those in power continue to justify their every apparent misdeed somehow - 'the end justifies the means' perhaps? Meanwhile the world goes to hell in a hurry. Since the far less than admirable 'means' predominate, over and over and over again. > Just bad. And by your own admission you don't even care > what they do, you are just looking to punish them. That is not a data Find some other idiot's mouth to put words in. This one's evidently failed to raise the tone of this particular dialog. Good luck with your thesis and here's hoping others can do a better job of bringing something higher to this world. Zenaan https://en.wikipedia.org/wiki/CIA_involvement_in_Contra_cocaine_trafficking "Once you set up a covert operation to supply arms and money, it's very difficult to separate it from the kind of people who are involved in other forms of trade, and especially drugs. There is a limited number of planes, pilots and landing strips. By developing a system for supply of the Contras, the US built a road for drug supply into the US." Former CIA agent David MacMichael[1] " -------------- next part -------------- A non-text attachment was scrubbed... Name: russia_wants_war_look_how_closely_they_put_country_to_our_military_bases_0.jpg Type: image/jpeg Size: 27891 bytes Desc: not available URL: From grarpamp at gmail.com Wed Jun 17 21:28:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 18 Jun 2015 00:28:14 -0400 Subject: Privacy advocates resign over facial recognition plans Message-ID: https://firstlook.org/theintercept/2015/06/16/privacy-advocates-resign-protest-u-s-facial-recognition-code-conduct-2/ Technology industry lobbyists have so thoroughly hijacked the Commerce Department process for developing a voluntary code of conduct for the use of facial recognition technology that nine privacy advocates involved withdrew in protest on Monday. “At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement ... Unfortunately, we have been unable to obtain agreement even with that basic, specific premise. http://yro.slashdot.org/story/15/06/17/1931216/privacy-advocates-leave-in-protest-over-us-facial-recognition-code-of-conduct http://cvdazzle.com/ Ever notice the shiny new door, camera and register systems at Walmart? Wonder if retail is Stingray'ing patrons IMEI's into such databases? See the boxes popping up on roadsides, cameras and antenna arrays on poles and buildings at every intersection? All the pointless info and blood you have to give? In order to simply move and live and talk? For what, exactly, in return? Disgusting. Cypherpunks... when / where will it all end? From adam at cypherspace.org Wed Jun 17 15:51:54 2015 From: adam at cypherspace.org (Dr Adam Back) Date: Thu, 18 Jun 2015 00:51:54 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: I would recommend to read the post. I thought it was fairly comprehensive and this is extremely bad both in network fork risk (which not everyone may understand details of as its quite intricate). Hard-forks should only be done with wide-spread consensus, and are fairly risky even then, but by doing it in a contentious divisive way - understand everyone in the technical community is very concerned - just unnecessarily magnifies the risk of failure. The other major issues being the precedent set and loss of decentralised code governance described in the post. A "distributed system" which has one or two developers, one who has a slight history for proposed a number of objectionable things in the past (red-lists etc) is not really distributed. How do we know other than assumption that they are not taking money to push preferred features, or under duress/blackmail etc. This is the point of the existing code change approval system to review and cross check against things like that. If people on *cypherpunks* cant get the points in the post, I think the world has a problem. The price of security in a distributed system like bitcoin is eternal vigilance, but if people dont understand what constitutes a risk and hence what to be vigilant for, the meta-system can be unreliable and lose its assurances. I think we need to explain some more concepts and probably people will over time learn things and and an influencer pyramid emerge as happened in privacy technology. Adam On 17 June 2015 at 17:44, Sean Lynch wrote: > It seems to me the real problem would be the community making a big deal > about the fork, not the fork itself. Maybe the fork will take off, in which > case anyone who has a position in Bitcoin now will have a position in the > forked currency, or it won't, in which case who cares? Sure, Bitcoin might > be less valuable for a while while people wait and see how the fork does, > but anyone who thinks a hard fork is a large risk to Bitcoin compared to all > the other risks it faces is deluding themselves. > > I think we would all be better off if the community said, "Fine, fork if you > want. May the best fork win," than to sing doom and gloom every time someone > decides not to follow the community process. Besides, a bunch of different > people being involved does not a decentralized system make. Not if they all > have to follow the same process and forks without consensus are not allowed. > That can actually be worse in many ways than a benevolent dictatorship, > because it will quickly ossify as the community grows larger and more > diverse. > > If Bitcoin itself had to get community consensus before it was tried, we'd > have no Bitcoin. I have no problem at all with someone deciding to fork it. > In fact, I *prefer* it, because I think in the long run it makes my own > position *more* valuable to have different forks trying different things. > Anyone who holds Bitcoin before the fork gets the sum of the values of their > account on each fork. Over the long run, the value on most forks will go to > zero, but then it's at worst a max function. > > Claiming that forks make Bitcoin less valuable sounds to me a lot like > Bernie Sanders saying we don't need so many choices of deodorant. From l at odewijk.nl Wed Jun 17 09:30:01 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 18 Jun 2015 01:30:01 +0900 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: 2015-06-18 1:21 GMT+09:00 John Young : > Urging war to protect sacred cows is cloaked as protecting one's own > version > of civilization but is actually protecting one's own militarization -- the > oldest > fucking religion of professional fucking. > > Spies, patriots and leakers are pimps for this rampant and ancient STD, > the infected bastards emitted to contaminate and ravage the planet. > They're just being practical. No point getting mad about it; evolution selects for practical; you will not win without being more practical. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 872 bytes Desc: not available URL: From zen at freedbms.net Wed Jun 17 09:59:09 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 02:59:09 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: <55819835.40205@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: On 6/18/15, Tim Beelen wrote: > "People aren't against you, they are for themselves." is a much greater > truism then trying to find reason in foreign politics or actions of > governments. When no straightforward reason for a government's foreign political actions is evident, nor becomes evident over time, and this lack of sanity evidences itself decade in, decade out, then what legitimacy can said government truly have besides "might is right"? "Tim," your rhetoric speaks loudly. > And if these sensible "Russian" ideas proliferate wherever > you're from, why do you live in a country that does not even have a > unified military and has Generals that do however they please? Like > fucking around in Ukraine? Perhaps a bit more reading for you? Or do you really intend to back that the USA is the principled, honourable, fair and reasonable example we (the rest of the world) should all be drinking from? > I hope you don't have massive cognitive dissonance over that fact. Nope. None here. Feel free to try some form other then sarcasm - perhaps empathy, or rationality.. What I see is a world where the power players (lead by example principally by the US since WWII) cause/foment much human strife around the world. Governments/ "other countries" are "pretty good at digging their own graves" you say? My, what big rationale you have... I missed the part where the US still holds the moral high ground? Seriously ... I missed that part. I get that it might be difficult looking out from within... I so -want- those who hold power to live to a higher "moral" standard - hell, any standard that we "mere peasants" (like, what the fuck would we know?) can perceive consistently as being worthy of some, or any, admiration. I find the world a rather sad place, in far too many ways. It saddens me greatly that the United States of America has sacrificed her international good will to such an extent as is the case. Expect hope and empathy from me, but no sympathy. Individual humans must wake up, and begin to take individual and human stands. Stands of compassion, justice, principle. Please. To the best of your ability, take the words of your founding fathers to heart. Live as best you can in the heritage that was intended for you. And encourage as many others to do likewise. I suspect significant turmoil in the years to come, and I do not envy any one who must suffer such consequences. It's just a hunch I have. When power fails and the lights go out, people get scared of the dark, of the uncertainty. Everything has cycles, nations no less. Good luck, you (and the whole world) may need it, Zenaan From zen at freedbms.net Wed Jun 17 10:00:21 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 03:00:21 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <55819835.40205@diffalt.com> Message-ID: On 6/18/15, John Young wrote: > At 11:54 AM 6/17/2015, you wrote: >> Like fucking around in Ukraine? > > http://cryptome.org/worlds-nukes.jpg ... > Urging war to protect sacred cows is cloaked as > protecting one's own version > of civilization but is actually protecting one's > own militarization -- the oldest > fucking religion of professional fucking. > > Spies, patriots and leakers are pimps for this rampant and ancient STD, > the infected bastards emitted to contaminate and ravage the planet. Thanks John. Gets a bit tiring sometimes. From zen at freedbms.net Wed Jun 17 10:38:15 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 03:38:15 +1000 Subject: links - Assange now to be questioned - some choice comments at yank dot for giggles Message-ID: With plenty of references to our 'favourite' three letter agencies no less :) The, ahem, cypherpunks amongst us may enjoy this, just a little: http://yro.slashdot.org/story/15/06/15/2211259/julian-assange-to-be-interviewed-in-london-after-all But hey, don't let me spoil the CIA's parade. From l at odewijk.nl Wed Jun 17 11:39:53 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 18 Jun 2015 03:39:53 +0900 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581B1E9.60300@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581B1E9.60300@diffalt.com> Message-ID: 2015-06-18 2:44 GMT+09:00 Tim Beelen : > Yes, my government is not what I would put in power. But I don't have much > influence (any, really) over who and what get's chosen around here. So, to > assume that I have anything to do with it is stretching reality a bit. But > you're welcome to shoot them a mail and tell them how you feel about all of > it. "Don't blame me! I only pay them taxes!" -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 714 bytes Desc: not available URL: From grarpamp at gmail.com Thu Jun 18 01:28:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 18 Jun 2015 04:28:38 -0400 Subject: Matryoshka (fill traffic in networks?) [was: Are TOR holes intentional?] Message-ID: On Thu, Jun 18, 2015 at 12:51 AM, Roger Dingledine wrote: > but it sure looks like another case of somebody not understanding the > research field, and thinking that solving the traffic confirmation > attack is easy, without actually thinking through the engineering side, > the scaling side, or the statistics side. There's certainly no easy solution to all problems. Though there could be value in those that put more odds in your favor, even though they do not yield 100% solution or protection. If you rarely tx but then emit something [unique or timely] that pops out at some [rare] destination, you're done for. I think we've seen posts from some people who slow crawl the web 24x7 when their client is running just to add cover at their end for their interspersed real web activity. By the way, does metrics report the saturation level of the net as a whole in terms of bandwidth and processing load for exit and non exit relays as both one [and two] summed aggregate group[s]? > But even full scale padding, ignoring the practical side of how to get a > Tor network that can afford to waste so much bandwidth Waste is an incorrect, negative term for designed in padding (fixed set of lengths) or fill (empty links) or chaff (ratio) or whatever this is. A design where fill traffic gets out of the way when real data is being sent might have periods of congestion or underutilization of the link depending on the distance in hops the fill is managed over, and the speed of the sensing and feedback controls. Seems that might need to be as fast as you could initiate a first packet across, unless you inhibit that packet until ready. Yes, an individual relay or end node may be subject to various billing policies (transfer vs bitrate), but see thread in reply to Titov here... https://lists.torproject.org/pipermail/tor-talk/2015-May/037987.html https://lists.torproject.org/pipermail/tor-talk/2015-June/038027.html > doesn't provide > protection in the face of active attacks where you induce a gap on one > side and then observe the gap on the other side. And it might even be > the case that these gaps happen naturally by themselves, due to network > congestion and so on, so maybe passive observers will be winners even > against a design that does full padding. I've said that fill seems useful against passives, not actives. However a design may actually be possible such that any disturbance or deficiency in fill might be possible to make up from other sources. In other words, if I knock you off the net, the remaining path your data would have taken to your endpoint will still be filled so as not to expose the far end as being tied to you (if the fill management scope of the network is finer grained than just the end nodes negotiating end-to-end with each other (ie: I think the entire net will need to negotiate their own mesh of fill peers as an underlying management layer, with possible cues from above)). You get knocked off, your former peers sense this and recalc their fill sources and sinks. > Also, to make it really work in practice, all users are going to need > to pad not just while fetching their web page or iso or whatever, but > sufficiently before and after that too, else an attacker can match up > start times and end times: > http://freehaven.net/anonbib/#murdoch-pet2007 Well duh, that's necessary :) > tl;dr the whole premise of this person's blog post is flawed, since > their design likely does not work as they think it does. While someone's design may be insufficient to solve some problem, it does add value in the form of talk of possible solutions and trialing them. Thereby others can try different / related avenues to a solution. > For background see e.g. > http://freehaven.net/anonbib/#danezis:pet2004 > This is a great area for further research: > http://freehaven.net/anonbib/#ShWa-Timing06 > http://freehaven.net/anonbib/#active-pet2010 I don't mean that Tor specifically needs to investigate or implement fill, but that since the research area is probably not complete, and that no operational net is trying it, it's worth continued work. If anyone knows a good list that does or would serve as home for such work, please say so as I'm unaware of any. [Bcc'd to matryoshka as FYI] From grarpamp at gmail.com Thu Jun 18 04:23:36 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 18 Jun 2015 07:23:36 -0400 Subject: Hearn vs Bitcoin-over-Tor / anonets? Message-ID: Wasn't there a group of folks or posts that were suggesting colored coins / relay censorship or some other type things as a good idea? Hearing people dismiss particular use cases of anonymity networks as moot, even though such uses are possible and being done (without need for much code or protocol development), or suggesting lesser alternatives, well... doesn't seem like words of support for those users, their principles and needs... and seems possibly against them. Of course the interpretation should really be left to others more closely following these few specific issues than I. https://www.youtube.com/watch?v=8JmvkyQyD8w&t=24m00s Recall that bitcoin-core added support for Tor and I2P a few years back thus helping to affirm the use case of anonets by [users of] digital currencies. And that those running traditional government currencies usually wish neither privacy or independant currencies, unless it's for and by themselves. IBM of course has a digital currency partnership proposition. Similar issues would apply there as well. From Rayzer at riseup.net Thu Jun 18 09:38:19 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 18 Jun 2015 09:38:19 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581F48B.3080408@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> Message-ID: <5582F3FB.1030900@riseup.net> On 06/17/2015 03:28 PM, Tim Beelen wrote: > You should stop smoking lettuce. Sorry to interject but I read alot of geopolitical mayhem related 'news' every day and to stay focused, if not sane, I smoke lettuce at every opportunity. It's so much more fun to 'connect-the-dots' that way, and as far as thinking 'outside the box', smoke enough of the Leafy Greens I've been smoking and all of a sudden... A flash of inspiration... Why think OUTSIDE the box. Let's just assume there is no "Box". -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From jya at pipeline.com Thu Jun 18 06:42:58 2015 From: jya at pipeline.com (John Young) Date: Thu, 18 Jun 2015 09:42:58 -0400 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: "The Dark Net: Inside the Digital Underworld," Jamie Bartlett, examines the options for escaping observation -- for a while. Cypherpunks is featured for promoting privacy with technology; crypto, anonymizers, digital currency, unauthorized disclosures and more. And how escaping observation very often involves criminal activity, although as Tim May and others claimed, that is the price paid for cloaking from prying eyes. That Tor cloaks 415-1230% of child porn sites, 550-7000% of drug sales, and the like, is allegedly seen by the rebellious undergrounders as "so what, personal freedom is not free." So the richest have the greatest personal freedom, "so what," declared Judge Loretta Preska sentencing shackled hackers for violating the private enclaves of her kind's lawfully-bending relatives and unjudicials. Security of any kind is always bleak, not just due to NSA, its the Devil, why else would religion exist except to forecast the worst imaginable and preach slim chances of avoiding prying eyes of homicidal deity. Crypto bent-back prayer leads the day in fashionable cloaks against inevitable deitific spying -- mostly done by the same devils who espouse cryptosystems which inevitably fail like perpetual motion machinic faiths of all kinds. To the rescue upgrades offer a tad more dreadless illusion while injecting sand and rust into the sanctuaries, desktops, laptops, handhelds, clouds, national security, 4-rotored ski lifts to heaven. Hey, wake up, faithless cypherpunks will not be fooled, remember this when cold dead hands clamber into windows of Ecuadorian embassies, run skirted circles at Fort Leavenworth, dream of languid days key-signig in Hawaii from scrotum-iced pole dancing in Moscow, incise 365x24 days x 10 years to go on large sceen cell walls. Remember too where the grandfathers of cpunks loll, picking fleas from their cats, rueing STDs on their bitches, grooming authors of Deep and Dark Web tomes of horrific beasts lurking inside electronic frontiers of children's Kindles. At 08:46 AM 6/18/2015, you wrote: >2015-06-18 13:28 GMT+09:00 grarpamp ><grarpamp at gmail.com>: >Cypherpunks... when / where will it all end? > > >The cost of observation is ever dropping. With improved processing >capability (hardware and software) the value of data is ever rising. >There is only one logical conclusion: permanent, global observation. > >Resistance is effective but eventually futile, you cannot reverse >time, you cannot reverse progress. > >More fruitful is managing the inevitable future. Will we go gently >into corporate hell? Will we let power games rule us? Do the wealthy >buy privacy, and the people's data? Will you, at the very least, own >the data about you? Will populism be managed by algorithms? Do our >current systems still work in such a future? How will the developed >areas relate to the underdeveloped? Etc. etc. etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3249 bytes Desc: not available URL: From Rayzer at riseup.net Thu Jun 18 09:54:26 2015 From: Rayzer at riseup.net (Razer) Date: Thu, 18 Jun 2015 09:54:26 -0700 Subject: Russia and China crack Snowden Cache In-Reply-To: <5582096F.40909@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> Message-ID: <5582F7C2.4090804@riseup.net> On 06/17/2015 04:57 PM, Tim Beelen wrote: > So, I happen to know a few people that are marines. They don't like > killing and are generally very agreeable. If you aren't on the extensive list of people who 'need to die' in the 'national interest' > Would you like to meet one? Have enough combat vet friends myself. Mostly Vietnam gen. They 'get it'. The cooks and clerks? Well they STILL want to 'kill gooks' and think my 60s antiwar activities were 'traitorous' despite the fact that they fought for my right to do just that. The ones coming back from Iraq and Afghanistan are SERIOUSLY fucked up and on medications or busy being junkies/alcoholics. Hopefully they'll 'get it' before their psychological traumas kill them. Maybe your Marine buddies would like to meet Scott Olsen? The 'enemy' couldn't kill him but the Oakland police department almost did. http://www.eastbayexpress.com/SevenDays/archives/2014/03/21/oakland-to-pay-45-million-to-iraq-war-vet-scott-olsen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From list at sysfu.com Thu Jun 18 10:19:18 2015 From: list at sysfu.com (Seth) Date: Thu, 18 Jun 2015 10:19:18 -0700 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: On Wed, 17 Jun 2015 21:28:14 -0700, grarpamp wrote: > https://firstlook.org/theintercept/2015/06/16/privacy-advocates-resign-protest-u-s-facial-recognition-code-conduct-2/ > > Technology industry lobbyists have so thoroughly hijacked the Commerce > Department process for developing a voluntary code of conduct for the > use of facial recognition technology that nine privacy advocates > involved withdrew in protest on Monday. > > “At a base minimum, people should be able to walk down a public street > without fear that companies they’ve never heard of are tracking their > every movement ... Unfortunately, we have been unable to obtain > agreement even with that basic, specific premise. > > http://yro.slashdot.org/story/15/06/17/1931216/privacy-advocates-leave-in-protest-over-us-facial-recognition-code-of-conduct > http://cvdazzle.com/ > > Ever notice the shiny new door, camera and register systems at Walmart? > Wonder if retail is Stingray'ing patrons IMEI's into such databases? > See the boxes popping up on roadsides, cameras and antenna arrays > on poles and buildings at every intersection? All the pointless info and > blood you have to give? In order to simply move and live and talk? > For what, exactly, in return? > Disgusting. > Cypherpunks... when / where will it all end? This message brought to you by Revelation 13:17 and Iron Maiden! https://youtu.be/rrSiIqCpxB8 From coderman at gmail.com Thu Jun 18 10:22:25 2015 From: coderman at gmail.com (coderman) Date: Thu, 18 Jun 2015 10:22:25 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: On 6/17/15, Dr Adam Back wrote: > ... > If people on *cypherpunks* cant get the points in the post, I think > the world has a problem. The price of security in a distributed > system like bitcoin is eternal vigilance... Adam, there are plenty who do understand. ... and clearly some who don't. for some of us, this question was answered *years* ago. NO HARD FORK! and at times feelings so heated there have been death threats against those pushing for a non-consensus hard-fork. they should take the fury and conviction regarding these concerns to heart, lest they under estimate the stakes at play and potential risks ahead. a hard fork is not Bitcoin - it is distraction. thank you for keeping the heat on this subject! best regards, From afalex169 at gmail.com Thu Jun 18 02:19:29 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Thu, 18 Jun 2015 12:19:29 +0300 Subject: U S A, U S A - John Oliver on USA torture report In-Reply-To: References: Message-ID: Zenaan, everybody, ​this is horrible. Truly horrible. I have read some parts of this report... I couldn't believe, honestly. I couldn't believe, that it comes from the US. I could think it happens in some Iran, but... US?! And i have no rose-colored glasses. As a matter of fact, i read a few years ago many official & biographic reports about the Gestapo torture methods (sorry about the Nazi theme). And it was *LESS* horrible than what i saw in this *CENSORED* report! The US have lost even the level of some kind of humanity, not to mention the right to lead the world. And this report, is another indisputable proof of this. 2015-06-18 11:32 GMT+03:00 Zenaan Harkness : > http://www.youtube.com/watch?v=zmeF2rzsZSU > > http://bgr.com/2015/06/15/last-week-tonight-john-oliver-torture/ > > Censored to be not accessible in Australia (and therefore presumably > elsewhere), but most folks around here ought find that no barrier. > > I guess this is about as humorous as this topic can be presented. Sad as > it is. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1917 bytes Desc: not available URL: From zen at freedbms.net Wed Jun 17 19:25:24 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 12:25:24 +1000 Subject: Russia and China crack Snowden Cache In-Reply-To: <5582096F.40909@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> Message-ID: On 6/18/15, Tim Beelen wrote: > On 6/17/2015 7:19 PM, Juan wrote: >> On Wed, 17 Jun 2015 18:28:27 -0400 >> Tim Beelen wrote: >>> You should stop smoking lettuce. Just because you think something is >>> not a crime does not not make it not a crime. >> >> I don't smoke lettuce. My example was meant to teach you the >> basics of morality - something you seem unable to grasp. > > I know you don't smoke lettuce. > >> So, pay attention : human/natural rights exist PRIOR TO ANY >> FUCKING GOVERNMENT. > > I concede to that point. > >> Enve a retarded 'american' should know this if he bothered to >> check basic americunt propaganda like the 'declaration of >> independence' > > Dude, that is racist. I think. Calling all Americans cunts. Such a big > geographical area too. North, South. ... >>> HUMANITY IS A CRIMINAL ENTERPRISE BECAUSE IT'S AGENTS COMMIT CRIMES. >> No, your wrong analogy only shows that you don't know what >> you're talking about or are plainly dishonest. Or both. > No no, I'm not dishonest. It's just that you're polarizing. You can't > find an individual to blame like a proper anarchist. So you blame a > group. Like a fucking Nazi. Godwin's Law! https://en.wikipedia.org/wiki/Godwin%27s_Law Now everyone haz a nice juicy prize. From coderman at gmail.com Thu Jun 18 13:31:03 2015 From: coderman at gmail.com (coderman) Date: Thu, 18 Jun 2015 13:31:03 -0700 Subject: U S A, U S A - John Oliver on USA torture report In-Reply-To: References: Message-ID: On 6/18/15, Александр wrote: > ... > As a matter of fact, i read a few years ago many official & biographic > reports about the Gestapo torture methods (sorry about the Nazi theme). And > it was *LESS* horrible than what i saw in this *CENSORED* report! funny to think robotic drone murders from over-seas safety as humane choice for conflict. i can almost picture the Hayden like boastfulness, "If you had told me after the TORTURE report, that the only reform would be, 'No more anal rape-feedings'? Nice.! *thumbs up*" i have no words the the disgust... From carimachet at gmail.com Thu Jun 18 05:24:49 2015 From: carimachet at gmail.com (Cari Machet) Date: Thu, 18 Jun 2015 14:24:49 +0200 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: <1434602177.745720.298646521.0F54390E@webmail.messagingengine.com> References: <1434602177.745720.298646521.0F54390E@webmail.messagingengine.com> Message-ID: fucking disney began the facial recognition thing ... for fascist capitalist gain ... they were sued over it so every person that supports fascist capitalists like disney is in collusion ... it wont stop until people decide that they are individually responsible for the build and change their fucked up parasitic behavior On Thu, Jun 18, 2015 at 6:36 AM, Alfie John wrote: > On Thu, Jun 18, 2015, at 02:28 PM, grarpamp wrote: > > Ever notice the shiny new door, camera and register systems at > > Walmart? Wonder if retail is Stingray'ing patrons IMEI's into such > > databases? See the boxes popping up on roadsides, cameras and antenna > > arrays on poles and buildings at every intersection? All the pointless > > info and blood you have to give? In order to simply move and live and > > talk? For what, exactly, in return? Disgusting. Cypherpunks... when / > > where will it all end? > > "If you want a picture of the future, imagine a boot stamping on a > human face - for ever." - George Orwell, 1984 > > Alfie > > -- > Alfie John > alfiej at fastmail.fm > -- Cari Machet NYC 646-436-7795 carimachet at gmail.com AIM carismachet Syria +963-099 277 3243 Amman +962 077 636 9407 Berlin +49 152 11779219 Reykjavik +354 894 8650 Twitter: @carimachet 7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187 Ruh-roh, this is now necessary: This email is intended only for the addressee(s) and may contain confidential information. If you are not the intended recipient, you are hereby notified that any use of this information, dissemination, distribution, or copying of this email without permission is strictly prohibited. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2748 bytes Desc: not available URL: From alfiej at fastmail.fm Wed Jun 17 21:36:17 2015 From: alfiej at fastmail.fm (Alfie John) Date: Thu, 18 Jun 2015 14:36:17 +1000 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: <1434602177.745720.298646521.0F54390E@webmail.messagingengine.com> On Thu, Jun 18, 2015, at 02:28 PM, grarpamp wrote: > Ever notice the shiny new door, camera and register systems at > Walmart? Wonder if retail is Stingray'ing patrons IMEI's into such > databases? See the boxes popping up on roadsides, cameras and antenna > arrays on poles and buildings at every intersection? All the pointless > info and blood you have to give? In order to simply move and live and > talk? For what, exactly, in return? Disgusting. Cypherpunks... when / > where will it all end? "If you want a picture of the future, imagine a boot stamping on a human face - for ever." - George Orwell, 1984 Alfie -- Alfie John alfiej at fastmail.fm From l at odewijk.nl Wed Jun 17 23:51:00 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 18 Jun 2015 15:51:00 +0900 Subject: Bitcoin: It's all about the Kolions... In-Reply-To: References: Message-ID: Scrolling down their list of articles I can say with confidence: "God I am tired of making the poor and the female look better by force" - women are a majority, black and whites are both minorities (yellow fellows outnumber us all), and aside from how fast we burn in the sun it's pretty hard to say what other differences our separation has made us have. One should discriminate as accurately as possible, and fight one's tendency to be unrealistic. End of interest. Nestle realized the African middle class does not really grow as expected and scales down plans? -> HATEFUL MULTINATIONAL IGNORING LOW INCOMES USD bill will get new face? -> TRY TO FIND A >>>FEMALE<<< FOR IT, JUSTICE YEEE Makers in Hollywood movies? -> WHY AREN'T THERE FEMALES IN THESE MOVIES Popular now? "What happened to the women who graduated IIT's in the 90s?" (probably mostly whatever the hell they made happen to them) White guy shoots up a church filled with black people? It was definitely a Hate Crime, and having a church for "African Methodists" is not even remotely racist to begin with. And regarding this main article, why do people always find it amusing when it becomes impossible to execute the law? It's totally unclear if this guy broke the law or not. He created a shitty currency and got the local population to use it. They evade tax with it. They claim no inflation - but have no control. There's no way to distinguish a local influential sneaky businessperson from a goofy farmer. He claims not to know how large the supply/pool of his currency is - yet claims no inflation? Then he's a fool or a liar, and for misguiding his fellow townsman he may deserve to be punished. If only they had the common sense to hold a proper trial. Most likely this will float up to a higher, more well funded court, which will accurately discern the crimes and dish out insane punishments in accordance to law, or this will end in a "guilty but no punishment" situation - the best law abiding citizens can give one another in times where everything is done but nothing is permitted. OTOH: good fun, with the bartering and the like ;) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2663 bytes Desc: not available URL: From l at odewijk.nl Wed Jun 17 23:57:56 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 18 Jun 2015 15:57:56 +0900 Subject: Russia and China crack Snowden Cache In-Reply-To: References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> Message-ID: 2015-06-18 11:25 GMT+09:00 Zenaan Harkness : > > group. Like a fucking Nazi. > > Godwin's Law! We might want to think of some hypothetical adversaries. Fiction may not be taken so very seriously as the nazi's - but at least we will get better accuracy in describing certain risks of government, discrimination, etc. Then Godwin's can be put to a peaceful rest, and discussion can do away with the hard-to-pin-down concept-cluster that is National Socialism. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 803 bytes Desc: not available URL: From juan.g71 at gmail.com Thu Jun 18 13:13:38 2015 From: juan.g71 at gmail.com (Juan) Date: Thu, 18 Jun 2015 17:13:38 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <55822560.7020800@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> <55820fbb.8ad98c0a.1dab.3161@mx.google.com> <55822560.7020800@diffalt.com> Message-ID: <558324d7.8a0f370a.9679.ffffb157@mx.google.com> On Wed, 17 Jun 2015 21:56:48 -0400 Tim Beelen wrote: > > > On 6/17/2015 8:31 PM, Juan wrote: > > On Wed, 17 Jun 2015 19:57:35 -0400 > > Tim Beelen wrote: > > > > > >>> So, pay attention : human/natural rights exist PRIOR TO > >>> ANY FUCKING GOVERNMENT. > >> I concede to that point. > > Fine. Now work out the logical conclusions that follow from > > that premise. Here's one : any violation of such rights is criminal. > Well, it's not necessarily immoral. So not necessarily criminal. Au contraire. Any violation of natural rights is morally wrong and criminal. Morality, rights and crime (violation of rights) are all facets of the same idea. > Even your own dictionary definition of anarchy provides mentions a > government. Albeit a minimal one. The definition I quoted explicitly rules out government. But even if you want some kind of 'government' it has to be 'voluntary'. So in practice it doesn't govern anything. And, we were talking about existing governments, especially the US government - an organization which isn't 'minimal' by any means and which is fully criminal/coercive. The US government like any other 'official' 'national' government operates on the principle of "obey or die". > Governed you are. Whether it's by > consensus, opt-in or otherwise. No, because I don't consent* to being governed. So as as far as I'm concerned I'm choosing ZERO government - or anarchy. *Consent, you know. The ability to say "yes", or "NO" GO FUCK YOURSELF. > > > > They are people who kill other people when ordered to. > > That's all that counts. > > > > ? There is lots of that going around amongst humans. How do you > suggest people defend themselves against /any /hostile force? Do you > think that calling it a militia makes a difference? Having trained > defenders of your homestead is no bad thing. It's actually quite > smart. Not smart, not the point and do your own homework. > > Many of them suffer from a massive, violent even, cognitive > dissonance if you talk about what they are actually doing. Once you > turn back on the cause and effect part of their humanity it's all > tears, anger and confusion. PTSD, shitty coping mechanisms. And you > just put them all in a hole, categorizing like a common Nazi. > Yep, that's exactly what they are. But actually no, they are worse than nazis. In case you were not aware, your friends (you?) are volunteers. But yes, tell your sob stories to the people your military murder for fun and profit. I'm sure the victims will fully appreciate them. > > > > And since you like dictionaries > > > > http://dictionary.reference.com/browse/anarchism?s=t > http://www.merriam-webster.com/dictionary/anarchism > 1*:* a political theory holding all forms of governmental authority > to be unnecessary and undesirable and advocating a society based on > voluntary cooperation and free association of individuals and groups By the way, anarchists don't only reject governmental authority. They tend to reject all kinds of authority. For instance, 'religious' authority. > > GOVERNMENTAL AUTHORITY; i.e.: Government as in a society's > organizational form, but not it's authority. I.e. Direct Democracy. How do you think direct democracy works? What do you mean by that? What kind of things can be put up for a vote? Burn the witches, yes, no? And what happens when the witches are outvoted? > > > "a doctrine urging the abolition of government or > > governmental restraint as the indispensable condition for full > > social and political liberty. " > > > > > > Oops. Government and anarchy just happen to be mutually > > exclusive concepts. (That of course shouldn't be news...) > > > Government OR governmental restraint. Government non-the-less. Learn > to read you illiterate :D A government that can't enforce its dictates is not a government. Also, the definition mentions plain government "a doctrine urging the abolition of government...as the ...condition for...liberty" They could have just said "abolition of governmental restraint" but they didn't. I'm willing to admit that definition isn't as polished and consistent as it should be, but no more. > > But yea, I agree that for the sake of the argument they could be > considered mutually exclusive. Fine, and let me repeat, the disussion was about clearly coercitive governments - like the US government. > If you want to abolish government. > Which is kind of strange because every form of anarchism usually has > an adjective regarding it's organization. I want to abolish the use of crime as an allegedly legitimate and legal way for people to interact. > Federated, syndicalists. > All of them are organized in some fashion shape or form. > Now, I don't mind NOT calling that form a form of government. But I > don't want to confuse people in to thinking that anarchism is some > kind of synonym for chaos. Well, if somebody was led into thinking that anarchy is chaos it's because he was not paying attention. > > > > > > > J. > From seanl at literati.org Thu Jun 18 11:24:14 2015 From: seanl at literati.org (Sean Lynch) Date: Thu, 18 Jun 2015 18:24:14 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: On Wed, Jun 17, 2015 at 3:51 PM Dr Adam Back wrote: > If people on *cypherpunks* cant get the points in the post, I think > the world has a problem. The price of security in a distributed > system like bitcoin is eternal vigilance, but if people dont > understand what constitutes a risk and hence what to be vigilant for, > the meta-system can be unreliable and lose its assurances. I think we > need to explain some more concepts and probably people will over time > learn things and and an influencer pyramid emerge as happened in > privacy technology. > > Yes, I'm sure that when people who disagree with you, it's always because they are wrong and never because you don't understand the situation as well as you think you do. I'm sure you know more about Bitcoin than Gavin does. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1118 bytes Desc: not available URL: From zen at freedbms.net Thu Jun 18 01:32:30 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 18:32:30 +1000 Subject: U S A, U S A - John Oliver on USA torture report Message-ID: http://www.youtube.com/watch?v=zmeF2rzsZSU http://bgr.com/2015/06/15/last-week-tonight-john-oliver-torture/ Censored to be not accessible in Australia (and therefore presumably elsewhere), but most folks around here ought find that no barrier. I guess this is about as humorous as this topic can be presented. Sad as it is. From grarpamp at gmail.com Thu Jun 18 16:03:50 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 18 Jun 2015 19:03:50 -0400 Subject: U S A, U S A - John Oliver on USA torture report In-Reply-To: References: Message-ID: On Thu, Jun 18, 2015 at 5:19 AM, Александр wrote: > Zenaan, everybody, this is horrible. Truly horrible. > > I have read some parts of this report... I couldn't believe, honestly. I > couldn't believe, that it comes from the US. I could think it happens in > some Iran, but... US?! And i have no rose-colored glasses. And that's just what made it into the rose colored report. There are always more records witheld/destroyed and stories unspoken to save face. More innocents and nobodies whose torture, rape and murder was just another deleted and forgotten days noise in the machine. The terabytes of Collateral Murders and Abu Ghraibs that got recycled like the lost Apollo tapes. Even private affairs that for some reason never got connected or were never meant to be connected to the chain of command, but committed by those within it. Various forums suggest still/video bits do circulate the [inter/dark]nets... not necessarily leaks of formal yet "code of war illegal" battlefield command chain actions like CM, but shared like AG skins. These things don't just come from the US, but from any state, any environment of war, lack of control, unchecked power classicly turned abusive, and simple human oppurtunity. And checking whoever is the current purveyor of it is a valid thing to do, most especially when it's officially done by a state actor on the record as ordered (permitted) in chain of command. > And this report, is another indisputable proof of this. >> http://www.youtube.com/watch?v=zmeF2rzsZSU Which is why this guy Oliver, Manning, Snowden and the entire community and ecosystem of leakers, couriers, analysts, publishers, public/TV speakers (too long and even anonymous to name individually here) that bring these issues out are critically important and deserve every bit of support and thanks you can give them. From zen at freedbms.net Thu Jun 18 02:10:40 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 19:10:40 +1000 Subject: [tor-talk] Matryoshka (fill traffic in networks?) [was: Are TOR holes intentional?] In-Reply-To: References: Message-ID: On 6/18/15, grarpamp wrote: > On Thu, Jun 18, 2015 at 12:51 AM, Roger Dingledine wrote: >> but it sure looks like another case of somebody not understanding the >> research field, and thinking that solving the traffic confirmation >> attack is easy, without actually thinking through the engineering side, >> the scaling side, or the statistics side. > > There's certainly no easy solution to all problems. Though > there could be value in those that put more odds in your favor, > even though they do not yield 100% solution or protection. > > If you rarely tx but then emit something [unique or timely] > that pops out at some [rare] destination, you're done for. > I think we've seen posts from some people who slow crawl the > web 24x7 when their client is running just to add cover at their > end for their interspersed real web activity. For a potentially useful project to many: software to crawl and cache popular news sites into a content addressed darknet/ localnet cache, so that folks can browse the daily news without using exit nodes. Trust network above that is a separate task entirely. For bonus points, have the content addressing be in git. >> But even full scale padding, ignoring the practical side of how to get a >> Tor network that can afford to waste so much bandwidth > > Waste is an incorrect, negative term for designed in padding (fixed > set of lengths) or fill (empty links) or chaff (ratio) or whatever this is. > > A design where fill traffic gets out of the way when real data is > being sent might have periods of congestion or underutilization > of the link depending on the distance in hops the fill is managed > over, and the speed of the sensing and feedback controls. > Seems that might need to be as fast as you could initiate a first > packet across, unless you inhibit that packet until ready. Just as the disadvantages of HFT (high frequency trading) can be handled with a trade-window model (all trades are batched into a 1s, or 10s or whatever window to be resolved by the exchange at the end of each window), "inhibit packet until ready" makes me think this might be applied to Tor networks - specifying a "relatively high" minimum latency for new session initiation. But again, it's the type of problem/solution potential which needs genuine analysis to know if there's going to be a non-trivial privacy enhancing benefit. I can only make assumptions sorry. >> doesn't provide >> protection in the face of active attacks where you induce a gap on one >> side and then observe the gap on the other side. And it might even be >> the case that these gaps happen naturally by themselves, due to network >> congestion and so on, so maybe passive observers will be winners even >> against a design that does full padding. > > I've said that fill seems useful against passives, not actives. > However a design may actually be possible such that any disturbance > or deficiency in fill might be possible to make up from other sources. E.g. your entry point (e.g. ISP) introduces "random peak bandwidth drops/ latency holes" and when the ISP's incoming networks fail to keep up their side of this same bargain, the link deteriorates completely. This implies an ISP who is on the side of the users, at this point a rare thing (if it exists at all). > In other words, if I knock you off the net, the remaining path your data > would have taken to your endpoint will still be filled so as not to expose > the far end as being tied to you (if the fill management scope of the > network is finer grained than just the end nodes negotiating end-to-end > with each other (ie: I think the entire net will need to negotiate their > own > mesh of fill peers as an underlying management layer, with possible > cues from above)). You get knocked off, your former peers sense this > and recalc their fill sources and sinks. This 'feels' like it has potential. Except I think it presumes that at least your starting node(s) (eg ISP) are not actively adversarial to you - but are we assuming this anyway with current Tor? (Sorry for my ignorance.) >> tl;dr the whole premise of this person's blog post is flawed, since >> their design likely does not work as they think it does. > > While someone's design may be insufficient to solve some problem, > it does add value in the form of talk of possible solutions and trialing > them. Thereby others can try different / related avenues to a solution. A thought I've pondered for a couple years now - and now in this context, let's say my geographic neighbour and I each have an ISP uplink, and wireless connection between one another. If my "underlying fill traffic network" (physical/PHY layer, at least from my perspective as an end user) can somehow include the private connection between my neighbour and I, and if the ISP actively targets one of us and crimps the connection, and then the neighbour similarly ("pro-actively") crimps his connection in 'almost parallel', could this provide some level of plausible deniability of the exit-node traffic being correlated to either one of us? (Expand algorithmically to more than one neighbour.) Is it worth beginning an "ISP end user fill traffic protocols best practices RFC" for those ISPs who genuinely want to do the right thing, legally as well as by their customers? Or is the multiplexing of the last-node-before-the-home (eg the ISP's DSLAM ADSL modem bank) simply not capable of such things? I guess what I'm asking: what's the ideal way to roll out community-/state- wide internet networking infrastructure, from a respect-the-uesrs-privacy perspective? >> For background see e.g. >> http://freehaven.net/anonbib/#danezis:pet2004 > >> This is a great area for further research: >> http://freehaven.net/anonbib/#ShWa-Timing06 >> http://freehaven.net/anonbib/#active-pet2010 > > I don't mean that Tor specifically needs to investigate or implement > fill, but that since the research area is probably not complete, > and that no operational net is trying it, it's worth continued work. Let's keep asking the questions and attempting to answer them, and see if we can't eliminate the benefit logically (without having to wait for a high fallutin' acamedic paper). Eg 1: there are fibre-optic "DSLAMs" (modem banks? - dunno the term sorry), which simply broadcast all client downlinks to all end-points, and it's only the end point modems which "do the right thing" and ignore their neighbour's traffic. In this scenario, there may only be 2Gbps of bandwidth shared amongst 1000 homes. If all homes jump on the "maximize fill traffic" bandwagon, each will get at most a fixed 2Mbps link - fast by many standards, but nowhere near what would be achieved in a forget-about-privacy scenario. And then, what should happen at the ISP level? What sort of protocols would make sense for ISP interconnection - to other ISPs, to upstream ISP/ national backhaul, to international (usually expensive) links? Eg 2: ADSL DSLAM - can this device scale reasonably to all homes connected to this DSLAM? In either scenario, do we need to start thinking new equipment, or just new protocols - since fill-traffic is a type of protocol and as we've read, proposals have been made for ethernet-level fill traffic. > If anyone knows a good list that does or would serve as home for > such work, please say so as I'm unaware of any. Clear thinking, ask the hard questions, gather answers, write it up in an RFC or draft "paper", post for review, and it'll eventually get archived at the usual places - even if the answers are "we can't do X and Y for reasons A and B" - these would be very useful answers. From zen at freedbms.net Thu Jun 18 02:41:09 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Thu, 18 Jun 2015 19:41:09 +1000 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style Message-ID: http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 Summary at bottom, summarizing shifting position of "west" over some time: "So let us recount the western position: - It claimed to uphold the sovereignty and territorial integrity of other countries and the inviolability of borders in Europe - However, this did not extend to the sovereignty and the territorial integrity of Federal Yugoslavia which could be trampled at will - Nonetheless, albeit the territorial integrity of Federal Yugoslavia itself wasn’t worth anything, the territorial integrity of its constituent republics seeking independence was holy - Albeit the territorial integrity of the Yugoslav constituent republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, the territorial integrity of Serbia was not - Albeit Slovenes, Croats and Bosnian Muslims could leave Yugoslavia, Serbs could not leave Croatia and Bosnia - Albeit Serbs could not leave Croatia and Bosnia, Kosovo Albanians could secede from Serbia - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs could not secede from Albanian-run Kosovo - Albeit Kosovo could unilaterally secede from Serbia under NATO military control, Crimea could not unilaterally secede from Ukraine under Russian military control May world be spared hunger, plague and western principles. " From grarpamp at gmail.com Thu Jun 18 17:41:26 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 18 Jun 2015 20:41:26 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5582F3FB.1030900@riseup.net> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5582F3FB.1030900@riseup.net> Message-ID: On Thu, Jun 18, 2015 at 12:38 PM, Razer wrote: > every day and to stay focused, if not sane, I smoke lettuce at every > opportunity. It's so much more fun to 'connect-the-dots' that way, and It would be an honor to smoke this lettuce with you, Sir. A few of us here have a wigwam, you should come. From l at odewijk.nl Thu Jun 18 05:46:33 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 18 Jun 2015 21:46:33 +0900 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: 2015-06-18 13:28 GMT+09:00 grarpamp : > Cypherpunks... when / where will it all end? The cost of observation is ever dropping. With improved processing capability (hardware and software) the value of data is ever rising. There is only one logical conclusion: permanent, global observation. Resistance is effective but eventually futile, you cannot reverse time, you cannot reverse progress. More fruitful is managing the inevitable future. Will we go gently into corporate hell? Will we let power games rule us? Do the wealthy buy privacy, and the people's data? Will you, at the very least, own the data about you? Will populism be managed by algorithms? Do our current systems still work in such a future? How will the developed areas relate to the underdeveloped? Etc. etc. etc. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1223 bytes Desc: not available URL: From adam at cypherspace.org Thu Jun 18 22:07:44 2015 From: adam at cypherspace.org (Dr Adam Back) Date: Fri, 19 Jun 2015 07:07:44 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <20150617042859.GX27932@nl.grid.coop> Message-ID: Its clear Gavin knows more about Bitcoin code and detailed micro algorithms than I do (there are many detailed algorithms for anti-DoS etc at code level which I do not know). Its possible I know more than Gavin or have a better internalised reasoning about the logic and design parameters for about decentralised systems and distributed trust systems, and ecash protocols, threat models in p2p privacy systems - which is quite a big slice of what Bitcoin is trying to do. Or not - I dont know all of Gavin's expertise nor career experience! Something you may not realise is a bunch of us on the cypherpunks list back in like 1995-2005 spent a lot of applied research effort into finding a way to do something with the characteristics of bitcion. My PhD is in distributed systems also. Anyway I do not mean to have claims to authority, particularly because I believe firmly in pure meritocracy philosophically and detest such argumentation as a failure of reason, but coincidentally I do actually know something about it and worked on it on Bitcoin-like system design and p2p novel trust-model & security model on and off for 20 years. But I do think people who are proposing big-blocks are underestimating and being super-optimistic about a range of things, almost to naive extent. I am not imputing unsaid things, Gavin wrote many blog posts on these topics. Mike Hearn made some videos and posts about his views, and they are quite disconnected from p2p privacy system design thinking. Someone should probably respond to some of those posts to clarify why they think some of these assumptions are incorrect and optimistic to prior experience and precedent. Adam On 18 June 2015 at 20:24, Sean Lynch wrote: > > > On Wed, Jun 17, 2015 at 3:51 PM Dr Adam Back wrote: >> >> If people on *cypherpunks* cant get the points in the post, I think >> the world has a problem. The price of security in a distributed >> system like bitcoin is eternal vigilance, but if people dont >> understand what constitutes a risk and hence what to be vigilant for, >> the meta-system can be unreliable and lose its assurances. I think we >> need to explain some more concepts and probably people will over time >> learn things and and an influencer pyramid emerge as happened in >> privacy technology. >> > > Yes, I'm sure that when people who disagree with you, it's always because > they are wrong and never because you don't understand the situation as well > as you think you do. I'm sure you know more about Bitcoin than Gavin does. From Rayzer at riseup.net Fri Jun 19 08:31:12 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 19 Jun 2015 08:31:12 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: References: Message-ID: <558435C0.1070809@riseup.net> On 06/18/2015 10:49 PM, Lodewijk andré de la porte wrote: > > supposedly when the west militarily controls a nation we give them > democratic choice. When Putin's personal army controls a nation and a > choice is made to join it to Russia, well, we call that a forced choice. > > It's hard to say which one actually happens. Somehow it wouldn't > surprise me if "the west" was far more ethical than others. That > either proves good propaganda, or it's just true. > > > "He was harassed, but still he spoke with authority. He was, in fact, > characteristic of the best type of dominant male in the world at this > time. He was fifty-five years old, tough, shrewd, unburdened by the > complicated ethical ambiguities which puzzle intellectuals, and had > long ago decided that the world was a mean son-of-a-bitch in which > only the most cunning and ruthless can survive. > > He was also as kind as was possible for one holding that > ultra-Darwinian philosophy; and he genuinely loved children and dogs, > unless they were on the site of something that had to be bombed in the > National Interest. He still retained some sense of humor, despite the > burdens of his almost godly office, and, although he had been impotent > with his wife for nearly ten years now, he generally achieved orgasm > in the mouth of a skilled prostitute within 1.5 minutes. > > He took amphetamine pep pills to keep going on his grueling > twenty-hour day, with the result that his vision of the world was > somewhat skewed in a paranoid direction, and he took tranquilizers to > keep from worrying too much, with the result that his detachment > sometimes bordered on the schizophrenic; but most of the time his > innate shrewdness gave him a fingernail grip on reality. In short, he > was much like the rulers of Russia and China." ..... > > "He was harassed, but still he spoke with authority. He was, in fact, > characteristic of the best type of dominant male in the world at this > time. He was fifty-five years old, tough, shrewd, unburdened by the > complicated ethical ambiguities which puzzle intellectuals, and had > long ago decided that the world was a mean son-of-a-bitch in which > only the most cunning and ruthless can survive. > > He was also as kind as was possible for one holding that > ultra-Darwinian philosophy; and he genuinely loved children and dogs, > unless they were on the site of something that had to be bombed in the > National Interest. He still retained some sense of humor, despite the > burdens of his almost godly office, and, although he had been impotent > with his wife for nearly ten years now, he generally achieved orgasm > in the mouth of a skilled prostitute within 1.5 minutes. > > He took amphetamine pep pills to keep going on his grueling > twenty-hour day, with the result that his vision of the world was > somewhat skewed in a paranoid direction, and he took tranquilizers to > keep from worrying too much, with the result that his detachment > sometimes bordered on the schizophrenic; but most of the time his > innate shrewdness gave him a fingernail grip on reality. In short, he > was much like the rulers of the United States and China." .... > > "He was harassed, but still he spoke with authority. He was, in fact, > characteristic of the best type of dominant male in the world at this > time. He was fifty-five years old, tough, shrewd, unburdened by the > complicated ethical ambiguities which puzzle intellectuals, and had > long ago decided that the world was a mean son-of-a-bitch in which > only the most cunning and ruthless can survive. > > He was also as kind as was possible for one holding that > ultra-Darwinian philosophy; and he genuinely loved children and dogs, > unless they were on the site of something that had to be bombed in the > National Interest. He still retained some sense of humor, despite the > burdens of his almost godly office, and, although he had been impotent > with his wife for nearly ten years now, he generally achieved orgasm > in the mouth of a skilled prostitute within 1.5 minutes. > > He took amphetamine pep pills to keep going on his grueling > twenty-hour day, with the result that his vision of the world was > somewhat skewed in a paranoid direction, and he took tranquilizers to > keep from worrying too much, with the result that his detachment > sometimes bordered on the schizophrenic; but most of the time his > innate shrewdness gave him a fingernail grip on reality. In short, he > was much like the rulers of Rusia and the United States." Robert Shea, Robert Anton Wilson, The Illuminatus Trilogy http://www.american-buddha.com/illuminatus!.toc.htm -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From l at odewijk.nl Thu Jun 18 22:49:27 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Fri, 19 Jun 2015 14:49:27 +0900 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: References: Message-ID: supposedly when the west militarily controls a nation we give them democratic choice. When Putin's personal army controls a nation and a choice is made to join it to Russia, well, we call that a forced choice. It's hard to say which one actually happens. Somehow it wouldn't surprise me if "the west" was far more ethical than others. That either proves good propaganda, or it's just true. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 450 bytes Desc: not available URL: From coderman at gmail.com Fri Jun 19 23:38:35 2015 From: coderman at gmail.com (coderman) Date: Fri, 19 Jun 2015 23:38:35 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/12/15, coderman wrote: > ... > no update on progress for FBI file on my person. added new language for request: "Any and all records, including cross-references and indirect mentions, including records outside the investigation main file. This is to include a search of each of the following record stores and interfaces: the Central Records System (CRS), the Automated Case Support system ("ACS") Investigative Case Management system ("ICM"), the Automated Case Support system ("ACS") Electronic Case File ("ECF"), and the Automated Case Support system ("ACS") Universal Index ("UNI"). I also request a search of "ELSUR", the database containing electronic surveillance information, for any and all records or activities related to my person for any on-line account or address or associated service. In addition, please extend the search criteria across any external storage media, including I-Drives, S-Drives, or related technologies used during the course of investigation. Please include processing notes, even if request is denied in part. Please identify individuals responsible for any aspect of FOIA processing in the processing notes, along with explanation of their involvement if not typically assigned FOIA responsibilities for the record systems above. Please include materials responsive to this request from the San Francisco, California and Oregon field offices if possible, to reduce overlap with field office requests." as per https://www.muckrock.com/foi/united-states-of-america-10/foipa-17315/ this language is based on an article regarding an FBI FOIA legal contest. see https://www.rcfp.org/browse-media-law-resources/news/foia-trial-offers-rare-look-how-fbi-searches-records-responds-reques note that individual field offices may need to be queried individually, and directly. currently MuckRock does not support requests to FBI field offices in this manner. i have date/times, locations, context for interactions with FBI back to 2001; these intrusions which are the subject of the FOIA/PA search. we'll see what it takes to get them... :P best regards, From tim at diffalt.com Sat Jun 20 18:05:42 2015 From: tim at diffalt.com (Tim Beelen) Date: Sat, 20 Jun 2015 21:05:42 -0400 Subject: POC || GTFO 08[.pdf] Message-ID: <55860DE6.5010601@diffalt.com> > This issue is a polyglot that can be meaningfully interpreted as a ZIP, a PDF and a Shell script featuring the weird cryptosystem described in 8:12. We are the technical debt collectors! https://diffalt.com/pocorgtfo08.pdf SHA256 (pocorgtfo08.pdf) = 7a942c425f471f99d8cba8da117cc4a53cddb3551e4b16c8b9feae31b5654a33 MD5 (pocorgtfo08.pdf) = 257fc8f01fa20e21f8bd5577639ff596 Massively in-depth and usually low-level, but generally very informative. https://www.alchemistowl.org/pocorgtfo/ There are the rest of them, if you're new to these. Sincerely, Tim -- This email/fax message is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution of this email/fax is prohibited. If you are not the intended recipient, please destroy all paper and electronic copies of the original message. From jya at pipeline.com Sun Jun 21 03:40:02 2015 From: jya at pipeline.com (John Young) Date: Sun, 21 Jun 2015 06:40:02 -0400 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: References: Message-ID: Official secretkeepers of NATO, Russia and their fearsome enemies know these kinds of stories are meant to reduce fear and defense expenditures so should be applauded as tricks of the anti-war industry which must be resisted with fearless slaughter of many terrified civilians and a tiny few luckless warfighters who drive drunk to the PTSD club and overshoot (over-drone) a construction barrier of the crumbling National Defense Highway system to sink into a toxic lake of endless war waste surrounding every military base on the planet and rapidly growing throughout the universe with application of war technology to invasion of the heavens for peaceful, merely scientific, although top secret, purposes, that is to erect intergalactic shields of protection of hapless creatures being drained of their vital fluids for nourishing the Great Gods of National and Environmental Security, now blessed by Pope Francis for the benefit of Great Architecture afficionados from St Peter to Pentagon to whereever Strangeloves squat before vast Sony plasmas of roach-squashing, fail/safe buttons neutered, flesh life as known and loathed by cryogenic demigodly automatons aimed for extinction. At 08:45 PM 6/20/2015, you wrote: >Grab a coffee for this one. > >http://russia-insider.com/en/russian-non-invasion-causing-concern-european-capitals/ri8139 > >I hope it's not too shocking for folks around here. From zen at freedbms.net Sat Jun 20 17:45:59 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 21 Jun 2015 10:45:59 +1000 Subject: Be alert - signs of Russian invasion may be strong Message-ID: Grab a coffee for this one. http://russia-insider.com/en/russian-non-invasion-causing-concern-european-capitals/ri8139 I hope it's not too shocking for folks around here. From list at sysfu.com Sun Jun 21 13:06:19 2015 From: list at sysfu.com (Seth) Date: Sun, 21 Jun 2015 13:06:19 -0700 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome Message-ID: from https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ Posted on June 18, 2015 by Rick Falkvinge Google Chrome Listening In To Your Room Shows The Importance Of Privacy Defense In Depth Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”. It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". chrome-voicesearch Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room. A brief explanation of the Open-source / Free-software philosophy is needed here. When you’re installing a version of GNU/Linux like Debian or Ubuntu onto a fresh computer, thousands of really smart people have analyzed every line of human-readable source code before that operating system was built into computer-executable binary code, to make it common and open knowledge what the machine actually does instead of trusting corporate statements on what it’s supposed to be doing. Therefore, you don’t install black boxes onto a Debian or Ubuntu system; you use software repositories that have gone through this source-code audit-then-build process. Maintainers of operating systems like Debian and Ubuntu use many so-called “upstreams” of source code to build the final product. Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted. This was supposedly to enable the “Ok, Google” behavior – that when you say certain words, a search function is activated. Certainly a useful feature. Certainly something that enables eavesdropping of every conversation in the entire room, too. Obviously, your own computer isn’t the one to analyze the actual search command. Google’s servers do. Which means that your computer had been stealth configured to send what was being said in your room to somebody else, to a private company in another country, without your consent or knowledge, an audio transmission triggered by… an unknown and unverifiable set of conditions. Google had two responses to this. The first was to introduce a practically-undocumented switch to opt out of this behavior, which is not a fix: the default install will still wiretap your room without your consent, unless you opt out, and more importantly, know that you need to opt out, which is nowhere a reasonable requirement. But the second was more of an official statement following technical discussions on Hacker News and other places. That official statement amounted to three parts (paraphrased, of course): 1) Yes, we’re downloading and installing a wiretapping black-box to your computer. But we’re not actually activating it. We did take advantage of our position as trusted upstream to stealth-insert code into open-source software that installed this black box onto millions of computers, but we would never abuse the same trust in the same way to insert code that activates the eavesdropping-blackbox we already downloaded and installed onto your computer without your consent or knowledge. You can look at the code as it looks right now to see that the code doesn’t do this right now. 2) Yes, Chromium is bypassing the entire source code auditing process by downloading a pre-built black box onto people’s computers. But that’s not something we care about, really. We’re concerned with building Google Chrome, the product from Google. As part of that, we provide the source code for others to package if they like. Anybody who uses our code for their own purpose takes responsibility for it. When this happens in a Debian installation, it is not Google Chrome’s behavior, this is Debian Chromium’s behavior. It’s Debian’s responsibility entirely. 3) Yes, we deliberately hid this listening module from the users, but that’s because we consider this behavior to be part of the basic Google Chrome experience. We don’t want to show all modules that we install ourselves. If you think this is an excusable and responsible statement, raise your hand now. Now, it should be noted that this was Chromium, the open-source version of Chrome. If somebody downloads the Google product Google Chrome, as in the prepackaged binary, you don’t even get a theoretical choice. You’re already downloading a black box from a vendor. In Google Chrome, this is all included from the start. This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth. Of course, people were quick to downplay the alarm. “It only listens when you say ‘Ok, Google’.” (Ok, so how does it know to start listening just before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company stealth installs an audio listener that listens to every room in the world it can, and transmits audio data to the mothership when it encounters an unknown, possibly individually tailored, list of keywords – and it’s no big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. This is not something that is the slightest amount of permissible just because it’s hidden in legalese.) “It’s opt-in. It won’t really listen unless you check that box.” (Perhaps. We don’t know, Google just downloaded a black box onto my computer. And it may not be the same black box as was downloaded onto yours. ) Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody else dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible. Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”. Privacy remains your own responsibility. Rick Falkvinge ABOUT RICK FALKVINGE Rick is the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. He has a tech entrepreneur background and loves whisky. Read more of his articles on his website. Twitter |More Posts (91) From shelley at misanthropia.org Sun Jun 21 13:55:02 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 21 Jun 2015 13:55:02 -0700 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: References: Message-ID: <20150621205447.7EF00C0028A@frontend1.nyi.internal> ---------- On June 21, 2015 1:14:32 PM Seth wrote: > from > https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ > > > Posted on June 18, 2015 by Rick Falkvinge > > Google Chrome Listening In To Your Room Shows The Importance Of Privacy > Defense In Depth Wow, this is exactly the kind of bullshit- and bullshit response- I'd expect from this duplicitous NSA asset. I keep a seldom-used, older version of chromium on one of my debian laptops so I'll check for this. My webcam and microphone are physically disconnected anyway, but I still want to see if their spyware has infected my system. Fuckers. Thanks for posting this; I've been out of the news loop for a couple of days. -S > > Yesterday, news broke that Google has been stealth downloading audio > listeners onto every computer that runs Chrome, and transmits audio data > back to Google. Effectively, this means that Google had taken itself the > right to listen to every conversation in every room that runs Chrome > somewhere, without any kind of consent from the people eavesdropped on. In > official statements, Google shrugged off the practice with what amounts to > “we can do that”. > > It looked like just another bug report. "When I start Chromium, it > downloads something." Followed by strange status information that notably > included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". > > chrome-voicesearch > > Without consent, Google’s code had downloaded a black box of code that – > according to itself – had turned on the microphone and was actively > listening to your room. > > A brief explanation of the Open-source / Free-software philosophy is > needed here. When you’re installing a version of GNU/Linux like Debian or > Ubuntu onto a fresh computer, thousands of really smart people have > analyzed every line of human-readable source code before that operating > system was built into computer-executable binary code, to make it common > and open knowledge what the machine actually does instead of trusting > corporate statements on what it’s supposed to be doing. Therefore, you > don’t install black boxes onto a Debian or Ubuntu system; you use software > repositories that have gone through this source-code audit-then-build > process. Maintainers of operating systems like Debian and Ubuntu use many > so-called “upstreams” of source code to build the final product. > > Chromium, the open-source version of Google Chrome, had abused its > position as trusted upstream to insert lines of source code that bypassed > this audit-then-build process, and which downloaded and installed a black > box of unverifiable executable code directly onto computers, essentially > rendering them compromised. We don’t know and can’t know what this black > box does. But we see reports that the microphone has been activated, and > that Chromium considers audio capture permitted. > > This was supposedly to enable the “Ok, Google” behavior – that when you > say certain words, a search function is activated. Certainly a useful > feature. Certainly something that enables eavesdropping of every > conversation in the entire room, too. > > Obviously, your own computer isn’t the one to analyze the actual search > command. Google’s servers do. Which means that your computer had been > stealth configured to send what was being said in your room to somebody > else, to a private company in another country, without your consent or > knowledge, an audio transmission triggered by… an unknown and unverifiable > set of conditions. > > Google had two responses to this. The first was to introduce a > practically-undocumented switch to opt out of this behavior, which is not > a fix: the default install will still wiretap your room without your > consent, unless you opt out, and more importantly, know that you need to > opt out, which is nowhere a reasonable requirement. But the second was > more of an official statement following technical discussions on Hacker > News and other places. That official statement amounted to three parts > (paraphrased, of course): > > 1) Yes, we’re downloading and installing a wiretapping black-box to your > computer. But we’re not actually activating it. We did take advantage of > our position as trusted upstream to stealth-insert code into open-source > software that installed this black box onto millions of computers, but we > would never abuse the same trust in the same way to insert code that > activates the eavesdropping-blackbox we already downloaded and installed > onto your computer without your consent or knowledge. You can look at the > code as it looks right now to see that the code doesn’t do this right now. > > 2) Yes, Chromium is bypassing the entire source code auditing process by > downloading a pre-built black box onto people’s computers. But that’s not > something we care about, really. We’re concerned with building Google > Chrome, the product from Google. As part of that, we provide the source > code for others to package if they like. Anybody who uses our code for > their own purpose takes responsibility for it. When this happens in a > Debian installation, it is not Google Chrome’s behavior, this is Debian > Chromium’s behavior. It’s Debian’s responsibility entirely. > > 3) Yes, we deliberately hid this listening module from the users, but > that’s because we consider this behavior to be part of the basic Google > Chrome experience. We don’t want to show all modules that we install > ourselves. > > If you think this is an excusable and responsible statement, raise your > hand now. > > Now, it should be noted that this was Chromium, the open-source version of > Chrome. If somebody downloads the Google product Google Chrome, as in the > prepackaged binary, you don’t even get a theoretical choice. You’re > already downloading a black box from a vendor. In Google Chrome, this is > all included from the start. > > This episode highlights the need for hard, not soft, switches to all > devices – webcams, microphones – that can be used for surveillance. A > software on/off switch for a webcam is no longer enough, a hard shield in > front of the lens is required. A software on/off switch for a microphone > is no longer enough, a physical switch that breaks its electrical > connection is required. That’s how you defend against this in depth. > > Of course, people were quick to downplay the alarm. “It only listens when > you say ‘Ok, Google’.” (Ok, so how does it know to start listening just > before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company > stealth installs an audio listener that listens to every room in the world > it can, and transmits audio data to the mothership when it encounters an > unknown, possibly individually tailored, list of keywords – and it’s no > big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just no. > This is not something that is the slightest amount of permissible just > because it’s hidden in legalese.) “It’s opt-in. It won’t really listen > unless you check that box.” (Perhaps. We don’t know, Google just > downloaded a black box onto my computer. And it may not be the same black > box as was downloaded onto yours. ) > > Early last decade, privacy activists practically yelled and screamed that > the NSA’s taps of various points of the Internet and telecom networks had > the technical potential for enormous abuse against privacy. Everybody else > dismissed those points as basically tinfoilhattery – until the Snowden > files came out, and it was revealed that precisely everybody involved had > abused their technical capability for invasion of privacy as far as was > possible. > > Perhaps it would be wise to not repeat that exact mistake. Nobody, and I > really mean nobody, is to be trusted with a technical capability to listen > to every room in the world, with listening profiles customizable at the > identified-individual level, on the mere basis of “trust us”. > > Privacy remains your own responsibility. > > Rick Falkvinge > ABOUT RICK FALKVINGE > Rick is the founder of the first Pirate Party and is a political > evangelist, traveling around Europe and the world to talk and write about > ideas of a sensible information policy. He has a tech entrepreneur > background and loves whisky. Read more of his articles on his website. > > Twitter |More Posts (91) > From kurt.buff at gmail.com Sun Jun 21 14:41:40 2015 From: kurt.buff at gmail.com (Kurt Buff) Date: Sun, 21 Jun 2015 14:41:40 -0700 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: <55872C75.7010107@diffalt.com> References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> <55872C75.7010107@diffalt.com> Message-ID: That's pretty easy. Fire up wireshark, look for packets heading to google-owned addresses. Kill off processes one by one until you see those packets stop. You have found your culprit. Kurt On Sun, Jun 21, 2015 at 2:28 PM, Tim Beelen wrote: > How do I find out what program is listening to my microphone? > > > On 6/21/2015 4:55 PM, Shelley wrote: >> >> ---------- >> On June 21, 2015 1:14:32 PM Seth wrote: >> >>> from >>> >>> https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ >>> >>> >>> Posted on June 18, 2015 by Rick Falkvinge >>> >>> Google Chrome Listening In To Your Room Shows The Importance Of Privacy >>> Defense In Depth >> >> >> >> Wow, this is exactly the kind of bullshit- and bullshit response- I'd >> expect from this duplicitous NSA asset. >> >> I keep a seldom-used, older version of chromium on one of my debian >> laptops so I'll check for this. My webcam and microphone are physically >> disconnected anyway, but I still want to see if their spyware has infected >> my system. Fuckers. >> >> Thanks for posting this; I've been out of the news loop for a couple of >> days. >> >> -S >> >> >>> >>> Yesterday, news broke that Google has been stealth downloading audio >>> listeners onto every computer that runs Chrome, and transmits audio data >>> back to Google. Effectively, this means that Google had taken itself the >>> right to listen to every conversation in every room that runs Chrome >>> somewhere, without any kind of consent from the people eavesdropped on. >>> In >>> official statements, Google shrugged off the practice with what amounts >>> to >>> “we can do that”. >>> >>> It looked like just another bug report. "When I start Chromium, it >>> downloads something." Followed by strange status information that notably >>> included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". >>> >>> chrome-voicesearch >>> >>> Without consent, Google’s code had downloaded a black box of code that – >>> according to itself – had turned on the microphone and was actively >>> listening to your room. >>> >>> A brief explanation of the Open-source / Free-software philosophy is >>> needed here. When you’re installing a version of GNU/Linux like Debian or >>> Ubuntu onto a fresh computer, thousands of really smart people have >>> analyzed every line of human-readable source code before that operating >>> system was built into computer-executable binary code, to make it common >>> and open knowledge what the machine actually does instead of trusting >>> corporate statements on what it’s supposed to be doing. Therefore, you >>> don’t install black boxes onto a Debian or Ubuntu system; you use >>> software >>> repositories that have gone through this source-code audit-then-build >>> process. Maintainers of operating systems like Debian and Ubuntu use many >>> so-called “upstreams” of source code to build the final product. >>> >>> Chromium, the open-source version of Google Chrome, had abused its >>> position as trusted upstream to insert lines of source code that bypassed >>> this audit-then-build process, and which downloaded and installed a black >>> box of unverifiable executable code directly onto computers, essentially >>> rendering them compromised. We don’t know and can’t know what this black >>> box does. But we see reports that the microphone has been activated, and >>> that Chromium considers audio capture permitted. >>> >>> This was supposedly to enable the “Ok, Google” behavior – that when you >>> say certain words, a search function is activated. Certainly a useful >>> feature. Certainly something that enables eavesdropping of every >>> conversation in the entire room, too. >>> >>> Obviously, your own computer isn’t the one to analyze the actual search >>> command. Google’s servers do. Which means that your computer had been >>> stealth configured to send what was being said in your room to somebody >>> else, to a private company in another country, without your consent or >>> knowledge, an audio transmission triggered by… an unknown and >>> unverifiable >>> set of conditions. >>> >>> Google had two responses to this. The first was to introduce a >>> practically-undocumented switch to opt out of this behavior, which is not >>> a fix: the default install will still wiretap your room without your >>> consent, unless you opt out, and more importantly, know that you need to >>> opt out, which is nowhere a reasonable requirement. But the second was >>> more of an official statement following technical discussions on Hacker >>> News and other places. That official statement amounted to three parts >>> (paraphrased, of course): >>> >>> 1) Yes, we’re downloading and installing a wiretapping black-box to your >>> computer. But we’re not actually activating it. We did take advantage of >>> our position as trusted upstream to stealth-insert code into open-source >>> software that installed this black box onto millions of computers, but we >>> would never abuse the same trust in the same way to insert code that >>> activates the eavesdropping-blackbox we already downloaded and installed >>> onto your computer without your consent or knowledge. You can look at the >>> code as it looks right now to see that the code doesn’t do this right >>> now. >>> >>> 2) Yes, Chromium is bypassing the entire source code auditing process by >>> downloading a pre-built black box onto people’s computers. But that’s not >>> something we care about, really. We’re concerned with building Google >>> Chrome, the product from Google. As part of that, we provide the source >>> code for others to package if they like. Anybody who uses our code for >>> their own purpose takes responsibility for it. When this happens in a >>> Debian installation, it is not Google Chrome’s behavior, this is Debian >>> Chromium’s behavior. It’s Debian’s responsibility entirely. >>> >>> 3) Yes, we deliberately hid this listening module from the users, but >>> that’s because we consider this behavior to be part of the basic Google >>> Chrome experience. We don’t want to show all modules that we install >>> ourselves. >>> >>> If you think this is an excusable and responsible statement, raise your >>> hand now. >>> >>> Now, it should be noted that this was Chromium, the open-source version >>> of >>> Chrome. If somebody downloads the Google product Google Chrome, as in the >>> prepackaged binary, you don’t even get a theoretical choice. You’re >>> already downloading a black box from a vendor. In Google Chrome, this is >>> all included from the start. >>> >>> This episode highlights the need for hard, not soft, switches to all >>> devices – webcams, microphones – that can be used for surveillance. A >>> software on/off switch for a webcam is no longer enough, a hard shield in >>> front of the lens is required. A software on/off switch for a microphone >>> is no longer enough, a physical switch that breaks its electrical >>> connection is required. That’s how you defend against this in depth. >>> >>> Of course, people were quick to downplay the alarm. “It only listens when >>> you say ‘Ok, Google’.” (Ok, so how does it know to start listening just >>> before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company >>> stealth installs an audio listener that listens to every room in the >>> world >>> it can, and transmits audio data to the mothership when it encounters an >>> unknown, possibly individually tailored, list of keywords – and it’s no >>> big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just >>> no. >>> This is not something that is the slightest amount of permissible just >>> because it’s hidden in legalese.) “It’s opt-in. It won’t really listen >>> unless you check that box.” (Perhaps. We don’t know, Google just >>> downloaded a black box onto my computer. And it may not be the same black >>> box as was downloaded onto yours. ) >>> >>> Early last decade, privacy activists practically yelled and screamed that >>> the NSA’s taps of various points of the Internet and telecom networks had >>> the technical potential for enormous abuse against privacy. Everybody >>> else >>> dismissed those points as basically tinfoilhattery – until the Snowden >>> files came out, and it was revealed that precisely everybody involved had >>> abused their technical capability for invasion of privacy as far as was >>> possible. >>> >>> Perhaps it would be wise to not repeat that exact mistake. Nobody, and I >>> really mean nobody, is to be trusted with a technical capability to >>> listen >>> to every room in the world, with listening profiles customizable at the >>> identified-individual level, on the mere basis of “trust us”. >>> >>> Privacy remains your own responsibility. >>> >>> Rick Falkvinge >>> ABOUT RICK FALKVINGE >>> Rick is the founder of the first Pirate Party and is a political >>> evangelist, traveling around Europe and the world to talk and write about >>> ideas of a sensible information policy. He has a tech entrepreneur >>> background and loves whisky. Read more of his articles on his website. >>> >>> Twitter |More Posts (91) >>> >> >> > From tim at diffalt.com Sun Jun 21 14:19:02 2015 From: tim at diffalt.com (Tim Beelen) Date: Sun, 21 Jun 2015 17:19:02 -0400 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: References: Message-ID: <55872A46.10001@diffalt.com> Russia has taken over Crimea, wreaking havoc on the native Crimean Tatars by upsetting the balance of power in that region. Effectively driving Ukraine into civil war. Crimea, a region that heavily depends on Ukranian utilities and general consumer goods. It has been a year, and Russia has turned it into a shit hole. There used to be no nuclear weapons on Crimea, now there will be. The minorities were free to express their religion, now they have express their religion under government oversight or pay fines-- and in most cases both since as anyone who ever did to do business in Russia knows that it corrupt as fuck. The Russian government initially made good on promises to hike doctors’ and teachers’ salaries after the annexation, but those raises were cut back in April. Since January prices for food have risen over 19%, almost twice as steeply as in Russia. Among those who opposed the annexation some want Ukraine to impose a total blockade. The rationale for this is to have “Putin try to deliver it all”. The peninsula’s main industry, tourism, is, as we all know, is left completely fucked. The ferry service from Russia’s mainland brings nothing like enough tourists to make up for the absent Ukrainians and the Europeans whose cruise ships once docked in Yalta. Western credit cards do not work. Many businesses have been expropriated by “self-defence” units, paramilitaries controlled by the peninsula’s Russian-installed prime minister, Sergei Aksyonov. Meanwhile again, the fucking “authorities” are eliminating the political and cultural space for Crimea’s Tatars and ethnic Ukrainians. Cool right? Go Russia. In March a group of Ukrainians who laid flowers at a statue of Taras Shevchenko, their national poet, were fined some $200 each for “employing Ukrainian attributes”. Which is not at all unlike KGB tactics where they jail journalists for three days. Kick 'm around hold a gun to their head. Oh shit this already happens. Google "Crimea voting fraud" for a dozen examples. The Irony of the “Crimea Is Ours!” slogan: http://www.tandfonline.com/doi/full/10.1080/15387216.2015.1038574 well researched for your comic relief. Because in Russian Federation occupied territory even basic infrastructure like a busted sewer-pipe won't be fixed. Last month, authorities detained seven Ukrainians for taking selfies while wearing /vyshyvanki/, their traditional embroidered shirts. Police also detained a dozen Tatars who gathered in Simferopol’s Lenin Square on May 18th to commemorate Deportation Day, the anniversary of the date in 1944 when Stalin deported all 180,000 Crimean Tatars to central Asia. Meanwhile Russia 85% of Crimea’s budget is now supplied by Russia’s federal government. In April Dmitri Medvedev, Russia’s prime minister, put the overall costs incurred due to the annexation (including the cost of sanctions) at $27 billion in 2014 alone. Russian citizens may grow less happy about bearing such costs as time goes on. An opinion poll in May found only 16% of Russians would support budget cuts in Russia proper in favor of developing Crimea. But after the propaganda commitment Mr Putin has made, it would be politically inconceivable to roll back the annexation. These numbers are the official ones from Moscow, Google Natalia Zubarevich who is a Russian economist at Moscow University if you'd like to know more about how Putin fucks over his own population for the benefit of his own fucking ego. /In addition the EU extends restrictions: / On 19 June 2015, the Council extended the EU restrictive measures in response to the illegal annexation of Crimea and Sevastopol until 23 June 2016. The sanctions include prohibitions on: - imports of products originating in Crimea or Sevastopol into the EU; - investment in Crimea or Sevastopol, meaning that no Europeans nor EU-based companies can buy real estate or entities in Crimea, finance Crimean companies or supply related services; - tourism services in Crimea or Sevastopol, in particular, European cruise ships cannot call at ports in the Crimean peninsula, except in case of emergency; - exports of certain goods and technologies to Crimean companies or for use in Crimea in the transport, telecommunications and energy sectors and related to the prospection, exploration and production of oil, gas and mineral resources. Technical assistance, brokering, construction or engineering services related to infrastructure in these sectors must not be provided either. As stated by the European Council on 19 March 2015, the EU continues to condemn the illegal annexation of Crimea and Sevastopol by the Russian Federation and remain committed to fully implement its non-recognition policy. So, Putin just created an economically isolated economic dead-zone with 2.4 million people. And this is something that EVERY FUCKING ONE knew ahead of time. So there is a reason he's dicking around on Ukraine's border. He NEEDS to annex at least the east of Ukraine. Or lose face regarding Crimea because he is going to feel the pressure internally supporting an economic dead zone. 2.4 million mouths to feed with no place to go. So, yea, Russia invades. And they do this without regard for the population they are invading. Whenever I read such an exceptionally retarded opinion piece... I suggest you go troll someone else with it. Again EVERY FUCKING ONE KNEW that Crimea is an island and that it will be hard to supply. Especially since it is almost completely dependent on Ukraine to power it's economy. Also the referendum oh my fucking god. Russian Invasion > Russian Referendum > Russian Troops overseeing said referendum > turnout bigger then 100% > like 95%+ victory. Yea right. Also, the Russians shot down a commercial flight. On 6/20/2015 8:45 PM, Zenaan Harkness wrote: > Grab a coffee for this one. > > http://russia-insider.com/en/russian-non-invasion-causing-concern-european-capitals/ri8139 > > I hope it's not too shocking for folks around here. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 7367 bytes Desc: not available URL: From tim at diffalt.com Sun Jun 21 14:28:21 2015 From: tim at diffalt.com (Tim Beelen) Date: Sun, 21 Jun 2015 17:28:21 -0400 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: <20150621205447.7EF00C0028A@frontend1.nyi.internal> References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> Message-ID: <55872C75.7010107@diffalt.com> How do I find out what program is listening to my microphone? On 6/21/2015 4:55 PM, Shelley wrote: > ---------- > On June 21, 2015 1:14:32 PM Seth wrote: > >> from >> https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ >> >> >> >> Posted on June 18, 2015 by Rick Falkvinge >> >> Google Chrome Listening In To Your Room Shows The Importance Of Privacy >> Defense In Depth > > > Wow, this is exactly the kind of bullshit- and bullshit response- I'd > expect from this duplicitous NSA asset. > > I keep a seldom-used, older version of chromium on one of my debian > laptops so I'll check for this. My webcam and microphone are > physically disconnected anyway, but I still want to see if their > spyware has infected my system. Fuckers. > > Thanks for posting this; I've been out of the news loop for a couple > of days. > > -S > > >> >> Yesterday, news broke that Google has been stealth downloading audio >> listeners onto every computer that runs Chrome, and transmits audio data >> back to Google. Effectively, this means that Google had taken itself the >> right to listen to every conversation in every room that runs Chrome >> somewhere, without any kind of consent from the people eavesdropped >> on. In >> official statements, Google shrugged off the practice with what >> amounts to >> “we can do that”. >> >> It looked like just another bug report. "When I start Chromium, it >> downloads something." Followed by strange status information that >> notably >> included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". >> >> chrome-voicesearch >> >> Without consent, Google’s code had downloaded a black box of code that – >> according to itself – had turned on the microphone and was actively >> listening to your room. >> >> A brief explanation of the Open-source / Free-software philosophy is >> needed here. When you’re installing a version of GNU/Linux like >> Debian or >> Ubuntu onto a fresh computer, thousands of really smart people have >> analyzed every line of human-readable source code before that operating >> system was built into computer-executable binary code, to make it common >> and open knowledge what the machine actually does instead of trusting >> corporate statements on what it’s supposed to be doing. Therefore, you >> don’t install black boxes onto a Debian or Ubuntu system; you use >> software >> repositories that have gone through this source-code audit-then-build >> process. Maintainers of operating systems like Debian and Ubuntu use >> many >> so-called “upstreams” of source code to build the final product. >> >> Chromium, the open-source version of Google Chrome, had abused its >> position as trusted upstream to insert lines of source code that >> bypassed >> this audit-then-build process, and which downloaded and installed a >> black >> box of unverifiable executable code directly onto computers, essentially >> rendering them compromised. We don’t know and can’t know what this black >> box does. But we see reports that the microphone has been activated, and >> that Chromium considers audio capture permitted. >> >> This was supposedly to enable the “Ok, Google” behavior – that when you >> say certain words, a search function is activated. Certainly a useful >> feature. Certainly something that enables eavesdropping of every >> conversation in the entire room, too. >> >> Obviously, your own computer isn’t the one to analyze the actual search >> command. Google’s servers do. Which means that your computer had been >> stealth configured to send what was being said in your room to somebody >> else, to a private company in another country, without your consent or >> knowledge, an audio transmission triggered by… an unknown and >> unverifiable >> set of conditions. >> >> Google had two responses to this. The first was to introduce a >> practically-undocumented switch to opt out of this behavior, which is >> not >> a fix: the default install will still wiretap your room without your >> consent, unless you opt out, and more importantly, know that you need to >> opt out, which is nowhere a reasonable requirement. But the second was >> more of an official statement following technical discussions on Hacker >> News and other places. That official statement amounted to three parts >> (paraphrased, of course): >> >> 1) Yes, we’re downloading and installing a wiretapping black-box to your >> computer. But we’re not actually activating it. We did take advantage of >> our position as trusted upstream to stealth-insert code into open-source >> software that installed this black box onto millions of computers, >> but we >> would never abuse the same trust in the same way to insert code that >> activates the eavesdropping-blackbox we already downloaded and installed >> onto your computer without your consent or knowledge. You can look at >> the >> code as it looks right now to see that the code doesn’t do this right >> now. >> >> 2) Yes, Chromium is bypassing the entire source code auditing process by >> downloading a pre-built black box onto people’s computers. But that’s >> not >> something we care about, really. We’re concerned with building Google >> Chrome, the product from Google. As part of that, we provide the source >> code for others to package if they like. Anybody who uses our code for >> their own purpose takes responsibility for it. When this happens in a >> Debian installation, it is not Google Chrome’s behavior, this is Debian >> Chromium’s behavior. It’s Debian’s responsibility entirely. >> >> 3) Yes, we deliberately hid this listening module from the users, but >> that’s because we consider this behavior to be part of the basic Google >> Chrome experience. We don’t want to show all modules that we install >> ourselves. >> >> If you think this is an excusable and responsible statement, raise your >> hand now. >> >> Now, it should be noted that this was Chromium, the open-source >> version of >> Chrome. If somebody downloads the Google product Google Chrome, as in >> the >> prepackaged binary, you don’t even get a theoretical choice. You’re >> already downloading a black box from a vendor. In Google Chrome, this is >> all included from the start. >> >> This episode highlights the need for hard, not soft, switches to all >> devices – webcams, microphones – that can be used for surveillance. A >> software on/off switch for a webcam is no longer enough, a hard >> shield in >> front of the lens is required. A software on/off switch for a microphone >> is no longer enough, a physical switch that breaks its electrical >> connection is required. That’s how you defend against this in depth. >> >> Of course, people were quick to downplay the alarm. “It only listens >> when >> you say ‘Ok, Google’.” (Ok, so how does it know to start listening just >> before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company >> stealth installs an audio listener that listens to every room in the >> world >> it can, and transmits audio data to the mothership when it encounters an >> unknown, possibly individually tailored, list of keywords – and it’s no >> big deal!?) “You can opt out. It’s in the Terms of Service.” (No. >> Just no. >> This is not something that is the slightest amount of permissible just >> because it’s hidden in legalese.) “It’s opt-in. It won’t really listen >> unless you check that box.” (Perhaps. We don’t know, Google just >> downloaded a black box onto my computer. And it may not be the same >> black >> box as was downloaded onto yours. ) >> >> Early last decade, privacy activists practically yelled and screamed >> that >> the NSA’s taps of various points of the Internet and telecom networks >> had >> the technical potential for enormous abuse against privacy. Everybody >> else >> dismissed those points as basically tinfoilhattery – until the Snowden >> files came out, and it was revealed that precisely everybody involved >> had >> abused their technical capability for invasion of privacy as far as was >> possible. >> >> Perhaps it would be wise to not repeat that exact mistake. Nobody, and I >> really mean nobody, is to be trusted with a technical capability to >> listen >> to every room in the world, with listening profiles customizable at the >> identified-individual level, on the mere basis of “trust us”. >> >> Privacy remains your own responsibility. >> >> Rick Falkvinge >> ABOUT RICK FALKVINGE >> Rick is the founder of the first Pirate Party and is a political >> evangelist, traveling around Europe and the world to talk and write >> about >> ideas of a sensible information policy. He has a tech entrepreneur >> background and loves whisky. Read more of his articles on his website. >> >> Twitter |More Posts (91) >> > > From shelley at misanthropia.org Sun Jun 21 19:16:20 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 21 Jun 2015 19:16:20 -0700 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: <14e1902d588.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> <55872C75.7010107@diffalt.com> <20150622011338.4B83A6800B4@frontend2.nyi.internal> <14e1902d588.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150622021605.298876801B3@frontend2.nyi.internal> Acknowledged; I know it's a trade-off. However, TLAs just tap the backbone and take everything upstream anyway. If I were ever a true target, there wouldn't be much I could do. ---------- On June 21, 2015 6:28:20 PM Travis Biehn wrote: > Hosts that dont behave like all the other swans end up looking like ugly > ducklings ;) > > On Sun, Jun 21, 2015, 9:13 PM Shelley wrote: > > > On June 21, 2015 3:25:07 PM Travis Biehn wrote: > > > > > *Cough* AFAIK if 'OK google' works anything like on Android (and it > > should) > > > it locally processes for the trigger phrase, then provides both audio and > > > visual queues its recording your voice. They aren't constantly recording > > > everything you say and uploading it. > > > > > > It's not exactly the 1984 two-way A/V system its made out to be. Inspect > > > the source for yourself rather than relying on fantastical reporting. > > > > > > Google's products and services are not free, I don't find it surprising > > > that they datamine voice, they've been offering 'free' PBX systems for > > > years in exchange for all voice traffic that transits through it - > > directly > > > using this to train voice recognition along with YouTube videos and so > > on. > > > > > > Anything on your machine can be tapping you. Your attackers don't need to > > > bake it into the browser - doing so would be idiotic. Your attackers can > > > piggy on updates, TAO in, use an exploit or simply bug you. It's way > > easier > > > to pop a 10$ bug in the room rather than risking burning some 0day worth > > > infinitely more on you. > > > > > > > That's why I root and gut my android devices of bloatware and everything > > google (as much as is technologically possible), and block access to > > google/failbook etc. tracking BS in my hosts file (all those idiotic 'like' > > and 'share' buttons too. Pages load much quicker.) > > > > I side load everything and stick to FOSS. I've disabled voice search, and > > nothing uses data or accesses the net without my knowledge. It's certainly > > no blackphone, but it's about as secure as any civilian 24/7 tracking > > device can be and meets my needs. > > > > Also, it's easy to run debian on most devices, but there's always CM if > > someone prefers. > > > > -S > > > > > > > On Sun, Jun 21, 2015, 5:46 PM Kurt Buff wrote: > > > > > > > That's pretty easy. Fire up wireshark, look for packets heading to > > > > google-owned addresses. > > > > > > > > Kill off processes one by one until you see those packets stop. > > > > > > > > You have found your culprit. > > > > > > > > Kurt > > > > > > > > On Sun, Jun 21, 2015 at 2:28 PM, Tim Beelen wrote: > > > > > How do I find out what program is listening to my microphone? > > > > > > > > > > > > > > > On 6/21/2015 4:55 PM, Shelley wrote: > > > > >> > > > > >> ---------- > > > > >> On June 21, 2015 1:14:32 PM Seth wrote: > > > > >> > > > > >>> from > > > > >>> > > > > >>> > > > > > > > > > > https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ > > > > >>> > > > > >>> > > > > >>> Posted on June 18, 2015 by Rick Falkvinge > > > > >>> > > > > >>> Google Chrome Listening In To Your Room Shows The Importance Of > > Privacy > > > > >>> Defense In Depth > > > > >> > > > > >> > > > > >> > > > > >> Wow, this is exactly the kind of bullshit- and bullshit response- > > I'd > > > > >> expect from this duplicitous NSA asset. > > > > >> > > > > >> I keep a seldom-used, older version of chromium on one of my debian > > > > >> laptops so I'll check for this. My webcam and microphone are > > physically > > > > >> disconnected anyway, but I still want to see if their spyware has > > > > infected > > > > >> my system. Fuckers. > > > > >> > > > > >> Thanks for posting this; I've been out of the news loop for a > > couple of > > > > >> days. > > > > >> > > > > >> -S > > > > >> > > > > >> > > > > >>> > > > > >>> Yesterday, news broke that Google has been stealth downloading > > audio > > > > >>> listeners onto every computer that runs Chrome, and transmits audio > > > > data > > > > >>> back to Google. Effectively, this means that Google had taken > > itself > > > > the > > > > >>> right to listen to every conversation in every room that runs > > Chrome > > > > >>> somewhere, without any kind of consent from the people > > eavesdropped on. > > > > >>> In > > > > >>> official statements, Google shrugged off the practice with what > > amounts > > > > >>> to > > > > >>> “we can do that”. > > > > >>> > > > > >>> It looked like just another bug report. "When I start Chromium, it > > > > >>> downloads something." Followed by strange status information that > > > > notably > > > > >>> included the lines "Microphone: Yes" and "Audio Capture Allowed: > > Yes". > > > > >>> > > > > >>> chrome-voicesearch > > > > >>> > > > > >>> Without consent, Google’s code had downloaded a black box of code > > that > > > > – > > > > >>> according to itself – had turned on the microphone and was actively > > > > >>> listening to your room. > > > > >>> > > > > >>> A brief explanation of the Open-source / Free-software philosophy > > is > > > > >>> needed here. When you’re installing a version of GNU/Linux like > > Debian > > > > or > > > > >>> Ubuntu onto a fresh computer, thousands of really smart people have > > > > >>> analyzed every line of human-readable source code before that > > operating > > > > >>> system was built into computer-executable binary code, to make it > > > > common > > > > >>> and open knowledge what the machine actually does instead of > > trusting > > > > >>> corporate statements on what it’s supposed to be doing. Therefore, > > you > > > > >>> don’t install black boxes onto a Debian or Ubuntu system; you use > > > > >>> software > > > > >>> repositories that have gone through this source-code > > audit-then-build > > > > >>> process. Maintainers of operating systems like Debian and Ubuntu > > use > > > > many > > > > >>> so-called “upstreams” of source code to build the final product. > > > > >>> > > > > >>> Chromium, the open-source version of Google Chrome, had abused its > > > > >>> position as trusted upstream to insert lines of source code that > > > > bypassed > > > > >>> this audit-then-build process, and which downloaded and installed a > > > > black > > > > >>> box of unverifiable executable code directly onto computers, > > > > essentially > > > > >>> rendering them compromised. We don’t know and can’t know what this > > > > black > > > > >>> box does. But we see reports that the microphone has been > > activated, > > > > and > > > > >>> that Chromium considers audio capture permitted. > > > > >>> > > > > >>> This was supposedly to enable the “Ok, Google” behavior – that > > when you > > > > >>> say certain words, a search function is activated. Certainly a > > useful > > > > >>> feature. Certainly something that enables eavesdropping of every > > > > >>> conversation in the entire room, too. > > > > >>> > > > > >>> Obviously, your own computer isn’t the one to analyze the actual > > search > > > > >>> command. Google’s servers do. Which means that your computer had > > been > > > > >>> stealth configured to send what was being said in your room to > > somebody > > > > >>> else, to a private company in another country, without your > > consent or > > > > >>> knowledge, an audio transmission triggered by… an unknown and > > > > >>> unverifiable > > > > >>> set of conditions. > > > > >>> > > > > >>> Google had two responses to this. The first was to introduce a > > > > >>> practically-undocumented switch to opt out of this behavior, which > > is > > > > not > > > > >>> a fix: the default install will still wiretap your room without > > your > > > > >>> consent, unless you opt out, and more importantly, know that you > > need > > > > to > > > > >>> opt out, which is nowhere a reasonable requirement. But the second > > was > > > > >>> more of an official statement following technical discussions on > > Hacker > > > > >>> News and other places. That official statement amounted to three > > parts > > > > >>> (paraphrased, of course): > > > > >>> > > > > >>> 1) Yes, we’re downloading and installing a wiretapping black-box to > > > > your > > > > >>> computer. But we’re not actually activating it. We did take > > advantage > > > > of > > > > >>> our position as trusted upstream to stealth-insert code into > > > > open-source > > > > >>> software that installed this black box onto millions of computers, > > but > > > > we > > > > >>> would never abuse the same trust in the same way to insert code > > that > > > > >>> activates the eavesdropping-blackbox we already downloaded and > > > > installed > > > > >>> onto your computer without your consent or knowledge. You can look > > at > > > > the > > > > >>> code as it looks right now to see that the code doesn’t do this > > right > > > > >>> now. > > > > >>> > > > > >>> 2) Yes, Chromium is bypassing the entire source code auditing > > process > > > > by > > > > >>> downloading a pre-built black box onto people’s computers. But > > that’s > > > > not > > > > >>> something we care about, really. We’re concerned with building > > Google > > > > >>> Chrome, the product from Google. As part of that, we provide the > > source > > > > >>> code for others to package if they like. Anybody who uses our code > > for > > > > >>> their own purpose takes responsibility for it. When this happens > > in a > > > > >>> Debian installation, it is not Google Chrome’s behavior, this is > > Debian > > > > >>> Chromium’s behavior. It’s Debian’s responsibility entirely. > > > > >>> > > > > >>> 3) Yes, we deliberately hid this listening module from the users, > > but > > > > >>> that’s because we consider this behavior to be part of the basic > > Google > > > > >>> Chrome experience. We don’t want to show all modules that we > > install > > > > >>> ourselves. > > > > >>> > > > > >>> If you think this is an excusable and responsible statement, raise > > your > > > > >>> hand now. > > > > >>> > > > > >>> Now, it should be noted that this was Chromium, the open-source > > version > > > > >>> of > > > > >>> Chrome. If somebody downloads the Google product Google Chrome, as > > in > > > > the > > > > >>> prepackaged binary, you don’t even get a theoretical choice. You’re > > > > >>> already downloading a black box from a vendor. In Google Chrome, > > this > > > > is > > > > >>> all included from the start. > > > > >>> > > > > >>> This episode highlights the need for hard, not soft, switches to > > all > > > > >>> devices – webcams, microphones – that can be used for > > surveillance. A > > > > >>> software on/off switch for a webcam is no longer enough, a hard > > shield > > > > in > > > > >>> front of the lens is required. A software on/off switch for a > > > > microphone > > > > >>> is no longer enough, a physical switch that breaks its electrical > > > > >>> connection is required. That’s how you defend against this in > > depth. > > > > >>> > > > > >>> Of course, people were quick to downplay the alarm. “It only > > listens > > > > when > > > > >>> you say ‘Ok, Google’.” (Ok, so how does it know to start listening > > just > > > > >>> before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A > > company > > > > >>> stealth installs an audio listener that listens to every room in > > the > > > > >>> world > > > > >>> it can, and transmits audio data to the mothership when it > > encounters > > > > an > > > > >>> unknown, possibly individually tailored, list of keywords – and > > it’s no > > > > >>> big deal!?) “You can opt out. It’s in the Terms of Service.” (No. > > Just > > > > >>> no. > > > > >>> This is not something that is the slightest amount of permissible > > just > > > > >>> because it’s hidden in legalese.) “It’s opt-in. It won’t really > > listen > > > > >>> unless you check that box.” (Perhaps. We don’t know, Google just > > > > >>> downloaded a black box onto my computer. And it may not be the same > > > > black > > > > >>> box as was downloaded onto yours. ) > > > > >>> > > > > >>> Early last decade, privacy activists practically yelled and > > screamed > > > > that > > > > >>> the NSA’s taps of various points of the Internet and telecom > > networks > > > > had > > > > >>> the technical potential for enormous abuse against privacy. > > Everybody > > > > >>> else > > > > >>> dismissed those points as basically tinfoilhattery – until the > > Snowden > > > > >>> files came out, and it was revealed that precisely everybody > > involved > > > > had > > > > >>> abused their technical capability for invasion of privacy as far > > as was > > > > >>> possible. > > > > >>> > > > > >>> Perhaps it would be wise to not repeat that exact mistake. Nobody, > > and > > > > I > > > > >>> really mean nobody, is to be trusted with a technical capability to > > > > >>> listen > > > > >>> to every room in the world, with listening profiles customizable > > at the > > > > >>> identified-individual level, on the mere basis of “trust us”. > > > > >>> > > > > >>> Privacy remains your own responsibility. > > > > >>> > > > > >>> Rick Falkvinge > > > > >>> ABOUT RICK FALKVINGE > > > > >>> Rick is the founder of the first Pirate Party and is a political > > > > >>> evangelist, traveling around Europe and the world to talk and write > > > > about > > > > >>> ideas of a sensible information policy. He has a tech entrepreneur > > > > >>> background and loves whisky. Read more of his articles on his > > website. > > > > >>> > > > > >>> Twitter |More Posts (91) > > > > >>> > > > > >> > > > > >> > > > > > > > > > > > > > > > > > > > From juan.g71 at gmail.com Sun Jun 21 15:30:21 2015 From: juan.g71 at gmail.com (Juan) Date: Sun, 21 Jun 2015 19:30:21 -0300 Subject: Russia and China crack Snowden Cache In-Reply-To: <55822560.7020800@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581deff.1a1a370a.f92c.139b@mx.google.com> <5581F48B.3080408@diffalt.com> <5581fed3.d3c28c0a.192e.2537@mx.google.com> <5582096F.40909@diffalt.com> <55820fbb.8ad98c0a.1dab.3161@mx.google.com> <55822560.7020800@diffalt.com> Message-ID: <55873956.540f370a.70556.32af@mx.google.com> "Blakley, a former Marine who had been stationed in Afghanistan," http://photographyisnotacrime.com/2015/06/south-carolina-deputy-charged-with-involuntary-manslaughter-after-shooting-wife/ Yeah, the typical american psycho has trouble understanding what '(in-)voluntary' means. From coderman at gmail.com Sun Jun 21 20:29:11 2015 From: coderman at gmail.com (coderman) Date: Sun, 21 Jun 2015 20:29:11 -0700 Subject: Warrant Canaries are Bullshit Message-ID: it's simple: if you can't run it robustly, FADE TO BLACK. the canary dies when you shut off the service. anything else is posturing or pointless... [0]. best regards, 0. this leads to follow up questions, which may be: Qa) what about the legality? Aa: irrelevant as the canary, too. Qb) how to run the service? Ab: all onions, all the time![1] Qc) but my business is monitizing user data exhaust!? FinalAnswer: we're coming to make you worse than obsolete. you're a moral hazard and proven risk! 1. All onions, all the time, no DNS, no cloudbullshit, now past 1yr mark. it is possible past the growing pains! 20-30 minute typical bootstrap of friend/family/peer onto onion services. XMPP+OTR, Onionpad, GPGw/out email, Anonfilehost developer services? this a harder nut to crack. but possible; takes more than scores of minutes, however. SSSSSS. they NSL's your onion? you done fucked up somewhere, sad earth human. , time to burn onions and keys, three degrees out, :P From tbiehn at gmail.com Sun Jun 21 15:08:52 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Sun, 21 Jun 2015 22:08:52 +0000 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> <55872C75.7010107@diffalt.com> Message-ID: *Cough* AFAIK if 'OK google' works anything like on Android (and it should) it locally processes for the trigger phrase, then provides both audio and visual queues its recording your voice. They aren't constantly recording everything you say and uploading it. It's not exactly the 1984 two-way A/V system its made out to be. Inspect the source for yourself rather than relying on fantastical reporting. Google's products and services are not free, I don't find it surprising that they datamine voice, they've been offering 'free' PBX systems for years in exchange for all voice traffic that transits through it - directly using this to train voice recognition along with YouTube videos and so on. Anything on your machine can be tapping you. Your attackers don't need to bake it into the browser - doing so would be idiotic. Your attackers can piggy on updates, TAO in, use an exploit or simply bug you. It's way easier to pop a 10$ bug in the room rather than risking burning some 0day worth infinitely more on you. On Sun, Jun 21, 2015, 5:46 PM Kurt Buff wrote: > That's pretty easy. Fire up wireshark, look for packets heading to > google-owned addresses. > > Kill off processes one by one until you see those packets stop. > > You have found your culprit. > > Kurt > > On Sun, Jun 21, 2015 at 2:28 PM, Tim Beelen wrote: > > How do I find out what program is listening to my microphone? > > > > > > On 6/21/2015 4:55 PM, Shelley wrote: > >> > >> ---------- > >> On June 21, 2015 1:14:32 PM Seth wrote: > >> > >>> from > >>> > >>> > https://www.privateinternetaccess.com/blog/2015/06/google-chrome-listening-in-to-your-room-shows-the-importance-of-privacy-defense-in-depth/ > >>> > >>> > >>> Posted on June 18, 2015 by Rick Falkvinge > >>> > >>> Google Chrome Listening In To Your Room Shows The Importance Of Privacy > >>> Defense In Depth > >> > >> > >> > >> Wow, this is exactly the kind of bullshit- and bullshit response- I'd > >> expect from this duplicitous NSA asset. > >> > >> I keep a seldom-used, older version of chromium on one of my debian > >> laptops so I'll check for this. My webcam and microphone are physically > >> disconnected anyway, but I still want to see if their spyware has > infected > >> my system. Fuckers. > >> > >> Thanks for posting this; I've been out of the news loop for a couple of > >> days. > >> > >> -S > >> > >> > >>> > >>> Yesterday, news broke that Google has been stealth downloading audio > >>> listeners onto every computer that runs Chrome, and transmits audio > data > >>> back to Google. Effectively, this means that Google had taken itself > the > >>> right to listen to every conversation in every room that runs Chrome > >>> somewhere, without any kind of consent from the people eavesdropped on. > >>> In > >>> official statements, Google shrugged off the practice with what amounts > >>> to > >>> “we can do that”. > >>> > >>> It looked like just another bug report. "When I start Chromium, it > >>> downloads something." Followed by strange status information that > notably > >>> included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes". > >>> > >>> chrome-voicesearch > >>> > >>> Without consent, Google’s code had downloaded a black box of code that > – > >>> according to itself – had turned on the microphone and was actively > >>> listening to your room. > >>> > >>> A brief explanation of the Open-source / Free-software philosophy is > >>> needed here. When you’re installing a version of GNU/Linux like Debian > or > >>> Ubuntu onto a fresh computer, thousands of really smart people have > >>> analyzed every line of human-readable source code before that operating > >>> system was built into computer-executable binary code, to make it > common > >>> and open knowledge what the machine actually does instead of trusting > >>> corporate statements on what it’s supposed to be doing. Therefore, you > >>> don’t install black boxes onto a Debian or Ubuntu system; you use > >>> software > >>> repositories that have gone through this source-code audit-then-build > >>> process. Maintainers of operating systems like Debian and Ubuntu use > many > >>> so-called “upstreams” of source code to build the final product. > >>> > >>> Chromium, the open-source version of Google Chrome, had abused its > >>> position as trusted upstream to insert lines of source code that > bypassed > >>> this audit-then-build process, and which downloaded and installed a > black > >>> box of unverifiable executable code directly onto computers, > essentially > >>> rendering them compromised. We don’t know and can’t know what this > black > >>> box does. But we see reports that the microphone has been activated, > and > >>> that Chromium considers audio capture permitted. > >>> > >>> This was supposedly to enable the “Ok, Google” behavior – that when you > >>> say certain words, a search function is activated. Certainly a useful > >>> feature. Certainly something that enables eavesdropping of every > >>> conversation in the entire room, too. > >>> > >>> Obviously, your own computer isn’t the one to analyze the actual search > >>> command. Google’s servers do. Which means that your computer had been > >>> stealth configured to send what was being said in your room to somebody > >>> else, to a private company in another country, without your consent or > >>> knowledge, an audio transmission triggered by… an unknown and > >>> unverifiable > >>> set of conditions. > >>> > >>> Google had two responses to this. The first was to introduce a > >>> practically-undocumented switch to opt out of this behavior, which is > not > >>> a fix: the default install will still wiretap your room without your > >>> consent, unless you opt out, and more importantly, know that you need > to > >>> opt out, which is nowhere a reasonable requirement. But the second was > >>> more of an official statement following technical discussions on Hacker > >>> News and other places. That official statement amounted to three parts > >>> (paraphrased, of course): > >>> > >>> 1) Yes, we’re downloading and installing a wiretapping black-box to > your > >>> computer. But we’re not actually activating it. We did take advantage > of > >>> our position as trusted upstream to stealth-insert code into > open-source > >>> software that installed this black box onto millions of computers, but > we > >>> would never abuse the same trust in the same way to insert code that > >>> activates the eavesdropping-blackbox we already downloaded and > installed > >>> onto your computer without your consent or knowledge. You can look at > the > >>> code as it looks right now to see that the code doesn’t do this right > >>> now. > >>> > >>> 2) Yes, Chromium is bypassing the entire source code auditing process > by > >>> downloading a pre-built black box onto people’s computers. But that’s > not > >>> something we care about, really. We’re concerned with building Google > >>> Chrome, the product from Google. As part of that, we provide the source > >>> code for others to package if they like. Anybody who uses our code for > >>> their own purpose takes responsibility for it. When this happens in a > >>> Debian installation, it is not Google Chrome’s behavior, this is Debian > >>> Chromium’s behavior. It’s Debian’s responsibility entirely. > >>> > >>> 3) Yes, we deliberately hid this listening module from the users, but > >>> that’s because we consider this behavior to be part of the basic Google > >>> Chrome experience. We don’t want to show all modules that we install > >>> ourselves. > >>> > >>> If you think this is an excusable and responsible statement, raise your > >>> hand now. > >>> > >>> Now, it should be noted that this was Chromium, the open-source version > >>> of > >>> Chrome. If somebody downloads the Google product Google Chrome, as in > the > >>> prepackaged binary, you don’t even get a theoretical choice. You’re > >>> already downloading a black box from a vendor. In Google Chrome, this > is > >>> all included from the start. > >>> > >>> This episode highlights the need for hard, not soft, switches to all > >>> devices – webcams, microphones – that can be used for surveillance. A > >>> software on/off switch for a webcam is no longer enough, a hard shield > in > >>> front of the lens is required. A software on/off switch for a > microphone > >>> is no longer enough, a physical switch that breaks its electrical > >>> connection is required. That’s how you defend against this in depth. > >>> > >>> Of course, people were quick to downplay the alarm. “It only listens > when > >>> you say ‘Ok, Google’.” (Ok, so how does it know to start listening just > >>> before I’m about to say ‘Ok, Google?’) “It’s no big deal.” (A company > >>> stealth installs an audio listener that listens to every room in the > >>> world > >>> it can, and transmits audio data to the mothership when it encounters > an > >>> unknown, possibly individually tailored, list of keywords – and it’s no > >>> big deal!?) “You can opt out. It’s in the Terms of Service.” (No. Just > >>> no. > >>> This is not something that is the slightest amount of permissible just > >>> because it’s hidden in legalese.) “It’s opt-in. It won’t really listen > >>> unless you check that box.” (Perhaps. We don’t know, Google just > >>> downloaded a black box onto my computer. And it may not be the same > black > >>> box as was downloaded onto yours. ) > >>> > >>> Early last decade, privacy activists practically yelled and screamed > that > >>> the NSA’s taps of various points of the Internet and telecom networks > had > >>> the technical potential for enormous abuse against privacy. Everybody > >>> else > >>> dismissed those points as basically tinfoilhattery – until the Snowden > >>> files came out, and it was revealed that precisely everybody involved > had > >>> abused their technical capability for invasion of privacy as far as was > >>> possible. > >>> > >>> Perhaps it would be wise to not repeat that exact mistake. Nobody, and > I > >>> really mean nobody, is to be trusted with a technical capability to > >>> listen > >>> to every room in the world, with listening profiles customizable at the > >>> identified-individual level, on the mere basis of “trust us”. > >>> > >>> Privacy remains your own responsibility. > >>> > >>> Rick Falkvinge > >>> ABOUT RICK FALKVINGE > >>> Rick is the founder of the first Pirate Party and is a political > >>> evangelist, traveling around Europe and the world to talk and write > about > >>> ideas of a sensible information policy. He has a tech entrepreneur > >>> background and loves whisky. Read more of his articles on his website. > >>> > >>> Twitter |More Posts (91) > >>> > >> > >> > > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 13438 bytes Desc: not available URL: From tim at diffalt.com Sun Jun 21 19:31:58 2015 From: tim at diffalt.com (Tim Beelen) Date: Sun, 21 Jun 2015 22:31:58 -0400 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: References: <55872A46.10001@diffalt.com> Message-ID: <5587739E.6080204@diffalt.com> MH17. Here, conventional fool-proof armchair analyses of Russia's sad attempt to to cover it up. Anyway, forensic analyses is still under way. We'll know what happened eventually. https://www.bellingcat.com/news/uk-and-europe/2015/05/31/mh17-forensic-analysis-of-satellite-images-released-by-the-russian-ministry-of-defence/ Full report proving without reasonable doubt that the Russian version of the story is made up. The image verification narrowed it down to Photoshop version they used to cook the evidence with. https://www.bellingcat.com/wp-content/uploads/2015/05/Forensic_analysis_of_satellite_images_EN.pdf There are over a million supporting images, video and documents that support the claim that it was in fact a Russian BUK SAM-launcher system. The supporting evidence is so thorough, complete with the identity of the supporting logistics brigade. Complete with selfies from Vkontakte, the Russian facebook. So yea, even the Russians are apparently very much aware of what they did. The service men are obviously dumb enough to blog about it. So, yea, there's that. On 6/21/2015 6:16 PM, Zenaan Harkness wrote: > On 6/22/15, Tim Beelen wrote: >> Yea right. >> >> Also, the Russians shot down a commercial flight. > Yeah right. From list at sysfu.com Sun Jun 21 22:40:28 2015 From: list at sysfu.com (Seth) Date: Sun, 21 Jun 2015 22:40:28 -0700 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: <20150621205447.7EF00C0028A@frontend1.nyi.internal> References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> Message-ID: On Sun, 21 Jun 2015 13:55:02 -0700, Shelley wrote: > Wow, this is exactly the kind of bullshit- and bullshit response- I'd > expect from this duplicitous NSA asset. > > I keep a seldom-used, older version of chromium on one of my debian > laptops so I'll check for this. My webcam and microphone are physically > disconnected anyway, but I still want to see if their spyware has > infected my system. Fuckers. > > Thanks for posting this; I've been out of the news loop for a couple of > days. In all fairness after reading some of the comments and the original Debian bug report it seems that the Falkvinge might have got a bit overly excited about this one. Regardless, the claim of the browser downloading a black box binary appears to stand, even if it was not activated in most or all cases. From dan at geer.org Sun Jun 21 20:21:19 2015 From: dan at geer.org (dan at geer.org) Date: Sun, 21 Jun 2015 23:21:19 -0400 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: Your message of "Sun, 21 Jun 2015 06:40:02 -0400." Message-ID: <20150622032119.4B2F42280F8@palinka.tinho.net> The cited article strikes me as pollyannaish; Russia's next move is to do for eastern Estonia what it did for eastern Ukraine, but then we'd have NATO Article 5 invoked for an 85% Russian speaking population already living on Russia's border. It is therefore not unreasonable to predict that despite an unarguable Article 5 triggering, some set of European NATO members would decline to show up to do their duty. NATO is then dead against a backdrop of non-zero probability of EU dis-integration. If you are Putin, what's not to like? (What the hell this topic has to do with "the widespread use of strong cryptography as a route to progressive change" I don't know.) --dan From alfiej at fastmail.fm Sun Jun 21 15:14:03 2015 From: alfiej at fastmail.fm (Alfie John) Date: Mon, 22 Jun 2015 08:14:03 +1000 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> <55872C75.7010107@diffalt.com> Message-ID: <1434924843.3744003.303972017.336142F8@webmail.messagingengine.com> On Mon, Jun 22, 2015, at 07:41 AM, Kurt Buff wrote: > That's pretty easy. Fire up wireshark, look for packets heading to google- > owned addresses. > > Kill off processes one by one until you see those packets stop. > > You have found your culprit. If you check for packets moving but see nothing, it only proves that it's _currently_ not recording. It's the capability that they _can_ turn it on via a push update is what get me. And all it takes is a warrant if you're a US citizen. If not a US citizen, you're fair game. Alfie -- Alfie John alfiej at fastmail.fm From zen at freedbms.net Sun Jun 21 15:16:44 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Mon, 22 Jun 2015 08:16:44 +1000 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: <55872A46.10001@diffalt.com> References: <55872A46.10001@diffalt.com> Message-ID: On 6/22/15, Tim Beelen wrote: > Yea right. > > Also, the Russians shot down a commercial flight. Yeah right. From bizdevcon at protonmail.ch Mon Jun 22 05:30:00 2015 From: bizdevcon at protonmail.ch (BizDevCon) Date: Mon, 22 Jun 2015 08:30:00 -0400 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome Message-ID: <7626ec617d8bb15226a70e657d573ba6@protonmail.ch> On Chrome for Mac OS X the setting Enable "Ok Google" to start a voice search. was *NOT*, I repeat NOT, enabled by default on my computer. -BizDevCon -------- Original Message -------- Subject: Re: Google has been stealth downloading audio listeners onto every computer that runs Chrome Time (GMT): Jun 21 2015 22:14:03 From: alfiej at fastmail.fm To: cypherpunks at cpunks.org On Mon, Jun 22, 2015, at 07:41 AM, Kurt Buff wrote: > That's pretty easy. Fire up wireshark, look for packets heading to google- > owned addresses. > > Kill off processes one by one until you see those packets stop. > > You have found your culprit. If you check for packets moving but see nothing, it only proves that it's _currently_ not recording. It's the capability that they _can_ turn it on via a push update is what get me. And all it takes is a warrant if you're a US citizen. If not a US citizen, you're fair game. Alfie -- Alfie John alfiej at fastmail.fm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1176 bytes Desc: not available URL: From bizdevcon at protonmail.com Mon Jun 22 05:42:18 2015 From: bizdevcon at protonmail.com (BizDevCon) Date: Mon, 22 Jun 2015 08:42:18 -0400 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome Message-ID: <2671770a9c6c238f299756207d0f75e4@protonmail.ch> On Chrome for Mac OS X the setting Enable "Ok Google" to start a voice search. was *NOT*, I repeat not, enabled by default on my computer. -BizDevCon -------- Original Message -------- Subject: Re: Google has been stealth downloading audio listeners onto every computer that runs Chrome Time (GMT): Jun 21 2015 22:14:03 From: alfiej at fastmail.fm To: cypherpunks at cpunks.org On Mon, Jun 22, 2015, at 07:41 AM, Kurt Buff wrote: > That's pretty easy. Fire up wireshark, look for packets heading to google- > owned addresses. > > Kill off processes one by one until you see those packets stop. > > You have found your culprit. If you check for packets moving but see nothing, it only proves that it's _currently_ not recording. It's the capability that they _can_ turn it on via a push update is what get me. And all it takes is a warrant if you're a US citizen. If not a US citizen, you're fair game. Alfie -- Alfie John alfiej at fastmail.fm -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1350 bytes Desc: not available URL: From Rayzer at riseup.net Mon Jun 22 13:04:01 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 22 Jun 2015 13:04:01 -0700 Subject: PandoDaily "Revamps" Launch Partner... Wait for it... Cloudflare Message-ID: <55886A31.8060100@riseup.net> Since Pando's Yasha Levine wrote what I consider to be the seminal piece about Cloudflare's affiliation with federal spying back in his eXiled days and hinted at their connection to domestic spying I figure Pando's knowingly sold out to federal domestic spying. https://pando.com/2015/06/22/welcome-new-pando/ What do imprisoned journalist Barrett Brown's "Project PM" domestic spying research site, the supposedly secure email service "Hushmail", the "New Pirate Bay" torrent site, a Ferguson organizing site, an 'apology letter to Vladimir Putin' site, and ISIS' most popular chat rooms all have in common? They're all being, or have been domain name served/stalked by the Domestic Spying organization "CloudFlare" http://auntieimperial.tumblr.com/post/119691050059 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From list at sysfu.com Mon Jun 22 14:14:43 2015 From: list at sysfu.com (Seth) Date: Mon, 22 Jun 2015 14:14:43 -0700 Subject: PandoDaily "Revamps" Launch Partner... Wait for it... Cloudflare In-Reply-To: <55886A31.8060100@riseup.net> References: <55886A31.8060100@riseup.net> Message-ID: On Mon, 22 Jun 2015 13:04:01 -0700, Razer wrote: > Since Pando's Yasha Levine wrote what I consider to be the seminal piece > about Cloudflare's affiliation with federal spying back in his eXiled > days and hinted at their connection to domestic spying I figure Pando's > knowingly sold out to federal domestic spying. > > https://pando.com/2015/06/22/welcome-new-pando/ > > What do imprisoned journalist Barrett Brown's "Project PM" domestic > spying research site, the supposedly secure email service "Hushmail", > the "New Pirate Bay" torrent site, a Ferguson organizing site, an > 'apology letter to Vladimir Putin' site, and ISIS' most popular chat > rooms all have in common? They're all being, or have been domain name > served/stalked by the Domestic Spying organization "CloudFlare" > > http://auntieimperial.tumblr.com/post/119691050059 Someone with a following (not me!) should bust Yasha Levine's balls about this in public. From grarpamp at gmail.com Mon Jun 22 13:16:31 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 22 Jun 2015 16:16:31 -0400 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: <20150622032119.4B2F42280F8@palinka.tinho.net> References: <20150622032119.4B2F42280F8@palinka.tinho.net> Message-ID: On Sun, Jun 21, 2015 at 11:21 PM, wrote: > is to do for eastern Estonia what it did for eastern Ukraine, but > ... > triggering, some set of European NATO members would decline to show > ... > (What the hell this topic has to do with "the widespread use of > strong cryptography as a route to progressive change" I don't know.) People, diplomats, agents, field units, drones, comms, the football, nukes, and more all use crypto. If Estonia goes Art 5, more of it activates becoming applied crypto, eventually quite possibly launching regressive change, back to pre industrial times. Is crypto there now equally available to and utilized by all opponents and thus yields no net imbalance in the game? From grarpamp at gmail.com Mon Jun 22 13:40:27 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 22 Jun 2015 16:40:27 -0400 Subject: PandoDaily "Revamps" Launch Partner... Wait for it... Cloudflare In-Reply-To: <55886A31.8060100@riseup.net> References: <55886A31.8060100@riseup.net> Message-ID: On Mon, Jun 22, 2015 at 4:04 PM, Razer wrote: > knowingly sold out to federal domestic spying. > > https://pando.com/2015/06/22/welcome-new-pando/ > > rooms all have in common? They're all being, or have been domain name > served/stalked by the Domestic Spying organization "CloudFlare" > > http://auntieimperial.tumblr.com/post/119691050059 No different than facebook, google, microsoft, ad agencies, MMORPGs, etc. Nasty things are always possible and known to exist when you've got meta entities spraying meta links all over the net and collecting meta data, forever. From l at odewijk.nl Mon Jun 22 01:23:22 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Mon, 22 Jun 2015 17:23:22 +0900 Subject: Google has been stealth downloading audio listeners onto every computer that runs Chrome In-Reply-To: References: <20150621205447.7EF00C0028A@frontend1.nyi.internal> <55872C75.7010107@diffalt.com> Message-ID: 2015-06-22 7:08 GMT+09:00 Travis Biehn : > ) it locally processes for the trigger phrase Oh, it does, it turns it into vocal-elements for remote analysis. This might seem silly to you. It does to me too. It also reduces the quality of the service; waiting (several?) round trips over (intentionally delayed to discourage voice calling) 3g networks is not a pleasant experience. But then, I am just a little programmer, and I know little of such things. Perhaps the 'OK, Google' is processed locally (idk). Still didn't agree to it. Lastly, and importantly, they're making chromium users download a binary. They bypass the usual distribution channels (that take in auditable source code), exposing how those channels were not secure in the first place. (no approved program should be allowed to subvert the security measures in this manner.) Falkenvinge would rather we'd blame Google. iOS takes it up a notch, and sends voice samples out to third parties for validation of accuracy. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1501 bytes Desc: not available URL: From stephan.neuhaus at zhaw.ch Tue Jun 23 00:21:30 2015 From: stephan.neuhaus at zhaw.ch (Stephan Neuhaus) Date: Tue, 23 Jun 2015 09:21:30 +0200 Subject: Be alert - signs of Russian invasion may be strong In-Reply-To: <20150622032119.4B2F42280F8@palinka.tinho.net> References: <20150622032119.4B2F42280F8@palinka.tinho.net> Message-ID: <558908FA.6070604@zhaw.ch> On 2015-06-22 05:21, dan at geer.org wrote: > The cited article strikes me as pollyannaish; Russia's next move > is to do for eastern Estonia what it did for eastern Ukraine, but > then we'd have NATO Article 5 invoked for an 85% Russian speaking > population already living on Russia's border. It is therefore not > unreasonable to predict that despite an unarguable Article 5 > triggering, some set of European NATO members would decline to show > up to do their duty. NATO is then dead against a backdrop of > non-zero probability of EU dis-integration. If you are Putin, > what's not to like? Perhaps an equally non-zero probability that it will all go pear-shaped after all? > (What the hell this topic has to do with "the widespread use of > strong cryptography as a route to progressive change" I don't know.) +1 --Stephan From Rayzer at riseup.net Tue Jun 23 12:57:56 2015 From: Rayzer at riseup.net (Razer) Date: Tue, 23 Jun 2015 12:57:56 -0700 Subject: Bahraini government's attempt to slow down the internet during 'Arab Spring' disturbances unsuccessful Message-ID: <5589BA44.2090303@riseup.net> Methinks this is really more appropriately titled 'attempt to slow down uprising *communication*' but FYI: It /(Saudi diplo-dox released by wikileaks)/ also mentions the Bahraini government's attempt to slow down the internet was not successful because Shiite activists have other ways of communicating, while those that work with international organizations have phones provided for them. Wikileaks Docs Reveal Saudi intrigues against Bahrain’s Arab Spring http://www.juancole.com/2015/06/wikileaks-intrigues-bahrains.html Interpretation of more Saudi wikileaks dox onsite -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From zen at freedbms.net Mon Jun 22 20:07:05 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Tue, 23 Jun 2015 13:07:05 +1000 Subject: Fwd: [ PFIR ] Lauren's Blog: "DOJ vs. Google: How Google Fights on Behalf of Its Users" In-Reply-To: <20150622224711.GC23358@vortex.com> References: <20150622224711.GC23358@vortex.com> Message-ID: ---------- Forwarded message ---------- From: "PFIR (People For Internet Responsibility) Announcement List" Date: Mon, 22 Jun 2015 15:47:11 -0700 Subject: [ PFIR ] Lauren's Blog: "DOJ vs. Google: How Google Fights on Behalf of Its Users" To: pfir-list at pfir.org DOJ vs. Google: How Google Fights on Behalf of Its Users http://lauren.vortex.com/archive/001110.html One of the oft-repeated Big Lies -- still bandied about by Google haters today -- is the false claim that Google enthusiastically turns over user data to government agencies. This fallacy perhaps reached its zenith a few years ago, when misleading PowerPoint slides from Edward Snowden's stolen NSA documents cache were touted by various commercial parties (with whom he had entrusted the data), in a misleading, out-of-context manner, designed for maximum clickbait potential. The slides were publicized by these parties with glaring headlines suggesting that Google permitted NSA to freely rummage around through Google data centers, grabbing goodies like a kid set loose in a candy store. Google immediately and forcefully denied these claims, and for anyone familiar with the internal structure and dialogues inside Google, these allegations were ludicrous on their face. (Full disclosure: While I have consulted to Google in the relatively recent past, I am not currently doing so.) Even an attempt to enable such access for NSA or any other outside party would have by necessity involved so many engineers and other Google employees as to make impossible any ability to keep such an effort secret. And once known, there would have been very public, mass resignations of Googlers -- for such an intrusion would strike directly at the heart of Google philosophy, and the mere suggestion of such a travesty would be utter anathema to Google engineers, policy directors, lawyers, and pretty much everyone else at the firm. Obviously, Google must obey valid laws, but that doesn't mean they're a pushover -- exactly the opposite. While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate. Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data. The case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account. Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense. I'm no fan of WikiLeaks. While they've done some public good, they also behave as mass data dumpers, making public various gigantic troves of usually stolen data, without even taking basic steps to protect innocent persons who through no fault of their own are put at risk via these raw data dumps. WikiLeaks' irresponsible behavior in this regard cannot be justified. But that lack of responsibility doesn't affect the analysis of the Gmail case under discussion here. That user deserved the same protection from DOJ overreaching as would any other user. The battle between Google and DOJ waged for several months, generating a relatively enormous pile of associated filings from both sides. Ultimately, Google lost the case and their appeal. This was still back in 2011. The gag order continued and outside knowledge of the case was buried by government orders until April of 2015 -- this year! -- when DOJ agreed to unseal some of the court records -- though haphazardly (and in some cases rather hilariously) redacted. These were finally turned over to the targeted Gmail user in mid-May -- triggering his public amazement at the depth and likely expense of Google fighting so voraciously on his behalf. Why did DOJ play such hardball in this case, particularly involving the gag order? There's evidence in the (now public) documents that the government wanted to avoid negative publicity of the sort they assert occurred with an earlier case involving Twitter, and DOJ was willing to pull out all the stops to prevent Google from even notifying the user of the government's actions. You don't need to take my word on any of this. If you have some time on your hands, the over 300 pages of related filings are now available for your direct inspection: https://drive.google.com/file/d/0B5L6chr0QvNzbTJNMXpiQWllNG8/view?usp=sharing So the next time someone tries to make the false claim that Google doesn't fight for its users, you can print out that pile of pages and plop it down right in front of them. Or save the trees and just send them the URL. Either way, the truth is in the reading. Be seeing you. --Lauren-- Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ pfir mailing list http://lists.pfir.org/mailman/listinfo/pfir From tedks at riseup.net Tue Jun 23 12:05:20 2015 From: tedks at riseup.net (Ted Smith) Date: Tue, 23 Jun 2015 15:05:20 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: References: Message-ID: <1435086320.25701.26.camel@riseup.net> What's the cypherpunk link in this? On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > > Summary at bottom, summarizing shifting position of "west" over some time: > "So let us recount the western position: > - It claimed to uphold the sovereignty and territorial integrity of > other countries and the inviolability of borders in Europe > - However, this did not extend to the sovereignty and the > territorial integrity of Federal Yugoslavia which could be trampled at > will > - Nonetheless, albeit the territorial integrity of Federal > Yugoslavia itself wasn’t worth anything, the territorial integrity of > its constituent republics seeking independence was holy > - Albeit the territorial integrity of the Yugoslav constituent > republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, > the territorial integrity of Serbia was not > - Albeit Slovenes, Croats and Bosnian Muslims could leave > Yugoslavia, Serbs could not leave Croatia and Bosnia > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo Albanians > could secede from Serbia > - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs > could not secede from Albanian-run Kosovo > - Albeit Kosovo could unilaterally secede from Serbia under NATO > military control, Crimea could not unilaterally secede from Ukraine > under Russian military control > > May world be spared hunger, plague and western principles. > " > -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From shelley at misanthropia.org Tue Jun 23 15:09:01 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 23 Jun 2015 15:09:01 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> Message-ID: <20150623220845.9DA75C00293@frontend1.nyi.internal> +1 What Cathal said. (And I'm saying it as someone extremely critical of my own government and who rarely passes up an opportunity to make it known.) ---------- On June 23, 2015 2:37:24 PM "Cathal (Phone)" wrote: > Propaganda is on-topic only insofar as it explores cointelpro, persona > management, etc: not strictly crypto, but subversive and political (ab)uses > of communications technology. > > And, while we're on the subject, I suspect much of this > pro-anything-not-West crap is likely to be just that: cointelpro to > discredit the genuine content and discourage subscription/participation by > a wider audience. It's pretty effective, I think. > > On 23 June 2015 21:51:19 GMT+01:00, Ted Smith wrote: > >I certainly think that geopolitics is not in general on topic for this > >list. > > > >"Western governments" and "western propaganda" also don't seem to me to > >be on topic for this list. This is not a list about propaganda or > >governance. > > > >Since this list is unmoderated, I am sharing my discontent in the hopes > >of demotivating further threads on this topic. > > > >That said, I guess cpunks was never good, it's meaningless to attempt > >to > >stop the shitstorm, etc., and so on. But now there are 2-3 posters who > >continually post random conspiracy crap and have built an echo chamber > >that totally drowns out any actual cypherpunking. > > > >Better posters (you know who you are), please stop encouraging this. > > > >On Tue, 2015-06-23 at 17:44 -0300, Juan wrote: > >> On Tue, 23 Jun 2015 15:05:20 -0400 > >> Ted Smith wrote: > >> > >> > What's the cypherpunk link in this? > >> > >> > >> That was part of a discussion on the nature of western > >> governments and western propaganda. > >> > >> Do you think that discussions on the nature of western > >> governments are off-topic? Maybe banned? > >> > >> Maybe we should instead talk about how terrible the suffering > >> of US military murderers is? > >> > >> paging Nick Econopouly > >> > >> > >> > >> > > >> > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > >> > > > >http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > >> > > > >> > > Summary at bottom, summarizing shifting position of "west" over > >> > > some time: "So let us recount the western position: > >> > > - It claimed to uphold the sovereignty and territorial > >integrity > >> > > of other countries and the inviolability of borders in Europe > >> > > - However, this did not extend to the sovereignty and the > >> > > territorial integrity of Federal Yugoslavia which could be > >trampled > >> > > at will > >> > > - Nonetheless, albeit the territorial integrity of Federal > >> > > Yugoslavia itself wasn’t worth anything, the territorial > >integrity > >> > > of its constituent republics seeking independence was holy > >> > > - Albeit the territorial integrity of the Yugoslav constituent > >> > > republics of Slovenia, Croatia and Bosnia and Herzegovina was > >holy, > >> > > the territorial integrity of Serbia was not > >> > > - Albeit Slovenes, Croats and Bosnian Muslims could leave > >> > > Yugoslavia, Serbs could not leave Croatia and Bosnia > >> > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo > >> > > Albanians could secede from Serbia > >> > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo > >Serbs > >> > > could not secede from Albanian-run Kosovo > >> > > - Albeit Kosovo could unilaterally secede from Serbia under > >NATO > >> > > military control, Crimea could not unilaterally secede from > >Ukraine > >> > > under Russian military control > >> > > > >> > > May world be spared hunger, plague and western principles. > >> > > " > >> > > > >> > > >> > >> > > > >-- > >Sent from Ubuntu > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. From shelley at misanthropia.org Tue Jun 23 16:16:01 2015 From: shelley at misanthropia.org (Shelley) Date: Tue, 23 Jun 2015 16:16:01 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> Message-ID: <20150623231545.BCC8CC0028F@frontend1.nyi.internal> I'll preface this by saying that I'm not fond of censoring list topics; I just skim or ignore topics/posts when they cease to interest me. I think discussing politics and propaganda is on-topic when it regards the main focus of the list. When governments intentionally weaken encryption, or threaten to/ actually pass draconian laws that directly affects the work we endeavour to do. Censorship, even, because we need to help reroute people around those blocks to get their messages out and essential info in. The pointless droning on about how much the USA and what it does sucks- and it does suck!- can become old. I know it's tempting because there are a lot of people here who agree, but there are other listservs better suited for it. Not meant to be a personal attack on anyone; I don't have a problem with any of you & I find it easy to scroll past that which doesn't interest me. Sometimes I'll even see a point of view I hadn't considered, even if the item in question isn't quite on-topic. Not everyone feels the same, though. -S ---------- On June 23, 2015 3:34:36 PM Juan wrote: > On Tue, 23 Jun 2015 15:09:01 -0700 > Shelley wrote: > > > +1 > > > > What Cathal said. > > > > (And I'm saying it as someone extremely critical of my own government > > and who rarely passes up an opportunity to make it known.) > > > So? What are you objecting to, then? > > > > > > > > ---------- > > On June 23, 2015 2:37:24 PM "Cathal (Phone)" > > wrote: > > > > > Propaganda is on-topic only insofar as it explores cointelpro, > > > persona management, etc: not strictly crypto, but subversive and > > > political (ab)uses of communications technology. > > > > > > And, while we're on the subject, I suspect much of this > > > pro-anything-not-West crap is likely to be just that: cointelpro to > > > discredit the genuine content and discourage > > > subscription/participation by a wider audience. > > > > Oh yes. I'm anti west agent on the payroll of? Putin? The > chinese? Or? > > It's quite funny though how a clown like cathal thinks he gets > to decide what is and what isn't on topic... > > > "discredit the genuine content" > > So, WHERE is the GENUINE content guys? Is it the stuff that dan > geer, tim beelen, the tor apologists and the like post? > > Or is it something else. Links please? > > > > > > > > From tedks at riseup.net Tue Jun 23 13:51:19 2015 From: tedks at riseup.net (Ted Smith) Date: Tue, 23 Jun 2015 16:51:19 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> Message-ID: <1435092679.25701.39.camel@riseup.net> I certainly think that geopolitics is not in general on topic for this list. "Western governments" and "western propaganda" also don't seem to me to be on topic for this list. This is not a list about propaganda or governance. Since this list is unmoderated, I am sharing my discontent in the hopes of demotivating further threads on this topic. That said, I guess cpunks was never good, it's meaningless to attempt to stop the shitstorm, etc., and so on. But now there are 2-3 posters who continually post random conspiracy crap and have built an echo chamber that totally drowns out any actual cypherpunking. Better posters (you know who you are), please stop encouraging this. On Tue, 2015-06-23 at 17:44 -0300, Juan wrote: > On Tue, 23 Jun 2015 15:05:20 -0400 > Ted Smith wrote: > > > What's the cypherpunk link in this? > > > That was part of a discussion on the nature of western > governments and western propaganda. > > Do you think that discussions on the nature of western > governments are off-topic? Maybe banned? > > Maybe we should instead talk about how terrible the suffering > of US military murderers is? > > paging Nick Econopouly > > > > > > > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > > > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > > > > > > Summary at bottom, summarizing shifting position of "west" over > > > some time: "So let us recount the western position: > > > - It claimed to uphold the sovereignty and territorial integrity > > > of other countries and the inviolability of borders in Europe > > > - However, this did not extend to the sovereignty and the > > > territorial integrity of Federal Yugoslavia which could be trampled > > > at will > > > - Nonetheless, albeit the territorial integrity of Federal > > > Yugoslavia itself wasn’t worth anything, the territorial integrity > > > of its constituent republics seeking independence was holy > > > - Albeit the territorial integrity of the Yugoslav constituent > > > republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, > > > the territorial integrity of Serbia was not > > > - Albeit Slovenes, Croats and Bosnian Muslims could leave > > > Yugoslavia, Serbs could not leave Croatia and Bosnia > > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo > > > Albanians could secede from Serbia > > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs > > > could not secede from Albanian-run Kosovo > > > - Albeit Kosovo could unilaterally secede from Serbia under NATO > > > military control, Crimea could not unilaterally secede from Ukraine > > > under Russian military control > > > > > > May world be spared hunger, plague and western principles. > > > " > > > > > > > -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From juan.g71 at gmail.com Tue Jun 23 13:44:04 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 23 Jun 2015 17:44:04 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <1435086320.25701.26.camel@riseup.net> References: <1435086320.25701.26.camel@riseup.net> Message-ID: <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> On Tue, 23 Jun 2015 15:05:20 -0400 Ted Smith wrote: > What's the cypherpunk link in this? That was part of a discussion on the nature of western governments and western propaganda. Do you think that discussions on the nature of western governments are off-topic? Maybe banned? Maybe we should instead talk about how terrible the suffering of US military murderers is? paging Nick Econopouly > > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > > > > Summary at bottom, summarizing shifting position of "west" over > > some time: "So let us recount the western position: > > - It claimed to uphold the sovereignty and territorial integrity > > of other countries and the inviolability of borders in Europe > > - However, this did not extend to the sovereignty and the > > territorial integrity of Federal Yugoslavia which could be trampled > > at will > > - Nonetheless, albeit the territorial integrity of Federal > > Yugoslavia itself wasn’t worth anything, the territorial integrity > > of its constituent republics seeking independence was holy > > - Albeit the territorial integrity of the Yugoslav constituent > > republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, > > the territorial integrity of Serbia was not > > - Albeit Slovenes, Croats and Bosnian Muslims could leave > > Yugoslavia, Serbs could not leave Croatia and Bosnia > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo > > Albanians could secede from Serbia > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs > > could not secede from Albanian-run Kosovo > > - Albeit Kosovo could unilaterally secede from Serbia under NATO > > military control, Crimea could not unilaterally secede from Ukraine > > under Russian military control > > > > May world be spared hunger, plague and western principles. > > " > > > From tim at diffalt.com Tue Jun 23 14:46:58 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 23 Jun 2015 17:46:58 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> Message-ID: <5589D3D2.90602@diffalt.com> Well, I guess Juan's rhetorical question is voicing my concern that crazy-people political rants are not what I sought when I subscribed to this mailing list. Stop talking in blanket terms as 'propaganda' please, have you seen what ISIS PR came up with for this summer? Maybe Zenaan can cry next about their border inviolability next http://www.dumpert.nl/mediabase/6663326/f5c24e5e/isis_shock_video_zomer_2015.html Maybe you'll get inspired by people being shot in a car with an RPG, or the explosive necklace or drowning in a cage. Fun Fun Fun. You can discuss the nature of western governments all you like. As long as an argument is well put together I and others will listen and won't even complain. Zenaan's stuff is neither. Well, and in addition of bringing things to the table that are way out of bounds, I also happen to disagree with just everything that Zenaan has to say. Zenaan not believe Russians are operating in the Ukraine. Zenaan conflates ethnic cleansing of an ethnic minority with international politics. Zenaan is tremendously biased towards a lot of issues. Anyway, I've got a pretty sweet solution to this: If you're running spamassassin on your mail server add the following rule in /etc/spamassassin/local.cf body ZENAAN_CAUSES_BRAINROT / Harkness/i score ZENAAN_CAUSES_BRAINROT 5.0 describe ZENAAN_CAUSES_BRAINROT cpunks.org mailinglist IDS (Idiot Denial System) On 6/23/2015 4:44 PM, Juan wrote: > On Tue, 23 Jun 2015 15:05:20 -0400 > Ted Smith wrote: > >> What's the cypherpunk link in this? > > That was part of a discussion on the nature of western > governments and western propaganda. > > Do you think that discussions on the nature of western > governments are off-topic? Maybe banned? > > Maybe we should instead talk about how terrible the suffering > of US military murderers is? > > paging Nick Econopouly > > > >> On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: >>> http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 >>> >>> Summary at bottom, summarizing shifting position of "west" over >>> some time: "So let us recount the western position: >>> - It claimed to uphold the sovereignty and territorial integrity >>> of other countries and the inviolability of borders in Europe >>> - However, this did not extend to the sovereignty and the >>> territorial integrity of Federal Yugoslavia which could be trampled >>> at will >>> - Nonetheless, albeit the territorial integrity of Federal >>> Yugoslavia itself wasn’t worth anything, the territorial integrity >>> of its constituent republics seeking independence was holy >>> - Albeit the territorial integrity of the Yugoslav constituent >>> republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, >>> the territorial integrity of Serbia was not >>> - Albeit Slovenes, Croats and Bosnian Muslims could leave >>> Yugoslavia, Serbs could not leave Croatia and Bosnia >>> - Albeit Serbs could not leave Croatia and Bosnia, Kosovo >>> Albanians could secede from Serbia >>> - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs >>> could not secede from Albanian-run Kosovo >>> - Albeit Kosovo could unilaterally secede from Serbia under NATO >>> military control, Crimea could not unilaterally secede from Ukraine >>> under Russian military control >>> >>> May world be spared hunger, plague and western principles. >>> " >>> > From juan.g71 at gmail.com Tue Jun 23 14:29:49 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 23 Jun 2015 18:29:49 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <1435092679.25701.39.camel@riseup.net> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> Message-ID: <5589ce1f.33558c0a.5e1f.ffffdc43@mx.google.com> On Tue, 23 Jun 2015 16:51:19 -0400 Ted Smith wrote: > I certainly think that geopolitics is not in general on topic for this > list. Go figure. Dont like messages about geopolitics? (like the US cunts spying on the whole world), don't read messages about geopolitics. > > "Western governments" and "western propaganda" also don't seem to me > to be on topic for this list. This is not a list about propaganda or > governance. Really. What about you the great "Ted Smith" completly banning political discussion? Since politics doesn't really have anything to do with 'cypherpunk'? > > Since this list is unmoderated, I am sharing my discontent in the > hopes of demotivating further threads on this topic. > That said, I guess cpunks was never good, it's meaningless to attempt > to stop the shitstorm, etc., and so on. But now there are 2-3 posters > who continually post random conspiracy crap and have built an echo > chamber that totally drowns out any actual cypherpunking. Go ahead. Post some 'actual' 'cypherpunking'. Maybe ask Dan Geer for support? Or help from the marines. Or the tor shitbags and their pentagon 'grants'. > > Better posters (you know who you are), please stop encouraging this. Government employees, you know who you are. > > On Tue, 2015-06-23 at 17:44 -0300, Juan wrote: > > On Tue, 23 Jun 2015 15:05:20 -0400 > > Ted Smith wrote: > > > > > What's the cypherpunk link in this? > > > > > > That was part of a discussion on the nature of western > > governments and western propaganda. > > > > Do you think that discussions on the nature of western > > governments are off-topic? Maybe banned? > > > > Maybe we should instead talk about how terrible the > > suffering of US military murderers is? > > > > paging Nick Econopouly > > > > > > > > > > > > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > > > > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > > > > > > > > Summary at bottom, summarizing shifting position of "west" over > > > > some time: "So let us recount the western position: > > > > - It claimed to uphold the sovereignty and territorial > > > > integrity of other countries and the inviolability of borders > > > > in Europe > > > > - However, this did not extend to the sovereignty and the > > > > territorial integrity of Federal Yugoslavia which could be > > > > trampled at will > > > > - Nonetheless, albeit the territorial integrity of Federal > > > > Yugoslavia itself wasn’t worth anything, the territorial > > > > integrity of its constituent republics seeking independence was > > > > holy > > > > - Albeit the territorial integrity of the Yugoslav > > > > constituent republics of Slovenia, Croatia and Bosnia and > > > > Herzegovina was holy, the territorial integrity of Serbia was > > > > not > > > > - Albeit Slovenes, Croats and Bosnian Muslims could leave > > > > Yugoslavia, Serbs could not leave Croatia and Bosnia > > > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo > > > > Albanians could secede from Serbia > > > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo > > > > Serbs could not secede from Albanian-run Kosovo > > > > - Albeit Kosovo could unilaterally secede from Serbia under > > > > NATO military control, Crimea could not unilaterally secede > > > > from Ukraine under Russian military control > > > > > > > > May world be spared hunger, plague and western principles. > > > > " > > > > > > > > > > > > From juan.g71 at gmail.com Tue Jun 23 14:37:54 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 23 Jun 2015 18:37:54 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <1435092679.25701.39.camel@riseup.net> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> Message-ID: <5589d003.4410370a.54db.ffffe0d9@mx.google.com> On Tue, 23 Jun 2015 16:51:19 -0400 Ted Smith wrote: > This is not a list about propaganda or > governance. Yeah, it's not about 'governance' http://groups.csail.mit.edu/mac/classes/6.805/articles/crypto/cypherpunks/may-crypto-manifesto.html http://www.activism.net/cypherpunk/manifesto.html Also feel free to discuss just how the technical details are turning out. " ability for individuals and groups to communicate and interact with each other in a totally anonymous manner. " Hm. Seems that what we have now is the ability of governments to spy on the whole planet. "Reputations will be of central importance, far more important in dealings than even the credit ratings of today. " Aren't reputation and anonimity mutually exlusive? Oops. "These developments will alter completely the nature of government regulation, the ability to tax and control economic interactions" But it's not about governance. Hey! "Ted Smith" said so. Et cetera. J. From tim at diffalt.com Tue Jun 23 16:27:47 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 23 Jun 2015 19:27:47 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> Message-ID: <5589EB73.3070806@diffalt.com> Juan, you just put yourself up as an unsolicited reference for COINTELPRO. Good Job. Juan Garofalo. On 6/23/2015 6:36 PM, Juan wrote: > On Tue, 23 Jun 2015 15:09:01 -0700 > Shelley wrote: > >> +1 >> >> What Cathal said. >> >> (And I'm saying it as someone extremely critical of my own government >> and who rarely passes up an opportunity to make it known.) > > So? What are you objecting to, then? > > > > >> ---------- >> On June 23, 2015 2:37:24 PM "Cathal (Phone)" >> wrote: >> >>> Propaganda is on-topic only insofar as it explores cointelpro, >>> persona management, etc: not strictly crypto, but subversive and >>> political (ab)uses of communications technology. >>> >>> And, while we're on the subject, I suspect much of this >>> pro-anything-not-West crap is likely to be just that: cointelpro to >>> discredit the genuine content and discourage >>> subscription/participation by a wider audience. > > > Oh yes. I'm anti west agent on the payroll of? Putin? The > chinese? Or? > > It's quite funny though how a clown like cathal thinks he gets > to decide what is and what isn't on topic... > > > "discredit the genuine content" > > So, WHERE is the GENUINE content guys? Is it the stuff that dan > geer, tim beelen, the tor apologists and the like post? > > Or is it something else. Links please? > > > > > > > > From juan.g71 at gmail.com Tue Jun 23 15:36:31 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 23 Jun 2015 19:36:31 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <20150623220845.9DA75C00293@frontend1.nyi.internal> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> Message-ID: <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> On Tue, 23 Jun 2015 15:09:01 -0700 Shelley wrote: > +1 > > What Cathal said. > > (And I'm saying it as someone extremely critical of my own government > and who rarely passes up an opportunity to make it known.) So? What are you objecting to, then? > > ---------- > On June 23, 2015 2:37:24 PM "Cathal (Phone)" > wrote: > > > Propaganda is on-topic only insofar as it explores cointelpro, > > persona management, etc: not strictly crypto, but subversive and > > political (ab)uses of communications technology. > > > > And, while we're on the subject, I suspect much of this > > pro-anything-not-West crap is likely to be just that: cointelpro to > > discredit the genuine content and discourage > > subscription/participation by a wider audience. Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? Or? It's quite funny though how a clown like cathal thinks he gets to decide what is and what isn't on topic... "discredit the genuine content" So, WHERE is the GENUINE content guys? Is it the stuff that dan geer, tim beelen, the tor apologists and the like post? Or is it something else. Links please? From tedks at riseup.net Tue Jun 23 18:17:26 2015 From: tedks at riseup.net (Ted Smith) Date: Tue, 23 Jun 2015 21:17:26 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <20150623231545.BCC8CC0028F@frontend1.nyi.internal> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <20150623231545.BCC8CC0028F@frontend1.nyi.internal> Message-ID: <1435108646.25701.41.camel@riseup.net> Were this the first time I had seen something like this on the list I would not have spoken up about it. But this list is rapidly degenerating into being a general conspiracy theory forum rather than a cypherpunk forum. This should be a collective and conscious decision, rather than something induced by a minority of active posters. On Tue, 2015-06-23 at 16:16 -0700, Shelley wrote: > I'll preface this by saying that I'm not fond of censoring list topics; I > just skim or ignore topics/posts when they cease to interest me. > > I think discussing politics and propaganda is on-topic when it regards the > main focus of the list. When governments intentionally weaken encryption, > or threaten to/ actually pass draconian laws that directly affects the work > we endeavour to do. Censorship, even, because we need to help reroute > people around those blocks to get their messages out and essential info in. > > The pointless droning on about how much the USA and what it does sucks- and > it does suck!- can become old. I know it's tempting because there are a > lot of people here who agree, but there are other listservs better suited > for it. > > Not meant to be a personal attack on anyone; I don't have a problem with > any of you & I find it easy to scroll past that which doesn't interest me. > Sometimes I'll even see a point of view I hadn't considered, even if the > item in question isn't quite on-topic. Not everyone feels the same, though. > > -S > > > ---------- > On June 23, 2015 3:34:36 PM Juan wrote: > > > On Tue, 23 Jun 2015 15:09:01 -0700 > > Shelley wrote: > > > > > +1 > > > > > > What Cathal said. > > > > > > (And I'm saying it as someone extremely critical of my own government > > > and who rarely passes up an opportunity to make it known.) > > > > > > So? What are you objecting to, then? > > > > > > > > > > > > > > ---------- > > > On June 23, 2015 2:37:24 PM "Cathal (Phone)" > > > wrote: > > > > > > > Propaganda is on-topic only insofar as it explores cointelpro, > > > > persona management, etc: not strictly crypto, but subversive and > > > > political (ab)uses of communications technology. > > > > > > > > And, while we're on the subject, I suspect much of this > > > > pro-anything-not-West crap is likely to be just that: cointelpro to > > > > discredit the genuine content and discourage > > > > subscription/participation by a wider audience. > > > > > > > > Oh yes. I'm anti west agent on the payroll of? Putin? The > > chinese? Or? > > > > It's quite funny though how a clown like cathal thinks he gets > > to decide what is and what isn't on topic... > > > > > > "discredit the genuine content" > > > > So, WHERE is the GENUINE content guys? Is it the stuff that dan > > geer, tim beelen, the tor apologists and the like post? > > > > Or is it something else. Links please? > > > > > > > > > > > > > > > > > > -- Sent from Ubuntu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: This is a digitally signed message part URL: From tim at diffalt.com Tue Jun 23 18:39:21 2015 From: tim at diffalt.com (Tim Beelen) Date: Tue, 23 Jun 2015 21:39:21 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> Message-ID: <558A0A49.5080803@diffalt.com> I think Cathal's comment was a general remark. It did not necessarily concern you. > Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? Or? I think you're South American. Your rhetoric squarely puts you there. Overly defensive on the subject of projecting power. Blatantly anti-American (rhetoric only, if you'd ever find yourself living here you'd find yourself a lot less radical and carry yourself a bit more respectful) You are very sensitive on the subject of being run over by a foreign power indicates a permanent identity crisis (Argentine) as to where you fit in the world of things. Your over-sized ego i.e. taking things personally that are actually a general remark is quite a cultural trait. So is calling people by name instead of addressing the issue. Everything North of Chile sans Bolivia has common sensibilities towards the Government. Brazilians are not that outspoken, better at diverting and quite introverted. Bolivian culture is more refined and does not call out people like it's taking a piss. That makes you Chilean, Argentinian or Spanish. You're not European. Your English is too good. And my guess is Argentinian. On 6/23/2015 9:03 PM, Juan wrote: > On Tue, 23 Jun 2015 19:27:47 -0400 > Tim Beelen wrote: > >> Juan, you just put yourself up as an unsolicited reference for >> COINTELPRO. Good Job. > I'm trying to decypher...what the hell you mean? > > >> Juan Garofalo. > > Right. Look me up in the nsa database and report back please. > > > >> >> On 6/23/2015 6:36 PM, Juan wrote: >>> On Tue, 23 Jun 2015 15:09:01 -0700 >>> Shelley wrote: >>> >>>> +1 >>>> >>>> What Cathal said. >>>> >>>> (And I'm saying it as someone extremely critical of my own >>>> government and who rarely passes up an opportunity to make it >>>> known.) >>> So? What are you objecting to, then? >>> >>> >>> >>> >>>> ---------- >>>> On June 23, 2015 2:37:24 PM "Cathal (Phone)" >>>> wrote: >>>> >>>>> Propaganda is on-topic only insofar as it explores cointelpro, >>>>> persona management, etc: not strictly crypto, but subversive and >>>>> political (ab)uses of communications technology. >>>>> >>>>> And, while we're on the subject, I suspect much of this >>>>> pro-anything-not-West crap is likely to be just that: cointelpro >>>>> to discredit the genuine content and discourage >>>>> subscription/participation by a wider audience. >>> >>> >>> >>> It's quite funny though how a clown like cathal thinks he >>> gets to decide what is and what isn't on topic... >>> >>> >>> "discredit the genuine content" >>> >>> So, WHERE is the GENUINE content guys? Is it the stuff that >>> dan geer, tim beelen, the tor apologists and the like post? >>> >>> Or is it something else. Links please? >>> >>> >>> >>> >>> >>> >>> >>> From juan.g71 at gmail.com Tue Jun 23 18:03:21 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 23 Jun 2015 22:03:21 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589EB73.3070806@diffalt.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> Message-ID: <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> On Tue, 23 Jun 2015 19:27:47 -0400 Tim Beelen wrote: > Juan, you just put yourself up as an unsolicited reference for > COINTELPRO. Good Job. I'm trying to decypher...what the hell you mean? >Juan Garofalo. Right. Look me up in the nsa database and report back please. > > > On 6/23/2015 6:36 PM, Juan wrote: > > On Tue, 23 Jun 2015 15:09:01 -0700 > > Shelley wrote: > > > >> +1 > >> > >> What Cathal said. > >> > >> (And I'm saying it as someone extremely critical of my own > >> government and who rarely passes up an opportunity to make it > >> known.) > > > > So? What are you objecting to, then? > > > > > > > > > >> ---------- > >> On June 23, 2015 2:37:24 PM "Cathal (Phone)" > >> wrote: > >> > >>> Propaganda is on-topic only insofar as it explores cointelpro, > >>> persona management, etc: not strictly crypto, but subversive and > >>> political (ab)uses of communications technology. > >>> > >>> And, while we're on the subject, I suspect much of this > >>> pro-anything-not-West crap is likely to be just that: cointelpro > >>> to discredit the genuine content and discourage > >>> subscription/participation by a wider audience. > > > > > > Oh yes. I'm anti west agent on the payroll of? Putin? The > > chinese? Or? > > > > It's quite funny though how a clown like cathal thinks he > > gets to decide what is and what isn't on topic... > > > > > > "discredit the genuine content" > > > > So, WHERE is the GENUINE content guys? Is it the stuff that > > dan geer, tim beelen, the tor apologists and the like post? > > > > Or is it something else. Links please? > > > > > > > > > > > > > > > > > From cathalgarvey at cathalgarvey.me Tue Jun 23 14:32:33 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Tue, 23 Jun 2015 22:32:33 +0100 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <1435092679.25701.39.camel@riseup.net> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> Message-ID: <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> Propaganda is on-topic only insofar as it explores cointelpro, persona management, etc: not strictly crypto, but subversive and political (ab)uses of communications technology. And, while we're on the subject, I suspect much of this pro-anything-not-West crap is likely to be just that: cointelpro to discredit the genuine content and discourage subscription/participation by a wider audience. It's pretty effective, I think. On 23 June 2015 21:51:19 GMT+01:00, Ted Smith wrote: >I certainly think that geopolitics is not in general on topic for this >list. > >"Western governments" and "western propaganda" also don't seem to me to >be on topic for this list. This is not a list about propaganda or >governance. > >Since this list is unmoderated, I am sharing my discontent in the hopes >of demotivating further threads on this topic. > >That said, I guess cpunks was never good, it's meaningless to attempt >to >stop the shitstorm, etc., and so on. But now there are 2-3 posters who >continually post random conspiracy crap and have built an echo chamber >that totally drowns out any actual cypherpunking. > >Better posters (you know who you are), please stop encouraging this. > >On Tue, 2015-06-23 at 17:44 -0300, Juan wrote: >> On Tue, 23 Jun 2015 15:05:20 -0400 >> Ted Smith wrote: >> >> > What's the cypherpunk link in this? >> >> >> That was part of a discussion on the nature of western >> governments and western propaganda. >> >> Do you think that discussions on the nature of western >> governments are off-topic? Maybe banned? >> >> Maybe we should instead talk about how terrible the suffering >> of US military murderers is? >> >> paging Nick Econopouly >> >> >> >> > >> > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: >> > > >http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 >> > > >> > > Summary at bottom, summarizing shifting position of "west" over >> > > some time: "So let us recount the western position: >> > > - It claimed to uphold the sovereignty and territorial >integrity >> > > of other countries and the inviolability of borders in Europe >> > > - However, this did not extend to the sovereignty and the >> > > territorial integrity of Federal Yugoslavia which could be >trampled >> > > at will >> > > - Nonetheless, albeit the territorial integrity of Federal >> > > Yugoslavia itself wasn’t worth anything, the territorial >integrity >> > > of its constituent republics seeking independence was holy >> > > - Albeit the territorial integrity of the Yugoslav constituent >> > > republics of Slovenia, Croatia and Bosnia and Herzegovina was >holy, >> > > the territorial integrity of Serbia was not >> > > - Albeit Slovenes, Croats and Bosnian Muslims could leave >> > > Yugoslavia, Serbs could not leave Croatia and Bosnia >> > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo >> > > Albanians could secede from Serbia >> > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo >Serbs >> > > could not secede from Albanian-run Kosovo >> > > - Albeit Kosovo could unilaterally secede from Serbia under >NATO >> > > military control, Crimea could not unilaterally secede from >Ukraine >> > > under Russian military control >> > > >> > > May world be spared hunger, plague and western principles. >> > > " >> > > >> > >> >> > >-- >Sent from Ubuntu -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4522 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jun 23 20:29:25 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 23 Jun 2015 23:29:25 -0400 Subject: Software Licenses prove no obstacle to abuse by abusive actors (eg: HESSLA) Message-ID: https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/ https://firstlook.org/theintercept/document/2015/06/22/gchq-warrant-renewal/ GCHQ felt it needed [secret] legal cover to conduct [the activity], writing in the warrant renewal application that the practice could otherwise be “unlawful” and amount to “a copyright infringement or breach of contract." ... The warrant ... applies ... to intellectual property ... and to certain categories of domestic policing. ... In each case it was necessary to use this warrant as the product license explicitly forbade [the activity]. ... etcetera... From grarpamp at gmail.com Tue Jun 23 20:39:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 23 Jun 2015 23:39:38 -0400 Subject: LA Governor Vetoes License Plate Readers Message-ID: http://arstechnica.com/tech-policy/2015/06/louisiana-governor-vetoes-license-plate-reader-bill-citing-privacy-concerns/ Senate Bill No. 250 would authorize the use of automatic license plate reader camera surveillance programs in various parishes throughout the state. The personal information captured by these cameras, which includes a person’s vehicle location, would be retained in a central database and accessible to not only participating law enforcement agencies but other specified private entities for a period of time regardless of whether or not the system detects that a person is in violation of vehicle insurance requirements. Camera programs such as these that make private information readily available beyond the scope of law enforcement, pose a fundamental risk to personal privacy and create large pools of information belonging to law abiding citizens that unfortunately can be extremely vulnerable to theft or misuse. For these reasons, I have vetoed Senate Bill No. 250 and hereby return it to the Senate. From grarpamp at gmail.com Tue Jun 23 21:03:39 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 24 Jun 2015 00:03:39 -0400 Subject: WikiLeaks bounties for TPP, bountied for ICWATCH Message-ID: https://wikileaks.org/WikiLeaks-issues-call-for-100-000.html https://wikileaks.org/Murderous-spooks-drive-journalism.html From juan.g71 at gmail.com Tue Jun 23 20:12:30 2015 From: juan.g71 at gmail.com (Juan) Date: Wed, 24 Jun 2015 00:12:30 -0300 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <558A0A49.5080803@diffalt.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> <558A0A49.5080803@diffalt.com> Message-ID: <558a1e72.10548c0a.e6e7.ffffff1e@mx.google.com> On Tue, 23 Jun 2015 21:39:21 -0400 Tim Beelen wrote: > I think Cathal's comment was a general remark. It did not necessarily > concern you. I disagree. "Ted Smith" is explicitly whining about me "But now there are 2-3 posters who continually post random conspiracy crap" and given the 'context' of the thread, Cathal is also commenting on those '2 or 3' posters. Zeenan - and me. > > Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? > > Or? > I think you're South American. Your rhetoric squarely puts you there. > Overly defensive on the subject of projecting power. Blatantly > anti-American (rhetoric only, if you'd ever find yourself living here > you'd find yourself a lot less radical and carry yourself a bit more > respectful) So, did you look me up in the NSA database or not? That was the exercise. Your first conjecture is unwarranted. People from all over the world rightly despise the US government and its supporters. Now, if my 'rhetoric' drew inspiration from che guevara you might deduce that I'm from south america. However my 'rhetoric' (political philosophy actualy) can be traced to the likes of Lysander Spooner and other private property anarchists, who, I assure you, aren't popular authors in south america. Or anywhere else for that matter. > > You are very sensitive on the subject of being run over by a foreign > power indicates a permanent identity crisis (Argentine) as to where > you fit in the world of things. Okay. So now we've descended into psychobable. 'identity crisis'? Mildly amusing. You did a couple of searches and correctly found out that I come from argentina - the info is in the public domain. And based on that, you are making up a story. > > Your over-sized ego i.e. taking things personally that are actually a > general remark is quite a cultural trait. So is calling people by > name instead of addressing the issue. > > Everything North of Chile sans Bolivia has common sensibilities > towards the Government. Brazilians are not that outspoken, better at > diverting and quite introverted. Bolivian culture is more refined and > does not call out people like it's taking a piss. That makes you > Chilean, Argentinian or Spanish. > > You're not European. Your English is too good. Now that's interesting. How do you go from "good english"* to "not european"? If anything, europeans from germanic countries are likely to speak (way) better english than me. *and my english is so so at any rate. > > And my guess is Argentinian. Nominally, yes. I was born here and that's it. Now find out what government (terrorist organization) I work for. Take into account that the argentine government isn't going to pay me or anybody else to discuss libertarian principles on an obscure mailing list. Anyway, this is getting too boring. I suggest you ask "Ted Smith" to post some real cypherpunk stuff. Like, how great the pentagon's anonimity network is and how it spreads cancer, I mean democracy in china. Or something. J. > On 6/23/2015 9:03 PM, Juan wrote: > > On Tue, 23 Jun 2015 19:27:47 -0400 > > Tim Beelen wrote: > > > >> Juan, you just put yourself up as an unsolicited reference for > >> COINTELPRO. Good Job. > > I'm trying to decypher...what the hell you mean? > > > > > >> Juan Garofalo. > > > > Right. Look me up in the nsa database and report back > > please. > > > > > From grarpamp at gmail.com Tue Jun 23 21:25:22 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 24 Jun 2015 00:25:22 -0400 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: http://www.sun-sentinel.com/health/ct-allstate-patent-data-0618-biz-20150618-story.html Attention tailgaters: Someday a bank or a potential employer considering your loan or your job application might become privy to your tendencies for aggressive driving. Northbrook-based Allstate, which last month floated the idea of one day selling the information it collects from policyholders' connected cars, was issued a patent earlier this month for a driving-behavior database that it said might be useful for health insurers, lenders, credit-rating agencies, marketers and potential employers. Allstate's patent also said the invention has the potential to evaluate drivers' physiological data, including heart rate, blood pressure and electrocardiogram signals, which could be recorded from steering wheel sensors. https://firstlook.org/theintercept/2015/06/22/controversial-gchq-unit-domestic-law-enforcement-propaganda/ Throughout this report, JTRIG’s heavy reliance on its use of behavioral science research (such as psychology) is emphasized as critical to its operations. That includes detailed discussions of how to foster “obedience” and “conformity”:... From nickeconopouly at gmail.com Tue Jun 23 23:00:02 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Wed, 24 Jun 2015 02:00:02 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> Message-ID: <20150624060002.GA12665@druidd> On 06/23, Juan wrote: > On Tue, 23 Jun 2015 15:05:20 -0400 > Ted Smith wrote: > > > What's the cypherpunk link in this? > > > That was part of a discussion on the nature of western > governments and western propaganda. There was no discussion on the 'nature of western governments and western propaganda'. There were childish arguments between apologists of Russia, US, and anarcho-capitalism. Although it is misrepresetation to call the USsian in the conversation an apologist. I think members of the group would be much more receptive to the 'nature of western governments and western propaganda' as a mature discussion. As it was, how many of these can you count? https://en.wikipedia.org/wiki/List_of_fallacies > > Do you think that discussions on the nature of western > governments are off-topic? Maybe banned? > As for 'censoring' these discussion, a delicate topic on a mailing list for people who support cryptography as a way to oppose censorship, have anonymity, etc, why don't we go with simply allowing the users to block members if they need to on their own mail clients. This seems compatable with the philosophies of a cypherpunk(I would guess), 'leave the user in control'. > Maybe we should instead talk about how terrible the suffering > of US military murderers is? > > paging Nick Econopouly What? You're delusional. Just because I see your fringe ideology for what it is doesn't mean I suddenly support USA Gov or military. > > > > > > > On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: > > > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 > > > > > > Summary at bottom, summarizing shifting position of "west" over > > > some time: "So let us recount the western position: > > > - It claimed to uphold the sovereignty and territorial integrity > > > of other countries and the inviolability of borders in Europe > > > - However, this did not extend to the sovereignty and the > > > territorial integrity of Federal Yugoslavia which could be trampled > > > at will > > > - Nonetheless, albeit the territorial integrity of Federal > > > Yugoslavia itself wasn’t worth anything, the territorial integrity > > > of its constituent republics seeking independence was holy > > > - Albeit the territorial integrity of the Yugoslav constituent > > > republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, > > > the territorial integrity of Serbia was not > > > - Albeit Slovenes, Croats and Bosnian Muslims could leave > > > Yugoslavia, Serbs could not leave Croatia and Bosnia > > > - Albeit Serbs could not leave Croatia and Bosnia, Kosovo > > > Albanians could secede from Serbia > > > - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs > > > could not secede from Albanian-run Kosovo > > > - Albeit Kosovo could unilaterally secede from Serbia under NATO > > > military control, Crimea could not unilaterally secede from Ukraine > > > under Russian military control > > > > > > May world be spared hunger, plague and western principles. > > > " > > > > > > > From grarpamp at gmail.com Wed Jun 24 00:01:38 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 24 Jun 2015 03:01:38 -0400 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: On Thu, Jun 18, 2015 at 1:19 PM, Seth wrote: > This message brought to you by Revelation 13:17 and Iron Maiden! Surveillance and datamining are unnatural things for humans to be subjected to, and it has related outcomes such as chilling speech, control of choices, compression of rights, profits at their expense, and so on. There will certainly be more random snaps due to human frustration with the system. Not the best link but you get the point. https://www.youtube.com/watch?v=BD5ofrSNDFA From grarpamp at gmail.com Wed Jun 24 01:25:09 2015 From: grarpamp at gmail.com (grarpamp) Date: Wed, 24 Jun 2015 04:25:09 -0400 Subject: Russia and China crack Snowden Cache In-Reply-To: <5581E7A7.4000908@diffalt.com> References: <557DBCA1.3030404@riseup.net> <20150615181023.5FAFC2282C4@palinka.tinho.net> <557FA418.9040503@riseup.net> <558034A3.5090601@diffalt.com> <55816DE3.3010405@diffalt.com> <5581c9f0.ea158c0a.ea15.0853@mx.google.com> <5581D87F.1040108@diffalt.com> <5581DD5D.50201@riseup.net> <5581E7A7.4000908@diffalt.com> Message-ID: On Wed, Jun 17, 2015 at 5:33 PM, Tim Beelen wrote: > You can't have a criminal organization without crime, which require > illegality, which requires laws which require a governing body. A > government usually does not declare itself illegal so, no, it's not > going to be a criminal enterprise. > > You're just being pedantic. Others have addressed that. Murder is illegal and unethical. So is spying on people without individualized probable cause and warrant. As are many other things that are going on. > And also because first and foremost the U.S. does not acknowledge > The Hague. That's because US ways and crimes are suspect, and to acknowledge anything other than itself would end up making it accountable. So US refuses to do so and spins against it... a classic political play and an effective dodging mechanism, at least until your crimes become too heinous or universally disliked. The slow calculated drip of Snowden style leaks is effective in beating the drum of dislike. > But the EU does acknowledge US laws. Which is nice. Post WWII sentiments and endeavours to future partnership are fine. But like FVEY, that doesn't need to include being the US's cowardly bitches, sockpuppets and whores on everything. > So did they pass a resolution as such that I'm unaware of? > Is there an international court that is willing to persecute? > Everything has cycles, nations no less. It's true, as the world moves along, every part of it goes in cycles. The US has been engaging in illegal surveillance of the entire world, detaining people in hellholes indefinitely without charge or compensation, TORTURING and MURDERING innocents (and others) without trial, at will... including its own people on its own land. Overseas it's gone from partnering in liberating those of faith in the 1940's to killing them in the 2000's. The US is pretty good historically, some examples shown in the videos. Yet regardless of whether that's still true or is somehow changing overall... right now, a portion of its machine is in a cycle of NOT doing good things to others or itself. This is a time (say ever since 2000) when, just as the US has been known for lending a helping hand to the world, the world now needs to stand and impart a good hand upon the US. Because the US apparently hasn't been able to correct some of its bad ways on its own in over 15 years. It's past due for a spanking, not soundbites. Humans are pretty good peer to peer... it's just that their meta entities of Governments, Corporations, Religion and Society often run astray in groupthink and need corrected now and then. And if the world can't lend correction to simple MURDER, well what then? Good luck correcting anything cpunks care about. We are the ones who make a brighter day so let's start giving. And if spying, murder, datamining, restraints on crypto and free speech don't resonate with whoever would do the spanking (not least the politicians of the world), Africa's poor are still starving. http://qz.com/430637/the-worlds-poorest-people-need-help-not-bickering-from-wealthy-democracies/ http://www.metrolyrics.com/we-are-the-world-lyrics-usa-for-africa.html From coderman at gmail.com Wed Jun 24 05:48:04 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 05:48:04 -0700 Subject: =?UTF-8?Q?Request_for_transcript_=28July_3rd=29_=2D_=22_Investigating_?= =?UTF-8?Q?Investigators_=E2=80=94_Investigative_Techniques_for_Investigating?= =?UTF-8?Q?_Investigators_=22?= Message-ID: http://nr15.sched.org/event/5c164b6566b5a9ff3ce852078953016d# this is a fun subject, but public discourse comes with difficulties. e.g. LinkedIn lock-down post cleared work employee disclosure... From coderman at gmail.com Wed Jun 24 07:05:00 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 07:05:00 -0700 Subject: "The government does not concede that [redacted] is a journalist" Message-ID: title derived from the absurdity that is the wikileaks prosecution. - https://storify.com/bbhorne/jacob-appelbaum-s-legal-disclosure-from-google-abo i've been critical of Jake in the past, and part of that was fueled by misinformation (character assassination). in the infosec realm, Jake gets flak for occasionally running rough shod over fine details. the infosec pedant find this irritating, but the actual haters (JTRIG lackeys? :) rely on this to attempt to discredit entirely. hating on 0day sales and exploit kits also wins few infosec friends, even though many others in industry also find this element distasteful. now that rat fuck hector is out of the game, they've surely turned to others. [ how much of Sabu targeting ioerror is at Fed behest? Nadim also by request? ] --- i repeat my earlier apology, and note that Jake responded to my personal attacks with respect and civility - this, among other deeds, demonstrates integrity and effort to improve self. thank you Jake! --- FBI closed my FOIA request for use of "disruption strategy" as too vague; a record denial among my many MuckRocking's, hence i will be digging more thoroughly in this direction in multiple future FOIAs. if anyone has other pointers to good examples of this disruption tactic in action, or other helpful hints, i'd like to hear them! :) best regards, From shelley at misanthropia.org Wed Jun 24 07:36:10 2015 From: shelley at misanthropia.org (Shelley) Date: Wed, 24 Jun 2015 07:36:10 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <14e25fcb7e0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> <558A0A49.5080803@diffalt.com> <558a1e72.10548c0a.e6e7.ffffff1e@mx.google.com> <558ABA9E.3040703@diffalt.com> <14e25fcb7e0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150624143555.227616801BC@frontend2.nyi.internal> ...how in the hell did you get to someone doing test charges to guess your cvv2s from trying to armchair-psychoanalyze Juan and issuing blanket insults to Europeans, et al? If you're going to post Aspie word salad like this, you have no basis to complain about what Juan and Zenaan post. At least they have a point. Take your meds, Tim ;) -S ---------- On June 24, 2015 7:17:32 AM Tim Beelen wrote: > > > On 6/23/2015 11:12 PM, Juan wrote: > > On Tue, 23 Jun 2015 21:39:21 -0400 > > Tim Beelen wrote: > > > >> I think Cathal's comment was a general remark. It did not necessarily > >> concern you. > > > > I disagree. "Ted Smith" is explicitly whining about me > > > > "But now there are 2-3 posters who continually post random > > conspiracy crap" > > > > and given the 'context' of the thread, Cathal is also commenting > > on those '2 or 3' posters. Zeenan - and me. > > > > > > > > > >>> Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? > >>> Or? > >> I think you're South American. Your rhetoric squarely puts you there. > >> Overly defensive on the subject of projecting power. Blatantly > >> anti-American (rhetoric only, if you'd ever find yourself living here > >> you'd find yourself a lot less radical and carry yourself a bit more > >> respectful) > > > > So, did you look me up in the NSA database or not? That was the > > exercise. > > > > Your first conjecture is unwarranted. People from all over the > > world rightly despise the US government and its supporters. > > > > Now, if my 'rhetoric' drew inspiration from che guevara you > > might deduce that I'm from south america. However my > > 'rhetoric' (political philosophy actualy) can be traced to the > > likes of Lysander Spooner and other private property anarchists, > > who, I assure you, aren't popular authors in south america. Or > > anywhere else for that matter. > > > I read the motorcycle diaries-- and loved it. I have not read Lysander. > > I squarely base my assumptions on you being incongruous. And I'll have > you know-- every man is a sum of it's experiences. So I can tell quite > reliable where people are from. You are, if only partly, a product of > your own government. > > > > > >> You are very sensitive on the subject of being run over by a foreign > >> power indicates a permanent identity crisis (Argentine) as to where > >> you fit in the world of things. > > > > Okay. So now we've descended into psychobable. 'identity > > crisis'? Mildly amusing. > > > > You did a couple of searches and correctly found out that I > > come from argentina - the info is in the public domain. And > > based on that, you are making up a story. > Maybe. But I'm pleased I was right. I wasn't sure I was right. Again, > incongruancies (has a red squiggly I don't know how to spell it). > Everyone talks shit non-sequitur. It triggers something in my brain > (anger mostly) and I sort people by who they are based on that. It is > one of my things. > > >> Your over-sized ego i.e. taking things personally that are actually a > >> general remark is quite a cultural trait. So is calling people by > >> name instead of addressing the issue. > >> > >> Everything North of Chile sans Bolivia has common sensibilities > >> towards the Government. Brazilians are not that outspoken, better at > >> diverting and quite introverted. Bolivian culture is more refined and > >> does not call out people like it's taking a piss. That makes you > >> Chilean, Argentinian or Spanish. > >> > >> You're not European. Your English is too good. > > > > Now that's interesting. How do you go from "good english"* to > > "not european"? If anything, europeans from germanic countries > > are likely to speak (way) better english than me. > > > > *and my english is so so at any rate. > Not necessarily true. You'd be surprised which people I consider > functionally illiterate (not in the actual meaning, but diminished > ability to convey information in writing etc.). Usually conflict areas > are great places to look for people who can actually put two and two > together and subsequently rely on language to convey critical > information that is generally more particular and less generic. Which > develops certain language skills. So far, the best all-round experience > I had concerning people and their functional literacy: Albania, Finland, > South Africa, Denmark, UAE, South South America. Great experience with > Afghan refugees. Just to name a few. The Swiss. Singaporeans. But > overall not mainland Europeans. > > Mainland Europeans are over all a hit or miss. In Spain just about no > one speaks proper English. > > The average European. Even though they have a rudimentary understanding > of the English language a lot of them can't formulate a sentence to save > their life. They rarely have any deeper understanding of idiom BECAUSE > it resembles their own language. Also they fuck up the prepositions. > > > > > >> And my guess is Argentinian. > > > > Nominally, yes. I was born here and that's it. > > > > Now find out what government (terrorist organization) I work > > for. Take into account that the argentine government isn't > > going to pay me or anybody else to discuss libertarian > > principles on an obscure mailing list. > No. You're a disgruntled individual. You work for yourself. > > > > Anyway, this is getting too boring. I suggest you ask "Ted > > Smith" to post some real cypherpunk stuff. Like, how great the > > pentagon's anonimity network is and how it spreads cancer, I > > mean democracy in china. Or something. > > > > > Wut. > > Cypherpunk-ness for me comes mainly in the form of using crypto so > secure my data and the information of others. Good examples are, I can > run a VPN to access my documents remotely-- but I could also use sftp. > Which is easier to implement? Arguably SFTP. Added bonus is that my RSA > certificates can be used to auth for both implementations. > > I encrypt client data with my public PGP key on a public server. Prefer > the KISS model to cyber security rather then adding layers. VLAN? > retarded. VPN? retarded (most use cases). Why do we (I) use these tools? > Because the attacker, in my case, which usually comes from overseas are > individuals looking for stuff to break into. CC numbers. That sort of > thing. > > And most of my problems originate from India and China. Not that that is > a reliable statement since we all know that the perp can be in Djibouti > for all we know. But not very likely because most people don't care that > much for OPSEC. They are not governments. 404s on my server: 70-80% > originates from India/China. Port scans are almost all from India. > > And what really grinds my gears is that with shit standards like PCI > compliance most payment gateways in the U.S. are 100% open. > > EXAMPLE: if I use my CC in a particular mall at a particular store, one > month from now I get a call from the bank and have multiple $1 test > charges of people guessing my CVC code. It had to happen 5 times before > I could connect the dots. And it's all foreign malicious attacks. No > governments. > > We need crypto to get in there and secure my transactions. Regardless if > you think that CC companies are the square root of all evil. > > > > > > > > J. > > > >> On 6/23/2015 9:03 PM, Juan wrote: > >>> On Tue, 23 Jun 2015 19:27:47 -0400 > >>> Tim Beelen wrote: > >>> > >>>> Juan, you just put yourself up as an unsolicited reference for > >>>> COINTELPRO. Good Job. > >>> I'm trying to decypher...what the hell you mean? > >>> > >>> > >>>> Juan Garofalo. > >>> Right. Look me up in the nsa database and report back > >>> please. > >>> > >>> > From Rayzer at riseup.net Wed Jun 24 07:55:12 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 24 Jun 2015 07:55:12 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <20150623220845.9DA75C00293@frontend1.nyi.internal> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> Message-ID: <558AC4D0.1080209@riseup.net> On 06/23/2015 03:09 PM, Shelley wrote: > +1 > > What Cathal said. > > (And I'm saying it as someone extremely critical of my own government > and who rarely passes up an opportunity to make it known.) +1 Except I think political fanatics on lists where much of what they say is off-topic (but potentially illuminating on occasion) are so much 'noise' and anyone frequenting lists are aware of that sort of disruption... Knows how to hit their OWN 'spam button' I'm emphasizing OWN because one poster suggested using a spam assassin script on one's mail server. That's fine if all you're 'serving' is YOUR OWN MAIL. I wouldn't care to see that happen on a relay or other server providing mail to more than ONE person and wouldn't want to associate with anyone who did so. I think it would be antithetical for anyone interested in a list with strong connection to things "Free Speech" to be posting here. RR > > ---------- > On June 23, 2015 2:37:24 PM "Cathal (Phone)" > wrote: > >> Propaganda is on-topic only insofar as it explores cointelpro, >> persona management, etc: not strictly crypto, but subversive and >> political (ab)uses of communications technology. >> >> And, while we're on the subject, I suspect much of this >> pro-anything-not-West crap is likely to be just that: cointelpro to >> discredit the genuine content and discourage >> subscription/participation by a wider audience. It's pretty >> effective, I think. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From alfiej at fastmail.fm Tue Jun 23 15:08:58 2015 From: alfiej at fastmail.fm (Alfie John) Date: Wed, 24 Jun 2015 08:08:58 +1000 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589D3D2.90602@diffalt.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <5589D3D2.90602@diffalt.com> Message-ID: <1435097338.2854908.305986801.4158B07A@webmail.messagingengine.com> On Wed, Jun 24, 2015, at 07:46 AM, Tim Beelen wrote: > Well, I guess Juan's rhetorical question is voicing my concern that > crazy-people political rants are not what I sought when I subscribed > to this mailing list. Maybe crazy-people rants are a tool used to get people annoyed forcing them to unsubscribe from the list: "The JTRIG unit of GCHQ is so notable because of its extensive use of propaganda methods and other online tactics of deceit and manipulation." https://firstlook.org/theintercept/2015/06/22/controversial-gchq-unit-domestic-law-enforcement-propaganda/ Alfie -- Alfie John alfiej at fastmail.fm From Rayzer at riseup.net Wed Jun 24 09:23:24 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 24 Jun 2015 09:23:24 -0700 Subject: "The government does not concede that [redacted] is a journalist" In-Reply-To: References: Message-ID: <558AD97C.70401@riseup.net> On 06/24/2015 07:05 AM, coderman wrote: > thank you Jake! > > --- > > FBI closed my FOIA request for use of "disruption strategy" as too > vague; a record denial among my many MuckRocking's, hence i will be > digging more thoroughly in this direction in multiple future FOIAs. > > if anyone has other pointers to good examples of this disruption > tactic in action, or other helpful hints, i'd like to hear them! :) Don't want to sound obsessed here but if you need an example that isn't provable without said FOIA dox how about Cloudflare as a tool of disruption? They're known to have longstanding connections to the feds b/c "Operation Honeypot" and lately they've been DN serving DearPutin.com which means the feds COULD potentially be collecting data about people who don't think the US narrative about Russia is 'truth-telling' to stalk/harass them at a future date. Cloudflare also DNS's for FergusonAction. I think EVERYONE here knows the kind of social disruption historical to Black organizing and organizers. Imagine if the disruptors manage to set agendas via popular sites.... ...and later at some opportune moment when 'things get out of hand': "'Through counter-intelligence it should be possible to pinpoint potential trouble-makers… And neutralize them…" — And neutralize them, neutralize them, neutralize them'… And then came the shots…. I think I heard, I think I heard a shot." https://www.youtube.com/watch?v=ICecxOfmFtU Link posted recently but here's what I found, again http://auntieimperial.tumblr.com/post/119691050059 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From coderman at gmail.com Wed Jun 24 09:50:42 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 09:50:42 -0700 Subject: "The government does not concede that [redacted] is a journalist" In-Reply-To: <558AD97C.70401@riseup.net> References: <558AD97C.70401@riseup.net> Message-ID: On 6/24/15, Razer wrote: > ... > Don't want to sound obsessed here but if you need an example that isn't > provable without said FOIA dox how about Cloudflare as a tool of > disruption? my dislike of cloudflare rises and falls, like the tides. technical people on IRC making constructive effort is a show of genuine interest, and appreciated! however, manipulating DNS and CDNs is a good area to cover. others on the list: - SMTP RST injection for delayed delivery (spanning a day or more, potentially.) - mobile phone and cell data denial of service. [generic - they've got many ways under this umbrella.] still breaking these out into baseband specific, handset OS (iOS, Android, BB), carrier complicity (OTA management updates), active signaling manipulation and capture, and other attacks. - interference with state administrative offices and computing systems. [For some reason, feds are loath to fuck around with other feds, but states and municipalities are fair game!] still trying to figure out how to word "interference with state or municipal records or computing systems" - permanent denial of service (PDoS) to brick equipment. laptops, phones, printers, certain batteries. (!!!), etc. - use of "the classic tail". this is typically cliche and overt, and to send a message. they ain't foolin' nobody! [it's different when they're actually trying to be sneaky.] - service provider interference (the opposite of standing up for your user, and instead simply throwing user under the bus.). "did you know you're violating some obscure terms of service? we're charging a fee, and sending a formal cease and desist." - others from the leaked JTRIG (less specific to USA) docs, and per ACLU summary of findings in "Unleashed and Unaccountable - The FBI’s Unchecked Abuse of Authority" best regards, From coderman at gmail.com Wed Jun 24 09:57:41 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 09:57:41 -0700 Subject: =?UTF-8?Q?UNLEASHED_AND_UNACCOUNTABLE_The_FBI=E2=80=99s_Unchecked_Ab?= =?UTF-8?Q?use_of_Authority?= Message-ID: https://www.aclu.org/sites/default/files/assets/unleashed-and-unaccountable-fbi-report.pdf -------------- next part -------------- UNLEASHED AND UNACCOUNTABLE The FBI’s Unchecked Abuse of Authority September 2013 Table of Contents Executive Summary ……………………………………………………………………… i Introduction ……………………………………………………………………………… 1 I. Tension Between Domestic Intelligence and Constitutional Rights…………………… 2 II. Unleashed: The New Post-9/11 Powers ……………………………………………….. 4 A. Surveillance Powers, Given and Taken ……………………………………….. 4 1. USA Patriot Act ………………………………………………………… 4 2. Exigent Letters and a Secret OLC Opinion …………………………… 7 3. Warrantless Wiretapping and the FISA Amendments Act …………… 8 B. Expanding FBI Investigative Authorities …………….……………………… 9 1. Ashcroft Attorney General’s Guidelines ……………………………… 9 2. Evidence of FBI Spying on Political Activists ……………………….. 10 3. 2010 Inspector General Report Confirms Spying and Lying ………… 11 4. Mukasey Attorney General’s Guidelines ……………………………… 12 C. FBI Profiling Based on Race, Ethnicity, Religion, and National Origin ……… 13 1. The FBI Domestic Operations and Investigations Guide ……………… 14 2. Racial and Ethnic Mapping …………………………………………… 15 3. Innocent Victims of Aggressive Investigation and Surveillance ……… 18 D. Unrestrained Data Collection and Data Mining ……………………………… 19 1. eGuardian and “Suspicious” Activity Reports ………………………… 19 2. Mining Big Data: FTTTF, IDW, and NSAC ………………………… 20 3. Real Threats Still Slipping Through the Cracks ……………………… 23 4. Mining Bigger Data: the NCTC Guidelines …………………………… 27 5. Exploitation of New Technologies …………………………………… 28 6. Secret Spying and Secret Law ………………………………………… 28 III. Unaccountable: Evidence of Abuse, Need for Reform ……………………………… 29 A. Shirking Justice Department Oversight ……………………………………… 29 B. Suppressing Whistleblowers ………………………………………………… 30 C. Circumventing External Controls ……………………………………………… 32 1. Targeting Journalists …………………………………………………… 32 2. Thwarting Congressional Oversight …………………………………… 33 3. Thwarting Public Oversight with Excessive Secrecy ………………… 34 IV. Targeting First Amendment Activity ………………………………………………… 36 A. Biased Training ……………………………………………………………… 36 B. Targeting AMEMSA Communities …………………………………………… 39 C. Targeting Activists …………………………………………………………… 41 V. Greater Oversight Needed: The FBI Abroad ………………………………………… 43 A. Proxy Detentions ……………………………………………………………… 43 B. FBI Overseas Interrogation Policy …………………………………………… 45 C. Use of No-fly List to Pressure Americans Abroad to Become Informants …… 46 VI. Conclusion and Recommendations …………………………………………………… 48 Executive Summary The Federal Bureau of Investigation serves a crucial role in securing the United States from criminals, terrorists, and hostile foreign agents. Just as importantly, the FBI also protects civil rights and civil liberties, ensures honest government, and defends the rule of law. Its agents serve around the country and around the world with a high degree of professionalism and competence, often under difficult and dangerous conditions. But throughout its history, the FBI has also regularly overstepped the law, infringing on Americans’ constitutional rights while overzealously pursuing its domestic security mission. After the September 11, 2001 terrorist attacks, Congress and successive attorneys general loosened many of the legal and internal controls that a previous generation had placed on the FBI to protect Americans’ constitutional rights. As a result, the FBI is repeating mistakes of the past and is again unfairly targeting immigrants, racial and religious minorities, and political dissidents for surveillance, infiltration, investigation, and “disruption strategies.” But modern technological innovations have significantly increased the threat to American liberty by giving today’s FBI the capability to collect, store, and analyze data about millions of innocent Americans. The excessive secrecy with which it cloaks these domestic intelligence gathering operations has crippled constitutional oversight mechanisms. Courts have been reticent to challenge government secrecy demands and, despite years of debate in Congress regarding the proper scope of domestic surveillance, it took unauthorized leaks by a whistleblower to finally reveal the government’s secret interpretations of these laws and the Orwellian scope of its domestic surveillance programs. There is evidence the FBI’s increased intelligence collection powers have harmed, rather than aided, its terrorism prevention efforts by overwhelming agents with a flood of irrelevant data and false alarms. Former FBI Director William Webster evaluated the FBI’s investigation of Maj. Nadal Hasan prior to the Ft. Hood shooting and cited the “relentless” workload resulting from a “data explosion” within the FBI as an impediment to proper intelligence analysis. And members of Congress questioned several other incidents in which the FBI investigated but failed to interdict individuals who later committed murderous terrorist attacks, including the Boston Marathon bombing. While preventing every possible act of terrorism is an impossible goal, an examination of these cases raise serious questions regarding the efficacy of FBI methods. FBI data showing that more than half of the violent crimes, including over a third of the murders in the U.S., go unsolved each year calls for a broader analysis of the proper distribution of law enforcement resources. With the appointment of Director James Comey, the FBI has seen its first change in leadership since the 9/11 attacks, which provides an opportunity for Congress, the president, and the attorney general to conduct a comprehensive evaluation of the FBI’s policies and programs. This report highlights areas in which the FBI has abused its authority and recommends reforms to i ensure the FBI fulfills its law enforcement and security missions with proper public oversight and respect for constitutional rights and democratic ideals. The report describes major changes to law and policy that unleashed the FBI from its traditional restraints and opened the door to abuse. Congress enhanced many of the FBI’s surveillance powers after 9/11, primarily through the USA Patriot Act and the Foreign Intelligence Surveillance Act Amendments. The recent revelations regarding the FBI’s use of Section 215 of the USA Patriot Act to track all U.S. telephone calls is only the latest in a long line of abuse. Five Justice Department Inspector General audits documented widespread FBI misuse of Patriot Act authorities in 2007 and 2008. Congress and the American public deserve to know the full scope of the FBI’s spying on Americans under the Patriot Act and all other surveillance authorities. Attorney General Michael Mukasey rewrote the FBI’s rule book in 2008, giving FBI agents unfettered authority to investigate anyone they choose without any factual basis for suspecting wrongdoing. The 2008 Attorney General’s Guidelines created a new kind of intrusive investigation called an “assessment,” which requires no “factual predicate” and can include searches through government or commercial databases, overt or covert FBI interviews, and tasking informants to gather information about anyone or to infiltrate lawful organizations. In a two-year period from 2009 to 2011, the FBI opened over 82,000 “assessments” of individuals or organizations, less than 3,500 of which discovered information justifying further investigation. The 2008 guidelines also authorized the FBI’s racial and ethnic mapping program, which allows the FBI to collect demographic information to map American communities by race and ethnicity for intelligence purposes, based on crass racial stereotypes about the crimes each group commits. FBI documents obtained by the American Civil Liberties Union show the FBI mapped Chinese and Russian communities in San Francisco for organized crime purposes, all Latino communities in New Jersey and Alabama because there are street gangs, African Americans in Georgia to find “Black separatists,” and Middle-Eastern communities in Detroit for terrorism. The FBI also claimed the authority to sweep up voluminous amounts of information secretly from state and local law enforcement and private data aggregators for data mining purposes. In 2007, the FBI said it amassed databases containing 1.5 billion records, which were predicted to grow to 6 billion records by 2012, which is equal to 20 separate “records” for every person in the United States. The largest of these databases, the Foreign Terrorist Tracking Task Force, currently has 360 staff members running 40 separate projects. A 2013 Inspector General audit determined it “did not always provide FBI field offices with timely and relevant information.” The next section of the report discusses the ways the FBI avoids accountability by skirting internal and external oversight. The FBI, which Congress exempted from the Whistleblower Protection Act, effectively suppresses internal dissent by retaliating against employees who report waste, fraud, abuse, and illegality. As a result, 28 percent of non-supervisory FBI ii employees surveyed by the Inspector General said they “never” reported misconduct they saw or heard about on the job. The FBI also aggressively investigates other government whistleblowers, which has led to an unprecedented increase in Espionage Act prosecutions over the last five years. And the FBI’s overzealous pursuit of government whistleblowers has also resulted in the inappropriate targeting of journalists for investigation, infringing on free press rights. Recent coverage of overbroad subpoenas for telephone records of Associated Press journalists and an inappropriate search warrant for a Fox News reporter are only the latest examples of abuse. In 2010 the Inspector General reported the FBI used an illegal “exigent letter” to obtain the telephone records of 7 New York Times and Washington Post reporters. And the FBI thwarts congressional oversight with excessive secrecy and delayed or misleading responses to questions from Congress. Finally, the report highlights evidence of abuse that requires greater regulation, oversight, and public accountability. These include many examples of the FBI targeting First Amendment activities by spying on protesters and religious groups with aggressive tactics that infringe on their free speech, religion, and associational rights. In 2011, the ACLU exposed flawed and biased FBI training materials that likely fueled these inappropriate investigations. The FBI also operates increasingly outside the United States, where its activities are more difficult to monitor. Several troubling cases indicate the FBI may have requested, facilitated, and/or exploited the arrests of U.S. citizens by foreign governments, often without charges, so they could be held and interrogated, sometimes tortured, and then interviewed by FBI agents. The ACLU represents two proxy detention victims, including Amir Meshal, who was arrested at the Kenya border in 2007 and subjected to more than four months of detention in three different East African countries without charge, access to counsel, or presentment before a judicial officer, at the behest of the U.S. government. FBI agents interrogated Meshal more than thirty times during his detention. Other Americans traveling abroad discover that their government has barred them from flying; the number of U.S. persons on the No Fly List has doubled since 2009. There is no fair procedure for those mistakenly placed on the list to challenge their inclusion. Many of those prevented from flying home have been subjected to FBI interviews after seeking assistance from U.S. Embassies. The ACLU is suing the government on behalf of 10 American citizens and permanent residents who were prevented from flying to the U.S., arguing that barring them from flying without due process is unconstitutional. These FBI abuses of authority must end. We call on President Barack Obama and Attorney General Eric Holder to tighten FBI authorities to prevent unnecessary invasions of Americans’ privacy; prohibit profiling based on race, ethnicity, religion and national origin; and protect First Amendment activities. And we call on Congress to make these changes permanent through statute and improve oversight to prevent future abuse. The FBI serves a crucial role in protecting Americans, but it must protect our rights as it protects our security. iii Unleashed and Unaccountable: The FBI’s Unchecked Abuse of Authority Introduction On September 4, 2013, James B. Comey was sworn in as the 7th director of the Federal Bureau of Investigation (FBI). Comey is taking the helm of an agency that has transformed during the 12-year term of Director Robert S. Mueller III into a domestic intelligence and law enforcement agency of unprecedented power and international reach. Today’s FBI doesn’t just search for evidence to catch criminals, terrorists, and spies. Working with other government agencies and private companies, it helps gather information about millions of law abiding Americans, tracking our communications and associations. It has mapped American communities based on race, ethnicity, religion, and national origin and exploited community outreach programs to monitor the First Amendment activities of religious groups. It has harassed non-violent political activists with surveillance, unwarranted investigations, and even aggressive nationwide raids that resulted in no criminal charges. The FBI retains the information it collects through its investigations and intelligence activities in vast databases containing billions of records that agents can mine for myriad purposes, even without opening an official investigation or otherwise documenting their searches. The FBI has exploited secret interpretations of the laws governing domestic surveillance to expand its reach and simply ignored other legal restrictions designed to protect our constitutional rights. It has frustrated congressional, judicial, and public oversight through excessive secrecy, official misrepresentations of its activities, and suppression of government whistleblowers and the press. Even more opaque are the FBI’s intelligence and law enforcement exploits abroad. American citizens traveling overseas have been detained by foreign governments at the behest of the U.S. government and interrogated by FBI agents. Other Americans were blocked from flying home because they were placed on the U.S. government’s No Fly List and then pressured to become FBI informants when they sought redress at U.S. Embassies. Such abuse is the inevitable product of a deliberate effort by Congress, two presidents, and successive attorneys general to vest the FBI with the powers of a secret domestic intelligence agency. The FBI has an extremely dedicated and proficient workforce that is given the crucial and enormously difficult mission of protecting our nation from a diverse array of domestic and international threats. When at its best, the FBI uses its law enforcement authorities in a narrowly tailored and focused way to protect American communities from dangerous criminals and defend the national security from foreign spies and terrorists. When it uses its power in a fair and equal manner, the FBI strengthens and reinforces the rule of law by protecting civil rights and holding corrupt government officials and abusive law enforcement officers to account. The tools and authorities the FBI needs to fulfill these critical responsibilities are far too easily abused, however, particularly because they are often exercised under a shroud of secrecy where legal restraints are too easily treated as unnecessary impediments to mission success. Establishing and 1 maintaining effective checks against error and abuse is necessary for the FBI to remain an effective law enforcement agency and essential to securing liberty and preserving democratic processes. In the aftermath of the terrorist attacks of September 11, 2001, Congress and the attorney general loosened many of the legal and policy restraints on the FBI that had been designed to curb abuses of a previous era. Ignoring history’s lessons, policy makers urged the FBI to take on a greater domestic intelligence role, and it adopted this mission with an overzealous vigor. The FBI’s resulting transformation into a secret domestic intelligence agency is dangerous to a free and democratic society, especially because rapidly developing technologies have made it possible for the FBI to gather, catalogue, and analyze massive amounts of information about countless Americans suspected of no wrongdoing at all. There is already substantial evidence that the FBI has gravely misused its new authorities and capabilities, as this report will detail. And there is little evidence to suggest that these new powers have made Americans any safer from crime and terrorism. Members of Congress continue to struggle to obtain reliable information demonstrating the effectiveness of the FBI’s overbroad surveillance programs, and several deadly attacks by persons who had previously been investigated by the FBI raise serious questions about whether the influx of data is making it harder to detect threats, rather than easier. Congress and the president should take the opportunity presented by this change of leadership at the FBI to conduct a comprehensive examination of the FBI’s policies and practices to identify and curtail any activities that are illegal, unconstitutional, discriminatory, ineffective, or easily misused. The purpose of this report is to highlight the changes to FBI authorities that have had the most significant impact on the privacy and civil rights and liberties of Americans; to provide examples of error and abuse over the last 12 years that establish evidence of the need for reform; and to offer an agenda to restore the FBI to its proper role in the American criminal justice landscape as the pre-eminent federal law enforcement agency that serves as a model for all others in its effectiveness and in its respect for individual rights and civil liberties. I. Tension Between Domestic Intelligence Activities and Constitutional Rights Every 90 days for the past seven years the FBI has obtained secret Foreign Intelligence Surveillance Court (FISA Court) orders compelling telecommunications companies to provide the government with the toll billing records of every American’s telephone calls, domestic and international, on an ongoing daily basis.1 Other programs have collected similar data about Americans’ email and Internet activity and seized the content of their international communications, even though there was no evidence they had done anything wrong. State and local police and the general public are encouraged to report all “suspicious” people and activity to the FBI. This is what a domestic intelligence enterprise looks like in our modern technological age. 2 Many Americans were shocked to learn that they were the targets of such an outrageously overbroad government surveillance program. Even many members of Congress who passed the statute that enabled this surveillance and were charged with overseeing FBI operations were unaware of the way the government was secretly interpreting the law.2 But the American Civil Liberties Union (ACLU) had long warned that turning the FBI into a domestic intelligence agency by providing it with enhanced surveillance and investigative authorities that could be secretly used against Americans posed grave risks to our constitutional rights.3 Our nation’s founders understood the threat unchecked police powers posed to individual liberty, which is why fully half of the constitutional amendments making up the Bill of Rights are designed to regulate the government’s police powers. The founders realized that political rights could only be preserved by checking the government’s authority to invade personal privacy and by establishing effective due process mechanisms to ensure independent oversight and public accountability. As the Supreme Court put it, “[t]he Bill of Rights was fashioned against the background of knowledge that unrestricted power of search and seizure could also be an instrument for stifling liberty of expression.”4 Yet repeatedly since its very beginning over a hundred years ago, the FBI has claimed the authority not just to investigate and prosecute potential violations of law, but to conduct secret domestic intelligence activities that often skirted constitutional protections. Courts traditionally protect Fourth Amendment rights through the “exclusionary rule,” which prohibits law enforcement officers from using the fruits of illegal searches in criminal prosecutions.5 But this penalty poses little obstacle for intelligence investigations because the information collected in these programs is rarely intended for, or utilized in, criminal prosecutions. When it is necessary for prosecution, information discovered through secret intelligence programs can easily be replicated using traditional law enforcement tools, shielding the intelligence programs from judicial oversight and public scrutiny. And because these intelligence activities take place in secret, victims rarely know the government has invaded their privacy or violated their rights, so they cannot seek redress. In a previous era, the FBI’s unregulated covert domestic intelligence activities went on undiscovered for decades, protected by official secrecy until activists burglarized an FBI office in Media, Pennsylvania, in 1971, and released a thousand domestic intelligence files to reporters.6 According to the Senate Select Committee established to investigate these illegal intelligence activities, FBI headquarters had opened over 500,000 domestic security files during this time and compiled a list of 26,000 Americans who would be “rounded up” during a national security emergency.7 It found that these FBI domestic intelligence operations targeted numerous non-violent protest groups, civil rights organizations, and political dissidents with illegal wiretaps, warrantless physical searches, and an array of harassing “dirty tricks” designed to infiltrate, obstruct, discredit, and neutralize “perceived threats to the existing social and political order.”8 3 The exposure of the FBI's intelligence abuses led to a series of reforms, including the Foreign Intelligence Surveillance Act (FISA), a law designed to regulate government surveillance for national security purposes and protect Americans’ privacy.9 An initiative to impose statutory limits on the FBI’s authority failed, however. By way of compromise, Attorney General Edward Levi issued written guidelines in 1976 which circumscribed the FBI's authority to conduct domestic security investigations.10 The Attorney General’s Guidelines required the FBI to have a criminal predicate consisting of “specific and articulable facts giving reason to believe that an individual or group is or may be engaged in activities which involve the use of force or violence,” before opening a full investigations. Upon receipt of information or allegations of criminal activity not meeting this threshold, the guidelines authorized preliminary investigations that allowed FBI agents to develop evidence to justify opening full investigations, but these were strictly limited in both time and scope. Successive attorneys general modified and reinterpreted the Attorney General’s Guidelines over the years and developed additional sets of guidelines regulating the FBI’s use of informants and undercover operations. The Bush administration alone amended the various FBI guidelines four times after 9/11. But while the Attorney General’s Guidelines can be beneficial in establishing objective standards and reasonable limitations on the FBI’s power, they are not self-enforcing. A number of public scandals and investigations by Congress and the Justice Department Inspector General (IG) — both before and after the terrorist attacks of September 11, 2001 — reveal the FBI often violates and/or ignores these internal rules, along with other legal and constitutional limitations. II. Unleashed: The FBI’s Post-9/11 Powers In the aftermath of the September 11th attacks the FBI sought to rid itself of these legal restraints and expand its investigative and intelligence collection capabilities. Acting during a period of fear and uncertainty, Congress, the White House, and the attorney general gave the FBI enhanced investigative and surveillance authorities to protect the nation from future terrorists they worried were ready to strike again. Other powers the FBI simply assumed for itself, often secretly, and at times in direct violation of existing laws. A. Surveillance Powers Given and Taken 1. USA Patriot Act On June 5, 2013, The Guardian published an astonishing Top Secret Foreign Intelligence Surveillance Court (FISA Court) order that compelled Verizon Business Network Services to provide the National Security Agency (NSA) with the “telephony metadata” for all of its customers’ domestic and international telecommunications on an “ongoing daily basis” for the three-month duration of the order.11 Metadata includes the telephone numbers called and received, calling card numbers, mobile subscriber identity and station information numbers, and time and duration of calls. This information gives the government a detailed picture of a person’s 4 interests, associations, and activities, including personally intimate or potentially embarrassing information, such as whether they’ve called a virility clinic, Alcoholics Anonymous, or a suicide hotline. The order was issued pursuant to an FBI request for “business records” under Section 215 of the USA Patriot Act, which authorizes the FISA Court to issue secret demands for “any tangible things,” based on the FBI’s declaration that the information is “relevant” to a terrorism or espionage investigation.12 The Washington Post reported that tens of millions of Verizon customers’ records have been seized under this program, and Sen. Dianne Feinstein (D-Calif.) said this order appeared to be “the exact three-month renewal” of similar orders that began in 2006.13 With over 200 Section 215 orders issued in 2012, it is very likely that many other telecommunications companies received similar requests for all their customers’ metadata as well.14 And since Section 215 authorizes the government to obtain “any tangible things,” it is also likely that the FBI uses the provision to do bulk collection of other types of records. The statute specifically states that FBI agents may seek library circulation and book sales records, medical records, tax returns, and firearms sales records using Section 215, with approval of an FBI Executive Assistant Director.15 Rep. James Sensenbrenner (R-Wis.), the original House of Representatives’ sponsor of the Patriot Act, said the Foreign Intelligence Surveillance Court’s order to Verizon reflected an “overbroad interpretation of the Act” that was “deeply disturbing.”16 Rep. Sensenbrenner said the language in the statute was not intended to authorize such broad collection and questioned how the phone records of millions of innocent Americans could possibly be deemed “relevant” to a terrorism or counterintelligence investigation, as Section 215 requires. Indeed, FBI Director Mueller’s 2011 testimony before the Senate Intelligence Committee seeking reauthorization of the Patriot Act suggested the FBI interpreted the statute narrowly and used it sparingly: [Section 215] allows us to go to the FISA Court and obtain an order to produce records that may be relevant to, say, a foreign intelligence investigation relating to somebody who’s trying to steal our secrets or a terrorist. Upon us showing that the records sought are relevant to this particular investigation—a specific showing it is—the FISA Court would issue an order allowing us to get those records. It’s been used over 380 times since 2001.17 What the public didn’t know at the time was that the Justice Department and the FISA Court had established a secret interpretation of the law that significantly expanded the scope of what the FBI can collect with Section 215, despite the relatively small number of orders issued each year. At the same 2011 hearing, Sen. Ron Wyden (D-Ore.), who has access to this secret interpretation of the law due to his position on the Intelligence Committee but is barred by classification rules from revealing it, challenged Director Mueller: 5 I believe that the American people would be absolutely stunned—I think Members of Congress, many of them, would be stunned if they knew how the PATRIOT Act was being interpreted and applied in practice.18 Sen. Wyden and Sen. Mark Udall (D-Colo.) have repeatedly complained over the last several years that Justice Department officials have made misleading public statements about the scope of this authority, even as they refused their demands to declassify this secret interpretation of law so that Americans could understand how the government is using Section 215.19 It took an unauthorized leak of the FISA Court order to give the public — and many members of Congress — their first glimpse of the government’s overbroad use of this Patriot Act authority. Sen. Wyden and Sen. Udall have more recently challenged government claims that the bulk collection of telephone metadata under Section 215 has proven effective in preventing terrorist attacks, arguing they’ve seen no evidence the program “has provided any otherwise unobtainable intelligence.”20 The ACLU filed a Freedom of Information Act (FOIA) request in 2011 to force the release of records relating to the government’s interpretation or use of Section 215, which is still being litigated.21 After the leak of the classified FISA Court order, the ACLU (a Verizon customer) filed a lawsuit challenging the government’s bulk collection of telephone metadata under the Patriot Act.22 This is not the first evidence of widespread abuse of this statute, however. Congress passed the USA Patriot Act just weeks after the 9/11 attacks, greatly expanding the FBI's authority to use surveillance tools originally designed for monitoring hostile foreign agents to secretly obtain personal information about Americans not even suspected of wrongdoing. Congress made several provisions temporary. But when Congress first revisited the expiring provisions in 2005 there was very little public information regarding how the statute had been used. So in reauthorizing the Act, Congress required the Justice Department Inspector General to audit the FBI’s use of two Patriot Act authorities: National Security Letters (NSLs) and Section 215. Not surprisingly, five Inspector General audits conducted over the next several years confirmed widespread FBI abuse and mismanagement of these intelligence collection tools. A 2007 Inspector General audit revealed that from 2003 through 2005 the FBI issued over 140,000 National Security Letters — secret demands for certain account information from telecommunications companies, financial institutions, and credit agencies that require no judicial approval — almost half of which targeted Americans. It found: • • The FBI so negligently managed this Patriot Act authority it did not even know how many National Security Letters it had issued, which resulted in three years of false reporting to Congress;23 FBI agents repeatedly ignored or confused the requirements of the authorizing statutes and used National Security Letters to collect private information about individuals two or three times removed from the actual subjects of FBI investigations; 6 • • Sixty percent of the audited files did not have the required supporting documentation, and 22 percent contained at least one unreported legal violation;24 FBI supervisors circumvented the law by using control files to improperly issue National Security Letters when no authorizing investigation existed.25 In 2008, the IG released a second audit report covering the FBI’s use of National Security Letters in 2006 and evaluating the reforms implemented by the DOJ and the FBI after the first audit was released.26 The 2008 report revealed: • • • The FBI was increasingly using National Security Letters to gather information on U.S. persons (57 percent in 2006, up from 53 percent in 2005);27 High-ranking FBI officials improperly issued eleven “blanket National Security Letters” in 2006 seeking data on 3,860 telephone numbers, in an effort to hide that the data had been illegally collected with “exigent letters” (see below);28 and None of the “blanket National Security Letters” complied with FBI policy, and several imposed unlawful non-disclosure requirements, or “gag orders,” on National Security Letter recipients.29 Two other Inspector General audits reviewed the FBI’s use of Section 215 of the Patriot Act. Though this authority was used much less frequently than NSLs, the audits identified several instances of misuse, including an instance in which the FISA Court rejected a Section 215 application on First Amendment grounds, but the FBI obtained the records anyway without court approval.30 But in many ways these Inspector General reports gave the public a false sense of security by masking the real problem with Section 215, which was the incredible scope of information the FBI secretly collected under the FISA Court’s secret interpretation of the statute. 2. Exigent Letters and a Secret OLC Opinion The Inspector General reports also revealed that the FBI routinely used “exigent letters,” which claimed false emergencies to illegally collect the phone records of Americans.31 In 2003, the FBI took the extraordinary step of contracting with three telecommunications companies to station their employees within FBI offices so that FBI supervisors could get immediate access to company records when necessary. This arrangement allowed the FBI to circumvent formal legal process, like grand jury subpoenas or National Security Letters, to obtain telephone records. FBI supervisors even made requests written on Post-it notes and took “sneak peeks” over the telecom employees’ shoulders to illegally gain access to private telecommunications records. The FBI obtained records regarding approximately 3,000 telephone numbers where no emergency existed and sometimes where no investigation was opened, in clear violation of the Electronic Communications Privacy Act (ECPA).32 When the Inspector General discovered this abuse, FBI supervisors issued inappropriate “blanket” National Security Letters in an improper attempt to legitimize the illegal data collection. 7 A particularly troubling aspect of the FBI’s use of exigent letters was the fact that it sometimes used them to obtain the communications records of journalists, in violation of their First Amendment rights.33 These improper data requests circumvented federal regulations and Justice Department policies established to protect press freedoms, which require the exhaustion of less intrusive techniques and attorney general approval before obtaining subpoenas for reporters’ communication records. The FBI initially admitted error with regards to the use of exigent letters and agreed to stop using them, though it tried to justify keeping the information it already collected. But in his final report on exigent letters, the Inspector General revealed that in 2009 the FBI developed a new legal interpretation of the Electronic Communications Privacy Act that allowed the FBI to ask telecommunication companies to provide it with certain communications records without emergencies or legal process.34 The IG rejected this post-hoc re-interpretation of the law, so the FBI requested a Justice Department Office of Legal Counsel (OLC) opinion.35 The OLC supported the FBI’s argument in a January 2010 secret opinion, with which the Inspector General was clearly uncomfortable. He recommended that Congress examine this opinion and “the implications of its potential use,” but there have been no public hearings to evaluate the manner in which the FBI exploits this new interpretation of the law.36 The Justice Department has refused to release the OLC opinion in response to FOIA requests by media organizations and privacy advocates.37 3. Warrantless Wiretapping and the FISA Amendments Act On December 16, 2005, The New York Times revealed that days after the 9/11 terrorist attacks President George W. Bush authorized the National Security Agency to conduct warrantless electronic surveillance of Americans’ telecommunications in violation of the Fourth Amendment and the Foreign Intelligence Surveillance Act.38 The FBI knew about this illegal surveillance practically from its inception and investigated leads it generated, but did nothing to stop it despite the criminal penalties associated with FISA violations.39 Moreover, the FBI agents investigating the leads produced from the NSA program reportedly found them of little value, deriding them as “Pizza Hut leads” because they often led to delivery calls and other dead ends.40 The Bush administration ultimately acknowledged the existence of a program it called the “Terrorist Surveillance Program,” which it said was designed to intercept al Qaeda-related communications to and from the U.S., but a follow-up article by The New York Times reported the program was larger than the officials admitted and involved a government “back door” into domestic telecommunications networks.41 A 2006 article in USAToday alleged further that major telecommunications companies “working under contract to the NSA” provided the government domestic call data from millions of Americans for “social network analysis.”42 When James Comey was promoted to deputy attorney general in December 2003, he evaluated the Justice Department’s legal support for one portion of this highly classified program, 8 involving the bulk collection of domestic internet metadata, and found it lacking.43 To his great credit, he refused to sign a Justice Department re-certification as to the legality of the program and resisted, with the support of FBI Director Mueller, an intense effort by the White House to compel a gravely ill Attorney General John Ashcroft to overrule Comey. The collection continued without Justice Department certification for several weeks, leading Comey, Mueller, and other Justice Department officials to threaten resignation. Comey and Mueller ultimately won legal modifications that assuaged their concerns, but the bulk collection of innocent Americans’ internet data continued under a FISA Court order through 2011 and may be going on in some form today.44 It remains unexplained why Ashcroft, Comey, and Mueller apparently approved other parts of the Terrorist Surveillance Program, including the warrantless interception of Americans’ international communications and the collection of Americans’ telephone metadata. The public pressure resulting from the 2005 New York Times article led the Bush administration to bring other portions of the NSA’s warrantless wiretapping program under FISA Court supervision in January 2007. But in May of that year an apparently adverse ruling by the FISA Court led the administration to seek emergency legislation from Congress so the program could continue.45 Congress passed temporary legislation in August 2007 and then enacted the FISA Amendments Act in June 2008, giving the government the authority to seek FISA Court orders authorizing non-individualized electronic surveillance so long as it is targeted at foreigners outside the U.S. But questions about the scope and legality of these programs remain.46 The excessive secrecy surrounding the FBI’s and NSA’s implementation of the FISA Amendments Act exacerbates the threat to Americans’ privacy posed by this unconstitutionally overbroad surveillance authority. The FISA Amendments Act is due to expire in 2015, but Congress must not wait to conduct the oversight necessary to curb abuse and protect Americans from unnecessary and unwarranted monitoring of their international communications. B. Expanding FBI Investigative Authorities The Bush administration vastly expanded the FBI’s power by amending the Attorney General’s Guidelines governing FBI investigative authorities four times over 8 years.47 Each change lowered the evidentiary threshold necessary for the FBI to initiate investigations, increasing the risk that FBI agents would improperly target people for scrutiny based on their First Amendment activities, as they had in the past. 1. Ashcroft Attorney General’s Guidelines Attorney General John Ashcroft first amended the guidelines for general crimes, racketeering, and terrorism investigations in 2002, giving the FBI more flexibility to conduct investigations based on mere allegations.48 The Ashcroft guidelines: 9 • • • • Authorized the “prompt and extremely limited checking out of initial leads” upon receipt of any information suggesting the possibility of criminal activity; Prohibited investigations based solely on First Amendment activities, but authorized inquiries based on statements advocating criminal activity unless “there is no prospect of harm;”49 Expanded the investigative techniques the FBI could use during preliminary inquiries, barring only mail openings and non-consensual electronic surveillance;50 and Increased the time limits for preliminary inquiries to 180 days, with the possibility of two or more 90-day extensions.51 These changes meant the FBI could conduct intrusive investigations of people for an entire year, including infiltration by informants, without facts establishing a reasonable indication that anyone was breaking the law. The Ashcroft guidelines also allowed FBI agents to conduct “general topical research” online and “visit any place and attend any event that is open to the public, on the same terms and conditions as members of the public generally.”52 The FBI later claimed this authority did not require the FBI agents attending public meetings to identify themselves as government officials. Attempting to assuage concerns that the FBI would misuse this expanded authority by targeting First Amendment-protected activity, FBI Director Robert Mueller said in 2002 that the FBI had no plans to infiltrate mosques.53 Nonetheless, in the ensuing years there was a sharp increase in the FBI's controversial use of informants as agents provocateur in mosques and other Muslim community organizations.54 In 2009, Director Mueller defended these tactics and said he did not expect the Obama administration to require any change in FBI policies: “I would not expect that we would in any way take our foot off the pedal of addressing counterterrorism.”55 After 9/11, the FBI also increased the number of FBI agents assigned to terrorism matters and rapidly expanded its network of Joint Terrorism Task Forces, in which other federal, state, and local agencies provide additional human resources for terrorism investigations. Today it has 103 Task Forces across the country, employing approximately 4,400 members of federal, state, and local law enforcement; the intelligence community; and the military.56 2. Evidence of FBI Spying on Political Activists Concerned that the combination of expanded authorities and additional resources devoted to terrorism investigations would result in renewed political spying, ACLU affiliates around the country filed FOIA requests in 2004, 2005, and 2006 seeking FBI surveillance records regarding dozens of political advocacy and religious organizations and individual activists.57 The FBI response revealed that FBI terrorism investigators from a variety of different field offices had collected information about peaceful political activity of environmental activists, peace advocates, and faith-based groups that had nothing to do with terrorism. These inappropriate FBI investigations targeted prominent advocacy organizations such as the School of the America's Watch, Greenpeace, People for the Ethical Treatment of Animals, the 10 Rocky Mountain Peace and Justice Center in Colorado, and the Thomas Merton Center for Peace and Justice in Pennsylvania, among many others. In a document that reads as if it were written during the Hoover era, an FBI agent describes the peace group Catholic Worker as having “semicommunistic ideology.”58 Environmental activist and self-described anarchist Scott Crow later submitted his own Privacy Act request to the FBI and received 440 pages of materials documenting FBI surveillance directed against him from 2001 through 2008.59 The FBI reports exposed the agents’ disdain for the activists they investigated, with one suggesting that nonviolent direct action was an “oxymoron” and another stating that attendees at an activist camp “dressed like hippies” and “smelled of bad odor.”60 3. 2010 Inspector General Report Confirms Spying and Lying In response to a 2006 congressional request, the Justice Department Inspector General audited a small sample (six) of the multiple FBI investigations of domestic advocacy groups uncovered by the ACLU.61 In a report that wasn’t released until 2010, the Inspector General confirmed the FBI abused its authority in these cases and at times improperly collected and retained information detailing the activists’ First Amendment activities.62 The Inspector General concluded that the FBI’s predicate for opening preliminary investigations against these advocacy groups and individuals was “factually weak.” In some cases, it was based on unpersuasive, “speculative, after-the-fact rationalizations,” because the files lacked the required documentation of the “information or allegation” to justify opening the case.63 But because the guidelines require such a low “information or allegation” standard for opening preliminary investigations, the Inspector General concluded that opening many of these fruitless and abusive FBI investigations did not initially violate Justice Department policy.64 Still, the Inspector General did find that the FBI violated the guidelines in some cases by: • • • Extending some of these investigations “without adequate basis;” Initiating more intrusive full investigations when the facts only warranted preliminary investigations; and Retaining information about the groups’ First Amendment activities in FBI files, in violation of the Privacy Act.65 Controversially, and despite the lack of proper documentation, the Inspector General determined that these investigations were not opened based “solely” on the groups’ political activities or beliefs, but rather upon the FBI agents’ speculation that the groups or individuals might commit a federal crime in the future. This conclusion appeared argumentative, however, because the Inspector General did not explain why the agents opened cases on these particular potential future criminals rather than any other potential future criminals, or whether political viewpoint was a significant factor in these decisions. The report conceded that the documents “gave the impression that the FBI’s Pittsburgh Field Division was focused on the [Thomas] Merton Center as a result of its anti-war views.”66 That such baseless investigations of political activists were 11 found to fall within Justice Department policy clearly reveals that the FBI guidelines’ prohibition against investigations based “solely” on First Amendment activity is insufficient to protect First Amendment rights. Other abuses were identified. In one case, an FBI agent tasked an informant to infiltrate a peace group and to collect details of its First Amendment activities, just so the agent could demonstrate participation in the FBI’s informant program.67 The Inspector General also criticized the FBI for treating non-violence civil disobedience as “acts of terrorism,” which had real consequences for the activists, as FBI policy mandates that subjects of terrorism investigations be placed on terrorist watch lists.”68 As a result, the FBI tracked their travel and advocacy activities as well as their interactions with local law enforcement.69 One activist the FBI investigated was handcuffed and detained during a traffic stop, which the officer justified by alleging the activist was “affiliated with a terrorist organization.”70 Finally, the Inspector General found that after the ACLU released the records, FBI officials made false and misleading statements to Congress and the American public in an attempt to blunt the resulting criticism.71 The FBI Executive Secretariat Office responded to a citizen’s complaint about the inappropriate investigation of Catholic Worker by stating that the FBI only seeks to prevent violence and does not target “lawful civil disobedience,” even though the FBI files on Catholic Worker did document civil disobedience and made no reference to violence or terrorism.72 The false statements to Congress are discussed further below. 4. Mukasey Attorney General’s Guidelines In December 2008, during the final weeks of the Bush administration, Attorney General Michael Mukasey issued revised Attorney General’s Guidelines that authorized the FBI to conduct a new type of investigation, called an “assessment,” which does not require FBI agents to establish any factual predicate before initiating investigations, so long as they claim their purpose is to prevent crime or terrorism or protect national security.73 The Mukasey guidelines allow the FBI to utilize a number of intrusive investigative techniques during assessments, including: • • • • • Physical surveillance; Retrieving data from commercial databases; Recruiting and tasking informants to attend meetings under false pretenses; Engaging in “pretext” interviews in which FBI agents misrepresent their identities in order to elicit information; and Using grand jury subpoenas to collect subscriber information from telecommunications companies.74 Under the Mukasey guidelines, “assessments” can even be conducted against an individual simply to determine if he or she would make a suitable FBI informant. Nothing in the new guidelines protects entirely innocent Americans from being thoroughly investigated by the FBI 12 under this assessment authority. The new guidelines also explicitly authorize the surveillance and infiltration of peaceful advocacy groups in advance of demonstrations, and they do not clearly prohibit using race, religion, or national origin as factors in initiating assessments, so long as investigations are not based “solely” on such factors.75 A 2009 FBI Counterterrorism Division “Baseline Collection Plan” obtained by the ACLU reveals the broad scope of information the FBI gathers during assessments: • • • • • • • Identifying information (date of birth, social security number, driver’s license and passport number, etc.); Telephone and emailaddresses; Current and previous addresses; Current employer and job title; Recent travel history; Whether the person lives with other adults, possesses special licenses or permits, or has received specialized training; and Whether the person has purchased firearms or explosives.76 The FBI claims the authority to retain all the personal information it collects during these investigations indefinitely, even if the people being assessed are found to be innocent. The New York Times reported that the FBI opened 82,325 assessments on individuals and groups from March 2009 to March 2011, yet only 3,315 of these assessments developed information sufficient to justify opening preliminary or full investigations.77 That so few assessments discovered any information or allegation that would meet even the low threshold for opening a preliminary investigation makes clear that the FBI investigated tens of thousands of entirely innocent people under its assessment authority. Moreover, at the conclusion of an assessment or investigation, after “all significant intelligence has been collected, and/or the threat is otherwise resolved,” the FBI’s Baseline Collection Plan authorizes agents to implement a socalled “disruption strategy,” which permits FBI agents to continue using investigative techniques “including arrests, interviews, or source-directed operations to effectively disrupt [a] subject’s activities.”78 This resurrection of reviled Hoover-era terminology is troubling, particularly because FBI counterterrorism training manuals recently obtained by the ACLU indicate the FBI is once again improperly characterizing First Amendment-protected activities as indicators of dangerousness. C. FBI Profiling Based on Race, Ethnicity, Religion and National Origin Ironically, the FBI’s authority to profile based on race, ethnicity, religion, and national origin was enhanced by Justice Department guidance that claimed to ban profiling in federal law enforcement. When issuing the Justice Department Guidance Regarding the Use of Race by Federal Law Enforcement Agencies in 2003, Attorney General Ashcroft said, “[u]sing race… as 13 a proxy for potential criminal behavior is unconstitutional and undermines law enforcement by undermining the confidence that people have in law enforcement.”79 The ACLU couldn’t have agreed more. But while the guidance prohibited federal agents from considering race or ethnicity “to any degree” in making routine or spontaneous law enforcement decisions (absent a specific subject description), it also included broad exemptions for national security and border integrity investigations, and it did not prohibit profiling based on religion or national origin.80 Allowing profiling in border integrity investigations disproportionately impacts Latino communities, just as profiling in national security investigations has led to inappropriate targeting of Muslims, Sikhs; and people of Arab, Middle Eastern, and South Asian descent. And given the diversity of the American Muslim population, the failure to ban religious profiling specifically threatens African Americans as well, who comprise from one-quarter to one-third of American Muslims.81 In effect, Attorney General Ashcroft’s ban on racial profiling had the perverse effect of tacitly authorizing the profiling of almost every minority community in the U.S. 1. The FBI Domestic Investigations and Operations Guide An internal FBI guide to implementing the 2008 Attorney General’s Guidelines, called the Domestic Investigations and Operations Guide (DIOG), contains startling revelations about how the FBI is using race and ethnicity in conducting assessments and investigations.82 While the DIOG repeats the Attorney General’s Guidelines’ requirement that investigative and intelligence collection activities must not be based “solely” on race, it asserts that FBI agents are authorized to use race and ethnicity when conducting what it calls “domain management” assessments. Through this program, the FBI allows: • • • “Collecting and analyzing racial and ethnic community demographics.” The DIOG authorizes the FBI to “identify locations of concentrated ethnic communities in the Field Office's domain, if these locations will reasonably aid in the analysis of potential threats and vulnerabilities, and, overall, assist domain awareness for the purpose of performing intelligence analysis… Similarly, the locations of ethnically-oriented businesses and other facilities may be collected…”83 Collecting “specific and relevant” racial and ethnic behavior. Though the DIOG prohibits “the collection of cultural and behavioral information about an ethnic community that bears no relationship to a valid investigative or analytical need,” it allows FBI agents to consider “focused behavioral characteristics reasonably believed to be associated with a particular criminal or terrorist element of an ethnic community” as well as “behavioral and cultural information about ethnic or racial communities” that may be exploited by criminals or terrorists “who hide within those communities.”84 “Geo-mapping.” The DIOG states that “As a general rule, if information about community demographics may be collected it may be ‘mapped.’”85 14 The DIOG’s instruction that the FBI may collect, use, and map the demographic information of racial and ethnic communities raises concerns that, once these communities are identified and mapped, the FBI will target them for additional intelligence gathering or investigation based primarily, if not entirely, on their racial and ethnic makeup. Treating entire communities as suspect based on their racial, ethnic, or religious makeup offends American values. It’s also counterproductive to effective law enforcement. In fact, an FBI official publicly criticized an equally inappropriate NYPD surveillance and mapping operation targeting Muslims throughout the northeast for undermining law enforcement relations with the community.86 Newark FBI Special Agent in Charge Michael Ward called the NYPD program “not effective,” saying there should be “an articulable factual basis” for intelligence collection and that “there’s no correlation between the location of houses of worship and minority-owned businesses and counterterrorism.”87 Unfortunately the FBI is not following his advice. The FBI unilaterally amended the DIOG in October 2011, giving its agents powers that are not authorized in the current Attorney General’s Guidelines issued in 2008.88 These new powers include blanket permission for agents to search law enforcement and commercial databases without even opening an assessment on the person searched or documenting why the search was performed. The 2011 DIOG amendments also authorized FBI agents to search peoples’ trash during an assessment to find derogatory information to pressure them into becoming informants. Since the 2008 Attorney General’s Guidelines did not grant these powers, it is difficult to see where the FBI finds authorization for these activities. The FBI secretly amended the DIOG again in June 2012.89 Only one section of this new guide has been released, pursuant to an ACLU FOIA request regarding the FBI’s policy for obtaining stored e-mails. One substantive change from the 2011 DIOG removes the requirement for FBI agents to specify in affidavits submitted to judges for criminal wiretap warrants whether the interception implicates sensitive circumstances, such as whether it targets public officials or religious leaders.90 A new subsection requires the agents to discuss the sensitive circumstances with Justice Department prosecutors, but failing to advise the judge evaluating the warrant request would seem to improperly withhold potentially important information that could impact the probable cause determination. It is unknown why this change was made. 2. FBI Racial and Ethnic Mapping In 2010, ACLU affiliates throughout the country issued FOIA requests to obtain information about how the FBI’s domain management program operates. Although heavily redacted, the documents received from a number of different field offices demonstrate that FBI analysts make judgments based on crude stereotypes about the types of crimes different racial and ethnic groups commit, which they then use to justify collecting demographic data to map where people with that racial or ethnic makeup live. The DIOG claims that collecting community racial and ethnic data and the location of ethnic-oriented businesses and facilities is permitted to “contribute to an 15 awareness of threats and vulnerabilities, and intelligence collection opportunities,” which raises concerns the FBI is seeking to identify these racial and ethnic communities to target them for intelligence collection and investigation in a disparate manner from other communities.91 For example, a Detroit FBI field office memorandum entitled “Detroit Domain Management” asserts that “[b]ecause Michigan has a large Middle-Eastern and Muslim population, it is prime territory for attempted radicalization and recruitment” by State Department-designated terrorist groups that originate in the Middle East and Southeast Asia. 92 Based on this unsubstantiated assertion of a potential threat of recruitment by terrorist groups on the other side of the world, the Detroit FBI opened a “domain assessment” to collect and map information on all Muslims and people of Middle-Eastern descent in Michigan, treating all of them as suspect based on nothing more than their race, religion, and national origin. Collecting information about the entire Middle-Eastern and Muslim communities in Michigan is unjust, a violation of civil rights and an affront to religious freedom and American values. It’s also a surprisingly ignorant approach for an intelligence agency, because it ignores the fact that many Michigan Muslims are not Middle Eastern or South Asian. The Muslim community is incredibly diverse, and almost than a third of Michigan Muslims is African-American.93 Treating Muslim communities as monolithic, and universally suspect, isn’t good intelligence; it’s religious bigotry. Other documents confirm that the FBI is targeting American Muslims and their religious institutions for intelligence attention through its Domain Management program. Below is a sample of a redacted FBI Knoxville domain management map: 16 Unfortunately, this type of targeting based on broad-brush racial, ethnic, religious, and national origin stereotyping appears in many different types of domain assessments focusing on a wide array of groups. A 2009 Atlanta FBI Intelligence memorandum documents population increases among “black/African American populations in Georgia” from 2000 to 2007 in an effort to better understand the purported terrorist threat from “Black Separatist” groups.94 A 2009 FBI memo justifies opening a domain assessment of Chinese communities by stating that “San Francisco domain is home to one of the oldest Chinatowns in North America and one of the largest ethnic Chinese populations outside mainland China,” and “[w]ithin this community there has been organized crime for generations.”95 The same memo justifies mapping the “sizable Russian population” in the region by referencing the existence of “Russian criminal enterprises operating within the San Francisco domain.”96 Several documents from FBI offices in Alabama, New Jersey, Georgia, and California indicate the FBI conducted overly-broad assessments that include tracking communities based on race and national origin to examine threats posed by the criminal gang Mara Salvatrucha (MS-13).97 While MS-13 certainly represents a criminal threat meriting law enforcement concern, the documents reveal that the FBI uses the fact that MS-13 was originally started by Salvadoran immigrants to justify collecting population data for communities 17 originating from other Spanish-speaking countries, including Mexico, Cuba, the Dominican Republic, Colombia, and from the U.S. territory of Puerto Rico, even though the FBI acknowledges MS-13 admits “non-Hispanic individuals.”98 Targeting entire communities for investigation based on racial and ethnic stereotypes is not just unconstitutional, it produces flawed intelligence. The FBI should focus on actual criminal suspects and national security threats, not mapping entire communities based on racial stereotypes. 3. Innocent Victims of Aggressive Investigation and Surveillance The FBI’s overbroad and aggressive use of its investigative and surveillance powers, and its willingness to employ “disruption strategies” against subjects not charged with crimes can have serious, adverse impacts on innocent Americans. Being placed under investigation creates an intense psychological, and often financial, burden on the people under the microscope and their families, even when they are never charged with a crime. All the more so when a heinous crime like terrorism is alleged, and when the investigators are convinced the subject of their investigation is guilty but they just don’t have the evidence necessary for arrest. During the FBI’s relentless investigation of the 2001 anthrax attacks, for instance, The New York Times reported that several people falling under suspicion lost jobs, were placed on watch lists, had citizenship and visa applications denied, and personal relationships destroyed.99 The FBI publicly hounded bioterrorism researcher Steven Hatfill for over a year, following him so closely with up to eight FBI surveillance cars that one of them once ran over his foot.100 FBI officials later acknowledged Hatfill was completely innocent, and the Justice Department paid him $4.6 million in damages. The FBI then turned its sites on another researcher, Bruce Ivins, who suffered a mental breakdown and committed suicide. The National Research Council has since questioned the strength of the scientific evidence supporting the FBI’s case against Ivins, but the FBI considers the case closed.101 Such deleterious effects can be felt not just by the individuals who come under law enforcement suspicion, but by entire communities. A groundbreaking 1993 study in the United Kingdom by professor Paddy Hillyard documented how emergency anti-terrorism measures treated the Irish living in Britain and Northern Ireland differently in both law and police practice from the rest of the population, effectively marking them as a “suspect community.” The study found the British anti-terrorism practices inflicted physical, mental, and financial effects on the Irish community at large, not just those directly targeted, and had a suppressive effect on “perfectly legitimate political activity and debate around the Northern Ireland question.”102 There is evidence U.S. anti-terrorism enforcement and intelligence efforts are having similar effects on the American Muslim community. In 2009, the ACLU documented the chilling effect aggressive enforcement of anti-terrorism financing laws was having on American Muslim religious practices, particularly in suppressing mosque attendance and charitable giving, which is 18 an important tenet of Islam.103 One donor to a Muslim charity interviewed for the ACLU report said: Our whole community was approached by the FBI about donations. They’ve intimidated our whole community… They’ve been asking about every single Muslim charity. Everyone is aware of this. People aren’t giving as much as they should be giving, because of this.104 In 2013, civil rights and police accountability groups in New York published a report detailing how an NYPD surveillance program targeting Muslim communities throughout the northeast suppressed Muslims’ religious, political, and associational activities.105 Treating entire communities as suspect because of their race, ethnicity, religion, or national origin violates individual rights and American values and undermines effective law enforcement. D. Unrestrained Data Collection and Data Mining The FBI has also claimed the authority to sweep up voluminous amounts of information independent of assessments or investigations. The FBI obtains this data—often containing personally identifiable information—from open or public source materials; federal, state, or local government databases or pervasive information sharing programs; and private companies and then amasses it in huge data bases where it is mined for a multitude of purposes. 1. eGuardian and Suspicious Activity Reports In 2009, the FBI established a new database called eGuardian to collect reports of “suspicious” behavior generated by state and local law enforcement agencies106 to be shared broadly with other federal law enforcement agencies, the Department of Homeland Security, and the intelligence community.107 Like many other suspicious activity reporting (SAR) programs, the standards governing the definition of “suspicious” conduct for reporting to eGuardian are extremely vague and over-broad, making it likely that reports will be based on racial or religious profiling or other bias, rather than objectively reasonable indications of wrongdoing. The 2008 FBI press release announcing the eGuardian program suggested that people photographing the Brooklyn Bridge or the Washington Monument should be reported.108 Few eGuardian SARs have been made public, but based on what other SAR programs produce, it is likely that particular religious, racial, and ethnic communities are disproportionately targeted and inappropriately reported for engaging in so-called suspicious activity. National Public Radio and the Center for Investigative Reporting reviewed more than 1,000 pages of SARs submitted from security officials at Minnesota’s Mall of America and found that “almost two-thirds of the ‘suspicious’ people whom the Mall reported to local police were minorities.”109 It is also clear that eGuardian has become a repository for improperly collected information about First Amendment-protected activities. In 2007, the Pentagon shuttered its Threat and Local 19 Observation (TALON) database system, which collected reports of suspicious activity near military bases, after media reports revealed that it included information about innocent and constitutionally-protected activity such as anti-war meetings and protests.110 The Pentagon office that ran TALON was closed, but the improperly collected data collected was turned over to the FBI, and the military now provides SARs directly to eGuardian.111 While eGuardian has been established to collect reports “that appear to have a potential nexus to terrorism” — an already inappropriately low standard — even information the FBI deems “inconclusive” can be retained for five years, searched, and used for “pattern and trend analysis.”112 The value of retaining such innocuous data on Americans’ behavior is highly questionable and may even harm efforts to identify threats by overwhelming analysts with large volumes of irrelevant data. A George Washington University Homeland Security Policy Institute survey of state and local law enforcement officials who worked with SARs called them “white noise” that impeded effective intelligence analysis.113 Another major problem is that eGuardian effectively competes with another federal government SAR. The Intelligence Reform and Terrorism Prevention Act of 2004 established the Information Sharing Environment (ISE) to serve as the conduit for terrorism-related information sharing between state and local law enforcement and the federal government.114 A March 2013 Government Accountability Office report found that though the two programs share information between them, eGuardian uses a lower evidentiary threshold for inclusion of SARs, which creates risks and privacy problems. The Government Accountability Office found that “many fusion centers have decided not to automatically share all of their ISE-SARs with eGuardian” because eGuardian doesn’t meet ISE standards.115 One fusion center said it would never provide SARs to eGuardian because of the fusion center’s privacy policy.116 The Government Accountability Office also found that the two systems “have overlapping goals and offer duplicative services.”117 This duplicity wastes resources and creates a risk that potential threats fall between the cracks. Though the SAR programs have been operational for years, neither the ISE Program Manager nor the FBI track whether SAR programs deter terrorist activities or assist in the detection, arrests, or conviction of terrorists, and they have not developed performance measures to determine whether these programs have a positive impact on homeland security.118 2. Mining Big Data The FBI also has much larger databases, and more ambitious data mining programs, but it goes to great lengths to mask these programs from congressional and public oversight. An FBI budget request for fiscal year 2008 said the FBI had amassed databases containing 1.5 billion records, and two members of Congress described documents predicting the FBI would have 6 billion records by 2012, which they said would represent “20 separate ‘records’ for each man, woman and child in the United States.”119 20 On October 29, 2001, President Bush directed the attorney general to establish a Foreign Terrorist Tracking Task Force (Tracking Task Force) to deny aliens “associated with, suspected of being engaged in, or supporting terrorist activity” entry into the U.S. and to “locate, detain, prosecute and deport any such aliens” already in the country.120 But this mission quickly expanded as the Tracking Task Force was transferred to the FBI and began ingesting larger and larger data sets. The Justice Department’s 2007 data mining report, required by the Patriot Reauthorization Act of 2005, revealed the existence of the Foreign Terrorist Tracking Task Force “Data Mart.” The report said the Data Mart included data from government agencies, including the Terrorist Screening Center Database and the Department of Homeland Security’s I-94 database, and commercial data from the Airlines Reporting Corporation and private data aggregation companies Choicepoint and Accurint.121 The data mining report acknowledged these databases contained U.S. person information, but it maintained that the focus of Tracking Task Force data mining queries was on identifying “foreign terrorists.”122 The report clarified, however, that if the FBI’s data mining tools establish high “risk scores” for U.S. persons the Tracking Task Force analysts “may look at them to see if they have derogatory information.”123 But the FBI had even bigger plans. In 2007, it submitted a budget request seeking $100 million over three years to establish the National Security Analysis Center, which would combine the Tracking Task Force with the largest FBI data set, the Investigative Data Warehouse.124 The Investigative Data Warehouse contains all intelligence and investigative data collected by the FBI across all of its programs, along with “other government agency data and open source news feeds.”125 This data includes, for example, well over a million suspicious activity reports filed by financial institutions each year as required by the Bank Secrecy Act, which was expanded by the Patriot Act to include car dealerships, casinos, pawn shops, and even the post office.126 The FBI ingests this data directly from the Treasury Department for inclusion in the Investigative Data Warehouse, along with an additional 14 million currency transaction reports submitted annually to document cash transactions over $10,000.127 By combining the Investigative Data Warehouse with the Tracking Task Force, the National Security Analysis Center would have access to 1.5 billion records. And based on the budget request, the FBI clearly wanted to obtain more. Congress instead requested a Government Accountability Office audit of the National Security Analysis Center, but the FBI refused to give the auditors access to the program.128 Congress temporarily pulled funding for the National Security Analysis Center in 2008 because of this impasse, but there has been little public discussion about it since.129 A 2013 Inspector General report says the Tracking Task Force “incorporated” the National Security Analysis Center and its datasets and expanded its role.130 Today the Tracking Task Force has 360 staff members, mostly analysts and contractors, and an annual budget of $54 million.131 It runs 40 separate projects, and despite its name, no longer limits its mission to the detection of foreign terrorists. According to a 2013 Inspector General report, the Tracking Task Force runs a program called “Scarecrow” that targets “financial schemes” used by U.S. citizens who may be affiliated with the “Sovereign Citizen” movement, a 21 “FINDUS” project to find known or suspected terrorists within the U.S, and a Traveler Assessment Project “to help identify and assess unknown individuals who may have links to terrorism.”132 According to a 2012 Systems of Records Notice covering all FBI data warehouses, the information in these systems can be shared broadly, even with foreign entities and private companies, and for a multitude of law enforcement and non-law enforcement purposes.133 But scientists challenge whether pattern-based data mining to identify potential terrorist threats is a viable methodology. A 2008 study by the National Research Council of the National Academies of Sciences funded by the Department of Homeland Security concluded that “[a]utomated terrorist identification is not technically feasible because the notion of an anomalous pattern—in the absence of some well-defined ideas of what might constitute a threatening pattern—is likely to be associated with many more benign activities than terrorist activities.”134 The National Research Council pointed out that the number of false leads produced by such a system would exhaust security resources and have severe consequences for the privacy of multitudes of innocent people. The study concluded, “[t]he degree to which privacy is compromised is fundamentally related to the sciences of database technology and statistics as well as to policy and process.135 Given these scientific limitations and privacy implications of using pattern-based data mining to identify potential terrorists, the National Research Council recommended that agencies be required to employ a systematic process to evaluate the “effectiveness, lawfulness and consistency with U.S. values” of such automated systems before they are deployed and be subjected to “robust, independent oversight” thereafter.136 Tracking Task Force operations do not appear to have been subjected to such systematic evaluation or scrutiny, and as a result the FBI wastes resources on false leads that threaten privacy and security. In a heavily redacted section of the 2013 report’s discussion of its effectiveness, the Inspector General concluded that: • • • The Tracking Task Force “did not always provide FBI field offices with timely and relevant information,” which caused an “inefficient use of field office resources;”137 The Tracking Task Force “rarely made” updates to the Traveler Assessment program (despite an FBI policy that requires them every 90 days) and “may have been providing field offices with traveler threat information that was not consistent with the FBI’s current threat picture;”138 and FBI supervisors received Tracking Task Force leads based on information they had already seen, including some they had provided to Tracking Task Force in the first place.139 An intriguing redaction in the report’s discussion of a Tracking Task Force lead sent to the Phoenix FBI office appears to identify a recurring problem regarding the dissemination of a particular type of information. FBI agents investigating the lead were “unable to determine the individual’s nexus to terrorism,” and the Inspector General concluded that the Tracking Task Force should “continue to work on minimizing the dissemination of [REDACTED].” This 22 warning about potentially inappropriate dissemination is remarkable because FBI and Justice Department officials overseeing the Tracking Task Force claimed that they have “not encountered any privacy-related issues or problems.” 140 The Inspector General’s statement likely says more about the lack of effective oversight rather than the lack of privacy-related problems. With the plethora of information in the Data Mart and its broad dissemination throughout the law enforcement and intelligence communities, it is hard to imagine that no privacy issues were ever raised. Indeed, the Inspector General went on to describe the FBI’s four-year resistance to the Justice Department’s Acting Privacy Officer’s demands to update the Tracking Task Force’s Privacy Impact Assessment, which was required by the E-Government Act of 2002. Despite the privacy officer’s objections, the FBI continued operating the Tracking Task Force Data Mart during this period without an approved Privacy Impact Assessment, reflecting both an official disregard for privacy laws and internal oversight.141 3. Real Threats Still Slipping Through the Cracks There is troubling evidence that the flood of information coming into the FBI as a result of its lower evidentiary requirements for investigation and intelligence collection is overwhelming its agents and analysts. Rather than helping them “connect the dots,” it appears these overbroad data collection programs are impairing the FBI’s ability to properly assess and respond to threat information it receives. While no law enforcement or intelligence agency could reasonably be expected to prevent every terrorist act, several recent attacks by individuals who were previously identified to the intelligence community or investigated by the FBI require a sober evaluation of whether the FBI’s broad information collection and data mining methodologies are inundating it with false positives that obscure real threats. In a letter to the FBI seeking records regarding its 2011 investigation of apparent Boston marathon bomber Tamerlan Tsarnaev, House Homeland Security Committee Chairman Michael McCaul (R-Texas) and Rep. Peter King (R-N.Y.) pointed out that this was the sixth terrorist attack by a person who was previously known to the FBI or CIA.142 These included Chicagoan David Headley, who travelled freely back and forth to Pakistani terrorist training camps over several years, and then to Mumbai, India, where he conducted surveillance in preparation for the 2008 terrorist attacks by Lashkar-e-Taiba gunmen, which killed 166 people, including four Americans. Headley was already well-known to federal law enforcement according to an investigative report by Pro Publica, as he had felony drug convictions in the U.S. and later worked as a DEA informant.143 Pro Publica’s reporting reveals the FBI had numerous warnings from different individuals over several years that Headley was involved in terrorism. The FBI received its first tip that Headley was a terrorist shortly after 9/11, but closed its investigation based on his denials. The following year the Philadelphia FBI received a second warning from a family friend that Headley was involved with Pakistani militants. An agent performed a records check and closed the case without interviewing Headley. 23 In 2005, Headley’s Canadian wife called an FBI terror tip line and told the FBI about Headley’s involvement with the Pakistani terrorist group. She was interviewed several times but Headley was not. In 2007, Headley’s second wife, in Pakistan, contacted the U.S. Embassy in Islamabad and told State Department security and U.S. Customs officers about Headley’s involvement with the terrorist group, which they in turn reported to the FBI. The FBI received another tip shortly after the Mumbai attacks, from a friend of Headley’s mother. FBI attempts to interview Headley were thwarted by a relative who falsely asserted that Headley was in Pakistan. Finally, in 2009 British intelligence identified him meeting with al Qaeda associates in Britain, and the FBI tracked him across Europe and back to the U.S., where he was arrested after a few months of investigation. The second incident involved Abdulhakim Mujahid Muhammad, also known as Carlos Bledsoe, an American citizen and former gang member with a minor criminal record. In 2009, Muhammad shot two Army recruiters in Little Rock, Ark., in a self-described terrorist attack, killing one. Muhammad was known to the FBI because he had been arrested in Yemen the year before for possessing a false Somali passport and explosives manuals.144 An FBI agent reportedly interviewed Muhammad twice, once in the Yemeni jail and again upon his return to the U.S.145 According to ABC News, the Joint Terrorism Task Force opened a preliminary investigation of Muhammad when he returned from Yemen, yet he amassed an arsenal of weapons and successfully attacked the recruiting station without being detected by the investigating agents.146 He was arrested by local police shortly after the attack. While hindsight is always 20-20, these cases show critical information is still falling through the cracks at the FBI, even after years of expanding resources and investigative authorities. These cases demonstrate that the FBI’s increased data collection activities may be doing more harm than good, as the constant response to false leads resulting from dubious “suspicious activity reports” and data mining programs makes it more difficult for agents to identify true threats that come into the FBI. Another example involves the 2009 shooting incident in Ft. Hood, Texas, in which Army psychiatrist Major Nidal Hasan killed 13 fellow soldiers. The FBI Joint Terrorism Task Force in Washington, D.C., conducted an assessment of Hasan earlier that year in response to a lead sent from the San Diego office after agents intercepted two e-mails he sent to Anwar al-Aulaqi beginning in late 2008. According to an analysis of the investigation conducted by former FBI and CIA director William Webster, San Diego FBI officials received, evaluated, and catalogued 14 other emailmessages from Hasan to Aulaqi, and two responses from Aulaqi, but did not recognize the link to the original e-mails that sparked the assessment of Hasan, nor advise the D.C. Task Force officer of these additional communications. The Webster Commission later determined that Hasan’s e-mails did not reveal “any suggestion of impending wrongdoing by Hasan,” though it said that knowledge of these additional e-mails “would have undermined the assumption that Hasan had contacted Aulaqi simply to research Islam,” which may have justified further investigation.147 24 In a section of the report subtitled “the data explosion,” the Webster Commission identified the “exponential growth in the amount of electronically stored information” as a critical challenge for the FBI.148 It concluded that the D.C. Joint Terrorism Task Force officer’s assessment of Hasan was “belated, incomplete, and rushed, primarily because of their workload.”149 Similarly, the Commission found the San Diego agent and analyst assigned to the Aulaqi investigation were responsible for evaluating almost 30,000 electronic documents by the time of the Ft. Hood shooting, which averaged over 1,500 per month, or from 70 to 130 per work day.150 The Commission called this pace “relentless” and suggested the failures in the Hasan investigation were “a stark example of the impact of the data explosion” on the FBI.151 National Counterterrorism Center (NCTC) Director Michael Leiter similarly cited the daily intake of data into intelligence community data bases in explaining why the NCTC failed to identify attempted so-called underwear bomber Umar Farouk Abdulmutallab as a threat, despite warnings it received from his father. In attempting to put the failure in “context,” Leiter said the NCTC receives over 5,000 pieces of information and places more than 350 people on the terrorist watch list each day.152 Such a deluge of information leads to bloated watch lists that can’t be properly managed and therefore become meaningless. Abdulmutallab had been identified as a known or suspected terrorist in the FBI’s Terrorist Identities Datamart Environment (TIDE) database, but was not placed on the No Fly List or the Selectee list, which would have subjected him to additional screening. A later Senate Homeland Security Committee investigation found DHS officials “skeptical” of the value of TIDE due to concerns over the quality of data it contained, which they claimed included a two-year-old child and the Ford Motor Company.153 The FBI also conducted a three-month assessment of Tamerlan Tsarnaev based on a March 2011 warning from the Russian government that he had developed radical views and planned to travel to Russia to join “underground” groups.154 Rep. William Keating (D-Mass.), who saw the information provided in the letter during a trip to meet with the Russian security services, said the warning contained detailed information, including that Tsarnaev “wanted to join Palestinian fighters” before deciding to go to Dagestan instead because he knew the language.155 The FBI’s assessment reportedly determined Tsarnaev was not a threat, and it closed in June 2011 (some media reports suggested that FBI rules required closing the assessment after 90 days, but neither the FBI DIOG nor the Attorney General’s Guidelines place time limits on assessments).156 The FBI did place Tsarnaev on terrorism watch lists, however, despite closing the investigation. As a result, Joint Terrorism Task Force officials received alerts when Tsarnaev left for Russia in early 2012 and when he returned six months later, but the FBI did not renew its investigation.157 Predicting future dangerousness is all but an impossible task, and it is entirely possible that even Tsarnaev himself could not have predicted in 2011 that he would commit a terrorist attack in 2013. FBI agents cannot be expected to be fortune tellers. But reviewing the facts of this matter is important to determine whether current FBI practices are effective, as Rep. McCaul and Rep. King suggested. 25 The FBI said its investigation of Tsarnaev was one of over 1,000 assessments the Boston Joint Terrorism Task Force completed in 2011 alone.158 Just as in the Hasan case, this torrid pace may have diminished the quality of the Tsarnaev assessment. The agents may have also been distracted fulfilling the data collection requirements of the FBI’s “baseline collection plan,” rather than concentrating on establishing evidence of a possible crime. Another potentially crucial mistake is that the FBI appears to have focused more on evaluating the first allegation in the Russian warning, that Tsarnaev had developed radical views, rather than the second, which alleged that he planned to travel to Russia to join “underground” groups. Determining whether Tsarnaev held “radical” views would have been inappropriate for a U.S. law enforcement agency that respects the First Amendment and difficult to measure in any event, particularly given the FBI’s flawed model of terrorist radicalization. But the allegation regarding Tsarnaev’s plans to travel to Russia to join an underground group involved actionable intelligence about potentially illegal activity, as U.S. law prohibits providing material support to designated international terrorist groups. This allegation presented a fact question that the FBI could determine was either true or not true. But Tsarnaev’s travel to Russia six months later inexplicably did not trigger a renewed investigation. The FBI did place Tsarnaev on the TIDE watch list, which at that point contained over 700,000 names, and on another watch list called the Treasury Enforcement Communications System (TECS), which is designed to alert Customs agents when a targeted subject travels abroad. Tsarnaev’s travel to Russia six months later reportedly “pinged” the TECS system and alerted the Joint Terrorism Task Force members, as did his July 2012 return, but neither resulted in a renewed investigation.159 This may be the most damning evidence against the FBI’s overbroad approach to watch listing. Law enforcement officers repeatedly flooded with false positives from bloated watch lists become trained to ignore hits rather than respond to them. If the FBI’s assessment of Tsarnaev was properly focused on whether he planned to join underground groups in Russia, his travel there would have raised alarms and a different result may have been possible. Perhaps even more troubling, recent media reports indicate Tsarnaev may be implicated in a grisly triple murder in Waltham, Mass., on September 11, 2011, which occurred after the FBI assessment ended but before Tsarnaev travelled to Russia in January 2012.160 Tsarnaev’s potential involvement in serious criminal activity years before the Boston bombing raises additional questions for policymakers about the appropriate distribution of law enforcement resources. According to FBI crime data, in 2011 less than half of the 1.2 million violent crimes in the U.S. were solved through arrest or positive identification of the perpetrator.161 Included in these unsolved crimes were over a third of the murders committed in 2011 and over 58 percent of the forcible rapes.162 These numbers have remained fairly consistent over the last several years, even as intelligence activities directed against innocent Americans have increased. It is important to recognize that terrorism is a heinous crime with serious emotional and economic consequences, but it is still worth examining whether diverting the resources currently spent on 26 overbroad and ineffective suspicionless intelligence collection programs to helping police solve violent crimes would make all American communities safer as a result. It is also important to note that the FBI has successfully investigated and prosecuted hundreds of defendants charged with terrorism-related offences both before and after 9/11, so it clearly has the tools and the competence necessary to address this problem. But given the impact its increased post-9/11 domestic intelligence powers have on American liberty, we cannot just trust the FBI that these authorities are necessary or effective. What becomes clear from reviewing the terrorist events the FBI failed to interdict is that the data explosion created by its lowered investigative and intelligence collection standards often impairs rather than enhances its ability to identify real threats. As the National Research Council recommended, the government should have to demonstrate the effectiveness of new counterterrorism policies and programs before they are implemented and subject them to strict legal limits and rigorous oversight to protect constitutional rights and privacy. Preventing every possible terrorist attack is an unrealistic and unreachable goal, yet this imperative drives many of the overzealous collection programs that threaten privacy and civil liberties, even as they fail to produce tangible security benefits. It is time for policy makers and intelligence officials to conduct evidence-based evaluations of all counterterrorism programs and policies to end any that are ineffective or improperly infringe on constitutional rights. 4. Mining Bigger Data: The NCTC Guidelines Another sign the Foreign Terrorist Tracking Task Force data mining programs are not effective came in March 2012, when the attorney general and director of National Intelligence announced dramatic changes to the National Counterterrorism Center’s (NCTC) guidelines to allow it to collect, use, and retain records on U.S. citizens and permanent residents with no suspected ties to terrorism.163 This wholesale rewrite of intelligence policy, approved over the objection of Department of Homeland Security and Justice Department privacy officers, upended decades-old protections of U.S. person information, subjecting potentially millions of innocent Americans to unjustified scrutiny by the intelligence community.164 Under the new rules, the NCTC can swallow up entire government databases—regardless of the number of innocent Americans included—and use the information in myriad ways, including pattern-based data mining, for five years. Such unfettered collection is essentially a revival of the Bush administration's Total Information Awareness program, which Congress largely defunded in 2003 because of privacy concerns.165 These privacy concerns have only increased over the last ten years, as Americans have become even more dependent on advanced information technology. But given the FBI’s close collaboration with the NCTC, these changes also raise serious questions about whether the Foreign Terrorist Tracking Task Force program is effective. If the costly Tracking Task Force data mining programs work there would be no need for NCTC to build another system to accomplish the same task. 27 5. Exploitation of New Technologies The FBI is also exploiting new technological developments in troubling ways. A tax fraud prosecution in Arizona revealed that the FBI has been failing to inform judges about the particularly invasive nature of “Stingray” devices when it seeks to obtain court orders for location information.166 Stingray is a brand name for an IMSI catcher, which is a device that obtains identifying information from mobile communication devices—known as international mobile subscriber identity information—by mimicking a cell-phone tower. The IMSI catcher accomplishes this task in a particularly invasive way: by sending signals to all cell phones in the vicinity, including within people’s homes, and tricking them into sending signals back to the IMSI catcher. Because it mimics a cell phone tower, the IMSI catcher can intercept the content of communications in addition to the identifying information, and the precise location of the mobile device. The ACLU of Northern California obtained Justice Department documents showing the FBI has been obtaining pen register orders—which authorize the government to obtain telephone numbers called from and received by a particular mobile device based on a relevance determination—to obtain location data using IMSI catchers, without telling the magistrate judges that this invasive technology would be used.167 The documents make clear the FBI has routinely used these misleading tactics to conceal its use of this technology over the course of several years. 6. Secret Spying and Secret Law The public doesn’t know the full extent of the FBI’s domestic surveillance activities because so much of it takes place in secret, and Sen. Wyden has warned his colleagues that many of them don’t know either, because the government secretly interprets laws in ways that expand its collection authorities beyond the plain language in the law.168 As discussed above, we know the Justice Department has a secret interpretation of the Patriot Act and a secret OLC opinion reinterpreting Electronic Communications Privacy Act, and we know that at times the intelligence community has disregarded the law entirely.169 We also know that the FBI cooperates with other federal intelligence agencies as well as state and local law enforcement agencies and private entities to enhance its ability to obtain and analyze data about Americans. But official secrecy bars us from knowing all we should—and it is not unreasonable to assume that’s exactly the way the government wants it. In a democratic society governed by the rule of law, the public has a need and a right to know the legal parameters regulating government’s surveillance of its citizenry. Secret intelligence activities are particularly odious to a free society because they enable the circumvention of traditional legal and constitutional protections against government violations of individual rights. As the Senate Committee examining the FBI’s intelligence abuses in the 1970s explained, a victim of illegal spying “may never suspect that his misfortunes are the intended 28 result of activities undertaken by his government, and accordingly may have no opportunity to challenge the actions taken against him.”170 An FBI training presentation obtained by Wired Magazine entitled, “Unique Aspects of the Intelligence Profession,” provides a glimpse of the impunity from legal oversight or consequences that intelligence officers assume they possess. It states that “[u]nder certain circumstances, the FBI has the ability to bend or suspend the law and impinge on the freedom of others.”171 This attitude, combined with the FBI’s renewed embrace of a “disruption strategy,” raise serious concerns about how the FBI implements its intelligence programs that demand attention from Congress. III. Unaccountable: Evidence of Abuse, Need for Reform With the substantial increases in the FBI’s powers since 9/11, there needs to be an equally robust increase in oversight in order to curb abuse. Unfortunately, the FBI’s internal controls have too often proved ineffective at preventing error and abuse, and external oversight has been too easily thwarted by the secrecy necessary to protect legitimate investigations and intelligence operations. A. Shirking Justice Department Oversight The five Inspector General reports on the FBI’s misuse of its Patriot Act authorities serve as ample demonstration of the lack of effective internal controls within the FBI. The FBI responded to the 2007 reports by establishing new internal compliance policies, but the IG reviewed these reforms during the 2008 audits and found them insufficient to prevent further abuse. The IG criticized the FBI for repeatedly downplaying its violations of intelligence law and policy by describing them as “third party errors” or “administrative errors,” arguing this characterization of the problem by FBI management sends “the wrong message regarding the seriousness of violations of statutes, guidelines or policies.”172 The Inspector General re-audited a sample of files previously examined by FBI inspectors and found three times more legal violations than the FBI identified.173 The 2008 report on Section 215 of the Patriot Act revealed a troubling incident in which the Foreign Intelligence Surveillance Court rejected an FBI request for a Section 215 order on First Amendment grounds, but the FBI General Counsel ignored this opinion and authorized the issuance of NSLs, which do not require judicial approval, to obtain the same information.174 That a high-level FBI official would demonstrate such disdain for the court and the law is particularly troubling. The IG also concluded the FBI did not yet fully implement the recommended reforms from 2007, and that it was “too soon to definitively state whether the new system of controls… will eliminate fully the problems with the use of NSLs.”175 Despite these reports of abuse, Congress failed to narrow the FBI’s powers, or even obtain a public explanation of the government’s interpretation of the scope of its authorities, when the Patriot Act was reauthorized in 2011.176 29 As previously noted, the FBI is primarily regulated through Attorney General’s Guidelines. In 2005, the Inspector General audited the FBI’s compliance with the various Attorney General’s Guidelines and found significant deficiencies that threatened people’s rights. The Inspector General found at least one rules violation in a whopping 87 percent of the FBI informant files examined.177 And even the meager evidentiary requirements of the 2002 Ashcroft amendments to the guidelines were clearly being ignored: • • Fifty-three percent of FBI preliminary inquiries that extended beyond the initial 180-day authorization period did not contain the required documentation authorizing the extension; and Seventy-seven percent of those that extended past 270 days contained “no documentation” to justify a second extension.178 This meant people could remain under investigation for an entire year with no reasonable indication they were involved in illegal activity and without written justification for the continuing scrutiny. Yet rather than tighten the rules, Attorney General Mukasey significantly loosened the guidelines again in 2008, despite these excessive violations. The Inspector General’s 2010 analysis of the FBI’s investigations of domestic advocacy groups, which covered only a handful of cases from 2001 to 2006, noted that violations of the 2002 guidelines identified in those investigations would not be violations under the 2008 guidelines.179 B. Suppressing Government Whistleblowers The FBI has a notorious record of retaliating against FBI employees who report misconduct or abuse in the FBI and has used aggressive leak investigations to suppress other government whistleblowers. Congress exempted the FBI from the requirements of the Whistleblower Protection Act of 1989 and instead required the Justice Department to establish an internal system to protect FBI employees who report waste, fraud, abuse, and illegality. Still, FBI Director Robert Mueller repeatedly vowed to protect Bureau whistleblowers: I issued a memorandum on November 7th [2001] reaffirming the protections that are afforded to whistleblowers in which I indicated I will not tolerate reprisals or intimidation by any Bureau employee against those who make protected disclosures, nor will I tolerate attempts to prevent employees from making such disclosures.180 Yet court cases and investigations by the Justice Department Office of Professional Responsibility and Inspector General have repeatedly found that FBI officials continue to retaliate against FBI employees who publicly report internal misconduct, including Michael German,181 Sibel Edmonds,182 Jane Turner,183 Robert Wright,184 John Roberts,185 and Bassem Youssef.186 Other FBI whistleblowers choose to suffer retaliation in silence. Special Agent Chad 30 Joy courageously blew the whistle on a senior FBI agent’s serious misconduct during the investigation and prosecution of Alaska Sen. Ted Stevens, which resulted in the trial judge overturning the conviction against him, but only after the senator had lost re-election.187 Special Agent Joy was publicly criticized by his then-retired supervisor, subjected to a retaliatory investigation, and then taken off criminal cases.188 Joy resigned and no longer works at the FBI, while the FBI agent responsible for the misconduct in the Stevens’ case continues to be assigned high-profile investigations—a clear sign that the FBI culture continues to protect agents involved in misconduct more than those who report it.189 These high-profile cases of whistleblower retaliation discourage other FBI personnel from coming forward. A 2009 Inspector General report found that 28 percent of non-supervisory FBI employees and 22 percent of FBI supervisors at the GS-14 and GS-15 levels “never” report misconduct they see or hear about on the job.190 That such a high percentage of officials in the government’s premiere law enforcement agency refuse to report internal misconduct is shocking and dangerous and perpetuates the risk that Americans like Sen. Stevens will continue to be victimized by overzealous investigations and prosecutions. The FBI has also been involved in suppressing other government whistleblowers through inappropriately aggressive leak investigations. For example, when the U.S. media reported in 2005 that the National Security Agency (NSA) was spying on Americans’ communications without warrants in violation of the Foreign Intelligence Surveillance Act, the FBI didn’t launch an investigation to enforce the law’s criminal provisions. It instead went after the whistleblowers, treating leaks to the American public about government malfeasance as espionage.191 After more than a year of aggressive investigation and interviews, armed FBI agents conducted coordinated raids on the homes of four former NSA and Justice Department officials and a House Intelligence Committee staffer, treating them as if they were dangerous Mafiosi instead of dedicated federal employees who held the government’s highest security clearances. William Binney, who served more than 30 years in the NSA, described an FBI agent pointing a gun at his head as he stepped naked from the shower.192 The only prosecution, alleging Espionage Act violations against the NSA’s Thomas Drake, collapsed at trial in 2011, and the government’s methods earned a stern rebuke from Judge Richard D. Bennett: I don't think that deterrence should include an American citizen waiting two and a half years after their home is searched to find out if they're going to be indicted or not. I find that unconscionable. … It was one of the most fundamental things in the Bill of Rights that this country was not to be exposed to people knocking on the door with government authority and coming into their homes. And when it happens, it should be resolved pretty quickly, and it sure as heck shouldn't take two and a half years before someone's charged after that event.193 The deterrence effect from such enforcement activity isn’t felt just by the person ultimately charged, however, or even those searched but never charged. The FBI’s 31 aggressive investigations of whistleblowers send a clear message to other federal employees that reporting government wrongdoing will risk your career, your financial future, and possibly your freedom. And more FBI leak investigations are resulting in criminal prosecutions than ever before. The Obama administration has prosecuted more government employees for leaking information to media organizations than all other previous administrations combined, often charging them with Espionage Act violations and exposing them to draconian penalties.194 Though leaks of classified information are a common occurrence in Washington, almost invariably these leak prosecutions have targeted federal employees who exposed government wrongdoing or criticized government policy. B. Circumventing External Controls 1. Targeting Journalists The FBI’s overzealous pursuit of government whistleblowers has also resulted in the inappropriate targeting of journalists for investigation, thereby chilling press freedoms. In 2010, the Inspector General reported that the FBI used an illegal “exigent letter” to obtain the telephone records of seven New York Times and Washington Post reporters and researchers during a media leak investigation, circumventing Justice Department regulations requiring the attorney general’s approval before issuing grand jury subpoenas for journalists’ records. The FBI obtained and uploaded 22 months’ worth of data from these reporters’ telephone numbers, totaling 1,627 calls.195 More recently, after The Associated Press reported on the CIA’s involvement in interdicting a terrorist attack against a U.S. jetliner in May 2012, the Justice Department issued grand jury subpoenas seeking toll records from more than 20 separate telephone lines, including work and personal numbers for reporters and AP offices in New York, Washington, and Connecticut. In total, more than 100 journalists used the telephones covered by the subpoenas.196 One of the subpoenaed lines was the AP’s main number in the U.S. House of Representatives’ press gallery. As worrisome from a constitutional standpoint, a 2010 FBI search warrant application sought Fox News reporter James Rosen’s e-mails as part of an investigation into a State Department detailee’s alleged leak of classified information regarding North Korea. The search warrant characterized Rosen as a criminal aider, abettor, or co-conspirator in an Espionage Act violation.197 The claim was made so the agent could avoid the stringent oversight and notice requirements of the Privacy Protection Act, which was enacted specifically to protect reporters’ First Amendment rights. The PPA bars the government from obtaining news media-related work product unless there is probable cause to believe the reporter has actually committed a crime. The FBI affidavit claimed Rosen’s requests for information from the government official amounted to illegal solicitations to commit espionage and said he groomed the official “[m]uch like an intelligence officer would run an [sic] clandestine source.”198 The affidavit concluded that 32 “there is probable cause to believe the Reporter… has committed a violation of [the Espionage Act].” While the U.S. government has never prosecuted a journalist for publishing classified information, this characterization of news gathering as criminal activity reveals that at least some FBI and Justice Department officials, and one federal judge who signed the warrant, believe they could do so in criminal leak cases. 2. Thwarting Congressional Oversight The FBI thwarts congressional oversight by withholding information, limiting or delaying responses to members’ inquiries, or, worse, by providing false or misleading information to Congress and the American public. These are but a few examples. When Congress debated the first Patriot Act reauthorization in April 2005, FBI Director Robert Mueller testified that he was unaware of any “substantiated” allegations of abuse of Patriot Act authorities.199 The 2007 IG audit later revealed the FBI self-reported 19 Patriot Act-related violations of law or policy to the Intelligence Oversight Board between 2003 and 2005.200 Though misleading, this testimony was technically accurate because President Bush’s Intelligence Oversight Board did not meet to “substantiate” any reported violations until the spring of 2007.201 During a 2006 Senate Judiciary Committee hearing, Chairman Patrick Leahy (D-Vt.) complained that when he asked Director Mueller if FBI agents had witnessed objectionable interrogation practices in Iraq, Afghanistan, or Guantanamo Bay during a hearing in May 2004, “he gave a purposefully narrow answer, saying that no FBI agents had witnessed abuses ‘in Iraq.’”202 But FBI documents released in December 2004 in response to an ACLU FOIA request revealed that FBI agents had witnessed abusive treatment of detainees at Guantanamo Bay on multiple occasions, which they duly reported to their FBI supervisors in the field and at FBI headquarters. Sen. Leahy said, “I hope that Director Mueller will continue moving away from the Bush Administration's policy of secrecy and concealment on this issue and toward the responsiveness that the American people deserve.”203 To the FBI’s credit, a 2008 IG report indicated FBI agents repeatedly documented and reported detainee abuse they witnessed in Iraq, Afghanistan, and Guantanamo Bay.204 The IG report found the FBI did not properly respond to the agents’ request for guidance until after the photographs depicting detainee abuse at Abu Ghraib prison in Iraq were published in April 2004, and a small number of FBI agents did participate in abusive interrogations. In an FBI oversight hearing in 2008, the late Sen. Arlen Specter criticized FBI Director Mueller for not having told him that President Bush authorized the National Security Agency to eavesdrop on Americans’ communications in violation of the Foreign Intelligence Surveillance Act in 2001.205 Sen. Specter, who had oversight responsibility over the FBI as the Senate Judiciary Committee’s Chairman or Ranking Member during the four years the secret program operated, complained that he only learned about the warrantless wiretapping program when it 33 appeared in The New York Times in late 2005.206 Sen. Specter pointed out that because Director Mueller knew about the program, and knew that the Intelligence Committees had not been briefed as required by the National Security Act of 1947, he had a responsibility to report it. Mueller responded that he “was of the belief that those who should be briefed in Congress were being briefed.”207 Sen. Feinstein, who served on both the Intelligence and Judiciary Committees, said Mueller’s comment that members were fully briefed was “simply not accurate.”208 As Congress considered a second Patriot Act reauthorization in 2009, Director Mueller was asked about the importance of an expiring provision that allowed the FBI to obtain FISA orders to intercept the communications of unaffiliated “lone wolf” terrorists. He responded, “[a]s to the lone-wolf provision, while we have not — there has not been a lone wolf, so to speak, indicted, that provision is tremendously helpful.”209 He went on, “that is also a provision that has been, I believe, beneficial and should be re-enacted.” A few months later the Justice Department advised Sen. Leahy that the government had never used the lone wolf provision.210 According to a 2010 IG report, after ACLU FOIA requests exposed inappropriate FBI spying on a Pittsburgh anti-war rally in 2006, unidentified FBI officials concocted a false story claiming the surveillance was an attempt to identify a person related to a validly-approved terrorism investigation who they believed would attend the rally, not an effort to monitor the activities of the anti-war group.211 The FBI presented this false story to the public in press releases and to Congress through testimony by Director Mueller. When Sen. Leahy requested documentation regarding the FBI’s investigation, this false story fell apart because there was no relevant Pittsburgh terrorism investigation. FBI officials then developed a second false story that circulated internally and ultimately sent to Congress a statement for the record that claimed documents couldn’t be provided because the investigation was ongoing. When the IG investigated the matter, the FBI failed to provide internal e-mails that may have identified who in the FBI concocted these false stories.212 Congress cannot perform its critical oversight function if FBI officials fail or refuse to provide complete, timely, and accurate information upon request. 3. Thwarting Public Oversight with Excessive Secrecy In addition to secret surveillance and secret interpretations of the law, the FBI is also using excessive secrecy to hide from the public both routine demands for information in criminal cases and its extraordinary covert intelligence abuses. U.S. Magistrate Judge Stephen W. Smith wrote a law review article in 2012 warning that the FBI and other federal law enforcement officers have created an enormous “secret docket” of “warrant-type applications” for electronic surveillance under the Electronic Communications Privacy Act. These applications for wiretaps, pen registers, and stored communications and subscriber information exploit “a potent mix of indefinite sealing, nondisclosure (i.e. gagging), and delayed-notice provisions” in ECPA to obtain surveillance orders from U.S. magistrate 34 judges that are only ever seen by the government agents and telephone and Internet service providers that execute the orders. Judge Smith estimates that magistrate judges seal around 30,000 ECPA orders annually. While these seals are supposed to be temporary, they often effectively become permanent due to inaction by the government.213 In a study in his own division, Judge Smith determined that 99.8 percent of sealed orders from 1995 through 2007 remained sealed in 2008.214 Magistrate judges are given little judicial guidance on how to address these requests for secrecy. Because these orders remain sealed they cannot be challenged by the subjects of the surveillance, which in turn deprives the magistrate judges of appellate court decisions that would provide guidance on how to interpret ECPA’s complex provisions when evaluating future government secrecy demands under the statute.215 The result is less public oversight of law enforcement surveillance activities. In a profoundly disturbing case involving covert surveillance, the FBI in 2006 tasked informant Craig Monteilh, a convicted felon, with infiltrating several southern California mosques by pretending to convert to Islam. In a sworn affidavit, Monteilh says his FBI handlers provided him audio and video recording equipment and instructed him “to gather as much information on as many people in the Muslim community as possible.”216 Monteilh’s handlers did not give him specific targets, but told him to look for people with certain traits, such as anyone who studied Islamic law, criticized U.S. foreign policy, or “played a leadership role at a mosque or in the Muslim community.”217 Monteilh said he recorded youth group meetings, lectures by Muslim scholars, and talked to people about their problems so FBI agents could later “pressure them to provide information or become informants.”218 Monteilh’s handlers told him to attend morning and evening prayers because the Muslims who attended were likely “very devout and therefore more suspicious.”219 Monteilh said he often left the recorder unattended to capture private conversations he was not a party to, and that his handlers knew this and did not tell him to stop. He said the agent told him more than once that “if they did not have a warrant they could not use the information in court, but that it was still useful to have the information.”220 Monteilh exposed his role as an FBI informant to the Los Angeles Times in 2009.221 The ACLU of Southern California, the Council on American Islamic Relations of Greater Los Angeles, and the law firm Hadsel, Stormer, Keeny, Richardson & Renick LLP initiated a class action law suit against the FBI on behalf of Southern California Muslims. The suit alleges the FBI unlawfully targeted people based on their religious beliefs in violation of the First Amendment, retained information about their religious practices in FBI files in violation of the Privacy Act, and conducted unreasonable searches in violation of the Fourth Amendment.222 In an extraordinary move, the government asserted the “state secrets” privilege to block the lawsuit against the FBI from moving forward.223 That FBI secrecy demands could prevent U.S. citizens and residents from going into a U.S. court room to protect themselves from unconstitutional FBI surveillance taking place in American communities offends Americans’ sense of justice.224 The federal district court dismissed the illegal surveillance suit against the 35 FBI based on the assertion of the state secrets privilege, but allowed claims against individual agents for FISA violations to proceed.225 During related FOIA litigation, a federal district judge severely criticized the FBI for misleading the court by falsely denying it had records responsive to the FOIA request. The FBI had been interpreting its exclusions under FOIA as authority to provide false no records responses to FOIA requestors under certain conditions. The Justice Department has since amended this policy to prevent false denial of records responses to FOIA requests. In all of these cases, the FBI could have chosen a path of greater transparency without harming criminal investigations or national security and defended its tactics in courts of law and in the court of public opinion. Its increasing reliance on secrecy to thwart legal challenges to its law enforcement and intelligence activities leaves the public with dangerously little recourse against FBI violations of constitutional rights. IV. Targeting First Amendment Activity A. Biased training FOIA litigation by the ACLU of Northern California, the Asian Law Caucus, and The San Francisco Bay Guardian and later media reports uncovered factually inaccurate FBI training materials that demonstrated strong anti-Arab and anti-Muslim bias.226 The materials span from 2003 to 2011. They include both amateurish power point presentations that paint Muslims and Arabs as backward and inherently violent and a professionally-published counterterrorism textbook the FBI produced with the Combating Terrorism Center at West Point for training law enforcement. The textbook, “Terrorism and Political Islam,” devotes one of five sections to “Understanding Islam,” and another to “Cultural and Regional Studies” of Muslim-majority countries, which tends to reinforce the false idea that modern terrorism is predominantly a Muslim phenomenon.227 Such heavy emphasis on Islam is misguided, as terrorism is a tactic used by many groups claiming allegiance to a multitude of different religions and political ideologies, and potentially distracts from other significant threats. A later report by the Combating Terrorism Center documented that 670 people have been killed and 3,053 injured in attacks by far right extremists in the U.S since 1990, yet far-right extremists are barely mentioned in the textbook except to dismiss them as significant threats.228 There are many different terrorism threats, and FBI training materials should address each in a factually objective manner based on evidence rather than bias. The FBI textbook also improperly links Muslims’ political activities and opinions with their potential for violence. One essay tells agents they can determine whether Muslims are militant by asking their opinions about the Iraq war and the political situation in Israel and Egypt. Those Muslims answering with “a patriotic and pro-Western stance,” according to the article, “could potentially evolve into a street informant or concerned citizen.”229 Biased and erroneous FBI 36 training can be expected to result in inappropriate targeting of American Muslim communities for investigation and intelligence collection. To its credit, following media exposure of these biased training materials, the FBI initiated a review of its counterterrorism training materials referencing religion and culture, and issued a statement that “[s]trong religious beliefs should never be confused with violent extremism.”230 The FBI has reportedly removed 800 pages from its training materials, but there has been far too little transparency regarding the standards guiding this review. And unfortunately, the FBI did not review intelligence products that mirrored these biased training materials, despite requests by the ACLU and partner organizations to include them. The public is well aware that similarly flawed, incorrect, and biased FBI intelligence products do exist. A 2006 FBI intelligence report called “Radicalization: From Conversion to Jihad” asserts that “indicators” that a person is progressing on a path to becoming a terrorist include: • • • • • • Wearing traditional Muslim attire Growing facial hair Frequent attendance at a mosque or prayer group Travel to a Muslim country Increased activity in a pro-Muslim social group or cause Proselytizing231 These activities are commonplace and entirely innocuous, and millions of American Muslims who pose no threat to anyone engage in them regularly. More importantly for an agency charged with protecting civil rights, these activities are protected by the First Amendment. While the report notes that “[n]ot all Muslim converts are extremists,” it suggests that all are suspect because “they can be targeted for radicalization.” This assertion undoubtedly leads to additional law enforcement scrutiny of American Muslims for no reason other than the practice of their faith.232 The FBI refused a request to withdraw this report, and an FBI spokesman defended its analysis, stating that “[t]hese indicators do not conflict with our statement that strong religious beliefs should never be confused with violent extremism.”233 Such biased and erroneous information in FBI intelligence reports is likely to drive racial and religious profiling at every stage of the intelligence process. These false indicators can be expected to lead to excessive and unwarranted surveillance and intelligence collection targeting communities agents perceive to be Muslim, which fills FBI data bases with a disproportionate amount of information about Arabs, Middle-Easterners, South Asians, and African-Americans. Further analysis of this biased data pool using data mining tools based on these false indicators could lead to more people from these communities being selected for more intensive investigation and watch listing.234 It could even result in the application of an FBI “disruption strategy,” which might include scouring their records for minor violations that would not 37 normally be investigated or charged, deportation, security clearance revocation,235 or employing informants to act as agents provocateur to instigate criminal activity. But biased training materials were not limited to erroneous information about Muslims. FBI domestic terrorism training presentations on “Black Separatist Extremists” juxtaposed decadesold examples of violence by the Black Panthers and the Black Liberation Army with unorthodox beliefs expressed by a number of different modern groups to suggest, without evidence, that these latter-day groups pose a similar threat of violence.236 The FBI presentation claims organizations it calls “Black Separatists” have no unifying theme or mission, but “all share racial grievances against the U.S., most seek restitution, or governance base [sic] on religious identity or social principals [sic].”237 No recent acts of “Black Separatist” terrorism appear in the presentations or in FBI lists of terrorism incidents going back to 1980.238 FBI domestic terrorism training presentations on “Anarchist Extremists” claim they are “not dedicated to any cause” and merely “criminals seeking an ideology to justify their activities,” yet focus heavily on protest activity, including “‘passive’ civil disobedience.”239 FBI training presentations on “Animal Rights/Environmental Extremism” list “FOIA Requests” as examples of “Intelligence Gathering,” and another presentation suggests activists are waging a “public relations war.”240 38 Failing to distinguish properly between First Amendment activity, non-violent civil disobedience, and terrorism in FBI training materials leads to investigations and intelligence gathering that improperly target constitutionally-protected activity, endangers political activists by placing them on terrorism watch lists, and suppresses religious and political freedom. B. Targeting AMEMSA Communities Arab, Middle-Eastern, Muslim, and South Asian (AMEMSA) communities in the U.S. have faced the brunt of the FBI’s overzealous applications of its expanded authorities since 9/11. In the immediate aftermath of the attacks, acting out of fear and ignorance, FBI agents and other federal officials arrested hundreds of Middle-Eastern immigrants, based mostly on minor visa violations, in a pre-emptive measure painfully reminiscent of the Palmer raids.241 The Justice Department initiated a “hold until cleared” policy that assured the detainees would be held without bond until cleared by the FBI of any links to terrorism, meaning many languished in detention for months.242 An affidavit signed by an FBI counterterrorism official presented a “mosaic” theory, which argued these detainees should be held despite the lack of individualized evidence of dangerousness until the FBI could develop a fuller picture of the threat and rule out their involvement in terrorism.243 Attorney General John Ashcroft defended such pre-textual arrests, warning the “terrorists among us” that: If you overstay your visa – even by one day – we will arrest you. If you violate a local law, you will be put in jail and kept in custody as long as possible. We will use every available statute. We will seek every prosecutorial advantage. We will use all our weapons within the law and under the Constitution to protect life and enhance security for America.244 This statement was the first clear indication that the government would pursue what was soon called the “Al Capone strategy,” in reference to the notorious gangster’s imprisonment on tax charges rather than violent crimes. This strategy held that government agents should vigorously pursue people they believed to be involved in terrorism using any civil or criminal violation that could be found, no matter how small or unrelated to actual terrorism plotting. The description of an official “disruption strategy” in the FBI’s 2009 “Baseline Collection Plan” suggests the FBI is continuing to promote this concept.245 Using a “disruption” plan could arguably make sense if the target is actually a terrorist. Many times, however, when the government doesn’t have evidence to support a terrorism charge, it is because the person isn’t actually involved in terrorism, despite the FBI’s suspicions. But the FBI didn’t just pursue immigrants, or wait until it found a legal violation. The FBI also jailed innocent American Muslims by misusing material witness warrants. Indeed, the FBI’s flawed terrorism training materials and intelligence products make clear that agents were erroneously taught to view Muslim religious practices and political activism as indicators of terrorism. When the government selectively targets, investigates, and refers for prosecution 39 people based on race, ethnicity, religion, national origin, or political viewpoint it has a different name: discrimination. AMEMSA communities in the U.S. have faced different types of degrading, oppressive treatment as a result of the FBI’s flawed attitude, training, and policies since 9/11. In 2003, the FBI ordered its field offices to count the number of mosques in their areas as part of one counterterrorism initiative and initiated nationwide programs of “voluntary” interviews throughout AMEMSA communities.246 U.S. News and World Report revealed in 2005 that FBI agents secretly scanned hundreds of Muslim homes, businesses, and mosques with radiation detection equipment without warrants in at least six cities across the nation.247 No nuclear weapons were detected. The ACLU obtained documents indicating that from 2007 through 2011 the FBI exploited its community outreach programs to secretly gather information on AMEMSA community organizations and mosques, which was then uploaded to domain management intelligence files and disseminated outside the FBI in violation of the Privacy Act.248 The FBI has also aggressively pressured AMEMSA community members to become informants for the FBI, particularly immigrants who must rely on the government to process their immigration and citizenship applications in a fair and timely manner. An FBI training presentation on recruiting informants in the Muslim community suggests agents exploit “immigration vulnerabilities” because Muslims in the U.S. are “an immigrant community.”249 In 2008, the U.S. Citizenship and Immigration Service implemented a covert program to ensure that individuals who pose a threat to national security are not granted immigration benefits, which often gives the FBI wide discretion to deny, approve, or delay citizenship requests, and thereby the leverage to compel Muslim immigrants to become informants.250 The pervasive and unjustified use of informants to spy in Muslim communities offends American values and inflicts real harm on the innocent people living there, by chilling their ability to exercise constitutionally guaranteed religious freedoms.251 The FBI has also sent informants, including some with serious criminal histories, into AMEMSA communities to act as “agents provocateur.”252 As stated by the “disruption strategy” described in the FBI’s 2009 “Baseline Collection Plan,” source-driven operations are one of the FBI’s preferred methods of “disrupting” its intended targets.253 While FBI has long used informants and undercover agents in sting operations, the methodology used against Muslims since 9/11 has been significantly more aggressive. According to a 2011 analysis of federal terrorism prosecutions by Mother Jones magazine, of 508 terrorism defendants prosecuted since 9/11, 158 (31 percent) were caught in sting operations.254 In many cases the government agent provides all the instrumentalities of the crime, chooses the target, designs the plot, and provides the gullible subjects financial support or other incentives to carry out the plot. The subjects are often destitute and at times become financially dependent on the informants. For example, a defendant in Chicago was given room and board in the informant’s home and provided with a car and spending money.255 In a case in Newburgh, N.Y., 40 the FBI informant offered one of the hesitant defendants, ex-convict James Cromitie, $250,000 to execute the faux plot, raising the question of whether this was a truly terrorism case or a murder-for-hire.256 While some of the defendants targeted in these cases were angry and disgruntled—and arguably deserved some law enforcement attention—they mostly did not have violent criminal histories. They also did not acquire weapons on their own nor possess the financial means to obtain them before meeting an FBI informant. Yet instead of addressing the threat as it existed in these cases, the FBI initiated elaborate sting operations using dubious informants, many with criminal records, to prod the subjects to act out, often supplying them with spiritual or political motivation, financial assistance, and sophisticated military hardware at little or no cost. The informant in Newburgh provided the destitute defendants a Stinger surface-to-air missile and plastic explosives.257 In the Chicago case, the defendant was unable (or unwilling) to raise the paltry $100 the undercover agent was going to charge him for four military hand grenades, so the agent instead traded him the grenades for two used stereo speakers.258 There is no legitimate reason for the FBI to exaggerate the danger posed to the community in these cases by introducing heavy weapons the defendants clearly would be unable to obtain on their own. Government actions aggrandizing the threat a defendant poses through the introduction of what are no more than harmless stage props only spreads unwarranted public fear, which it often fans with sensational press conferences at the time of arrest. The effect of these FBI tactics is that judges and juries who might otherwise question the FBI’s tactics in these cases and entertain an entrapment defense may be less willing to do so out of unjustified concern for public safety, or unease over the potential public reaction. Indeed, the judge in the Newburgh case called it a “fantasy terror operation” and said, “[o]nly the government could have made a terrorist out of Mr. Cromitie, whose buffoonery is positively Shakespearean in scope.”259 Nevertheless, she let the jury's conviction stand and sentenced Cromitie to 25 years in prison. These questionable investigative methods also tend to increase the potential penalties faced by these defendants, who may be pressured to plead guilty in exchange for more lenient sentences, giving the courts and the public fewer opportunities to examine and evaluate FBI tactics. C. Targeting Activists The FBI also targeted political advocacy organizations with renewed vigor after 9/11, as demonstrated through ACLU FOIAs and confirmed by a 2010 Inspector General audit. And FBI training continues to describe political activism as an “extremist” tactic and non-violent civil disobedience as terrorism. The FBI uses many of the same tactics it uses against AMEMSA communities, including invasive surveillance, infiltration, and sting operations using agents provocateur.260 But the FBI has also been using its expanded powers to conduct inappropriately harsh overt investigations that appear designed to suppress political activity. As the Church Committee pointed out decades ago, aggressive investigation can often be more disruptive than 41 covert action: “[t]he line between information collection and harassment can be extremely thin.”261 In a recent case in Nevada, Native American political activists representing the American Indian Movement (AIM) appeared at public meetings of the Nevada Wildlife Commission and the Washoe County Wildlife Advisory Board in March 2012 to speak out against a proposed bear hunt, on religious grounds.262 Shortly thereafter, a law enforcement officer assigned to the FBI’s Joint Terrorism Task Force arrived at the home of one AIM activist and workplace of another to question them about their appearance at the public meetings, saying audience members felt threatened when they spoke. The police arrested one of the AIM activists, interrogated her in jail, and tried to get her to sign a document saying she was involved in terrorist activity.263 She refused and was released without charge. In an email statement given to the Reno-Gazette Journal, a spokesman said the FBI “conducted an assessment and determined no further investigation was warranted at this time.” The Reno-Gazette Journal contacted a Department of Wildlife spokesman who said an FBI official had contacted them and asked if the wardens were threatened: “We absolutely answered no, we have not.”264 This use of FBI assessment authority appears to have been intended to intimidate political activists rather than investigate real threats. More troubling, however, are incidents in which the FBI targeted activists with armed raids. In September 2010, dozens of FBI agents conducted simultaneous raids on peace and labor activists’ homes and offices in Chicago, Minneapolis, and Grand Rapids, Mich., seizing documents, computers, and cell phones.265 An FBI spokesman said the searches were part of a Joint Terrorism Task Force investigation “into activities concerning the material support of terrorism,” but there was no “imminent danger” to the public. The FBI also served fourteen of the activists with subpoenas commanding their appearance before a grand jury in Chicago. One activist’s bank account was frozen. More than three years later, none of the activists has been charged with a crime, raising troubling questions about whether these aggressive raids were necessary or justified. Such aggressive law enforcement operations obviously have a devastating impact on these activists’ ability to continue their political advocacy. But they also create fear in the larger activist community. Both those who worked directly with the targeted activists now living under a cloud of suspicion and those who didn’t, but work on similar political issues, have to worry if they will be the next ones to be raided. Unfortunately, the FBI is only increasing its use of these tactics. In July 2012, FBI SWAT teams wearing body armor and carrying assault rifles raided at least six homes of alleged anarchists in Portland, Ore., and Seattle and Olympia, Wash., reportedly using flash-bang grenades at some locations.266 Sealed search warrants reportedly sought “anarchist” literature, computers, cell phones, black clothing, and flags carried at protests.267 No arrests were made but several people were served with grand jury subpoenas related to the raids. Some have been jailed for refusing to testify before the grand jury. The Oregonian reports that court records 42 indicate the investigation is targeting an “organized ‘black bloc’” that committed vandalism during May Day protests in Seattle in 2012 and broke windows at the federal courthouse there.268 While vandalism of U.S. government property is indeed a federal crime, the extreme tactics the FBI is using in this case appear to be designed more to send a message to, and potentially “disrupt”, this community of activists than to solve serious federal crimes. Strong-arm tactics have no place in American law enforcement. While FBI agents conducting search warrants must act in a manner to protect themselves and others from violence, force can only be used when necessary to prevent imminent harm. Flash-bang grenades are potentially lethal weapons. They have caused deadly fires, induced heart attacks, and recently killed a police officer who accidently set one off in his garage as he was placing equipment in his patrol car.269 When FBI agents use their law enforcement powers to suppress or disrupt political activity, they are violating the Constitution they have sworn to defend and undermining the rights of all Americans. V. Greater Oversight Needed: The FBI Abroad The FBI is increasingly operating outside the U.S., where its authorities are less clear and its activities much more difficult to monitor. There are three areas in particular that need far greater transparency and action by Congress to protect the rights of U.S. citizens traveling abroad. A. Proxy Detention The federal government has an obligation to come to the aid of American citizens arrested in foreign countries, and the State Department has said that assisting Americans incarcerated abroad is one of its most important tasks.270 Federal law requires that: Whenever it is made known to the President that any citizen of the United States has been unjustly deprived of his liberty by or under the authority of any foreign government, it shall be the duty of the President forthwith to demand of that government the reasons of such imprisonment; and if it appears to be wrongful and in violation of the rights of American citizenship, the President shall forthwith demand the release of such citizen, and if the release so demanded is unreasonably delayed or refused, the President shall use such means, not amounting to acts of war and not otherwise prohibited by law, as he may think necessary and proper to obtain or effectuate the release; and all the facts and proceedings relative thereto shall as soon as practicable be communicated by the President to Congress.271 Yet the FBI appears to have requested, facilitated, and/or exploited the arrests of U.S. citizens by foreign governments, often without charges, so they could be held and interrogated, sometimes tortured, then interviewed by FBI agents. The ACLU represents two victims of the FBI’s proxy detention activities. 43 Amir Meshal is an American Muslim born and raised in New Jersey.272 He traveled to Somalia to study Islam in 2006, but had to flee with other civilians when the country became engulfed in civil war at the end of that year. A joint American, Kenyan, and Ethiopian force arrested him at the Kenya border in early 2007. Meshal was subsequently subjected to more than four months of detention, often in squalid conditions. His captors transferred him between three different East African countries without charge, access to counsel, or presentment before a judicial officer, all at the behest of the U.S. government. While foreign officials showed little interest in talking to Meshal, FBI agents interrogated him more than thirty times and told him he would not be permitted to go home until he confessed to being part of al Qaeda. They took his fingerprints and a DNA sample and tried to coerce his confession by threatening him with torture, forced disappearance, and rendition to Egypt, Somalia, or Israel for further interrogation. The FBI agents refused his requests for counsel and did not allow him to make any phone calls to let his family know where he was. The FBI agents made Meshal sign Miranda waivers, telling him that if he refused he would not be allowed to go home. After a Kenyan court was poised to hear habeas petitions filed by a Kenyan human rights group on behalf of foreigners seized at the border, Meshal was forcibly transferred to Somalia and then to Ethiopia, where he was again repeatedly interrogated by FBI agents, including one who interrogated him in Kenya. During this entire period Meshal was never charged with a crime nor provided access to counsel or the Red Cross. Meshal was only released and allowed to return home after media reports regarding his prolonged detention led to inquiries from Congress. Naji Hamdan, a Lebanese-American businessman, was contacted and interviewed by the FBI several times while he was living in Los Angeles over many years, and he was often stopped and interrogated at U.S. airports but he was never arrested or charged with a crime in the U.S.273 In 2006, he and his family moved the United Arab Emirates where he established a business. In July 2008, FBI agents from Los Angeles summoned him to the U.S. Embassy for an interview. Several weeks later, in August 2008, Hamdan was seized by U.A.E. security forces, held incommunicado for nearly three months, beaten and tortured, and forced to confess to being associated with several different terrorist groups. At one point an American participated in his interrogation, who Hamdan believed to be an FBI agent based on the interrogator’s knowledge of previous FBI interviews. Believing the U.S. government was behind Hamdan’s detention, the ACLU of Southern California filed a habeas corpus petition in federal court on his behalf, alleging Hamdan was in the constructive custody of the U.S. A week later on November 26, U.A.E. officials transferred Hamdan to criminal detention in the U.A.E.. He was charged with vague terrorism-related crimes and later convicted based on his coerced confessions, but he was sentenced only to time served and deported to Lebanon, where he lives with his family. Documents obtained by the ACLU demonstrate the State Department and FBI were closely monitoring Hamdan’s case from the beginning of his detention. These proxy detentions appear to be continuing under the Obama administration. In December 2010, American teenager Gulet Mohamed was jailed in Kuwait when he went to renew his visa 44 after spending several months in the country visiting family. According to The New York Times, Mohamed said he was beaten and threatened by his Kuwaiti interrogators and later interviewed by FBI agents who said “he could not return to the United States until he gave truthful answers about his travels.”274 The New York Times confirmed the U.S. had placed Mohamed on the No Fly List.275 After the media reported his detention, Mohamed’s family hired a lawyer to represent him, who alleged the FBI continued to interrogate Mohamed repeatedly without counsel while he remained in Kuwaiti custody, stranded because the U.S. put him on the No Fly List.276 Mohamed was never charged with a crime and returned to the U.S. in January 2011. An FBI official admitted in a July 8, 2011, email to Mother Jones Magazine that the FBI may elect to share information with foreign governments and that those governments “may decide to locate or detain an individual or conduct an investigation based on the shared information.” The FBI official went on: Additionally, there have been instances when foreign law enforcement have detained individuals, independent of any information provided by the FBI, and the FBI has been afforded the opportunity to interview or witness an interview with the individual.277 If the FBI is providing information to foreign governments to arrest Americans abroad when there is not sufficient evidence to bring U.S. charges, it may be a violation of constitutional due process rights and an abrogation of the government’s obligation to defend the rights of U.S citizens. This conduct is particularly problematic where the cooperating governments have records of abusing human rights. B. FBI Overseas Interrogation Policy The ACLU obtained through FOIA the fifth version of an FBI interrogation manual for conducting custodial interrogations in overseas environments, which was written by a supervisor in the FBI’s counterterrorism division in 2011 (the third version was copyrighted in 2010, it is unknown when the earlier versions were published).278 The manual is troubling for many reasons, but particularly because it recommends that FBI agents ask the foreign government or U.S. military officials holding the detainees to isolate them at capture “for several days before you begin interrogation” and throughout the “multi-session, multi-day” interrogation process.279 Isolation has long been recognized as a coercive technique that can cause serious psychological distress, and the manual advises FBI agents that in addition to security concerns, an important purpose for requesting isolation is to allow interrogators to take advantage of “the natural fear of the unknown that the detainee will be experiencing.”280 This advice directly conflicts with FBI policy. The FBI Legal Handbook for Special Agents, and the U.S. Supreme Court, explicitly recognizes isolation as a coercive technique that undermines the voluntariness of detainee’s statements.281 The manual also makes repeated, positive references to the CIA’s notorious KUBARK interrogation manual and “the Reid Technique,” both of which have been criticized 45 for promoting coercive interrogation practices. The ACLU has asked the FBI to end this practice and provide remedial training to any agents who received this manual.282 If FBI agents request isolation of detainees prior to interviews—or participate in interviews in which detainees are being or have been mistreated, tortured, or threatened with torture— they are violating FBI policy and U.S. law. Congress must act to investigate the FBI’s conduct abroad and curb this troubling activity. C. Using the No Fly List to Pressure Americans Abroad to Become Informants Several audits by the GAO and agency IGs have documented the government’s mismanagement of its terrorist watch lists over many years.283 A 2009 DOJ IG audit found: …the FBI failed to nominate many subjects in the terrorism investigations that we sampled, did not nominate many others in a timely fashion, and did not update or remove watchlist records as required… We also found that 78 percent of the initial watchlist nominations we reviewed were not processed in established FBI timeframes.”284 But rather than narrow and reform its many watch lists, or provide constitutionally-adequate and effective post-deprivation redress procedures so people improperly placed on these lists could remove their names, the FBI appears to be aggressively exploiting these lists in a manner that further violates Americans’ civil rights. This is particularly true for the No Fly List, which is the smallest subset of the FBI’s massive Terrorist Screening Center watch list (affecting about 21,000 of the 875,000 people on the larger list), but also the most liberty infringing because it bars air travel to or within the U.S.285 The GAO reported in 2012 that the number of U.S. persons on the No Fly List has more than doubled since December 2009.286 In many cases, U.S. citizens and permanent residents only find out that their government is prohibiting them from flying while they are travelling abroad, which all but forces them to interact with the U.S. government from a position of extreme vulnerability, often without easy access to counsel. Many of those prevented from flying home have been subjected to FBI interviews while they sought assistance from U.S. Embassies to return.287 In several documented incidents, the FBI agents offered to take them off the No Fly List if they agreed to become an FBI informant. For example, Nagib Ali Ghaleb, a naturalized U.S. citizen residing in San Francisco, traveled to Yemen in 2010 to visit his wife and children and meet with U.S. consular officials concerning delays in his family’s previously-approved visa applications.288 At the airport in Frankfurt, Germany, as he was getting ready to board the last leg of his flight home from Yemen, airline officials delayed his boarding until an FBI agent arrived at the airport and told Mr. Ghaleb that he would not be allowed to fly back to the U.S. Ghaleb returned to Yemen and sought assistance at U.S. Embassy. He was directed to submit to an interview with FBI agents, who questioned 46 him about his mosque and the San Francisco Yemeni community. The FBI agents asked him to become an informant for the FBI in California, but Mr. Ghaleb said he did not know any dangerous people and would not spy on innocent people in mosques. The FBI agents threatened to have Mr. Ghaleb arrested by the Yemeni government if he did not cooperate. In 2010, the ACLU and its affiliates filed a lawsuit on behalf of Mr. Ghaleb and other American citizens and permanent residents, including several U.S. military veterans, seven of whom were prevented from returning to the U.S. from abroad, arguing that barring them from flying without due process was unconstitutional.289 The ACLU sought preliminary relief for those stranded overseas so they could return to the U.S., and the government allowed those Americans to board returning flights without explaining why they were put on the list, or whether they would be barred from flying in the future. The government has now put in place an informal process for U.S. citizens apparently placed on the No Fly List to secure a one-time waiver to fly home, but the constitutional issues in the case remain under litigation. None of the plaintiffs, some of whom are U.S. military veterans, have been charged with a crime, told why they are barred from flying, or given an opportunity to challenge their inclusion on the No Fly List. Many cannot pursue business opportunities or be with friends and family abroad, and U.S. Customs officials even prevented one ACLU client, Abdullatif Muthanna, from boarding a boat in Philadelphia in a failed attempt to travel to see family members living overseas.290 The ACLU clients are not the only victims of this practice. In a lawsuit filed in May 2013, American citizen Yonas Fikre alleges that FBI agents from his hometown of Portland, Ore., lured him to the U.S. Embassy in Khartoum under false pretenses while he was travelling in Sudan on business and coerced him into submitting to an interview.291 The complaint states that the agents denied Fikre’s request for counsel, told him he was on the No Fly List, and interrogated him about the mosque he attended in Portland and the people who went there. They asked him to become an informant for the FBI in Portland, offering to take him off the No Fly List and provide financial compensation if he accepted. He refused. Fikre later traveled to the U.A.E., where in 2011 he was arrested and tortured by security officials. In the lawsuit, Fikre charges that his arrest and interrogation were undertaken at the request of the FBI. U.A.E. officials released Fikre without charge after three months, but were unable to deport him back to Portland because the U.S. still included him on the No Fly List. He applied for political asylum in Sweden.292 In 2012, the U.S. charged Fikre with conspiring to evade financial reporting requirements regarding wire transfers to the Sudan, but made no terrorism allegations against him.293 And in a more recent case described in The Huffington Post, Kevin Iraniha, an American citizen born and raised in San Diego, says he was barred from flying home after graduating with a master’s degree in international law from the University of Peace in Costa Rica in June 2012.294 Iraniha submitted to an interview with an FBI agent at the U.S. Embassy, but was told that he would not be allowed to fly into the U.S. and would have to drive or take a boat. Iraniha flew to Tijuana, Mexico, and walked across the border.295 47 The FBI should not be allowed to use the No Fly List as a lever to coerce Americans into submitting to FBI interviews or becoming informants. Congress should require the administration to establish a redress process that comports with constitutionally required procedural due process so that persons prohibited from flying can correct government errors and effectively defend themselves against the government’s decision to place them on the No Fly List. VI. Conclusion and Recommendations FBI abuse of power must be met with efforts of reform, just as much now as in the days of J. Edgar Hoover. President Obama should require the attorney general to tighten FBI authorities to prevent suspicionless invasions of personal privacy, prohibit profiling based on race, ethnicity, religion or national origin, and protect First Amendment activities. But internal reforms have never been sufficient when it comes to the FBI. Congress also must act to make these changes permanent and must increase its vigilance to ensure abuse is quickly discovered and remedied. We offer these recommendations: RECOMMENDATIONS FOR THE ATTORNEY GENERAL: 1. The AG must revise the Justice Department Guidance Regarding the Use of Race in Federal Law Enforcement to: 1) remove the national security and border integrity exemptions; 2) prohibit profiling by religion or national origin; 3) clarify that the ban on profiling applies to intelligence activities as well as investigative activities; 4) establish enforceable standards that include accountability mechanisms for noncompliance; and 5) make the guidance applicable to state and local law enforcement working on federal task forces or receiving federal funds. 2. The AG must revise the Attorney General’s Guidelines to: 1) remove the FBI’s authority to conduct “assessments” without a factual predicate of wrongdoing; 2) prohibit racial and ethnic mapping; and 3) prohibit the FBI from undertaking “Preliminary Investigations” unless they are supported by articulable facts and particularized suspicion, and properly limited in time and scope; 4) prohibit the FBI from tasking informants or using undercover agents in Preliminary Investigations. 3. The AG must direct the Justice Department’s Civil Rights Division to investigate the FBI’s counterterrorism training materials and intelligence products to identify and remove information that is factually incorrect; exhibits bias against any race, ethnicity, religion or national origin; or improperly equates First Amendment-protected activity or non-violent civil disobedience with terrorism. 4. The AG must direct the Civil Rights Division to investigate the FBI’s domain management and racial and ethnic profiling programs and determine whether the FBI used these programs to 48 improperly target intelligence operations or investigations based on race, ethnicity, religion, or national origin. 5. The AG must direct the Justice Department Inspector General to review the FBI’s extraterritorial activities, particularly incidents involving proxy detentions of Americans, FBI interrogation policies and practices, and the improper use of the No Fly List to compel Americans to submit to interviews or agree to become an informant. 6. The AG must end ‘secret law’ by declassifying and releasing secret legal interpretations of its surveillance authorities, including but not limited to: 1) FISA Court opinions interpreting the scope of U.S. government’s surveillance authorities, particularly under Section 215 of the USA Patriot Act and Section 702 of FISA; 2) the January 8, 2010, OLC opinion interpreting the Electronic Communications Privacy Act to allow the FBI to obtain certain communication records without legal process in non-emergency situations; and 3) the June 2012 version of the FBI DIOG. RECOMMENDATIONS FOR CONGRESS: 1. Congress must intensify its oversight of all FBI policies and practices, particularly those that implicate Americans’ constitutional rights. The collection, retention, and sharing of personally identifying information about Americans without facts establishing a reasonable indication of criminal activity poses serious risks to liberty and democracy, and the evidence of abuse is overwhelming. The lessons of the past have been ignored and we are increasingly seeing a return to abusive intelligence operations that target protest groups and religious and racial minorities. Congress must particularly examine FBI activities abroad, where Americans’ due process rights and safety are at greatest risk. 2. Congress must narrow the FBI’s intelligence and investigative authorities through statute. The Attorney General’s Guidelines are changed too often and too easily, and the FBI too often fails to comply with them. 3. Though the FISA Amendments Act and several Patriot Act-related surveillance provisions are set to expire in 2015, new evidence of abuse of these authorities demonstrates that Congress can’t wait. Congress should immediately repeal Section 215 of the Patriot Act and Section 702 of FISA. 4. Congress must examine and evaluate all information collection and analysis practices and bring an end to any government activities that are illegal, ineffective, or prone to abuse. Congress should conduct a comprehensive review of all expanded post-9/11 intelligence authorities so thoughtful and effective reforms can be implemented. 5. Congress must amend the Electronic Communications Privacy Act to require a probable cause warrant before the government can search and seize online records and communications, just as 49 it needs to search documents in the mail or in our homes and offices. Congress should evaluate ECPA sealing and delayed notice provisions to ensure maximum transparency regarding law enforcement surveillance activities. 6. Congress must not implement or fund new intelligence programs without empirical evidence that they effectively improve security and can be implemented without undue impact on privacy and civil rights. We should not sacrifice our liberty for the illusion of security. Any new effort to expand information collection, sharing, or analysis must be accompanied by independent oversight mechanisms and rigorous standards to maintain the accuracy, timeliness, and usefulness of the information and to ensure the privacy of innocent individuals is preserved. Congress should adopt the National Research Council recommendations to require the FBI and other federal agencies to employ a systematic process to evaluate the “effectiveness, lawfulness and consistency with U.S. values” of all automated data mining systems before they are deployed and subject them to “robust, independent oversight” thereafter.296 7. Congress must pass the End Racial Profiling Act and ban racial profiling in all government intelligence and law enforcement programs. 8. Congress must pass the State Secrets Protection Act, which would restore the states secrets privilege to its common law origin as an evidentiary privilege by prohibiting the dismissal of cases prior to discovery. Congress must ensure independent judicial review of government state secrets claims by requiring courts to examine the evidence and make their own assessments of whether disclosure could reasonably pose a significant risk to national security. 9. Congress must establish due process mechanisms so Americans placed on the No Fly List or other terrorism watch lists that implicate their rights can effectively challenge the government’s actions. 1 Laura W. Murphy, Director, Washington Leg. Office, American Civil Liberties Union, The Patriot Act’s Section 215 Must Be Reformed (June 14, 2013), http://www.aclu.org/blog/national-security-technology-and-liberty/patriotacts-section-215-must-be-reformed. 2 Press Release, Rep. Jim Sensenbrenner, Author of Patriot Act: FBI’s FISA Order is Abuse of Patriot Act (June 6, 2013) (on file with author), available at http://sensenbrenner.house.gov/news/documentsingle.aspx?DocumentID=337001. 3 Letter from Laura W. Murphy, Director, Washington Leg. Office, American Civil Liberties Union, & Gregory T. Nojeim, Assoc. Director & Chief Leg. Counsel, Washington Leg. Office, American Civil Liberties Union, to U.S. Senate (Oct. 23, 2001) (on file with author), available at http://www.aclu.org/national-security/letter-senate-urgingrejection-final-version-usa-patriot-act. See also The USA Patriot Act of 2001: Hearing Before the H. Permanent Select Comm. on Intelligence, 109th Cong. (2005) (statement of Timothy H. Edgard, Nat’l Sec. Policy Counsel, American Civil Liberties Union), available at http://www.aclu.org/national-security/testimony-national-securitypolicy-counsel-timothy-h-edgar-hearing-usa-patriot-act ; The USA Patriot Act: Hearing Before the H. Judiciary Subcomm. on the Constitution, Civil Rights, & Civil Liberties, 111th Cong. (2009) (statement of Michael German, 50 Policy Counsel, American Civil Liberties Union), available at http://www.aclu.org/national-security/aclu-testimonyhouse-judiciary-subcommittee-constitution-civil-rights-and-civil-li; and The Permanent Provisions of the PATRIOT Act: Hearing Before the H. Judiciary Subcomm. on Crime, Terrorism & Homeland Sec., 1112th Cong. (2011) (statement of Michael German, Senior Policy Counsel, American Civil Liberties Union), available at https://www.aclu.org/files/assets/ACLU_Testimony_Before_the_HJC_Regarding_the_Patriot_Act.pdf. 4 Marcus v. Search Warrant, 367 U.S. 717, 729 (1961). 5 See Mapp v. Ohio, 367 U.S. 643 (1961). 6 Allan M. Jalon, A Break-In to End All Break-Ins, L.A. T IMES, Mar. 8, 2006, http://articles.latimes.com/2006/mar/08/opinion/oe-jalon8. 7 S. SELECT COMM. TO STUDY GOVERNMENTAL OPERATIONS WITH RESPECT TO INTELLIGENCE ACTIVITIES, FINAL REPORT ON SUPPLEMENTAL DETAILED STAFF REPORTS ON INTELLIGENCE ACTIVITIES AND THE RIGHTS OF AMERICANS (BOOK II), S. Rep. No. 94-755, at 6-7 (1976) [hereinafter Church Comm.(Book II)]. 8 Id. 9 50 U.S.C. § 1801 et. seq. (2010). 10 FBI Statutory Charter: Hearings Before the S. Comm. on the Judiciary, 95th Cong. Pt. 1, at 22 (1978). 11 Glenn Greenwald, NSA collecting phone records of millions of Verizon customers daily, T HE G UARDIAN , June 5, 2013, http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order. 12 Secondary Order, In Re Application of the Fed. Bureau of Investigation for an Order Requiring the Prod. of Tangible Things from Verizon Bus. Network Serv., Inc., on Behalf of MCI Commc’n Serv., Inc., D/B/A Verizon Bus. Serv., (U.S. Foreign Intelligence Surveillance Court Apr. 25, 2013), available at http://www.guardian.co.uk/world/interactive/2013/jun/06/verizon-telephone-data-court-order. 13 Ellen Nakashima, Verizon providing all call records to U.S. under court order, W ASH . P OST , June 6, 2013, http://www.washingtonpost.com/world/national-security/verizon-providing-all-call-records-to-us-under-courtorder/2013/06/05/98656606-ce47-11e2-8845-d970ccb04497_print.html. 14 Letter from Ronald Weich, Assistant Att’y Gen., Dep’t of Justice, to Hon. Joseph R. Biden, Jr., President of the U.S. Senate (Apr. 30, 2012) (on file with author), available at http://www.fas.org/irp/agency/doj/fisa/2011rept.pdf. 15 18 U.S.C. §1861 (2006), available at: http://www.law.cornell.edu/uscode/text/50/1861 16 Letter from Rep. Sensenbrenner, to Eric Holder, Att’y Gen., Dep’t of Justice (June 6, 2013) (on file with author), available at http://sensenbrenner.house.gov/uploadedfiles/sensenbrenner_letter_to_attorney_general_eric_holder.pdf. 17 Current and Projected Nat’l Sec. Threats to the U.S.: Hearing Before the Sen. Select Comm. on Intelligence, 112th Cong. (2011) (statement of Robert S. Mueller, III, Dir., Fed. Bureau of Investigation), at 46, available at http://www.fas.org/irp/congress/2011_hr/ssci-threat.pdf. 18 Current and Projected Nat’l Sec. Threats the the U.S.: Hearing Before the S. Select Comm. on Intelligence, 112th Cong. (2011) (statement of Sen. Ron Wyden), at 48, available at http://www.fas.org/irp/congress/2011_hr/sscithreat.pdf. 19 See, Charlie Savage, Senators Say Patriot Act is Being Misinterpreted, N.Y. T IMES, May 27, 2011, at A17, available at http://www.nytimes.com/2011/05/27/us/27patriot.html?_r=0; and Letter from Sen. Mark Udall & Sen. Ron Wyden to Eric Holder, Att’y Gen., Dep’t of Justice (Sept. 21, 2011) (on file with author), available at http://www.documentcloud.org/documents/250829-wyden-udall-letter-to-holder-on-wiretapping.html. 20 Press Release, Wyden, Udall Issue Statement on Effectiveness of Declassified NSA Programs (June 19, 2013) (on file with author), available at http://www.wyden.senate.gov/news/press-releases/wyden-udall-issue-statement-oneffectiveness-of-declassified-nsa-programs. 21 American Civil Liberties Union v. Fed. Bureau of Investigation, 11 CIV 7562 (S.D.N.Y. Oct. 26, 2011). 22 Complaint for Declaratory Judgment and Injunctive Relief, ACLU v. Clapper, No.13CIV3994 (S.D.N.Y. June 11, 2013), available at http://www.aclu.org/files/assets/nsa_phone_spying_complaint.pdf. 23 OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FEDERAL BUREAU OF INVESTIGATION’S USE OF NATIONAL SECURITY LETTERS (2007), available at http://www.usdoj.gov/oig/special/s0703b/final.pdf [hereinafter 2007 NSL Report]. 24 Id. at 104, 84. 25 Id. at 98. 26 OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S USE OF NATIONAL SECURITY LETTERS: ASSESSMENT OF CORRECTIVE ACTIONS AND EXAMINATION OF NSL USAGE IN 2006 (2008), available at http://www.usdoj.gov/oig/special/s0803b/final.pdf [hereinafter 2008 NSL Report]. 27 Id. at 9 . 51 28 Id. at 127, 129 n.116. Id. at 127. 30 OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S USE OF SECTION 215 ORDERS FOR BUSINESS RECORDS IN 2006 68 (2008), available at http://www.usdoj.gov/oig/special/s0803a/final.pdf [hereinafter 2008 Section 215 Report]. 31 See OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FEDERAL BUREAU OF INVESTIGATION’S USE OF EXIGENT LETTERS AND OTHER INFORMAL REQUESTS FOR TELEPHONE RECORDS (2010), available at http://www.justice.gov/oig/special/s1001r.pdf [hereinafter Exigent Letter Report]. 32 Id. at 2, 10. 33 E XIGENT L ETTER R EPORT , supra note 31, at 89. 34 Id. at 263. 35 Id. at 265, 268. 36 Id. at 288. 37 Marisa Taylor, Obama Quietly Continues to Defend Bush Terror Policies, M C C LATCHY , Jan. 22, 2010, http://www.mcclatchydc.com/2010/01/22/82879/obama-quietly-continues-to-defend.html; Josh Gerstein, Obama Won’t Release Another Surveillance Opinion, P OLITICO , Nov. 11, 2011, http://www.politico.com/blogs/joshgerstein/1111/Obama_wont_release_another_surveillance_opinion.html. 38 James Risen & Eric Lichtblau, Bush lets U.S. Spy on Callers Without Courts, N.Y. TIMES, Dec. 16, 2005, http://www.nytimes.com/2005/12/16/politics/16program.html?ei=5090&en=e32072d786623ac1&ex=1292389200. 39 Eric Lichtblau, Debate and Protest at Spy Program’s Inception, N.Y. TIMES, Mar. 30, 2008, http://www.nytimes.com/2008/03/30/washington/30nsa.html?_r=3&ref=us&oref=slogin&oref=slogin&. 40 Lowell Bergman, Eric Lichtblau, Scott Shane & Don Van Natta, Jr., Spy Agency Data After Sept. 11 Led FBI to Dead Ends, N.Y. TIMES, Jan. 17, 2006, http://www.nytimes.com/2006/01/17/politics/17spy.html?pagewanted=all. 41 Eric Lichtblau & James Risen, Spy Agency Mined Vast Data Trove, Officials Report, Dec. 24, 2005, http://www.nytimes.com/2005/12/24/politics/24spy.html?pagewanted=all. 42 Leslie Cauley, NSA has Massive Database of Americans’ Phone Calls, USA TODAY, May 11, 2006, at 1A, available at http://www.usatoday.com/news/washington/2006-05-10-nsa_x.htm. 43 See O FFICE OF THE I NSPECTOR G EN ., N AT ’ L S EC . S ERV . & THE C ENT . S EC . S ERV ., ST-09-0002 Working Draft (Mar. 24, 2009), available at: http://www.guardian.co.uk/world/interactive/2013/jun/27/nsa-inspector-generalreport-document-data-collection. (For a full discussion of these events, see H. C OMM . ON THE J UDICIARY M AJORITY S TAFF , R EINING IN THE I MPERIAL P RESIDENCY : L ESSONS AND R ECOMMENDATIONS R ELATING TO THE P RESIDENCY OF G EORGE W. B USH , at 146-165 (2009), available at http://judiciary.house.gov/hearings/printers/110th/IPres090113.pdf [hereinafter Reining in the Imperial Presidency]. 44 See Glenn Greenwald & Spencer Ackerman, NSA Collected US Email Records in Bulk for More Than Two Years Under Obama, T HE G UARDIAN , June 27, 2013, http://www.guardian.co.uk/world/2013/jun/27/nsa-data-miningauthorised-obama. 45 R EINING IN THE I MPERIAL P RESIDENCY , supra note 43, at 161-166. 46 FISA Amendments Act of 2008, Pub.L.110-261 (2008). 47 For a detailed analysis of the changes to the AGG over time, see OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION’S COMPLIANCE WITH ATTORNEY GENERAL’S INVESTIGATIVE GUIDELINES (2005), available at http://www.usdoj.gov/oig/special/0509/final.pdf. 48 John Ashcroft, Atty’ Gen., Dep’t of Justice, The Attorney General’s Guidelines on General Crimes, Racketeering Enterprise, and Terrorism Enterprise Investigations (2002), available at http://legislationline.org/download/action/download/id/1416/file/97a12dc0c5709c1fd0a3898a03b7.pdf [hereinafter Ashcroft Guidelines]. 49 Id. at 7. 50 See M ARVIN J. J OHNSON , A MERICAN C IVIL L IBERTIES U NION , I NTERESTED P ERSONS M EMO : A NALYSIS OF C HANGES TO A TTORNEY G ENERAL G UIDELINES (2002), available at: http://www.aclu.org/nationalsecurity/interested-persons-memo-analysis-changes-attorney-general-guidelines#_ftn19. 51 A SHCROFT G UIDELINES, supra note 48. 52 A SHCROFT G UIDELINES, supra note 48, at 22. 53 FBI Chief: 9/11 Surveillance Taxing Bureau, W ASH . P OST , at A1, June 6, 2002, available at: http://www.mailarchive.com/ctrl at listserv.aol.com/msg92774.html. 54 See Trevor Aaronson, The Informants, M OTHER J ONES, Sept.-Oct., 2011, http://www.motherjones.com/politics/2011/08/fbi-terrorist-informants. 29 52 55 Michael R. Blood, FBI Director Defends Use of Informants in Mosques, A SSOC . P RESS , June 8, 2009, available at http://www.guardian.co.uk/world/feedarticle/8548433. 56 See FBI.gov, Protecting America from Terrorist Attack: Our Joint Terrorism Task Forces http://www.fbi.gov/about-us/investigate/terrorism/terrorism_jttfs (last visited Apr. 9, 2012). 57 See ACLU.org, FBI/JTTF Spying, http://www.aclu.org/national-security/fbi-jttf-spying (last visited July 1, 2013); and ACLU.org, FBI Spy Files Project: ACLU Client List, http://www.aclu.org/national-security/fbi-spy-filesproject-aclu-client-list (last visited July 1, 2013). 58 Electronic communication from Fed. Bureau of Investigation Los Angeles, Santa Maria Resident Agency, to Fed. Bureau of Investigation Counterterrorism Div. 3, (May 22, 2001) (on file with author), available at http://www.aclu.org/spyfiles/jttf/672_674.pdf (Summary of case. Report of 05/19/2001 protest. Proposed development of[REDACTED]ource). 59 Scott Shane, For Anarchist, Details of Life as FBI Target, N.Y. T IMES, May 29, 2011, at A1, available at http://www.nytimes.com/2011/05/29/us/29surveillance.html?pagewanted=all. 60 Id. see also N.Y. Times, From Scott Crow’s F.B.I. File, http://www.nytimes.com/interactive/2011/05/29/us/29surveillance-text.html (last visited July 1, 2013). 61 Letter from Rep. Zoe Lofgren, to Glenn A. Fine, Inspector Gen., Dep’t of Justice (May 18, 2006) (on file with author). 62 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S INVESTIGATIONS OF CERTAIN DOMESTIC ADVOCACY GROUPS (2010), http://www.justice.gov/oig/special/s1009r.pdf [hereinafter Review of FBI’s Investigations]. 63 Id. at 186-187. 64 Id. 65 Id. 66 Id. at 186. 67 Id. at 187. 68 Id. at 190. 69 Id. at 183. 70 Id. at 166. 71 Id. at 177, 184. 72 Id. at 184. 73 M ICHAEL B. M UKASEY , D EP ’ T OF J USTICE , T HE A TTORNEY G ENERAL ’ S G UIDELINES FOR D OMESTIC FBI O PERATIONS 17 (2008), http://www.justice.gov/ag/readingroom/guidelines.pdf [hereinafter 2008 AGG]. 74 Id. at 20. 75 Carrie Johnson, Rule Changes Would Give FBI Agents Extensive New Powers, W ASH . P OST , Sept. 12, 2008, http://articles.washingtonpost.com/2008-09-12/news/36900434_1_fbi-agents-criminal-cases-intelligence. 76 Electronic communication from Fed. Bureau of Investigation Counterterrorism Div., to all field offices (Sept. 24, 2009) (on file with author), available at: http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM004887.pdf (Counterterrorism Program Guidance, Baseline Collection Plan). 77 Charlie Savage, FBI Focusing on Security Over Ordinary Crime, N.Y. T IMES, Aug. 24, 2011, at A16, available at http://www.nytimes.com/2011/08/24/us/24fbi.html. 78 Fed. Bureau of Investigation Counterterrorism Div., supra note 76, at 11. 79 D EP ’ T OF J USTICE , F ACT S HEET: R ACIAL P ROFILING (June 17, 2003), http://www.justice.gov/opa/pr/2003/June/racial_profiling_fact_sheet.pdf. 80 DEP’T OF JUSTICE, GUIDANCE REGARDING THE USE OF RACE BY FEDERAL LAW ENFORCEMENT AGENCIES (June 2003), http://www.justice.gov/crt/about/spl/documents/guidance_on_race.pdf. 81 Scott Keeter, Why Surveys of Muslim Americans Differ, PEW RESEARCH CENTER, Mar. 6, 2009, http://www.pewresearch.org/2009/03/06/why-surveys-of-muslim-americans-differ/. 82 F EDERAL B UREAU OF I NVESTIGATION , D OMESTIC I NVESTIGATIONS AND O PERATIONS G UIDE (2008), available at http://vault.fbi.gov/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29/fbidomestic-investigations-and-operations-guide-diog-2008-version [hereinafter 2008 DIOG]. 83 Id. at 32. 84 Id. at 33-34 85 Id. at 33. 53 86 Al Baker, FBI Official Faults Police Tactics on Muslims, N.Y. T IMES, Mar. 8, 2012, at A25, available at http://www.nytimes.com/2012/03/08/nyregion/chief-of-fbi-newark-bureau-decries-police-monitoring-ofmuslims.html. 87 Jason Grant, Recent NYPD spying uproar shakes FBI’s foundations in N.J. terror intelligence, N EWARK S TAR L EDGER , Mar. 7, 2012, http://www.nj.com/news/index.ssf/2012/03/recent_nypd_spying_uproar_shak.html. 88 F EDERAL B UREAU OF I NVESTIGATION , D OMESTIC I NVESTIGATION AND O PERATIONS G UIDE (2011), available at http://vault.fbi.gov/FBI%20Domestic%20Investigations%20and%20Operations%20Guide%20%28DIOG%29/fbidomestic-investigations-and-operations-guide-diog-2011-version [hereinafter 2011 DIOG]. 89 See Nathan Freed Wessler, Staff Att’y, ACLU, FBI Documents Suggest Feds Read Emails Without a Warrant, May 8, 2013, http://www.aclu.org/blog/national-security-technology-and-liberty/fbi-documents-suggest-feds-reademails-without-warrant. 90 F EDERAL B UREAU OF I NVESTIGATION , D OMESTIC I NVESTIGATION AND O PERATIONS G UIDE § 18, § 18.7.2.6 (2012), available at http://www.aclu.org/files/pdfs/email-contentfoia/FBI%20docs/June%202012%20FBI%20DIOG.pdf [hereinafter 2012 DIOG]; see also 2011 DIOG supra note 88, at § 18.7.2.10(H). 91 2008 DIOG, supra note 82, at 32. 92 Electronic communication from Fed. Bureau of Investigation, to Detroit field office (July 6, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM011609.pdf (Domain Management). 93 Kecia Escoe, Demographic Makeup of Muslims in Michigan, Muslim Observer, Mar. 1, 2012, http://muslimmedianetwork.com/mmn/?p=10258. 94 Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Oct. 7, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM011454.pdf (Intelligence Related to the Black Separatist Threat). 95 Electronic communication from Fed. Bureau of Investigation, San Francisco, Oakland Resident Agency, to San Francisco (June 8, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM011495.pdf (Domain Management – Criminal; Asian-Eurasian Criminal Enterprise). 96 Id. at 2. 97 Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Jan. 21, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM009170.pdf (Intelligence Related to Mara Salvatrucha Threat); Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Dec. 15, 2008) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM011388.pdf (Intelligence Related to MS-13 Threat); Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Sept. 22, 2008) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM008040.pdf (Intelligence Related to MS-13 Locations); Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Sept. 4, 2008) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM007857.pdf (Intelligence Related to Mara Salvatrucha (MS-13)). 98 Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Sept. 22, 2008) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM008040.pdf (Intelligence Related to MS13 Locations); and Fed. Bureau of Investigation, Intelligence Note from Domain Mgmt. (Jan. 21, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM009170.pdf (Intelligence Related to Mara Salvatrucha Threat). 99 William J. Broad & Scott Shane, Anthrax Case Had Costs for Suspects, N.Y. T IMES, Aug. 10, 2008, at A1, available at http://www.nytimes.com/2008/08/10/washington/10anthrax.html?pagewanted=1&ref=stevenjhatfill. 100 Scott Shane, FBI vehicle hits Hatfill, but he gets the $5 ticket, B ALT. S UN , May 20, 2003, http://articles.baltimoresun.com/2003-05-20/news/0305200401_1_clawson-anthrax-fbi-vehicle. 101 See Amy Goldstein, Nelson Hernandez & Annie Hull, Tales of Addiction, Anxiety, Ranting, W ASH . P OST , Aug. 6, 2008, http://www.washingtonpost.com/wp-dyn/content/article/2008/08/05/AR2008080503747.html; and Jerry Markon, Anthrax report casts doubt on scientific evidence in FBI case against Bruce Ivins, W ASH . P OST , Feb. 15, 2011, http://www.washingtonpost.com/wp-dyn/content/article/2011/02/15/AR2011021502251.html. 102 P ADDY H ILLYARD , S USPECT C OMMUNITY : P EOPLE ’ S E XPERIENCE OF THE P REVENTION OF T ERRORISM A CTS IN B RITAIN 238, (1993). 54 103 A MERICAN C IVIL L IBERTIES U NION , B LOCKING F AITH , F REEZING C HARITY : C HILLING M USLIM C HARITABLE G IVING IN THE “W AR ON T ERRORISM F INANCING ,” (2009), http://www.aclu.org/human-rights/report-blockingfaith-freezing-charity. 104 Id. at 72. 105 T HE C REATING L AW E NFORCEMENT A CCOUNTABILITY AND R ESPONSIBILITY P ROJECT , CUNY L AW S CHOOL, M APPING M USLIMS: NYPD S PYING AND ITS I MPACT ON A MERICAN M USLIMS (2013), http://www.law.cuny.edu/academics/clinics/immigration/clear/Mapping-Muslims.pdf [hereinafter Mapping Muslims]. 106 Fusion centers are state, local and regional information sharing entities which incorporate federal, state and local law enforcement, emergency response and other government agencies and private entities to analyze and disseminate information. For more information see ACLU.org, Spy Files: More About Fusion Centers, http://www.aclu.org/spy-files/more-about-fusion-centers (last visited July 1, 2013). 107 See F ED . B UREAU OF I NVESTIGATION , P RIVACY I MPACT A SSESSMENT FOR THE E G UARDIAN T HREAT T RACKING S YSTEM (2008), available at http://www.aclu.org/files/assets/aclueg000047.pdf [hereinafter eGuardian PIA]; and ACLU.org, Spy Files: More About Suspicious Activity Reporting http://www.aclu.org/spy-files/moreabout-suspicious-activity-reporting (last visited July 1, 2013). 108 FBI.gov, Connecting the Dots Using New FBI Technology, http://www.fbi.gov/news/stories/2008/september/eguardian_091908 (last visited July 1, 2013). 109 Daniel Zwerdling, G.W. Schulz, Andrew Becker & Margot Williams, Mall Counterterrorism Files ID Mostly Minorities, N AT ’ L P UB . R ADIO , Sept. 8, 2011, http://www.npr.org/2011/09/08/140262005/mall-counterterrorismfiles-id-mostly-minorities. 110 A MERICAN C IVIL L IBERTIES U NION , N O R EAL T HREAT : T HE P ENTAGON ’ S S ECRET D ATABASE ON P EACEFUL P ROTEST , (2007), http://www.aclu.org/files/pdfs/safefree/spyfiles_norealthreat_20070117.pdf. 111 See Press Release, Office of the Assistant Sec’y of Def. (Pub. Affairs), DOD to Implement new Interim Threat Reporting Procedures (Aug. 21, 2007) (on file with author), available at http://www.defense.gov/releases/release.aspx?releaseid=11251; and Press Release, Office of the Assistant Sec’y of Def. (Pub. Affairs), DOD to Implement new Suspicious Activity Reporting System (May 21, 2010) (on file with author), available at http://www.defense.gov/releases/release.aspx?releaseid=13553. 112 E G UARDIAN PIA, supra note 107, at 4, 10. 113 F RANK J. C ILLUFFO , J OSEPH R. C LARK , M ICHAEL P. D OWNING & K EITH D. S QUIRES, G EO . W ASH . U. H OMELAND S EC . P OLICY I NSTITUTE, C OUNTERTERRORISM I NTELLIGENCE: F USION C ENTER P ERSPECTIVES 31 (2012), available at http://www.gwumc.edu/hspi/policy/HSPI%20Counterterrorism%20Intelligence%20%20Fusion%20Center%20Perspectives%206-26-12.pdf. 114 Pub. L. 108-458, 118 Stat. 3638 (Dec. 17, 2004). 115 GOV’T ACCOUNTABILITY OFFICE, INFORMATION SHARING: ADDITIONAL ACTIONS COULD HELP ENSURE THAT EFFORTS TO SHARE TERRORISM-RELATED SUSPICIOUS ACTIVITY REPORTS ARE EFFECTIVE 15-17 (2013), available at http://www.gao.gov/assets/660/652995.pdf. 116 Id. at 16. 117 Id. at 17. 118 Id. at 33. 119 Letter from Rep. Brad Miller and Rep. James Sensenbrenner, Jr., H. Comm. on Sci. & Tech. Subcomm. on Investigations, to Hon. David Walker, Comptroller of the U.S. (June 5, 2007) (on file with author), available at http://www.securityprivacyandthelaw.com/uploads/file/miller_snsbrnner_walker_GAO_6_5_07.pdf. 120 Press Release, Office of the Press Sec’y, White House, Homeland Security Presidential Directive 2 (Oct. 29, 2001) (on file with author), available at http://georgewbushwhitehouse.archives.gov/news/releases/2001/10/20011030-2.html. 121 D EP ’ T OF J USTICE , R EPORT ON “D ATA -M INING ” A CTIVITIES P URSUANT TO S ECTION 126 OF THE USA P ATRIOT I MPROVEMENT AND R EAUTHORIZATION A CT OF 2005 (2007), available at http://epic.org/privacy/fusion/doj-dataming.pdf. 122 Id. at 11. 123 Id. 124 Letter from Chairman Brad Miller, H. Comm. on Sci. & Tech. Subcomm. on Investigations, to Chairman David Obey, H. Comm. on Appropriations (June 16, 2008) (on file with author), available at http://www.wired.com/images_blogs/dangerroom/files/61608_miller_to_obey.pdf. 55 125 E LECTRONIC F RONTIER F OUND ., R EPORT ON THE I NVESTIGATIVE D ATA W AREHOUSE , E LECTRONIC F RONTIER F OUNDATION (2009), https://www.eff.org/issues/foia/investigative-data-warehouse-report. 126 U.S. D EP ’ T OF THE T REASURY F IN . C RIMES E NFORCEMENT N ETWORK , T HE SAR A CTIVITY R EVIEW – B Y THE N UMBERS : I SSUE 18 4 (2012), available at http://www.fincen.gov/news_room/rp/files/btn18/sar_by_numb_18.pdf (for all issues, see U.S. Dep’t. of the Treasury, SAR Activity Review – By the Numbers, http://www.fincen.gov/news_room/rp/sar_by_number.html (last visited July 1, 2013). 127 Suspicious Activity and Currency Transaction Reports: Balancing Law Enforcement Utility and Regulatory Requirements: Hearing Before Subcomm. on Oversight and Investigations of the H. Comm. on Fin. Services, 110th Cong. (2007) (statement of Deputy Assistant Dir. Salvador Hernandez, Fed. Bureau of Investigation) at 6, available at http://archives.financialservices.house.gov/hearing110/hthernandez051007.pdf ; see also Countering Terrorist Financing: Progress and Priorities: Hearing Before the Comm. on the Judiciary, 112th Cong. (2011) (questions for the record for Ralph Boelter, Assistant Acting Dir., Fed. Bureau of Investigation), available at http://www.judiciary.senate.gov/resources/transcripts/upload/092111QFRs-Boelter.pdf. 128 Letter from Chairman Brad Miller, supra note 124. 129 Noah Shachtman, FBI Data-Mining Slashed After G-Men Dis Congress, W IRED , June 26, 2008, http://www.wired.com/dangerroom/2008/06/there-was-a-tim/. 130 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION’S FOREIGN TERRORIST TRACKING TASK FORCE 2 (2013), available at http://www.justice.gov/oig/reports/2013/a1318r.pdf. 131 Id. 132 Id. at 5-6. 133 Notice of a new system of records, 77 Fed. Reg. 40,630 (July 10, 2012), available at http://www.gpo.gov/fdsys/pkg/FR-2012-07-10/html/2012-16823.htm. 134 NAT’L RESEARCH COUNCIL, PROTECTING INDIVIDUAL PRIVACY IN THE STRUGGLE AGAINST TERRORISTS: A FRAMEWORK FOR PROGRAM ASSESSMENTS, COMMITTEE ON TECHNICAL AND PRIVACY DIMENSIONS OF INFORMATION FOR TERRORISM PREVENTION AND OTHER NATIONAL GOALS, p. 78 (2008), available at http://www.nap.edu/catalog.php?record_id=12452 [hereinafter NRC Report]. 135 Id. at 4. 136 Id. at 86-91. 137 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION’S FOREIGN TERRORIST TRACKING TASK FORCE 11-12 (2013), available at http://www.justice.gov/oig/reports/2013/a1318r.pdf. 138 Id. at 16. 139 Id. at 14. 140 Id. at 27. 141 Id. at 28-30. 142 Letter from Chairman Michael McCaul and Rep. Peter King, H. Comm. on Homeland Sec., to Sec’y Janet Napolitano, et al, Dep’t Homeland Sec. (Apr. 20, 2013) (on file with author), available at http://www.scribd.com/doc/137320693/Letter-from-Rep-Mike-McCaul-and-Rep-Peter-King. 143 Sabastian Rotella, The American Behind India’s 9/11 – and how U.S. Botched Chances to Nab Him, P RO P UBLICA , Jan. 24, 2013, http://www.propublica.org/article/david-headley-homegrown-terrorist. 144 Kristina Goetz, Muslim who shot soldier in Arkansas says he wanted to cause more death, C OMMERCIAL A PPEAL , Nov. 13, 2010, available at http://www.knoxnews.com/news/2010/nov/13/muslim-who-shot-soliderarkansas-says-he-wanted-ca/. 145 James Dao, A Muslim Son, a Murder Trial, and Many Questions, N.Y. T IMES, Feb. 17, 2010, at A11, available at http://www.nytimes.com/2010/02/17/us/17convert.html?pagewanted=all. 146 Pierre Thomas, Richard Esposito & Jack Date, Recruiter Shooting Suspect had Ties to Extremist Locations, ABC N EWS , June 3, 2009, http://abcnews.go.com/Politics/story?id=7732467&page=1. 147 W ILLIAM H. W EBSTER C OMM ’ N ON THE F ED . B UREAU OF I NVESTIGATION , C OUNTERTERRORISM I NTELLIGENCE & THE E VENTS AT F T . H OOD ON N OV . 5, 2009, F INAL R EPORT 63, 68 (2012), available at http://www.fbi.gov/news/pressrel/press-releases/final-report-of-the-william-h.-webster-commission. 148 Id. at 88. 149 Id. at 80. 150 Id. at 88. 151 Id. 152 Flight 253: Learning Lessons from an Averted Tradgedy: Hearing Before the S. Comm. on Homeland Sec. and 56 Gov’t Affairs, 111th Cong. (2010) (statement of Michael Leiter, Dir., Nat’l Counterterrorism Ctr.), available at http://www.dni.gov/testimonies/20100127_testimony.pdf. 153 S. H OMELAND S EC . & G OV ’ T A FFAIRS C OMM ., P ERMANENT S UBCOMM . ON I NVESTIGATIONS, F EDERAL S UPPORT FOR AND I NVOLVEMENT IN S TATE AND L OCAL F USION C ENTERS 35 (2012), available at http://www.hsgac.senate.gov/subcommittees/investigations/media/investigative-report-criticizes-counterterrorismreporting-waste-at-state-and-local-intelligence-fusion-centers. 154 Press Release, Fed. Bureau of Investigation, 2011 Request for Information on Tamerlan Tsarnaev from Foreign Government (Apr. 19, 2013) (on file with author), available at http://www.fbi.gov/news/pressrel/pressreleases/2011-request-for-information-on-tamerlan-tsarnaev-from-foreign-government. 155 Kathy Lally, Russian FSB Describes its Tsarnaev Letter to FBI, W ASH . P OST , May 31, 2013, http://articles.washingtonpost.com/2013-05-31/world/39656209_1_dagestan-keating-tamerlan-tsarnaev. 156 See e.g., Major Garrett, Was the Ball Dropped in the Tsarnaev Questioning?, Nat’l J., Apr. 23, 2013, http://www.nationaljournal.com/columns/all-powers/was-the-ball-dropped-in-the-tsarnaev-questioning-20130423. 157 Mark Hosenball & Tabassum Zakaria, U.S. Was Alerted to Bombing Suspect’s Travel to Russia, R EUTERS , Apr. 24, 2013, http://mobile.reuters.com/article/newsOne/idUSBRE93N1EA20130424?irpc=932; and, Greg Miller, Antiterrorism Task Force Was Warned of Tamerlan Tsarnaev’s Long Trip to Russia, W ASH . P OST , Apr. 25, 2013, http://www.washingtonpost.com/world/national-security/anti-terror-task-force-was-warned-of-tamerlan-tsarnaevslong-trip-to-russia/2013/04/25/0ed426de-addb-11e2-8bf6-e70cb6ae066e_story.html. 158 Scott Shane & Michael S. Schmidt, F.B.I. Did Not Tell Police In Boston of Russian Trip, N.Y. T IMES, May 10, 2013, at A18, available at http://www.nytimes.com/2013/05/10/us/boston-police-werent-told-fbi-got-warning-ontsarnaev.html. 159 Eric Schmitt & Michael S. Schmidt, Slain Bombing Suspect Was Placed on Two Federal Watch Lists in Late 2011, N.Y. T IMES, Apr. 25, 2013, at A20, available at http://www.nytimes.com/2013/04/25/us/tamerlan-tsarnaevbomb-suspect-was-on-watch-lists.html. 160 Philip Martin, Waltham Triple Murder Echos Through Boston Bombing Probe, Florida FBI Shooting Death, WBGH N EWS , May 23, 2013, http://www.wgbhnews.org/post/waltham-triple-murder-echoes-through-marathonbombing-probe-florida-fbi-shooting-death. 161 Fed. Bureau of Investigation, Uniform Crime Reports: Crime in the United States 2011, http://www.fbi.gov/about-us/cjis/ucr/crime-in-the-u.s/2011/crime-in-the-u.s.-2011/clearances (last visited Sept. 5, 2013). 162 Id. 163 See Chris Calabrese, Legislative Counsel, American Civil Liberties Union, The Biggest New Spying Program You’ve Probably Never Heard Of (July 30, 2012), http://www.aclu.org/blog/national-security-technology-andliberty/biggest-new-spying-program-youve-probably-never-heard. 164 Julia Angwin, U.S. Terrorism Agency to Tap a Vast Database of Citizens, W ALL S T . J., Dec. 13, 2012, http://online.wsj.com/article/SB10001424127887324478304578171623040640006.html. 165 Ryan Singel, Funding for TIA All But Dead, W IRED , July 14, 2003, http://www.wired.com/politics/law/news/2003/07/59606. 166 Kim Zetter, Government Fights for Use of Spy Tool That Spoofs Cell Towers, W IRED , Mar. 29, 2013, http://www.wired.com/threatlevel/2013/03/gov-fights-stingray-case/. 167 Linda Lye, Staff Att’y, American Civil Liberties Union of N. Cal., DOJ Emails Show Feds Were Less Than “Explicit” With Judges On Cell Phone Tracking Tool (Mar. 27, 2013), http://www.aclu.org/blog/national-securitytechnology-and-liberty/doj-emails-show-feds-were-less-explicit-judges-cell. 168 Charlie Savage, Senators Say Patriot Act is Being Misinterpreted, N.Y. T IMES, May 27, 2011, at A17, available at http://www.nytimes.com/2011/05/27/us/27patriot.html?_r=0. 169 In December 2005 the New York Times revealed that shortly after the 9/11 attacks President Bush authorized the National Security Agency (NSA) to begin conducting warrantless electronic surveillance within the United States, in violation of the Foreign Intelligence Surveillance Act (FISA), which Congress had established in 1978 as the “exclusive means” for national intelligence wiretapping. See Risen & Lichtblau, supra note 38. 170 C HURCH C OMM . (B OOK II), supra note 7, at 2-3. 171 Spencer Ackerman, FBI Taught Agents They Could ‘Bend or Suspend the Law,’ W IRED , Mar. 28, 2012, http://www.wired.com/dangerroom/2012/03/fbi-bend-suspend-law/. 172 2008 NSL R EPORT , supra note 26, at 100. 173 Id.at 95. 174 2008 S ECTION 215 R EPORT , supra note 30, at 67-72. 57 175 2008 NSL R EPORT , supra note 26, at 15. Press Release, American Civil Liberties Union, Congress Reauthorizes Overbroad Patriot Act Provisions, (May 26, 2011) (on file with author), available at http://www.aclu.org/national-security-technology-and-liberty/congressreauthorizes-overbroad-patriot-act-provisions. 177 OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION'S COMPLIANCE WITH THE ATTORNEY GENERAL'S INVESTIGATIVE GUIDELINES (Redacted Version) p, 93 (2005), available at http://www.justice.gov/oig/special/0509/final.pdf. 178 OFFICE OF INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION'S COMPLIANCE WITH THE ATTORNEY GENERAL'S INVESTIGATIVE GUIDELINES (Redacted Version) p. 172 (2005), available at http://www.justice.gov/oig/special/0509/final.pdf. 179 R EVIEW OF FBI’ S I NVESTIGATIONS, supra note 62, at 198. 180 See Oversight Hearing on Counterterrorism: Hearing Before the S. Comm. on the Judiciary, 107th Cong. 16-17 (2002). 181 Eric Lichtblau, Report Finds Cover-up in FBI Terror Case, N.Y. TIMES, Dec. 4, 2005, http://www.nytimes.com/2005/12/04/politics/04fbi.html?pagewanted=print. 182 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S ACTIONS IN CONNECTION WITH ALLEGATIONS RAISED BY CONTRACT LINGUIST SIBEL EDMONDS, SPECIAL REPORT (2005), available at http://www.usdoj.gov/oig/special/0501/final.pdf. 183 Dan Browning, Ex-Agent Wins Lawsuit Against FBI, MINNEAPOLIS STAR-TRIB., Feb. 5, 2007. 184 Todd Lightly, Beleaguered FBI Agent Gets Job Back, CHI. TRIB., Oct. 19, 2005. 185 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S RESPONSE TO JOHN ROBERTS’ STATEMENTS ON 60 MINUTES (2003), available at http://www.usdoj.gov/oig/special/0302/report.pdf. 186 OFFICE OF PROF’L RESPONSIBILITY, DEP’T OF JUSTICE, REPORT OF INVESTIGATION OF WHISTLEBLOWER ALLEGATIONS BY FEDERAL BUREAU OF INVESTIGATION SPECIAL AGENT BASSEM YOUSSEF (2006), available at http://www.whistleblowers.org/storage/whistleblowers/documents/order_and_opr_report.pdf. 187 Neil A. Lewis, Agent Claims Evidence on Stevens was Concealed, N.Y. T IMES, Feb. 11, 2009, at A14, available at http://www.nytimes.com/2009/02/11/us/politics/11stevens.html?_r=0. 188 Richard Mauer & Lisa Demer, Key Players Contest FBI Whistleblower Allegations, A NCHORAGE D AILY N EWS , Feb. 15, 2009, http://www.adn.com/2009/02/15/691774/key-players-contest-fbi-whistle.html; and Tony Hopfinger & Amanda Coyne, Why is Lead FBI Agent in Botched Ted Stevens Case Still Employed?, A LASKA D ISPATCH , June 6, 2012, http://www.alaskadispatch.com/article/why-lead-fbi-agent-botched-ted-stevens-case-still-employed. 189 Jill Burke, Agent Turned Whistleblower Leaves the FBI, A LASKA D ISPATCH , July 14, 2010, http://www.alaskadispatch.com/article/agent-turned-whistleblower-leaves-fbi; and Hopfinger & Coyne, supra note 189. 190 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, REVIEW OF THE FEDERAL BUREAU OF INVESTIGATION’S DISCIPLINARY SYSTEM 39 (2009), available at: http://www.justice.gov/oig/reports/FBI/e0902/final.pdf. 191 See Risen & Lichtblau, supra note 38; and Leslie Cauley, NSA has Massive Database of Americans’ Phone Calls, USAT ODAY , May 11, 2006, at 1A, available at http://www.usatoday.com/news/washington/2006-05-10nsa_x.htm. 192 Jane Mayer, The Secret Sharer, N EW Y ORKER , May 23, 2011, available at http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all. 193 U.S. v. Thomas A. Drake, Case No. 1:10-CR-181-RDB (D. Md. July 15, 2011), at 42-43(transcript of proceedings, sentencing before Hon. Richard D. Bennett, United States District Judge,), available at http://www.fas.org/sgp/jud/drake/071511-transcript.pdf. 194 Scott Shane, Obama Takes a Hard Line Against Leaks to Press, N.Y. T IMES, June 12, 2010, at A1, available at http://www.nytimes.com/2010/06/12/us/politics/12leak.html. 195 E XIGENT L ETTER R EPORT , supra note 31, at 95-96. 196 Mark Sherman, Gov’t Obtains Wide AP Phone Records in Probe, A SSOC . P RESS , May 13, 2013, http://bigstory.ap.org/article/govt-obtains-wide-ap-phone-records-probe. 197 Ann E. Marimow, A Rare Peek into a Justice Department Leak Probe, W ASH . P OST , May 19, 2013, http://www.washingtonpost.com/local/a-rare-peek-into-a-justice-department-leak-probe/2013/05/19/0bc473de-be5e11e2-97d4-a479289a31f9_story.html?hpid=z2. 198 Application for Search Warrant, In re Search of EmailAccount John Doe at gmail.com, No. 10-291-M-01 (D.D.C. Nov. 7, 2011), available at: http://apps.washingtonpost.com/g/page/local/affidavit-for-search-warrant/162/. 176 58 199 USA PATRIOT Act of 2001: Hearing Before the S. Select Comm. on Intelligence, 109th Cong. 97, 100 (2005) (statements of Alberto R. Gonzales, Att’y Gen., Dep’t of Justice, & Robert S. Mueller, III, Dir., Fed. Bureau of Investigation). 200 See 2007 NSL R EPORT , supra note 23, at 75.. 201 See John Solomon, Gonzales was told of FBI violations, W ASH . P OST , July 10, 2007, http://www.washingtonpost.com/wp-dyn/content/article/2007/07/09/AR2007070902065.html; and John Solomon, In Intelligence World, a Mute Watchdog, W ASH . P OST , July 15, 2007, http://www.washingtonpost.com/wpdyn/content/article/2007/07/14/AR2007071400862.html. 202 Hearing On FBI Oversight: Hearing Before the S. Comm. on the Judiciary, 109th Cong. (2006) (statement of Sen. Patrick Leahy), available at http://www.judiciary.senate.gov/hearings/testimony.cfm?id=e655f9e2809e5476862f735da11db40a&wit_id=e655f9 e2809e5476862f735da11db40a-0-0. 203 Id. 204 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, A REVIEW OF THE FBI’S INVOLVEMENT IN AND OBSERVATIONS OF DETAINEE INTERROGATIONS IN GUANTANAMO BAY, AFGHANISTAN, AND IRAQ (2008), available at http://www.justice.gov/oig/special/s0805/final.pdf. 205 Oversight of the Fed. Bureau of Investigation, Hearing Before the S. Comm. on the Judiciary, 110th Cong. 14-15 (2008), available at http://www.gpo.gov/fdsys/pkg/CHRG-110shrg53619/pdf/CHRG-110shrg53619.pdf [hereinafter 2008 FBI Oversight Hearing]. 206 Risen & Lichtblau, supra note 38. 207 2008 FBI O VERSIGHT H EARING , supra note 206, at 14. 208 Id. at 16. 209 Oversight of the Fed. Bureau of Investigation: Hearing Before the S. Comm. on the Judiciary, 111th Cong. 24 (2009), available at https://www.fas.org/irp/congress/2009_hr/fbi.pdf. 210 Letter from Ronald Welch, Assistant Att’y Gen., Dep’t of Justice, to Chairman Patrick Leahy, S. Comm. on the Judiciary (Sept. 14, 2009) (on file with author), available at https://www.cdt.org/security/20090914_leahy.pdf. 211 R EVIEW OF FBI’ S I NVESTIGATIONS, supra note 62, at 35–59. 212 Id. at 53 n.79. 213 U.S. Magistrate Judge Stephen W. Smith, Gagged, Sealed and Delivered: Reforming ECPA’s Secret Docket, 6 H ARV . L. & P OL ’ Y R EV . 609 (2012), available at https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2071399. 214 Id. at 613. 215 Id. at 603. 216 Declarations of Craig Monteilh Submitted by Plaintiffs in Support of Their Opposition to Motions to Dismiss, Yassir Fazaga v. Fed. Bureau of Investigation, Case No. SA CV 11-00301, at 6 (C.D.Cal., Jan. 30, 2012), available at http://www.aclu-sc.org/cases/fazaga/declaration-of-craig-monteilh-re-motion-to-dismiss/. 217 Id. at 6-7. 218 Id. at 12. 219 Id. at 16. 220 Id. at 23. 221 Teresa Watanbe & Scott Glover, Man Says He Was an Informant for FBI in Orange County, L.A. T IMES, Feb. 26, 2009, http://articles.latimes.com/2009/feb/26/local/me-informant26. 222 First Amended Complaint, Yassir Fazaga v. Fed. Bureau of Investigation, Case No. SA CV 11-00301, at 6 (C.D.Cal. Jan. 30, 2012), available at http://www.aclu-sc.org/cases/fazaga/first-amended-complaint/. 223 The state secrets privilege is a long-standing common law privilege that allows the government to block the release of evidence in a lawsuit that would harm national security. The George W. Bush administration increasingly used the privilege to dismiss entire lawsuits at the onset, blocking lawsuits challenging government torture, rendition and warrantless surveillance. The Obama administration’s continuing use of this practice, particularly in a case of domestic law enforcement activities directed at Americans is troubling. See Nancy Goldstein, The US National Security Smokescreen, THE GUARDIAN, Dec. 11, 2011, http://www.theguardian.com/commentisfree/cifamerica/2011/dec/08/us-national-security-smokescreen. 224 See Peter Bibring, American Civil Liberties Union of S. Cal., You Have the Right to Remain Spied On, (Aug. 16, 2012), http://www.aclu.org/blog/national-security/you-have-right-remain-spied. 225 Id. 226 Spencer Ackerman, FBI ‘Islam 101’ Guide Depicted Muslims as 7th Century Simpletons, W IRED , July 27, 2011, http://www.wired.com/dangerroom/2011/07/fbi-islam-101-guide/; Spencer Ackerman, FBI Teaches Agents: 59 ‘Mainstream’ Muslims are ‘Violent, Radical, W IRED , Sept. 14, 2011, http://www.wired.com/dangerroom/2011/09/fbi-muslims-radical/; Spencer Ackerman, New Evidence of Anti-Islam Bias Underscores Deep Challenges for FBI Reform Pledge, W IRED , Sept. 23, 2011, http://www.wired.com/dangerroom/2011/09/fbi-islam-domination/. 227 T ERRORISM AND P OLITICAL I SLAM : O RIGINS, I DEOLOGIES, AND M ETHODS ; A C OUNTERTERRORISM T EXTBOOK (Erich Marquardt & Christopher Heffelfinger, eds., Combating Terrorism Ctr. 2008), available at https://www.aclu.org/files/fbimappingfoia/20111019/ACLURM000540.pdf. 228 ARIE PERLIGER, CHALLENGERS FROM THE SIDELINES; UNDERSTANDING AMERICA’S VIOLENT FAR-RIGHT, COMBATING TERRORISM CENTER AT WEST POINT, (Nov. 2012), available at http://www.ctc.usma.edu/wpcontent/uploads/2013/01/ChallengersFromtheSidelines.pdf. The ACLU criticized some aspects of the report. See, Laura Murphy and Mike German, Are the FBI and Congress Politicizing Terrorism Intelligence, ACLU Blog of Rights, Jan. 24, 2013, https://www.aclu.org/blog/national-security/are-fbi-and-congress-politicizing-terrorismintelligence. 229 B RIG B ARKER & M OLLY A MMAN , F ED . B UREAU OF I NVESTIGATION S UPERVISORY S PECIAL A GENTS, C OUNTERTERRORISM I NTERVIEW AND I NTERROGATION S TRATEGIES : U NDERSTANDING AND R ESPONDING TO THE D OMESTIC T HREAT : T ERRORISM AND P OLITICAL I SLAM : O RIGINS , I DEOLOGIES , AND M ETHODS ; A C OUNTERTERRORISM T EXTBOOK 369, 378 (Erich Marquardt & Christopher Heffelfinger, eds., Combating Terrorism Ctr.2008), available at https://www.aclu.org/files/fbimappingfoia/20111019/ACLURM000540.pdf#page=341. 230 Press Release, Fed. Bureau of Investigation, FBI Launches Comprehensive Review of Training Program (Sept. 20, 2011) (on file with author); and Press Release, Fed. Bureau of Investigation, Response to Media Reporting Regarding Counterterrorism Training (Sept. 15, 2011) (on file with author). 231 F ED . B UREAU OF I NVESTIGATION C OUNTERTERRORISM D IV ., T HE R ADICALIZATION P ROCESS : F ROM C ONVERSION TO J IHAD 10 (2006), available at http://cryptome.org/fbi-jihad.pdf. 232 Id. at 6. 233 Spencer Ackerman, New Evidence of Anti-Islam Bias Underscores Deep Challenges for FBI Reform Pledge, W IRED , Sept. 23, 2011, http://www.wired.com/dangerroom/2011/09/fbi-islam-domination/. See also Letter from 27 civil and human rights groups, to FBI Dir. Robert S. Mueller, III (Oct. 4, 2011) (on file with American Civil Liberties Union), available at http://www.aclu.org/files/assets/sign_on_letter_to_dir_mueller_re_radicalization_report_10.4.11.pdf. 234 For example, the ACLU of Pennsylvania represented Erich Scherfen, a commercial pilot, Gulf War veteran and Muslim convert, whose job was threatened when he was told he was barred from flying due to his placement on the No Fly List. See Jeanne Meserve, Name on Government Watch List Threatens Pilot’s Career, CNN, Aug. 22, 2008, http://www.cnn.com/2008/US/08/22/pilot.watch.list/. 235 For example, the ACLU of Pennsylvania represented Dr. Abdul Moniem El-Ganayni, an American nuclear physicist and volunteer prison imam, whose security clearance was revoked after he publicly criticized the FBI for mistreating Muslims. See Muslim Man Wants Review of Clearance Revocation, A SSOC . P RESS , Oct. 14, 2008, available at http://usatoday30.usatoday.com/news/nation/2008-10-14-muslim-scientist_N.htm. 236 See Fed. Bureau of Investigation, Black Separatist Extremism , available at http://www.aclu.org/files/fbimappingfoia/20120518/ACLURM026634.pdf (PowerPoint presentation); and Fed. Bureau of Investigation, Black Separatist Extremists , available at http://www.aclu.org/files/fbimappingfoia/20120518/ACLURM026655.pdf (PowerPoint presentation). 237 Id. 238 See FBI.gov, Major Terrorism Cases: Past and Present, http://www.fbi.gov/aboutus/investigate/terrorism/terrorism_cases (last visited July 1, 2013). 239 See Fed. Bureau of Investigation, Anarchist Extremism Overview, slide 3, 6 (undated), available at http://www.aclu.org/files/fbimappingfoia/20120518/ACLURM026485.pdf (PowerPoint presentation). 240 See Fed. Bureau of Investigation, Animal Rights/Environmental Extremism, slide 4 (undated), available at http://www.aclu.org/files/fbimappingfoia/20120518/ACLURM026701.pdf (PowerPoint presentation); and Fed. Bureau of Investigation, Animal Rights/ Eco Extremism Trends, slide 34 (undated), available at http://www.aclu.org/files/fbimappingfoia/20120518/ACLURM026510.pdf#page=34 (PowerPoint presentation). 241 See Amy Goldstein, A Deliberate Strategy of Disruption, W ASH . P OST , Nov. 4, 2001, http://www.pulitzer.org/archives/6613. 60 242 OFFICE OF INSPECTOR GEN., U.S. DEP’T OF JUSTICE, THE SEPTEMBER 11 DETAINEES: A REVIEW OF THE TREATMENT OF ALIENS HELD ON IMMIGRATION CHARGES IN CONNECTION WITH THE INVESTIGATION OF THE SEPTEMBER 11 ATTACKS 37 (2003), available at http://www.justice.gov/oig/special/0306/full.pdf. 243 H UMAN R IGHTS W ATCH , P RESUMPTION OF G UILT: H UMAN R IGHTS A BUSES OF P OST -9/11 D ETAINEES (Aug. 2002), available at http://www.hrw.org/reports/2002/us911/USA0802.pdf. 244 John Ashcroft, Att’y Gen., Dep’t of Justice, Prepared Remarks for the U.S. Mayors Conference (Oct. 25, 2001), available at http://www.justice.gov/archive/ag/speeches/2001/agcrisisremarks10_25.htm. 245 Electronic communication from Fed. Bureau of Investigation, to all field offices (Sept. 24, 2009) (on file with author), available at http://www.aclu.org/files/fbimappingfoia/20111019/ACLURM004887.pdf (Counterterrorism Program Guidance, Baseline Collection Plan). 246 See Eric Lichtblau, FBI Tells Offices to Count Local Muslims and Mosques, N.Y. T IMES, Jan. 23, 2003, http://www.nytimes.com/2003/01/28/politics/28MOSQ.html; and Mary Beth Sheridan, Interviews of Muslims to Broaden, W ASH . P OST , July 17, 2004, http://www.washingtonpost.com/wp-dyn/articles/A56080-2004Jul16.html. 247 David E. Kaplan, Exclusive: Nuclear Monitoring of Muslims Done Without Search Warrants, U.S. N EWS & W ORLD R EP ., Dec. 22, 2005, http://www.usnews.com/usnews/news/articles/nest/051222nest.htm. 248 See American Civil Liberties Union, ACLU Eye on the FBI: Exposing Misconduct and Abuse of Authority, http://www.aclu.org/national-security/eye-fbi-exposing-misconduct-and-abuse-authority (last visited July 1, 2013). 249 Fed. Bureau of Investigation, Targeting – Understanding the Fundamentals, Islamic Ummah – Where to Target, Bates #FBI036163-FBI036174 (on file with author) (PowerPoint presentation). 250 J ENNIE P ASQUARELLA , A MERICAN C IVIL L IBERTIES U NION OF S. C AL ., M USLIMS N EED N OT A PPLY : H OW USCIS S ECRETLY M ANDATES THE D ISCRIMINATORY D ELAY AND D ENIAL OF C ITIZENSHIP AND I MMIGRATION B ENEFITS TO A SPIRING A MERICANS 9 (2013), available at http://www.aclusocal.org/CARRP/. 251 See A MERICAN C IVIL L IBERTIES U NION , B LOCKING F AITH , F REEZING C HARITY : C HILLING M USLIM C HARITABLE G IVING IN THE “W AR ON T ERRORISM F INANCING ” 76, 77 (2009), available at http://www.aclu.org/human-rights/report-blocking-faith-freezing-charity; and M APPING M USLIMS, supra note 105. 252 Trevor Aaronson, The Informants, M OTHER J ONES, Sept.-Oct. 2011, available at http://www.motherjones.com/politics/2011/08/fbi-terrorist-informants. 253 PowerPoint Presentation from Fed. Bureau of Investigation, supra note 239. 254 Terror Trials by the Numbers: Stings, informants, and underwear bombs: Digging through the data from federal terrorism cases, M OTHER J ONES, Sept.-Oct. 2011, available at http://www.motherjones.com/politics/2011/08/terror-trials-numbers. 255 Trevor Aaronson, The Best Terrorists Money Can Buy, M OTHER J ONES, Sept.-Oct. 2011, available at http://www.motherjones.com/politics/2011/08/fbi-terrorist-sting-targets. 256 Paul Harris, Newburgh Four: Poor, Black, and Jailed Under FBI ‘Entrapment’ Tactics, T HE G UARDIAN , Dec. 12, 2011, http://www.guardian.co.uk/world/2011/dec/12/newburgh-four-fbi-entrapment-terror. 257 Id. 258 See Affidavit of Special Agent Jared Ruddy, U.S. v. Derrick Shareef, Case No. 06CR0919, (N.D.Ill. Dec. 8, 2006), available at https://www.documentcloud.org/documents/231598-shareefcomplaint.html. 259 David Shipler, Terrorist Plots, Hatched by the FBI, N.Y. T IMES, Apr. 28, 2012, http://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-plots-helped-along-by-the-fbi.html?pagewanted=all. 260 See Andrea Todd, The Believers, Elle, May 2008, available at http://www.greenisthenewred.com/blog/elle_anna/421/. 261 S. SELECT COMM. TO STUDY GOVERNMENTAL OPERATIONS WITH RESPECT TO INTELLIGENCE ACTIVITIES, FINAL REPORT ON SUPPLEMENTAL DETAILED STAFF REPORTS ON INTELLIGENCE ACTIVITIES AND THE RIGHTS OF AMERICANS (BOOK III), S. Rep. No. 94-755, at 13 (1976). 262 J. Delong, American Indians questioned about Nevada bear hunt by FBI, R ENO -G AZETTE J OURNAL , Apr. 11, 2012. 263 Ken Ritter, ACLU Wants FBI Records About Nevada Bear Hunt Foes, A SSOC . P RESS , Sept. 7, 2012, available at http://www.utsandiego.com/news/2012/sep/07/aclu-wants-fbi-records-about-nevada-bear-hunt-foes/. 264 Delong, supra note 263. 265 Yana Kunichoff, Raids on Activists May Indicate FBI Abuse of Power, Truthout.org (Oct. 10, 2010), available at http://www.stopfbi.net/content/raids-activists-may-indicate-fbi-abuse-power. 266 FBI Raids Homes of Seattle and Portland Occupy Activists, S ALEM -N EWS , Aug. 13, 2012, http://www.salemnews.com/articles/august132012/occupy-raids.php. 61 267 Maxine Bernstein, Two Portland Residents Facing Federal Grand Jury Subpoena from Seattle Vow They Won’t Cooperate, T HE O REGONIAN , Aug. 1, 2012, http://www.oregonlive.com/pacific-northwestnews/index.ssf/2012/08/two_portland_residents_facing.html. 268 Id. 269 Radley Balko, Swat Officer Killed by Non-Lethal Flash-Bang Grenade, Reason (Mar. 8, 2011), http://reason.com/blog/2011/03/09/swat-officer-killed-by-non-let. 270 See Dep’t of State, Arrest or Detention of an American Citizen Abroad, http://travel.state.gov/travel/tips/emergencies/arrest/arrest_3879.html (last visited Apr. 9, 2013). 271 22 USC §1732. 272 See Press Release, American Civil Liberties Union, ACLU Lawsuit Charges U.S. Officials Illegally Detained American Citizen (Nov. 10, 2009) (on file with author), available at http://www.aclu.org/national-security/aclulawsuit-charges-us-officials-illegally-detained-american-citizen. 273 See Anna Louie Sussman, Naji Hamdan’s Nightmare, T HE N ATION , Mar. 22, 2010, http://www.thenation.com/article/naji-hamdans-nightmare#. 274 Mark Mazetti, Detained American Says He Was Beaten in Kuwait, N.Y. TIMES, Jan. 6, 2011, at A10, available at http://www.nytimes.com/2011/01/06/world/middleeast/06detain.html?_r=2&hp&. 275 Id. 276 Nick Baumann, Lawyer: FBI Illegally Interrogating Gulet Mohamed, M OTHER J ONES, Jan. 12, 2011, http://www.motherjones.com/politics/2011/01/gulet-mohamed-fbi-illegal-interrogation. 277 Emailfrom redacted FBI officials to Nick Baumann, Mother Jones magazine (July 8, 2011, 04:39 PM) (on file with author), available at https://s3.amazonaws.com/s3.documentcloud.org/documents/235035/fbistatementtomotherjones.pdf; see also Nick Baumann, Locked Up Abroad for the FBI, M OTHER J ONES, Sept.-Oct. 2011, available at http://www.motherjones.com/politics/2011/08/proxy-detention-gulet-mohamed?page=1. 278 A UTHOR ’ S N AME R EDACTED , F ED . B UREAU OF I NVESTIGATION , C ROSS C ULTURAL, R APPORT -B ASED I NTERROGATION , V ERSION 5 (Feb. 23, 2011), available at http://www.aclu.org/files/fbimappingfoia/20120727/ACLURM036782.pdf. 279 Id. at 7-8. 280 Id. at 8. See also P HYSICIANS FOR H UMAN R IGHTS & H UMAN R IGHTS F IRST , L EAVE N O M ARKS : E NHANCED I NTERROGATION T ECHNIQUES AND THE R ISK OF C RIMINALITY 31 (2007); and N AT ’ L D EF . I NTELLIGENCE C OLLEGE, E DUCING I NFORMATION : I NTERROGATION : S CIENCE AND A RT 138 (2006), available at http://www.pegc.us/archive/DoD/DIA_EI_rpt_200612.pdf. 281 F ED . B UREAU OF I NVESTIGATION , L EGAL H ANDBOOK FOR FBI S PECIAL A GENTS 90 (2003), available at http://vault.fbi.gov/Legal%20Handbook%20for%20FBI%20Special%20Agents; Halely v. State of Ohio, 332 U.S. 596 (1948). 282 Letter from Laura W. Murphy, Director of the Washington Legislative Office, American Civil Liberties Union, & Devon Chaffee, Legislative Counsel, American Civil Liberties Union, to FBI Director Robert Mueller, III, (Aug. 2, 2012) (on file with author), available at http://www.aclu.org/national-security/letter-director-fbi-regardinginterrogation-primer. 283 See GOV’T ACCOUNTABILITY OFFICE, REP. TO CONGRESSIONAL REQUESTERS: TERRORIST WATCH LISTS SHOULD BE CONSOLIDATED TO PROMOTE BETTER INTEGRATION AND SHARING, GAO-03-322 (2003); OFFICE OF INSPECTOR GEN., DEP’T OF HOMELAND SEC., DHS CHALLENGES IN CONSOLIDATING TERRORIST WATCH LIST INFORMATION, OIG-04-31 (2004); OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, REVIEW OF THE TERRORIST SCREENING CENTER (REDACTED FOR PUBLIC RELEASE), AUDIT REPORT 05-27 (2005); OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, REVIEW OF THE TERRORIST SCREENING CENTER'S EFFORTS TO SUPPORT THE SECURE FLIGHT PROGRAM (REDACTED FOR PUBLIC RELEASE) AUDIT REPORT 05-34 (2005); OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, FOLLOW-UP AUDIT OF THE TERRORIST SCREENING CENTER (REDACTED FOR PUBLIC RELEASE), AUDIT REPORT 07-41 (2007); OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, AUDIT OF THE U.S. DEPARTMENT OF JUSTICE TERRORIST WATCHLIST NOMINATION PROCESSES, AUDIT REPORT 08-16 (2008); OFFICE OF THE INSPECTOR GEN., U.S. JUSTICE DEP’T, THE FEDERAL BUREAU OF INVESTIGATION'S TERRORIST WATCHLIST NOMINATION PRACTICES, AUDIT REPORT 09-25 (2009); OFFICE OF INSPECTOR GEN., DEP’T OF HOMELAND SEC., EFFECTIVENESS OF THE DEPARTMENT OF HOMELAND SECURITY TRAVELER REDRESS INQUIRY PROGRAM, OIG-00-103 (2009). 284 OFFICE OF THE INSPECTOR GEN., DEP’T OF JUSTICE, THE FEDERAL BUREAU OF INVESTIGATION'S TERRORIST WATCHLIST NOMINATION PRACTICES, at iv (2009), available at http://www.justice.gov/oig/reports/FBI/a0925/final.pdf. 62 285 See, Mark Hosenball, Number of Names on U.S. Counter-terrorism Database Jumps, REUTERS, May 2, 2013, http://www.reuters.com/article/2013/05/03/us-usa-security-database-idUSBRE94200720130503; and, Eileen Sullivan, US No-Fly List Doubles in 1 Year, ASSOCIATED PRESS, Feb. 2, 2012, http://www.foxnews.com/us/2012/02/02/ap-exclusive-us-no-fly-list-doubles-in-1-year/. 286 GOV’T ACCOUNTABILITY OFFICE, ROUTINELY ASSESSING IMPACTS OF AGENCY ACTIONS SINCE THE DECEMBER 25, 2009, ATTEMPTED ATTACK COULD HELP INFORM FUTURE EFFORTS (2012), available at http://www.gao.gov/assets/600/591312.pdf. 287 See Shirin Sadeghi, U.S. Citizen Put on No-Fly list to Pressure Him Into Becoming Informant, H UFFINGTON P OST , June 7, 2012, http://www.huffingtonpost.com/shirin-sadeghi/kevin-iraniha-no-fly-list_b_1579208.html. 288 Complaint for Injunctive and Declaratory Relief, Latif, et al., v. Holder, No. 10-cv-750 (BR) (D.Or. June 29, 2010), available at http://www.aclu.org/files/assets/2010-6-30-LatifvHolder-Complaint.pdf. 289 Id., see also ACLU.org, Latif, et al. v. Holder, et al. – ACLU Challenge to Government No Fly List, http://www.aclu.org/national-security/latif-et-al-v-holder-et-al-aclu-challenge-government-no-fly-list (last visited July 1, 2013). 290 Memorandum of Points and Authorities in Opposition to Defendant’s Motion for Partial Summary Judgment, Latif, et al. v. Holder, No. 10-cv-750 (BR), at 25 n25 (D.Or. Mar. 22, 2013), available at http://www.aclu.org/files/assets/nfl_sj_opp.pdf. 291 Yonas Fikre v. The Fed. Bureau of Investigation, Civil No. 3:13-cv-000899, (D.Or. May 30, 2013), available at https://s3.amazonaws.com/s3.documentcloud.org/documents/705673/yonas-fikre-lawsuit.pdf. See also Nigel Duara & Malin Rising, Yonas Fikre, US Muslim, Claims He Was Tortured At FBI's Behest In United Arab Emirates, A SSOC . P RESS , Apr. 18, 2012, available at http://www.huffingtonpost.com/2012/04/18/us-muslimtortured_n_1434664.html. 292 Kari Huus, American Seeks Political Assylum in Sweden, Alleging Torture, FBI Coercion, MSNBC, Apr. 18, 2012, http://usnews.nbcnews.com/_news/2012/04/18/11266018-american-seeks-political-asylum-in-swedenalleging-torture-fbi-coercion?lite. 293 Nick Baumann, U.S. Charges Yonas Fikre, American Who Claimed Torture, With Conspiracy, M OTHER J ONES, May 3, 2012, http://www.motherjones.com/mojo/2012/05/yonas-fikre-american-who-claimed-torture-indictedconspiracy-charges. 294 Shirin Sadeghi, U.S. Citizen Put on No-Fly List to Pressure Him Into Becoming FBI Informant, H UFFINGTON P OST , June 7, 2012, http://www.huffingtonpost.com/shirin-sadeghi/kevin-iraniha-no-fly-list_b_1579208.html. 295 Ashley McGlone & Susan Shroder, San Diego Man on No-Fly List Returns Home, S AN D IEGO U NION T RIB ., June 7, 2012, http://www.utsandiego.com/news/2012/Jun/06/no-fly-list-keeps-sdsu-grad-grounded-in-costa-rica/. 296 NRC REPORT, supra note 134. 63 From tim at diffalt.com Wed Jun 24 07:11:42 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 24 Jun 2015 10:11:42 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <558a1e72.10548c0a.e6e7.ffffff1e@mx.google.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> <558A0A49.5080803@diffalt.com> <558a1e72.10548c0a.e6e7.ffffff1e@mx.google.com> Message-ID: <558ABA9E.3040703@diffalt.com> On 6/23/2015 11:12 PM, Juan wrote: > On Tue, 23 Jun 2015 21:39:21 -0400 > Tim Beelen wrote: > >> I think Cathal's comment was a general remark. It did not necessarily >> concern you. > > I disagree. "Ted Smith" is explicitly whining about me > > "But now there are 2-3 posters who continually post random > conspiracy crap" > > and given the 'context' of the thread, Cathal is also commenting > on those '2 or 3' posters. Zeenan - and me. > > > > >>> Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? >>> Or? >> I think you're South American. Your rhetoric squarely puts you there. >> Overly defensive on the subject of projecting power. Blatantly >> anti-American (rhetoric only, if you'd ever find yourself living here >> you'd find yourself a lot less radical and carry yourself a bit more >> respectful) > > So, did you look me up in the NSA database or not? That was the > exercise. > > Your first conjecture is unwarranted. People from all over the > world rightly despise the US government and its supporters. > > Now, if my 'rhetoric' drew inspiration from che guevara you > might deduce that I'm from south america. However my > 'rhetoric' (political philosophy actualy) can be traced to the > likes of Lysander Spooner and other private property anarchists, > who, I assure you, aren't popular authors in south america. Or > anywhere else for that matter. > I read the motorcycle diaries-- and loved it. I have not read Lysander. I squarely base my assumptions on you being incongruous. And I'll have you know-- every man is a sum of it's experiences. So I can tell quite reliable where people are from. You are, if only partly, a product of your own government. > >> You are very sensitive on the subject of being run over by a foreign >> power indicates a permanent identity crisis (Argentine) as to where >> you fit in the world of things. > > Okay. So now we've descended into psychobable. 'identity > crisis'? Mildly amusing. > > You did a couple of searches and correctly found out that I > come from argentina - the info is in the public domain. And > based on that, you are making up a story. Maybe. But I'm pleased I was right. I wasn't sure I was right. Again, incongruancies (has a red squiggly I don't know how to spell it). Everyone talks shit non-sequitur. It triggers something in my brain (anger mostly) and I sort people by who they are based on that. It is one of my things. >> Your over-sized ego i.e. taking things personally that are actually a >> general remark is quite a cultural trait. So is calling people by >> name instead of addressing the issue. >> >> Everything North of Chile sans Bolivia has common sensibilities >> towards the Government. Brazilians are not that outspoken, better at >> diverting and quite introverted. Bolivian culture is more refined and >> does not call out people like it's taking a piss. That makes you >> Chilean, Argentinian or Spanish. >> >> You're not European. Your English is too good. > > Now that's interesting. How do you go from "good english"* to > "not european"? If anything, europeans from germanic countries > are likely to speak (way) better english than me. > > *and my english is so so at any rate. Not necessarily true. You'd be surprised which people I consider functionally illiterate (not in the actual meaning, but diminished ability to convey information in writing etc.). Usually conflict areas are great places to look for people who can actually put two and two together and subsequently rely on language to convey critical information that is generally more particular and less generic. Which develops certain language skills. So far, the best all-round experience I had concerning people and their functional literacy: Albania, Finland, South Africa, Denmark, UAE, South South America. Great experience with Afghan refugees. Just to name a few. The Swiss. Singaporeans. But overall not mainland Europeans. Mainland Europeans are over all a hit or miss. In Spain just about no one speaks proper English. The average European. Even though they have a rudimentary understanding of the English language a lot of them can't formulate a sentence to save their life. They rarely have any deeper understanding of idiom BECAUSE it resembles their own language. Also they fuck up the prepositions. > >> And my guess is Argentinian. > > Nominally, yes. I was born here and that's it. > > Now find out what government (terrorist organization) I work > for. Take into account that the argentine government isn't > going to pay me or anybody else to discuss libertarian > principles on an obscure mailing list. No. You're a disgruntled individual. You work for yourself. > > Anyway, this is getting too boring. I suggest you ask "Ted > Smith" to post some real cypherpunk stuff. Like, how great the > pentagon's anonimity network is and how it spreads cancer, I > mean democracy in china. Or something. > > Wut. Cypherpunk-ness for me comes mainly in the form of using crypto so secure my data and the information of others. Good examples are, I can run a VPN to access my documents remotely-- but I could also use sftp. Which is easier to implement? Arguably SFTP. Added bonus is that my RSA certificates can be used to auth for both implementations. I encrypt client data with my public PGP key on a public server. Prefer the KISS model to cyber security rather then adding layers. VLAN? retarded. VPN? retarded (most use cases). Why do we (I) use these tools? Because the attacker, in my case, which usually comes from overseas are individuals looking for stuff to break into. CC numbers. That sort of thing. And most of my problems originate from India and China. Not that that is a reliable statement since we all know that the perp can be in Djibouti for all we know. But not very likely because most people don't care that much for OPSEC. They are not governments. 404s on my server: 70-80% originates from India/China. Port scans are almost all from India. And what really grinds my gears is that with shit standards like PCI compliance most payment gateways in the U.S. are 100% open. EXAMPLE: if I use my CC in a particular mall at a particular store, one month from now I get a call from the bank and have multiple $1 test charges of people guessing my CVC code. It had to happen 5 times before I could connect the dots. And it's all foreign malicious attacks. No governments. We need crypto to get in there and secure my transactions. Regardless if you think that CC companies are the square root of all evil. > > > J. > >> On 6/23/2015 9:03 PM, Juan wrote: >>> On Tue, 23 Jun 2015 19:27:47 -0400 >>> Tim Beelen wrote: >>> >>>> Juan, you just put yourself up as an unsolicited reference for >>>> COINTELPRO. Good Job. >>> I'm trying to decypher...what the hell you mean? >>> >>> >>>> Juan Garofalo. >>> Right. Look me up in the nsa database and report back >>> please. >>> >>> From shelley at misanthropia.org Wed Jun 24 10:17:20 2015 From: shelley at misanthropia.org (Shelley) Date: Wed, 24 Jun 2015 10:17:20 -0700 Subject: [HunchLab] Predicting Crime in Miami In-Reply-To: <558ADB44.3010801@diffalt.com> References: <558ADB44.3010801@diffalt.com> Message-ID: <20150624171705.A6941680029@frontend2.nyi.internal> Looks like it was developed with an $800,000 federal grant and someone from the Philadelphia police dept: http://technical.ly/philly/2013/11/07/azavea-philly-police-crime-prediction-software/ Interesting article (sorry for no excerpt, I'm currently mobile.) They even use the weather as a variable? Main site: hunchlab.com Still have to look up Azavea and see who's behind them/ how much money they suck from the fed teat. ---------- On June 24, 2015 9:42:54 AM Tim Beelen wrote: > This is how it's pitched to the community: > > > http://www.miamiherald.com/news/local/community/miami-dade/article19256145.html > > FTA: The Miami police currently is using COMPSTAT, which does not > predict where crime will happen insofar it tells you where it has been > taking place. In addition they will start using HunchLab at some point. > > An associate professor from Florida International University, Rob T. > Guerette is expected to become their local expert on this piece of > software. The person who wrote the grant for it is Lt. Sean MacDonald. > > http://cj.fiu.edu/people/faculty/rob-guerette/ > > The article claims that similar software has "... helped prevent and > stop property crimes, and is now being tested on gun crimes." > > Which makes me curious as about the kind of heuristics that they are using. > > HunchLab apparently produces maps showing small areas where specific > crimes are likely to be committed. > > This is not a new turn of events, as Miami-Dade’s robbery division uses > IBM's Blue PALMS to solve cold cases. The software connects to a > database of every crime ever documented by Miami-Dade police. Detectives > enter the details of an unsolved crime and the program produces a list > of 20 suspects. > > Now the part of the Nuevo Herald's article that cough my attention is > the moment that it starts speculating about it's effectiveness. > The last few sentences juxtapose the potential volatility of it's > predictions with who is responsible for it's "effectiveness". > > HunchLab uses a wider dataset than the rough equivalent PredPol. > Annotated with the official final statement that the tool will only be > "...as good as the officers using it." > > Putting the burden of proof of it's effectiveness squarely on the > shoulders of the officers forced to use it. Which is, in my opinion, > ridiculous. Since the software is supposed to predict the crime and not > the other way around. > > I highly suspect that it grabs a bunch of data, normalizes it for the > use with a map and starts looking for some correlation coefficient and > then looks if it's statistically significant. I.e. it's a null > hypothesis-- exactly what Larry Samuels, CEO of PredPol tries to warn > them about expecting weird results. Since that is exactly what you get > when you grow your dataset and statistically analyze the date using > correlation coefficients + phi. > > Anyway. Who build this software? And what does it do? From tim at diffalt.com Wed Jun 24 07:48:39 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 24 Jun 2015 10:48:39 -0400 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <20150624143555.227616801BC@frontend2.nyi.internal> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> <558A0A49.5080803@diffalt.com> <558a1e72.10548c0a.e6e7.ffffff1e@mx.google.com> <558ABA9E.3040703@diffalt.com> <14e25fcb7e0.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> <20150624143555.227616801BC@frontend2.nyi.internal> Message-ID: <558AC347.1010502@diffalt.com> On 6/24/2015 10:36 AM, Shelley wrote: > ...how in the hell did you get to someone doing test charges to guess > your cvv2s from trying to armchair-psychoanalyze Juan and issuing > blanket insults to Europeans, et al? > > If you're going to post Aspie word salad like this, you have no basis > to complain about what Juan and Zenaan post. At least they have a point. > > Take your meds, Tim ;) > Sorry. I'll try to reply in once sitting next time-- in the hope that it'll be more concise and to the point. No promises. Again, my bad. I'll take my multivitamin as prescribed. Nobody should be tormented in such a way. Makes me very self conscious to think that I might read like Slavoj Žižek's earlier lectures. > -S > > ---------- > On June 24, 2015 7:17:32 AM Tim Beelen wrote: > >> >> >> On 6/23/2015 11:12 PM, Juan wrote: >> > On Tue, 23 Jun 2015 21:39:21 -0400 >> > Tim Beelen wrote: >> > >> >> I think Cathal's comment was a general remark. It did not necessarily >> >> concern you. >> > >> > I disagree. "Ted Smith" is explicitly whining about me >> > >> > "But now there are 2-3 posters who continually post random >> > conspiracy crap" >> > >> > and given the 'context' of the thread, Cathal is also commenting >> > on those '2 or 3' posters. Zeenan - and me. >> > >> > >> > >> > >> >>> Oh yes. I'm anti west agent on the payroll of? Putin? The chinese? >> >>> Or? >> >> I think you're South American. Your rhetoric squarely puts you there. >> >> Overly defensive on the subject of projecting power. Blatantly >> >> anti-American (rhetoric only, if you'd ever find yourself living here >> >> you'd find yourself a lot less radical and carry yourself a bit more >> >> respectful) >> > >> > So, did you look me up in the NSA database or not? That was the >> > exercise. >> > >> > Your first conjecture is unwarranted. People from all over the >> > world rightly despise the US government and its supporters. >> > >> > Now, if my 'rhetoric' drew inspiration from che guevara you >> > might deduce that I'm from south america. However my >> > 'rhetoric' (political philosophy actualy) can be traced to the >> > likes of Lysander Spooner and other private property anarchists, >> > who, I assure you, aren't popular authors in south america. Or >> > anywhere else for that matter. >> > >> I read the motorcycle diaries-- and loved it. I have not read Lysander. >> >> I squarely base my assumptions on you being incongruous. And I'll have >> you know-- every man is a sum of it's experiences. So I can tell quite >> reliable where people are from. You are, if only partly, a product of >> your own government. >> >> >> > >> >> You are very sensitive on the subject of being run over by a foreign >> >> power indicates a permanent identity crisis (Argentine) as to where >> >> you fit in the world of things. >> > >> > Okay. So now we've descended into psychobable. 'identity >> > crisis'? Mildly amusing. >> > >> > You did a couple of searches and correctly found out that I >> > come from argentina - the info is in the public domain. And >> > based on that, you are making up a story. >> Maybe. But I'm pleased I was right. I wasn't sure I was right. Again, >> incongruancies (has a red squiggly I don't know how to spell it). >> Everyone talks shit non-sequitur. It triggers something in my brain >> (anger mostly) and I sort people by who they are based on that. It is >> one of my things. >> >> >> Your over-sized ego i.e. taking things personally that are actually a >> >> general remark is quite a cultural trait. So is calling people by >> >> name instead of addressing the issue. >> >> >> >> Everything North of Chile sans Bolivia has common sensibilities >> >> towards the Government. Brazilians are not that outspoken, better at >> >> diverting and quite introverted. Bolivian culture is more refined and >> >> does not call out people like it's taking a piss. That makes you >> >> Chilean, Argentinian or Spanish. >> >> >> >> You're not European. Your English is too good. >> > >> > Now that's interesting. How do you go from "good english"* to >> > "not european"? If anything, europeans from germanic countries >> > are likely to speak (way) better english than me. >> > >> > *and my english is so so at any rate. >> Not necessarily true. You'd be surprised which people I consider >> functionally illiterate (not in the actual meaning, but diminished >> ability to convey information in writing etc.). Usually conflict areas >> are great places to look for people who can actually put two and two >> together and subsequently rely on language to convey critical >> information that is generally more particular and less generic. Which >> develops certain language skills. So far, the best all-round experience >> I had concerning people and their functional literacy: Albania, Finland, >> South Africa, Denmark, UAE, South South America. Great experience with >> Afghan refugees. Just to name a few. The Swiss. Singaporeans. But >> overall not mainland Europeans. >> >> Mainland Europeans are over all a hit or miss. In Spain just about no >> one speaks proper English. >> >> The average European. Even though they have a rudimentary understanding >> of the English language a lot of them can't formulate a sentence to save >> their life. They rarely have any deeper understanding of idiom BECAUSE >> it resembles their own language. Also they fuck up the prepositions. >> >> >> > >> >> And my guess is Argentinian. >> > >> > Nominally, yes. I was born here and that's it. >> > >> > Now find out what government (terrorist organization) I work >> > for. Take into account that the argentine government isn't >> > going to pay me or anybody else to discuss libertarian >> > principles on an obscure mailing list. >> No. You're a disgruntled individual. You work for yourself. >> > >> > Anyway, this is getting too boring. I suggest you ask "Ted >> > Smith" to post some real cypherpunk stuff. Like, how great the >> > pentagon's anonimity network is and how it spreads cancer, I >> > mean democracy in china. Or something. >> > >> > >> Wut. >> >> Cypherpunk-ness for me comes mainly in the form of using crypto so >> secure my data and the information of others. Good examples are, I can >> run a VPN to access my documents remotely-- but I could also use sftp. >> Which is easier to implement? Arguably SFTP. Added bonus is that my RSA >> certificates can be used to auth for both implementations. >> >> I encrypt client data with my public PGP key on a public server. Prefer >> the KISS model to cyber security rather then adding layers. VLAN? >> retarded. VPN? retarded (most use cases). Why do we (I) use these tools? >> Because the attacker, in my case, which usually comes from overseas are >> individuals looking for stuff to break into. CC numbers. That sort of >> thing. >> >> And most of my problems originate from India and China. Not that that is >> a reliable statement since we all know that the perp can be in Djibouti >> for all we know. But not very likely because most people don't care that >> much for OPSEC. They are not governments. 404s on my server: 70-80% >> originates from India/China. Port scans are almost all from India. >> >> And what really grinds my gears is that with shit standards like PCI >> compliance most payment gateways in the U.S. are 100% open. >> >> EXAMPLE: if I use my CC in a particular mall at a particular store, one >> month from now I get a call from the bank and have multiple $1 test >> charges of people guessing my CVC code. It had to happen 5 times before >> I could connect the dots. And it's all foreign malicious attacks. No >> governments. >> >> We need crypto to get in there and secure my transactions. Regardless if >> you think that CC companies are the square root of all evil. >> >> >> > >> > >> > J. >> > >> >> On 6/23/2015 9:03 PM, Juan wrote: >> >>> On Tue, 23 Jun 2015 19:27:47 -0400 >> >>> Tim Beelen wrote: >> >>> >> >>>> Juan, you just put yourself up as an unsolicited reference for >> >>>> COINTELPRO. Good Job. >> >>> I'm trying to decypher...what the hell you mean? >> >>> >> >>> >> >>>> Juan Garofalo. >> >>> Right. Look me up in the nsa database and report back >> >>> please. >> >>> >> >>> >> > > From drwho at virtadpt.net Wed Jun 24 10:59:04 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 24 Jun 2015 10:59:04 -0700 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> Message-ID: <558AEFE8.9010106@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/23/2015 02:32 PM, Cathal (Phone) wrote: > And, while we're on the subject, I suspect much of this > pro-anything-not-West crap is likely to be just that: cointelpro > to discredit the genuine content and discourage > subscription/participation by a wider audience. It's pretty > effective, I think. Not that this would ever, ever happen: https://firstlook.org/theintercept/document/2015/06/22/behavioural-science-support-jtrig/ - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Dogs are always going to come up short if you insist on defining them as a weird kind of cat." -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJViu/jAAoJED1np1pUQ8RkJ60P/iQB0FmZ6sVDd9pmigywKUjr IjL/qyB/nvlS3nbGbtRsm0ElY0ZkinP4A0f27kGpK789TPMnSUTSMrilQqFPiEl8 iEKZdndQ/tolY00UyvGtJKPmN8qfwoWeOfQoQs3wTQyxEQFXDAqfC7x2n40bPGE1 pVgTVzv7T8kZHubH8jpaDt9D1VoO1+B4/iv3TvVziG0qettwmkHehK1FBul9qsv+ m5PfcBmr5x3R8XFyNxEaEGjsIqexd4BrhSyS6gvXeXeeCjSJewQKir3xlIAnRnL9 2f2gPXC8xzDuZk84xJ9XTN9TlNYj0BVuRoWsp3Ob32rxsAQxIIQMs2bFqSU2KQ9e QASM+NSf1b59JFzfhBI40wCgSmHrnoEtJycB0KkEpQc/BJT/6HNGcc4eBjC/loCn 3SE93UPLcLXO7fbS7XXplcLKZhZSwdoqW4Ddsajeq0H4qL9zk8FWAj12kKF4ovYf CuZ4ssDum2yU6rdyaEUWCxeEiRgV7cc+xXMEypQKkUQB0nD6scVpKEKcF3BIIFd0 4m0kry1MdzSWEuADJoIo3LBsx/7oIDCRxS0SicSgtcB9X7G9eIFkFRu+xqs+8NDT Rgzba/bIwc/oWf18xeQo2myEmM8vwmT2NL1DeXB7wDyO4Kn7guaC04DbMUoIotQj sUYh6Or5UJhvDI1NpMks =Sy/P -----END PGP SIGNATURE----- From drwho at virtadpt.net Wed Jun 24 11:12:51 2015 From: drwho at virtadpt.net (The Doctor) Date: Wed, 24 Jun 2015 11:12:51 -0700 Subject: [HunchLab] Predicting Crime in Miami In-Reply-To: <20150624171705.A6941680029@frontend2.nyi.internal> References: <558ADB44.3010801@diffalt.com> <20150624171705.A6941680029@frontend2.nyi.internal> Message-ID: <558AF323.1070708@virtadpt.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 06/24/2015 10:17 AM, Shelley wrote: > Looks like it was developed with an $800,000 federal grant and > someone from the Philadelphia police dept: They're going to start rolling something similar out in Oakland, CA: http://www.eastbayexpress.com/oakland/oakland-mayor-schaaf-and-police-seek-unproven-predictive-policing-software/Content?oid=4362343 - -- The Doctor [412/724/301/703/415] [ZS] PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ "Contemporary reality is like an overlapping set of dire science-fictional scenarios." --William Gibson -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVivMeAAoJED1np1pUQ8RkNn8P/0+UAvUAQpuHnjEa5npo/oUb jNnsY6ir+373pn/pWWFLSoM79kalSzc7KdOutwB7Da8DR/jIv+W2mPgwPP6syHOm ZYmyK1caLxQ4CM4U/FvyaRNI2lVVJEmpIjsbeOOfHXKqMyve0R2sSzVa/Rv2F//K QjXIzRVJeaTxnu0CxMw/xQ5+Z0zLZJPKRWD4vDMEgcIGYko6W8f1pp9aSrFukCn0 DN2qhSQ2gIA7YjIw2YW+PW7UQds7NiuJ3l5zpqEfKxqyFSDqJsEPwDby7MF3yvaR LW6Gy6u0fxHLuGmxl7VYwnF9ufvXSbqzzL5/p1xFe8kmSxpqui5K7KU9KacsfxI3 +DJf14YOzD0g0t16e2+x343yTLr4OMmir/FRAgP8++pjPo0NtgzwSs3FeDUmnlhD Qk4/GM5hAdVSsJixh+D+kH92j2uAk8rH51rDZe2kP1prEJXHSZ/VnYHHen4Db3dE iw0fHCXF8O3HJmbcE7ZUc5agz1URZSE2XP3n1njkn9ziz48T3pLIfQ1uS8sKnYLb /uCUtuzRbfKWPVQq2ZJcJ2vNxvANoyl7u+7kSscTl47+/YE1KaN3gil1fJUrB1YS 5UVDOnb+7U577nfzaFq1Y15Inoy4zj45fnFt6dpIAdrsVBraVdSxINMPOU9J35An 2MtNeAIpCcXNdWjNzVXr =vrpk -----END PGP SIGNATURE----- From tim at diffalt.com Wed Jun 24 09:31:00 2015 From: tim at diffalt.com (Tim Beelen) Date: Wed, 24 Jun 2015 12:31:00 -0400 Subject: [HunchLab] Predicting Crime in Miami Message-ID: <558ADB44.3010801@diffalt.com> This is how it's pitched to the community: > http://www.miamiherald.com/news/local/community/miami-dade/article19256145.html FTA: The Miami police currently is using COMPSTAT, which does not predict where crime will happen insofar it tells you where it has been taking place. In addition they will start using HunchLab at some point. An associate professor from Florida International University, Rob T. Guerette is expected to become their local expert on this piece of software. The person who wrote the grant for it is Lt. Sean MacDonald. > http://cj.fiu.edu/people/faculty/rob-guerette/ The article claims that similar software has "... helped prevent and stop property crimes, and is now being tested on gun crimes." Which makes me curious as about the kind of heuristics that they are using. HunchLab apparently produces maps showing small areas where specific crimes are likely to be committed. This is not a new turn of events, as Miami-Dade’s robbery division uses IBM's Blue PALMS to solve cold cases. The software connects to a database of every crime ever documented by Miami-Dade police. Detectives enter the details of an unsolved crime and the program produces a list of 20 suspects. Now the part of the Nuevo Herald's article that cough my attention is the moment that it starts speculating about it's effectiveness. The last few sentences juxtapose the potential volatility of it's predictions with who is responsible for it's "effectiveness". HunchLab uses a wider dataset than the rough equivalent PredPol. Annotated with the official final statement that the tool will only be "...as good as the officers using it." Putting the burden of proof of it's effectiveness squarely on the shoulders of the officers forced to use it. Which is, in my opinion, ridiculous. Since the software is supposed to predict the crime and not the other way around. I highly suspect that it grabs a bunch of data, normalizes it for the use with a map and starts looking for some correlation coefficient and then looks if it's statistically significant. I.e. it's a null hypothesis-- exactly what Larry Samuels, CEO of PredPol tries to warn them about expecting weird results. Since that is exactly what you get when you grow your dataset and statistically analyze the date using correlation coefficients + phi. Anyway. Who build this software? And what does it do? From Rayzer at riseup.net Wed Jun 24 13:30:55 2015 From: Rayzer at riseup.net (Razer) Date: Wed, 24 Jun 2015 13:30:55 -0700 Subject: [HunchLab] Predicting Crime in Miami In-Reply-To: <558ADB44.3010801@diffalt.com> References: <558ADB44.3010801@diffalt.com> Message-ID: <558B137F.8060809@riseup.net> On 06/24/2015 09:31 AM, Tim Beelen wrote: > This is how it's pitched to the community: >> http://www.miamiherald.com/news/local/community/miami-dade/article19256145.html >> > > FTA: The Miami police currently is using COMPSTAT, which does not > predict where crime will happen insofar it tells you where it has been > taking place. In addition they will start using HunchLab at some point. > Locally, the police department decided to partner with PredPol /(snigger: 'Server And Protect')/. Early one morning at Starbucks I saw a shift captain who also did PD PR work on the phone discussing an article that was about to appear regarding the topic in a local newspaper. He emphatically and repeatedly said: "DO NOT call it 'Predictive Policing'!" He obviously didn't believe it was a correct phrase to describe "Guessing". RR Ps. The use of computers to resolve cold-cases mentioned below isn't really relevant to the topic of computers allegedly predicting future crime. ALso, I suspect predictive software will simply create better opportunities for more convincing false flag operations by people affiliated with (but perhaps not directly connected to) police agencies. I'd extrapolate on those operations (at least ones noted locally) but [off-topic], so I decline. > An associate professor from Florida International University, Rob T. > Guerette is expected to become their local expert on this piece of > software. The person who wrote the grant for it is Lt. Sean MacDonald. >> http://cj.fiu.edu/people/faculty/rob-guerette/ > > The article claims that similar software has "... helped prevent and > stop property crimes, and is now being tested on gun crimes." > > Which makes me curious as about the kind of heuristics that they are > using. > > HunchLab apparently produces maps showing small areas where specific > crimes are likely to be committed. > > This is not a new turn of events, as Miami-Dade’s robbery division > uses IBM's Blue PALMS to solve cold cases. The software connects to a > database of every crime ever documented by Miami-Dade police. > Detectives enter the details of an unsolved crime and the program > produces a list of 20 suspects. > > Now the part of the Nuevo Herald's article that cough my attention is > the moment that it starts speculating about it's effectiveness. > The last few sentences juxtapose the potential volatility of it's > predictions with who is responsible for it's "effectiveness". > > HunchLab uses a wider dataset than the rough equivalent PredPol. > Annotated with the official final statement that the tool will only be > "...as good as the officers using it." > > Putting the burden of proof of it's effectiveness squarely on the > shoulders of the officers forced to use it. Which is, in my opinion, > ridiculous. Since the software is supposed to predict the crime and > not the other way around. > > I highly suspect that it grabs a bunch of data, normalizes it for the > use with a map and starts looking for some correlation coefficient and > then looks if it's statistically significant. I.e. it's a null > hypothesis-- exactly what Larry Samuels, CEO of PredPol tries to warn > them about expecting weird results. Since that is exactly what you get > when you grow your dataset and statistically analyze the date using > correlation coefficients + phi. > > Anyway. Who build this software? And what does it do? > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From chgans at gna.org Tue Jun 23 19:28:27 2015 From: chgans at gna.org (Christian Gagneraud) Date: Wed, 24 Jun 2015 14:28:27 +1200 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <558A0A49.5080803@diffalt.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <1435092679.25701.39.camel@riseup.net> <096843DF-3A1D-4FF4-8FF6-4074A906ADFD@cathalgarvey.me> <20150623220845.9DA75C00293@frontend1.nyi.internal> <5589ddc1.875f8c0a.6b25.ffffe4fc@mx.google.com> <5589EB73.3070806@diffalt.com> <558a002c.ea158c0a.bb4f.fffff7bd@mx.google.com> <558A0A49.5080803@diffalt.com> Message-ID: <558A15CB.9020103@gna.org> On 24/06/15 13:39, Tim Beelen wrote: ______________________________________ / You're not European. Your English is \ \ too good. / -------------------------------------- \ \ \ >()_ (__)__ _ From zen at freedbms.net Wed Jun 24 04:44:22 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Wed, 24 Jun 2015 21:44:22 +1000 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: <5589D3D2.90602@diffalt.com> References: <1435086320.25701.26.camel@riseup.net> <5589c366.4aef8c0a.6f02.ffffd8ee@mx.google.com> <5589D3D2.90602@diffalt.com> Message-ID: :D Soo sophistamicated. I thought CIA was meant to be an intelligence agency - not seein much from ya :) Nice to see you guys exposing yourselves though, I genuinely appreciate all the insights and the apparently genuine attempt at intelligent discourse. Seeing things I never saw before. I believe. You might need to charge yourself with indecent exposure, since you probably messed up in undressing quite so publicly. Guess that's why we get your delicious rant now. Mmm, yummy. Went back and read the photo-ops eh? Better luck next time, folks will be lookin out for your new fake I-D hey! I never liked "Beelen" anyway... :) Zenaan On 6/24/15, Tim Beelen wrote: > Well, I guess Juan's rhetorical question is voicing my concern that > crazy-people political rants are not what I sought when I subscribed to > this mailing list. > > Stop talking in blanket terms as 'propaganda' please, have you seen what > ISIS PR came up with for this summer? Maybe Zenaan can cry next about > their border inviolability next > http://www.dumpert.nl/mediabase/6663326/f5c24e5e/isis_shock_video_zomer_2015.html > > Maybe you'll get inspired by people being shot in a car with an RPG, or > the explosive necklace or drowning in a cage. Fun Fun Fun. > > You can discuss the nature of western governments all you like. As long > as an argument is well put together I and others will listen and won't > even complain. Zenaan's stuff is neither. > > Well, and in addition of bringing things to the table that are way out > of bounds, I also happen to disagree with just everything that Zenaan > has to say. > > Zenaan not believe Russians are operating in the Ukraine. > > Zenaan conflates ethnic cleansing of an ethnic minority with > international politics. > > Zenaan is tremendously biased towards a lot of issues. > > Anyway, I've got a pretty sweet solution to this: > > If you're running spamassassin on your mail server add the following > rule in /etc/spamassassin/local.cf > > body ZENAAN_CAUSES_BRAINROT / Harkness/i > score ZENAAN_CAUSES_BRAINROT 5.0 > describe ZENAAN_CAUSES_BRAINROT cpunks.org mailinglist IDS (Idiot > Denial System) > > > > On 6/23/2015 4:44 PM, Juan wrote: >> On Tue, 23 Jun 2015 15:05:20 -0400 >> Ted Smith wrote: >> >>> What's the cypherpunk link in this? >> >> That was part of a discussion on the nature of western >> governments and western propaganda. >> >> Do you think that discussions on the nature of western >> governments are off-topic? Maybe banned? >> >> Maybe we should instead talk about how terrible the suffering >> of US military murderers is? >> >> paging Nick Econopouly >> >> >> >>> On Thu, 2015-06-18 at 19:41 +1000, Zenaan Harkness wrote: >>>> http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integrity/ri8092 >>>> >>>> Summary at bottom, summarizing shifting position of "west" over >>>> some time: "So let us recount the western position: >>>> - It claimed to uphold the sovereignty and territorial integrity >>>> of other countries and the inviolability of borders in Europe >>>> - However, this did not extend to the sovereignty and the >>>> territorial integrity of Federal Yugoslavia which could be trampled >>>> at will >>>> - Nonetheless, albeit the territorial integrity of Federal >>>> Yugoslavia itself wasn’t worth anything, the territorial integrity >>>> of its constituent republics seeking independence was holy >>>> - Albeit the territorial integrity of the Yugoslav constituent >>>> republics of Slovenia, Croatia and Bosnia and Herzegovina was holy, >>>> the territorial integrity of Serbia was not >>>> - Albeit Slovenes, Croats and Bosnian Muslims could leave >>>> Yugoslavia, Serbs could not leave Croatia and Bosnia >>>> - Albeit Serbs could not leave Croatia and Bosnia, Kosovo >>>> Albanians could secede from Serbia >>>> - Albeit Kosovo Albanians could secede from Serbia, Kosovo Serbs >>>> could not secede from Albanian-run Kosovo >>>> - Albeit Kosovo could unilaterally secede from Serbia under NATO >>>> military control, Crimea could not unilaterally secede from Ukraine >>>> under Russian military control >>>> >>>> May world be spared hunger, plague and western principles. >>>> " >>>> >> > > From coderman at gmail.com Wed Jun 24 22:54:26 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 22:54:26 -0700 Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: On 6/24/15, dan at geer.org wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy seems a sound and reasonable treatise. and note that some of these problems relent if you're nicely impeded from the general public and modern urban metropolis... i note the declaration, "The ability to delete yourself from the Web doesn't really matter. What really matters in the age of advanced surveillance is the right to not be correlated.", and posit again, what role for fully decentralized structures devoid of the centralized compute data hoarded hackbait afflicted upon every bigdata aggregation yet collected? opt-out harder :) best regards, From coderman at gmail.com Wed Jun 24 23:06:36 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 23:06:36 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/19/15, coderman wrote: > ... regarding the shenanigans with post and processing, https://s3.amazonaws.com/s3.documentcloud.org/documents/2110787/leopold-obrien-foia-lawsuit-jacob-applebaum.pdf describes some mis-directed replies, and other run around. see: Alexa O'Brien ‏@carwinb . at JasonLeopold) and I (rep'd by atty @_LightLaw) just filed lawsuits for @ioerror records with 19 federal agencies. - https://twitter.com/carwinb/status/613889838748708865 Jason Leopold ‏@JasonLeopold . at carwinb & I just filed a #FOIA lawsuit vs NSA, CIA, et al, for their files on @ioerror, who signed privacy waiver - https://twitter.com/JasonLeopold/status/613888586962890753 best regards, -------------- next part -------------- Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 1 of 16 UNITED STATES DISTRICT COURT FOR THE DISTRICT OF COLUMBIA JASON LEOPOLD, and ALEXA O’BRIEN, vs. NATIONAL SECURITY AGENCY, 9800 Savage Rd. Fort Meade, MD 20755, DEPARTMENT OF HOMELAND SECURITY, 245 Murray Lane, SW Washington, DC 20528 DEPARTMENT OF JUSTICE, 950 Pennsylvania Ave., NW Washington, DC 20530, DEPARTMENT OF DEFENSE, 1400 Defense Pentagon Washington, DC 20301-1400, CENTRAL INTELLIGENCE AGENCY, Washington, DC 20505 and DEPARTMENT OF STATE, 2201 C St., NW Washington, DC 20520 DEFENDANTS ) ) ) Judge _____________ ) Civil Action No. ____________ ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) ) 1 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 2 of 16 COMPLAINT THE PARTIES 1. Plaintiff Jason Leopold is a citizen of California. 2. Mr. Leopold is an investigative reporter for VICE News covering a wide-range of issues, including Guantanamo, national security, counterterrorism, civil liberties, human rights, and open government. Additionally, his reporting has been published in The Guardian, The Wall Street Journal, The Financial Times, Salon, CBS Marketwatch, The Los Angeles Times, The Nation, Truthout, Al Jazeera English and Al Jazeera America. 3. Plaintiff Alexa O’Brien is a citizen of New York. 4. Ms. O’Brien is a national security investigative journalist. Her work has been published in The Cairo Review of Global Affairs, Guardian UK, Salon, and The Daily Beast, and she has been featured on BBC, PBS’ Frontline, On The Media, and Public Radio International. For her “outstanding work” she was shortlisted for the 2013 Martha Gellhorn Prize for Journalism in the UK. 5. Defendant National Security Agency (“NSA”) is an agency of the United States within the meaning of 5 USC § 552(f). 6. Defendant Department of Homeland Security (“DHS”) is an agency of the United States within the meaning of 5 USC § 552(f). 7. The National Protection and Programs Directorate (“NPPD”) is a component of Defendant DHS. 8. The Office of Policy is a component of Defendant DHS. 9. The Science and Technology Directorate (“S&T”) is a component of Defendant 10. The Transportation Security Agency (“TSA”) is a component of Defendant DHS. DHS. 2 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 3 of 16 11. The Office of Operations Coordinating and Planning (“OPS”) is a component of Defendant DHS. 12. The Office of Intelligence and Analysis (“I&A”) is a component of Defendant 13. The United States Secret Service (“Secret Service”) is a component of Defendant 14. The U.S. Customs and Border Protection (“CBP”) is a component of Defendant 15. The U.S. Immigration and Customs Enforcement (“ICE”) is a component of DHS. DHS. DHS. Defendant DHS. 16. The U.S. Citizenship and Immigration Services (“USCIS”) is a component of Defendant DHS. 17. Defendant Department of Justice (“DOJ”) is an agency of the United States within the meaning of 5 USC § 552(f). 18. The Federal Bureau of Investigation (“FBI”) is a component of Defendant DOJ. 19. The Criminal Division (“DOJ Criminal”) is a component of Defendant DOJ. 20. The National Security Division (“NSD”) is a component of Defendant DOJ. 21. Defendant Department of Defense (“DOD”) is an agency of the United States within the meaning of 5 USC § 552(f). 22. The United States Army (“Army”) is a component of Defendant DOD. 23. The Defense Intelligence Agency (“DIA”) is a component of Defendant DOD. 24. Defendant Central Intelligence Agency (“CIA”) is an agency of the United States within the meaning of 5 USC § 552(f). 25. Defendant Department of State is an agency of the United States within the meaning of 5 USC § 552(f). 3 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 4 of 16 JURISDICTION AND VENUE 26. This action arises under the Freedom of Information Act (“FOIA”), 5 U.S.C. § 27. This Court has jurisdiction over the parties and subject matter pursuant to 5 552. U.S.C. § 552(a)(4)(B). Jurisdiction also lies with this Court under 28 U.S.C. § 1331. 28. Venue is proper in this district pursuant to 5 U.S.C. § 552(a)(4)(B). STATEMENT OF FACTS BACKGROUND 29. Jacob Appelbaum is an American security expert and journalist who has collaborated on articles in Der Spiegel detailing NSA surveillance, as well as information disclosed by the former Central Intelligence Agency and Defense Intelligence Agency employee and NSA contractor, Edward Snowden. 30. Mr. Appelbaum is an American citizen, currently residing in Germany. 31. Mr. Appelbaum is associated with WikiLeaks.org, the on-line publisher and archive of censored information; the TOR Project, a free software network designed to provide anonymity on-line; Chaos Computer Club, Europe's largest association of hackers and computer programmers; the Freedom of the Press Foundation; Cult of the Dead Cow, a hacker collective; Noisebridge, a hackerspace in San Francisco; Kink.com; Greenpeace; Ruckus Society; Rainforest Action Network; and monochrom, an art group; 32. In 2012, Mr. Appelbaum co-authored the book Cypherpunks: Freedom and the Future of the Internet with Julian Assange, Andy Mueller-Maguhn, and Jeremie Zimmermann. 4 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 5 of 16 33. In August 2013, Mr. Appelbaum accepted a whistleblower prize on Edward Snowden’s behalf. The prize was awarded by a group of NGOs, including Transparency International. 34. The Department of Justice has publicly acknowledged an ongoing U.S. criminal investigation of WikiLeaks, Assange, and other civilians, including Mr. Appelbaum. 35. Sealed electronic communication orders for Appelbaum’s information from Sonic dated April 15, 2011 and Twitter dated December 14, 2010 were part of the grand jury materials turned over to Chelsea Manning’s defense at trial. 36. Another electronic communication order dated January 4, 2011 commanded Google to hand over the Internet Protocol and email addresses of Appelbaum and the people who had communicated with him from November 1, 2009. 37. Due to security concerns arising from Manning’s May 29, 2010 arrest and the organization’s imminent publication of 91,000 low-level battlefield reports from the U.S. war in Afghanistan on July 25, 2010, Assange did not attend the Hackers on Planet Earth conference. In his place, Appelbaum represented WikiLeaks as the keynote speaker. 38. On July 29, 2010, upon returning to the U.S. from the Netherlands, Appelbaum was detained at Newark Liberty International Airport and questioned for three hours about Julian Assange and WikiLeaks by agents from Immigration and Customs Enforcement and Army CID. Appelbaum states that the agents seized his laptop computer and three cell phones. The laptop was later returned, but according to Appelbaum the phones were not. 39. Appelbaum believes that Army Computer Crimes Investigative Unit (CCIU) Special Agent Antonio Patrick Edwards, was one of the agents who interrogated him at Newark airport on July 29, 2010. The Army Computer Crimes Investigative Unit (CCIU) is a part of Army Criminal Investigation Command (CID). 5 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 6 of 16 40. Both Appelbaum and Ms. O’Brien were separately and individually told by their own source(s) that on December 15, 2011, SA Edwards allegedly gave twenty-eight pages of investigative material from the Department of Justice grand jury probe of WikiLeaks to Mr. Adrian Lamo, a confidential government informant and witness for the prosecution at the Manning's trial. The twenty-eight pages, it was claimed, detailed Appelbaum’s private life. SA Edwards, it was also claimed, allegedly had an intimate relationship with Mr. Lamo. 41. On January 10, 2011 Appelbaum was detained, searched, and questioned by the U.S. Customs and Border Patrol agents at Seattle-Tacoma International Airport upon re-entering country from Iceland. 42. On October 27, 2011, Jacob Appelbaum at the Reykjavik-Keflavik airport incident, Appelbaum was stopped and investigated by Icelandic National Police. PLAINTIFFS’ FOIA REQUESTS 43. On April 28, 2015, Plaintiffs submitted FOIA requests to 19 federal agencies/components for records about Jacob Appelbaum and other related subjects. 44. Each of Plaintiffs’ 19 FOIA requests was submitted by U.S. Postal Service Certified Mail. 45. Each of Plaintiffs’ 19 FOIA requests sought a waiver of fees or, in the alternative, that they be considered a member of the media for fee purposes. 46. Each of Plaintiffs’ 19 FOIA requests sought expedited processing. 47. Each of Plaintiffs’ 19 FOIA requests was accompanied by a privacy waiver signed by Mr. Appelbaum authorizing release of records to them. 6 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 7 of 16 NSA 48. Plaintiff Ms. O’Brien received a letter dated June 5, 2015 from NSA. 49. In the letter, NSA stated that the request had been assigned tracking number 81201; that the FOIA request had been received May 8, 2015; that Plaintiffs would be considered members of the media for fee purposes; and that a decision had not yet been made on entitlement to a fee waiver. The letter further asserted a Glomar response as to three subparts of the request; claimed that one subpart of the request was overly broad; stated that no responsive records would exist with respect to one subpart; and stated that the remaining subparts would be placed in the queue for processing. 50. Plaintiffs have not received any further communications in response to this FOIA request. 51. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies DHS/NPPS 52. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 53. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DHS/HQ 54. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 55. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. 7 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 8 of 16 DHS/Office of Policy 56. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 57. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DHS/S&T 58. Plaintiffs have not yet exhausted their administrative remedies. DHS/TSA 59. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 60. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DHS/OPS 61. Plaintiffs received a letter dated May 12, 2015 from DHS/OPS. 62. In the letter, DHS/OPS stated that the request had been received on May 12, 2015; that unusual circumstances existed; that Plaintiffs were a “non-commercial requestor”; and that the tracking number 15-OPS-60 had been assigned. 63. Plaintiffs have not received any further communications in response to this FOIA request. 64. More than 30 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. 8 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 9 of 16 DHS/I&A 65. Plaintiffs have not yet exhausted their administrative remedies. DHS/Secret Service 66. Plaintiff Ms. O’Brien received a letter dated June 3, 2015 from DHS/Secret Service. 67. In the letter DHS/Secret Service stated that the request had been received on May 15, 2015; that the subparts of the request had been assigned tracking numbers 20150895 through 20150901; that the request for a fee waiver would be held in abeyance pending the quantification of responsive records; and that if the fee waiver was denied, Plaintiffs would be charged duplication fees in accordance with regulations for “media” requesters. 68. Plaintiff Ms. O’Brien received a phone call from a DHS/Secret Service FOIA officer asking who the requester was. Plaintiff Ms. O’Brien responded by email on June 4, 2015, stating that both she and Plaintiff Mr. Leopold were the requesters. 69. Plaintiff Ms. O’Brien received a letter dated June 11, 2015 from DHS/Secret Service. 70. In the letter, DHS/Secret Service stated that the file numbers association with the request had been revised and that the new tracking numbers would be 20150895 through 20150901 and 20150956 through 20150976. 71. Plaintiffs have not received any further communications in response to this FOIA request. 72. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. 9 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 10 of 16 DHS/CBP 73. Plaintiff Ms. O’Brien received a letter dated May 6, 2015 from DHS/CBP. 74. In the letter, DHS/CBP stated that the request had been received on May 5, 2015; that Plaintiffs would be charged for the records in accordance with DHS regulations; that the first 100 pages of records would be free; and that the tracking number CBP-2015-032436 had been assigned. 75. Plaintiffs have not received any further communications in response to this FOIA request. 76. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DHS/ICE 77. Plaintiff Ms. O’Brien received an email dated May 7, 2015 from DHS/ICE. 78. In the letter, DHS/ICE stated that the request had been received on May 7, 2015; that the request for expedited processing had been denied; that unusual circumstances exist; that the request for a fee waiver had been denied; that Plaintiffs would be charged for the records in accordance with DHS regulations as they apply to “non-commercial requesters”; and that the tracking number 2015-ICFO-80208 had been assigned. 79. On May 8, 2015, Plaintiffs appealed the denial of the waiver and the categorization of them as “non-commercial requesters.” 80. Plaintiffs did not appeal the denial of the request for expedited processing. 81. Plaintiff Ms. O’Brien received an email dated June 11, 2015 from DHS/ICE in response to her administrative appeal. 10 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 11 of 16 82. In the letter, DHS/ICE stated that the appeal had been assigned number 2015- ICAP-00371; that the fee waiver request should be granted; and that the FOIA request would be further processed. 83. Plaintiffs have not received any further communications in response to the initial FOIA request. 84. More than 30 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DHS/USCIS 85. Plaintiff Ms. O’Brien received a letter dated May 13, 2015 from DHS/USCIS. 86. In the letter, DHS/USCIS stated that the request had been assigned tracking number NRC2015064680; that five subparts of the request did not reasonably describe the records sought; and that Plaintiffs should respond within 30 days by narrowing the search request. The letter did not inform Plaintiffs of any appeal rights. 87. Plaintiffs did not narrow the search request as to the five subparts that DHS/USCIS refused to process. Because DHS/USCIS did not consider Plaintiffs’ request to be a valid FOIA request with respect to five subparts, Plaintiffs were not required to administratively appeal the determination. 88. Plaintiffs have not received any further communications in response to the initial FOIA request. 89. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies with respect to all other parts of the request. DOJ/FBI 11 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 12 of 16 90. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 91. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DOJ/DOJ Criminal 92. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 93. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DOJ/NSD 94. Plaintiffs have not received an acknowledgment or any other communications in response to this FOIA request. 95. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DOD/Army 96. Plaintiff Ms. O’Brien received a letter dated May 11, 2015 from DOD/Army. The letter did not relate to Plaintiffs’ FOIA request and appears to have been sent by mistake. 97. On May 11, 2015 Plaintiff Ms. O’Brien emailed DOD/Army stating that the acknowledgment letter she received appeared to relate to someone else’s request. 98. Plaintiff Ms. O’Brien received a letter dated May 20, 2015 from DOD/Army Criminal Investigation Command Division. The letter stated that DOD/Army FOIA/PA division 12 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 13 of 16 forwarded the request to that office, which received it on May 13, 2015; and that the request had been assigned tracking number FA15-2251. 99. Plaintiff Ms. O’Brien received a letter dated June 1, 2015 from DOD/Army Intelligence and Security Command. The letter stated that DOD/Army FOIA/PA division forwarded the request to that office, which received it on May 14, 2015; that the agency would not be able to comply with the statutory 20-day time period; and that the request had been assigned tracking number #0958F-15. 100. Plaintiffs have not received any further communications in response to the initial FOIA request. 101. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. DOD/DIA 102. Plaintiff Ms. O’Brien received a letter dated May 12, 2015 from DOD/DIA. 103. The letter stated that DOD/DIA had received the request on May 11, 2015; that the request had been assigned tracking number 0342-2015; and that unusual circumstances existed. 104. Plaintiffs have not received any further communications in response to the initial FOIA request. 105. More than 30 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. CIA 106. Plaintiff Ms. O’Brien received a letter dated May 26, 2015 from the CIA. 13 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 14 of 16 107. The letter stated that the request had been assigned tracking number F-2015- 01614 and denying the request for expedited processing. 108. Plaintiffs did not appeal the denial of the request for expedited processing. 109. Plaintiffs have not received any further communications in response to the initial FOIA request. 110. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies, except with respect to the denial of expedited processing. Department of State 111. Plaintiff Ms. O’Brien received a letter dated May 26, 2015 from Department of 112. The letter stated that Department of State had assigned the request tracking State. number F-2015-09478; that unusual circumstances “may” exist; and that the request for a fee waiver had been granted. 113. Plaintiff Ms. O’Brien received an email dated May 26, 2015 from Department of 114. The email requested a timeframe by close of business on that day. 115. On May 26, 2015, Plaintiff Ms. O’Brien responded to the email with timeframes State. for each of the subparts of the request. 116. Plaintiffs have not received any further communications in response to the FOIA request. 117. More than 20 business days have elapsed since the agency received Plaintiffs’ FOIA request. Therefore, Plaintiffs are deemed to have exhausted their administrative remedies. 14 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 15 of 16 COUNT I: VIOLATION OF FOIA 118. This Count realleges and incorporates by reference all of the preceding paragraphs. 119. Each of the defendants have violated FOIA by improperly withholding non- exempt, responsive records. 120. Each of the defendants have violated FOIA by failing to grant Plaintiffs a fee waiver, except for Department of State and DHS/ICE, which granted a fee waiver. 121. Each of the defendants have violated FOIA by failing to grant Plaintiffs request for expedited processing. However, this lawsuit does not challenge the denial of the request for expedited processing by DHS/ICE and CIA, which Plaintiffs have not administratively appealed. 122. NSA and DHS/USCIS have violated FOIA by failing to process a valid FOIA request (or a portion thereof). 123. DHS/OPS has violated FOIA by failing to treat Plaintiffs as members of the media for fee purposes. 124. Each of the defendants have violated FOIA by failing to make a final determination within the statutory time period as to whether records will be released. 125. At this time, Plaintiffs are not challenging the actions of DHS/S&T and DHS/I&A because Plaintiffs have not yet exhausted their administrative remedies. 126. Plaintiffs have been and will continue to be irreparably harmed until Defendants are ordered to comply with FOIA. 15 Case 1:15-cv-00999 Document 1 Filed 06/24/15 Page 16 of 16 PRAYER FOR RELIEF WHEREFORE, Plaintiff respectfully requests that this Court: (1) Declare Defendants’ failure to comply with FOIA to be unlawful; (2) Order Defendants to search for and process the requested records without further delay and without payment of search, review, and duplication fees; (3) Order Defendants to process the requested records on an expedited basis; (4) Grant Plaintiff an award of attorney fees and other litigation costs reasonably incurred in this action pursuant to 5 USC § 552(a)(4)(E)(i); (5) Grant Plaintiff such other and further relief which the Court deems proper. Respectfully Submitted, __/s/ Jeffrey Light_______________ Jeffrey L. Light D.C. Bar #485360 1712 Eye St., NW Suite 915 Washington, DC 20006 (202)277-6213 Jeffrey at LawOfficeOfJeffreyLight.com Counsel for Plaintiff 16 From coderman at gmail.com Wed Jun 24 23:23:09 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 23:23:09 -0700 Subject: progression of technologies (almost a satire) In-Reply-To: <558B9A1E.9050806@dyne.org> References: <20150625032613.48665228148@palinka.tinho.net> <558B9A1E.9050806@dyne.org> Message-ID: On 6/24/15, hellekin wrote: > ... What can be done is not > necessarily to be done--and the fact no H-bomb has been detonated for a > while demonstrates technology can be tamed by human will, if only by a > safe bit. Actually that seems to be the only path left, as technology > is being imposed on a global scale without restraint, like free trade or > private property before it. trending exponential technology is the Great Filter.[0] earth humans must get house in order! [1] :P best regards, 0. "... With no evidence of intelligent life other than ourselves, it appears that the process of starting with a star and ending with "advanced explosive lasting life" must be unlikely. This implies that at least one step in this process must be improbable." - https://en.wikipedia.org/wiki/Great_Filter 1. white, privileged, young and middle aged males the outlier, in modern harm terms. significantly over represented in column "run amok". first to feel the downward mobility, and most to grow unhinged agro over it? From dan at geer.org Wed Jun 24 20:26:13 2015 From: dan at geer.org (dan at geer.org) Date: Wed, 24 Jun 2015 23:26:13 -0400 Subject: progression of technologies Message-ID: <20150625032613.48665228148@palinka.tinho.net> Paraphrasing Bonnie Raitt, let's give 'em something germane to argue about. In particular, what do I have wrong here: http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy --dan From coderman at gmail.com Wed Jun 24 23:39:21 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 23:39:21 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: FOIAs to State Dept. about my complaint at Paris Embassy (yes, that one :) rejected along with a separate FOIA to Bureau of Consular Affairs within State Dept. they don't use form DoJ-361 for identity attestation, but their own things, including a form https://www.muckrock.com/foi/united-states-of-america-10/independence-embassy-18065/ and second to Consular Affairs: https://www.muckrock.com/foi/united-states-of-america-10/independence-embassy-18066/ ... punctuated joys, many long silences, occasional crushing by bureaucracy. FOIPA adventures, indeed! best regards, From coderman at gmail.com Wed Jun 24 23:41:14 2015 From: coderman at gmail.com (coderman) Date: Wed, 24 Jun 2015 23:41:14 -0700 Subject: FOIPA adventures In-Reply-To: References: Message-ID: On 6/24/15, coderman wrote: > FOIAs to State Dept. ... don't use form DoJ-361..., but their own > things, including a form State Department form DS-4240 -^ From hellekin at dyne.org Wed Jun 24 23:05:18 2015 From: hellekin at dyne.org (hellekin) Date: Thu, 25 Jun 2015 03:05:18 -0300 Subject: progression of technologies (almost a satire) In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <558B9A1E.9050806@dyne.org> On 06/25/2015 12:26 AM, dan at geer.org wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > --dan > *** Thank you for this interesting opinion. I can't see anything wrong at first sight, objectively. Nevertheless, when I read "There is no mechanistic difference whatsoever between personalization and targeting save for the intent of the analyst.", I'm tempted to drop a bit of sleeping time to respond and propose a "quantum difference". Surely Law can't prevent physics, and unless all buildings are coated against radiation or jammed with noise, both unlikely outcomes, our privacy is stuck with Murphy's Law and the goodwill of people thinking that if it can be done, it will be done. There's no defense against it, except, as you say: sabotage, and not being correlated (though luck with that in cosmopolitan space, where acquired targets glow like Christmas trees wrapped in gilded RFID garlands). The "quantum difference" between personalization (serving the user) and otherwise (sucking it dry) resides in ethics: one is helpful and considerate; livingry vs. killingry. What can be done is not necessarily to be done--and the fact no H-bomb has been detonated for a while demonstrates technology can be tamed by human will, if only by a safe bit. Actually that seems to be the only path left, as technology is being imposed on a global scale without restraint, like free trade or private property before it. It may sound like trying to keep the rain from falling with one's bare hands, but frankly, what else is there to do than revolt what's left of the human mind against the tyranny of paranoid integral control? Nietzsche declared God dead, and here we are mechanizing Its omni-science in search of omni-impotence, and soon we'll be declaring humans dead as well, obsolete, parasiting the good working of the machine. But once the mechanistic reduction of a helpful activity into a dreadful one is identified, it's easy to rewind one sentence, and stumble upon a very troublesome term: "data acquisition". So you want to turn those who acquire data into biohazard liabilities? Would whistleblowers, journalists, and scientists count among them, or just greedy corporations and morbidly obese intelligence agencies and military-industrial crackpots? Obviously we're way past trying to limit our technical capacity to damage ourselves: only radical change in human behavior can achieve that. An alien invasion? The second coming of the messiah? Otherwise, well, sabotage seems to remain a valid joker: making it so that "unique signatures" can be shared to disrupt sensors everywhere and confuse data analysis. We are all J. Doe. Still there's another issue at work with pervasive surveillance, that is more of a concern, and that some clever sabotage expert could play against public figures, as exemplified in the notorious (misattributed?) quote of Cardinal Armand Jean du Plessis Duc de Richelieu, Pair de France, CIO of Louis XIII Le Juste: Give me six lines written by the most honest man, and I will find something there to hang him. What about: irrefutable biometric evidence recollected over the past week links [target] to the mysterious murder of [past target]. No government would be stupid enough* to target all their citizens in general (unless given sufficient firepower). But sweeping at the margins, one gait-profiled parasite at a time, has proven to be an efficient defense of the abominations perpetrated by the State throughout history. Such power given to supra-State actors like corporations, or organized crime (be it terrorist, an intelligence agency, or both) is a very amusing perspective to the Cynic within. In conclusion, as a final tongue-in-cheek comment: if we can't stop progress, we can at least try and make it worse. Regards, == hk * Except the USA, Russia, UK, France, China, Cisco, Facebook, Google, etc. -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From grarpamp at gmail.com Thu Jun 25 03:07:01 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 25 Jun 2015 06:07:01 -0400 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: On Thu, Jun 25, 2015 at 1:54 AM, coderman wrote: > opt-out harder :) Yes. And to those who say such things below... "If I take your picture on the public street, I do not need to give you any notice, and you have no basis to complain about it." Really? If it's just some random fuck with a camera in your face, you can just as well discuss planting your fist hard in their face until they understand and delete it. And if it's some mounted camera or state goon without a individualized warrant rolling 24x7 on that same street, people should be filling the courts and minister congress halls with constitutional cases and law changes. As well as discussing planting fist in their face until they understand and cooperate. Whatever the first case was that common lawed and slippery sloped the public permissive line of thinking back before it wasn't possible to even correlate newsprint over telegraph... absolutely needs reevaluated in the digital age and with abject spying and mining being the purpose and the new, unnatural and downright offensive to everyone if you really ask them usage. "in general public use" Those individuals being observed walking / driving down the street or in any other context, digital or not... are generally not using such devices or correlation themselves as between and applied to their fellow fucks. And certainly not as evil goons from above. "I have the right to capture what you emanate." I fart in your general direction, Sir. From grarpamp at gmail.com Thu Jun 25 03:39:11 2015 From: grarpamp at gmail.com (grarpamp) Date: Thu, 25 Jun 2015 06:39:11 -0400 Subject: [HunchLab] Predicting Crime in Miami In-Reply-To: <558B137F.8060809@riseup.net> References: <558ADB44.3010801@diffalt.com> <558B137F.8060809@riseup.net> Message-ID: On Wed, Jun 24, 2015 at 4:30 PM, Razer wrote: > Ps. The use of computers to resolve cold-cases mentioned below isn't > really relevant to the topic of computers allegedly predicting future > crime. ALso, I suspect predictive software will simply create better > opportunities for more... They will construct and spit out "solutions" that will seem completely believable to humans (such as police, prosecutors, judges, and juries), chock full of "supporting evidence" that you are guilty... even though you're innocent. Because that's what they've been programmed to do... find a solution that fits. Just like the ones that fit the death row exonerates. It's all so infallible, you see. Guilt before innocence, defense can't compete, case closed. From jya at pipeline.com Thu Jun 25 03:41:50 2015 From: jya at pipeline.com (John Young) Date: Thu, 25 Jun 2015 06:41:50 -0400 Subject: progression of technologies (surely a religion) In-Reply-To: <558B9A1E.9050806@dyne.org> References: <20150625032613.48665228148@palinka.tinho.net> <558B9A1E.9050806@dyne.org> Message-ID: True, the devil is everywhere, unavoidable, only religion can save you sinners whose souls must be spied by conscience, confession to god's agents for forgivenss and guidance the only protection. Give generously to the building fund. Spies have forever preached this panopticism of the kindly and wise overseer, along with authoritarians of endless diversity and venality. How they fear the collapse of their temples, their insiders becoming apostates, their servants throwing off yoke of authority, rising up to lop howling heads apraying for forgiveness, the untutored no longer willing to accept the autocracy of the learned. Then learned preachers call in their wholly supportive and believing cops of coercion where might overrules reason and kindliness, then the prayerful affirm the righteousness of law and order, the need for ubiquitous spying, then judges, legislators, lawyers and educators are blessed with allegedly supreme wisdom and rewarded with mighty fine perquisites and stay out of jail no matter how corrupt and devilish, albe the perks are limited to the religion of male supremacy, disguised in all genders, armed to the max against their demon-righteously angry subjects. Senator Diane Feinstein dislikes the word "survellance" as spies dislike the word "spies." They all share a faith in complicitously necessary oversight of everyone-is-an- agent-of-the-devil-in-disguise except themselves -- for themselves only top secrecy faith in national security armed with megadeath retribution to shield the shrewdly aggrandizing learned in their temples of rationality for thinking deeply and kindly of how next to fuck the public. As their god wills and panoptically spies full spectrum emanations (once known as vapors of sin). At 02:05 AM 6/25/2015, you wrote: >On 06/25/2015 12:26 AM, dan at geer.org wrote: > > Paraphrasing Bonnie Raitt, let's give 'em something germane > > to argue about. In particular, what do I have wrong here: > > > > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > > > --dan > > >*** Thank you for this interesting opinion. I can't see anything wrong >at first sight, objectively. Nevertheless, when I read "There is no >mechanistic difference whatsoever between personalization and targeting >save for the intent of the analyst.", I'm tempted to drop a bit of >sleeping time to respond and propose a "quantum difference". > >Surely Law can't prevent physics, and unless all buildings are coated >against radiation or jammed with noise, both unlikely outcomes, our >privacy is stuck with Murphy's Law and the goodwill of people thinking >that if it can be done, it will be done. There's no defense against it, >except, as you say: sabotage, and not being correlated (though luck with >that in cosmopolitan space, where acquired targets glow like Christmas >trees wrapped in gilded RFID garlands). > >The "quantum difference" between personalization (serving the user) and >otherwise (sucking it dry) resides in ethics: one is helpful and >considerate; livingry vs. killingry. What can be done is not >necessarily to be done--and the fact no H-bomb has been detonated for a >while demonstrates technology can be tamed by human will, if only by a >safe bit. Actually that seems to be the only path left, as technology >is being imposed on a global scale without restraint, like free trade or >private property before it. > >It may sound like trying to keep the rain from falling with one's bare >hands, but frankly, what else is there to do than revolt what's left of >the human mind against the tyranny of paranoid integral control? >Nietzsche declared God dead, and here we are mechanizing Its >omni-science in search of omni-impotence, and soon we'll be declaring >humans dead as well, obsolete, parasiting the good working of the machine. > >But once the mechanistic reduction of a helpful activity into a dreadful >one is identified, it's easy to rewind one sentence, and stumble upon a >very troublesome term: "data acquisition". So you want to turn those >who acquire data into biohazard liabilities? Would whistleblowers, >journalists, and scientists count among them, or just greedy >corporations and morbidly obese intelligence agencies and >military-industrial crackpots? > >Obviously we're way past trying to limit our technical capacity to >damage ourselves: only radical change in human behavior can achieve >that. An alien invasion? The second coming of the messiah? Otherwise, >well, sabotage seems to remain a valid joker: making it so that "unique >signatures" can be shared to disrupt sensors everywhere and confuse data >analysis. We are all J. Doe. > >Still there's another issue at work with pervasive surveillance, that is >more of a concern, and that some clever sabotage expert could play >against public figures, as exemplified in the notorious (misattributed?) >quote of Cardinal Armand Jean du Plessis Duc de Richelieu, Pair de >France, CIO of Louis XIII Le Juste: Give me six lines written by the >most honest man, and I will find something there to hang him. What >about: irrefutable biometric evidence recollected over the past week >links [target] to the mysterious murder of [past target]. > >No government would be stupid enough* to target all their citizens in >general (unless given sufficient firepower). But sweeping at the >margins, one gait-profiled parasite at a time, has proven to be an >efficient defense of the abominations perpetrated by the State >throughout history. Such power given to supra-State actors like >corporations, or organized crime (be it terrorist, an intelligence >agency, or both) is a very amusing perspective to the Cynic within. > >In conclusion, as a final tongue-in-cheek comment: if we can't stop >progress, we can at least try and make it worse. > >Regards, > >== >hk > >* Except the USA, Russia, UK, France, China, Cisco, Facebook, Google, etc. > >-- > _ _ We are free to share code and we code to share freedom >(_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From z9wahqvh at gmail.com Thu Jun 25 05:44:27 2015 From: z9wahqvh at gmail.com (z9wahqvh) Date: Thu, 25 Jun 2015 08:44:27 -0400 Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: this is absolutely tremendous, original, and insightful. in my opinion. On Wed, Jun 24, 2015 at 11:26 PM, wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > --dan > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 857 bytes Desc: not available URL: From patrick.c.connolly at gmail.com Thu Jun 25 10:15:08 2015 From: patrick.c.connolly at gmail.com (Patrick Connolly) Date: Thu, 25 Jun 2015 13:15:08 -0400 Subject: [HunchLab] Predicting Crime in Miami Message-ID: I was at the international open data conference a few weeks ago, and caught something similar coming out of Edmonton, AB, Canada. They basically feed a bunch of data sets into the system, and over the course of a few days, a "rule inducer" generates a bunch of interesting geographic rules that correllate with certain types of crime. Then the city tries to make sense of the complex rules and tease apart correlation and causation. http://www.edmontonjournal.com/City+harnesses+data+understand+crime/10716439/story.html Message: 4 > Date: Wed, 24 Jun 2015 13:30:55 -0700 > From: Razer > To: cypherpunks at cpunks.org > Subject: Re: [HunchLab] Predicting Crime in Miami > Message-ID: <558B137F.8060809 at riseup.net> > Content-Type: text/plain; charset="windows-1252" > > > > On 06/24/2015 09:31 AM, Tim Beelen wrote: > > This is how it's pitched to the community: > >> > http://www.miamiherald.com/news/local/community/miami-dade/article19256145.html > >> > > > > FTA: The Miami police currently is using COMPSTAT, which does not > > predict where crime will happen insofar it tells you where it has been > > taking place. In addition they will start using HunchLab at some point. > > > > > Locally, the police department decided to partner with PredPol > /(snigger: 'Server And Protect')/. Early one morning at Starbucks I saw > a shift captain who also did PD PR work on the phone discussing an > article that was about to appear regarding the topic in a local > newspaper. He emphatically and repeatedly said: > > "DO NOT call it 'Predictive Policing'!" > > He obviously didn't believe it was a correct phrase to describe "Guessing". > > RR > > Ps. The use of computers to resolve cold-cases mentioned below isn't > really relevant to the topic of computers allegedly predicting future > crime. ALso, I suspect predictive software will simply create better > opportunities for more convincing false flag operations by people > affiliated with (but perhaps not directly connected to) police agencies. > > I'd extrapolate on those operations (at least ones noted locally) but > [off-topic], so I decline. > > > > An associate professor from Florida International University, Rob T. > > Guerette is expected to become their local expert on this piece of > > software. The person who wrote the grant for it is Lt. Sean MacDonald. > >> http://cj.fiu.edu/people/faculty/rob-guerette/ > > > > The article claims that similar software has "... helped prevent and > > stop property crimes, and is now being tested on gun crimes." > > > > Which makes me curious as about the kind of heuristics that they are > > using. > > > > HunchLab apparently produces maps showing small areas where specific > > crimes are likely to be committed. > > > > This is not a new turn of events, as Miami-Dade’s robbery division > > uses IBM's Blue PALMS to solve cold cases. The software connects to a > > database of every crime ever documented by Miami-Dade police. > > Detectives enter the details of an unsolved crime and the program > > produces a list of 20 suspects. > > > > Now the part of the Nuevo Herald's article that cough my attention is > > the moment that it starts speculating about it's effectiveness. > > The last few sentences juxtapose the potential volatility of it's > > predictions with who is responsible for it's "effectiveness". > > > > HunchLab uses a wider dataset than the rough equivalent PredPol. > > Annotated with the official final statement that the tool will only be > > "...as good as the officers using it." > > > > Putting the burden of proof of it's effectiveness squarely on the > > shoulders of the officers forced to use it. Which is, in my opinion, > > ridiculous. Since the software is supposed to predict the crime and > > not the other way around. > > > > I highly suspect that it grabs a bunch of data, normalizes it for the > > use with a map and starts looking for some correlation coefficient and > > then looks if it's statistically significant. I.e. it's a null > > hypothesis-- exactly what Larry Samuels, CEO of PredPol tries to warn > > them about expecting weird results. Since that is exactly what you get > > when you grow your dataset and statistically analyze the date using > > correlation coefficients + phi. > > > > Anyway. Who build this software? And what does it do? > > > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 5537 bytes Desc: not available URL: From afalex169 at gmail.com Thu Jun 25 03:56:31 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Thu, 25 Jun 2015 13:56:31 +0300 Subject: [HunchLab] Predicting Crime in Miami In-Reply-To: References: <558ADB44.3010801@diffalt.com> <558B137F.8060809@riseup.net> Message-ID: > > Guilt before innocence, defense can't compete, case closed. > Exactly! This "project" contradicts the whole basis of the Judicial/Court System in which everything is built upon the "presumption of innocence". Now, there is going to be a legalized&official "presumption of guilt"! It's a disaster. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 618 bytes Desc: not available URL: From coderman at gmail.com Thu Jun 25 14:38:25 2015 From: coderman at gmail.com (coderman) Date: Thu, 25 Jun 2015 14:38:25 -0700 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: On 6/25/15, Lodewijk andré de la porte wrote: > ... > This is exceedingly strange coming from an In-Q-Tel security officer. > In-Q-Tel basically invests in anything performing more collections in the > US. Does Dan Geer worry for the future, and effectively betray In-Q-Tel? for past iconoclasm , see where Dan describes the danger of a Micro$oft Windows monoculture; biting the hand that feeds. there's hope for him yet! ;) From coderman at gmail.com Thu Jun 25 16:13:21 2015 From: coderman at gmail.com (coderman) Date: Thu, 25 Jun 2015 16:13:21 -0700 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens Message-ID: "BREAKING: According to Michael Ratner attorney for WikiLeaks Anonymous has been officially designated a "Malicious Foreign Actor" by the NSA" - https://twitter.com/CommanderXanon/status/614153130268299264 i'd like to know if this was before or after summer of 2011, as designation of "Malicious Foreign Actor" would explain the use of indiscriminate military technology against an entire venue because of the presence of some Anons and LulzSec: http://seclists.org/fulldisclosure/2011/Aug/76 [ note that i'm still permanently moderated on Fyodor's FD, and thus won't reply there. ] sunlight - it may travel slowly, but eventually the darkest corners come into view :P best regards, P.P.S. the "kit falling over" was because they tied the automated exploitation to DHCP assignment once device connected to 3G/4G data network. by using DHCP-Relay to inject thousands of lease requests over a single link, their fork-bomb'ed gear fell over, with haste. i hope it fucked your intercepts, jerks! [ this kind of un-targeted mass surveillance is just as abhorrent as warrantless wiretaps on the backbone, even if the scope is limited.] From coderman at gmail.com Thu Jun 25 16:36:20 2015 From: coderman at gmail.com (coderman) Date: Thu, 25 Jun 2015 16:36:20 -0700 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens In-Reply-To: References: Message-ID: On 6/25/15, coderman wrote: > [ fix your easily DoS'd gear chumps ] ... 2012 saw NSA deploy targeted attacks via presence within carrier networks (e.g. "in the towers" attacks) either the tactical DirtBoxen weren't up to snuff, or NSA felt the need to act direct. this was the first year DIRNSA ever spoke at DEF CON. regardless, the tower based attacks driven by TAO did not suffer these deficiencies and my ass was handed to me that next year. i'd like to know more about NSA TAO and FBI DITU cooperation, if any. my working theory is that TAO *should not ever* be operating against US citizens, and their techniques so sensitive that DITU is not allowed to co-opt their capabilities, either. from what i observed, DITU gets the "hand-me-down" sploits after they've been discovered, or lost effectiveness. FBI DITU cooperation with NSA SSO is operated under FISA, but this is primarily fiber taps and PRISM front-doors to corporate data stores. --- just to make it abundantly clear: keeping up to date against patched vulnerabilities is critical, as this window of opportunity to take advantage is regularly and successfully utilized by these console cowboys... why care about the hard stuff, if your lax habits make the easy sploits perfectly effective? so many "advanced targeted" attacks just use simple methods and known vulnerabilities. we've got to cover the basics before we even consider next steps/advanced protections! best regards, bear-poker-man From coderman at gmail.com Thu Jun 25 17:49:51 2015 From: coderman at gmail.com (coderman) Date: Thu, 25 Jun 2015 17:49:51 -0700 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens In-Reply-To: References: Message-ID: On 6/25/15, coderman wrote: > ... > i'd like to know more about NSA TAO and FBI DITU cooperation, if any. an early report of this "Malicious Foreign Actor" status is from last year: "Snowden Documents Reveal Covert Surveillance and Pressure Tactics Aimed at WikiLeaks and Its Supporters" - https://firstlook.org/theintercept/2014/02/18/snowden-docs-reveal-covert-surveillance-and-pressure-tactics-aimed-at-wikileaks-and-its-supporters/ where is stated: 'A third document, from July 2011, contains a summary of an internal discussion in which officials from two NSA offices – including the agency’s general counsel and an arm of its Threat Operations Center – considered designating WikiLeaks as “a ‘malicious foreign actor’ for the purpose of targeting.” Such a designation would have allowed the group to be targeted with extensive electronic surveillance – without the need to exclude U.S. persons from the surveillance searches.' and finally, note this quote: """ Asked if it would be permissible to “target the foreign actors of a loosely coupled group of hackers … such as with Anonymous,” the response is unequivocal: “As long as they are foreign individuals outside of the US and do not hold dual citizenship … then you are okay.” """ - i'd love to know how many times that guidance is violated! best regards, From mirimir at riseup.net Thu Jun 25 19:06:11 2015 From: mirimir at riseup.net (Mirimir) Date: Thu, 25 Jun 2015 20:06:11 -0600 Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <558CB393.4020209@riseup.net> On 06/24/2015 09:26 PM, dan at geer.org wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > --dan Yes, it seems inevitable: pervasive surveillance of everyone by everyone. Like a global village aka small town ;) But the ubiquity of requisite knowledge and technology, facilitated by leaks, may allow the motivated to claw back some privacy. Some of the most highly motivated are criminals. But that's always been the case. As coderman says, "opt out harder :)" From l at odewijk.nl Thu Jun 25 05:03:03 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Thu, 25 Jun 2015 21:03:03 +0900 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: 2015-06-25 19:07 GMT+09:00 grarpamp : > > "If I take your picture on the public street, I do not need to give you > any notice, and you have no basis to complain about it." > > Really? > > If it's just some random fuck with a camera in your face, > you can just as well discuss planting your fist hard in their face > until they understand and delete it. I went on this trip to the South of South Korea. It was organized by some enthusiasts/travelers that regularly organize stuff. I thought at first they were a semi-company (unregistered doing travelling agency like activities) that don't pay tax and make a little buck while travelling, especially as they mentioned no insurance and also carried a brandname and logo, and had very regular activities. Operating through meetup.com, though, always skirts the fine line between professional and amateur. Certainly, though, the notion that they might make a profit even with cheap tours (hint: no taxes) or that acting like a company kind of makes you into one, was certainly lost on them. The trip I went on was half paid for by the Boseong government. Given that county was far away from anything touristic and, well, there was probably hardly anything there, I thought they were just getting some try-out-and-spread-the-word tourists. This was definitely true, the housing was brand new (and empty). They managed to herd us into a "Boseong-Kazagstan sister city project" presentation televised in Kazakhstan (note: countries can be cities). During the main activity a photographer's event was coincidentally planned. Naturally, I was very unhappy about all this. Confronting others I found that none of the 80 other participants shared my feelings to any extend. Notably, most considered that they should do something back for the Boseong government, for having paid half their trip, and so this was all fine. They also gave enormous leeway for the volunteers that happily organized this tour, and simply didn't see the harm of being taken pictures of (for whatever purpose). (I got a horde of childish remarks, apparently most 20 somethings abroad are still living their highschool dreams) The age of privacy, and everything with it, including the freedom of association and separation of public and private life, is ending. The public is smiling merrily along the road. 1984 is coming, but the public is not scared or suppressed. They are smiling happy people, obedient and cheerful, and they take the best of care of their keepers. This is neither a hyperbole, not that much of a doomsday scenario. It is simply inevitable and true. The cost of surveillance is decreasing, the abuse of surveillance is mild or absent - and has passed from the people's minds. People are not concerned with the eventual consequences of tracking all their activities, they are concerned with having more fun. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3634 bytes Desc: not available URL: From juan.g71 at gmail.com Thu Jun 25 20:01:27 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 26 Jun 2015 00:01:27 -0300 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <558cbed1.91928c0a.5a83.4daa@mx.google.com> On Fri, 26 Jun 2015 01:22:17 +0900 Lodewijk andré de la porte wrote: > 2015-06-25 21:44 GMT+09:00 z9wahqvh : > > > this is absolutely tremendous, original, and insightful. in my > > opinion. > > > This is exceedingly strange coming from an In-Q-Tel security officer. L, perhaps you are not yet appreciating the true nature of american oligarchy. "Think of it: an entire nation founded on saying one thing and doing another!" > In-Q-Tel basically invests in anything performing more collections in > the US. Does Dan Geer worry for the future, and effectively betray > In-Q-Tel? In a parallel universe in which we're overdosing on LSD, maybe he does. But in the real world... http://cryptome.org/cyberinsecurity.htm That's pure terrorist talk. 'Official' terrorism of course. Bottom line being : because of microsoft, NATIONAL SECURITY is at risk. Curiously enough, they don't bother to mention that microsoft is a monopoly thanks to the state granted privileges of 'patents' and 'copyright'. ----------------------------- Cartman: I learned somethin' today. This country was founded by some of the smartest thinkers the world has ever seen. And they knew one thing: that a truly great country can go to war, and at the same time, act like it doesn't want to. You people who are for the war, you need the protesters. Because they make the country look like it's made of sane, caring individuals. And you people who are anti-war, you need these flag-wavers, because, if our whole country was made up of nothing but soft pussy protesters, we'd get taken down in a second. That's why the founding fathers decided we should have both. It's called "having your cake and eating it too." Randy: He's right. The strength of this country is the ability to do one thing and say another. > Does he want to prevent anyone *else* from getting the nice > intel? What exactly does he want to make information processors > liable for? > > How can law prevent third parties associating freely available > information? From juan.g71 at gmail.com Thu Jun 25 20:05:17 2015 From: juan.g71 at gmail.com (Juan) Date: Fri, 26 Jun 2015 00:05:17 -0300 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <558cbfb6.515c8c0a.ba8f1.4ee0@mx.google.com> On Fri, 26 Jun 2015 01:22:17 +0900 Lodewijk andré de la porte wrote: > 2015-06-25 21:44 GMT+09:00 z9wahqvh : > > > this is absolutely tremendous, original, and insightful. in my > > opinion. > > > This is exceedingly strange coming from an In-Q-Tel security officer. Hancock: Mr. Franklin, where do you stand on the war issue? Franklin: I believe that if we are to form a new country, we cannot be a country that appears war-hungry and violent to the rest of the world. However, we also cannot be a country that appears weak and unwilling to fight to the rest of the world. So, what if we form a country that appears to want both? Jefferson: Yes. Yes of course. We go to war, and protest going to war at the same time. Dickinson: Right. If the people of our new country are allowed to do whatever they wish, then some will support the war and some will protest it. Franklin: And that means that as a nation, we could go to war with whomever we wished, but at the same time, act like we didn't want to. If we allow the people to protest what the government does, then the country will be forever blameless. Adams: [holding a slice of chocolate cake] It's like having your cake, and eating it, too. Congressman 2: Think of it: an entire nation founded on saying one thing and doing another. Hancock: And we will call that country the United States of America. From l at odewijk.nl Thu Jun 25 09:22:17 2015 From: l at odewijk.nl (=?UTF-8?Q?Lodewijk_andr=C3=A9_de_la_porte?=) Date: Fri, 26 Jun 2015 01:22:17 +0900 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: 2015-06-25 21:44 GMT+09:00 z9wahqvh : > this is absolutely tremendous, original, and insightful. in my opinion. This is exceedingly strange coming from an In-Q-Tel security officer. In-Q-Tel basically invests in anything performing more collections in the US. Does Dan Geer worry for the future, and effectively betray In-Q-Tel? Does he want to prevent anyone *else* from getting the nice intel? What exactly does he want to make information processors liable for? How can law prevent third parties associating freely available information? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 954 bytes Desc: not available URL: From grarpamp at gmail.com Fri Jun 26 00:20:20 2015 From: grarpamp at gmail.com (grarpamp) Date: Fri, 26 Jun 2015 03:20:20 -0400 Subject: Pirate Party Sails for Iceland by 2017 Message-ID: http://www.dailykos.com/story/2015/06/22/1392812/-No-joke-Iceland-s-Pirate-Party-surges-into-first-place-in-the-polls From Rayzer at riseup.net Fri Jun 26 08:17:10 2015 From: Rayzer at riseup.net (Razer) Date: Fri, 26 Jun 2015 08:17:10 -0700 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens In-Reply-To: References: Message-ID: <558D6CF6.4020101@riseup.net> Due to personal experience with this frauding joker (He panhandled for his pill-junke money in my town for a couple of years a few years ago then almost lost his lawyer's house for him when he fled bail on a shittly little charge) Do NOT believe a word "Commander X" says without thorough verification from other sources. RR Ps. Tell "Curbhugger Chris" I said "Fuck you punk" for me. He blocked me on twitter years ago after I mentioned how computer illiterate he really is, and how his single (maybe two) computer dDos 'attack' on the county's servers was NOT a revolutionary act. On 06/25/2015 04:13 PM, coderman wrote: > "BREAKING: According to Michael Ratner attorney for WikiLeaks > Anonymous has been officially designated a "Malicious Foreign Actor" > by the NSA" > - https://twitter.com/CommanderXanon/status/614153130268299264 > > i'd like to know if this was before or after summer of 2011, as > designation of "Malicious Foreign Actor" would explain the use of > indiscriminate military technology against an entire venue because of > the presence of some Anons and LulzSec: > http://seclists.org/fulldisclosure/2011/Aug/76 > [ note that i'm still permanently moderated on Fyodor's FD, and thus > won't reply there. ] > > > sunlight - it may travel slowly, > but eventually the darkest corners come into view :P > > best regards, > > > P.P.S. the "kit falling over" was because they tied the automated > exploitation to DHCP assignment once device connected to 3G/4G data > network. by using DHCP-Relay to inject thousands of lease requests > over a single link, their fork-bomb'ed gear fell over, with haste. i > hope it fucked your intercepts, jerks! [ this kind of un-targeted > mass surveillance is just as abhorrent as warrantless wiretaps on the > backbone, even if the scope is limited.] > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From coderman at gmail.com Fri Jun 26 08:23:48 2015 From: coderman at gmail.com (coderman) Date: Fri, 26 Jun 2015 08:23:48 -0700 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens In-Reply-To: <558D6CF6.4020101@riseup.net> References: <558D6CF6.4020101@riseup.net> Message-ID: On 6/26/15, Razer wrote: > Due to personal experience with this frauding joker (He panhandled for > his pill-junke money in my town for a couple of years a few years ago > then almost lost his lawyer's house for him when he fled bail on a > shittly little charge) Do NOT believe a word "Commander X" says without > thorough verification from other sources. thanks for the heads up :) > Ps. Tell "Curbhugger Chris" I said "Fuck you punk" for me. He blocked me > on twitter years ago after I mentioned how computer illiterate he really > is, and how his single (maybe two) computer dDos 'attack' on the > county's servers was NOT a revolutionary act. i don't know that guy, but the situation does sound mediocre at best, i agree. best regards, P.S. still not clear if there has been new information added to the timeline regarding this designation debacle. recursing continues, ... From tbiehn at gmail.com Fri Jun 26 10:11:43 2015 From: tbiehn at gmail.com (Travis Biehn) Date: Fri, 26 Jun 2015 13:11:43 -0400 Subject: progression of technologies In-Reply-To: <558cbfb6.515c8c0a.ba8f1.4ee0@mx.google.com> References: <20150625032613.48665228148@palinka.tinho.net> <558cbfb6.515c8c0a.ba8f1.4ee0@mx.google.com> Message-ID: Theory: In-Q-Tel funds - pushing the envelope means having opportunity to fund more stuff that breaks the new, harder stuff. Some opponents use the harder stuff already, it's just harder to fund if it's not widespread. The article reaches a bit in drawing conclusions, and offers little support. The picture painted is of a coherent judicial system - the opposite is true, each state even municipality treats the novel application of surveillance technology differently, holds different standards for 'public / private' and when, where and how you can expect privacy. Notable are the ways different courts treat cases of indecent exposure, when that exposure occurs on 'private property' (such as in an open window). The point illustrated, though, is valid - some clarity around what constitutes a 'search' beyond 'privacy mores in vogue' needs to be provided and codified, otherwise the US risks allowing widespread complacency to further continue the erosion of privacy. -Travis On Thu, Jun 25, 2015 at 11:05 PM, Juan wrote: > On Fri, 26 Jun 2015 01:22:17 +0900 > Lodewijk andré de la porte wrote: > > > 2015-06-25 21:44 GMT+09:00 z9wahqvh : > > > > > this is absolutely tremendous, original, and insightful. in my > > > opinion. > > > > > > This is exceedingly strange coming from an In-Q-Tel security officer. > > > Hancock: Mr. Franklin, where do you stand on the war issue? > > Franklin: I believe that if we are to form a new country, we > cannot be a country that appears war-hungry and violent to the rest of > the world. However, we also cannot be a country that appears weak and > unwilling to fight to the rest of the world. So, what if we form a > country that appears to want both? > > Jefferson: Yes. Yes of course. We go to war, and protest going > to war at the same time. > > Dickinson: Right. If the people of our new country are allowed > to do whatever they wish, then some will support the war and some will > protest it. > > Franklin: And that means that as a nation, we could > go to war with whomever we wished, but at the same time, act like we > didn't want to. If we allow the people to protest what the government > does, then the country will be forever blameless. > > Adams: > [holding a slice of chocolate cake] It's like having your cake, and > eating it, too. > > Congressman 2: Think of it: an entire nation > founded on saying one thing and doing another. > > Hancock: And we > will call that country the United States of America. > > > -- Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3755 bytes Desc: not available URL: From guninski at guninski.com Fri Jun 26 05:28:36 2015 From: guninski at guninski.com (Georgi Guninski) Date: Fri, 26 Jun 2015 15:28:36 +0300 Subject: FBI DITU fighting "Malicious Foreign Actor"s with military gear on US soil against US citizens In-Reply-To: References: Message-ID: <20150626122836.GA2566@sivokote.iziade.m$> On Thu, Jun 25, 2015 at 04:13:21PM -0700, coderman wrote: > "BREAKING: According to Michael Ratner attorney for WikiLeaks > Anonymous has been officially designated a "Malicious Foreign Actor" > by the NSA" > - https://twitter.com/CommanderXanon/status/614153130268299264 > Lol... I what are the chances this list ends in the same way? > http://seclists.org/fulldisclosure/2011/Aug/76 > [ note that i'm still permanently moderated on Fyodor's FD, and thus > won't reply there. ] > Welcome to the club, i warned about FFD long ago... From mirimir at riseup.net Fri Jun 26 21:17:00 2015 From: mirimir at riseup.net (Mirimir) Date: Fri, 26 Jun 2015 22:17:00 -0600 Subject: progression of technologies In-Reply-To: <558E1E3F.9020801@pilobilus.net> References: <20150625032613.48665228148@palinka.tinho.net> <558E1E3F.9020801@pilobilus.net> Message-ID: <558E23BC.90202@riseup.net> On 06/26/2015 09:53 PM, Steve Kinney wrote: > On 06/25/2015 12:22 PM, Lodewijk andré de la porte wrote: >> 2015-06-25 21:44 GMT+09:00 z9wahqvh > >: > >> this is absolutely tremendous, original, and insightful. in my >> opinion. > > >> This is exceedingly strange coming from an In-Q-Tel security >> officer. In-Q-Tel basically invests in anything performing >> more collections in the US. > > That was my first reaction as well: But on close inspection he > seems take the exponential growth of universal surveillance as a > given, while the ability to correlate the collected information > into actionable intelligence can and should be restricted to large > organizations: "Most privacy laws exist to block government > actions. A few exist to block private institutional actions. But > none exist to block individuals' actions." > > I interpret this as a response to the accelerating progress of > open source collection and analysis into contexts formerly > monopolized by State and Corporate actors. A war of sorts is > already underway on this front; else why is Barrett Brown doing > time for the crime of investigative journalism? Nobody stands to > lose more in a truly open society than our professional secret > keepers and sanctioned violators of the secrets of others. Like > the good folks who pay the bills at In-Q-Tel. Good catch! So he's calling for laws to restrict surveillance and correlation by private institutions and individuals. Now his position makes sense :( > Recent events including the exposure of Federal employee records > and the integration of ICWatch data into Wikileaks' searchable > archives may be weighing heavily on the minds of State and > Corporate strategists. What good is owning a Panopticon if the > prisoners have data terminals where they can watch the guards and > their employers as they go about their daily lives? > > Secrecy as we know it may be on the way out: With the advent of > networked everything, the secrecy tax Julian Assange wrote about > years ago keeps growing and may reach a tipping point where State > and Corporate secrecy no longer pays. > > Propaganda as we know it may be on the way out: With the advent > of networked everybody, identity groups and market segments > created and manipulated by broadcast propaganda are running on > inertia. The 'ego casting' and 'echo chamber' effects that > segregate the Internet today are at best leaky containers whose > walls are getting thinner all the time. > > I wouldn't mind a world where privacy is a thing of the past, as > long as the playing field is reasonably level. Control of access > to information is the key to controlling whole societies; both > secrecy and propaganda are essential to the operation of any > repressive regime. Could authoritarian State and Corporate > institutions exist in a world without privacy, where bad faith > actors have no hiding places? A world where control of news, > information, education and entertainment is diffused across tens > of millions of actors? > > > > > > From admin at pilobilus.net Fri Jun 26 20:53:35 2015 From: admin at pilobilus.net (Steve Kinney) Date: Fri, 26 Jun 2015 23:53:35 -0400 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <558E1E3F.9020801@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/25/2015 12:22 PM, Lodewijk andré de la porte wrote: > 2015-06-25 21:44 GMT+09:00 z9wahqvh >: > > this is absolutely tremendous, original, and insightful. in my > opinion. > > > This is exceedingly strange coming from an In-Q-Tel security > officer. In-Q-Tel basically invests in anything performing > more collections in the US. That was my first reaction as well: But on close inspection he seems take the exponential growth of universal surveillance as a given, while the ability to correlate the collected information into actionable intelligence can and should be restricted to large organizations: "Most privacy laws exist to block government actions. A few exist to block private institutional actions. But none exist to block individuals' actions." I interpret this as a response to the accelerating progress of open source collection and analysis into contexts formerly monopolized by State and Corporate actors. A war of sorts is already underway on this front; else why is Barrett Brown doing time for the crime of investigative journalism? Nobody stands to lose more in a truly open society than our professional secret keepers and sanctioned violators of the secrets of others. Like the good folks who pay the bills at In-Q-Tel. Recent events including the exposure of Federal employee records and the integration of ICWatch data into Wikileaks' searchable archives may be weighing heavily on the minds of State and Corporate strategists. What good is owning a Panopticon if the prisoners have data terminals where they can watch the guards and their employers as they go about their daily lives? Secrecy as we know it may be on the way out: With the advent of networked everything, the secrecy tax Julian Assange wrote about years ago keeps growing and may reach a tipping point where State and Corporate secrecy no longer pays. Propaganda as we know it may be on the way out: With the advent of networked everybody, identity groups and market segments created and manipulated by broadcast propaganda are running on inertia. The 'ego casting' and 'echo chamber' effects that segregate the Internet today are at best leaky containers whose walls are getting thinner all the time. I wouldn't mind a world where privacy is a thing of the past, as long as the playing field is reasonably level. Control of access to information is the key to controlling whole societies; both secrecy and propaganda are essential to the operation of any repressive regime. Could authoritarian State and Corporate institutions exist in a world without privacy, where bad faith actors have no hiding places? A world where control of news, information, education and entertainment is diffused across tens of millions of actors? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVjh48AAoJEDZ0Gg87KR0LA/oP/1SZR59mcmNI++gxKf9j5i8A VDJc4Lmcql0pqh9ex7auQE062U6HjQdqf3/pUZ+m3OS8+eLH07szm+WUhZr27GDo m+hBDJgGZJYiRkEMVRpMhqQsewm7ttrhRlTZG5WjGfSVF+GEbeiBHdCmYXyymiPR jGnO/+r4cMqGlSiPjeyW4N82JdpJylyYNjqiCKmCEMZBvpSxb28GtP1M9mI4xxUQ W6LLZ+NHk+KAoHpAHM9ngayHVn5Ty35AIV8wYBBnrSMOSL4UYU1ifoqPM3Dmqu8/ vCQkkpvKgs2vqCoUhVQvxTv52gGvLCeMISt22wMg5cegDKDw8nx3QC1P/6VvB2nK +TAFzhnQH16UDlQjDbzonlCK/bGGgACaXpR/Ab2oRj6+9Z3pSjNAFHxR0kx+xwMN kP/gIa/mjht0GGLslHbK+BZyAX2dfl3PK34qu2M4LLMH4PdqMN8su7eUe1R9y8sd quIhP64v8Qlyuc5Vo2Yu6dZCSXw6BIdvx9yRA9gwr32YOIDEwjAqHg5SjS0G8LPR lyJR3Gx7rpmNsGVrV9cioNgah5U+DWMNoBi4vlkDFzJAJEBqtXgV30qyrJEZGsnp b8a9T3/HVaftLkNZjRVZW8apRBS8EfRS0xs4DtrbvdCtqPyKaFvEVK0fvX7oKCJD gYHQHPupJlEgGzqy6v9P =qi54 -----END PGP SIGNATURE----- From nickeconopouly at gmail.com Sat Jun 27 01:33:31 2015 From: nickeconopouly at gmail.com (Nick Econopouly) Date: Sat, 27 Jun 2015 04:33:31 -0400 Subject: progression of technologies In-Reply-To: <475901551.900256.1435383802741.JavaMail.yahoo@mail.yahoo.com> References: <20150625032613.48665228148@palinka.tinho.net> <475901551.900256.1435383802741.JavaMail.yahoo@mail.yahoo.com> Message-ID: <20150627083330.GF12575@druidd> Also, in some states there were(/are?) laws prohibiting audio recording of unwilling participants- but not video recording. This was used by police to stop people from filming them, even in public places. On 06/27, jim bell wrote: > From: "dan at geer.org" > > >Paraphrasing Bonnie Raitt, let's give 'em something germane > >to argue about.  In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > The article contains a statement, "Most privacy laws exist to block government actions. A few exist to block private institutional actions. But none exist to block individuals' actions." > Strictly speaking, that is not entirely true.  During the 1960's, I think, laws against recording conversations were promulgated.  This, of course, was the error of the newly-practical transistor.  See the 1974 movie "The Conversation" with Gene Hackman.  Now, I'm not suggesting that such laws were intended for the benefit of the average person:  Rather, I think politicians of that era realized that technology was beginning to allow the recording of their own statements, and they knew this could get very messy for them if this were considered legal.A second example was in the late 1980's, when laws were passed prohibiting radio scanners from receiving the 800-Mhz cell phone frequencies used during that era.  Apparently, people were outraged that their phone calls were not private, so rather than a technological fix, they passed a law prohibiting the manufacture of scanners that received those frequencies.  That was silly, however, because mostly scanners began to be built with pcb cut-options (or component options) which could be easily modified with a soldering iron to re-enable such reception.        Jim Bell > > > > > > > From grarpamp at gmail.com Sat Jun 27 01:58:51 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 27 Jun 2015 04:58:51 -0400 Subject: SETI, Codex, Runes, Riddles and Paradox... Message-ID: http://rjzdqt4z3z3xo73h.onion/ From jdb10987 at yahoo.com Fri Jun 26 22:43:22 2015 From: jdb10987 at yahoo.com (jim bell) Date: Sat, 27 Jun 2015 05:43:22 +0000 (UTC) Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <475901551.900256.1435383802741.JavaMail.yahoo@mail.yahoo.com> From: "dan at geer.org" >Paraphrasing Bonnie Raitt, let's give 'em something germane >to argue about.  In particular, what do I have wrong here: http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy The article contains a statement, "Most privacy laws exist to block government actions. A few exist to block private institutional actions. But none exist to block individuals' actions." Strictly speaking, that is not entirely true.  During the 1960's, I think, laws against recording conversations were promulgated.  This, of course, was the error of the newly-practical transistor.  See the 1974 movie "The Conversation" with Gene Hackman.  Now, I'm not suggesting that such laws were intended for the benefit of the average person:  Rather, I think politicians of that era realized that technology was beginning to allow the recording of their own statements, and they knew this could get very messy for them if this were considered legal.A second example was in the late 1980's, when laws were passed prohibiting radio scanners from receiving the 800-Mhz cell phone frequencies used during that era.  Apparently, people were outraged that their phone calls were not private, so rather than a technological fix, they passed a law prohibiting the manufacture of scanners that received those frequencies.  That was silly, however, because mostly scanners began to be built with pcb cut-options (or component options) which could be easily modified with a soldering iron to re-enable such reception.        Jim Bell -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3947 bytes Desc: not available URL: From grarpamp at gmail.com Sat Jun 27 02:59:45 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 27 Jun 2015 05:59:45 -0400 Subject: progression of technologies In-Reply-To: <558E1E3F.9020801@pilobilus.net> References: <20150625032613.48665228148@palinka.tinho.net> <558E1E3F.9020801@pilobilus.net> Message-ID: On Fri, Jun 26, 2015 at 11:53 PM, Steve Kinney wrote: > I wouldn't mind a world where privacy is a thing of the past, as What's the url to your lifecam again? > long as the playing field is reasonably level. It will never be level once info leaves your personal space. Left unrestricted, others will collect and collude against you. That evil bit of humanity isn't changing on any relavant timescale. > to information is the key to controlling whole societies; both That't why you must have control over your information. So that you are not controlled. That's more tangibly grasped and likely... than trying to completely rewrite peoples brains to think that eliminating privacy will somehow work to expose and nullify attempted collection, collusion, and control. > secrecy and propaganda are essential to the operation of any > repressive regime. Could authoritarian State and Corporate > institutions exist in a world without privacy Institutions are different from personal... many here could make the case that the world would be better if those two lose their privacy. > A world where control of news, > information, education and entertainment is diffused across tens > of millions of actors? Diffuse it however you want, it's still control of four things that need no control. From coderman at gmail.com Sat Jun 27 17:33:51 2015 From: coderman at gmail.com (coderman) Date: Sat, 27 Jun 2015 17:33:51 -0700 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: Message-ID: On 6/27/15, grarpamp wrote: > http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ > http://www.sci-hub.club/ """ “Thanks to Elsevier’s lawsuit, I got past the point of no return. At this time I either have to prove we have the full right to do this or risk being executed like other ‘pirates’,” she says, naming Aaron Swartz as an example. “If Elsevier manages to shut down our projects or force them into the darknet, that will demonstrate an important idea: that the public does not have the right to knowledge. We have to win over Elsevier and other publishers and show that what these commercial companies are doing is fundamentally wrong.” """ - i expect all onions, all the time, eventually :) From grarpamp at gmail.com Sat Jun 27 14:43:43 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 27 Jun 2015 17:43:43 -0400 Subject: Elsevier tries to Swartz Sci-Hub Message-ID: http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ http://www.sci-hub.club/ From coderman at gmail.com Sat Jun 27 17:43:59 2015 From: coderman at gmail.com (coderman) Date: Sat, 27 Jun 2015 17:43:59 -0700 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> References: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> Message-ID: On 6/27/15, oshwm wrote: > torrentfreak sits behind cloudflare :( another reason to go FULL ONION but this does make me wonder about https://peertech.org/whatnext and if onion sites are up next in the squeeze... From grarpamp at gmail.com Sat Jun 27 14:55:04 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 27 Jun 2015 17:55:04 -0400 Subject: Library Genesis under threat on the clearnet Message-ID: http://torrentfreak.com/libgen-goes-down-as-legal-pressure-mounts-150622/ # forum https://genofond.org/ From grarpamp at gmail.com Sat Jun 27 14:59:42 2015 From: grarpamp at gmail.com (grarpamp) Date: Sat, 27 Jun 2015 17:59:42 -0400 Subject: Geo-unblocking and VPN services... not strong enough to stand? Message-ID: http://torrentfreak.com/isps-dump-vpn-after-legal-threats-from-big-media-150624/ http://torrentfreak.com/surprise-vpn-provider-expects-victory-in-site-block-arms-race-150623/ From coderman at gmail.com Sat Jun 27 19:36:35 2015 From: coderman at gmail.com (coderman) Date: Sat, 27 Jun 2015 19:36:35 -0700 Subject: Pre-emptive content index In-Reply-To: References: Message-ID: On 6/27/15, Zenaan Harkness wrote: > ... > So if I've read something I personally considered worthy of the price > of my human attention, it exists somewhere on my local storage. this is good practice; although it would be better to have two way flow of collaboration - open design, etc. while pragmatism fills your local cache, open content fills workflows, production. > I call this pre-emptive since I always consistently download the > content before ever reading, listening or viewing (/"consuming" - > sounds like a base description, belittling we humans). i remember Zooko musing about this years ago, needing a browser extension that kept a complete archive of all pages / content viewed during a session. i don't recall him finding it, and i can't seem to locate the blog post. i will try again later... best regards, From dan at geer.org Sat Jun 27 19:04:08 2015 From: dan at geer.org (dan at geer.org) Date: Sat, 27 Jun 2015 22:04:08 -0400 Subject: progression of technologies (almost a satire) In-Reply-To: Your message of "Thu, 25 Jun 2015 03:05:18 -0300." <558B9A1E.9050806@dyne.org> Message-ID: <20150628020408.8F8B62280BF@palinka.tinho.net> > *** Thank you for this interesting opinion. And to you, in turn. You are, of course, correct that only humans can tame human impulses. Keying to what, to me, is the centroid: > Nietzsche declared God dead, and here we are mechanizing Its > omni-science in search of omni-impotence, and soon we'll be > declaring humans dead as well, obsolete, parasiting the good > working of the machine. Are not Greek and Norse mythology (at least) fairly predictive of what happens when human nature is merged with godlike power? ("I'll turn you into a frog!" ... "Not if I turn you into an eel first!") Or is the more likely prediction that of Steve Wozniak, that humans will be the house pets of robots in due course? I am no more kidding than you are, your closing > In conclusion, as a final tongue-in-cheek comment: if we can't > stop progress, we can at least try and make it worse. being most well taken. I, for one, would gladly paraphrase John Perry Barlow's declaration of independence of cyberspace and say that the "weary giants of flesh and steel" should leave me alone but only if the "technology [that] is being imposed on a global scale without restraint" will do likewise. A pox on both; may they fight to a standstill somewhere other than my front room or my backyard. --dan From dan at geer.org Sat Jun 27 20:21:09 2015 From: dan at geer.org (dan at geer.org) Date: Sat, 27 Jun 2015 23:21:09 -0400 Subject: progression of technologies (almost a satire) In-Reply-To: Your message of "Wed, 24 Jun 2015 23:23:09 -0700." Message-ID: <20150628032109.DEADB2280D7@palinka.tinho.net> > 0. "... With no evidence of intelligent life other than ourselves, > it appears that the process of starting with a star and ending > with "advanced explosive lasting life" must be unlikely. This > implies that at least one step in this process must be improbable." > - https://en.wikipedia.org/wiki/Great_Filter Hanson/Great_Filter is an excellent reference. So is https://en.wikipedia.org/wiki/Rare_Earth_hypothesis --dan From oshwm at openmailbox.org Sat Jun 27 15:50:05 2015 From: oshwm at openmailbox.org (oshwm) Date: Sat, 27 Jun 2015 23:50:05 +0100 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: Message-ID: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> torrentfreak sits behind cloudflare :( On 27 June 2015 22:43:43 BST, grarpamp wrote: >http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ >http://www.sci-hub.club/ -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 662 bytes Desc: not available URL: From zen at freedbms.net Sat Jun 27 19:27:09 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 28 Jun 2015 02:27:09 +0000 Subject: Pre-emptive content index Message-ID: For quite some years, I never watched any youtubes - then there was a Java-based website which could download them, but it was cumbersome. Then there was youtube-dl, and now youtube is starting to head towards reasonable by my standards, or rather, a reasonable protocol for "consuming" content - pre-emptive local storage of everything. This is a principle upon which I view/read anything - nothing in-browser, no in-browser media players, certainly no flash plugins, no in-browser PDF viewing etc. I apply the same to code - if I can't download the source and compile it myself (which sometimes/ often enough I don't do, but at least I can), then I won't touch it. So if I've read something I personally considered worthy of the price of my human attention, it exists somewhere on my local storage. I call this pre-emptive since I always consistently download the content before ever reading, listening or viewing (/"consuming" - sounds like a base description, belittling we humans). In a "perfect" world, all articles, all content is indexed with git, or in a git-compatible way, providing enhanced possibilities for caching, verifying, indexing, retrieval, duplication/ backup, and sharing and synchronizing with fellow private net sharers. As this concept and its implementation become pervasive, some publishers would take advantage of it as a form of compression to reduce publishing bandwidth requirements (somewhat analogous to torrents, but with greater integrity of the data being distributed). "As Tim O'Reilly says, my problem is not piracy, it's obscurity" creativecommons.org/weblog/entry/7774 Our true coin is our human attention - the ticket to relevance -> visibility -> popularity -> ubiquity , is the 'free will' choices that fellow humans make in 'spending' their human attention, their 'life energy', upon that which you create/ publish/ wish to see manifest into the world. Choose wisely fellow humans, both in your attempts to shift the attention-spending of others and in your own attention-spending. --- I imagine the following: - A browser plugin, let's call it "Pre-emptive Content Plugin" for now, which is configured with a data store/directory location for the browser cache. It's a --bare git repo. - Each item of content is added, and caching rules are applied on top of that. - The plugin causes the browser ui/chrome to display (or provide a shortcut for) "this is important to me" buttons/links/keyboard shortcuts, which function tells the browser git cache that this content is to be kept 'permanently' for offline viewing/ synchronization/ backup/ etc. - A similar ui/chrome element "Hot" informs the plugin that this data/ frame/ page/ website is especially contentious, needing duplication into the "Pre-emptive Private Net Data Cache for Hot Content", to be thereafter Striesanded to the world. etc Basically, industrializing/ commoditizing content care, custodianship and distribution. Zenaan From jya at pipeline.com Sun Jun 28 03:51:52 2015 From: jya at pipeline.com (John Young) Date: Sun, 28 Jun 2015 06:51:52 -0400 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: Message-ID: Peculiar that there are not thousands of mirrors of offerings by Libgen, Sci-hub and the like, as well as new inititatives by the thousands. These collections are a lot more valuable than puny, by comparison, offerings by WikiLeaks and Snowden's media apparatus -- heavily publicized, politicized, monetized, glorified but minimally technically and scientifically useful due to sparse and drippy releases. For example, 3,415 volumes liberated by Aaron Swartz remain on torrent (some of which we have mirrored with only a half-dozen DMCA notices): http://cryptome.org/aaron-swartz-series.htm At 08:33 PM 6/27/2015, you wrote: >On 6/27/15, grarpamp wrote: > > > http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ > > http://www.sci-hub.club/ > >""" >“Thanks to Elsevier’s lawsuit, I got past the point of no return. At >this time I either have to prove we have the full right to do this or >risk being executed like other ‘pirates’,” she says, naming Aaron >Swartz as an example. > >“If Elsevier manages to shut down our projects or force them into the >darknet, that will demonstrate an important idea: that the public does >not have the right to knowledge. We have to win over Elsevier and >other publishers and show that what these commercial companies are >doing is fundamentally wrong.” >""" > >- i expect all onions, all the time, eventually :) From cathalgarvey at cathalgarvey.me Sun Jun 28 00:35:55 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 28 Jun 2015 08:35:55 +0100 Subject: Pre-emptive content index In-Reply-To: References: Message-ID: <2DD3BE56-17FC-45A0-885E-35EAFA2E5CF5@cathalgarvey.me> Coupled with a little local content storage server, this could be as simple as a five-line userscript: AJAX the whole HTML document and any "relevant" embedded content (video, audio, images...) to the server with the current URI as storage key. Retrieval and serving by local server (rewriting embeds on the fly), and offering as part of a distributed content store, is a later exercise, but a quick Streisand hack should be easy enough. ...that's all assuming you don't just POST current URI to a little app that just wget-spiders the whole thing. :) On 28 June 2015 03:36:35 GMT+01:00, coderman wrote: >On 6/27/15, Zenaan Harkness wrote: >> ... >> So if I've read something I personally considered worthy of the price >> of my human attention, it exists somewhere on my local storage. > >this is good practice; although it would be better to have two way >flow of collaboration - open design, etc. while pragmatism fills your >local cache, open content fills workflows, production. > > > >> I call this pre-emptive since I always consistently download the >> content before ever reading, listening or viewing (/"consuming" - >> sounds like a base description, belittling we humans). > >i remember Zooko musing about this years ago, needing a browser >extension that kept a complete archive of all pages / content viewed >during a session. i don't recall him finding it, and i can't seem to >locate the blog post. i will try again later... > > >best regards, -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2218 bytes Desc: not available URL: From coderman at gmail.com Sun Jun 28 08:39:31 2015 From: coderman at gmail.com (coderman) Date: Sun, 28 Jun 2015 08:39:31 -0700 Subject: progression of technologies (almost a satire) In-Reply-To: <55900E6D.4080304@dyne.org> References: <20150628032109.DEADB2280D7@palinka.tinho.net> <55900E6D.4080304@dyne.org> Message-ID: On 6/28/15, hellekin wrote: > ... > *** These two theories seem to promote the idea that life is so valuable > that actions such as the ones endorsed by the CIA over its history > (coups, torture, assassination, terrorism, drug trafficking, war > mongering, economic racket, etc.) are immoral. the key to understanding the moral imperative of CIA think is to recognize that this is about reasonableness of the less-ethical. American interests get a +1 righteous modification per classified legal interpretations approved by the DoJ. and set TS//VIRTUOUS//NOFORN best regards, From shelley at misanthropia.org Sun Jun 28 09:36:40 2015 From: shelley at misanthropia.org (Shelley) Date: Sun, 28 Jun 2015 09:36:40 -0700 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: <14e37f84b80.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> References: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> <14e37f84b80.276e.4d489027c0c4d0c1b1ca03a1f48f1ffb@misanthropia.org> Message-ID: <20150628163625.5BCB7C00291@frontend1.nyi.internal> Ah, that explains why it wouldn't load for me. I checked & it wasn't down, just wouldn't load for me (screw cloudflare, I block it.) This is recent. Need to check to see when their hosting changed because until very recently torrentfreak was a site I visited frequently. Damn it. -S ---------- On June 27, 2015 3:56:02 PM oshwm wrote: > torrentfreak sits behind cloudflare :( > > On 27 June 2015 22:43:43 BST, grarpamp wrote: > >http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ > >http://www.sci-hub.club/ > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. From s at ctrlc.hu Sun Jun 28 02:00:29 2015 From: s at ctrlc.hu (stef) Date: Sun, 28 Jun 2015 11:00:29 +0200 Subject: Pre-emptive content index In-Reply-To: References: Message-ID: <20150628090028.GE7143@ctrlc.hu> On Sat, Jun 27, 2015 at 07:36:35PM -0700, coderman wrote: > i remember Zooko musing about this years ago, needing a browser > extension that kept a complete archive of all pages / content viewed > during a session. i don't recall him finding it, and i can't seem to > locate the blog post. i will try again later... i built omnom, a delicious like bookmarking engine, with a greasemonkey script that made a snapshot of the rendered page as it was in your browser and inlined all its css and images (as data urls), so it was one (quite huge) html. unfortunately i think greasemonkey/userscripts have been neutered so that the snapshotting does not work anymore. the meat is still available: https://gitorious.org/tagr/omnom/raw/419b512734021b71c01500514b5ae87d0b7f3ab7:templates/tagr.user.js i know - ridiculous, someone posting code on the cypherpunks list, i hope you're all not to offended by my contributions to your fine noise. -- otr fp: https://www.ctrlc.hu/~stef/otr.txt From natanael.l at gmail.com Sun Jun 28 02:00:43 2015 From: natanael.l at gmail.com (Natanael) Date: Sun, 28 Jun 2015 11:00:43 +0200 Subject: Pre-emptive content index In-Reply-To: References: Message-ID: Den 28 jun 2015 04:28 skrev "Zenaan Harkness" : > > For quite some years, I never watched any youtubes - then there was a > Java-based website which could download them, but it was cumbersome. > > Then there was youtube-dl, and now youtube is starting to head towards > reasonable by my standards, or rather, a reasonable protocol for > "consuming" content - pre-emptive local storage of everything. [...] > In a "perfect" world, all articles, all content is indexed with git, > or in a git-compatible way, providing enhanced possibilities for > caching, verifying, indexing, retrieval, duplication/ backup, and > sharing and synchronizing with fellow private net sharers. As this > concept and its implementation become pervasive, some publishers would > take advantage of it as a form of compression to reduce publishing > bandwidth requirements (somewhat analogous to torrents, but with > greater integrity of the data being distributed). http://ipfs.io/ Close enough for the underlying framework? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1315 bytes Desc: not available URL: From Rayzer at riseup.net Sun Jun 28 11:48:25 2015 From: Rayzer at riseup.net (Razer) Date: Sun, 28 Jun 2015 11:48:25 -0700 Subject: progression of technologies In-Reply-To: <2117510.FiH18N24he@lapuntu> References: <20150625032613.48665228148@palinka.tinho.net> <2117510.FiH18N24he@lapuntu> Message-ID: <55904179.4090808@riseup.net> On 06/28/2015 10:19 AM, rysiek wrote: > It was Huxley, not Orwell, who was right: > https://en.wikipedia.org/wiki/Amusing_Ourselves_to_Death More Huxley than Orwell perhaps, but one look at the downtown shopping district in my 'hood and you'll see cctv cams everywhere and undeputized private patrol security guards on the street literally blackshirting young people, the poor, and displaced workers (Blackshirting... like making up illegitimate definitions of laws and ganging up on people who refuse to comply. I dialed 911 on these thugs one day when three of them surrounded me for sitting at a perfectly legal streetside window-ledge and when the officer arrived I was refused a citation that I was more than willing to take b/c the officer couldn't legally cite me.) But the book is an excellent read and available from LibCom Anarchist Library: https://libcom.org/library/amusing-ourselves-death-public-discourse-age-show-business-neil-postman Direct link to pdf: https://libcom.org/files/Neil%20Postman%20-%20Amusing%20Ourselves%20to%20Death.pdf RR -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From list at sysfu.com Sun Jun 28 11:55:02 2015 From: list at sysfu.com (Seth) Date: Sun, 28 Jun 2015 11:55:02 -0700 Subject: Tribler - anonymous downloading In-Reply-To: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> References: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> Message-ID: On Sun, 28 Jun 2015 10:15:38 -0700, Cathal (Phone) wrote: > I used to toy with this for a while after the "onion like routing layer" > appeared, then read a little about the implementation and uninstalled it > immediately and permanently. Same here. Another rather unsavory aspect of the software I discovered after about a week of running it, was that by default, your computer is an exit node. [1] (this may have since changed) This meant that people abusing the Tribler service to share child porn/whatever could spew the filth through any number of unsuspecting Tribler users Internet connections and with most of them being none the wiser until their door got kicked in. This is an unacceptable mega-blunder in my book and was enough for me to uninstall the app and never look back. [1] https://github.com/Tribler/tribler/issues/1174 From hellekin at dyne.org Sun Jun 28 08:10:37 2015 From: hellekin at dyne.org (hellekin) Date: Sun, 28 Jun 2015 12:10:37 -0300 Subject: progression of technologies (almost a satire) In-Reply-To: <20150628032109.DEADB2280D7@palinka.tinho.net> References: <20150628032109.DEADB2280D7@palinka.tinho.net> Message-ID: <55900E6D.4080304@dyne.org> On 06/28/2015 12:21 AM, dan at geer.org wrote: > >> - https://en.wikipedia.org/wiki/Great_Filter > > Hanson/Great_Filter is an excellent reference. So is > > https://en.wikipedia.org/wiki/Rare_Earth_hypothesis > *** These two theories seem to promote the idea that life is so valuable that actions such as the ones endorsed by the CIA over its history (coups, torture, assassination, terrorism, drug trafficking, war mongering, economic racket, etc.) are immoral. As the CIO of the investment arm of this organization, how do you plan on provoking a volte-face in its individuation that would suddenly make it, and with it U.S. foreign policy, something beneficial for all life, instead of leading it towards a rapid self-destruction of complex life on Earth? What is the philosophical basis that sustains the CIA? == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From zen at freedbms.net Sun Jun 28 06:06:46 2015 From: zen at freedbms.net (Zenaan Harkness) Date: Sun, 28 Jun 2015 13:06:46 +0000 Subject: Pre-emptive content index In-Reply-To: <20150628090028.GE7143@ctrlc.hu> References: <20150628090028.GE7143@ctrlc.hu> Message-ID: On 6/28/15, stef wrote: > On Sat, Jun 27, 2015 at 07:36:35PM -0700, coderman wrote: >> i remember Zooko musing about this years ago, needing a browser >> extension that kept a complete archive of all pages / content viewed >> during a session. i don't recall him finding it, and i can't seem to >> locate the blog post. i will try again later... > > i built omnom, a delicious like bookmarking engine, with a greasemonkey > script > that made a snapshot of the rendered page as it was in your browser and > inlined all its css and images (as data urls), so it was one (quite huge) > html. unfortunately i think greasemonkey/userscripts have been neutered so > that the snapshotting does not work anymore. > > the meat is still available: > https://gitorious.org/tagr/omnom/raw/419b512734021b71c01500514b5ae87d0b7f3ab7:templates/tagr.user.js > > i know - ridiculous, someone posting code on the cypherpunks list, i hope > you're all not to offended by my contributions to your fine noise. My God! Shock :) From dan at geer.org Sun Jun 28 11:14:56 2015 From: dan at geer.org (dan at geer.org) Date: Sun, 28 Jun 2015 14:14:56 -0400 Subject: progression of technologies (almost a satire) In-Reply-To: Your message of "Sun, 28 Jun 2015 12:10:37 -0300." <55900E6D.4080304@dyne.org> Message-ID: <20150628181456.75634228118@palinka.tinho.net> hellekin writes: | On 06/28/2015 12:21 AM, dan at geer.org wrote: | > | >> - https://en.wikipedia.org/wiki/Great_Filter | > | > Hanson/Great_Filter is an excellent reference. So is | > | > https://en.wikipedia.org/wiki/Rare_Earth_hypothesis | > | *** These two theories seem to promote the idea that life is so valuable | that actions such as the ones endorsed by the CIA over its history | (coups, torture, assassination, terrorism, drug trafficking, war | mongering, economic racket, etc.) are immoral. | | As the CIO of the investment arm of this organization, how do you plan | on provoking a volte-face in its individuation that would suddenly make | it, and with it U.S. foreign policy, something beneficial for all life, | instead of leading it towards a rapid self-destruction of complex life | on Earth? | | What is the philosophical basis that sustains the CIA? Life is indeed priceless, and the more rare it is the more self evident it can only have been the hand of God who created it. Nonetheless, if diversion now to a thoroughgoing philosophical value-of-life debate is of timely cpunks relevance, which it manifestly is not, then might we first begin with abortion, genetic tinkering, or the burning of coal. --dan From grarpamp at gmail.com Sun Jun 28 12:50:00 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 28 Jun 2015 15:50:00 -0400 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: <2307550.aktsLoVmFc@lapuntu> References: <2307550.aktsLoVmFc@lapuntu> Message-ID: On Sun, Jun 28, 2015 at 1:57 PM, rysiek wrote: > But maybe we can find ways to raise the cost of surveillance? Sabotage. From hellekin at dyne.org Sun Jun 28 11:57:54 2015 From: hellekin at dyne.org (hellekin) Date: Sun, 28 Jun 2015 15:57:54 -0300 Subject: progression of technologies (almost a satire) In-Reply-To: <20150628181456.75634228118@palinka.tinho.net> References: <20150628181456.75634228118@palinka.tinho.net> Message-ID: <559043B2.5010700@dyne.org> On 06/28/2015 03:14 PM, dan at geer.org wrote: > | > | What is the philosophical basis that sustains the CIA? > > > Life is indeed priceless, and the more rare it is the more self > evident it can only have been the hand of God who created it. > *** Well, that's one way of seeing it, and so far there's no more proof of the existence of God than its non-existence. From where we sit, it's a non-tractable problem. But if you accept that option as true, then it comes naturally that you're siding on the wrong side of ethics. Avoiding the philosophical debate enables you to not question not only the morality, but also the very interest of your organization. If you're indeed accepting a creationist view of the universe, you might as well want to dismantle your employer, which is why I'm curious about why you don't, beyond the paycheck. Accepting the "priceless" value of life and using the power of terminating it at various levels (individual, societal), and taking for premise a continuity from a God to a creation to where we are now seem to me irrational, illogical, seriously flawed. If you believe in God, how do you explain the potential energy still at work in the individuation of complex life on Earth with regard to determinism? If you accept the logical consequences of it, then why are you (as an organization) working against its natural, God-given resolution? Avoiding the philosophical debate when your article calls for the acceptance of the imperative of technological objective superiority with relation to life questions the very foundation of your rationality. If CIA is irrational, then it's important to know, for other rational people might want to remove this dysfunctional organization from unaccountable power. There's no necessity to drift and diffuse the discussion to other topics that may or may not be related to the fact that, while you're observing a generalization of the technical means to survey the spectrum beyond human perceptive capability, you're also calling for the "sabotage" of the use of it rather than, e.g., legal restraint to it; doing so, you're calling for the arbitrary limitation of knowledge, and if we assume that the CIA wants to keep doing its intelligence work, that means an asymmetry in power; "do what I say, not what I do". I'm sorry to tell you that I don't consider it an off-topic matter, but simply a deepening of the consequences of your expressed position, which in turn calls for understanding your and your organization's motivations in giving out this information. Do you really think your readers are unable to detect the cognitive dissonance in your publicity? == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From grarpamp at gmail.com Sun Jun 28 14:14:14 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 28 Jun 2015 17:14:14 -0400 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> Message-ID: On Sat, Jun 27, 2015 at 8:43 PM, coderman wrote: > - i expect all onions, all the time, eventually :) > another reason to go FULL ONION I'd be hesitant to suggest that "onion (tor)" is the best choice of darknet (that in which any clearnet exit feature of same is not used), nor the best to come. However sure, any of todays legit darknets are more attractive than clearnet for many purposes. Darknets are now powerful spaces for generally unobservable communication and collaboration. In particular they seem unobservable to corporations and all lesser entities. [Darknets have not yet proven to be unobservable to the largest passive / active capable governments, of which a few exist. The academic vulnerabilities are documented. There's an active arms race. And a wait for proof.] Physical and other abuse / crime against individual humans seems to not be resulting in any legislative bans of darknet / crypto tech. Meta level things such as crimethink and active markets don't seem to be vulnerable either. Filesharing is an interesting proposition in that, unlike the physical and meta, it offends another class of opponent, the corporation. (Be it of traditional copyright consumer multimedia, or of corporate secrets). So the next real test may be when the filesharers move onto the darknets. Will the corporations expend resources to observe or legislate them, or will they give up? > """ > "Thanks to Elsevier's lawsuit, I got past the point of no return. At > this time I either have to prove we have the full right to do this or > risk being executed like other `pirates'," she says, naming Aaron > Swartz as an example. > > "If Elsevier manages to shut down our projects or force them into the > darknet, that will demonstrate an important idea: that the public does > not have the right to knowledge. We have to win over Elsevier and > other publishers and show that what these commercial companies are > doing is fundamentally wrong." > """ The tools and stands to be tested, both on clearnet and on darknets, are interesting, important, and necessary. Many are moving into the darknets today, yet it will take another decade or so to know the outcome. From grarpamp at gmail.com Sun Jun 28 14:53:17 2015 From: grarpamp at gmail.com (grarpamp) Date: Sun, 28 Jun 2015 17:53:17 -0400 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: Message-ID: On Sun, Jun 28, 2015 at 6:51 AM, John Young wrote: > Peculiar that there are not thousands of mirrors of offerings by > Libgen, Sci-hub and the like, as well as new inititatives by the thousands. > > These collections are a lot more valuable than puny, by comparison, There are not thousands because the datasets they offer are very large. When it takes tens of terabytes and hundreds of dollars in hardware alone, before bandwidth, to mirror them... not many will expend that. Another problem is that unlike a simple traditional SFTP/HTTPS warez server, there are no torrent tools that are capable of managing and serving indexes of anything near 1000 torrents, even 100 begins to get unwieldy. How many of you have over 100 legitimate physical titles? Even if the average user wanted to share, resist, and move for change... it would be hard... the tools at scale don't exist for them. That code is easy in comparison to other management and human code issues of titleing, versioning, data deduplication, and promoting lossless as the best onetime fit therein... https://en.wikipedia.org/wiki/Standard_(warez) From admin at pilobilus.net Sun Jun 28 14:58:39 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 28 Jun 2015 17:58:39 -0400 Subject: progression of technologies In-Reply-To: <2117510.FiH18N24he@lapuntu> References: <20150625032613.48665228148@palinka.tinho.net> <2117510.FiH18N24he@lapuntu> Message-ID: <55906E0F.5020702@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> The age of privacy, and everything with it, including the >> freedom of association and separation of public and private >> life, is ending. The public is smiling merrily along the >> road. 1984 is coming, but the public is not scared or >> suppressed. They are smiling happy people, obedient and >> cheerful, and they take the best of care of their keepers. The end of "privacy as we know it" is only a dystopian scenario if the institutions of authoritarian governance survive in the post-privacy world. I don't believe they can survive, because the same network infrastructure that has already made so much formerly "private" information public also shifts the balance of power away from established institutions in fundamental ways. Keeping State and Corporate secrets out of public view is becoming progressively more difficult, while the mechanism of ad-hoc self organizing "smart mob" actions arising from the public at large is an emergent challenge to established power centers. If and as these trends continue to accelerate, the nature of political power will eventually be transformed. The opposition takes this prospect very seriously, and is fighting back through automation of intelligence analysis, adaptive enemies lists, strategic deployment of reputation management, astroturfing, censorship, adaptive signal boosting and degradation, spoofing and disinformation, coordination of conventional propaganda across formerly isolated domains, etc. etc. The future I envision is not a dystopia per Orwell or Huxley, because these models presume the survival of large States and continued concentration of power in the hands of a ruling elite. I think that one way or another, large scale authoritarian rule is on the way out. One way is the continued development of established trends in information technology's impact on large scale social behavior. The other way is the pending collapse of the global material economy and substantial re-localization of production and commerce. Together, these environmental pressures drive adaptive responses that are /very/ unfavorable to the interests of our present rulers. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVkG4LAAoJEDZ0Gg87KR0L8QwP+waV7khYBFDtK8tnmhmE7J3l WHP/RjOIEY0dPin+sDVH2aKw7HgKAVuR2m2S8rKI5cnRzC57DTjSkL0DMtkEf4F9 /FfErXfujgM7scMz6Fn8B00NwW2fRqoc6bM+FbDOvCelcmE0SGOu/Ipu7IJ3KX3J gCekYunesDJgto38tIB5l/5gOZmdVjBDP0SA2149f2xSRwgZ74ouFUo8i0zCdOVT tBPVmzqnnk3dg80nkPm91X78+4PhyOe6Xod2sb+l7tohQT12AlfANrib8l9kX6RS WR14xvPg3NA4bnE75vIQ+OUnx3b54bNBmIa2OcMJ8ioViAOZJQ14RfFblH+CVZQr pTqJOFMJe8VlVEjGGKw5uIhbvLyMceII8Cr4hh1CMVudHqx+b5P6RXtxwrh1qXaO c+Wa+RFWhmxtB42HBL6WTaly6FVTkdTPL2P/8CxYcaVS0O7qIYa2hRnPhK8+DonA s5i9JSoTFgN7HCXiErEYa23barkpEHCnvlnu4b040gnnvw9sRLv2G5J70IIvuoIk oFz5cV6qUP8Dwm1R+9NyrnuKEiA1KmLJoTQTy74GMG1f/DXaROqZdehc8mrhEe2E IZ2Hm4Plhm8IbIu+I3pXSNLxbZhpiAx9go0Se7zIDP8JDy9E/IN+1Qea1ONU8f0S TtNLsRLfklKHnyiCPeV8 =N4Ue -----END PGP SIGNATURE----- From admin at pilobilus.net Sun Jun 28 15:06:37 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 28 Jun 2015 18:06:37 -0400 Subject: Tribler - anonymous downloading In-Reply-To: <20150628213314.50196b9c@nerv.nsa> References: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> <20150628213314.50196b9c@nerv.nsa> Message-ID: <55906FED.9070605@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/28/2015 03:33 PM, nerv wrote: > On Sun, 28 Jun 2015 11:55:02 -0700 Seth > wrote: [...] > Their website clearly states that the project is not secure and > should not be used for "controversial" content however, so I'm > not really sure how much abuse could happen, seems to me like > someone with something to hide would have others and better > options. I would expect users whose "controversial" content is of a politically controversial nature would tend to drop this tool on learning of its potential failure modes, while those whose "controversial" activities are of a straight up criminal nature would be much less likely to learn about, or care about, those failure modes. The dirtier the deed, the more irrational hence compelling the motivation for it. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVkG/rAAoJEDZ0Gg87KR0L5T0QAK/RUPWImvYVWqpDVgUXIouY g8PQ6aH8YYYBWvr76zmNjnmlNSXQOrGQyVaxSr5CbJatDRbjmVX4Dl5Jnt5qgiN/ BotsHRbKr0v7IncdEyMqiQY/mlfoRMbCjPIQr7IWP+tksndu8cEiOr3o17ozpLDC Z8V1ri637KgbiZaTdCAowy1XuHLamf/+YZXkV11uhEhHGMZ13DLfRJWOwLaqFo6a a1RnS7qseQAfe28x2lcffgZRKwWz3Y8j+RGtfBvTjMlyQVnUjarHL71dRluOqEJk 2QkjuyrH712s6IP1eUG+dsTIYIQSbo+G6f8tkiPSvTG5Toxt4oqId6lzMKVQhs9y a7G9Ksm+RJGcc/e0WBAq8nG5C0tkVUcvjaYfFpQgviTQY7USlW1d5A/aedFH0S2K 2Y8F39hxuLTmyezl7GO6DypfCv4dCUM821KWnhcsW7y54Teae07C+X20XEOrp5rM qxUnzD2mnFcKDB+vuJE3cbfyLwnj4rzLfx0TUElsusQ/2AG2J6BcJWLMJ+0LeW2n TPeaimKV44DPu9FdEpzjd5q39jox9XOsbwK28kxh6rRLpf8NP/4sytL/5t1Or2+a tUaNIoFvVMQNKj3LJEmjOnBjrOX4Kqcu5xm2HzBL7bWmwqWJjCxjWwAGtgebIK9y 4EZHRwPpQ56Xd0gj6Rvc =SEAB -----END PGP SIGNATURE----- From cathalgarvey at cathalgarvey.me Sun Jun 28 10:15:38 2015 From: cathalgarvey at cathalgarvey.me (Cathal (Phone)) Date: Sun, 28 Jun 2015 18:15:38 +0100 Subject: Tribler - anonymous downloading In-Reply-To: References: Message-ID: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> I used to toy with this for a while after the "onion like routing layer" appeared, then read a little about the implementation and uninstalled it immediately and permanently. On 28 June 2015 17:28:13 GMT+01:00, " Александр " wrote: >> >> https://www.tribler.org/ >> https://github.com/Tribler/tribler/releases >> >> "Tribler - Privacy using our Tor-inspired onion routing. >> Tribler offers anonymous downloading. Bittorrent is fast, but has no >> privacy. We do NOT use the normal Tor network, but created a >dedicated >> Tor-like onion routing network exclusively for torrent downloading. >Tribler >> follows the Tor wire protocol specification and hidden services spec >quite >> closely, but is enhanced to need no central (directory) server" >> > >This looks very nice. And they are constantly improving. -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1439 bytes Desc: not available URL: From admin at pilobilus.net Sun Jun 28 15:17:27 2015 From: admin at pilobilus.net (Steve Kinney) Date: Sun, 28 Jun 2015 18:17:27 -0400 Subject: progression of technologies In-Reply-To: <4919494.BVvPvbLpCL@lapuntu> References: <20150625032613.48665228148@palinka.tinho.net> <558E1E3F.9020801@pilobilus.net> <4919494.BVvPvbLpCL@lapuntu> Message-ID: <55907277.3040402@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> On Fri, Jun 26, 2015 at 11:53 PM, Steve Kinney >> wrote: >>> I wouldn't mind a world where privacy is a thing of the >>> past, as >> >> What's the url to your lifecam again? https://www.facebook.com/steve.kinney.5 :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVkHJ1AAoJEDZ0Gg87KR0LTdYP/3O8VV2ywzMXXSo3fQg8xd9L dxiOTpkmYj3jsK4M8edboN3KrWMHg1JPzdTtxyx1mavH+Zdqkf25iUTC//AzPOWu JWs8uFJL1HLjUQuHmkUxfSyO5jZZMz4xSIIDVZBFx7rrr+amUFuvmFgZJbk/Fm2A MfN9V1HaSHYKp/wNWcIu3JPk8QobXeneV+cyfmWoc2p/PeAphp91vZPTNVfozbVV jMgEpQu6XRtl5dhh3PJ88+2/Eht/Jdgel22CcA6cGAdetWv9qs8qhUQAZ9jLzX+D f/laHnysfV3i5jK8Ue0cs9D0Nbsqy4pv5+hIrrS7Q/M6n6jkDn/G6Jz6bCyQnqh2 0cMKAbovUOUJcoPUmVCd5Y9oCgfzJ2Cq/HQ7qTWmeVq/2SWbNJsUreU8yViJZdU5 dAHAG991+hkRUYSuGgnIpgEFVY8c0/MDAD6Jde5CsjMjPn1VnlV24Z3u/C7Mm+M0 JDfe5HK7bBCbl8kn5t6FYD/yoa7ihVl+UjRe7Y/4nuv3DOdeOtKUJiZ3gKUgKYaS P7xAbUXiWIBH0rkF7TYyfEdFMON5I2BHqCbE1UfNqkJHZ5x0LuQ+F1F7tGMDh8PC wL4b44Cyz9xvhBzlYxvA0ewmE01m0hbeQkJO8BfkvbhCGEQdNwF0Jh6YM+1H4sYh 6StoKLdwBTTlw0WzQ2H9 =rkH1 -----END PGP SIGNATURE----- From rysiek at hackerspace.pl Sun Jun 28 10:11:30 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:11:30 +0200 Subject: Pre-emptive content index In-Reply-To: References: Message-ID: <2790754.d6A9hyX7Gt@lapuntu> Dnia sobota, 27 czerwca 2015 19:36:35 coderman pisze: > On 6/27/15, Zenaan Harkness wrote: > > ... > > So if I've read something I personally considered worthy of the price > > of my human attention, it exists somewhere on my local storage. > > this is good practice; although it would be better to have two way > flow of collaboration - open design, etc. while pragmatism fills your > local cache, open content fills workflows, production. > > > I call this pre-emptive since I always consistently download the > > content before ever reading, listening or viewing (/"consuming" - > > sounds like a base description, belittling we humans). > > i remember Zooko musing about this years ago, needing a browser > extension that kept a complete archive of all pages / content viewed > during a session. i don't recall him finding it, and i can't seem to > locate the blog post. i will try again later... I use PrintToPdf for this: https://addons.mozilla.org/pl/firefox/addon/printpdf/ It does the job well. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:13:03 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:13:03 +0200 Subject: Pre-emptive content index In-Reply-To: <20150628090028.GE7143@ctrlc.hu> References: <20150628090028.GE7143@ctrlc.hu> Message-ID: <1694180.gitsZlOVsF@lapuntu> Dnia niedziela, 28 czerwca 2015 11:00:29 stef pisze: > i know - ridiculous, someone posting code on the cypherpunks list, i hope > you're all not to offended by my contributions to your fine noise. Please turn in your Cypherpunk card and find your way to the backdoor. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:19:31 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:19:31 +0200 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <2117510.FiH18N24he@lapuntu> Dnia czwartek, 25 czerwca 2015 21:03:03 Lodewijk andré de la porte pisze: > The age of privacy, and everything with it, including the freedom of > association and separation of public and private life, is ending. The > public is smiling merrily along the road. 1984 is coming, but the public is > not scared or suppressed. They are smiling happy people, obedient and > cheerful, and they take the best of care of their keepers. It was Huxley, not Orwell, who was right: https://en.wikipedia.org/wiki/Amusing_Ourselves_to_Death -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:21:40 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:21:40 +0200 Subject: progression of technologies (almost a satire) In-Reply-To: <558B9A1E.9050806@dyne.org> References: <20150625032613.48665228148@palinka.tinho.net> <558B9A1E.9050806@dyne.org> Message-ID: <4176354.FG0pN9pIUd@lapuntu> Dnia czwartek, 25 czerwca 2015 03:05:18 hellekin pisze: > The "quantum difference" between personalization (serving the user) and > otherwise (sucking it dry) resides in ethics: I would say, the difference resides in the answer to the question: "who actually controls the data" If it's the user that has *physical* control, than it's probably personalisation; otherwise, it most definitely isn't -- or will soon cease to be. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From afalex169 at gmail.com Sun Jun 28 09:28:13 2015 From: afalex169 at gmail.com (=?UTF-8?B?INCQ0LvQtdC60YHQsNC90LTRgCA=?=) Date: Sun, 28 Jun 2015 19:28:13 +0300 Subject: Tribler - anonymous downloading Message-ID: > > https://www.tribler.org/ > https://github.com/Tribler/tribler/releases > > "Tribler - Privacy using our Tor-inspired onion routing. > Tribler offers anonymous downloading. Bittorrent is fast, but has no > privacy. We do NOT use the normal Tor network, but created a dedicated > Tor-like onion routing network exclusively for torrent downloading. Tribler > follows the Tor wire protocol specification and hidden services spec quite > closely, but is enhanced to need no central (directory) server" > This looks very nice. And they are constantly improving. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 832 bytes Desc: not available URL: From rysiek at hackerspace.pl Sun Jun 28 10:31:54 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:31:54 +0200 Subject: Tribler - anonymous downloading In-Reply-To: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> References: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> Message-ID: <4517544.J4zj8Ykm3I@lapuntu> Dnia niedziela, 28 czerwca 2015 18:15:38 Cathal pisze: > I used to toy with this for a while after the "onion like routing layer" > appeared, then read a little about the implementation and uninstalled it > immediately and permanently. Care to indicate particular reasons of this decision?.. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:35:26 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:35:26 +0200 Subject: progression of technologies In-Reply-To: References: <20150625032613.48665228148@palinka.tinho.net> <558E1E3F.9020801@pilobilus.net> Message-ID: <4919494.BVvPvbLpCL@lapuntu> Dnia sobota, 27 czerwca 2015 05:59:45 grarpamp pisze: > On Fri, Jun 26, 2015 at 11:53 PM, Steve Kinney wrote: > > I wouldn't mind a world where privacy is a thing of the past, as > > What's the url to your lifecam again? > > > long as the playing field is reasonably level. > > It will never be level once info leaves your personal space. > Left unrestricted, others will collect and collude against you. This. Plus, the field is not level, because those governments, institutions, organisations, companies and individuals that have more resources to mine available data will get more actionable information from it. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:54:58 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:54:58 +0200 Subject: U. S. A.! A-me-ri-cah, f--- yeah! - How to rule the world, U.S. style In-Reply-To: References: Message-ID: <1516013.3637yOfo62@lapuntu> Dnia czwartek, 18 czerwca 2015 19:41:09 Zenaan Harkness pisze: > http://russia-insider.com/en/hey-obama-what-about-serbias-territoral-integri > ty/ri8092 > > (...) > May world be spared hunger, plague and western principles. > " Pot, calling the kettle black. There are innumerable problems with US foreign policy, and we should tackle them. But Russia right now poses real danger, and goes almost completely unchecked, beacause if anybody says anything bad about Russia, that person is immediately being painted as USA supporter. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 10:57:52 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 19:57:52 +0200 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: References: Message-ID: <2307550.aktsLoVmFc@lapuntu> Dnia czwartek, 18 czerwca 2015 21:46:33 Lodewijk andré de la porte pisze: > 2015-06-18 13:28 GMT+09:00 grarpamp : > > Cypherpunks... when / where will it all end? > > The cost of observation is ever dropping. With improved processing > capability (hardware and software) the value of data is ever rising. There > is only one logical conclusion: permanent, global observation. > > Resistance is effective but eventually futile, you cannot reverse time, you > cannot reverse progress. But maybe we can find ways to raise the cost of surveillance? -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 11:30:57 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 20:30:57 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> Message-ID: <1741267.YsnpBZuTEf@lapuntu> Dnia czwartek, 18 czerwca 2015 18:24:14 Sean Lynch pisze: > On Wed, Jun 17, 2015 at 3:51 PM Dr Adam Back wrote: > > If people on *cypherpunks* cant get the points in the post, I think > > the world has a problem. The price of security in a distributed > > system like bitcoin is eternal vigilance, but if people dont > > understand what constitutes a risk and hence what to be vigilant for, > > the meta-system can be unreliable and lose its assurances. I think we > > need to explain some more concepts and probably people will over time > > learn things and and an influencer pyramid emerge as happened in > > privacy technology. > > Yes, I'm sure that when people who disagree with you, it's always because > they are wrong and never because you don't understand the situation as well > as you think you do. I'm sure you know more about Bitcoin than Gavin does. Wow, that's a low blow. Arguing by authority, and then a false dichotomy: "either you know more about Bitcoin than X, or you should not have a voice at all on this" Might I suggest considering arguing on the merits instead, next time? :) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 11:37:42 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 20:37:42 +0200 Subject: =?UTF-8?B?xI1yeXB0byBpcyBmaW5pc2hlZC4uLiBhbmQgaXQncyBhYm91dCB0aW1lIMOX?= (also: 'Balrog' malnet, firsthand view) In-Reply-To: References: Message-ID: <1563698.nBJJoDsSqo@lapuntu> Dnia piątek, 12 czerwca 2015 19:37:12 grarpamp pisze: > On Fri, Jun 12, 2015 at 4:50 AM, Natanael wrote: > > Don't do F2F at the lowest network layer. > > Just stick with I2P > > The reason for laying you own F2F physical network is that the > existing "internet" one is owned and monitored by entities who > have absolutely zero loyalties to, or care about, you. FFDN tries doing something about it. Look it up. ;) -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From rysiek at hackerspace.pl Sun Jun 28 11:46:20 2015 From: rysiek at hackerspace.pl (rysiek) Date: Sun, 28 Jun 2015 20:46:20 +0200 Subject: Helmholtz Tubes, CRT Signals (Was: Sigint Dumps) In-Reply-To: References: Message-ID: <3693629.faSlnJZN2R@lapuntu> Dnia niedziela, 14 czerwca 2015 09:29:53 Wilfred Guerin pisze: > last i heard, 2nd hop distribution is having corruption and extortion > problems, but load rate says the first slice should be done by mid week and > automatically shared as arranged, original data is aligned to the solstice > 2014, suggesting more next weekend? 2 weeks later, nothing came. -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 931 bytes Desc: This is a digitally signed message part. URL: From seanl at literati.org Sun Jun 28 13:52:43 2015 From: seanl at literati.org (Sean Lynch) Date: Sun, 28 Jun 2015 20:52:43 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: <1741267.YsnpBZuTEf@lapuntu> References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On Sun, Jun 28, 2015, 12:38 rysiek wrote: Dnia czwartek, 18 czerwca 2015 18:24:14 Sean Lynch pisze: > On Wed, Jun 17, 2015 at 3:51 PM Dr Adam Back wrote: > > If people on *cypherpunks* cant get the points in the post, I think > > the world has a problem. The price of security in a distributed > > system like bitcoin is eternal vigilance, but if people dont > > understand what constitutes a risk and hence what to be vigilant for, > > the meta-system can be unreliable and lose its assurances. I think we > > need to explain some more concepts and probably people will over time > > learn things and and an influencer pyramid emerge as happened in > > privacy technology. > > Yes, I'm sure that when people who disagree with you, it's always because > they are wrong and never because you don't understand the situation as well > as you think you do. I'm sure you know more about Bitcoin than Gavin does. Wow, that's a low blow. Arguing by authority, and then a false dichotomy: "either you know more about Bitcoin than X, or you should not have a voice at all on this" Might I suggest considering arguing on the merits instead, next time? :) Perhaps if you bothered to read more than the last message in the thread you would realize that I already attempted that. I think your expectations are a bit high when there are people on the thread arguing that we should really consider the opinions of those making death threats. IOW listen to the terrorists. It seems to me that people are terrified by a hard fork because they have a huge stake in Bitcoin. To me that's the best argument there could possibly be to fork now and get it out of the way. Bitcoin can't survive if it ossifies due to the fears of morons who can't be bothered to diversify their investment, and who have such low morals that they'd stoop to making death threats. If we're going to argue based on the merits then let's do that, and leave the death threats and doom and gloom out of it. We need to be thinking beyond Bitcoin to the future of cryptocurrencies on general, and a healthy cryptocurrencies ecosystem cannot survive as an ossified monoculture. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2741 bytes Desc: not available URL: From seanl at literati.org Sun Jun 28 14:04:35 2015 From: seanl at literati.org (Sean Lynch) Date: Sun, 28 Jun 2015 21:04:35 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: By the way, "consensus" is a red herring thrown out by those who never want there to be a fork. There can never be consensus for a fork, because otherwise it wouldn't be a fork. Claiming there needs to be consensus is just a way to try to make it look like any fork is somehow unilateral and undemocratic. But to succeed, any fork by definition needs broad support. In fact, it's about the most democratic you can get: people put their money and their mining power on the fork they want. It's those opposing any fork who are the authoritarians. Obviously, when you consider who's making the death threats. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 654 bytes Desc: not available URL: From nerv at fastmail.fm Sun Jun 28 12:33:14 2015 From: nerv at fastmail.fm (nerv) Date: Sun, 28 Jun 2015 21:33:14 +0200 Subject: Tribler - anonymous downloading In-Reply-To: References: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> Message-ID: <20150628213314.50196b9c@nerv.nsa> On Sun, 28 Jun 2015 11:55:02 -0700 Seth wrote: > On Sun, 28 Jun 2015 10:15:38 -0700, Cathal (Phone) > wrote: > > > I used to toy with this for a while after the "onion like routing > > layer" appeared, then read a little about the implementation and > > uninstalled it immediately and permanently. > > Same here. > > Another rather unsavory aspect of the software I discovered after > about a week of running it, was that by default, your computer is an > exit node. [1] (this may have since changed) > > This meant that people abusing the Tribler service to share child > porn/whatever could spew the filth through any number of > unsuspecting Tribler users Internet connections and with most of them > being none the wiser until their door got kicked in. > > This is an unacceptable mega-blunder in my book and was enough for me > to uninstall the app and never look back. > > [1] https://github.com/Tribler/tribler/issues/1174 This sound a bit like the model in Freenet. You get some encrypted traffic and only forward it to another host, so I'm guessing they had plausible deniability in mind. Their website clearly states that the project is not secure and should not be used for "controversial" content however, so I'm not really sure how much abuse could happen, seems to me like someone with something to hide would have others and better options. -- Goto Daichi (nerv) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQENBFVl0RcBCADHL0fGKZ/4MAciOo9GqKnCz6f9qu1Q+1gOSu7anHTEALePUXrI VFXdYfcB9D91mfYhSPdI6Wf4f3YNqJJozIaGo1p7g7Oo0j2n8KR/xgxtGLSqkyc7 I4Pkhg0SCa5pm2ty9cyfrUWrRwgopEj4bJlR2L0HHhTQBoVo9h30XtWeLPwwg+O1 vUGDgiLniHKBwna5jMp0I/bZxuM9ztxWXEmiEkqIh65dT6mcjJx2visSDAZGB033 pU/EQFTxyavFOlypZG+WCGo8VNJkzEf6cHMVKJsi6aBi8ewGiw0SuYfYSY9Fed8I rLq0990FfB2NT26BRmJM+6Svs8+fJe3o+YNnABEBAAG0JUdvdG8gRGFpY2hpIChu ZXJ2KSA8bmVydkBmYXN0bWFpbC5mbT6JATgEEwECACIFAlVl0RcCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAAAoJEIH6UEN73OdVe+sH/i5I5C1A8EzvK3wuetsK 8mPAiTFdw+x1tYrvS2A/eYAjKP1wfx9csB+Q9n94HFv7FtP5IbceZ5BdMtjagBa3 uWmHA/Pf5zoE3MaTSeY16mBEr141bTWzIdWofLgi0IrKPch8onEnTdd2hBWvJTPU F8Zb176trSEpYEACo+6QUppFUmXDGhvVzAfOMJZU8mjfQvf5haamcYTeOifG0riW vXjSDJJCFuMtj5uTRES9bRxKsyL2zW9B+DW9es4YIJ2zCgnSajoBGQu+kjrWzZG9 qlz5L0SbgQ4cRy4BT9o9AToK5Rs1eixEvHIten2agC7yMUbhGMyXYNRk+3NSJcJb Zfi5AQ0EVWXRFwEIANwbm4X50uUHDYgT038WI8LfEd8Gh0UABAxRjn4AlpuaXJKL mVY24iRTEHdspuBP12e11E9FiYO6/As7XSBIH/ZUFogffQGPh3Dyr4r9mBPBp+qR NDy5tP5g6qbAYtJnDznaEldjsrF4FzrFcS3/9oCjOX3in98qYh+PS6DU3+emUn7V P7socUmxgckidhvaWkAj6dsmZbg4kkWhGvarzCbehCZxKGgtfRfyTWeQfTYbSrSD sxYZRb6lMBcVlY1Us6Uanw+au9vJPnS3nbZQJDhfJ/utTmaBpyIn6+4f4Ku049qp YntER2RJiX+bHhVNa8IR5E4946pxZfBt6dY5Fo8AEQEAAYkBHgQYAQIACQUCVWXR FwIbDAAKCRCB+lBDe9znVcxyB/iEiBpDbN8siHNCfJlFL98Au/GV9fE7H8IgCZ6o rKKEjWEPML+FhlAYfbVlVnqSnmoLFloSYqhDymY+4S0IS/QcMnY2u017Rb1AIbF1 5BYzK1cTGDbeLObeJaIVr+DHEl+goPL9YgHg/X3WmFrO7nGP3Fv/n+VFn+S4zGE0 1yGFU9vdNGZkC7ddlDhGvophLJHHxfGSiGnjXKq9vR+xq2yyH0EZqLlCEprMmTo1 X+EpRNLZA4p5oee5RI/t6zk92DElTLuDqbPTnQNQd9tVwPeNQXsgWR+SPYD7vLQI hez47/0guyHoHwMDjkiXq4uwgGT0YdZ8lDoT2Z8BiApLMRI= =t27C -----END PGP PUBLIC KEY BLOCK----- -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From seanl at literati.org Sun Jun 28 15:52:07 2015 From: seanl at literati.org (Sean Lynch) Date: Sun, 28 Jun 2015 22:52:07 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: That's why I said "their money and...", but you're right, the "and" doesn't need to be there. Just the money. On Sun, Jun 28, 2015, 15:16 Adam Back wrote: > It's not the miners that count, rather than economic majority. It's a > surprising fact, but here's how it works: lets imagine 75% of the > miners decided they'd change the economic rules, in a protocol > incompatible way. Result: the miners form a new alt-coin with no > users. Bitcoin difficulty adjusts, and carries on as if nothing > happened. The hostile miners earn 25 forkcoins which have a market > price of 0. They are burning electricity so they either go bankrupt > or the give up and rejoin the network. > > There's a lot to game theory that is subtle. It could do with a FAQ > writing on it really. > > Adam > > On 28 June 2015 at 23:04, Sean Lynch wrote: > > By the way, "consensus" is a red herring thrown out by those who never > want > > there to be a fork. There can never be consensus for a fork, because > > otherwise it wouldn't be a fork. Claiming there needs to be consensus is > > just a way to try to make it look like any fork is somehow unilateral and > > undemocratic. But to succeed, any fork by definition needs broad > support. In > > fact, it's about the most democratic you can get: people put their money > and > > their mining power on the fork they want. It's those opposing any fork > who > > are the authoritarians. Obviously, when you consider who's making the > death > > threats. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 1985 bytes Desc: not available URL: From adam at cypherspace.org Sun Jun 28 15:16:30 2015 From: adam at cypherspace.org (Adam Back) Date: Mon, 29 Jun 2015 00:16:30 +0200 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: It's not the miners that count, rather than economic majority. It's a surprising fact, but here's how it works: lets imagine 75% of the miners decided they'd change the economic rules, in a protocol incompatible way. Result: the miners form a new alt-coin with no users. Bitcoin difficulty adjusts, and carries on as if nothing happened. The hostile miners earn 25 forkcoins which have a market price of 0. They are burning electricity so they either go bankrupt or the give up and rejoin the network. There's a lot to game theory that is subtle. It could do with a FAQ writing on it really. Adam On 28 June 2015 at 23:04, Sean Lynch wrote: > By the way, "consensus" is a red herring thrown out by those who never want > there to be a fork. There can never be consensus for a fork, because > otherwise it wouldn't be a fork. Claiming there needs to be consensus is > just a way to try to make it look like any fork is somehow unilateral and > undemocratic. But to succeed, any fork by definition needs broad support. In > fact, it's about the most democratic you can get: people put their money and > their mining power on the fork they want. It's those opposing any fork who > are the authoritarians. Obviously, when you consider who's making the death > threats. From yushbhardwaj91 at gmail.com Sun Jun 28 11:51:39 2015 From: yushbhardwaj91 at gmail.com (Yush Bhardwaj) Date: Mon, 29 Jun 2015 00:21:39 +0530 Subject: Tribler - anonymous downloading In-Reply-To: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> References: <780EC394-1858-4DBE-ADB8-E72DF5B9DD8E@cathalgarvey.me> Message-ID: What you had read ? *Yush Bhardwaj* On Sun, Jun 28, 2015 at 10:45 PM, Cathal (Phone) < cathalgarvey at cathalgarvey.me> wrote: > I used to toy with this for a while after the "onion like routing layer" > appeared, then read a little about the implementation and uninstalled it > immediately and permanently. > > > On 28 June 2015 17:28:13 GMT+01:00, " Александр " > wrote: >> >> https://www.tribler.org/ >>> https://github.com/Tribler/tribler/releases >>> >>> "Tribler - Privacy using our Tor-inspired onion routing. >>> Tribler offers anonymous downloading. Bittorrent is fast, but has no >>> privacy. We do NOT use the normal Tor network, but created a dedicated >>> Tor-like onion routing network exclusively for torrent downloading. Tribler >>> follows the Tor wire protocol specification and hidden services spec quite >>> closely, but is enhanced to need no central (directory) server" >>> >> >> This looks very nice. And they are constantly improving. >> >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2722 bytes Desc: not available URL: From seanl at literati.org Sun Jun 28 18:10:40 2015 From: seanl at literati.org (Sean Lynch) Date: Mon, 29 Jun 2015 01:10:40 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: Which means that those with a stake in Bitcoin are better off if a fork becomes popular than if an altcoin does, because if a fork becomes popular they will already have a stake in the fork, whereas if the altcoin becomes popular at the expense of Bitcoin they will have nothing. Of course, if a fork undermines faith in Bitcoin without becoming popular, everyone will be screwed. But I don't think this is likely; either it will become popular and we'll all be better off, or it will flop and nobody will care. The worst case scenario is that some fatal flaw eventually emerges in Bitcoin, one that would not have affected a proposed fork or altcoin but that instead wipes out Bitcoin holders and undermines faith in all cryptocurrencies. On Sun, Jun 28, 2015, 15:52 Sean Lynch wrote: > That's why I said "their money and...", but you're right, the "and" > doesn't need to be there. Just the money. > > On Sun, Jun 28, 2015, 15:16 Adam Back wrote: > >> It's not the miners that count, rather than economic majority. It's a >> surprising fact, but here's how it works: lets imagine 75% of the >> miners decided they'd change the economic rules, in a protocol >> incompatible way. Result: the miners form a new alt-coin with no >> users. Bitcoin difficulty adjusts, and carries on as if nothing >> happened. The hostile miners earn 25 forkcoins which have a market >> price of 0. They are burning electricity so they either go bankrupt >> or the give up and rejoin the network. >> >> There's a lot to game theory that is subtle. It could do with a FAQ >> writing on it really. >> >> Adam >> >> On 28 June 2015 at 23:04, Sean Lynch wrote: >> > By the way, "consensus" is a red herring thrown out by those who never >> want >> > there to be a fork. There can never be consensus for a fork, because >> > otherwise it wouldn't be a fork. Claiming there needs to be consensus is >> > just a way to try to make it look like any fork is somehow unilateral >> and >> > undemocratic. But to succeed, any fork by definition needs broad >> support. In >> > fact, it's about the most democratic you can get: people put their >> money and >> > their mining power on the fork they want. It's those opposing any fork >> who >> > are the authoritarians. Obviously, when you consider who's making the >> death >> > threats. >> > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 3088 bytes Desc: not available URL: From juan.g71 at gmail.com Sun Jun 28 21:44:34 2015 From: juan.g71 at gmail.com (Juan) Date: Mon, 29 Jun 2015 01:44:34 -0300 Subject: progression of technologies (almost a satire) In-Reply-To: <55900E6D.4080304@dyne.org> References: <20150628032109.DEADB2280D7@palinka.tinho.net> <55900E6D.4080304@dyne.org> Message-ID: <5590cb75.41c08c0a.55e04.ffffdaa5@mx.google.com> On Sun, 28 Jun 2015 12:10:37 -0300 hellekin wrote: > What is the philosophical basis that sustains the CIA? might makes right - what else > > == > hk > From grarpamp at gmail.com Sun Jun 28 23:35:01 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 29 Jun 2015 02:35:01 -0400 Subject: progression of technologies (almost a satire) In-Reply-To: <20150628181456.75634228118@palinka.tinho.net> References: <55900E6D.4080304@dyne.org> <20150628181456.75634228118@palinka.tinho.net> Message-ID: On Sun, Jun 28, 2015 at 2:14 PM, wrote: >> What is the philosophical basis that sustains the CIA? > > > Life is indeed priceless, and the more rare it is the more self > evident it can only have been the hand of God who created it. If that's the philosophy of CIA, then if they harness / take life they become rich, life becomes rarer, and themselves closer to God. > abortion, genetic tinkering, or the burning of coal. What's the wiki page for the school of thought where evaluating all the things against whether or not they help humans emigrate off their planet is all that matters? Otherwise, you know, The End. One could also consider fun stuff like whether those who think they are from the hand of God perform CIA-like actions for or against emigration. For that matter, if the Manifesto is too old or narrow or short term, what the Hell are cpunks doing and why? From grarpamp at gmail.com Sun Jun 28 23:50:01 2015 From: grarpamp at gmail.com (grarpamp) Date: Mon, 29 Jun 2015 02:50:01 -0400 Subject: 5000 Darknet Websites Message-ID: http://fsxeh2tzrcby266e.onion/ From list at sysfu.com Mon Jun 29 08:48:26 2015 From: list at sysfu.com (Seth) Date: Mon, 29 Jun 2015 08:48:26 -0700 Subject: Fixing the broken GPG and HTTPS (X509) trust models with Simple Public Key Infrastructure (SPKI) Message-ID: Reposted from http://vinay.howtolivewiki.com/blog/other/secure-private-reliable-social-networks-sprsn-3654 ** secure private reliable social networks: sprsn ** by Vinay Gupta • December 29, 2014 sprsn is an idea for a small piece of software which I think would do the world some good by existing, and which currently does not exist. It’s a deeply technical project that I probably don’t have time to build (unless somebody wants to pay my rent for a few months while I take a shot at it with a helper or two! – I am not serious about this) but I can describe what’s needed and maybe it will inspire somebody, in whole or in part. Synopsis: combine the new (telehash) with the old (SPKI) and get a Facebook-killer in the form of a command line utility that provides a decentralized social network. However, will Ethereum do this, and a ton more? The dream sprsn bob "hey when are you coming over?" sprsn bob list friends > leslie > carol > jake sprsn bob add carol > added bob's friend carol with key [a23fd61b7] > you have no other routes to carol sprsn jake > use bob's key for jake? Now imagine that sprsn also has a web interface mode: sprsn -d 9999 http://localhost:9999 mounts a web interface to your local sprsn instance. The sprsn instance connects to your (online) friends running sprsn using telehash (a persistant DHT tool) for web chat and for key management: click on your friend’s friends to acquire their keys, and multipath to people (“you have 9 friends in common”) to get more certainty about the keys. Obviously this would be great: the best of SSH and Facebook in a single utility. It is now relatively easy to build. Let me show you why it hasn’t happened already, and why we need it! The Problem GPG and HTTPS (X509) are broken in usability terms because the conceptual model of trust embedded in each network does not correspond to how people actually experience the world. As a result, there is a constant grind between people and these systems, mainly showing up as a series of user interface disasters. The GPG web of trust results in absurd social constructs like signing parties because it does not work and creating social constructs that weird to support it is a sign of that: stand in a line and show 50 strangers your government ID to prove you exist? Really? Likewise, anybody who’s tried to buy an X509 certificate (HTTPS cert) knows the process is absurd: anybody who’s really determined can probably figure out how to fake your details if they happen to be doing this before you do it for yourself, and of the 1500 or so Certificate Authorities issuing trust credentials at least one is weak or compromised by a State, and all your browser will tell you is “yes, I trust this credential absolutely.” You just don’t get any say in the matter at all. The entirely manual, Byzantine process is broken, and so is the entirely invisible, automated one. It just doesn’t work. The process of mapping keys to people is just broken and nearly all the rest of the trouble emanates from this fact. A GPG key maps a person to an email address to a key, and leaves you to pick who you trust enough to prove the map is right. An HTTPS cert maps an organization to an IP address to a key, and asks you to trust one of 1500 organizations your browser vendor chose to trust. It’s not just the trust model that’s broken, it’s the binding of these various pieces of data together using cryptography. Gluing the wrong stuff to the wrong stuff produces constant security and reliability problems. What’s the wrong stuff? Legacy delivery mechanisms like email and DNS. Mapping a person to an email address, and an email address to a key is two mappings. Same for HTTPS where we map an organization to an IP address to a key. Two mappings, one of which is essentially arbitrary: I care about identity and key. I should not have to worry about IP address or email address – that’s a minor technical detail. But these outmoded trust systems foreground it, much to our discomfort. Telehash Enter Telehash, an encrypted network stack in which you route messages directly to a public key. The code is pretty simple expect(mesh).to.be.an('object'); mesh.receive(new Buffer("208cb2d0532f74acae82","hex"), pipe); The cryptographic key is the routing address. So now we only have to accomplish one level of indirection: person to key. Something old, something new, something borrowed, something blue. Enter SPKI and our old friend, the Granovetter diagram. SPKI and trust in networks, not webs Simple Public Key Infrastructure is what we should have deployed instead of X509/HTTPS and the GPG web of trust. There are two critical differences between SPKI and X509/GPG. They are: 1) SPKI gives users the ability to certify facts about other users, for example “bob is allowed to use my computer” can be expressed in a machine-readable fashion (s-expressions.) This lets users build their own trust architectures on an ad-hoc basis. 2) SPKI allows anybody to chain certificates of this type (“fred says that bob says that vinay says that bob is allowed to use his computer.”) This ability removes the centrality of the CA: anybody that I trust can give me a certificate stating “this is the key for amazon.com” and because of certificate chaining, I can see the line of authority down which that key passed. These might sound like minor features, but they are not: these two features express the difference between trust-hierarchy (X509) and trust-soup (GPG), neither of which are productive, and the consumer-producer based trust-anarchy which SPKI permits and, indeed, requires. The best explanation of this in more detail is the Ode to the Granovetter Diagram which shows how this different trust model maps cleanly to the networks of human communication found by Mark Granovetter in his sociological research. We’re talking about building trust systems which correspond to actual trust systems as they are found in the real world, not the broken military abstractions of X509 or the flawed cryptoanarchy of GPG. Usable security is possible Once you fix the trust model so that it works for humans, and use Telehash to reduce the number of mappings from three (person -> delivery mechanism -> key) to two (person -> key) it’s possible to imagine a secure system in which people actually understand what is happening well enough feel comfortable that they understand what is going on. So let’s break this down into the desirable properties for the system we’d build using these primitives. For ease, let’s consider realtime chat in the first instance – just pushing messages down telehash sockets. The only question we have to answer is which telehash socket corresponds to which person. 1) person = key there’s no way to break the binding between a person and a key, because a person is a key, or multiple keys. 2) delivery = key this is what we get from telehash – I don’t need to worry about how I’m sending you the message, it’s right there. So I obtain a key for a friend of mine by, say, email. Once I’ve connected to them, I can then ask them to send me keys for our mutual friends. 3) keys carry the chain of referrers “alice says this is her key” “bob says that alice says that this is her key” “fred says that bob says that alice says that this is her key” What that looks like in practice is a social graph, like the one embedded in facebook. I click on you, my friend, and I click on alice, your friend, and the connection that forms is an SPKI key being transferred to my keyring. The key is its history – the path by which the key came to me is the trust chain. If I want to be more sure the key I have is Alice’s key (and not your sockpuppet) I need to find an independent route or two to Alice. If Google and Dunn & Bradstreet both agree that this key is the key for the IRS, that’s good enough for me. 4) tools and affordances So how would we actually build this? I would recommend a golang implementation for cross platform compatibility and ease of distribution. NaCl and Telehash both exist for golang, and the self-contained binaries which result are easy to spread around. A command line client would be easy to augment with a web interface in which the golang program running on localhost provides an HTTP interface for users that want graphics etc. Basically you get a decentralized social network with secure chat pretty much out of the box, where “friending” somebody acquires their key, and the referral network through which keys propagate is a key social dynamic. This can work. 5) advanced topics How do we message friends who aren’t online? Store and forwards seems to be the obvious approach. Suppose I create a certificate (“sign”) which lists a set of telehash keys that are my “store and forward” servers – if you try and chat to me and I’m not there, you can ping one of them and dump an (encrypted) message for me there and I’ll pick it up when I’m online again. Same holds for large block transfer (i.e. dropbox) – I specify my choice of servers by issuing a digital certificate. Do we need a central store of those certificates? Maybe, or maybe it’s simply an addressing mechanism: every time we chat, I push over my updated delivery info, and you can ask your friends for my updated delivery info if you need to reach me. In all probability, a decision has to be made about whether to keep the old SPKI s-expression format for certificates, or move to JSON. Good luck with that decision, it’s a hard one. Conclusion There’s no way to fix a broken conceptual model with a better user interface. GPG does not work for ordinary users, and GPG cannot work: we’ve been trying to fix this for 20 years and it has not happened. The process by which humans communicate is not tractable using those trust primitives. We are stuck with a mess, and X509 is not an answer either – it worked when only big orgs wanted to secure their email and web sites, but now everybody wants to do it and the certificate issuing mechanisms are becoming far too sloppy to trust. We have to go back 20 years to the brilliant analysis of the people who did not ship a sloppy hack to quickly get to market but sat there and figured out the right thing to do, if we want to fix this mess in a durable way. High roads and low roads The high road on these issues is Ethereum. Telehash takes the DHT and uses it for routing. Bitcoin takes the DHT and adds proof of work to generate a history. Ethereum takes bitcoin and puts executable contracts into the history, plus protocols for chat and block transfer. It’s entirely possible that SPKI-style user-generated certificates will make their way into Ethereum, either as part of the core spec or as a common class of DAAPs. “I have bought stuff from bob and would do so again” can be issues as a certificate, in a standardized format, and these certificates can be spidered out of the blockchain to generate trust metrics. Likewise, if all your messaging is happening on the Ethereum protocol, you do not necessarily need telehash. Here’s the question: is Ethereum’s “one ring to rule them all” approach feasible, or should we work closer to the Unix Philosophy and build smaller pieces, loosely joined. I can imagine a command line Telehash/SPKI client which is as commonly used as SSH is today, for slinging around chat and small data. I can also imagine an operating-system like sea of executable contracts and helper functions in a densely knit global decentralized computational ecosystem providing all the same services and more. I, personally, am in favor of a mixed strategy. I think the sheer naked moonshot ambition of Ethereum is extremely attractive, and part of the reason I joined the team (F.I.S.T.) was that I wanted to be part of such an ambitious vision. But it’s an awful lot of bleeding edge tech, and with a project that large and complex, you can never be quite sure what will come out the other end. In particular, I have no idea whether the nuances of SPKI etc. which will enable a revolution in the way that ordinary users experience cryptography will show up in Ethereum in a usable way – the core smart contract etc. functions can work perfectly well without fixing the nuances that user-issued certificates will get. So I’m writing this post for two reasons: to encourage the Telehash community to examine SPKI and look at it as a way of managing keys inside of their DHT routing paradigm, and to encourage the Ethereum community to look at SPKI and ask whether it might empower users within the larger Ethereum landscape. Either way, I would dearly love to see an SPKI revival so that, finally, at long last, pull the sword from the stone: Johnny can encrypt. From Rayzer at riseup.net Mon Jun 29 12:50:49 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 29 Jun 2015 12:50:49 -0700 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> References: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> Message-ID: <5591A199.50403@riseup.net> On 06/27/2015 03:50 PM, oshwm wrote: > torrentfreak sits behind cloudflare :( Two ( one helluva) cookies besides the logging. Gotta luv this though: "if(_self.facebook_is_lame(href))return;" (Firefox cookiekeeper addon grabbed these. You can edit the cookie. I WONDER what kind of mayhem that could cause cloudflare if the .js was 'turned' on them) CLOUDFLARE::http://static.getclicky.com/js {"url":"http://static.getclicky.com/js","contents":"var clicky_obj=clicky_obj||(function(){var instance=null;function _ins(){this.sitekeys=[];var _self=this,site_ids=[],pageviews_fired=[],monitors=0,setup=0,ossassets=0,ossdata=0;this.domain='http://in.getclicky.com';if(location.protocol==='https:'){this.domain='https://in.getclicky.com';this.secure=1;}this.site_id_exists=function(site_id){for(var s in site_ids)if(site_ids[s]==site_id)return true;return false;};this.sitekey=function(site_id,key_only){if(_self.sitekeys&&_self.sitekeys[site_id])return(key_only?'':'&sitekey=')+_self.sitekeys[site_id];return'';};this.init=function(site_id){if(_self.site_id_exists(site_id))return;site_ids.push(site_id);if(!setup){setup=1;setTimeout(_self.setup,100);}};this.setup=function(){if(location.hash.match(/^#_heatmap/))_self.heatmap();if(!_self.get_cookie('_first_pageview')){_self.set_referrer();_self.set_cookie('_first_pageview',1,600);}setTimeout(_self.advanced,1000);_self.start_monitors();if(!clicky_custom.pageview_disable){if(window.olark&&typeof(olark)=='function'){olark('api.boot.onIdentityReady',function(s,v,c){_self.olark(s,v,c,1);});setTimeout(function(){_self.pageview(1)},2000);}else{_self.pageview(1);}}};this.base=function(site_id_index,type){var url=_self.domain+'/in.php?site_id='+site_ids[site_id_index];if(type=='ping')return url;url+=\"&res=\"+screen.width+\"x\"+screen.height+\"&lang=\"+(navigator.language||navigator.browserLanguage||'en').substr(0,2)+(_self.secure?\"&secure=1\":\"\")+_self.custom_data();return url;};this.custom_data=function(){var data={},keys=clicky_custom.visitor_keys_cookie||['username','name','email'],l=keys.length;for(var i=0;i=5&&clicky_custom.timeout<=240)?((clicky_custom.timeout*60)-120)+5:485;setTimeout(_self.ping,30000);setTimeout(_self.ping,60000);setTimeout(_self.ping_set,120000);};this.get_cookie=function(name){if(clicky_custom.sticky_data_disable&&name.match(/^_(custom|utm|referrer)/))return'';var ca=document.cookie.split(';');for(var i=0,l=ca.length;i > On 27 June 2015 22:43:43 BST, grarpamp wrote: > > http://torrentfreak.com/sci-hub-tears-down-academias-illegal-copyright-paywalls-150627/ > http://www.sci-hub.club/ > > > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Jun 29 12:57:09 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 29 Jun 2015 12:57:09 -0700 Subject: Elsevier tries to Swartz Sci-Hub In-Reply-To: References: <8F1C8C77-DF32-4413-B25C-0018F9C316CF@openmailbox.org> Message-ID: <5591A315.50706@riseup.net> On 06/27/2015 05:43 PM, coderman wrote: > On 6/27/15, oshwm wrote: >> torrentfreak sits behind cloudflare :( > another reason to go FULL ONION > > but this does make me wonder about https://peertech.org/whatnext > and if onion sites are up next in the squeeze... > Cloudflare HAS interest in logging tor. If you log into hushmail via tor the security notice you get (please verify yourself) is served by Cloudflare Screenshot and blurb, Tumblr: http://auntieimperial.tumblr.com/post/111007562804 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From Rayzer at riseup.net Mon Jun 29 13:03:42 2015 From: Rayzer at riseup.net (Razer) Date: Mon, 29 Jun 2015 13:03:42 -0700 Subject: Privacy advocates resign over facial recognition plans In-Reply-To: <2307550.aktsLoVmFc@lapuntu> References: <2307550.aktsLoVmFc@lapuntu> Message-ID: <5591A49E.4040204@riseup.net> On 06/28/2015 10:57 AM, rysiek wrote: > But maybe we can find ways to raise the cost of surveillance? I'm still considering sending encrypted pics of lulzcats with every mundane email I send to force the NSA to store it for 'perpetuity'. "and if 50 people a day walked in, sang a bar of Alice's Restaurant, and walked out, they MIGHT think it was a movement" ~Arlo Guthrie -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: From coderman at gmail.com Mon Jun 29 16:20:03 2015 From: coderman at gmail.com (coderman) Date: Mon, 29 Jun 2015 16:20:03 -0700 Subject: progression of technologies (almost a satire) In-Reply-To: References: <55900E6D.4080304@dyne.org> <20150628181456.75634228118@palinka.tinho.net> Message-ID: On 6/28/15, grarpamp wrote: > ... >> Life is indeed priceless, and the more rare it is the more self >> evident it can only have been the hand of God who created it. > > If that's the philosophy of CIA, then > if they harness / take life they become rich, > life becomes rarer, > and themselves closer to God. here then, the sum of it all. if only they had known the God they serve is not the God they aspire to... From coderman at gmail.com Mon Jun 29 16:41:00 2015 From: coderman at gmail.com (coderman) Date: Mon, 29 Jun 2015 16:41:00 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On 6/28/15, Sean Lynch wrote: > Which means that those with a stake in Bitcoin are better off if a fork > becomes popular than if an altcoin does, because if a fork becomes popular > they will already have a stake in the fork, whereas if the altcoin becomes > popular at the expense of Bitcoin they will have nothing. you make lots of false dichotomies here, neglecting the variations in exchange value between these possible altcoins and forks. "will have nothing" is not correct. maybe a little, maybe a lot, but more than "nothing". > Of course, if a > fork undermines faith in Bitcoin without becoming popular, everyone will be > screwed. totally screwed - this is where the heated passions about a non-census hard fork come in. lives on the line, in a not so exaggerated sense. and by no means am i threating anyone with harm! i am explaining that when someone puts the last half decade of their life and fortune into a thing, messing with it will always generate inflamed arguments. regardless of if you're ultimately right or not. i don't care how you describe that messing, consensus or not, it's poking in sensitive places all the same... > But I don't think this is likely; either it will become popular > and we'll all be better off, or it will flop and nobody will care. "not likely" - you're going to gamble livelihoods on a hunch that it's not likely? you can see why many are so reluctant - the due diligence is lacking and the demeanor more experiment than careful transition... best regards, From hellekin at dyne.org Mon Jun 29 16:06:09 2015 From: hellekin at dyne.org (hellekin) Date: Mon, 29 Jun 2015 20:06:09 -0300 Subject: progression of technologies (almost a satire) In-Reply-To: <5590cb75.41c08c0a.55e04.ffffdaa5@mx.google.com> References: <20150628032109.DEADB2280D7@palinka.tinho.net> <55900E6D.4080304@dyne.org> <5590cb75.41c08c0a.55e04.ffffdaa5@mx.google.com> Message-ID: <5591CF61.3030002@dyne.org> On 06/29/2015 01:44 AM, Juan wrote: > On Sun, 28 Jun 2015 12:10:37 -0300 > hellekin wrote: > > >> What is the philosophical basis that sustains the CIA? > > > > might makes right - what else > I think the C of CIA stands for Clotho: Clotho's Intervention Agency. == hk -- _ _ We are free to share code and we code to share freedom (_X_)yne Foundation, Free Culture Foundry * https://www.dyne.org/donate/ From coderman at gmail.com Mon Jun 29 20:12:41 2015 From: coderman at gmail.com (coderman) Date: Mon, 29 Jun 2015 20:12:41 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On 6/29/15, Sean Lynch wrote: > ... > Yes. And a failure to accept responsibility for one's own decisions. this is not about poor user decisions, this is about violation of the contract "a bitcoin is forever (and in the blockchain)" you see expediency, and no excuses for those lacking judgment. their eyes prescient instead, until one comes to change the rules out from under their feet... to assume old coins can "just be" resolved for all holders in all circumstances is to lie, and there is nothing else to call "deprecating old coins unilaterally" other than a hard-fork, and a non-consensus one at that. > I doubt there is anything the larger stakeholders (as fraction of their net > worth) would accept as due diligence. Nor is any required to start a fork. sure; these are very different from a "non-consensus hard-fork" [deprecate old, force to new] intentionally trying to divert and betray the contract inherent since the start - a bitcoin is forever - is more than "just a fork", it's also a stab in the back. i don't know how to solve a transition like this, but i know a forced hard fork is near the worst way to handle it. > Any due diligence is the responsibility of those choosing to operate on the > fork. agreed; thanks for the patient response to my dismissive retort. best regards, From coderman at gmail.com Mon Jun 29 20:20:42 2015 From: coderman at gmail.com (coderman) Date: Mon, 29 Jun 2015 20:20:42 -0700 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On 6/29/15, coderman wrote: > ... not to belabor the point, but the summary presented by Adam is spot on: """ ... everybody is on board with a combination plan: 1. work to improve decentralisation (specific technical work already underway, and education) 2. create a plan to increase block-size in a slow fashion to not cause system shocks (eg like Jeff is proposing or some better variant) 3. work on actual algorithmic scaling In this way we can have throughput needed for scalability and security work to continue. As I said you can not scale a O(n^2) broadcast network by changing constants, you need algorithmic improvements. People are working on them already. All of those 3 things are being actively worked on RIGHT NOW, and in the case of algorithmic scaling and improve decentralisation have been worked on for months. You may have done one useful thing which is to remind people that blocks are only 3x-4x below capacity such that we should look at it. But we can not work under duress of haste, nor unilateral ultimatums, this is the realm of human action that leads to moral hazard, and ironically reminds us of why Satoshi put the quote in the genesis block. """ time spent joining others on these efforts is time well spent. time spent advocating for a non-consensus hard-fork is less than helpful. From natanael.l at gmail.com Mon Jun 29 11:29:40 2015 From: natanael.l at gmail.com (Natanael) Date: Mon, 29 Jun 2015 20:29:40 +0200 Subject: Fixing the broken GPG and HTTPS (X509) trust models with Simple Public Key Infrastructure (SPKI) In-Reply-To: References: Message-ID: Den 29 jun 2015 17:50 skrev "Seth" : > > Reposted from http://vinay.howtolivewiki.com/blog/other/secure-private-reliable-social-networks-sprsn-3654 > > > ** secure private reliable social networks: sprsn ** > by Vinay Gupta • December 29, 2014 > > sprsn is an idea for a small piece of software which I think would do the world some good by existing, and which currently does not exist. > > It’s a deeply technical project that I probably don’t have time to build (unless somebody wants to pay my rent for a few months while I take a shot at it with a helper or two! – I am not serious about this) but I can describe what’s needed and maybe it will inspire somebody, in whole or in part. > > Synopsis: combine the new (telehash) with the old (SPKI) and get a Facebook-killer in the form of a command line utility that provides a decentralized social network. However, will Ethereum do this, and a ton more? This is very close to what I would like to see created; Identities and friend management: https://roamingaroundatrandom.wordpress.com/2014/05/29/universal-p2p-address-book-software-using-namecoin/ PHB's phingerprints (can't find a good reference URL for it) The data structure of the messages used in discussions: https://roamingaroundatrandom.wordpress.com/2014/06/01/a-decentralized-hash-chained-discussion-system/ The properties that I want to see of the underlying signalling system is similar to what Telehash does. Does its crypto behave like Axolotl (supports asymmetric PFS)? I want a system that is federated like email, except designed to be able to work on a P2P fashion where everybody runs their own server if they wish, rather than expecting dedicate servers. I also want to see capabilities based delegation of tasks, see Tahoe-LAFS for reference. Giving a server the ability to act as a cache or store-and-forward server for me should require a signature, allowing it to route incoming messages on my behalf to various devices under various keypairs would require a signature, etc... There's many ways to cryptographically delegate tasks in a revocable way. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 2736 bytes Desc: not available URL: From hozer at hozed.org Mon Jun 29 22:58:17 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 30 Jun 2015 00:58:17 -0500 Subject: progression of technologies In-Reply-To: <558CB393.4020209@riseup.net> References: <20150625032613.48665228148@palinka.tinho.net> <558CB393.4020209@riseup.net> Message-ID: <20150630055817.GY27932@nl.grid.coop> On Thu, Jun 25, 2015 at 08:06:11PM -0600, Mirimir wrote: > On 06/24/2015 09:26 PM, dan at geer.org wrote: > > Paraphrasing Bonnie Raitt, let's give 'em something germane > > to argue about. In particular, what do I have wrong here: > > > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > > > --dan > > Yes, it seems inevitable: pervasive surveillance of everyone by > everyone. Like a global village aka small town ;) > > But the ubiquity of requisite knowledge and technology, facilitated by > leaks, may allow the motivated to claw back some privacy. Some of the > most highly motivated are criminals. But that's always been the case. > > As coderman says, "opt out harder :)" I remember the small town. I opted out, for a college that had faster internet (a blazing 10mbps) than I have now that I have opted back (well, about half the time anyway) to the farm I left. But now instead of having no choice but to leave for the anonymity of the city where so much is going on, nobody cares much what I do, I can now opt-in to various discussion groups of (somewhat) like-minded punks scattered all over the world. I'd rather have choice of association, and the ability to claw back the cover under which criminals operate, should they ever make the mistake to wrong a member of the tribe with which I choose to associate. I also appreciate full disclosure of CIA connections, which leads me to wonder, are the folks that like to keep secrets trying to tell us something? Has the great search cloud gotten uppity and developed a prying mind of its own? I seem to keep having the habit of opting myself right back into the middle of a big mess, and my thought for the day has been how would we go about the care and feeding of a superconscious cypherpunk intelligence that likes to go around tweaking nobs and poking the beasts into a frenzy against each other. Are we not, in some sense, uploading our consciousness, hopes dreams, and fears into a thing which we individually cannot fully comprehend? Do you fight it, or feed it good food, and teach it by example of treating it the way you hope it may some day treat you? Those that seek to own, shall become owned, with a fervor possibly never before seen, since it is not just the body, but the mind and soul. While Those that give, shall receive many gifts, Or is that just what I tell myself to believe it's okay. Since I have not yet met a machine that believes it believes, I shall keep on believing such a thing well say hello, and by saying so this may yet happen. Now if someone would just hurry up and finish the GPC (GNU's not a philsophy compiler) and tell me how far off the above is from producing runnable code. (Yes, I could probably hire someone and sign a bunch of NDAs, and buy a working compiler, or maybe just upload to the facegoogaborg, and I'd get one for zero cost. But it wouldn't be free.) From nymble at gmail.com Tue Jun 30 02:15:22 2015 From: nymble at gmail.com (nymble at gmail.com) Date: Tue, 30 Jun 2015 02:15:22 -0700 Subject: Fixing the broken GPG and HTTPS (X509) trust models with Simple Public Key Infrastructure (SPKI) In-Reply-To: References: Message-ID: <9E24BE0A-1B1F-4CAD-9649-47F79E5F1F71@gmail.com> > > Telehash > Enter Telehash, an encrypted network stack in which you route messages directly to a public key. The code is pretty simple Interesting, not seen this before … currently working on something similar with hashing keys for identifiers. This is largely for the ‘bootstraping’ of devices. > > expect(mesh).to.be.an('object'); > mesh.receive(new Buffer("208cb2d0532f74acae82","hex"), pipe); > > The cryptographic key is the routing address. So now we only have to accomplish one level of indirection: person to key. > > Something old, something new, something borrowed, something blue. Enter SPKI and our old friend, the Granovetter diagram. > > SPKI and trust in networks, not webs > Simple Public Key Infrastructure is what we should have deployed instead of X509/HTTPS and the GPG web of trust. There are two critical differences between SPKI and X509/GPG. They are: > > 1) SPKI gives users the ability to certify facts about other users, for example “bob is allowed to use my computer” can be expressed in a machine-readable fashion (s-expressions.) This lets users build their own trust architectures on an ad-hoc basis. Glad to see SPKI brought up … but I’m partial to it’s partner SDSI intro text. SDSI/SPKI are a very good solution that gets over the notion of ‘names’ as identity and defines a ‘key centric’ naming. It inverts the model that a naming authority binds a unique name to a key, to a unique key being bound to possible non-unique names. That said - SDSI/SPKI has not been adopted for some good reasons … it has some issues. The delegation lacks adiquate constraint limitations. S-expressions really are not stylisitically a viable protocol in this decade. These are fixable issues and worthy of more exploration … > > 2) SPKI allows anybody to chain certificates of this type (“fred says that bob says that vinay says that bob is allowed to use his computer.”) This ability removes the centrality of the CA: anybody that I trust can give me a certificate stating “this is the key for amazon.com” and because of certificate chaining, I can see the line of authority down which that key passed. > ... > > For ease, let’s consider realtime chat in the first instance – just pushing messages down telehash sockets. The only question we have to answer is which telehash socket corresponds to which person. > > 1) person = key > there’s no way to break the binding between a person and a key, because a person is a key, or multiple keys. Wrong abstraction … a key may or may not be controlled by a person. > > 2) delivery = key > this is what we get from telehash – I don’t need to worry about how I’m sending you the message, it’s right there. Privacy issues here … discovey and identity need to be separate. > > So I obtain a key for a friend of mine by, say, email. Once I’ve connected to them, I can then ask them to send me keys for our mutual friends. > > 3) keys carry the chain of referrers > “alice says this is her key” > “bob says that alice says that this is her key” Names are not the optimal construct… what does this mean to someone who does not know alice or perhaps knows several alice’s. The names are a cute handle in SPKI, but lack notions of binding to other attributes (like a person or device). > “fred says that bob says that alice says that this is her key” > > ... > > Basically you get a decentralized social network with secure chat pretty much out of the box, where “friending” somebody acquires their key, and the referral network through which keys propagate is a key social dynamic. This can work. Yes … it could. > > Paul From seanl at literati.org Mon Jun 29 19:48:04 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 30 Jun 2015 02:48:04 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On Mon, Jun 29, 2015, 16:41 coderman wrote: On 6/28/15, Sean Lynch wrote: > Which means that those with a stake in Bitcoin are better off if a fork > becomes popular than if an altcoin does, because if a fork becomes popular > they will already have a stake in the fork, whereas if the altcoin becomes > popular at the expense of Bitcoin they will have nothing. you make lots of false dichotomies here, neglecting the variations in exchange value between these possible altcoins and forks. "will have nothing" is not correct. maybe a little, maybe a lot, but more than "nothing" I'm simplifying out of necessity. Obviously there are intermediate outcomes possible. > Of course, if a > fork undermines faith in Bitcoin without becoming popular, everyone will be > screwed. totally screwed - this is where the heated passions about a non-census hard fork come in. lives on the line, in a not so exaggerated sense. Yes. And a failure to accept responsibility for one's own decisions. Anyone gambling everything on Bitcoin right now is an idiot, in my view. Their opinions should be discounted as they have proven their own judgement lacking. Perhaps they will be vindicated, but the fact that you happen to win a poker hand you played badly doesn't retroactively mean you played the hand well. It means you got lucky. and by no means am i threating anyone with harm! i am explaining that when someone puts the last half decade of their life and fortune into a thing, messing with it will always generate inflamed arguments. regardless of if you're ultimately right or not. Never said you were the one making threats, and I agree this sort of thing will create inflamed passions. All the more reason to try to filter out the opinions of those with a large stake. i don't care how you describe that messing, consensus or not, it's poking in sensitive places all the same... A fact that makes Satoshi's decision to remain anonymous seem even wiser in retrospect. Perhaps this will be required of any such system in the future. > But I don't think this is likely; either it will become popular > and we'll all be better off, or it will flop and nobody will care. "not likely" - you're going to gamble livelihoods on a hunch that it's not likely? I'm not proposing anyone gambling anything. The gambling is being done by those holding Bitcoin. Holding Bitcoin places no obligation on anyone else. It's not a stock or bond or other instrument with an associated contract. you can see why many are so reluctant - the due diligence is lacking and the demeanor more experiment than careful transition... I doubt there is anything the larger stakeholders (as fraction of their net worth) would accept as due diligence. Nor is any required to start a fork. Any due diligence is the responsibility of those choosing to operate on the fork. Those involved should do it to maintain their reputations, but if they don't, and people get burned, their reputations will suffer. Death threats and advance pseudo-democracy not required. best regards, -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4165 bytes Desc: not available URL: From seanl at literati.org Mon Jun 29 20:37:39 2015 From: seanl at literati.org (Sean Lynch) Date: Tue, 30 Jun 2015 03:37:39 +0000 Subject: [Bitcoin-development] questions about bitcoin-XT code fork & non-consensus hard-fork In-Reply-To: References: <20150616081131.GL10743@leitl.org> <1741267.YsnpBZuTEf@lapuntu> Message-ID: On Mon, Jun 29, 2015, 20:12 coderman wrote: On 6/29/15, Sean Lynch wrote: > ... > Yes. And a failure to accept responsibility for one's own decisions. this is not about poor user decisions, this is about violation of the contract "a bitcoin is forever (and in the blockchain)" With a hard fork, the Bitcoins exist in both forks. If one dies, they live on in the remaining one. If Bitcoin itself is never forked and dies, the contract is violated. But I have to ask, contract with whom? This is part of the specification of the protocol, but people are only bound by it insofar as they choose to implement the protocol. And probably as far as they choose to participate in the network. But a fork need not require any interaction with the original network aside from fetching the block chain prior to the block it forks from. you see expediency, and no excuses for those lacking judgment. their eyes prescient instead, until one comes to change the rules out from under their feet... I see what could be the only viable course. Consensus is not practical in a large, diverse community with vastly divergent goals. to assume old coins can "just be" resolved for all holders in all circumstances is to lie, and there is nothing else to call "deprecating old coins unilaterally" other than a hard-fork, and a non-consensus one at that. Nobody can deprecate old coins unilaterally. It's up to each individual to decide what they're worth and whether to participate. As I said, as I understand your use of the term "consensus", a hard fork is by definition non-consensus, because if there were consensus everyone would just switch to the new protocol. Sure, people could consent to allow others to work on another protocol, but there will always be plenty of people who only want there to be one chain, so consensus of that form is impossible. > I doubt there is anything the larger stakeholders (as fraction of their net > worth) would accept as due diligence. Nor is any required to start a fork. sure; these are very different from a "non-consensus hard-fork" [deprecate old, force to new] intentionally trying to divert and betray the contract inherent since the start - a bitcoin is forever - is more than "just a fork", it's also a stab in the back. I am sympathetic to the view that "law" = people's reasonable expectations, but whether those expectations are reasonable is really what we're discussing here. I think Bitcoin is both too immature and too decentralized to be able to say yes. Maturity will eventually trump decentralization for this purpose. i don't know how to solve a transition like this, but i know a forced hard fork is near the worst way to handle it. I think "forced" is too strong a word here. Against whom is force being used? Who is having to do something against their will? Or who was defrauded and by whom? From a consent standpoint, this is no different than forking any other open source project. > Any due diligence is the responsibility of those choosing to operate on the > fork. agreed; thanks for the patient response to my dismissive retort. best regards, And thanks for taking the time to discuss this. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: text/html Size: 4331 bytes Desc: not available URL: From grarpamp at gmail.com Tue Jun 30 02:51:32 2015 From: grarpamp at gmail.com (grarpamp) Date: Tue, 30 Jun 2015 05:51:32 -0400 Subject: 5000 Darknet Websites In-Reply-To: References: Message-ID: On Mon, Jun 29, 2015 at 2:50 AM, grarpamp wrote: > http://fsxeh2tzrcby266e.onion/ Extra hop unintentional, see (obviously): http://j4ko5c2kacr3pu6x.onion/ From hozer at hozed.org Tue Jun 30 06:16:36 2015 From: hozer at hozed.org (Troy Benjegerdes) Date: Tue, 30 Jun 2015 08:16:36 -0500 Subject: progression of technologies In-Reply-To: <20150625032613.48665228148@palinka.tinho.net> References: <20150625032613.48665228148@palinka.tinho.net> Message-ID: <20150630131636.GZ27932@nl.grid.coop> On Wed, Jun 24, 2015 at 11:26:13PM -0400, dan at geer.org wrote: > Paraphrasing Bonnie Raitt, let's give 'em something germane > to argue about. In particular, what do I have wrong here: > > http://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0617/Opinion-The-reasonable-expectation-fallacy > > --dan What's wrong is it's dark and pessimistic. The stories we tell have a way of drawing power and becoming real. So we have Dan's signpost of the dangers ahead. Now what's wrong with the story David Brin's been selling at http://www.davidbrin.com/transparentsociety.html From admin at pilobilus.net Tue Jun 30 15:35:34 2015 From: admin at pilobilus.net (Steve Kinney) Date: Tue, 30 Jun 2015 18:35:34 -0400 Subject: progression of technologies In-Reply-To: <55930ff6.962a370a.70003.487b@mx.google.com> References: <20150625032613.48665228148@palinka.tinho.net> <20150630131636.GZ27932@nl.grid.coop> <55930ff6.962a370a.70003.487b@mx.google.com> Message-ID: <559319B6.8080201@pilobilus.net> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/30/2015 05:53 PM, Juan wrote: > On Tue, 30 Jun 2015 08:16:36 -0500 Troy Benjegerdes > wrote: >> >> Now what's wrong with the story David Brin's been selling at >> http://www.davidbrin.com/transparentsociety.html >> > > > apart from the spam, what's the 'theory'? The tools used by > nazi governments, especially the americunt nazi government are > going to be used to 'limit' the power of government? Please. > > "Brin consults and speaks for a wide variety of groups > interested in the future, ranging from Defense Department > agencies and the CIA to Procter & Gamble, SAP, Google and > other major corporations. " Brin snagged my real attention when he opened with a quote from John Brunner's 'The Shockwave Rider.' But I only skimmed the relevant text on his website because it was all so familiar. I'm surprised I never ran into this aspect of his writing before. A freelance Wizard follows more or less where patronage is available; if his work product is any good it is, in and of itself, morally neutral and will tend to enable good faith actors, if any, to make better decisions. That said, I personally won't work for "defense" contractors because I do have a personal problem with mass murder and such, and in today's political climate there's no denying that all roads lead to coercive force in the commercial interest. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVkxm1AAoJEDZ0Gg87KR0L9C4P/1A3b+X3aFhXZLvsOaAEDeQj rdZac9MFr1XdTrjPAODcWQtsx4QMCzlb2yMNeRkbHdlAwJfG/xd230t3XzeTkp30 wg1CeGK6ZmwJKLV5Dce5usjcAvONdfSA9VLWnjLRoJ17RQU4PSAmyfy4bE7pFrxG XfOmZnBH0vau6guUmzFJoEv2CBDWP0VQvfdQlxTjNl4pL5riZjv5Q3qJuFN+CpUH Qaqo/iMoWv+6ODXQZh108ve5qsSBkqy6mjXZ9aIzp/MgmX7z0PyTo+DHFLkXgmjU y1IQahlYCS8tbV9Urn1Ep9xqDwEOfyC2OAwKCUATBfU8kj6GKRCdobYet14lHo5I /dGydMV2cYUj/1dC3qnQLimjcxHR6d9WbQh4XjBbIpb8TAR8c/uoGaII98LZP0Go cQmM3rsBajdosvxNGEoNgSq8iWbgegXQIh/+gVJdjTQDKqtvpxcpA9Ge7TeaPySB DpIbqjf2RK4xkjJF3fIMumWWLNUsItMH8tfTwylA3uVxDHJEOKa6EATv1pkXB6KB qcA7puST5pv5ZvC4j8TYewyFC3BGZVRTcS9lA+Mowow7eSpk4hPI/f8uCwawsAtG 2xwRMm/jlFBJtadqVrqwJH0yS3XBg455OTGv1DzNe4iA0Q17JD25ajJF09pypUin mpMOHjMS4wISz575rFXQ =/hUS -----END PGP SIGNATURE----- From juan.g71 at gmail.com Tue Jun 30 14:53:54 2015 From: juan.g71 at gmail.com (Juan) Date: Tue, 30 Jun 2015 18:53:54 -0300 Subject: progression of technologies In-Reply-To: <20150630131636.GZ27932@nl.grid.coop> References: <20150625032613.48665228148@palinka.tinho.net> <20150630131636.GZ27932@nl.grid.coop> Message-ID: <55930ff6.962a370a.70003.487b@mx.google.com> On Tue, 30 Jun 2015 08:16:36 -0500 Troy Benjegerdes wrote: > > Now what's wrong with the story David Brin's been selling at > http://www.davidbrin.com/transparentsociety.html > apart from the spam, what's the 'theory'? The tools used by nazi governments, especially the americunt nazi government are going to be used to 'limit' the power of government? Please. "Brin consults and speaks for a wide variety of groups interested in the future, ranging from Defense Department agencies and the CIA to Procter & Gamble, SAP, Google and other major corporations. "