RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start
One thing to think about with respect to the RFID passports... Um, uh...surely once in a while the RFID tag is going to get corrupted or something...right? I'd bet it ends up happening all the time. In those cases they probably have to fall back upon the traditional passport usage and inspection. The only question is, what could (believably) damage the RFID? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv]] Date: Sat, 29 Oct 2005 20:54:13 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 28 Oct 2005 17:49:06 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Edward Hasbrouck [EMAIL PROTECTED] Date: October 28, 2005 11:07:28 AM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] From: Lin, Herb [EMAIL PROTECTED] *Front* cover? Does that mean that if I hold the passport the wrong way, the skimmer will have a free ride? FWIW: (1) The sample RFID passports that Frank Moss passed around at CFP, which looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had the RFID chip (which was barely detectable by feel) in the *back* cover. The visible data page was/is, as with current passports, in the *front* cover. This is not compliant with the ICAO specifications, which recommend having the chip in the same page as the visible data, to make it more difficult to separate them. I can only guess that it was hard to laminate the visible data without damaging the chip, if it was in the same page. But it's interesting in light of the importance supposedly being placed on compliance with ICAO standards. (2) Moss had 2 sample RFID passports, 1 with and 1 without the shielding. He cliamed it was a layer in the entire outer cover (front and back), but it wasn't detectable by feel. I have more threat scenarios for the latest flavor of RFID passport at: http://hasbrouck.org/blog/archives/000869.html Edward Hasbrouck [EMAIL PROTECTED] http://hasbrouck.org +1-415-824-0214 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: Return of the death of cypherpunks.
I don't agree. One thing we do know is that, although Crypto is available and, in special contexts, used, it's use in other contexts is almost counterproduct, sending up a red flag so that those that Protect Our Freedoms will come sniffing around and bring to bear their full arsenal of technologies and, possibly, dirty tricks. Merely knowing that you are using stego/crypto in such contexts can cause a lot of attention come your way, possibly in actual meatspace, which in many cases is almost worse than not using crypto at all In addition, although strong and unbreakable Crypto exists, one thing a stint on Cypherpunks teaches you is that it is only rarely implemented in such a way as to actually be unbreakable to a determined attacker, particularly if there are not many such cases to examine in such contexts. The clear moral of this story is that, to increase the odds of truly secure communication, etc, Crypto in such contexts must become much more ubiquitous, and I still think Cypherpunks has a role to play there and indeed has played that role. Such a role is, of course, far more than a mere cheerleading role,a fact that merits a continued existence for Cypherpunks in some form or another. -TD Only when Crypto is used ubiquitousl From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Return of the death of cypherpunks. Date: Fri, 28 Oct 2005 12:09:36 -0700 -- From: Eugen Leitl [EMAIL PROTECTED] While I don't exactly know why the list died, I suspect it was the fact that most list nodes offered a feed full of spam, dropped dead quite frequently, and also overusing that needs killing thing (okay, it was funny for a while). The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. Since cryptography these days is routine and uncontroversial, there is no longer any strong reason for the cypherpunks list to continue to exist. I recently read up on the Kerberos protocol, and thought, how primitive. Back in the bad old days, we did everything wrong, because we did not know any better. And of course, https sucks mightily because the threat model is both inappropriate to the real threats, and fails to correspond to the users mental model, or to routine practices on a wide variety of sites, hence users glibly click through all warning dialogs, most of which are mere noise anyway. These problems, however, are no explicitly political, and tend to be addressed on lists that are not explicitly political, leaving cypherpunks with little of substance. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb
RE: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants start
One thing to think about with respect to the RFID passports... Um, uh...surely once in a while the RFID tag is going to get corrupted or something...right? I'd bet it ends up happening all the time. In those cases they probably have to fall back upon the traditional passport usage and inspection. The only question is, what could (believably) damage the RFID? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv]] Date: Sat, 29 Oct 2005 20:54:13 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 28 Oct 2005 17:49:06 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Edward Hasbrouck [EMAIL PROTECTED] Date: October 28, 2005 11:07:28 AM EDT To: [EMAIL PROTECTED] Subject: Re: [IP] more on U.S. passports to receive RFID implants starting in October 2006 [priv] From: Lin, Herb [EMAIL PROTECTED] *Front* cover? Does that mean that if I hold the passport the wrong way, the skimmer will have a free ride? FWIW: (1) The sample RFID passports that Frank Moss passed around at CFP, which looked like http://travel.state.gov/passport/eppt/eppt_2501.html, had the RFID chip (which was barely detectable by feel) in the *back* cover. The visible data page was/is, as with current passports, in the *front* cover. This is not compliant with the ICAO specifications, which recommend having the chip in the same page as the visible data, to make it more difficult to separate them. I can only guess that it was hard to laminate the visible data without damaging the chip, if it was in the same page. But it's interesting in light of the importance supposedly being placed on compliance with ICAO standards. (2) Moss had 2 sample RFID passports, 1 with and 1 without the shielding. He cliamed it was a layer in the entire outer cover (front and back), but it wasn't detectable by feel. I have more threat scenarios for the latest flavor of RFID passport at: http://hasbrouck.org/blog/archives/000869.html Edward Hasbrouck [EMAIL PROTECTED] http://hasbrouck.org +1-415-824-0214 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: Return of the death of cypherpunks.
I don't agree. One thing we do know is that, although Crypto is available and, in special contexts, used, it's use in other contexts is almost counterproduct, sending up a red flag so that those that Protect Our Freedoms will come sniffing around and bring to bear their full arsenal of technologies and, possibly, dirty tricks. Merely knowing that you are using stego/crypto in such contexts can cause a lot of attention come your way, possibly in actual meatspace, which in many cases is almost worse than not using crypto at all In addition, although strong and unbreakable Crypto exists, one thing a stint on Cypherpunks teaches you is that it is only rarely implemented in such a way as to actually be unbreakable to a determined attacker, particularly if there are not many such cases to examine in such contexts. The clear moral of this story is that, to increase the odds of truly secure communication, etc, Crypto in such contexts must become much more ubiquitous, and I still think Cypherpunks has a role to play there and indeed has played that role. Such a role is, of course, far more than a mere cheerleading role,a fact that merits a continued existence for Cypherpunks in some form or another. -TD Only when Crypto is used ubiquitousl From: James A. Donald [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Return of the death of cypherpunks. Date: Fri, 28 Oct 2005 12:09:36 -0700 -- From: Eugen Leitl [EMAIL PROTECTED] While I don't exactly know why the list died, I suspect it was the fact that most list nodes offered a feed full of spam, dropped dead quite frequently, and also overusing that needs killing thing (okay, it was funny for a while). The list needs not to stay dead, with some finite effort on our part (all of us) we can well resurrect it. If there's a real content there's even no need from all those forwards, to just fake a heartbeat. Since cryptography these days is routine and uncontroversial, there is no longer any strong reason for the cypherpunks list to continue to exist. I recently read up on the Kerberos protocol, and thought, how primitive. Back in the bad old days, we did everything wrong, because we did not know any better. And of course, https sucks mightily because the threat model is both inappropriate to the real threats, and fails to correspond to the users mental model, or to routine practices on a wide variety of sites, hence users glibly click through all warning dialogs, most of which are mere noise anyway. These problems, however, are no explicitly political, and tend to be addressed on lists that are not explicitly political, leaving cypherpunks with little of substance. --digsig James A. Donald 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG AnKV4N6f9DgtOy+KkQ9QsiXcpQm+moX4U09FjLXP 4zfMeSzzCXNSr737bvqJ6ccbvDSu8fr66LbLEHedb
RE: crypto on sonet is free, Tyler
Yo Variola! Did you notice the date stamp on that post? Did you do a stint on Survivor or something? Or as I said to the short-lived Tom Veil, What, no Starbucks near your Unabomber shack? -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: crypto on sonet is free, Tyler Date: Tue, 25 Oct 2005 19:52:10 -0700 At 03:15 PM 6/8/04 -0400, Tyler Durden wrote: Well, it's interesting to consider how/if that might be possible. SONET scrambles the payload prior to transmission..adding an additional crypto layer prior to transmission would mean changing the line rate, so probably a no-no. Tyler, one can implement crypto at *arbitrary* line rates though the use of multiple hardware engines and the right mode of operation. If you don't use crypto you are broadcasting, as well as accepting anything from anyone as authentic. Its that simple. Caveat receiver. --- Impeach or frag.
RE: crypto on sonet is free, Tyler
Yo Variola! Did you notice the date stamp on that post? Did you do a stint on Survivor or something? Or as I said to the short-lived Tom Veil, What, no Starbucks near your Unabomber shack? -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: crypto on sonet is free, Tyler Date: Tue, 25 Oct 2005 19:52:10 -0700 At 03:15 PM 6/8/04 -0400, Tyler Durden wrote: Well, it's interesting to consider how/if that might be possible. SONET scrambles the payload prior to transmission..adding an additional crypto layer prior to transmission would mean changing the line rate, so probably a no-no. Tyler, one can implement crypto at *arbitrary* line rates though the use of multiple hardware engines and the right mode of operation. If you don't use crypto you are broadcasting, as well as accepting anything from anyone as authentic. Its that simple. Caveat receiver. --- Impeach or frag.
RE: On special objects, and Judy Miller's treason
Its unfortunate that some posters had to be reminded that anyone calling for government-licensed reporters (and religions, as one author included) deserves to have their carbon recycled, because of the treason to the BoR. Tim May used to call government licensed citizens special objects. Search for it. Although I agree in theory, if I were a black man in Alabama in the 1950s (for instance), I might certainly be willing to try to declare blacks as worthy of special consideration if that would keep me from getting lynched. I would not, in general, expect to be held liable by others for the reaction of Tyrants, and I'd be willing to allow other lynchables to take care of themselves. Is Miller in this situation? Doubtful, but then again were you -suprised-? -TD
RE: On special objects, and Judy Miller's treason
Its unfortunate that some posters had to be reminded that anyone calling for government-licensed reporters (and religions, as one author included) deserves to have their carbon recycled, because of the treason to the BoR. Tim May used to call government licensed citizens special objects. Search for it. Although I agree in theory, if I were a black man in Alabama in the 1950s (for instance), I might certainly be willing to try to declare blacks as worthy of special consideration if that would keep me from getting lynched. I would not, in general, expect to be held liable by others for the reaction of Tyrants, and I'd be willing to allow other lynchables to take care of themselves. Is Miller in this situation? Doubtful, but then again were you -suprised-? -TD
Re: Judy Miller needing killing
Cyphrpunk wrote... The notion that someone who is willing to spend months in jail just to keep a promise of silence needs killing is beyond bizarre and is downright evil. This list supports the rights of individuals to tell the government to go to hell, and that is exactly what Judy Miller did. She should be a hero around here. It's disgusting to see these kinds of comments from a no-nothing like Major Variola. While I agree that Variola has his bizarre moments, much of what he says at least merits further investigation. He partially fills a role that May filled, before his final descent into madness... I, for one, welcome his return to posting, and it's not too much effort to hit the delete button on a post-by-post basis. -TD
Re: Judy Miller needing killing
Cyphrpunk wrote... The notion that someone who is willing to spend months in jail just to keep a promise of silence needs killing is beyond bizarre and is downright evil. This list supports the rights of individuals to tell the government to go to hell, and that is exactly what Judy Miller did. She should be a hero around here. It's disgusting to see these kinds of comments from a no-nothing like Major Variola. While I agree that Variola has his bizarre moments, much of what he says at least merits further investigation. He partially fills a role that May filled, before his final descent into madness... I, for one, welcome his return to posting, and it's not too much effort to hit the delete button on a post-by-post basis. -TD
Color Laser Printer Snitch Codes
Apparently, it's possible to examine a color printer output and determine make, model, and even print time. http://www.eff.org/Privacy/printers/docucolor/ Soon we'll find out that toothbrushes are able to determine what I ate for dinner and are regularly sending the info... -TD
Color Laser Printer Snitch Codes
Apparently, it's possible to examine a color printer output and determine make, model, and even print time. http://www.eff.org/Privacy/printers/docucolor/ Soon we'll find out that toothbrushes are able to determine what I ate for dinner and are regularly sending the info... -TD
RE: TEMPEST PC for sale on ebay
Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS with a ten-foot tempest pole. -TD From: [EMAIL PROTECTED] (Peter Gutmann) To: [EMAIL PROTECTED] Subject: TEMPEST PC for sale on ebay Date: Sat, 15 Oct 2005 19:39:02 +1300 http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter.
RE: TEMPEST PC for sale on ebay
Uh...it's SAIC. I used to work for a subsidiary so I wouldn't touch this POS with a ten-foot tempest pole. -TD From: [EMAIL PROTECTED] (Peter Gutmann) To: [EMAIL PROTECTED] Subject: TEMPEST PC for sale on ebay Date: Sat, 15 Oct 2005 19:39:02 +1300 http://cgi.ebay.com/SAIC-V2-Military-Portable-Computer-With-Accessories_W0QQitemZ8707782870QQcategoryZ177QQrdZ1QQcmdZViewItem May possibly run a very cut-down version of Linux, otherwise you'd be stuck with DOS. Peter.
RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents] Date: Thu, 6 Oct 2005 08:28:06 +0200 - Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents]
There's also some very nice advice for nontechnical people about things like Mixmaster, checking IP addresses, and how to DO a lot of stuff making use of the tools that are out there. It's a great little book. Oh yeah...I think Gilmore wrote a section in it. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Handbook for bloggers and cyber-dissidents] Date: Thu, 6 Oct 2005 08:28:06 +0200 - Forwarded message from Thomas Sj?gren [EMAIL PROTECTED] - From: Thomas Sj?gren [EMAIL PROTECTED] Date: Wed, 5 Oct 2005 23:20:14 +0200 To: [EMAIL PROTECTED] Subject: Handbook for bloggers and cyber-dissidents User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] Reporters Without Borders (Reporters sans fronti?res, RSF) has released a Handbook for bloggers and cyber-dissidents: http://www.rsf.org/rubrique.php3?id_rubrique=542 Topics include: How to blog anonymously Technical ways to get around censorship Ensuring your e-mail is truly private Internet-censor world championship From the chapter How to blog anonymously: Step five - Onion Routing through Tor [...] Given the complexity of the technology, Sarah is pleasantly surprised to discover how easy it is to install Tor, an onion routing system. She downloads an installer which installs Tor on her system, then downloads and installs Privoxy, a proxy that works with Tor and has the pleasant side benefit of removing most of the ads from the webpages Sarah views. After installing the software and restarting her machine, Sarah checks noreply.org and discovers that she is, in fact, successfully cloaked by the Tor system - noreply.org thinks shes logging on from Harvard University. She reloads, and now noreply thinks shes in Germany. From this she concludes that Tor is changing her identity from request to request, helping to protect her privacy. This has some odd consequences. When she uses Google through Tor, it keeps switching language on her. One search, its in English - another, Japanese. Then German, Danish and Dutch, all in the course of a few minutes. Sarah welcomes the opportunity to learn some new languages, but shes concerned about some other consequences. Sarah likes to contribute to Wikipedia, but discovers that Wikipedia blocks her attempts to edit articles when shes using Tor. Tor also seems to have some of the same problems Sarah was having with other proxies. Her surfing slows down quite a bit, as compared to surfing the web without a proxy - she finds that she ends up using Tor only when shes accessing sensitive content or posting to her blog. And shes once again tied to her home computer, since she cant install Tor on a public machine very easily. Most worrisome, though, she discovers that Tor sometimes stops working. Evidently, her ISP is starting to block some Tor routers - when Tor tries to use a blocked router, she can wait for minutes at a time, but doesnt get the webpage shes requested. -- - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Steve Furlong wrote... The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Re: Just to make your life more paranoid:) Re: Surreptitious Tor Messages?
Steve Furlong wrote... The noisy protocol has the added benefit of causing the network cable to emit lots of radiation, frying the brains of TOR users. The only defense is a hat made of flexible metal. More than that, I'd bet they engineered that noise to stimulate the very parts of the brain responsible for Wikipedia entries... -TD
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes]
Well, the great thing about the Italians is that you can bet in large parts of Italy the law is already routinely ignored. 6 months from now it will be forgotten. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Italy requires logging of personal info at cybercafes] Date: Tue, 4 Oct 2005 15:20:15 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Tue, 4 Oct 2005 08:54:46 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Italy requires logging of personal info at cybercafes X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Brett Glass [EMAIL PROTECTED] Date: October 4, 2005 2:25:50 AM EDT To: [EMAIL PROTECTED] Subject: For IP: Italy requires logging of personal info at cybercafes Want to check your e-mail in Italy? Bring your passport. An antiterror law makes Internet cafe managers check their clients' IDs and track the websites they visit. By Sofia Celeste | Contributor to The Christian Science Monitor ROME - Looking out over the cobblestone streets of Rome's Borgo Pio neighborhood, Maurizio Savoni says he's closing his Internet cafe because he doesn't want to be a cop anymore. After Italy passed a new antiterrorism package in July, authorities ordered managers offering public communications services, like Mr. Savoni,to make passport photocopies of every customer seeking to use the Internet, phone, or fax. This new law creates a heavy atmosphere, says Savoni, his desk cluttered with passport photocopies. He is visibly irritated, as he proceeds to halt clients at the door for their ID. Passed within weeks of the London bombings this summer, the law is part of the most extensive antiterror package introduced in Italy since 9/11 and the country's subsequent support of the Iraq war. Though the legislation also includes measures to heighten transportation security, permit DNA collection, and facilitate the detention or deportation of suspects, average Italians are feeling its effect mainly in Internet cafes. But while Italy has a healthy protest culture, no major opposition to the law has emerged. Before the law was passed, Savoni's clients were anonymous to him. Now they must be identified by first and last name. He must also document which computer they use, as well as their log-in and log-out times. Like other owners of Internet cafes, Savoni had to obtain a new public communications business license, and purchase tracking software that costs up to $1,600. The software saves a list of all sites visited by clients, and Internet cafe operators must periodically turn this list into their local police headquarters. After 9/11, Madrid, and London, we all have to do our utmost best to fight terrorism, says a government official who asked not to be named. Italy claims that its new stance on security led to the arrest of Hussein Osman, also known as Hamdi Issac - one of the men behind the failed bombing of the London underground July 21. Hamdi was well known to our security people and had relatives here with whom he communicated, in some form, says the government official in an e-mail interview. But Silvia Malesa, a young Internet cafe owner in the coastal village of Olbia, Sardinia, remains unconvinced. This is a waste of time, says Ms. Malesa in a telephone interview. Terrorists don't come to Internet cafes. And now, would-be customers aren't coming either, say Savoni and Malesa. Since the law was enacted, Savoni has seen an estimated 10 percent drop in business. So many people who come in here ask 'why?' and then they just leave, Savoni says. Most tourists who wander in from the streets, he explains, leave their passports at home or are discouraged when asked to sign a security disclaimer. Savoni says the new law violates his privacy, comparing it to America's antiterrorism law that allows authorities to monitor Internet use without notifying the person in question. It is a control system like America's Patriot Act, he says. Groups like the American Civil Liberties Union have criticized the Patriot Act because it permits the government to ask libraries for a list of books someone has borrowed or the websites they have visited. Under Italy's new antiterror legislation, only those who are on a black list for terrorist connections are in danger of having their e- mails read, according to the government official. Interior Minister Giuseppe Pisanu has declared Italy will stop at nothing to fight terror. I will continue to prioritize action to monitor the length and breadth of the country, without ever underestimating reasonably reliable reports of specific threats, said Mr. Pisanu in a Sept. 29 interview with Finmeccanica Magazine. Pisanu has also called for developing sophisticated technology to combat terror on Italian soil. There is no doubt that, to achieve maximum efficiency, we need the support of the best technological
Surreptitious Tor Messages?
Can anyone suggest a tool for checking to see if my Tor client is performing any surreptitious signaling? Seems to me there's a couple of possibilities for a TLA or someone else to monitor Tor users. Tor clients purchased online or whatever could possibly signal a monitoring agency for when and possibly where the user is online. This would mean that at bootup, some surreptitious packets could be fired off. The problem here is that a clever TLA might be able to hide its POP behind the Tor network, so merely checking on IP addresses on outgoing packets wouldn't work. Can anyone recommend a nice little package that can be used to check for unusual packets leaving my machine through the tor client? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: nym-0.2 released (fwd)] Date: Mon, 3 Oct 2005 15:57:42 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Sun, 2 Oct 2005 22:23:50 + (UTC) To: cyphrpunk [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], cryptography@metzdowd.com Subject: Re: nym-0.2 released (fwd) Reply-To: [EMAIL PROTECTED] On Sun, 2 Oct 2005, cyphrpunk wrote: 1. Limting token requests by IP doesn't work in today's internet. Most Hopeless negativism. I limit by IP because that's what Wikipedia is already doing. Sure, hashcash would be easy to add, and I looked into it just last night. Of course, as several have observed, hashcash also leads to whack-a-mole problems, and the abuser doesn't even have to be savvy enough to change IPs. Why aren't digital credential systems more widespread? As has been suggested here and elsewhere at great length, it takes too much infrastructure. It's too easy when writing a security paper to call swaths of CAs into existance with the stroke of the pen. To assume that any moment now, people will start carrying around digital driver's licenses and social security cards (issued in the researcher's pet format), which they'll be happy to show the local library in exchange for a digital library card. That's why I'm so optimistic about nym. A reasonable number of Tor users, a technically inclined group of people on average, want to access a single major site. That site isn't selling ICBMs; they mostly want people to have access anyway. They have an imperfect rationing system based on IPs. The resource is cheap, the policy is simple, and the user needs to conceal a single attribute about herself. There's a simple mathematical solution that yields certificates which are already supported by existing software. That, my friend, is a problem we can solve. I suggest a proof of work system a la hashcash. You don't have to use that directly, just require the token request to be accompanied by a value whose sha1 hash starts with say 32 bits of zeros (and record those to avoid reuse). I like the idea of requiring combinations of scarce resources. It's definitely on the wishlist for future releases. Captchas could be integrated as well. 2. The token reuse detection in signcert.cgi is flawed. Leading zeros can be added to r which will cause it to miss the saved value in the database, while still producing the same rbinary value and so allowing a token to be reused arbitrarily many times. Thanks for pointing that out! Shouldn't be hard to fix. 3. signer.cgi attempts to test that the value being signed is 2^512. This test is ineffective because the client is blinding his values. He can get a signature on, say, the value 2, and you can't stop him. 4. Your token construction, sign(sha1(r)), is weak. sha1(r) is only 160 bits which could allow a smooth-value attack. This involves getting signatures on all the small primes up to some limit k, then looking for an r such that sha1(r) factors over those small primes (i.e. is k-smooth). For k = 2^14 this requires getting less than 2000 signatures on small primes, and then approximately one in 2^40 160-bit values will be smooth. With a few thousand more signatures the work value drops even lower. Oh, I think I see. The k-smooth sha1(r) values then become bonus tokens, so we use a large enough h() that the result is too hard to factor (or, I suppose we could make the client present properly PKCS padded preimages). I'll do some more reading, but I think that makes sense. Thanks! -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
Re: [EMAIL PROTECTED]: Wikipedia Tor]
In many segments of the credit card insutry meatspace is also irrelevant. Anyone with a FICO greater than about 680 is almost certainly concered with maintaining their reputation with the current crop of TRWs of the world...collections efforts leverage the potential damage to the reputation, and only very gradually (if ever) fall back into actual meatspace threats (ie, docking your pay, etc...). And in many cases meatspace threats are forgone due to the collections effort (times probability of collection) yielding more than what would be recovered. So for many, it's effectively been psuedonyms for years, though their psuedonyms happen to correspond to their true names. -TD From: John Kelsey [EMAIL PROTECTED] To: Roy M. Silvernail [EMAIL PROTECTED],R.A. Hettinga [EMAIL PROTECTED] CC: James A. Donald [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor] Date: Sat, 1 Oct 2005 10:01:51 -0400 (GMT-04:00) Damn good point. Now that I think of it, all the classic examples of anonymous publication were really pseudonymous. (Publius, et al) They have different requirements. Votes and cash transactions and similar things require no history, no reputation. They're one-shot actions that should not be linkable to other actions. Pseudonyms are used everywhere in practice, because even my name is effectively a pseudonym unless you have some reason to try to link it to a meatspace human. This is why it's worth reading a book by Mark Twain, even though that wasn't his real name. And it would be worth reading those books even if we had no idea who had really written them. The reuptation and history of the author lets you decide whether you want to read the next of his books. The same is true of academic papers--you don't need to have met me or even to be able to find me, in order to read my papers and develop an opinion (hopefully a good one) about the quality of my work. And that determines whether you think the next paper is worth reading. --John
RE: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)]
Just a thought. Wikipedia entries from anonymous sources, such as Tor, should have an expiration date and revert back, unless a Wiki Admin or other trusted user OKs the new entry. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)] Date: Fri, 30 Sep 2005 10:34:00 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 23:32:48 + (UTC) To: [EMAIL PROTECTED] Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) Reply-To: [EMAIL PROTECTED] -- Forwarded message -- Date: Thu, 29 Sep 2005 23:32:24 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: Ian G [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) On Thu, 29 Sep 2005, Ian G wrote: Couple of points of clarification - you mean here CA as certificate authority? Normally I've seen Mint as the term of art for the center in a blinded token issuing system, and I'm wondering what the relationship here is ... is this something in the 1990 paper? Actually, it was just the closest paper at hand for what I was trying to do, which is nymous accounts, just as you say. So I probably shouldn't have referred to spending at all. My thinking is that if all Wikipedia is trying to do is enforce a low barrier of pseudonymity (where we can shut off access to persons, based on a rough assumption of scarce IPs or email addresses), a trivial blind signature system should be easy to implement. No certs, no roles, no CRLs, just a simple blindly issued token. And in fact it took me about 4 hours (while the conversation on or-talk has been going on for several days...) There are two problems with what I wrote. First, the original system is intended for cash instead of pseudonymity, and thus leaves the spender a disincentive to duplicate other serial numbers (since you'd just be accused of double spending); this is a problem since if an attacker sees you use your token, he can get the same token signed for himself and besmirch your nym. And second, it would be a pain to glue my scripts into an existing authentication system. Both problems are overcome if, instead of a random token, the client blinds the hash of an X.509 client cert. Then the returned signature gives you a complete client cert you can plug into your web browser (and which web servers can easily demand). Of course, you can put anything you want in the cert, since the servers know that my CA only certifies 1 bit of data about users (namely, that they only get one cert per scarce resource). But the public key (and verification mechanisms built in to TLS) keeps abusers from being able to pretend they're other users, since they won't have the users' private keys. rant The frustrating part about this is the same reason why I'm getting out of the credential research business. People have solved this problem before (although I didn't know of any Free solutions; ADDS and SOX are hard to google -- are they Free?). I even came up with at least a proof of concept in an afternoon. And yet the argument on the list went on and on, /without even an acknowledgement of my solution/. Everybody just kept debating the definitions of anonymity and identity, and accusing each other of anarchy and tyranny. We go round and round when we talk about authentication systems, but never get off the merry-go-round. Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on virtual cinematography, then The Matrix comes out in 1999 using his techniques and revolutionizes action movies. Sure, graphics is easier because it doesn't require everyone to agree on an /infrastructure/, but then, neither does the tor/wikipedia problem. I'm grateful for guys like Roger Dingledine and Phil Zimmerman who actually make a difference with a privacy system, but they seem to be the exception, rather than the rule. /rant So thanks for at least taking notice. -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)]
Just a thought. Wikipedia entries from anonymous sources, such as Tor, should have an expiration date and revert back, unless a Wiki Admin or other trusted user OKs the new entry. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Pseudonymity for tor: nym-0.1 (fwd)] Date: Fri, 30 Sep 2005 10:34:00 +0200 - Forwarded message from Jason Holt [EMAIL PROTECTED] - From: Jason Holt [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 23:32:48 + (UTC) To: [EMAIL PROTECTED] Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) Reply-To: [EMAIL PROTECTED] -- Forwarded message -- Date: Thu, 29 Sep 2005 23:32:24 + (UTC) From: Jason Holt [EMAIL PROTECTED] To: Ian G [EMAIL PROTECTED] Cc: cryptography@metzdowd.com Subject: Re: Pseudonymity for tor: nym-0.1 (fwd) On Thu, 29 Sep 2005, Ian G wrote: Couple of points of clarification - you mean here CA as certificate authority? Normally I've seen Mint as the term of art for the center in a blinded token issuing system, and I'm wondering what the relationship here is ... is this something in the 1990 paper? Actually, it was just the closest paper at hand for what I was trying to do, which is nymous accounts, just as you say. So I probably shouldn't have referred to spending at all. My thinking is that if all Wikipedia is trying to do is enforce a low barrier of pseudonymity (where we can shut off access to persons, based on a rough assumption of scarce IPs or email addresses), a trivial blind signature system should be easy to implement. No certs, no roles, no CRLs, just a simple blindly issued token. And in fact it took me about 4 hours (while the conversation on or-talk has been going on for several days...) There are two problems with what I wrote. First, the original system is intended for cash instead of pseudonymity, and thus leaves the spender a disincentive to duplicate other serial numbers (since you'd just be accused of double spending); this is a problem since if an attacker sees you use your token, he can get the same token signed for himself and besmirch your nym. And second, it would be a pain to glue my scripts into an existing authentication system. Both problems are overcome if, instead of a random token, the client blinds the hash of an X.509 client cert. Then the returned signature gives you a complete client cert you can plug into your web browser (and which web servers can easily demand). Of course, you can put anything you want in the cert, since the servers know that my CA only certifies 1 bit of data about users (namely, that they only get one cert per scarce resource). But the public key (and verification mechanisms built in to TLS) keeps abusers from being able to pretend they're other users, since they won't have the users' private keys. rant The frustrating part about this is the same reason why I'm getting out of the credential research business. People have solved this problem before (although I didn't know of any Free solutions; ADDS and SOX are hard to google -- are they Free?). I even came up with at least a proof of concept in an afternoon. And yet the argument on the list went on and on, /without even an acknowledgement of my solution/. Everybody just kept debating the definitions of anonymity and identity, and accusing each other of anarchy and tyranny. We go round and round when we talk about authentication systems, but never get off the merry-go-round. Contrast that with Debevec's work at Berkeley; Ph.D in 1996 on virtual cinematography, then The Matrix comes out in 1999 using his techniques and revolutionizes action movies. Sure, graphics is easier because it doesn't require everyone to agree on an /infrastructure/, but then, neither does the tor/wikipedia problem. I'm grateful for guys like Roger Dingledine and Phil Zimmerman who actually make a difference with a privacy system, but they seem to be the exception, rather than the rule. /rant So thanks for at least taking notice. -J - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD
RE: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
No, this is important. If this isn't Cypherpunks material these days then nothing is. As for the Wikipedia folks, I can't imagine having a more intelligent batch of people disagree. There's is a very practical matter: Reducing the hassles, particularly when said hassles in general deteriorate the content/bullshit ratio they see. On the other hand, they seem to clearly get the value of Tor, and have practically extended an invitation for a solution that will truly make things better while not significantly increasing their hassles. That the Wikipedia reaction to TorSpam is perhaps regrettable is obvious, but given their goals (not particularly Cypherpunkly) it really does make sense: No one's paid at Wikipedia and no one's going to do all the work of cleaning up the slung feces. In other words, their clipping off one of the side-lobes but increasing the remaining signal-to-noise. Just brute force logic. Sorry. But the door is open for solutions and they do seem to understand the issues. Not bad, and the long-term solution may be very interesting... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Thu, 29 Sep 2005 14:02:32 +0200 Sorry for the flood, but this is winding down already. What I didn't like about this discussion is that all concerned parties seem to have been shouting into space past each other, just trying to make a noise instead of understanding and solving the problem. - Forwarded message from Steven J. Murdoch [EMAIL PROTECTED] - From: Steven J. Murdoch [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 00:27:51 +0100 To: [EMAIL PROTECTED] Cc: Jimmy Wales [EMAIL PROTECTED] Subject: Re: Hello directly from Jimbo at Wikipedia User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote: All I'm saying is that Tor could segregate users easily enough into two clouds: We sorta trust these ones, more or less, a little bit, but no guarantees -- We don't trust these ones, we don't know them. This would be very difficult to do using the existing Tor design as it doesn't know anything about users or sessions. It lives at the TCP layer and all it does is shift packets from one IP address to another, giving some privacy to both ends. Adding higher layer functionality to Tor increases the chance that it will do neither job well, so here is a proposal which I think does what you want, but avoids this problem. The goal is to increase the cost for a Tor user to commit abuse on Wikipedia. It doesn't need to be full-proof, but just enough to make them go elsewhere. Wikipedia could require Tor users to log in before making edits, and ban accounts if they do something bad. However the cost of creating new accounts is not very high. The goal of this proposal is to impose a cost on creating accounts which can be used though Tor. Non-Tor access works as normal and the cost can be small, just enough to reduce the incentive of abuse. Suppose Wikipedia allowed Tor users to only read articles and create accounts, but not able to change anything. The Tor user then goes to a different website, call it the puzzle server. Here the Tor user does some work, perhaps does a hashcash computation[1] or solves a CAPTCHA[2], then enters the solution along with their new Wikipedia username. The puzzle server (which may be run by Wikipedia or Tor volunteers), records the fact that someone has solved a puzzle along with the username entered. The puzzle server doesn't need the Wikipedia password as there is no reason for someone to do work for another person's account. Now when that Tor user logs into their Wikipedia account to edit something, the Wikipedia server asks the puzzle server whether this account has ever solved a puzzle. If it has, the user can make the edit, if not then the user is told to go to the puzzle server first. This check can be very simple - just an HTTP request to the puzzle server specifying the Wikipedia username, which returns yes vs no, or 200 vs 403. For performance reasons this can be cached locally. There is no cryptography here, and I don't think it is needed, but it can be added without much difficulty. If the Tor user starts committing abuse, his account is cancelled. The puzzle server doesn't need to be told about this, as Wikipedia will not let that user make any edits. The reason this approach avoids the usual problems with proof-of-work schemes[3] is that good Tor users only have to solve the puzzle once, just after they create the account. Bad Tor users will need to solve another puzzle every time they are caught and had their account cancelled. So my question to Jimbo is: what type of puzzle do you think would be enough to reduce abuse through Tor to a manageable level? The difficulty of the puzzle can be tuned over time but what would be necessary for Wikipedia to try this out? Hope this helps, Steven Murdoch.
Re: Wikipedia Tor
That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. ..and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD
RE: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military]
Stupid assholes. Despite all the tech work in India going on, their military apparently didn't realize that the world changed a long time ago (way before Google). And if they can somehow block google, then I can merely purchase the photos on the black market from a private satellite. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military] Date: Wed, 28 Sep 2005 13:37:36 +0200 - Forwarded message from Shekhar Krishnan [EMAIL PROTECTED] - From: Shekhar Krishnan [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 12:17:23 +0100 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], fsf-friends@mm.gnu.org.in, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: [Geowanking] Google Earth Exposes the Indian Military Organization: CRIT (Collective Research Initiatives Trust) X-Mailer: Evolution 2.4.0 Reply-To: [EMAIL PROTECTED] Dear All: :: apologies for cross-posting :: This has caused quite an uproar in Mumbai, and the consequences will be interesting to follow. To read more about open geo-data and free mapping initiatives in India, see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | http://freemap.crit.org.in | http://www.freemap.in ). Please also visit and sign the open geo-data manifesto hosted by the Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and visit Mapping Hacks ( http://www.mappinghacks.com ). Best, Shekhar _ Google Earth exposes IAF bases CHARLES ASSISI TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] http://timesofindia.indiatimes.com/articleshow/1243460.cms MUMBAI: Legally, you aren???t supposed to come within arm???s length of India???s military bases. Whether it is the naval dockyards in Mumbai or the air force bases in New Delhi, Bangalore and Hyderabad, they continue to be strictly out of bounds for unauthorised personnel. But technology, unerringly, finds ways to subvert the law. A little over two weeks ago, Google released fresh satellite images of New Delhi, south Mumbai, Bangalore and Hyderabad as part of its new initiative, Google Earth ( http://earth.google.com ). These images, available to anybody with access to the Net, provide users with images of earth from space. Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. After having taken a look at its lawns, take in a detailed perspective of Parliament building. Maybe, fly over the Prime Minister???s residence. And if that doesn???t satiates the voyeur in you, move over to Palam Airport where IAF planes are based. The level of detail even reveals the camouflage used to mask hangars. Pictures of Mumbai reveal with numbing clarity the docks where INS Viraat is berthed. Users can zoom close enough to take a reasonably good look at the deck of India???s lone aircraft carrier. Browse around and you can stroll past piers where warships of all kinds and submarines are docked. Pan across to take a long look at what lies beyond the fortified gates of Navy Nagar where access is normally controlled by gun-wielding guards. And if that isn???t enough, there are shots of a carrier under construction, which sources speculate, could be the top secret advanced technology vessel (ATV). It???s much the same thing with Bangalore. The air force base at Yelahanka with the jets and helicopters parked are available for all to view. And if it???s the HAL factory you???re interested in, zoom right in. -- __ Shekhar Krishnan 9, Supriya, 2nd Floor 709, Parsee Colony Road no.4 Dadar, Mumbai 400014 India http://www.crit.org.in/members/shekhar http://web.mit.edu/~shekhar/www ___ Geowanking mailing list [EMAIL PROTECTED] http://lists.burri.to/mailman/listinfo/geowanking - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Oh...-that's- your point: No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. Well, is it reasonable to expect a creature to evolve to an environment that doesn't exist yet? On the other hand, I don't think the number of Tor IP addresses is anywhere near its hockeystick yet, and when it comes it will be changing far too fast for them to block. So they will ultimately have to change their model, methinks. -TD
Re: [EMAIL PROTECTED]: Re: Wikipedia Tor]
One way to build a psuedo-pseudonymous mechanism to hang off of Tor that would be easy for the Wikipedians to deal with would be to have a server that lets you connect to it using Tor, log in using some authentication protocol or other, then have it generate different outgoing addresses based on your ID. So user #37 gets to initiate connections from 10.0.0.37, user #258 gets to initiate connections from 10.0.1.2, etc. Isn't the IPv4 address space potentially too small in the intermediate run for this approach? Sounds like you'd need IPv6... -TD
RE: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
No, this is important. If this isn't Cypherpunks material these days then nothing is. As for the Wikipedia folks, I can't imagine having a more intelligent batch of people disagree. There's is a very practical matter: Reducing the hassles, particularly when said hassles in general deteriorate the content/bullshit ratio they see. On the other hand, they seem to clearly get the value of Tor, and have practically extended an invitation for a solution that will truly make things better while not significantly increasing their hassles. That the Wikipedia reaction to TorSpam is perhaps regrettable is obvious, but given their goals (not particularly Cypherpunkly) it really does make sense: No one's paid at Wikipedia and no one's going to do all the work of cleaning up the slung feces. In other words, their clipping off one of the side-lobes but increasing the remaining signal-to-noise. Just brute force logic. Sorry. But the door is open for solutions and they do seem to understand the issues. Not bad, and the long-term solution may be very interesting... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Thu, 29 Sep 2005 14:02:32 +0200 Sorry for the flood, but this is winding down already. What I didn't like about this discussion is that all concerned parties seem to have been shouting into space past each other, just trying to make a noise instead of understanding and solving the problem. - Forwarded message from Steven J. Murdoch [EMAIL PROTECTED] - From: Steven J. Murdoch [EMAIL PROTECTED] Date: Thu, 29 Sep 2005 00:27:51 +0100 To: [EMAIL PROTECTED] Cc: Jimmy Wales [EMAIL PROTECTED] Subject: Re: Hello directly from Jimbo at Wikipedia User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 05:48:59PM -0400, Jimmy Wales wrote: All I'm saying is that Tor could segregate users easily enough into two clouds: We sorta trust these ones, more or less, a little bit, but no guarantees -- We don't trust these ones, we don't know them. This would be very difficult to do using the existing Tor design as it doesn't know anything about users or sessions. It lives at the TCP layer and all it does is shift packets from one IP address to another, giving some privacy to both ends. Adding higher layer functionality to Tor increases the chance that it will do neither job well, so here is a proposal which I think does what you want, but avoids this problem. The goal is to increase the cost for a Tor user to commit abuse on Wikipedia. It doesn't need to be full-proof, but just enough to make them go elsewhere. Wikipedia could require Tor users to log in before making edits, and ban accounts if they do something bad. However the cost of creating new accounts is not very high. The goal of this proposal is to impose a cost on creating accounts which can be used though Tor. Non-Tor access works as normal and the cost can be small, just enough to reduce the incentive of abuse. Suppose Wikipedia allowed Tor users to only read articles and create accounts, but not able to change anything. The Tor user then goes to a different website, call it the puzzle server. Here the Tor user does some work, perhaps does a hashcash computation[1] or solves a CAPTCHA[2], then enters the solution along with their new Wikipedia username. The puzzle server (which may be run by Wikipedia or Tor volunteers), records the fact that someone has solved a puzzle along with the username entered. The puzzle server doesn't need the Wikipedia password as there is no reason for someone to do work for another person's account. Now when that Tor user logs into their Wikipedia account to edit something, the Wikipedia server asks the puzzle server whether this account has ever solved a puzzle. If it has, the user can make the edit, if not then the user is told to go to the puzzle server first. This check can be very simple - just an HTTP request to the puzzle server specifying the Wikipedia username, which returns yes vs no, or 200 vs 403. For performance reasons this can be cached locally. There is no cryptography here, and I don't think it is needed, but it can be added without much difficulty. If the Tor user starts committing abuse, his account is cancelled. The puzzle server doesn't need to be told about this, as Wikipedia will not let that user make any edits. The reason this approach avoids the usual problems with proof-of-work schemes[3] is that good Tor users only have to solve the puzzle once, just after they create the account. Bad Tor users will need to solve another puzzle every time they are caught and had their account cancelled. So my question to Jimbo is: what type of puzzle do you think would be enough to reduce abuse through Tor to a manageable level? The difficulty of the puzzle can be tuned over time but what would be necessary for Wikipedia to try this out? Hope this helps, Steven Murdoch.
Re: Wikipedia Tor
That's trivial: charge Tor-originated users for editing. That 0.0001% (all three of them) that actually contributes to Wikipedia will be resourceful enough to create untraceable payment accounts. ...and ensure that all future Tor-originated Wikipedia entries are about anonymous payments and transactions... -TD
RE: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military]
Stupid assholes. Despite all the tech work in India going on, their military apparently didn't realize that the world changed a long time ago (way before Google). And if they can somehow block google, then I can merely purchase the photos on the black market from a private satellite. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Geowanking] Google Earth Exposes the Indian Military] Date: Wed, 28 Sep 2005 13:37:36 +0200 - Forwarded message from Shekhar Krishnan [EMAIL PROTECTED] - From: Shekhar Krishnan [EMAIL PROTECTED] Date: Wed, 28 Sep 2005 12:17:23 +0100 To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], fsf-friends@mm.gnu.org.in, [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: Subject: [Geowanking] Google Earth Exposes the Indian Military Organization: CRIT (Collective Research Initiatives Trust) X-Mailer: Evolution 2.4.0 Reply-To: [EMAIL PROTECTED] Dear All: :: apologies for cross-posting :: This has caused quite an uproar in Mumbai, and the consequences will be interesting to follow. To read more about open geo-data and free mapping initiatives in India, see the Mumbai Free Map ( http://www.crit.org.in/projects/gis | http://freemap.crit.org.in | http://www.freemap.in ). Please also visit and sign the open geo-data manifesto hosted by the Open Knowledge Foundation ( http://okfn.org/geo/manifesto.php ) and visit Mapping Hacks ( http://www.mappinghacks.com ). Best, Shekhar _ Google Earth exposes IAF bases CHARLES ASSISI TIMES NEWS NETWORK[ TUESDAY, SEPTEMBER 27, 2005 12:16:08 AM ] http://timesofindia.indiatimes.com/articleshow/1243460.cms MUMBAI: Legally, you aren???t supposed to come within arm???s length of India???s military bases. Whether it is the naval dockyards in Mumbai or the air force bases in New Delhi, Bangalore and Hyderabad, they continue to be strictly out of bounds for unauthorised personnel. But technology, unerringly, finds ways to subvert the law. A little over two weeks ago, Google released fresh satellite images of New Delhi, south Mumbai, Bangalore and Hyderabad as part of its new initiative, Google Earth ( http://earth.google.com ). These images, available to anybody with access to the Net, provide users with images of earth from space. Punch New Delhi and the software first zooms in on Rashtrapati Bhavan. After having taken a look at its lawns, take in a detailed perspective of Parliament building. Maybe, fly over the Prime Minister???s residence. And if that doesn???t satiates the voyeur in you, move over to Palam Airport where IAF planes are based. The level of detail even reveals the camouflage used to mask hangars. Pictures of Mumbai reveal with numbing clarity the docks where INS Viraat is berthed. Users can zoom close enough to take a reasonably good look at the deck of India???s lone aircraft carrier. Browse around and you can stroll past piers where warships of all kinds and submarines are docked. Pan across to take a long look at what lies beyond the fortified gates of Navy Nagar where access is normally controlled by gun-wielding guards. And if that isn???t enough, there are shots of a carrier under construction, which sources speculate, could be the top secret advanced technology vessel (ATV). It???s much the same thing with Bangalore. The air force base at Yelahanka with the jets and helicopters parked are available for all to view. And if it???s the HAL factory you???re interested in, zoom right in. -- __ Shekhar Krishnan 9, Supriya, 2nd Floor 709, Parsee Colony Road no.4 Dadar, Mumbai 400014 India http://www.crit.org.in/members/shekhar http://web.mit.edu/~shekhar/www ___ Geowanking mailing list [EMAIL PROTECTED] http://lists.burri.to/mailman/listinfo/geowanking - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Oh...-that's- your point: No, Wikipedia needs to realize that the IP address correlation they enjoy outside of Tor is a happy accident, and that they should stop treating IP addressess as user credentials. If they want credentials, they need to implement them. Well, is it reasonable to expect a creature to evolve to an environment that doesn't exist yet? On the other hand, I don't think the number of Tor IP addresses is anywhere near its hockeystick yet, and when it comes it will be changing far too fast for them to block. So they will ultimately have to change their model, methinks. -TD
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Dont' agree here... From: Steve Furlong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Wed, 28 Sep 2005 09:41:34 -0400 On 9/28/05, Roy M. Silvernail [EMAIL PROTECTED] wrote: A Wikiwhiner wrote I have valid although perhaps unpopular contributions to make, and not only is my freedom to express myself limited, the quality of the material on Wikipedia suffers due to the absence of my perspective. Wow. Nice ego there. If someone I knew wrote some detailed Wiki entries about Telecom DCC control channel protocol throughputs and attacks, he could objectively state that there would be very few people in the world up to the task. He might also want to maintain anonymity. Shutting down this source of wiki entries means that the general flow of Wikipedia content has been altered slightly, but I would argue significantly. I see no material issue with an individual claiming that the absence of his posts to Wiki is significant, even if this is in fact untrue for his particular case. The ego is not material to the essential point. -TD
Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia]
Dont' agree here... From: Steve Furlong [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: Re: Hello directly from Jimbo at Wikipedia] Date: Wed, 28 Sep 2005 09:41:34 -0400 On 9/28/05, Roy M. Silvernail [EMAIL PROTECTED] wrote: A Wikiwhiner wrote I have valid although perhaps unpopular contributions to make, and not only is my freedom to express myself limited, the quality of the material on Wikipedia suffers due to the absence of my perspective. Wow. Nice ego there. If someone I knew wrote some detailed Wiki entries about Telecom DCC control channel protocol throughputs and attacks, he could objectively state that there would be very few people in the world up to the task. He might also want to maintain anonymity. Shutting down this source of wiki entries means that the general flow of Wikipedia content has been altered slightly, but I would argue significantly. I see no material issue with an individual claiming that the absence of his posts to Wiki is significant, even if this is in fact untrue for his particular case. The ego is not material to the essential point. -TD
RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course reduce a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Wikipedia Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200 - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to
Re: /. [How Chinese Evade Government's Web Controls]
What the heck are you doing there for three weeks? Buying some golden triangle goods? I hear it's beautiful, however, but it's not like you took a direct international flight there... -TD From: Peter Thoenen [EMAIL PROTECTED] To: Eugen Leitl [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: /. [How Chinese Evade Government's Web Controls] Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT) Chinese Web Controls and Tor ... a subject I happen to have close personal experience with. Just took a three week vacation to Dali, China and after hitting the Great Firewall of China (tm), hopped over to the eff site, downloaded tor and privoxy, and 10 minutes later was up and running bypassing the supposed Great Firewall. While I was at it, grabbed i2p and punched right through also utilizing the i2p www proxy. As much as folk want to rail against Tor for allowing malicious users to mask their identity, it really does serve a higher purpose. As for the WSJ article, EFF or I2P really needs advertise better. Why pay local Chinese Internet Cafe owners when you can punch right through for free.
Re: [EMAIL PROTECTED]: Wikipedia Tor]
What's the problem here? The Wikipedia guy sees lots of garbage coming out
of IP address set {X} so he blocks said address set. Somewhat regrettable
but no suprise, is it?
On the other hand, doesn't it seem a little -odd- that the Tor network is
already being used in this way? Granted, even I the great Tyler Durden was
able to get a Tor client up-and-running, but I find it suspicious that this
early wave of Tor users also happen to have a high % of vandals...something
stinks.
A very subtle attack, perhaps? If I were so-and-so, I consider it a real
coup to stop the kinds of legitimate Wikipedia entries that might be made
from Tor users. And if this is the case, you can bet that there are other
obvious targets that have been hammered through Tor.
In other words, someone said, Two can play at this game.
-TD
From: Roy M. Silvernail [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor]
Date: Tue, 27 Sep 2005 10:02:09 -0400
Quoting Eugen Leitl [EMAIL PROTECTED]:
- Forwarded message from Arrakis Tor [EMAIL PROTECTED] -
This is a conversation with Jimmy Wales regarding how we can get
Wikipedia to let Tor get through.
I completely fail to comprehend why Tor server operators consistently
refuse to take responsibility for their crazed users.
On one hand, this shows a deep misunderstanding of Tor and its purposes. On
the
other, I remain disappointed in the number of vandals that take advantage
of
Tor and other anonymizing services. On the gripping hand, perhaps the Wiki
philosophy is flawed.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
SpamAssassin-procmail-/dev/null-bliss
http://www.rant-central.com
Re: /. [How Chinese Evade Government's Web Controls]
What the heck are you doing there for three weeks? Buying some golden triangle goods? I hear it's beautiful, however, but it's not like you took a direct international flight there... -TD From: Peter Thoenen [EMAIL PROTECTED] To: Eugen Leitl [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: /. [How Chinese Evade Government's Web Controls] Date: Tue, 27 Sep 2005 11:48:31 -0700 (PDT) Chinese Web Controls and Tor ... a subject I happen to have close personal experience with. Just took a three week vacation to Dali, China and after hitting the Great Firewall of China (tm), hopped over to the eff site, downloaded tor and privoxy, and 10 minutes later was up and running bypassing the supposed Great Firewall. While I was at it, grabbed i2p and punched right through also utilizing the i2p www proxy. As much as folk want to rail against Tor for allowing malicious users to mask their identity, it really does serve a higher purpose. As for the WSJ article, EFF or I2P really needs advertise better. Why pay local Chinese Internet Cafe owners when you can punch right through for free.
RE: [EMAIL PROTECTED]: Re: Wikipedia Tor]
Sorry...I don't understand...why would psuedonymity services be provided within Tor? An external reputation/psuedonymity server would of course reduce a Tor users' anonymity to mere psuedonymity, but I don't see how it would do anything more, and who cares? If Wikipedia (or anyone) doesn't want to interact with the truly anonymous (as opposed to psuedonymous), then ah well. Solution: Wait and do nothing until someone (commericially) provides such services. Am I punchdrunk or stating the obvious? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Wikipedia Tor] Date: Tue, 27 Sep 2005 21:57:50 +0200 - Forwarded message from Roger Dingledine [EMAIL PROTECTED] - From: Roger Dingledine [EMAIL PROTECTED] Date: Tue, 27 Sep 2005 15:54:38 -0400 To: [EMAIL PROTECTED] Subject: Re: Wikipedia Tor User-Agent: Mutt/1.5.9i Reply-To: [EMAIL PROTECTED] On Tue, Sep 27, 2005 at 11:18:31AM -0400, Paul Syverson wrote: On Tue, Sep 27, 2005 at 10:27:58AM -0400, Matt Thorne wrote: everyone is so worried about it, but has any one ever been successfully been able to use tor to effectively spam anyone? No. Cf. http://tor.eff.org/faq-abuse.html#WhatAboutSpammers To be fair, this answer is yes. People have used Tor to deface Wikipedia pages, along with Slashdot pages, certain IRC networks, and so on. I think that counts as spam at least in a broad sense. A potential for cooperation is the proposal below for authenticated access to Wikipedia through Tor. I will not speak to any particular design here, but if Wikipedia has a notion of clients trusted to post to Wikipedia, it should be possible to work with them to have an authentication server that controls access to Wikipedia through Tor. As I understand it, Jimmy is hoping that we will develop and maintain this notion. We would run both halves of the Tor network, and when they complain about a user, we would cut that user out of the authenticated side. Jimmy and I talked about Tor-and-Wikipedia many months ago, and the conclusion was that they (mediawiki) would be willing to try a variety of technological solutions to see if they work (i.e. cut down on vandalism and aren't too much of a burden to run). My favorite is to simply have certain address classes where the block expires after 15 minutes or so. Brandon Wiley proposed a similar idea but where the block timeout is exponentially longer for repeated abuse, so services that are frequently blocked will stay blocked longer. This is great. But somebody needs to actually code it. Wikipedia already needs this sort of thing because of AOL IPs -- they have similar characteristics to Tor, in that a single IP produces lots of behavior, some good some bad. The two differences as I understand them are that AOL will cancel user accounts if you complain loudly enough (but there's constant tension here because in plenty of cases AOL decides not to cancel the account, so Wikipedia has to deal some other way like temporarily blocking the IP), and that it's not clear enough to the Wikipedia operators that there *are* good Tor users. (One might argue that it's hard for Wikipedia to change their perception and learn about any good Tor uses, firstly because good users will blend in and nobody will notice, and secondly because they've prevented them all from editing so there are no data points either way.) So I've been content to wait and watch things progress. Perhaps we will find a volunteer who wants to help hack the mediawiki codebase to be more authentication-friendly (or have more powerful blocking config options). Perhaps we'll find a volunteer to help build the blind-signature pseudonymous authenticated identity management infrastructure that Nick refers to. Perhaps the Wikimedia operators will increasingly get a sense that Tor has something to offer besides vandalism. (I presume this thread re-surfaced because Tor users and operators are periodically telling Wikipedia that they don't like being blocked.) Maybe we will come to the point eventually that it makes sense to do something different than blocking the Tor IP addresses from editing Wikipedia. (Which, we should all remember compared the Gentoo forum situation, is a great step above blocking them from both reading and writing.) It could be that we never reach that point. Certain services on the Internet (like some IRC networks) that are really prone to abuse are probably doing the right thing by blocking all Tor users (and all AOL users, and all open proxies, and ...). And we want to keep Tor easy to block, or we're really going to start getting the other communities angry at us. In summary, I'm not too unhappy with the status quo for now. Tor needs way more basic development / usability work still. In the absence of actual volunteers-who-code on the side of Tor _or_ Wikipedia to resolve the problem, I'm going to focus on continuing to make Tor better, so down the road maybe we'll be able to
Re: [EMAIL PROTECTED]: Wikipedia Tor]
What's the problem here? The Wikipedia guy sees lots of garbage coming out
of IP address set {X} so he blocks said address set. Somewhat regrettable
but no suprise, is it?
On the other hand, doesn't it seem a little -odd- that the Tor network is
already being used in this way? Granted, even I the great Tyler Durden was
able to get a Tor client up-and-running, but I find it suspicious that this
early wave of Tor users also happen to have a high % of vandals...something
stinks.
A very subtle attack, perhaps? If I were so-and-so, I consider it a real
coup to stop the kinds of legitimate Wikipedia entries that might be made
from Tor users. And if this is the case, you can bet that there are other
obvious targets that have been hammered through Tor.
In other words, someone said, Two can play at this game.
-TD
From: Roy M. Silvernail [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: [EMAIL PROTECTED]: Wikipedia Tor]
Date: Tue, 27 Sep 2005 10:02:09 -0400
Quoting Eugen Leitl [EMAIL PROTECTED]:
- Forwarded message from Arrakis Tor [EMAIL PROTECTED] -
This is a conversation with Jimmy Wales regarding how we can get
Wikipedia to let Tor get through.
I completely fail to comprehend why Tor server operators consistently
refuse to take responsibility for their crazed users.
On one hand, this shows a deep misunderstanding of Tor and its purposes. On
the
other, I remain disappointed in the number of vandals that take advantage
of
Tor and other anonymizing services. On the gripping hand, perhaps the Wiki
philosophy is flawed.
--
Roy M. Silvernail is [EMAIL PROTECTED], and you're not
It's just this little chromium switch, here. - TFT
SpamAssassin-procmail-/dev/null-bliss
http://www.rant-central.com
Re: Wired on Secrecy Power Sinks Patent Case
Nah...it wasn't half a million. It was a hell of a lot more, I suspect. Even a standard SC or APC connector cost $50 in those days, and from what I suspect this would be MUCH much more than that, and probably formed just one piece of a larger contract. The odd thing about this case was that the judge ruled in favor of Lucent...the government wasn't even directly involved. Lucent made a ton of profit which this poor bastard didn't get dime one from. That's a lot different then allowing the government to use your IP. -TD From: Steve Schear [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wired on Secrecy Power Sinks Patent Case Date: Sun, 25 Sep 2005 23:55:48 -0700 At 09:14 AM 9/20/2005, Tyler Durden wrote: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) [Cross posted from another list] Ian G [EMAIL PROTECTED] wrote: What I don't understand about that case is that the precedent already exists. If a defendent declines to defend by supplying documents then the judge does not force them to do so in a civil case, instead the award goes against them. What is not clear is why the judge awarded in the favour of the government. By not supplying files, they clearly indicated they were using the patent. And even that wasn't ever in doubt. He should have just awarded summarily for the patent owners and that would have been that. And, it was only for a measly half million. By saving a half million in patent fees, Lucent and the USG have reduced their reputation for fair dealing, had the whole case blow up in their faces and now we're all poking around looking for how the patent was used by the _Jimmy Carter_
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Actually, depending on your App, this would seem to be th very OPPOSITE of a moot point. -TD From: Gregory Hicks [EMAIL PROTECTED] Reply-To: Gregory Hicks [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT) From: Tyler Durden [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 12:56:33 -0400 Are you sure? No, but the phone now SAYS that location info is OFF except to E911... Whether or not it actually IS turned off is a moot point. How to check? Regards, Gregory Hicks -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH --- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision. - Benjamin Franklin The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Are you sure? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Are you sure? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]]
Actually, depending on your App, this would seem to be th very OPPOSITE of a moot point. -TD From: Gregory Hicks [EMAIL PROTECTED] Reply-To: Gregory Hicks [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:11:10 -0700 (PDT) From: Tyler Durden [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 12:56:33 -0400 Are you sure? No, but the phone now SAYS that location info is OFF except to E911... Whether or not it actually IS turned off is a moot point. How to check? Regards, Gregory Hicks -TD From: R.A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [EMAIL PROTECTED]: [IP] Request: Check your cell phone to see if it's always transmitting your location [priv]] Date: Thu, 22 Sep 2005 10:05:31 -0400 At 2:59 PM +0200 9/22/05, Eugen Leitl wrote: For my Treo phone, I found the location option under Phone Preferences in the Options menu of the main phone screen. Bada-bing! Fixed *that*. Cheers, RAH --- I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision. - Benjamin Franklin The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton
Wired on Secrecy Power Sinks Patent Case
Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) Aside from this the links are worth pursuing vz Variola Suitcase type discussions. I suspect that a thorough civilian analysis could reveal a lot about NSA's undersea operation. One thing I can see about this connector is that it does not require any visual orientation in order to mate the Bragg-angled fiber interfaces inside...other connectors either mismate if you're not careful, or require rotating the ferrule in order to get the notch to line up. (Low-loss fiber connectors are Bragg-angled in order to prevent reflections.) These might not be viable options at deep depths, indicating that some of their operation must be done extra-vehicular (though by humans or robots I can't yet tell.) Their carrying on about HOW they select traffic is, I suspect, true: They must have some kind of control and switching network in some areas in order to select out some traffic, and I believe I've seen parts of this...the bandwidth is just too large to develop a complete 1:1 copy of everything, when we're talking middle-of-the-ocean-type applications. (And as I've also stated many times, I'd bet NSA has a HUGE risk analysis department to support the decisons about which traffic to grab.) -TD
Re: Wired on Secrecy Power Sinks Patent Case
So if the state hasn't classified my data (and I kinda doubt they will), then it should be up for grabs by anyone suckin' down the dole? -TD From: Justin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wired on Secrecy Power Sinks Patent Case Date: Tue, 20 Sep 2005 18:54:23 + On 2005-09-20T12:14:13-0400, Tyler Durden wrote: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 I'm sick of this mosaic theory being used to justify preventing access to unclassified information. -- War is the father of all and king of all, and some he shows as gods, others as men; some he makes slaves, others free. -Heraclitus DK-53
Re: Wired on Secrecy Power Sinks Patent Case
So if the state hasn't classified my data (and I kinda doubt they will), then it should be up for grabs by anyone suckin' down the dole? -TD From: Justin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Wired on Secrecy Power Sinks Patent Case Date: Tue, 20 Sep 2005 18:54:23 + On 2005-09-20T12:14:13-0400, Tyler Durden wrote: Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 I'm sick of this mosaic theory being used to justify preventing access to unclassified information. -- War is the father of all and king of all, and some he shows as gods, others as men; some he makes slaves, others free. -Heraclitus DK-53
Wired on Secrecy Power Sinks Patent Case
Very interesting CPunks reading, for a variety of reasons. http://www.wired.com/news/technology/0,1282,68894,00.html?tw=wn_tophead_1 Of course, the fact that Lucent has been in shit shape financially must have nothing to do with what is effectively a state-sponsored protection of intellectual theft and profiting by Lucent (merely keeping the tech under wraps would have been possible in a closed-doors session. Remember that connectors can easily cost $50 per or more, so these guys were really ripped off and Lucent probably made out quite well.) Aside from this the links are worth pursuing vz Variola Suitcase type discussions. I suspect that a thorough civilian analysis could reveal a lot about NSA's undersea operation. One thing I can see about this connector is that it does not require any visual orientation in order to mate the Bragg-angled fiber interfaces inside...other connectors either mismate if you're not careful, or require rotating the ferrule in order to get the notch to line up. (Low-loss fiber connectors are Bragg-angled in order to prevent reflections.) These might not be viable options at deep depths, indicating that some of their operation must be done extra-vehicular (though by humans or robots I can't yet tell.) Their carrying on about HOW they select traffic is, I suspect, true: They must have some kind of control and switching network in some areas in order to select out some traffic, and I believe I've seen parts of this...the bandwidth is just too large to develop a complete 1:1 copy of everything, when we're talking middle-of-the-ocean-type applications. (And as I've also stated many times, I'd bet NSA has a HUGE risk analysis department to support the decisons about which traffic to grab.) -TD
Tor Webhosting?
A few more Tor questions.. Are there yet commercial Tor web hosters? How much would this cost vs hosting one's own node? Since I assume the website actually resides on a single node, there is the slight problem of the node owner knowing, at least, that he had been paid to host X sites, on such-and-such dates...not optimal of course but not everyone in the world is going to want to run a Tor node just to put a site up (like me). Also, there -is- a one-to-one mapping between Tor nodes and Tor-hosted sites, no? It's not like a site is cryptographically split into quasi-redundant pieces, placed on random servers, and then assembled on the fly when there's a request, right? Can Tor support such a thing in the future? (eg, Website file A is split into N partially redudant pieces and sent to N servers...the website can still be retrieved from any M pieces, where N=M.) -TD
Tor Webhosting?
A few more Tor questions.. Are there yet commercial Tor web hosters? How much would this cost vs hosting one's own node? Since I assume the website actually resides on a single node, there is the slight problem of the node owner knowing, at least, that he had been paid to host X sites, on such-and-such dates...not optimal of course but not everyone in the world is going to want to run a Tor node just to put a site up (like me). Also, there -is- a one-to-one mapping between Tor nodes and Tor-hosted sites, no? It's not like a site is cryptographically split into quasi-redundant pieces, placed on random servers, and then assembled on the fly when there's a request, right? Can Tor support such a thing in the future? (eg, Website file A is split into N partially redudant pieces and sent to N servers...the website can still be retrieved from any M pieces, where N=M.) -TD
RE: The ghost of Tim May
I do suspect he still monitors Cypherpunks, however...many of my efforts to troll him out in the past have been successful, most particularly when I suggested that as a CP team building excersize we lay siege to his compound! (He uses an anonymizer once in a while to post.) -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] Subject: RE: The ghost of Tim May Date: Fri, 9 Sep 2005 09:17:47 -0400 Tyler Durden wrote: Ulex Europae wrote... Okay, I've been in a hole in the ground for a few years. What happened to Tim May? May's ghost haunts and trolls lesser boards (and as an upper bound I admit CP ain't super-hot these days), where he is banished for all eternity, and where he is viewed as merely an old, crazy kook. I don't miss his racism and love of mass murder, but I sure miss his brilliant, destabilising ideas. -TD Check misc.survivalism, scruz.general, ba.mountain-folk, and (recently) neworleans.general. I'm also dissapointed by the content of his posts; there is little beyond the racism left. Peter Trei
RE: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations]
What? A pirate radio station in the Carribean is jamming broadcasts in New Orleans? I find that hard to believe. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations] Date: Fri, 9 Sep 2005 17:39:32 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 9 Sep 2005 08:25:43 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Radio jamming in New Orleans during rescue operations X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Glenn S. Tenney CISSP CISM [EMAIL PROTECTED] Date: September 8, 2005 3:24:45 PM EDT To: [EMAIL PROTECTED] Subject: Radio jamming in New Orleans during rescue operations I saw this... For IP if you like: http://www.waynemadsenreport.com/ September 2, 2005 -- Who is jamming communications in New Orleans? Ham radio operators are reporting that communications in and around New Orleans are being jammed. In addition, perplexed ham radio operators who were enlisted by the Federal government in 911 are not being used for hurricane Katrina Federal relief efforts. There is some misinformation circulating on the web that the jamming is the result of solar flares. Ham radio operators report that the flares are not the source of the communications jamming. If anyone at the National Security Agency is aware of the source of the jamming, from direction finding or satellite intelligence, please discretely contact me at [EMAIL PROTECTED] (from a private or temporary email account). In this case, the Bush administration cannot hide behind national security and it is the duty of every patriotic American to report such criminal activity to the press. Even though the information on the jamming may be considered classified -- it is in the public interest to disclose it. Also, the Federal Aviation Administration (FAA) is reporting that no aircraft over New Orleans have been fired on over New Orleans or anywhere else in the area. Are the reports of shots being fired at aircraft an attempt by the Bush administration to purposely delay the arrival of relief to the city's homeless and dying poor? The neocons have turned New Orleans into Baghdad on the Mississipppi New Orleans: Who is jamming communications and why? UPDATE: We can now report that the jamming of New Orleans' communications is emanating from a pirate radio station in the Caribbean. The noise is continuous and it is jamming frequencies, including emergency high frequency (HF) radios, in the New Orleans area. The radio frequency jammers were heard last night, stopped for a while, and are active again today. The Pentagon must locate the positions of these transmitters and order the Air Force to bomb them immediately. However, we now have a new unconfirmed report that the culprit may be the Pentagon itself. The emitter is an IF (Intermediate Frequency) jammer that is operating south southwest of New Orleans on board a U.S. Navy ship, according to an anonymous source. The jamming is cross-spectrum and interfering with superheterodyne receiver components, including the emergency radios being used in New Orleans relief efforts. The jammed frequencies are: 72.0MHZ (high end of Channel 4 WWL TV New Orleans) 45.0MHZ(fixed mobile) 10.245MHZ (fixed mobile) 10.240 Mhz (fixed mobile) 11.340 Mhz (aeronautical mobile) 233 MHZ (fixed mobile) 455 IF (jammer) A former DoD source says the U.S. Army uses a portable jammer, known as WORLOCK, in Iraq and this jammer may be similar to the one that is jamming the emergency frequencies. UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search Rescue Team deployed to New Orleans reported that their satellite phones were not working and they had to obtain other satellite phones to keep in touch with their headquarters and other emergency agencies in British Columbia. There is a report on a ham radio web site that jamming is adversely affecting the New Orleans emergency net on 14.265 Mhz. If a U.S. Navy ship is, in fact, jamming New Orleans communications, the crew must immediately shut down the jammer and take action against the Commanding Officer. *** We have just learned from a journalist in Mobile that yesterday, Sprint blocked all cell phone calls from the Gulf Coast region to points north and west. Calls were permitted between Alabama, Mississippi, and Florida but no calls could be made to Washington, New York, or Los Angeles September 5, 2005 ... Meanwhile, the communications jamming in the New Orleans area continues. It is now being reported by truck drivers on Interstate-10 as affecting the Citizens' Band (CB) frequencies. - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded
RE: The ghost of Tim May
I do suspect he still monitors Cypherpunks, however...many of my efforts to troll him out in the past have been successful, most particularly when I suggested that as a CP team building excersize we lay siege to his compound! (He uses an anonymizer once in a while to post.) -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] Subject: RE: The ghost of Tim May Date: Fri, 9 Sep 2005 09:17:47 -0400 Tyler Durden wrote: Ulex Europae wrote... Okay, I've been in a hole in the ground for a few years. What happened to Tim May? May's ghost haunts and trolls lesser boards (and as an upper bound I admit CP ain't super-hot these days), where he is banished for all eternity, and where he is viewed as merely an old, crazy kook. I don't miss his racism and love of mass murder, but I sure miss his brilliant, destabilising ideas. -TD Check misc.survivalism, scruz.general, ba.mountain-folk, and (recently) neworleans.general. I'm also dissapointed by the content of his posts; there is little beyond the racism left. Peter Trei
RE: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations]
What? A pirate radio station in the Carribean is jamming broadcasts in New Orleans? I find that hard to believe. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Radio jamming in New Orleans during rescue operations] Date: Fri, 9 Sep 2005 17:39:32 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Fri, 9 Sep 2005 08:25:43 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Radio jamming in New Orleans during rescue operations X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Glenn S. Tenney CISSP CISM [EMAIL PROTECTED] Date: September 8, 2005 3:24:45 PM EDT To: [EMAIL PROTECTED] Subject: Radio jamming in New Orleans during rescue operations I saw this... For IP if you like: http://www.waynemadsenreport.com/ September 2, 2005 -- Who is jamming communications in New Orleans? Ham radio operators are reporting that communications in and around New Orleans are being jammed. In addition, perplexed ham radio operators who were enlisted by the Federal government in 911 are not being used for hurricane Katrina Federal relief efforts. There is some misinformation circulating on the web that the jamming is the result of solar flares. Ham radio operators report that the flares are not the source of the communications jamming. If anyone at the National Security Agency is aware of the source of the jamming, from direction finding or satellite intelligence, please discretely contact me at [EMAIL PROTECTED] (from a private or temporary email account). In this case, the Bush administration cannot hide behind national security and it is the duty of every patriotic American to report such criminal activity to the press. Even though the information on the jamming may be considered classified -- it is in the public interest to disclose it. Also, the Federal Aviation Administration (FAA) is reporting that no aircraft over New Orleans have been fired on over New Orleans or anywhere else in the area. Are the reports of shots being fired at aircraft an attempt by the Bush administration to purposely delay the arrival of relief to the city's homeless and dying poor? The neocons have turned New Orleans into Baghdad on the Mississipppi New Orleans: Who is jamming communications and why? UPDATE: We can now report that the jamming of New Orleans' communications is emanating from a pirate radio station in the Caribbean. The noise is continuous and it is jamming frequencies, including emergency high frequency (HF) radios, in the New Orleans area. The radio frequency jammers were heard last night, stopped for a while, and are active again today. The Pentagon must locate the positions of these transmitters and order the Air Force to bomb them immediately. However, we now have a new unconfirmed report that the culprit may be the Pentagon itself. The emitter is an IF (Intermediate Frequency) jammer that is operating south southwest of New Orleans on board a U.S. Navy ship, according to an anonymous source. The jamming is cross-spectrum and interfering with superheterodyne receiver components, including the emergency radios being used in New Orleans relief efforts. The jammed frequencies are: 72.0MHZ (high end of Channel 4 WWL TV New Orleans) 45.0MHZ(fixed mobile) 10.245MHZ (fixed mobile) 10.240 Mhz (fixed mobile) 11.340 Mhz (aeronautical mobile) 233 MHZ (fixed mobile) 455 IF (jammer) A former DoD source says the U.S. Army uses a portable jammer, known as WORLOCK, in Iraq and this jammer may be similar to the one that is jamming the emergency frequencies. UPDATE Sep. 3 -- A Vancouver, British Columbia Urban Search Rescue Team deployed to New Orleans reported that their satellite phones were not working and they had to obtain other satellite phones to keep in touch with their headquarters and other emergency agencies in British Columbia. There is a report on a ham radio web site that jamming is adversely affecting the New Orleans emergency net on 14.265 Mhz. If a U.S. Navy ship is, in fact, jamming New Orleans communications, the crew must immediately shut down the jammer and take action against the Commanding Officer. *** We have just learned from a journalist in Mobile that yesterday, Sprint blocked all cell phone calls from the Gulf Coast region to points north and west. Calls were permitted between Alabama, Mississippi, and Florida but no calls could be made to Washington, New York, or Los Angeles September 5, 2005 ... Meanwhile, the communications jamming in the New Orleans area continues. It is now being reported by truck drivers on Interstate-10 as affecting the Citizens' Band (CB) frequencies. - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded
The ghost of Tim May
Ulex Europae wrote... Okay, I've been in a hole in the ground for a few years. What happened to Tim May? May's ghost haunts and trolls lesser boards (and as an upper bound I admit CP ain't super-hot these days), where he is banished for all eternity, and where he is viewed as merely an old, crazy kook. I don't miss his racism and love of mass murder, but I sure miss his brilliant, destabilising ideas. -TD
RE: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)]
Like I said: We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Then again, the FBI probably loves hanging out in Starbucks anyway... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)] Date: Wed, 7 Sep 2005 15:58:08 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Wed, 7 Sep 2005 09:48:13 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Seth David Schoen [EMAIL PROTECTED] Date: September 5, 2005 6:10:02 PM EDT To: David Farber [EMAIL PROTECTED] Cc: Donna Wentworth [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [E-PRV] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) David Farber writes: Can I get a copy for IP The original article is at http://www.time.com/time/archive/preview/0,10987,1090908,00.html (subscription required) Here's the letter we sent: Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies (Psst! The FBI is Having Trouble on the Line, Notebook, August 15) is in error. You claim that police can't tap into [Internet] conversations or identify the location of callers, even with court orders. That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance. But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse. The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power in the face of increasingly powerful and personally revealing technologies (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations. -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)]
Like I said: We need a WiFi VoIP over Tor app pronto! Let 'em CALEA -that-. Only then will the ghost of Tim May rest in piece. Then again, the FBI probably loves hanging out in Starbucks anyway... -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15)] Date: Wed, 7 Sep 2005 15:58:08 +0200 - Forwarded message from David Farber [EMAIL PROTECTED] - From: David Farber [EMAIL PROTECTED] Date: Wed, 7 Sep 2005 09:48:13 -0400 To: Ip Ip ip@v2.listbox.com Subject: [IP] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) X-Mailer: Apple Mail (2.734) Reply-To: [EMAIL PROTECTED] Begin forwarded message: From: Seth David Schoen [EMAIL PROTECTED] Date: September 5, 2005 6:10:02 PM EDT To: David Farber [EMAIL PROTECTED] Cc: Donna Wentworth [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [E-PRV] Internet phone wiretapping (Psst! The FBI is Having Trouble on the Line, Aug. 15) David Farber writes: Can I get a copy for IP The original article is at http://www.time.com/time/archive/preview/0,10987,1090908,00.html (subscription required) Here's the letter we sent: Your account of FBI efforts to embed wiretapping into the design of new Internet communication technologies (Psst! The FBI is Having Trouble on the Line, Notebook, August 15) is in error. You claim that police can't tap into [Internet] conversations or identify the location of callers, even with court orders. That is false. Internet service providers and VoIP companies have consistently responded to such orders and turned over information in their possession. There is no evidence that law enforcement is having any trouble obtaining compliance. But more disturbingly, you omit entirely any reference to the grave threat these FBI initiatives pose to the personal privacy and security of innocent Americans. The technologies currently used to create wiretap-friendly computer networks make the people on those networks more pregnable to attackers who want to steal their data or personal information. And at a time when many of our most fundamental consititutional rights are being stripped away in the name of fighting terrorism, you implicitly endorse opening yet another channel for potential government abuse. The legislative history of the Communications Assistance for Law Enforcement Act (CALEA) shows that Congress recognized the danger of giving law enforcement this kind of surveillance power in the face of increasingly powerful and personally revealing technologies (H.R. Rep. No. 103-827, 1994 U.S.C.C.A.N. 3489, 3493 [1994] [House Report]). The law explicitly exempts so-called information services; law enforcement repeatedly assured civil libertarians that the Internet would be excluded. Yet the FBI and FCC have now betrayed that promise and stepped beyond the law, demanding that Internet software be redesigned to facilitate eavesdropping. In the coming months, we expect the federal courts to rein in these dangerously expansive legal intepretations. -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107 - You are subscribed as [EMAIL PROTECTED] To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Tor VoIP, etc...
SQ wrote... A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card Oh no! Loss of the Houston library card! My passport to knowledge!!! criminal prosecution if caught. Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, DO NOT TOUCH. If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports -TD
Re: Tor VoIP, etc...
Shawn Quinn wrote... For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node starbuck. So: How hard would it be to surreptitiously install a Tor node into a computer at a public library? -TD
Re: Perhaps the real reason why Chavez is being targeted?
While the US certainly has been interfering with Chavez and generally trying to mess around in Venezuela for a while, most of what's happening here is just that Chavez is running off at the mouth for domestic political reasons. (Pat Robertson was partly doing that also and partly just babbling.) The leftist Z-mag had an interesting article about Chavez last month. Although most of Z-mag's articles are fairly silly leftwing ranting, you defiintely have a few in-the-trenches-type articles that show up every now and then. The article on Chavez is most interesting and strongly suggests that what Chavez is actually doing is trying to drive up the price Venezuela gets per barrel. Apparently, he's been successful, and most major oil companies (with the notable exception of Exxon) have recently signed very favorable contracts with his government. Also of interest is the proliferation of Chinese and other oil companies edging in next to the big US UK oil firms that have traditionally dominated such deals. The business about shipping oil to Jamaica is interesting; he'd previously been talking about selling cheap gasoline to poor US communities, which was high-grade political bullshit that he had no mechanism for implementing, and quite amusing. Maybe not quite bullshit after all...the major barrier to doing this (ie, shipping low cost oil to some contries and communities) was that the oil was in a form that required processing before it could be used (when I get home I'll try to look up the specifics). Only a few companies could do this and he now has such companies signed (one is Chinese, I think). But fundamentally the US government's problem is that he's a leftist who hangs out with Castro and has oil and likes to do land reform and nationalize oil companies, which is not the kind of thing that right-wing industrialists like. Well, that's always the catch. Mao and (to a much lesser extent) Castro were effective guerilla warriors, but Mao had to die of old age in order for China to start developing itself (Cuba speaks for itself). Chavez seems to be spending a lot of the oil wealth on lots of social services which, though perhaps noble, is not sustainable. If Chavez were bright enough to use this $$$ to kick-start a modern economy his rhetoric would then prove to be much more than hot air. In short, I'm not convinced Chavez is an idiot. From this vantage point I'd argue it's way too early to tell. -TD
RE: [EMAIL PROTECTED]: Re: Tor on USB]
Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Tor on USB] Date: Tue, 30 Aug 2005 16:42:27 +0200 - Forwarded message from Paul Syverson [EMAIL PROTECTED] - From: Paul Syverson [EMAIL PROTECTED] Date: Tue, 30 Aug 2005 10:22:22 -0400 To: [EMAIL PROTECTED] Cc: Paul Syverson [EMAIL PROTECTED] Subject: Re: Tor on USB User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] You might also see the following commercial distribution that bundles Tor, a tiny linux, and related software on a USB stick http://www.virtualprivacymachine.com/products.html Looks cool and got favorable reviews, but I haven't used or examined it first hand. This is a pointer, not an endorsement. -Paul On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote: Interesting implementation. You could use it at a public terminal, a friend's computer, or for plausible deniability on your own computer. On 8/29/05, Shatadal [EMAIL PROTECTED] wrote: Arrakis Tor wrote: Can firefox be installed to run standalone whatsoever? Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and http://portablefirefox.mozdev.org/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Tor VoIP, etc...
Shawn Quinn wrote... For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node starbuck. So: How hard would it be to surreptitiously install a Tor node into a computer at a public library? -TD
Re: Tor VoIP, etc...
SQ wrote... A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card Oh no! Loss of the Houston library card! My passport to knowledge!!! criminal prosecution if caught. Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, DO NOT TOUCH. If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports -TD
Tor VoIP, etc...
Damian Gerow replied to the great Tyler Durden: Thus spake Tyler Durden ([EMAIL PROTECTED]) [02/09/05 19:45]: : How long will it take the Greater Tor Network to notice the existence of : this little node? A few days after you register. : In other words, if I go into a Starbucks with this thing, can my laptop or : whatever start acting like a temporary Tor node? Well, here I meant after registration, etc...in a regular IP network it can take seconds to minutes in order for routing tables (at layer 3) or the local MAC Address tables (at layer 2) to recognize that you're back on line. With a Tor node I'm wondering how long it takes for the greater Tor network to both notice your existence and then trust that you're here to stay...for a while. In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two? Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going. In other words, just for me. That, of course, is great. As for simplicity, I need that: I know my way around the BLSR protection switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). I just don't have time to have to fiddle with the OS myself, so this will be interesting. Think I might get me one of those gizmos and then stick it on my PDA. So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! -TD
Re: Perhaps the real reason why Chavez is being targeted?
While the US certainly has been interfering with Chavez and generally trying to mess around in Venezuela for a while, most of what's happening here is just that Chavez is running off at the mouth for domestic political reasons. (Pat Robertson was partly doing that also and partly just babbling.) The leftist Z-mag had an interesting article about Chavez last month. Although most of Z-mag's articles are fairly silly leftwing ranting, you defiintely have a few in-the-trenches-type articles that show up every now and then. The article on Chavez is most interesting and strongly suggests that what Chavez is actually doing is trying to drive up the price Venezuela gets per barrel. Apparently, he's been successful, and most major oil companies (with the notable exception of Exxon) have recently signed very favorable contracts with his government. Also of interest is the proliferation of Chinese and other oil companies edging in next to the big US UK oil firms that have traditionally dominated such deals. The business about shipping oil to Jamaica is interesting; he'd previously been talking about selling cheap gasoline to poor US communities, which was high-grade political bullshit that he had no mechanism for implementing, and quite amusing. Maybe not quite bullshit after all...the major barrier to doing this (ie, shipping low cost oil to some contries and communities) was that the oil was in a form that required processing before it could be used (when I get home I'll try to look up the specifics). Only a few companies could do this and he now has such companies signed (one is Chinese, I think). But fundamentally the US government's problem is that he's a leftist who hangs out with Castro and has oil and likes to do land reform and nationalize oil companies, which is not the kind of thing that right-wing industrialists like. Well, that's always the catch. Mao and (to a much lesser extent) Castro were effective guerilla warriors, but Mao had to die of old age in order for China to start developing itself (Cuba speaks for itself). Chavez seems to be spending a lot of the oil wealth on lots of social services which, though perhaps noble, is not sustainable. If Chavez were bright enough to use this $$$ to kick-start a modern economy his rhetoric would then prove to be much more than hot air. In short, I'm not convinced Chavez is an idiot. From this vantage point I'd argue it's way too early to tell. -TD
RE: [EMAIL PROTECTED]: Re: Tor on USB]
Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: Re: Tor on USB] Date: Tue, 30 Aug 2005 16:42:27 +0200 - Forwarded message from Paul Syverson [EMAIL PROTECTED] - From: Paul Syverson [EMAIL PROTECTED] Date: Tue, 30 Aug 2005 10:22:22 -0400 To: [EMAIL PROTECTED] Cc: Paul Syverson [EMAIL PROTECTED] Subject: Re: Tor on USB User-Agent: Mutt/1.4.1i Reply-To: [EMAIL PROTECTED] You might also see the following commercial distribution that bundles Tor, a tiny linux, and related software on a USB stick http://www.virtualprivacymachine.com/products.html Looks cool and got favorable reviews, but I haven't used or examined it first hand. This is a pointer, not an endorsement. -Paul On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote: Interesting implementation. You could use it at a public terminal, a friend's computer, or for plausible deniability on your own computer. On 8/29/05, Shatadal [EMAIL PROTECTED] wrote: Arrakis Tor wrote: Can firefox be installed to run standalone whatsoever? Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and http://portablefirefox.mozdev.org/ - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Supposedly, the tobacco companies have had commercial marijuana products ready forever (I've even seen photos, but I always suspected they were doctored up stoner's dreams). The idea that the pharmaceutical companies would start actively researching new designer drugs is fascinating and scary...wait, scratch that scary, because it can't be scarier than drug-related crime in the US. The New York Times Magazine had a fascinating story years back on the US's marijuana industry. it's apparently the #2 export crop and US pot technology is in some cases extremely, uh, high. They described growers with strings of apartments in various US states connected with sesnors to the internet. If any of the apartments showed signs of entry, the grower would never return. (Each apartment supposedly had low levels of crops to fly under certain state laws if they were ever caught.) No doubt some of those growers are good customers of RSA products! -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], cypherpunks@minder.net, [EMAIL PROTECTED] Subject: RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Tue, 23 Aug 2005 13:39:17 -0400 Tyler Durden writes: Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? Actually, if we ever managed to kill the culture of prohibition, I suspect that crystal meth would be about as popular is bathtub gin is today. It's terrible stuff. I'd expect the big pharmas to start 'recreational drug' wings, which would bring real research power to the problem of finding highs which are fun, safe, affordable, and with minimal physical addiction. I need a new drug... Peter Trei
Re: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Coderman wrote... the state of oregon just passed a law (yet to be put into effect) that requires a prescription from a doctor for all sudafed (pseudo ephedrine) purchases. the problem isn't drug addicts killing themselves with corrosive fluids, as this would be a problem that solves itself in short order, but rather that meth heads are idiotic crime machines. i've had numerous friends and acquaintances affected by this (vehicles stolen or broken into, property damaged and/or stolen, tweakers robbing at knife point, etc, etc) and it's getting ridiculous*. Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? There's little doubt that the vast majority of drug-related crime stems not from some crazed crime spree but from issues relating to supply and demand. Legalizing drug XYZ no doubt drops the cost. Then again, if we legalized a lot of drugs then what would all those corrections officers do for a living? Become airport security experts no doubt. -TD
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Supposedly, the tobacco companies have had commercial marijuana products ready forever (I've even seen photos, but I always suspected they were doctored up stoner's dreams). The idea that the pharmaceutical companies would start actively researching new designer drugs is fascinating and scary...wait, scratch that scary, because it can't be scarier than drug-related crime in the US. The New York Times Magazine had a fascinating story years back on the US's marijuana industry. it's apparently the #2 export crop and US pot technology is in some cases extremely, uh, high. They described growers with strings of apartments in various US states connected with sesnors to the internet. If any of the apartments showed signs of entry, the grower would never return. (Each apartment supposedly had low levels of crops to fly under certain state laws if they were ever caught.) No doubt some of those growers are good customers of RSA products! -TD From: Trei, Peter [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], cypherpunks@minder.net, [EMAIL PROTECTED] Subject: RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Tue, 23 Aug 2005 13:39:17 -0400 Tyler Durden writes: Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? Actually, if we ever managed to kill the culture of prohibition, I suspect that crystal meth would be about as popular is bathtub gin is today. It's terrible stuff. I'd expect the big pharmas to start 'recreational drug' wings, which would bring real research power to the problem of finding highs which are fun, safe, affordable, and with minimal physical addiction. I need a new drug... Peter Trei
Re: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Coderman wrote... the state of oregon just passed a law (yet to be put into effect) that requires a prescription from a doctor for all sudafed (pseudo ephedrine) purchases. the problem isn't drug addicts killing themselves with corrosive fluids, as this would be a problem that solves itself in short order, but rather that meth heads are idiotic crime machines. i've had numerous friends and acquaintances affected by this (vehicles stolen or broken into, property damaged and/or stolen, tweakers robbing at knife point, etc, etc) and it's getting ridiculous*. Yes, but the old question needs to be asked: How much of this crime would go away if crystal meth were legal? There's little doubt that the vast majority of drug-related crime stems not from some crazed crime spree but from issues relating to supply and demand. Legalizing drug XYZ no doubt drops the cost. Then again, if we legalized a lot of drugs then what would all those corrections officers do for a living? Become airport security experts no doubt. -TD
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Holy Fuck we need some smarter people in this society. OK, you threw away your trash. I see no inherent reason why someone else can't grab it. But INFORMATION about you isn't trash. Then again, you do throw away the photons that exit through your windows, so I guess cops should be able to stare at you through binoculars all the time and haul you in based on the photons you've thrown away. Oh, and to take it further, police should have immediate, un-warranted access to the trashcan on your computer, at all times. Indeed, there should be a registry that constantly monitors what you're throwing away, because it's just (digital) trash, right? As for crystal meth, I know I'm preaching to the choir here, but if I want to pour something from my chemistry set down my throat that shouldn't be anybody's business. The fact that it doesn't accidentally kill me and indeed gives me a buzz shouldn't be the sole provence of the pharmaceutical companies. After that, if you want to make laws about selling the stuff well that's a different matter. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Fri, 19 Aug 2005 21:55:41 +0200 - Forwarded message from Declan McCullagh [EMAIL PROTECTED] - From: Declan McCullagh [EMAIL PROTECTED] Date: Fri, 05 Aug 2005 12:20:34 -0700 To: [EMAIL PROTECTED] Subject: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) http://news.com.com/2061-10796_3-5820618.html Montana Supreme Court justice warns Orwell's 1984 has arrived August 5, 2005 12:13 PM PDT Believe it or not, it's perfectly legal for police to rummage through your garbage for incriminating stuff on you -- even if they don't have a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless trash dive into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison. Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away. What's remarkable is the concurring opinion of Montana Supreme Court Justice James C. Nelson, who reluctantly went along with his colleagues but warned that George Orwell's 1984 had arrived. We reproduce his concurring opinion in full: -Declan -- Justice James C. Nelson concurs. I have signed our Opinion because we have correctly applied existing legal theory and constitutional jurisprudence to resolve this case on its facts. I feel the pain of conflict, however. I fear that, eventually, we are all going to become collateral damage in the war on drugs, or terrorism, or whatever war is in vogue at the moment. I retain an abiding concern that our Declaration of Rights not be killed by friendly fire. And, in this day and age, the courts are the last, if not only, bulwark to prevent that from happening. In truth, though, we area throw-away society. My garbage can contains the remains of what I eat and drink. It may contain discarded credit card receipts along with yesterday's newspaper and junk mail. It might hold some personal letters, bills, receipts, vouchers, medical records, photographs and stuff that is imprinted with the multitude of assigned numbers that allow me access to the global economy and vice versa. My garbage can contains my DNA. As our Opinion states, what we voluntarily throw away, what we discard--i.e., what we abandon--is fair game for roving animals, scavengers, busybodies, crooks and for those seeking evidence of criminal enterprise. Yet, as I expect with most people, when I take the day's trash (neatly packaged in opaque plastic bags) to the garbage can each night, I give little consideration to what I am throwing away and less thought, still, to what might become of my refuse. I don't necessarily envision that someone or something is going to paw through it looking for a morsel of food, a discarded treasure, a stealable part of my identity or a piece of evidence. But, I've seen that happen enough times to understand--though not graciously accept--that there is nothing sacred in whatever privacy interest I think I have retained in my trash once it leaves my control--the Fourth Amendment and Article II, Sections 10 and 11, notwithstanding. Like it or not, I live in a society that accepts virtual strip searches at airports; surveillance cameras; discount cards that record my buying habits; bar codes; cookies and spywear on my computer; on-line access to satellite technology that can image my back yard; and microchip radio frequency identification devices already implanted
RE: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]]
Holy Fuck we need some smarter people in this society. OK, you threw away your trash. I see no inherent reason why someone else can't grab it. But INFORMATION about you isn't trash. Then again, you do throw away the photons that exit through your windows, so I guess cops should be able to stare at you through binoculars all the time and haul you in based on the photons you've thrown away. Oh, and to take it further, police should have immediate, un-warranted access to the trashcan on your computer, at all times. Indeed, there should be a registry that constantly monitors what you're throwing away, because it's just (digital) trash, right? As for crystal meth, I know I'm preaching to the choir here, but if I want to pour something from my chemistry set down my throat that shouldn't be anybody's business. The fact that it doesn't accidentally kill me and indeed gives me a buzz shouldn't be the sole provence of the pharmaceutical companies. After that, if you want to make laws about selling the stuff well that's a different matter. -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [EMAIL PROTECTED]: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv]] Date: Fri, 19 Aug 2005 21:55:41 +0200 - Forwarded message from Declan McCullagh [EMAIL PROTECTED] - From: Declan McCullagh [EMAIL PROTECTED] Date: Fri, 05 Aug 2005 12:20:34 -0700 To: [EMAIL PROTECTED] Subject: [Politech] Montana Supreme Court justice warns Orwell's 1984 has arrived [priv] User-Agent: Mozilla Thunderbird 1.0.2 (Macintosh/20050317) http://news.com.com/2061-10796_3-5820618.html Montana Supreme Court justice warns Orwell's 1984 has arrived August 5, 2005 12:13 PM PDT Believe it or not, it's perfectly legal for police to rummage through your garbage for incriminating stuff on you -- even if they don't have a warrant or court approval. The Supreme Court of Montana ruled last month that police could conduct a warrantless trash dive into the trash cans in the alley behind the home of a man named Darrell Pelvit. The cops discovered pseudoephedrine boxes -- a solvent with uses including the manufacture of methamphetamine -- and Pelvit eventually ended up in prison. Pelvit's attorney argued that his client had a reasonable expectation of privacy in his trash, but the court rejected the argument and said the trash was, well, meant to be thrown away. What's remarkable is the concurring opinion of Montana Supreme Court Justice James C. Nelson, who reluctantly went along with his colleagues but warned that George Orwell's 1984 had arrived. We reproduce his concurring opinion in full: -Declan -- Justice James C. Nelson concurs. I have signed our Opinion because we have correctly applied existing legal theory and constitutional jurisprudence to resolve this case on its facts. I feel the pain of conflict, however. I fear that, eventually, we are all going to become collateral damage in the war on drugs, or terrorism, or whatever war is in vogue at the moment. I retain an abiding concern that our Declaration of Rights not be killed by friendly fire. And, in this day and age, the courts are the last, if not only, bulwark to prevent that from happening. In truth, though, we area throw-away society. My garbage can contains the remains of what I eat and drink. It may contain discarded credit card receipts along with yesterday's newspaper and junk mail. It might hold some personal letters, bills, receipts, vouchers, medical records, photographs and stuff that is imprinted with the multitude of assigned numbers that allow me access to the global economy and vice versa. My garbage can contains my DNA. As our Opinion states, what we voluntarily throw away, what we discard--i.e., what we abandon--is fair game for roving animals, scavengers, busybodies, crooks and for those seeking evidence of criminal enterprise. Yet, as I expect with most people, when I take the day's trash (neatly packaged in opaque plastic bags) to the garbage can each night, I give little consideration to what I am throwing away and less thought, still, to what might become of my refuse. I don't necessarily envision that someone or something is going to paw through it looking for a morsel of food, a discarded treasure, a stealable part of my identity or a piece of evidence. But, I've seen that happen enough times to understand--though not graciously accept--that there is nothing sacred in whatever privacy interest I think I have retained in my trash once it leaves my control--the Fourth Amendment and Article II, Sections 10 and 11, notwithstanding. Like it or not, I live in a society that accepts virtual strip searches at airports; surveillance cameras; discount cards that record my buying habits; bar codes; cookies and spywear on my computer; on-line access to satellite technology that can image my back yard; and microchip radio frequency identification devices already implanted
Re: Gubmint Tests Passport RFID...
Actually, isn't that technically Spanish harlem? Nope. Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. Apparently you don't. You don't fuck with others they won't fuck with you, because someone you don't know could always be packin. Actually, that corner would make a pretty nice kill zone as it's next to a big park with lots of bushes and few witnesses. Think about it, motherfucker. -Tyler Durden Remember, L-IIIa is your friend. :-) And SG IIIb yours. -TD -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: Gubmint Tests Passport RFID...
Sorry. Got you mixed up with the other dude. You seem willing to back up any slams with facts quotes, so all respect is given. A good fight strengthens us, a sniper smells of MwGs. Sorry again. -TD From: J.A. Terranson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Thu, 18 Aug 2005 23:51:10 -0500 (CDT) On Wed, 17 Aug 2005, Tyler Durden wrote: Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Actually, isn't that technically Spanish harlem? Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. -Tyler Durden Remember, L-IIIa is your friend. :-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: Gubmint Tests Passport RFID...
Actually, isn't that technically Spanish harlem? Nope. Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. Apparently you don't. You don't fuck with others they won't fuck with you, because someone you don't know could always be packin. Actually, that corner would make a pretty nice kill zone as it's next to a big park with lots of bushes and few witnesses. Think about it, motherfucker. -Tyler Durden Remember, L-IIIa is your friend. :-) And SG IIIb yours. -TD -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: Gubmint Tests Passport RFID...
Sorry. Got you mixed up with the other dude. You seem willing to back up any slams with facts quotes, so all respect is given. A good fight strengthens us, a sniper smells of MwGs. Sorry again. -TD From: J.A. Terranson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Thu, 18 Aug 2005 23:51:10 -0500 (CDT) On Wed, 17 Aug 2005, Tyler Durden wrote: Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Actually, isn't that technically Spanish harlem? Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile. -Tyler Durden Remember, L-IIIa is your friend. :-) -- Yours, J.A. Terranson [EMAIL PROTECTED] 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.
Re: no visas for Chinese cryptologists
Hey...this looks interesting. I'd like to see the email chain before this. While living in China I learned that whatever Jong Nan Hai most vociferously denies will almost certainly be true, so even Chinese Government propaganda is very interesting. -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: no visas for Chinese cryptologists Date: Thu, 18 Aug 2005 17:33:01 +0100 Hasan Diwan wrote: if the US wants to maintain its fantasy, it will need a Ministry of Truth to do so. Cheers, Hasan Diwan [EMAIL PROTECTED] And the airing of government-issued news bulletins without attributation (or indeed, anything from Fox News) doesn't convince you there already is one?
Re: no visas for Chinese cryptologists
Hey...this looks interesting. I'd like to see the email chain before this. While living in China I learned that whatever Jong Nan Hai most vociferously denies will almost certainly be true, so even Chinese Government propaganda is very interesting. -TD From: Dave Howe [EMAIL PROTECTED] To: Email List: Cypherpunks [EMAIL PROTECTED] Subject: Re: no visas for Chinese cryptologists Date: Thu, 18 Aug 2005 17:33:01 +0100 Hasan Diwan wrote: if the US wants to maintain its fantasy, it will need a Ministry of Truth to do so. Cheers, Hasan Diwan [EMAIL PROTECTED] And the airing of government-issued news bulletins without attributation (or indeed, anything from Fox News) doesn't convince you there already is one?
Re: Gubmint Tests Passport RFID...
Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. -Tyler Durden From: Steve Thompson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Sat, 13 Aug 2005 15:20:54 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: Whaddya know. Thompson said something that didn't make me want to beat him to death... Too bad for you that I cannot say the same about what you write. I have a different threat model. I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) No fucking shit. Thanks for pointing this out to me. The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) I don't know Bush, personally, and so I feel that it would be improper to suggest that his unspoken cost-benefit analysis resulted in a particular set of actions. As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. Suckkumb all you want. Regards, Steve __ Find your next car at http://autos.yahoo.ca
Re: Gubmint Tests Passport RFID...
Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem). Look for me: 6'1, 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with. -Tyler Durden From: Steve Thompson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Subject: Re: Gubmint Tests Passport RFID... Date: Sat, 13 Aug 2005 15:20:54 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: Whaddya know. Thompson said something that didn't make me want to beat him to death... Too bad for you that I cannot say the same about what you write. I have a different threat model. I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) No fucking shit. Thanks for pointing this out to me. The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) I don't know Bush, personally, and so I feel that it would be improper to suggest that his unspoken cost-benefit analysis resulted in a particular set of actions. As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. Suckkumb all you want. Regards, Steve __ Find your next car at http://autos.yahoo.ca
Gubmint Tests Passport RFID...
http://www.wired.com/news/privacy/0,1848,68451,00.html?tw=wn_tophead_2 And since one's passport essentially boils down to a chip, why not implant it under the skin? As for the encryption issue, can someone explain to me why it even matters? It would seem to me that any on-demand access to one's chip-stored info is only as secure as the encryption codes, which would have to be stored and which will eventually become public, no matter how much the government says, Trust us...the access codes are secure. Seems to me, the only way to secure the RFID encrypted info would be if the owner (uh, I mean the citizen unit) releases said info via a personal encryption code, known only to the user and not by ex-welfare Gate goons. But I seriously doubt that that is what the government is thinking about. (ie, they want to be able to read your RFID wihtout you having to perform any additional actions to release the information.) The only way I see it making a difference is perhaps in the physical layer...encryption + shielding is probably a lot more secure than encryption without shielding, given an ID phisher wandering around an airport with a special purpose briefcase. -TD
Re: Gubmint Tests Passport RFID...
Whaddya know. Thompson said something that didn't make me want to beat him to death... I have a different threat model. I suggest that incompetence is _often_ deliberate and, at least to those who orchestrate such things, is designed to leave or provide cracks in arbitrary systesm that will be expoited. This may be defensible in cases where someone wants to encourage child molesters to expose their operations to sophisticated intelligence and surveillance activities, but is harder to defend when such policies affect the integrity of the money supply, or the transportation infrastructure, or I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. -TD
Gubmint Tests Passport RFID...
http://www.wired.com/news/privacy/0,1848,68451,00.html?tw=wn_tophead_2 And since one's passport essentially boils down to a chip, why not implant it under the skin? As for the encryption issue, can someone explain to me why it even matters? It would seem to me that any on-demand access to one's chip-stored info is only as secure as the encryption codes, which would have to be stored and which will eventually become public, no matter how much the government says, Trust us...the access codes are secure. Seems to me, the only way to secure the RFID encrypted info would be if the owner (uh, I mean the citizen unit) releases said info via a personal encryption code, known only to the user and not by ex-welfare Gate goons. But I seriously doubt that that is what the government is thinking about. (ie, they want to be able to read your RFID wihtout you having to perform any additional actions to release the information.) The only way I see it making a difference is perhaps in the physical layer...encryption + shielding is probably a lot more secure than encryption without shielding, given an ID phisher wandering around an airport with a special purpose briefcase. -TD
Re: Gubmint Tests Passport RFID...
Whaddya know. Thompson said something that didn't make me want to beat him to death... I have a different threat model. I suggest that incompetence is _often_ deliberate and, at least to those who orchestrate such things, is designed to leave or provide cracks in arbitrary systesm that will be expoited. This may be defensible in cases where someone wants to encourage child molesters to expose their operations to sophisticated intelligence and surveillance activities, but is harder to defend when such policies affect the integrity of the money supply, or the transportation infrastructure, or I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.) The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.) As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on. -TD
RE: [fc-announce] CFP FC'06: Financial Cryptography and Data Security
Your telling me there's someone in Telcordia these days that does something interesting in the cryptograhy field? Or is that his personal hobby... -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Date: Tue, 2 Aug 2005 21:23:28 -0400 --- begin forwarded text To: [EMAIL PROTECTED] From: Avi Rubin [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Sender: [EMAIL PROTECTED] Date: Tue, 2 Aug 2005 13:58:29 -0400 x-flowed Call for Papers FC'06: Financial Cryptography and Data Security http://fc06.ifca.ai/ Tenth International Conference February 27 to March 2, 2006 Anguilla, British West Indies Submissions Due Date: October 17, 2005 Program Chairs: Giovanni Di Crescenzo (Telcordia) Avi Rubin (Johns Hopkins University) General Chair: Patrick McDaniel (Penn State University) Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies) At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems, on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'06 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. In addition, we will celebrate this 10th year edition with a number of initiatives, such as: especially focused session, technical and historical state-of-the-art panels, and one session of surveys. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Microfinance and AuctionsMicropayments Audit and Auditability Monitoring, Management and Authentication and Operations Identification, including Reputation Systems Biometrics RFID-Based and Contactless Certification and Payment Systems Authorization Risk Assessment and Commercial CryptographicManagement ApplicationsSecure Banking and Financial Commercial Transactions and Web Services Contracts Securing Emerging Digital Cash and PaymentComputational Paradigms Systems Security and Risk Digital Incentive and Perceptions and Judgments Loyalty Systems Security Economics Digital Rights Management Smart Cards and Secure Financial Regulation andTokens Reporting Trust Management Fraud Detection Trustability and Game Theoretic Approaches toTrustworthiness SecurityUnderground-Market Economics Identity Theft, Physhing andUsability and Acceptance of Social Engineering Security Systems Infrastructure Design User and Operator Interfaces Legal and Regulatory Issues Voting system security Submission Instructions Submission Categories FC'06 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Papers can be a maximum of 15
RE: Prosecutors: CIA agents left trail
Reverse Rendition? Here's where Liberals can take a stand...let's round up some of these fuckers and stuff 'em in a shipping container on a Chinese barge to Italy. I've done a quick google search and I've only found a couple of the names. Is the complete list available? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Prosecutors: CIA agents left trail Date: Wed, 3 Aug 2005 15:22:04 +0200 http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/index.html Prosecutors: CIA agents left trail Cellphone calls blew their cover Thursday, July 28, 2005; Posted: 8:05 p.m. EDT (00:05 GMT) ROME, Italy (AP) -- It wasn't their lavish spending in luxury hotels, their use of credit cards or even frequent-flier miles that drew attention. Instead it was a trail of casual cellphone use that tripped up the 19 purported CIA operatives wanted by Italian authorities in the alleged kidnapping of a radical Muslim cleric. Italian prosecutors who have obtained arrest warrants for the 19 -- none of whom are believed to be in Italy -- presented evidence that the suspects used at least 40 Italian cell phones, some in their own names. Experts say that either they were bumbling spies, or they acted with impunity because Italian officials had been informed of their plan -- a claim the government of Premier Silvio Berlusconi has publicly denied on several occasions. (Full story) If these were really CIA agents they've made a disaster, said Andrea Nativi, research director for the Rome-based Military Center for Strategic Studies. They strained relations between Italy and the U.S. and between the CIA and Italian intelligence agencies. Italian judges issued a first batch of warrants last month for 13 Americans accused of abducting Osama Moustafa Hassan Nasr, known as Abu Omar, on a Milan street on February 17, 2003. Another court this week issued another six warrants for a group the prosecution claims planned the abduction. (Full story) Vulnerable cellphones The Egyptian cleric was flown from Aviano, a joint U.S.-Italian air base north of Venice, to Ramstein Air Base in Germany and then to Egypt, where he was reportedly tortured. The operation purportedly was part of the CIA's extraordinary rendition program, in which terror suspects are transferred to third countries without court approval. In his request for the latest warrants, prosecutor Armando Spataro wrote that an analysis of mobile phone traffic showed that most of them were present on the route that Abu Omar habitually took from his home to a Milan mosque, including in the days before the kidnapping. A track of their cell phones also showed them on those streets nearly 100 times during the month before Abu Omar's disappearance, the prosecutor said. He concluded that the six were part of a single group of Americans who came to Milan to carry out the operation. Why they would use their cell phones so openly has baffled experts, particularly since prosecutors are certain that not all the names of the 19 suspects are aliases. One has been identified by prosecutors as the former CIA station chief in Milan, Robert Seldon Lady, who owns a retirement home in wine country in Asti, near Turin. Though police didn't find Lady there when they raided the house, they did discover a list of hotels where U.S. government employees received discounts, including hotels where prosecutors contend the suspects stayed. Another person on the list has the same name as a man who now works at the U.S. Embassy in Tanzania. Unless the power or the wireless antenna is turned off, a mobile phone remains in constant contact with the nearest cell towers even when it's not being used for a call. Information processed by the cells can be used to precisely locate or track the movements of a phone user. Nativi, the military expert, called the use of regular cell phone accounts a huge weakness in the operation. It would have been more difficult to track anonymous prepaid cards, satellite phones or radios, he said. The wireless system used in Italy and most of the rest of Europe relies on a stamp-sized smart card that is inserted in the back of every handset. This removable SIM card stores an individual's phone number and other account data. A unique numerical identifier is assigned to every phone and every SIM, said Bruno Errico, director of consulting for Openwave Global Services, a company that provides tracking applications and other software to wireless companies worldwide. Wireless companies are obliged by law to keep records of the unique data that each phone exchanges with the cell network as well as the numbers to which calls are placed, he said. Since a phone is served by several cells at any given time, investigators can easily triangulate the location of a device, Errico said. In an urban area, where the network of cells is dense and overlapping, such tracking can have a margin of error of just a few yards.
RE: [fc-announce] CFP FC'06: Financial Cryptography and Data Security
Your telling me there's someone in Telcordia these days that does something interesting in the cryptograhy field? Or is that his personal hobby... -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Date: Tue, 2 Aug 2005 21:23:28 -0400 --- begin forwarded text To: [EMAIL PROTECTED] From: Avi Rubin [EMAIL PROTECTED] Subject: [fc-announce] CFP FC'06: Financial Cryptography and Data Security Sender: [EMAIL PROTECTED] Date: Tue, 2 Aug 2005 13:58:29 -0400 x-flowed Call for Papers FC'06: Financial Cryptography and Data Security http://fc06.ifca.ai/ Tenth International Conference February 27 to March 2, 2006 Anguilla, British West Indies Submissions Due Date: October 17, 2005 Program Chairs: Giovanni Di Crescenzo (Telcordia) Avi Rubin (Johns Hopkins University) General Chair: Patrick McDaniel (Penn State University) Local Arrangements Chair: Rafael Hirschfeld (Unipay Technologies) At its 10th year edition, Financial Cryptography and Data Security (FC'06) is a well established and major international forum for research, advanced development, education, exploration, and debate regarding security in the context of finance and commerce. We will continue last year's augmentation of the conference title and expansion of our scope to cover all aspects of securing transactions and systems. These aspects include a range of technical areas such as: cryptography, payment systems, secure transaction architectures, software systems and tools, user and operator interfaces, fraud prevention, secure IT infrastructure, and analysis methodologies. Our focus will also encompass financial, legal, business and policy aspects. Material both on theoretical (fundamental) aspects of securing systems, on secure applications and real-world deployments will be considered. The conference goal is to bring together top cryptographers, data-security specialists, and scientists with economists, bankers, implementers, and policy makers. Intimate and colorful by tradition, the FC'06 program will feature invited talks, academic presentations, technical demonstrations, and panel discussions. In addition, we will celebrate this 10th year edition with a number of initiatives, such as: especially focused session, technical and historical state-of-the-art panels, and one session of surveys. This conference is organized annually by the International Financial Cryptography Association (IFCA). Original papers, surveys and presentations on all aspects of financial and commerce security are invited. Submissions must have a visible bearing on financial and commerce security issues, but can be interdisciplinary in nature and need not be exclusively concerned with cryptography or security. Possible topics for submission to the various sessions include, but are not limited to: Anonymity and Privacy Microfinance and AuctionsMicropayments Audit and Auditability Monitoring, Management and Authentication and Operations Identification, including Reputation Systems Biometrics RFID-Based and Contactless Certification and Payment Systems Authorization Risk Assessment and Commercial CryptographicManagement ApplicationsSecure Banking and Financial Commercial Transactions and Web Services Contracts Securing Emerging Digital Cash and PaymentComputational Paradigms Systems Security and Risk Digital Incentive and Perceptions and Judgments Loyalty Systems Security Economics Digital Rights Management Smart Cards and Secure Financial Regulation andTokens Reporting Trust Management Fraud Detection Trustability and Game Theoretic Approaches toTrustworthiness SecurityUnderground-Market Economics Identity Theft, Physhing andUsability and Acceptance of Social Engineering Security Systems Infrastructure Design User and Operator Interfaces Legal and Regulatory Issues Voting system security Submission Instructions Submission Categories FC'06 is inviting submissions in four categories: (1) research papers, (2) systems and applications presentations, (3) panel sessions, (4) surveys. For all accepted submissions, at least one author must attend the conference and present the work. Research Papers Research papers should describe novel scientific contributions to the field, and they will be subject to rigorous peer review. Papers can be a maximum of 15
RE: Prosecutors: CIA agents left trail
Reverse Rendition? Here's where Liberals can take a stand...let's round up some of these fuckers and stuff 'em in a shipping container on a Chinese barge to Italy. I've done a quick google search and I've only found a couple of the names. Is the complete list available? -TD From: Eugen Leitl [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Prosecutors: CIA agents left trail Date: Wed, 3 Aug 2005 15:22:04 +0200 http://www.cnn.com/2005/WORLD/europe/07/28/cia.phonetrail.ap/index.html Prosecutors: CIA agents left trail Cellphone calls blew their cover Thursday, July 28, 2005; Posted: 8:05 p.m. EDT (00:05 GMT) ROME, Italy (AP) -- It wasn't their lavish spending in luxury hotels, their use of credit cards or even frequent-flier miles that drew attention. Instead it was a trail of casual cellphone use that tripped up the 19 purported CIA operatives wanted by Italian authorities in the alleged kidnapping of a radical Muslim cleric. Italian prosecutors who have obtained arrest warrants for the 19 -- none of whom are believed to be in Italy -- presented evidence that the suspects used at least 40 Italian cell phones, some in their own names. Experts say that either they were bumbling spies, or they acted with impunity because Italian officials had been informed of their plan -- a claim the government of Premier Silvio Berlusconi has publicly denied on several occasions. (Full story) If these were really CIA agents they've made a disaster, said Andrea Nativi, research director for the Rome-based Military Center for Strategic Studies. They strained relations between Italy and the U.S. and between the CIA and Italian intelligence agencies. Italian judges issued a first batch of warrants last month for 13 Americans accused of abducting Osama Moustafa Hassan Nasr, known as Abu Omar, on a Milan street on February 17, 2003. Another court this week issued another six warrants for a group the prosecution claims planned the abduction. (Full story) Vulnerable cellphones The Egyptian cleric was flown from Aviano, a joint U.S.-Italian air base north of Venice, to Ramstein Air Base in Germany and then to Egypt, where he was reportedly tortured. The operation purportedly was part of the CIA's extraordinary rendition program, in which terror suspects are transferred to third countries without court approval. In his request for the latest warrants, prosecutor Armando Spataro wrote that an analysis of mobile phone traffic showed that most of them were present on the route that Abu Omar habitually took from his home to a Milan mosque, including in the days before the kidnapping. A track of their cell phones also showed them on those streets nearly 100 times during the month before Abu Omar's disappearance, the prosecutor said. He concluded that the six were part of a single group of Americans who came to Milan to carry out the operation. Why they would use their cell phones so openly has baffled experts, particularly since prosecutors are certain that not all the names of the 19 suspects are aliases. One has been identified by prosecutors as the former CIA station chief in Milan, Robert Seldon Lady, who owns a retirement home in wine country in Asti, near Turin. Though police didn't find Lady there when they raided the house, they did discover a list of hotels where U.S. government employees received discounts, including hotels where prosecutors contend the suspects stayed. Another person on the list has the same name as a man who now works at the U.S. Embassy in Tanzania. Unless the power or the wireless antenna is turned off, a mobile phone remains in constant contact with the nearest cell towers even when it's not being used for a call. Information processed by the cells can be used to precisely locate or track the movements of a phone user. Nativi, the military expert, called the use of regular cell phone accounts a huge weakness in the operation. It would have been more difficult to track anonymous prepaid cards, satellite phones or radios, he said. The wireless system used in Italy and most of the rest of Europe relies on a stamp-sized smart card that is inserted in the back of every handset. This removable SIM card stores an individual's phone number and other account data. A unique numerical identifier is assigned to every phone and every SIM, said Bruno Errico, director of consulting for Openwave Global Services, a company that provides tracking applications and other software to wireless companies worldwide. Wireless companies are obliged by law to keep records of the unique data that each phone exchanges with the cell network as well as the numbers to which calls are placed, he said. Since a phone is served by several cells at any given time, investigators can easily triangulate the location of a device, Errico said. In an urban area, where the network of cells is dense and overlapping, such tracking can have a margin of error of just a few yards.
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service attacks at least, but this is an obscure Tor node. Someone attacking it at this stage in the game has a real agenda (perhaps they want to see if certain websites get disrupted? Does Tor work that way for short-ish periods of time?) At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has sold certain GbE-centered Datapipe providers.) Your attacker might actually be interested in pre-stressing the infrastructure in front of that router. Just a guess, but I'm stupid after all. -TD From: Eugen Leitl [EMAIL PROTECTED] To: Dan McDonald [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Tue, 2 Aug 2005 10:15:49 +0200 On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote: I'm surprised that the target node has that much INBOUND bandwidth, quite frankly. The node itself has only a Fast Ethernet port, but there's some 4 GBit available outside of the router. I'm genuinely glad the node has been taken offline as soon as the traffic started coming in in buckets, and I didn't have to foot the entire bill (the whole incident only cost me 20-30 GByte overall as far as I can tell). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Actually, I did know that 300Mb/sec isn't super-huge for Denial of Service attacks at least, but this is an obscure Tor node. Someone attacking it at this stage in the game has a real agenda (perhaps they want to see if certain websites get disrupted? Does Tor work that way for short-ish periods of time?) At 4Gb/s into the router, I'd guess that router is hooked up to 2 GbEs mapped over a pair of OC-48s (Sounds a lot like the architecture Cisco has sold certain GbE-centered Datapipe providers.) Your attacker might actually be interested in pre-stressing the infrastructure in front of that router. Just a guess, but I'm stupid after all. -TD From: Eugen Leitl [EMAIL PROTECTED] To: Dan McDonald [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Tue, 2 Aug 2005 10:15:49 +0200 On Mon, Aug 01, 2005 at 05:12:38PM -0400, Dan McDonald wrote: I'm surprised that the target node has that much INBOUND bandwidth, quite frankly. The node itself has only a Fast Ethernet port, but there's some 4 GBit available outside of the router. I'm genuinely glad the node has been taken offline as soon as the traffic started coming in in buckets, and I didn't have to foot the entire bill (the whole incident only cost me 20-30 GByte overall as far as I can tell). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Gee, that's great. A global organization that has taken the task of worldwide censorship into its sweaty little hands. Did the google cache'd versions of these sites dissappear too? Tor networks, anyone? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Sat, 30 Jul 2005 23:02:53 -0400 --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Sat, 30 Jul 2005 23:01:38 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://www.timesonline.co.uk/printFriendly/0,,1-523-1715166-523,00.html The Times of London July 31, 2005 Finger points to British intelligence as al-Qaeda websites are wiped out Over the past fortnight Israeli intelligence agents have noticed something distinctly odd happening on the internet. One by one, Al-Qaeda's affiliated websites have vanished until only a handful remain, write Uzi Mahnaimi and Alex Pell. Someone has cut the line of communication between the spiritual leaders of international terrorism and their supporters. Since 9/11 the websites have been the main links to disseminate propaganda and information. The Israelis detect the hand of British intelligence, determined to torpedo the websites after the London attacks of July 7. The web has become the new battleground of terrorism, permitting a freedom of communication denied to such organisations as the IRA a couple of decades ago. One global jihad site terminated recently was an inflammatory Pakistani site, www.mojihedun.com, in which a section entitled How to Strike a European City gave full technical instructions. Tens of similar sites, some offering detailed information on how to build and use biological weapons, have also been shut down. However, Islamic sites believed to be moderate, remain. One belongs to the London-based Syrian cleric Abu Basir al-Tartusi, whose www.abubaseer.bizland.com remained operative after he condemned the London bombings. However, the scales remain weighted in favour of global jihad, the first virtual terror organisation. For all the vaunted spying advances such as tracking mobile phones and isolating key phrases in telephone conversations, experts believe current technologies actually play into the hands of those who would harm us. Modern technology puts most of the advantages in the hands of the terrorists. That is the bottom line, says Professor Michael Clarke, of King's College London, who is director of the International Policy Institute. Government-sponsored monitoring systems, such as Echelon, can track vast amounts of data but have so far proved of minimal benefit in preventing, or even warning, of attacks. And such systems are vulnerable to manipulation: low-ranking volunteers in terrorist organisations can create background chatter that ties up resources and maintains a threshold of anxiety. There are many tricks of the trade that give terrorists secure digital communication and leave no trace on the host computer. Ironically, the most readily available sources of accurate online information on bomb-making are the websites of the radical American militia. I have not seen any Al-Qaeda manuals that look like genuine terrorist training, claims Clarke. However, the sobering message of many security experts is that the terrorists are unlikely ever to lose a war waged with technology. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ___ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, Where are your claws and teeth? -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy but that sounds suspiciously like someone loaded up an OC-3's worth of traffic and then slammed your node. Ain't no hacker gonna do that. Any indication the ostensible originating IP addresses are faked? -TD From: Eugen Leitl [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Mon, 1 Aug 2005 17:15:17 +0200 On Mon, Aug 01, 2005 at 10:54:26AM -0400, Tyler Durden wrote: Tor networks, anyone? Caveat when running Tor on a production machine, I got DDoS'd recently with some ~300 MBit/s. (Yes, my exit policy didn't contain IRC). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
RE: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
Gee, that's great. A global organization that has taken the task of worldwide censorship into its sweaty little hands. Did the google cache'd versions of these sites dissappear too? Tor networks, anyone? -TD From: R.A. Hettinga [EMAIL PROTECTED] To: cryptography@metzdowd.com, [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Sat, 30 Jul 2005 23:02:53 -0400 --- begin forwarded text Delivered-To: [EMAIL PROTECTED] Date: Sat, 30 Jul 2005 23:01:38 -0400 To: Philodox Clips List [EMAIL PROTECTED] From: R.A. Hettinga [EMAIL PROTECTED] Subject: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] http://www.timesonline.co.uk/printFriendly/0,,1-523-1715166-523,00.html The Times of London July 31, 2005 Finger points to British intelligence as al-Qaeda websites are wiped out Over the past fortnight Israeli intelligence agents have noticed something distinctly odd happening on the internet. One by one, Al-Qaeda's affiliated websites have vanished until only a handful remain, write Uzi Mahnaimi and Alex Pell. Someone has cut the line of communication between the spiritual leaders of international terrorism and their supporters. Since 9/11 the websites have been the main links to disseminate propaganda and information. The Israelis detect the hand of British intelligence, determined to torpedo the websites after the London attacks of July 7. The web has become the new battleground of terrorism, permitting a freedom of communication denied to such organisations as the IRA a couple of decades ago. One global jihad site terminated recently was an inflammatory Pakistani site, www.mojihedun.com, in which a section entitled How to Strike a European City gave full technical instructions. Tens of similar sites, some offering detailed information on how to build and use biological weapons, have also been shut down. However, Islamic sites believed to be moderate, remain. One belongs to the London-based Syrian cleric Abu Basir al-Tartusi, whose www.abubaseer.bizland.com remained operative after he condemned the London bombings. However, the scales remain weighted in favour of global jihad, the first virtual terror organisation. For all the vaunted spying advances such as tracking mobile phones and isolating key phrases in telephone conversations, experts believe current technologies actually play into the hands of those who would harm us. Modern technology puts most of the advantages in the hands of the terrorists. That is the bottom line, says Professor Michael Clarke, of King's College London, who is director of the International Policy Institute. Government-sponsored monitoring systems, such as Echelon, can track vast amounts of data but have so far proved of minimal benefit in preventing, or even warning, of attacks. And such systems are vulnerable to manipulation: low-ranking volunteers in terrorist organisations can create background chatter that ties up resources and maintains a threshold of anxiety. There are many tricks of the trade that give terrorists secure digital communication and leave no trace on the host computer. Ironically, the most readily available sources of accurate online information on bomb-making are the websites of the radical American militia. I have not seen any Al-Qaeda manuals that look like genuine terrorist training, claims Clarke. However, the sobering message of many security experts is that the terrorists are unlikely ever to lose a war waged with technology. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' ___ Clips mailing list [EMAIL PROTECTED] http://www.philodox.com/mailman/listinfo/clips --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA When the hares made speeches in the assembly and demanded that all should have equality, the lions replied, Where are your claws and teeth? -- attributed to Antisthenes in Aristotle, 'Politics', 3.7.2
Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out
What?!! 300MB/s for a Tor node? OK, I'm a telecom guy and not a data guy but that sounds suspiciously like someone loaded up an OC-3's worth of traffic and then slammed your node. Ain't no hacker gonna do that. Any indication the ostensible originating IP addresses are faked? -TD From: Eugen Leitl [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [Clips] Finger points to British intelligence as al-Qaeda websites are wiped out Date: Mon, 1 Aug 2005 17:15:17 +0200 On Mon, Aug 01, 2005 at 10:54:26AM -0400, Tyler Durden wrote: Tor networks, anyone? Caveat when running Tor on a production machine, I got DDoS'd recently with some ~300 MBit/s. (Yes, my exit policy didn't contain IRC). -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Well, they got what they want...
That's an old pattern to character assassins: I've attacked you publically but I really don't want to have defend what I've said or reply to suggestions about my own motivation. Great. Fuck you too. Hope the new Stazi grab you while you bitch and complain and do nothing. -TD From: Steve Thompson [EMAIL PROTECTED] To: Tyler Durden [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Well, they got what they want... Date: Sat, 30 Jul 2005 16:32:57 -0400 (EDT) --- Tyler Durden [EMAIL PROTECTED] wrote: Well, apparently you haven't been getting any of my posts to the Al-Qaeda node, otherwise the context would be clear. I'm not even going to bother with you anymore. Your motivation is quite clear enough, and any further bad-faith back-and-forth on your part would be superfluous to the task of proving that you won't be serious when you reply to my messages. Regards, Steve __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
