Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?

2017-02-24 Thread Eugen Leitl 
- Forwarded message from Rich Kulawiec  -

Date: Fri, 24 Feb 2017 11:12:08 -0500
From: Rich Kulawiec 
To: liberationtech 
Subject: Re: [liberationtech] Facebook: Building Global Community - What's your 
response to Mark Zuckerberg?
Message-ID: <20170224161208.ga24...@gsp.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Reply-To: liberationtech 

On Sat, Feb 18, 2017 at 02:23:18PM -0800, Yosem Companys wrote:
> To protect your privacy and security, stay off Facebook.
>
> But, to build movements, create an account on Facebook (or Twitter or any
> other dominant centralized social network) and try to get as many people to
> join.

[ rhetorical "you" throughout ]

I think this is a really bad idea: it's a trap.

These aren't tools that exist to facilitate your cause: these are data
harvesting and surveillance engines that will collect and collate every
scrap of data and metadata your adversaries need.  And once that corpus
exists, it WILL be acquired: it's much too valuable and much too easily
transmitted to have the slightest chance of staying in one place.

This is obvious on inspection: every architectural decision, every design
decision, every operational decision, every policy decision ever made
by these operations supports the goal of data acquisition.  It's what
they were built to do.

All the other stuff?  Shiny distraction.  Bait.  Scam.  Propaganda.

Whether the data's acquired by overt contractual arrangement, whether it's
acquired by force of law, whether it's acquired under the table, whether
it's acquired by hacking, whether it's acquired via individual employees,
it WILL be acquired.

Nobody leaves that rich a source of actionable intelligence just sitting
on the table untouched.

So all that you will accomplish by using "social networks" is:

(a) building the database your enemies need to destroy you and
your allies and your cause

(b) building it in a place where they can easily get it --
if they haven't already had it from the moment you created it.

For example:

If I were working for fill-in-the-blank, I would already have
my own people in place at Twitter and Eventbrite and Meetup
and Facebook and all the rest -- either full-time employees,
or people I've co-opted via bribes, blackmail, or other means.
They'd be there long before you were, just waiting for you to
show up and start spending your time and your effort and your
money handing them as much data/metadata as you possibly can.

I would do much the same thing if I were a sufficiently-organized,
sufficiently-funded group intent on propagating racism or fascism
or poverty or pollution or any of the things likely to trigger
opposition.

Why not?  It's cheap.  It's easy.  It's low-risk.  It's
sustainable.  It's simple.  It's deniable.  It's scalable.
In contrast to other spying/surveillance operations, which can
be expensive, complex, and risky, this is a cakewalk *because
they already built everything for me at their expense*.

What possible reason would I have for not taking advantage of it?

You'll give me data on your supporters, your allies, your
movements, their movements, your family, their families, your
friends, their friends, you employer, their employers, their
spending habits, their operating systems, their web browsers
and mail clients, your meetings -- and much more.

I'm going to end up knowing far more about you and your people
than YOU know.

If you're trying to "liberate" someone or something, the first thing
you need to do is liberate yourself from "social networks".  You should
be trying as hard as you possibly can NOT to generate this data/metadata
at all, anywhere -- instead of not only doing so deliberately, but doing
it in a place that you have zero control over and that your adversaries
can access far more easily than you can.  (Please don't even try to tell
me stuff like "my Facebook group is private".  The only possible response
to a fairy tale like that is mocking laughter.)

If you insist on blundering ahead with "social networks" anyway, because
you're too stubborn to listen or too naive to think it can happen to
you, then as soon as you become a problem for an adversary with the
requisite resources -- that is, as soon as you become effective at
annoying someone with money or power -- they're going to exploit this.

---rsk

p.s. And as if this wasn't enough, in case you haven't noticed, the US
is now demanding "social network" passwords from people entering the
country.  Howls of protest have gone up, and a joint letter from a
coalition of human rights and civil liberties organizations has been
penned.  The combined impact of all this will be zero.  This administration
doesn't care for

[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers

2017-02-23 Thread Eugen Leitl 
- Forwarded message from Peter Todd via bitcoin-dev 
 -

Date: Thu, 23 Feb 2017 13:14:09 -0500
From: Peter Todd via bitcoin-dev 
To: cryptogra...@metzdowd.com, bitcoin-...@lists.linuxfoundation.org
Subject: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by 
third-parties, not just repo maintainers
Message-ID: <20170223181409.ga6...@savin.petertodd.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Reply-To: Peter Todd , Bitcoin Protocol Discussion 


Worth noting: the impact of the SHA1 collison attack on Git is *not* limited
only to maintainers making maliciously colliding Git commits, but also
third-party's submitting pull-reqs containing commits, trees, and especially
files for which collisions have been found. This is likely to be exploitable in
practice with binary files, as reviewers aren't going to necessarily notice
garbage at the end of a file needed for the attack; if the attack can be
extended to constricted character sets like unicode or ASCII, we're in trouble
in general.

Concretely, I could prepare a pair of files with the same SHA1 hash, taking
into account the header that Git prepends when hashing files. I'd then submit
that pull-req to a project with the "clean" version of that file. Once the
maintainer merges my pull-req, possibly PGP signing the git commit, I then take
that signature and distribute the same repo, but with the "clean" version
replaced by the malicious version of the file.

-- 
https://petertodd.org 'peter'[:-1]@petertodd.org



___
bitcoin-dev mailing list
bitcoin-...@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev


- End forwarded message -

Re: Is email really that hard?

2017-02-22 Thread Eugen Leitl 
On Wed, Feb 22, 2017 at 02:02:50PM -0300, Cecilia Tanaka wrote:
> On Wed, Feb 22, 2017, at 5:51 AM, oshwm <os...@openmailbox.org> wrote:
> >
> > On 22 February 2017 08:34:43 GMT+00:00, Eugen Leitl <eu...@leitl.org> wrote:
> >
> > >Who is the list owner these days? If we do not get moderation going I'm
> > >out of here.
> >
> > Bye then :)
> 
> 
> Eugen,
> 
> oshwm wasn't being offensive or aggressive.  He/she  (I don't know
> whether is a girl or a boy, never needed to ask it)  was just
> informing you  - in a bit ironic way, I admit -  that CP is a list
> with absolutely NO moderation.

I really made a mistake back then. This list should have never been resurrected
in the current form. 
 
> I don't know whether Riad is still the list owner and Greg is only
> managing it, or whether Greg also became the new list owner  (never
> needed to ask it too, haha),  but both are good persons, kind and
> very, very, very patient.  I really appreciate a lot both, and hope

Tolerance and patience will kill even the best list. 

> nobody annoys them.  :)
> 
> Take care, be patient and create filters, please.

This is not the way to keep a list healthy and sane. Pretty soon there
will be zero traffic passing your filters.

It's allright, I haven't read anything worthwhile here in years.



> 
> c.

Re: Is email really that hard?

2017-02-22 Thread Eugen Leitl 
On Wed, Feb 22, 2017 at 10:03:03AM -0500, Steve Kinney wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> 
> 
> On 02/22/2017 03:51 AM, oshwm wrote:
> > On 22 February 2017 08:34:43 GMT+00:00, Eugen Leitl
> > <eu...@leitl.org> wrote:
> >> On Wed, Feb 22, 2017 at 01:54:34AM -0500, grarpamp wrote:
> >>> In addition to not putting retarded spaces in links which does
> >>> nothing useful, you can also learn to preserve threading on
> >>> replies, which is actually useful. Top posting, bulk quoting,
> >>> html, shortlink svcs... all bad. wtfppl.
> >> 
> >> Who is the list owner these days? If we do not get moderation
> >> going I'm out of here.
> > 
> > Bye then :)
> 
> LOL - don't let the door hit yez in the ass.

Do you enjoy the current state of the list? No fair filtering.
Go reread it.

Re: Is email really that hard?

2017-02-22 Thread Eugen Leitl 
On Wed, Feb 22, 2017 at 01:54:34AM -0500, grarpamp wrote:
> In addition to not putting retarded spaces in links
> which does nothing useful, you can also learn to
> preserve threading on replies, which is actually useful.
> Top posting, bulk quoting, html, shortlink svcs... all bad.
> wtfppl.

Who is the list owner these days? If we do not get moderation going I'm out of 
here.

Re: Google???s Artificial Intelligence Getting ???Greedy,??? ???Aggressive???

2017-02-18 Thread Eugen Leitl 
On Fri, Feb 17, 2017 at 07:31:42PM -0300, juan wrote:
> On Fri, 17 Feb 2017 08:50:18 +
> Eugen Leitl <eu...@leitl.org> wrote:
> 
> > On Thu, Feb 16, 2017 at 08:50:26PM -0300, juan wrote:
> > > 
> > > 
> > > 
> > >   "INDUSTRIAL SOCIETY AND ITS FUTURE"  - Ted Kaczynski
> > > 
> > >   says lots of stupid things but makes some good points too
> > > 
> > >   
> > > http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm
> > > 
> > 
> > He has been publishing quite a few books lately. There is a method to
> > his madness.
> 
>   
>   Any links? (apart from amazon haha)

I have received Anti-Tech Revolution (2016) as a scan. I've just checked, and 
it's also on LibGen.
 
>   "Brother who turned in the Unabomber: 'I want him to know that
>   the door???s open' " 
> 
>   That's a good one. If the door is open and we are lucky ted k.
>   may be able to shoot his piece-of-shit brother. On the other
>   hamd it's funny how kaczynski who defended 'family values' was
>   betrayed by his own family.
> 
> 
>   
> https://www.theguardian.com/books/2016/feb/07/unabomber-ted-kaczynski-brother-david-kaczynski-every-last-tie-book
> 
> 
>   
>   
> 
> 
> 
>

Re: Google???s Artificial Intelligence Getting ???Greedy,??? ???Aggressive???

2017-02-17 Thread Eugen Leitl 
On Thu, Feb 16, 2017 at 08:50:26PM -0300, juan wrote:
> 
> 
> 
>   "INDUSTRIAL SOCIETY AND ITS FUTURE"  - Ted Kaczynski
> 
>   says lots of stupid things but makes some good points too
> 
>   
> http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm
> 

He has been publishing quite a few books lately. There is a method to his 
madness.

Re: Are there crypto discussions on this forum

2016-11-30 Thread Eugen Leitl 
On Wed, Nov 30, 2016 at 11:50:49AM +, oshwm wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> If you are already part of functional censored lists why would you be 
> interested in this despicable, dysfunctional, uncensored list?

That's because it has been a very useful list for a very long time.

Don't recall seeing your name back then.
 
> Surely you have all you need elsewhere?

How do you kill an unmoderated list? By flooding it with shit.

Re: Are there crypto discussions on this forum

2016-11-30 Thread Eugen Leitl 
On Wed, Nov 30, 2016 at 11:09:45AM +, oshwm wrote:

> I believe you are looking for the cryptography list or tor list if you want 
> to only see what a particular individual thinks is acceptable :D

I'm subscribed to those, and they are actually functional, unlike this list.

I vastly prefer a well-moderated list to the alternatives.

If you're of the opposite opinion you're being a part of the problem.

Re: Are there crypto discussions on this forum

2016-11-29 Thread Eugen Leitl 
On Mon, Nov 28, 2016 at 08:58:09PM -0600, Igor Chudov wrote:

> I decided to subscribe to take a peek recently, and wanted to ask if
> this mailing list has bona fide discussions of cryptography, its role
> in the modern economy, finance and politics, etc.

That was a long time ago, in a galaxy far away. But you can help bring
the good times back.

Patreon support for the CopperheadOS project

2016-11-25 Thread Eugen Leitl 

You might have seen the Tor phone project

http://arstechnica.com/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/

http://arstechnica.co.uk/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/

which is based on CopperheadOS https://copperhead.co/android/ and badly needs 
some funding
to expand their hardware base support. E.g. the only tablet they support is 
Nexus 9, which
is obsolete and support will end 2017 anyway. Pixel tablets or phones are not 
supported.

If you want to change that, please donate at 
https://copperhead.co/android/donate
or support their Patreon https://www.patreon.com/copperheadOS or buy hardware 
from
them https://copperhead.co/android/buy

I'm not associated with the project, but I've donated a little. Will consider 
donating more in future.