This Twit-fight among the geeks related to Jacob Appelbaum, WikiLeaks representative and Edward Snowden's main technical helper, is interesting to follow. It illustrates a number of points -- that Appelbaum is experiencing more and more questioning and pressure from his fellow geeks, even those who are alligned politically with him against the US government and are for radical cyber revolution and extreme encryption and Internet licentiousness. They're questioning his handling of this affair or the "lessons learned" from his revelations, and the larger issue of Tor (here and elsewhere in related discussions).
Vinay Gupta raises the question I've asked for years about why the government hasn't pulled the plug on these miscreants and outright thugs at Tor, but perhaps it's about watching them.
The issue of the undermining of trust in standards at the IETF that the NSA had a hand in making, and other industry standards as I mentioned earlier has come under questioning in the Snowden affair and Greenwald and Appelbaum have not come up with more information to satisfy those who seem like greater experts such as Matthew Green -- who confirmed to me directly on Twitter today that the NSA never directly contacted Johns Hopkins and that while in fact he feared that he might be fired but it was over his own institution's precautions. In the end it was sorted.
It's funny that Jake cites this really slight, weak, tendentious and outright crazy book he wrote with Assange called Cypherpunks. I finally got it and I'm reading it, and it really is thin gruel even in its own terms. Assange basically openly and stupidly calls for radical revolution and overthrowing of governments to get his way, that perfectly encrypted society which he thinks crazily is Nature's way.
I see my old pal Smári here. Why do I say "pal" although he is antithetical to my beliefs? Because when I went to the Dublin OSCE side conference sponsored by Ireland last year, the first person I ran into very early in the morning coming straight from an overnight flight, getting some tea, was him. I looked at him and thought he was Irish (he's part Icelandic, part Irish) and thought he might be a kindred spirit. I went up to him and told him some meme, perhaps it was "You mad bro" or something and said "Let's overthrow this conference." He agreed it needed overthrowing, but then it turned out (as I found out in the evening) we had completely different reasons for wanting to overthrow it, he because in general he's an anarchist wanting to overthrow normal governments and install that sort of radical leftist Icelandic vision of society, and me because I didn't want the loopy moderators of the conference to let people like him take over, as well as WikiLeaks types like Jonsdottir, and wanted more access for dissenters like me who were actually for a moderate vision that put the focus on Internet freedom on basic civil rights in places that didn't have them, not politicized issues like "net neutrality".
Smári argued very fiercely about copyright and net neutrality and all those issues. He noted that he was stopped by the FBI and questioned while in the US and he resented this, but given what he's been doing -- helping WikiLeaks and the crypto kids and wanting to overthrow the existing order, it's no surprise. Needless to say, I didn't persuade Smári about anything or visa versa. it's sad that bright young minds are wasted on this silly and even sinister movement, however.
The gist of this argument is about what the crypto kids can keep using -- can they use PGP? it is compromised? Snowden told them it was still okay to use, and he should know, right? Of course, it's been pointed out by some that Snowden only knows what he knows, on the basis of his job, and that wasn't everything and he didn't go everywhere and see everything.
As for Khaled_Z (Philip Khaled Breenan) who is telling them all to get a room, etc. -- he's that very same Khaled_Z about whom at least three or more Anonymous hecklers came to tell me personally and repeatedly the other night demonstratively that he is their "teacher" -- and they were heckling me about my blog on Barrett Brown, not about Jake/Snowden as I recall. Funny coincidence, eh?
It is also important to note that Khaled_Z is one of those professor types who also not only foments revolution but is for a clean shot and advocates having the hackers take out banks. Ugh. I hope this isn't a signal to the foot-soldiers like John Perry Barlow's signal to the foot-soldiers when they were taking out Master Card. I hope the right people are keeping an eye on this sort of thing. But of course it was served up to me deliberately so could be a distraction. Even so, he seems like the sort of figure who spells trouble -- conspiracy theories, hatreds, crisis over 20 years deemed wasted in a meaningless career, etc.
Vinay Gupta is one of those guys out on the playa in a hexayurt, at the Farm, in the Free Software movement, etc. A known quantity. In this conversation you can see he's a legend in his own mind, but also at odds with the great guru Jake -- and it turns out Smári takes Jake's side. All interesting.
So he's bringing that, um, world perspective on that American who is entangled with his cyber-industrial miltiary massive surveillance state, or whatever the kids are calling normal governments of liberal societies with hostile authoritarian enemies wihch the kids never seem to look at and grasp.
What stood out for me as a socio-psychological factor here in this geek-speak was Jake speaking of "what Snowden said in public"
Gupta talks about "what Snowden revealed" but says he doesn't know everything.
But...Snowden has never spoken in public about the specifics of crypto -- that is, in the for-public consumption of Snowden we've been given. We've only seen Snowden speak in a prefabricated film made and edited by Laura Poitras where he speaks mainly in general terms about PRISM, collection of data and such, and then in some interviews from Hong Kong which were also general, and then at his very brief and unsubstantial press conference in Moscow at Sheremetyevo.
So when did Snowden "say something in public" -- a funny locution that doesn't mean what he's *written* or what is in a document he's leaked, but what he said live.
And saying he "revealed" something sounds like him explicating a document in person, live, not just sending a leaked document to Glenn Greenwald.
So it's my hypothesis that Snowden spoke to a group of people in public, that is, not in a small meeting but in a fairly large group, perhaps 20 or 30 or 50 -- say, in Hawaii, say in Spring Break for Coders in March 2013, where I think he was present. Or perhaps in December 2012 at Chaos Computer Club's annual conference. Or somewhere...
Somewhere where some of these people were, too, and that's why they speak of him as a guru who has said something "in public" and "revealed" something.
(And it's also possible there's another meaning: that there are the "private" stashes of Snowden that only those inducted into the cult know, and we don't know because they aren't in the Guardian, etc.
I don't doubt for a MINUTE that there is a private Snowden stash, like blue-line TASS not for our eyes...
Note the casual discussion -- that thuggish casual blackmailing -- by some of the need to attack the NSA back *right now* and attack banks, and do this, and do that, and make a brand-new crypto system to defeat everyone else. Or maybe organize massive boycott of American products (except they love their i-phones too much...)
And keep in mind that these secretive people are doing this in the open on Twitter also to mislead or confuse or threaten or "send messages".
One of the interesting links for history's sake which they reference.
-
If TOR interfered with the NSA's business, they would have had a quiet word with the US Govt. funders of TOR and pulled the plug years ago.
-
@leashless DARPA pays for Tor. The simple explanation is that the two agencies have completely different mandates, and don't coordinate.
-
@leashless @noahhs You are actually suggesting it and it's really insulting. Also, you suggest we're ineffective which is also insulting.
-
.@ioerror So you're in good company. Please don't take my doubts about TOR personally: I doubt the technology, not you or your integrity.
-
@leashless I work on Tor, OTR and other projects - so actually, you do doubt my integrity as I have worked on and improved the technology.
-
.@ioerror And I'll note that my model of reality was *vastly* closer to what #Snowden revealed that most of my #cypherpunk friends.
-
@leashless You need better friends, I guess. The book I wrote with Julian clearly shows these topics and we've been working on solutions.
-
@ioerror Actually I've had a long-standing debate on these issues with @smarimc @dymaxion @anarchodin and others; we basically do not agree.
-
@leashless @ioerror @dymaxion @anarchodin the reason for that disagreement is that we base our opinions on facts, Vinay, not speculation.
-
@smarimc @ioerror @Dymaxion @anarchodin Smari, my speculation has turned out to be a lot closer to #BULLRUN than your pre-Snowden facts were
-
@leashless @smarimc @ioerror @Dymaxion Except Snowden doesn't dismiss PGP; it's SSL that's the weak link - in line with our statements.
@anarchodin @smarimc @Dymaxion Indeed - @leashless is completely ignoring what #Snowden has said in public. Irritating.
-
@ioerror @anarchodin @Dymaxion @leashless ignoring known knowns on the basis of unknown unknowns is a debilitating and useless approach.
-
@ioerror @leashless Properly implemented crypto systems are reliable. but endpoint security is weak & NSA can frequently find ways around it
-
.@ioerror @anarchodin @smarimc @Dymaxion I am not assuming 1) that Snowden knows everything, 2) that the situation is static.
-
@leashless @ioerror @anarchodin @Dymaxion but you are assuming they've proven P=NP, right?
-
.@ioerror @anarchodin @smarimc @Dymaxion From the docs available so far, it's clear that #BULLRUN could include fundamental crypto breaks.
-
@leashless @ioerror @anarchodin @Dymaxion no, #BULLRUN is likely to be implementation flaws only.
-
.@ioerror @anarchodin @smarimc @Dymaxion And I do not know on what basis #Snowden assumes the systems he says are secure actually work.
-
@leashless @ioerror @smarimc @Dymaxion Of course he doesn't. But then we were about as accurate regarding their possible venues as you were.
-
.@smarimc @ioerror @anarchodin @Dymaxion I think the #cypherpunks ignored the WW2 strategy around ENIGMA and fell into the same trap, Smari.
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion I am of the opinion that y'all need to lock yourselves away and write a brand new crypto.
-
@leashless @ioerror @anarchodin @Dymaxion Difference: ENIGMA was tractable.
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion Literally lock yourselves together in a sealed room and write a new one from scratch
-
@leashless @ioerror @smarimc @Dymaxion But you're assuming he's wrong about it. On what basis?
-
@der_bluthund @leashless @ioerror @anarchodin @Dymaxion I am of the opinion that this is not required - we just need to fix a lot of things.
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion and that might just be a safe crypto
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion going back to Enigma, you do know we sold it to many countries after WWI, right?
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion inc the Russians, so we could read all their encrypted transmissions whatever key used
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion This is EXACTLY where we are now with the vast vast majority of cryptos used
-
@leashless @anarchodin @smarimc @Dymaxion Obviously. They clearly have crypto breaks but not for all the math in the world.
-
@der_bluthund @leashless @ioerror @anarchodin @Dymaxion nope. You're forgetting one thing: Mathematics.
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion you're forgetting back doors that bypass EVERYTHING.
-
@smarimc I won't trust a crypto from you with that attitude, that's for sure @leashless @ioerror @anarchodin @Dymaxion
-
@smarimc @leashless @ioerror @Dymaxion The point: Traffic analysis was more useful than ULTRA.
-
@der_bluthund @leashless @ioerror @anarchodin @Dymaxion Don't trust me. Trust the mathematics.
-
@smarimc You really don't get what is at stake here. You might well be able to FIX those cryptos but we won't TRUST them any more.
-
-
@smarimc @ioerror @anarchodin @Dymaxion We both know it's not remotely that simple. Number theory is filled with unexplained things.
-
@smarimc Please, just abandon the old cryptos and write new ones with new standards. THEN I might trust them
-
@der_bluthund you're assuming there is something wrong with the older stuff. That is not globally guaranteed.
-
@smarimc it's not about whether they can be fixed or not, but whether they can be trusted again once fixed.
-
.@smarimc @ioerror @anarchodin @Dymaxion To the Germans, ENIGMA was not tractable. To GCHQ with new tools, it was. We lied to protect that.
-
@smarimc it's about trust here, not the maths. The maths could be good but will people still trust the systems used?
-
.@smarimc @ioerror @anarchodin @Dymaxion This is the entire point. I believe NSA/GCHQ are acting *as if* most of our crypto is tractable.
-
.@smarimc @ioerror @anarchodin @Dymaxion I believe they are failing to play the WW2 game of concealing their hand all that effectively.
-
.@smarimc @ioerror @anarchodin @Dymaxion I just can't model current NSA/GCHQ behavior consistently except by assuming a fundamental break.
-
@leashless @ioerror @anarchodin @Dymaxion Here is my reality: I know some things are broken. I expect some other things are.
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion The point is the biggest issue with getting a crypto accepted is TRUST.
-
@leashless @ioerror @anarchodin @Dymaxion If I write off everything, there is no starting point.
-
@smarimc @ioerror @anarchodin @Dymaxion Your mileage may vary on that. Everybody reads the tea leaves differently. We can agreeably differ.
-
@leashless @ioerror @anarchodin @Dymaxion Instead, I must go with what we can infer to be safe based on what we know.
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion And right now our trust has been seriously damaged by NSA / GCHQ revelations
-
@leashless @ioerror @anarchodin @Dymaxion ... working from there is the best we've got, I'm afraid.
-
@smarimc @leashless @ioerror @anarchodin @Dymaxion In order to get that trust back, new standards and systems will have to be created
-
@der_bluthund @leashless @ioerror @anarchodin @Dymaxion I'd rather have that trust damaged temporarily than coopted indefinitely.
-
@anarchodin @ioerror @smarimc @Dymaxion Think in risk terms, H. What are *the odds* that GPG is compromised. Give me a number, and a reason.
-
@leashless @anarchodin @ioerror @Dymaxion GPG is many things. Which are you worried about? GnuPG implementation? RSA? ElGamal? DSA? What?
-
.@ioerror @anarchodin @smarimc @Dymaxion Agreed. But how do we communicate to average users the real security situation they are in?
-
.@ioerror @anarchodin @smarimc @Dymaxion I agree that mass adoption of even suspect algorithms will jam NSA decrypt capacity, force leaks.
-
.@ioerror @anarchodin @smarimc @Dymaxion But I *really* worry that people are using TOR on Windows and assuming they are Fully Invisible!
-
@ioerror I just got this great image in my mind of someone breaking ALL THE MATH IN THE WORLD!!
-
-
.@smarimc @der_bluthund @ioerror @anarchodin @Dymaxion NSA's historically had a 10 to 20 year lead in critical areas of the mathematics.
-
.@smarimc @der_bluthund @ioerror @anarchodin @Dymaxion That makes "trust the mathematics" an entirely more judgement-and-risk laden approach
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion this is precisely why we need totally new algorithms that the NSA don't know
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion This is the point. coming up with a new algorithm untainted by NSA engenders trust
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion and this trust is what is needed for the end user
-
.@leashless @smarimc @der_bluthund @ioerror @anarchodin @Dymaxion How can bitcoin and silkroad still work, if the NSA were that omnipotent?
-
.@smarimc @ioerror @anarchodin @Dymaxion We need to tell people there's a 5% (or whatever) chance their messages will still be read.
-
.@smarimc @ioerror @anarchodin @Dymaxion Right now, noobs toss around "military grade crypto" on totally insecure boxes, think they're safe.
-
.@smarimc @ioerror @anarchodin @Dymaxion The old story "safe from the NSA" now has doubt cast on it: we need crypto *and* doubt together.
-
.@smarimc @ioerror @anarchodin @Dymaxion Because if people think the systems are more secure than they are they will say what they shouldn't
-
.@smarimc @ioerror @anarchodin @Dymaxion Damage is the mismatch between the actual system security and the blind faith that some people show
-
@smarimc @ioerror @anarchodin @Dymaxion Entirely reasonable. I think you are right on this.
-
@smarimc @anarchodin @ioerror @Dymaxion I think State behavior is most compatible with the model that they can read most traffic easily.
-
@smarimc @anarchodin @ioerror @Dymaxion Therefore I'm worried about all of it. If I had to guess: the block ciphers are gone. Best guess.
-
@smarimc @anarchodin @ioerror @Dymaxion But I have *no way* of guessing if it's block ciphers, RSA, Diffie-Helmann outside of leaked docs.
-
@smarimc @anarchodin @ioerror @Dymaxion I see a very substantial mismatch between our model of Adversary capabilities, and their actions.
-
@leashless @ioerror @anarchodin @Dymaxion .. if that's reasonable, can you then please stop torpedoing our attempts to work form that basis?
-
@smarimc @anarchodin @ioerror @Dymaxion I can't get comfortable with the gap between our guess and their action. I just can't settle it down
-
@leashless What we need from you is the following: Non-moving goal posts, concrete capabilities estimates. @ioerror @anarchodin @Dymaxion
-
@leashless @smarimc @anarchodin @ioerror @Dymaxion if nsa always gonna be ahead, when do we give up being the mouse? The problem is the cat.
-
.@smarimc @ioerror @anarchodin @Dymaxion I'm raising legitimate doubts about the security of our systems during a period of mass adoption.
-
.@smarimc @ioerror @anarchodin @Dymaxion If we don't cultivate the right understanding of the risks, and RSA (etc) are gone? Very bad error.
-
@leashless @ioerror @anarchodin @Dymaxion You're not putting down any points that any reasonable person can work from. You're dramatizing.
-
.@smarimc @ioerror @anarchodin @Dymaxion And we need to work with the understanding that #BULLRUN may indicate a fundamental algorithm break
-
@leashless @ioerror @anarchodin @Dymaxion Please supply lists marking things as Broken, Maybe Broken, and Safe. Software, Ciphers, Hashes...
-
@leashless @ioerror @anarchodin @Dymaxion ... and give citations for each estimation.
-
.@smarimc @ioerror @anarchodin @Dymaxion This is not security thinking, Smari. This is tech thinking. Intelligence *does not work that way*
-
.@smarimc @ioerror @anarchodin @Dymaxion You don't get a convenient bug list filed by your Adversary in an intelligence situation.
-
.@smarimc @ioerror @anarchodin @Dymaxion We are no longer in @bruces's "blast shack." We're dealing with being actors in superpower conflict
-
@leashless @ioerror @anarchodin @Dymaxion again: work with what we actually know.
-
.@smarimc @ioerror @anarchodin @Dymaxion At that point, the appropriate models for estimating and responding to risk change very radically.
-
@Vorstand1 @leashless @smarimc @ioerror @anarchodin @Dymaxion It can't. Not unless it is made with totally new algorithms
-
.@smarimc @ioerror @anarchodin @Dymaxion That's the whole point. What we know will always be less than what they can do almost by definition
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion I am speaking as an end user who does not program so "trust the maths" means FUCK ALL
-
@smarimc @anarchodin @ioerror @leashless ...and for that matter, do it on a per-adversary basis, because there are 202 countries.
-
.@smarimc @ioerror @anarchodin @Dymaxion If you require concrete evidence that things are broken, all your Adversary has to do is be quiet.
-
.@smarimc @ioerror @anarchodin @Dymaxion Watching what the opposition are doing is _pretty fundamental_ to these kinds of contests.
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion I cannot trust something that which I don't understand enough to make such a judgement
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion But if someone came with a brand new standard uncontaminated by the NSA scandal...
-
@Dymaxion @smarimc @anarchodin @ioerror Yes, I'm not suggesting for one moment that the Bulgarians can casually walk through PGP. Gradations
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion THEN perhaps I can trust it enough to use it. This is the bottom line - the END USER
-
@der_bluthund @smarimc @ioerror @anarchodin @Dymaxion Problem is that "new crypto" means a risk of new errors. Takes time to examine closely
-
@leashless @smarimc @ioerror @anarchodin @Dymaxion Programmers too often forget THE END USER - we don't think like programmers, but users
-
@der_bluthund @smarimc @ioerror @anarchodin @Dymaxion Half-baked crypto is _very_ easy to create, and even easier to attack.
-
@der_bluthund @smarimc @ioerror @anarchodin @Dymaxion There's a really good case to be made for hunkering down and hardening what we have.
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc Give me ten thousand mathematicians and a decade & I'll get back to you.
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc That's the level of effort you're describing, before we get to code.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It might just take that to beat the NSA and GCHQ
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc Since that's categorically impossible, we're going to trust math.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc YOU can trust it. I cannot.
-
@der_bluthund @smarimc @ioerror @anarchodin @Dymaxion The classic on this is "Why Johnny Can't Encrypt" https://www.google.com/search?client=ubuntu&channel=fs&q=%22why+johnny+can%27t+encrypt%22&ie=utf-8&oe=utf-8&gl=uk …
-
@leashless @anarchodin @ioerror @smarimc Right. We need proper adversary modeling, including the shapes of what we don't know.
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc There's absolutely no reason to believe or even suspect that.
-
@leashless @anarchodin @Dymaxion Until you start fixing things instead of flailing around aimlessly, there's no point in discussing with you
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc Do you drive a car or ride buses? Why do you trust the car company?
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It's THAT kind of thinking that got us into this mess in the first place.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Because I have an understanding of mechanics which is enough to trust the car
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc You trust experts to make life-or-death decisions every day. No different.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc BUT MOST PEOPLE do not have an understanding of maths to trust cryptos
-
@smarimc @anarchodin @Dymaxion s/aimlessly/strategically/ we have a major push coming, but we need to get the risk communication right.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Actually, my perosnal understanding comes before any experts' knowledge
-
@smarimc @anarchodin @Dymaxion If we lead a bunch of people to trust crypto that is at most 90% we're doing them no favours at all.
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc No. A modern car is all software. Code is keeping you alive.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc This is why I can no longer trust crypto like PGP or RSA
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc The pistons still work with mechanics and physics, no matter what fancy arsed
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc computer you have added to the damn car, which is the bit we trust
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @smarimc There's no solution to this problem. Even assessing who to trust is *hard*.
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc *shrugs* can't help you if you refuse to trust any expert opinion.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc I don't trust the computers after seeing them get hacked on cars
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @smarimc Crypto is Le Carre's "wilderness of mirrors" once you really start to worry
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc ergo, when I get a car I am going for a classic pre-computer model
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @smarimc A better question is usually "can the people I'm afraid of break this?"
-
@der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc Then I'd strongly recommend subsistence farming as a lifestyle.
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @smarimc i.e. if you're a bookie with underground Lawn Darts action? GPG is fine.
-
@Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc That, ma'am, is actually my dream lifestyle - leave your system behind
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @smarimc The problem is that we're jammed in a *really fucking scary* place rightnow
-
@leashless @anarchodin @Dymaxion You are preaching to the choir. All of us understand risk. But some of us are trying to improve things.
-
@leashless @anarchodin @Dymaxion ... those who flail around aimlessly are doing us a disservice. That means you.
-
.@der_bluthund programmers forget other programmers #Bitcoin #readability #NearestHammer @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
-
@Dymaxion I actually REFUSE to do internet banking even before this NSA scandal arose coz I just don't trust the security
-
@leashless @anarchodin @Dymaxion ... not all who refuse to speak in mystical terms are going to continue listening to such ramblings.
-
@leashless @anarchodin @Dymaxion ... there is work to be done. I am off to do it.
-
@Dymaxion as for telephone banking, I can hit the hash key and get sent immediately to an actual human being so that's OK
-
.@smarimc @anarchodin @Dymaxion @ioerror I picked a minimal-exposure-to-crypto risk strategy in 2007 because I suspected #BULLRUN type stuff
-
@leashless @smarimc @anarchodin @Dymaxion @ioerror I am exactly the same - I have always worked under the assumption that nth is secure
-
.@smarimc @anarchodin @Dymaxion @ioerror I think the strategic choices I've made are a pretty good match for what we know 5 years later.
-
.@smarimc @anarchodin @Dymaxion @ioerror I think we need a conservative reassessment of the role of crypto in our wider political activism.
-
.@smarimc @anarchodin @Dymaxion @ioerror i.e. I think everybody should be using crypto, and nobody more than 90% certain of any of it.
-
@leashless @smarimc @anarchodin @Dymaxion @ioerror If I needed to transmit data securely, I wrote it down and delivered it by HAND
-
.@der_bluthund i trust the math. i don't trust the labcoat smugness here. @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
.@smarimc @anarchodin @Dymaxion @ioerror that's neither rambling, mystical or nonsense - that's an astute assessment of our real situation.
-
@smarimc Right now, I trust @leashless a fuck load more than I trust you. @anarchodin @Dymaxion
-
@smarimc Why? Because he is actually adressing my concerns instead of the smug "trust the maths" reply @leashless @anarchodin @Dymaxion
-
.@der_bluthund more concerned we so busy saving our crypto we're missing out on big leap. @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
@smarimc @anarchodin @Dymaxion @ioerror Best wishes to all involved may the work be fruitful and successful. You know I mean that sincerely.
-
@OccupyNation If I need to hand someone sensitive information I DO IT IN PERSON @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
@OccupyNation @der_bluthund These are very emotionally charged, difficult times for everybody involved in crypto. Dreams dying, being born.
-
.@OccupyNation @der_bluthund We all used to dream of "digital sovereignty" - code that could give us arbitrary rights in the online world.
-
@OccupyNation @leashless @smarimc @ioerror @anarchodin @Dymaxion If I have to transmit I write it in AESOPIC CODE
-
@der_bluthund please familiarize yourself w/ Shannon's maxim https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle … /cc @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
.@OccupyNation @der_bluthund Now there is a legitimate risk that our Faerie Castle is actually pwnzored by the Wicked Witch of Fort Meade.
-
@wiretapped Dude, the NSA/GCHQ have BACK DOORS so doesn't work @leashless @smarimc @ioerror @anarchodin @Dymaxion
-
@wiretapped Your crypto could be the fucking best in the world, but if there is a back door built into it, it is worth JACK SHIT.
-
.@OccupyNation @der_bluthund I am not happy. They are even less happy. I stopped using crypto in 2007.
-
.@leashless @der_bluthund i'm good on paper, but i trip over c and gpu coding - but i do have some sideways ideas.
-
@leashless @OccupyNation It is. This is why I hand over information in person or use plaintext email in aesopic code
-
@leashless And sometimes I think @OccupyNation tweets in aesopic code but I have not worked out his grammar :p ;-)
-
.@leashless @der_bluthund i use crypto as "get off my lawn" sign. i know what empires do. but main thing is they disgust me not scare me.
-
-
@Dymaxion The real issue is that there are back doors in all these cryptos, and trust has been seriously damaged
-
@Dymaxion @der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc Obviously, you do not want to understand what #Snowden said !
-
@Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc ALL THE CRYPTO HAVE BACK DOORS IN THEM
-
@OccupyNation @der_bluthund Polari and comic books, mate. I think the next two years are going to crack the status quo open like a rottenlog
-
@der_bluthund Does that include PGP? @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@smarimc @leashless @anarchodin @Dymaxion ditto @der_bluthund. "Flailing" isnt useless, au contrare, it can counter group-think.
-
.@leashless @der_bluthund i'm thinking One Time Pad on crack. i have a thing in my head. just so much god damn scaffolding for networking.
-
@Tuigen I would have to assume so as it is based on RSA @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@Tuigen In fact, the RSA standard could actually BE the back door @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc #Snowden said some of them, not all of them, and I was focusing
-
.@der_bluthund i got a present later if my shoulder stops bitching at me @leashless
-
@leashless @smarimc @anarchodin @Dymaxion @ioerror @der_bluthund does no one else think we wont win until we decide to fuck privacy?
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc on other issues dealing with ENDPOINTS weakness due to hardware.
-
@leashless I see @smarimc’s point here. Right now you’re the nutter running around yelling, “All your crypto are/maybe belong to the NSA!”
-
@Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc then until we know which ones we have to assume all of them
-
@leashless @smarimc Given you might be right, how should we behave differently to what we’re doing now? What concrete steps can we take?
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It is not exclusive with fixing other problems at higher levels.
-
@der_bluthund @Tuigen @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc god damn this is stupid
-
@methadonna @Tuigen @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc we have a crisis of trust here
-
@der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc (Which is not my "speciality" by the way).
-
@der_bluthund looking up RSA- from EMC Corporation. Cryptoparty never said that @Stmanfr @Dymaxion @Vorstand1 @ioerror @leashless @smarimc
-
@der_bluthund NSA knows all the data we're "protecting" @methadonna @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@leashless The main German code was broken in 1943 but the Russians used it until the 1990s. Winning Kursk etc http://is.gd/BdmJo4
-
@der_bluthund We're only hiding data from other civilians @methadonna @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
-
@der_bluthund That's like a pre-meditated NSA strategy @methadonna @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc We gave to fight back on several battlefield
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Hardware architecture, components, standards
-
@ratkins I was that nutter in 2007. Hell, in 1997 after PGP5. As for what to do: One Network, One World really is my best current shot.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc crypto, os & software. Forget hatdware and
-
@leashless pass. I just think an arms race is futile. Own dissidence. Let the state do what it will, let the dialectic play out.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc / or any other speciality and you loose !
-
@ratkins "One Network, One World" is very partial and it's very fragile. Not least because it relies on a network. But has some good angles.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc But to us, hardware is the forgotten base !
-
@leashless i've long thought that virtual will become the public & 'real life' environment will become the private. Many advantages to that.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc And the fastest way to restore much security
-
@Stmanfr How could people do that? @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@leashless maybe its just me, but i've never given encryption a thought. Sure, its my priviledge talking, but all of us in west share that.
-
@leashless if the state one day decides to attack me, fair enough. Im not going to change, or hide. If *all* do that, power loses.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Come to #C3 and listen to XFree project !
-
@der_bluthund @Stmanfr @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc You don't even understand what "back door" means.
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc You'll have some proposals & answers !
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc What about HARDWARE backdoors ! It's worth !
-
@Dymaxion @der_bluthund @Vorstand1 @anarchodin @ioerror @leashless @smarimc This means surrendering to NSA. No way !
-
@methadonna @der_bluthund @Dymaxion @anarchodin @ioerror @leashless "Crypto" is all backdoored like sailboats are all nuclear powered.
-
@Stmanfr Does XFree have backdoors? @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc
-
@Tuigen @der_bluthund @methadonna @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It's 100% open. It's a great backdoor killer
-
@Stmanfr @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc That's not related to cryptography.
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc #Snowden said: "but the ENDPOINTS are so WEAK" !
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It is obviously NOT ONLY a matter of CRYPTO !!!
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Butof ENDPOINT systems implementation weaknesses
-
@Stmanfr @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Why not say "people can't keep secrets." #Obvious
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Surrendering to NSA ? No way !
-
.@leashless do liek me: no fears. be indignant insulted disgusted infuriated. privacy isn't secrets. privacy is human dignity. @der_bluthund
-
@Stmanfr @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc My point is #Snowden's statements aren't revelations.
-
@Stmanfr @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Fear criminals using decryption more than NSA.
-
.@smarimc What if what we thought was 128bits is really 32bits? https://www.schneier.com/blog/archives/2013/09/surreptitiously.html … @leashless @ioerror @anarchodin @Dymaxion
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc It's da same to me. In Cypherpunk values I trust
-
@PatternGuru714 @der_bluthund @Dymaxion @Vorstand1 @anarchodin @ioerror @leashless @smarimc Cypherpunk = Peace makers & corruption fighters.
-
@smarimc you took over an AP at a #cryptoparty and sniffed it before telling the users, right? @leashless @anarchodin @Dymaxion #trust?
-
.@Stmanfr @PatternGuru714 Endpoints are shit, yes. But they way you are communicating about this makes your work sound like vapourware.
-
@leashless @PatternGuru714 We'll try to open your mind about these issues at #C3. Fasten your seat belt :D
-
@Stmanfr @PatternGuru714 Hey, I'm easy to convince. Ship something :-) I'll keep an open mind until then, of course. I'm not hostile!
-
@wolffhechel are you accusing me of something? @leashless @anarchodin @Dymaxion
-
@smarimc @leashless @anarchodin @Dymaxion i just want to know if that was you or one of the other people because it will help my bs-filter
-
@wolffhechel I don't do shit like that. @leashless @anarchodin @Dymaxion
-
@smarimc @leashless @anarchodin @Dymaxion very sorry, must have been one of the other icelandic people then.
-
@leashless Just watched. I believe you’re probably mostly right, but it’s a medium to long term play. I want the NSA to fuck off _now_ :-)
-
@Stmanfr @der_bluthund @Dymaxion @ioerror @smarimc I see, so individuals stealing from you by decrypting personal banking data are heros?
-
@Stmanfr @leashless It's difficult to believe you're an actual developer when you treat "Endpoints are weak" like a surprising revelation.
-
@wolffhechel @smarimc @leashless @Dymaxion Did this happen in .is or elsewhere?
-
-
@ratkins I don't know what the move is there. Grass-roots, no-central-target boycott of American goods and services? Really could work?
-
@ratkins "you break our internet, we stop buying from you?" - pretty simple, could be done in a way that didn't create targets.
-
@leashless I don’t think you can realistically mobilise enough people to have an effect. I loves me my iPhone, I do.
-
@ratkins Yep. I don't see other moves right now, but odds-are the situation will change quickly and reveal new possibilities. I can wait :-)
-
-
@ratkins Enough is going on right now that I'm fairly comfortable taking a back seat and waiting for the shape of history to emerge Then act
-
@ratkins I feel that right now I could wade in and stake out a position, and be made immediately irrelevant by the next leak. I can wait&see
-
@paco229 @leashless @ioerror @anarchodin @Dymaxion that is a special case. Theodor T'so is our friend.
-
@PatternGuru714 @leashless Okay. I am much more than a developer. I am Anonymous. Check your bases. You missed something.
-
@der_bluthund Until you know the difference between an algorithm and an implementation, that's not a useful statement.
-
@Dymaxion I suspect that it isn't just in the implementations, but in the algorithms themselves. And yes I DO know the difference, thanks
-
@Dymaxion Meanwhile, I will handle my sensitive information in person, as then I am sure of its security.
-
@der_bluthund Without evidence, we have nowhere to start from. "Throw it all out" is meaningless - might as well try to throw out numbers.
-
-
@Dymaxion then you had better take very close notice of what the snowden leaks have revealed and will continue to reveal...
-
-
@der_bluthund Well, yes. I and the entire crypto community are doing exactly that, and I'm working on ways to structure that watching better
-
@Stmanfr @leashless I was referring to how you're presenting your knowledge base, not what your sociopolitical tack is.
Recent Comments