Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg?
- Forwarded message from Rich Kulawiec- Date: Fri, 24 Feb 2017 11:12:08 -0500 From: Rich Kulawiec To: liberationtech Subject: Re: [liberationtech] Facebook: Building Global Community - What's your response to Mark Zuckerberg? Message-ID: <20170224161208.ga24...@gsp.org> User-Agent: Mutt/1.5.23 (2014-03-12) Reply-To: liberationtech On Sat, Feb 18, 2017 at 02:23:18PM -0800, Yosem Companys wrote: > To protect your privacy and security, stay off Facebook. > > But, to build movements, create an account on Facebook (or Twitter or any > other dominant centralized social network) and try to get as many people to > join. [ rhetorical "you" throughout ] I think this is a really bad idea: it's a trap. These aren't tools that exist to facilitate your cause: these are data harvesting and surveillance engines that will collect and collate every scrap of data and metadata your adversaries need. And once that corpus exists, it WILL be acquired: it's much too valuable and much too easily transmitted to have the slightest chance of staying in one place. This is obvious on inspection: every architectural decision, every design decision, every operational decision, every policy decision ever made by these operations supports the goal of data acquisition. It's what they were built to do. All the other stuff? Shiny distraction. Bait. Scam. Propaganda. Whether the data's acquired by overt contractual arrangement, whether it's acquired by force of law, whether it's acquired under the table, whether it's acquired by hacking, whether it's acquired via individual employees, it WILL be acquired. Nobody leaves that rich a source of actionable intelligence just sitting on the table untouched. So all that you will accomplish by using "social networks" is: (a) building the database your enemies need to destroy you and your allies and your cause (b) building it in a place where they can easily get it -- if they haven't already had it from the moment you created it. For example: If I were working for fill-in-the-blank, I would already have my own people in place at Twitter and Eventbrite and Meetup and Facebook and all the rest -- either full-time employees, or people I've co-opted via bribes, blackmail, or other means. They'd be there long before you were, just waiting for you to show up and start spending your time and your effort and your money handing them as much data/metadata as you possibly can. I would do much the same thing if I were a sufficiently-organized, sufficiently-funded group intent on propagating racism or fascism or poverty or pollution or any of the things likely to trigger opposition. Why not? It's cheap. It's easy. It's low-risk. It's sustainable. It's simple. It's deniable. It's scalable. In contrast to other spying/surveillance operations, which can be expensive, complex, and risky, this is a cakewalk *because they already built everything for me at their expense*. What possible reason would I have for not taking advantage of it? You'll give me data on your supporters, your allies, your movements, their movements, your family, their families, your friends, their friends, you employer, their employers, their spending habits, their operating systems, their web browsers and mail clients, your meetings -- and much more. I'm going to end up knowing far more about you and your people than YOU know. If you're trying to "liberate" someone or something, the first thing you need to do is liberate yourself from "social networks". You should be trying as hard as you possibly can NOT to generate this data/metadata at all, anywhere -- instead of not only doing so deliberately, but doing it in a place that you have zero control over and that your adversaries can access far more easily than you can. (Please don't even try to tell me stuff like "my Facebook group is private". The only possible response to a fairy tale like that is mocking laughter.) If you insist on blundering ahead with "social networks" anyway, because you're too stubborn to listen or too naive to think it can happen to you, then as soon as you become a problem for an adversary with the requisite resources -- that is, as soon as you become effective at annoying someone with money or power -- they're going to exploit this. ---rsk p.s. And as if this wasn't enough, in case you haven't noticed, the US is now demanding "social network" passwords from people entering the country. Howls of protest have gone up, and a joint letter from a coalition of human rights and civil liberties organizations has been penned. The combined impact of all this will be zero. This administration doesn't care for
[bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers
- Forwarded message from Peter Todd via bitcoin-dev- Date: Thu, 23 Feb 2017 13:14:09 -0500 From: Peter Todd via bitcoin-dev To: cryptogra...@metzdowd.com, bitcoin-...@lists.linuxfoundation.org Subject: [bitcoin-dev] SHA1 collisions make Git vulnerable to attakcs by third-parties, not just repo maintainers Message-ID: <20170223181409.ga6...@savin.petertodd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Reply-To: Peter Todd , Bitcoin Protocol Discussion Worth noting: the impact of the SHA1 collison attack on Git is *not* limited only to maintainers making maliciously colliding Git commits, but also third-party's submitting pull-reqs containing commits, trees, and especially files for which collisions have been found. This is likely to be exploitable in practice with binary files, as reviewers aren't going to necessarily notice garbage at the end of a file needed for the attack; if the attack can be extended to constricted character sets like unicode or ASCII, we're in trouble in general. Concretely, I could prepare a pair of files with the same SHA1 hash, taking into account the header that Git prepends when hashing files. I'd then submit that pull-req to a project with the "clean" version of that file. Once the maintainer merges my pull-req, possibly PGP signing the git commit, I then take that signature and distribute the same repo, but with the "clean" version replaced by the malicious version of the file. -- https://petertodd.org 'peter'[:-1]@petertodd.org ___ bitcoin-dev mailing list bitcoin-...@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev - End forwarded message -
Re: Is email really that hard?
On Wed, Feb 22, 2017 at 02:02:50PM -0300, Cecilia Tanaka wrote: > On Wed, Feb 22, 2017, at 5:51 AM, oshwm <os...@openmailbox.org> wrote: > > > > On 22 February 2017 08:34:43 GMT+00:00, Eugen Leitl <eu...@leitl.org> wrote: > > > > >Who is the list owner these days? If we do not get moderation going I'm > > >out of here. > > > > Bye then :) > > > Eugen, > > oshwm wasn't being offensive or aggressive. He/she (I don't know > whether is a girl or a boy, never needed to ask it) was just > informing you - in a bit ironic way, I admit - that CP is a list > with absolutely NO moderation. I really made a mistake back then. This list should have never been resurrected in the current form. > I don't know whether Riad is still the list owner and Greg is only > managing it, or whether Greg also became the new list owner (never > needed to ask it too, haha), but both are good persons, kind and > very, very, very patient. I really appreciate a lot both, and hope Tolerance and patience will kill even the best list. > nobody annoys them. :) > > Take care, be patient and create filters, please. This is not the way to keep a list healthy and sane. Pretty soon there will be zero traffic passing your filters. It's allright, I haven't read anything worthwhile here in years. > > c.
Re: Is email really that hard?
On Wed, Feb 22, 2017 at 10:03:03AM -0500, Steve Kinney wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > > On 02/22/2017 03:51 AM, oshwm wrote: > > On 22 February 2017 08:34:43 GMT+00:00, Eugen Leitl > > <eu...@leitl.org> wrote: > >> On Wed, Feb 22, 2017 at 01:54:34AM -0500, grarpamp wrote: > >>> In addition to not putting retarded spaces in links which does > >>> nothing useful, you can also learn to preserve threading on > >>> replies, which is actually useful. Top posting, bulk quoting, > >>> html, shortlink svcs... all bad. wtfppl. > >> > >> Who is the list owner these days? If we do not get moderation > >> going I'm out of here. > > > > Bye then :) > > LOL - don't let the door hit yez in the ass. Do you enjoy the current state of the list? No fair filtering. Go reread it.
Re: Is email really that hard?
On Wed, Feb 22, 2017 at 01:54:34AM -0500, grarpamp wrote: > In addition to not putting retarded spaces in links > which does nothing useful, you can also learn to > preserve threading on replies, which is actually useful. > Top posting, bulk quoting, html, shortlink svcs... all bad. > wtfppl. Who is the list owner these days? If we do not get moderation going I'm out of here.
Re: Google???s Artificial Intelligence Getting ???Greedy,??? ???Aggressive???
On Fri, Feb 17, 2017 at 07:31:42PM -0300, juan wrote: > On Fri, 17 Feb 2017 08:50:18 + > Eugen Leitl <eu...@leitl.org> wrote: > > > On Thu, Feb 16, 2017 at 08:50:26PM -0300, juan wrote: > > > > > > > > > > > > "INDUSTRIAL SOCIETY AND ITS FUTURE" - Ted Kaczynski > > > > > > says lots of stupid things but makes some good points too > > > > > > > > > http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm > > > > > > > He has been publishing quite a few books lately. There is a method to > > his madness. > > > Any links? (apart from amazon haha) I have received Anti-Tech Revolution (2016) as a scan. I've just checked, and it's also on LibGen. > "Brother who turned in the Unabomber: 'I want him to know that > the door???s open' " > > That's a good one. If the door is open and we are lucky ted k. > may be able to shoot his piece-of-shit brother. On the other > hamd it's funny how kaczynski who defended 'family values' was > betrayed by his own family. > > > > https://www.theguardian.com/books/2016/feb/07/unabomber-ted-kaczynski-brother-david-kaczynski-every-last-tie-book > > > > > > > >
Re: Google???s Artificial Intelligence Getting ???Greedy,??? ???Aggressive???
On Thu, Feb 16, 2017 at 08:50:26PM -0300, juan wrote: > > > > "INDUSTRIAL SOCIETY AND ITS FUTURE" - Ted Kaczynski > > says lots of stupid things but makes some good points too > > > http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm > He has been publishing quite a few books lately. There is a method to his madness.
Re: Are there crypto discussions on this forum
On Wed, Nov 30, 2016 at 11:50:49AM +, oshwm wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > If you are already part of functional censored lists why would you be > interested in this despicable, dysfunctional, uncensored list? That's because it has been a very useful list for a very long time. Don't recall seeing your name back then. > Surely you have all you need elsewhere? How do you kill an unmoderated list? By flooding it with shit.
Re: Are there crypto discussions on this forum
On Wed, Nov 30, 2016 at 11:09:45AM +, oshwm wrote: > I believe you are looking for the cryptography list or tor list if you want > to only see what a particular individual thinks is acceptable :D I'm subscribed to those, and they are actually functional, unlike this list. I vastly prefer a well-moderated list to the alternatives. If you're of the opposite opinion you're being a part of the problem.
Re: Are there crypto discussions on this forum
On Mon, Nov 28, 2016 at 08:58:09PM -0600, Igor Chudov wrote: > I decided to subscribe to take a peek recently, and wanted to ask if > this mailing list has bona fide discussions of cryptography, its role > in the modern economy, finance and politics, etc. That was a long time ago, in a galaxy far away. But you can help bring the good times back.
Patreon support for the CopperheadOS project
You might have seen the Tor phone project http://arstechnica.com/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/ http://arstechnica.co.uk/security/2016/11/tor-phone-prototype-google-hostility-android-open-source/ which is based on CopperheadOS https://copperhead.co/android/ and badly needs some funding to expand their hardware base support. E.g. the only tablet they support is Nexus 9, which is obsolete and support will end 2017 anyway. Pixel tablets or phones are not supported. If you want to change that, please donate at https://copperhead.co/android/donate or support their Patreon https://www.patreon.com/copperheadOS or buy hardware from them https://copperhead.co/android/buy I'm not associated with the project, but I've donated a little. Will consider donating more in future.