Re: GoldBug SF projects [was: Bittorrent Bleep]
I'm thinking that Infiltration and Information Deception are probably the best strategies with those folks. A weekend with Pizza+Beer drafting 4-5 well SEO-optimized websites, to represent a different reality of them? ;) Counter-PsyOPS-Team ? ;) -naif On 11/12/14 7:28 AM, grarpamp wrote: Even they fail so many chances before, still giving them another oppurtunity... https://sourceforge.net/p/goldbug/discussion/general/thread/1b87ed55/
Re: GoldBug SF projects [was: Bittorrent Bleep]
On Tue, Sep 23, 2014 at 4:19 PM, grarpamp grarp...@gmail.com wrote: Additional links, threads and updates... Found a new shill using their classic style to push GoldBug messenger. Here's the thread... https://mailman.boum.org/pipermail/tails-dev/2014-July/006326.html dar...@unseen.is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728669 Debian should probably include this cpunks thread in any decision process regarding importing the softwares noted herein into debian.
Re: GoldBug SF projects [was: Bittorrent Bleep]
(On list this time sorry.) On 9/25/14, grarpamp grarp...@gmail.com wrote: On Tue, Sep 23, 2014 at 4:19 PM, grarpamp grarp...@gmail.com wrote: Additional links, threads and updates... Found a new shill using their classic style to push GoldBug messenger. Here's the thread... https://mailman.boum.org/pipermail/tails-dev/2014-July/006326.html dar...@unseen.is https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728669 Debian should probably include this cpunks thread in any decision process regarding importing the softwares noted herein into debian. I think posting is open (no subscription required). I am not able to do so due to my sort-of not-so subtle suggestions regarding Debian's heavy handed CoC (Code of Conduct) application, which sadly caused said heavy handed CoC application to be applied to me. So if you're offended by such things, don't read my .sig. So perhaps someone else can send an email to that bug report to link this thread. It's pretty easy to do so. Cheers, Zenaan -- Banned for life from Debian, for suggesting Debian's CoC is being swung in our faces a little too vigorously.
Re: GoldBug SF projects [was: Bittorrent Bleep]
Il 9/24/14, 12:51 AM, grarpamp ha scritto: Saw your arguments on the deletion page and figured you would like to be aware of these issues as well. Time has come, after few years of such very likely malicious/suspicious activities, we have to strike back. Kudos moritz! Is it worth making a small website to clearly put all of those information in a collaborative way, published online? The only way such suspicious projects will have to recover is by being transparent on who they are, who pay them, what's their goal ;) -- Fabio Pietrosanti (naif) HERMES - Center for Transparency and Digital Human Rights http://logioshermes.org - http://globaleaks.org - http://tor2web.org
Re: GoldBug SF projects [was: Bittorrent Bleep]
Dnia środa, 24 września 2014 09:38:54 Fabio Pietrosanti pisze: Il 9/24/14, 12:51 AM, grarpamp ha scritto: Saw your arguments on the deletion page and figured you would like to be aware of these issues as well. Time has come, after few years of such very likely malicious/suspicious activities, we have to strike back. Kudos moritz! Is it worth making a small website to clearly put all of those information in a collaborative way, published online? The only way such suspicious projects will have to recover is by being transparent on who they are, who pay them, what's their goal ;) How about putting all this, with sources, on this project's WikiPedia page? Seriously, there is no better place for it. :) -- Pozdr rysiek signature.asc Description: This is a digitally signed message part.
Re: GoldBug SF projects [was: Bittorrent Bleep]
Additional links, threads and updates... No replies came to me except for: - One further note of no particular substance from Bernd. - One thank you for exposing things further. Thanks :) On tor-talk: TPO/TBB clone on SourceForge, use of TPO name https://lists.torproject.org/pipermail/tor-talk/2014-September/034930.html https://trac.torproject.org/projects/tor/ticket/11515 https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHc On Wikipedia: http://en.wikipedia.org/wiki/User_talk:MarcoSU http://en.wikipedia.org/wiki/Special:Contributions/MarcoSU Attn czarkoff: Background threads for reference in your wikipedia work https://cpunks.org/pipermail/cypherpunks/2014-September/thread.html https://cpunks.org/pipermail/cypherpunks/2014-September/005505.html keywords: goldbug messenger, firefloo communicator, lib spot-on, echo protocol, cassiopeia bitmail, dooble web browser, interface social network
Re: GoldBug SF projects [was: Bittorrent Bleep]
Dnia wtorek, 23 września 2014 16:19:18 grarpamp pisze: Additional links, threads and updates... No replies came to me except for: - One further note of no particular substance from Bernd. - One thank you for exposing things further. Thanks :) Here's another one of these: thanks a lot. The whole thread is very informative. (...) keywords: goldbug messenger, firefloo communicator, lib spot-on, echo protocol, cassiopeia bitmail, dooble web browser, interface social network Whoa, some nice bullshit bingo right there! ;) -- Pozdr rysiek signature.asc Description: This is a digitally signed message part.
Re: GoldBug SF projects [was: Bittorrent Bleep]
On Tue, Sep 23, 2014 at 4:50 PM, Dmitrij D. Czarkoff czark...@gmail.com wrote: Hi! Attn czarkoff: Background threads for reference in your wikipedia work https://cpunks.org/pipermail/cypherpunks/2014-September/thread.html https://cpunks.org/pipermail/cypherpunks/2014-September/005505.html keywords: goldbug messenger, firefloo communicator, lib spot-on, echo protocol, cassiopeia bitmail, dooble web browser, interface social network I am not sure how I can help here. In those threads and links following from the above are people showing that these 'goldbug' related projects have serious trust issues and may be some form of malware/crapware. Read the linked threads for more info. If you search around wikipedia for these projects and look at their edit, talk and contributor histories you can find their edit trails there. Bogus listings is their way of free advertising and luring gullible users to them. I don't know much about how these things are handled within wikipedia community. But I have seen articles that have 'Controversy' sections in them. So if I were an editor I'd add exactly such a controversy section to all the pages... that some people see big issues with these projects. And back it up with links out to these threads on the cpunks, gnupg, and tor lists. At least that way it's on wikipedia history for people to see. http://en.wikipedia.org/wiki/Wikipedia:Articles_for_deletion/GoldBug_(software) http://en.wikipedia.org/wiki/Draft:GoldBug_(software) http://en.wikipedia.org/wiki/GoldBug_(Instant_Messenger) http://en.wikipedia.org/wiki/Echo_(communications_protocol) Saw your arguments on the deletion page and figured you would like to be aware of these issues as well.
Re: GoldBug SF projects [was: Bittorrent Bleep]
https://cpunks.org//pipermail/cypherpunks/2014-September/005507.html Reply in thread please. the point was that I would not use bleep messenger from bittorrent, as it is not open source. The point in this particular thread is... that since day one you and your project developers are ignoring real concerns being raised about your apparent cluster of projects. Others like the one you did a research on might be worth for further testings, either by the binaries Why don' t you test the binaries? 7) Ask a friend [...] to use the binaries: exchange keys, and chat. Done. All is encrypted and you never need to exchange keys. Your repeated classic dodge... suggesting that people run blobs instead of answering the question. The 'research' was posted to throw up red flags about these projects for anyone searching so the can see and form their own opinion. The world does not need more closed source. And it does not need more non-reproducible binaries. ESPECIALLY from software projects claiming to protect users privacy through encryption, and further enticing the masses to run them by putting cute little doggies on the tin. The source and the binaries might not be machting from hash, because if you know source projects, the source might be corrected on one or two files even when the binaries have been build. Fix your code then. Reproducible builds are a MUST for any security/privacy project like yours. So better build the software from source and use your own binaries. I would suggest to build the crypto core first, which is spot-on. I cannot help you with compile firefloo messenger on linux or windows, as I have not done this yet. I'm not going to waste time attempting to build stuff that apparently no one but you and or your devs have been able to build. And I'm not going to waste time disassembling the binaries either. Post your SHA-256 reproducible build instructions on the wiki's for your projects. Then ask for build confirmation/review from the community. Until you either ... A) Quit distributing binaries or B) Tell people in a COMPILING doc included in the sources how to make binaries that SHA-256 match the ones you distribute and then C) Answer why you claimed to be announced/partnered with EFF/CCC (which they have both denied [1]), why you are continuing to mimic the Tor homepage/TBB, why you're directly spamming people with invites, why you are dodging these and other questions, and generally appearing and acting very unusual for an opensource privacy suite ... no one is going to believe these projects are anything but untrustworthy snake oil. Help us help you. In my opinion at this time, these (your) projects have serious trust issues and I wouldn't recommend them until resolved. And while this list isn't perfect or comprehensive, those needing privacy solutions have other options to choose from here... https://www.prism-break.org/ License issues... http://www.gossamer-threads.com/lists/gnupg/users/62118 An example of a decent model announcement and request for review, that your seeming sockpuppet then replied to with a lure... https://lists.torproject.org/pipermail/tor-talk/2014-March/032498.html Old stuff... (RetroShare?) http://nabble.documentfoundation.org/Instant-Messenger-for-Libre-Office-serverle ss-and-open-source-td2595287.html http://comments.gmane.org/gmane.os.haiku.devel/18674 Can anyone provide an overall interpretation in English of posts? http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundrechte /AKV-mailarchiv-2009-201310/author.html http://moenchengladbach.hopto.org/k/buecher/cd0001/instit/org/Aktion_Grundrechte /AKV-mailarchiv-2009-201310/26906.html Ps: To date, none of the people potentially related to these projects that I previously CC'd seeking comment from have replied either. [1] Official Comments EFF: https://lists.torproject.org/pipermail/tor-talk/2013-July/029129.html CCC: Subject: [rt.ccc.de #40481] False press using EFF / CCC? goldbug.sf.net
Re: GoldBug SF projects [was: Bittorrent Bleep]
On Mon, Sep 22, 2014 at 3:12 AM, Bernd Stramm bernd.str...@gmail.com wrote: To the extent that linux versions of these projects are available, I put them in the opensuse build system. From there you can get RPMs, and a few DEBs, including the source versions. OBS signs them. If I wanted to try Unix/OBS versions I would. And I might if these issues are ever resolved and they are picked up and looked at by more Unix's. So quit whining I'm defending users who might be considering running the binaries you distribute. As far as I can tell, no one has ever been able to reproduce them from your sources. And you haven't posted sufficient details about your platform to make whatever compilation notes you posted worthwhile. 32 bit windows could be anything. I also can't find OpenPGP signatures for the binaries or the sources that you distribute. Nor can I find a reply from you or Mike Weber or anyone else regarding all these issues. If you use windows, it is your own fault. So if I use the source without blobs I'm safe, but if I use your windows binaries I'm rooted? Or should this mean that you know windows sucks but you're writing to it anyways, and perhaps you don't care much about the implementation quality there. Now because you're a member of GoldBug Messenger on SF... / http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047137.html / [Today ...] the EFF in conjunction with the Chaos Computer Club announced a / new secure Instant Messenger called: GoldBug.sf.net (http://goldbug.sf.net) Are you suggesting that users ignore the falsehood you put in your announcements and just trust your software? (Is that what all those anonymous 5-star 1-review posts of GoldBug to mostly second and third class windows software aggregator sites are about... building trust? You can google for those.) Or are you saying that you somehow forgot to post your own project denial of Randolph / Thomas posting as if they were associated with your projects? Ok, well maybe you did forget that, so let's see who has control... Currently: http://sourceforge.net/projects/goldbug/ Brought to you by: berndhs, mikeweber ... and what they do with that control... / http://lists.gnupg.org/pipermail/gnupg-users/2013-July/047137.html This gnupg thread also shows two other witnesses to... / a review on sourceforge which indicates that the CCC has no idea / of it / ... I also note that about 30 minutes ago, a representative of the Chaos / Computer Club (CCC) posted a one-star review of GoldBug in which he said / that CCC had never heard of GoldBug, despite GoldBug claiming to be / associated with CCC. / / About five minutes ago the GoldBug project admin disabled reviews and / the one-star review is no longer visible. / / This kind of behavior on the part of the GoldBug project leaders is / deeply irresponsible. This, by itself, should persuade people to not / use it. Responsible programmers *welcome* criticism -- we don't / suppress it. Currently: http://sourceforge.net/projects/goldbug/reviews This project does not allow reviews to be posted. Now of course back then Mike Weber may have been the only one in the SF GB project, plus the apparent, in my opinion, shills Thomas and Randolph. However, you are now also on the SF GB project since at least Oct 26 2013. https://web.archive.org/web/20131004145711/http://sourceforge.net/projects/goldbug/ https://web.archive.org/web/20131026004244/http://sourceforge.net/projects/goldbug/ So lets see if your project has improved its behaviour since pointed out by people on gnupg list in Jul 2013... no it hasn't. To wit: Your project just censored my post and turned on list moderation so that no one else can speak. Oopsie, footshot ;-) https://web.archive.org/web/20140922090221/http://sourceforge.net/p/goldbug/mailman/goldbug-forum/ https://web.archive.org/web/20140922201304/http://sourceforge.net/p/goldbug/mailman/goldbug-forum/ http://sourceforge.net/p/goldbug/mailman/goldbug-forum/ 1 message has been excluded from this view by a project administrator. 14 out of 15 posts. Your mail to 'GoldBug-Forum' ... is being held ... Post to moderated list So the question now begs, with you being fully aware, and perhaps even complicit... why do you remain associated with projects that have serious issues? If you choose to remain, you definitely need to get Mike, and you, to post an answer on this stuff. And if you choose to leave, an exit statement from you would surely serve you well as a possible member of the FOSS/Suse community. So quit whining As long as all these questions remain unanswered, I will not quit defending users, or the names of Tor, EFF, CCC. Last minute additions... # These two addresses are '550 user unknown' ... bern...@users.sourceforge.net mikewe...@users.sourceforge.net # A story about one particular Michael Weber http://www.businessinsider.com/swiss-software-developer-bitcoin-2014-4 # Another email found spot-on and dooble - Alexis Megas -
