Re: [freenet-support] Anonymity of browsing without downloading

2016-09-27 Thread Eric Tully

 There are lots of good and legal reasons to use Freenet.  Most
 people assume that tools like Freenet and Tor are for criminals -
 and yes, I have a feeling that there are some criminals who use
 anonymizing tools - but one good example might be computer virus

You want to be a better programmer, you want to study existing viruses,
you want to develop tools to eliminate viruses, and you want to learn to
write software that doesn't contain vulnerabilities in the first place. 
 In the process of researching viruses, you could possibly visit web
sites that try to infect your computer - or they have pop-up ads on
their site that have less than honorable content.  With all of the
javascript, html, and images loaded behind the scenes that you didn't
specifically request - and may never have seen on your screen - you
could end up with cache that contains material that your HR department
could use to fire you or that police could use to put you in jail.

 So... with that much to risk, you don't want to use a commercial
 product that won't let you look under the hood.  Imagine buying
 "Anonymity" software that runs and makes all sorts of promises
 about how you're completely invisible.  Since you can't see the
 source code,  you have NO IDEA whether they're telling the truth or
 not.  And here's the important part:  THEY HAVE EVERY REASON TO
 the sale, sell you the software, and when it turns out to be a lie,
  who goes to jail?  Hint:  Not them.

 But here's the thing:   When you decide to use open source software
 so that you can avoid that trap,  you can't just send out an email
 and say, "Hey, does this stuff really work?"  Because, just like
 the commercial software, you're going to get answers... and if
 those answers turn out to be wrong,  who goes to jail?   Still not

 No matter whether you're a virus researcher... or a bad guy who
 wants to commit crime anonymously... are you really going to trust
 the word of a complete stranger who you've never met, can't see,
 and who doesn't owe you anything?  If you're REALLY concerned about
 the consequences of getting caught (whether you're a good guy or a
 bad guy),  asking the question "Does this stuff really work?"  is
 completely the wrong way to be safe.   If you're REALLY concerned, 
 there's only one way:   learn to program,  read the code,  learn
 how browsers and operating systems work, study the Freenet source
 code,  and then TEST TEST TEST.   For example,  scan your hard
 drive for a bunch of blue pixels.  If you don't find any, put an
 image with all blue pixels up on Freenet and surf for that image
 using Freenet.  Then hire some forensics guys to search your hard
 drive for blue pixels.  If they find any,  then you KNOW that the
 stuff doesn't work.  If they don't find any, then you're getting
 closer to trusting the software.  Then interview more forensics
 guys and ask them what they know that the first forensics guys
 didn't know.  And have them scan your hard drive.  The more you
 learn, the more confidence you'll have about how to use anonymizing
 tools correctly and how well they work.

 But if you just ask, "Is this stuff any good?" and someone says,
 "It's perfect",  is that really going to make you feel better when
 you get fired or arrested or your girlfriend leaves you?   

 And if you ask, "Is this stuff any good", and someone says, "There
 SHOULD not be anything which can be CLEARLY traced to your usage,
 AS LONG AS you use...",  there are so many qualifications in that
 sentence that it's pretty much not even an answer.  (I mean, good
 for Arne for being clear that he's not 100% certain that it's
 perfect).  When you get an answer like that,  it should be clear to
 you that asking online isn't going to help you when you end up in
 court.  This is one of those times when you can't rely on a free
 answer you get on the Internet,  you need to LEARN and TEST if
 you're actually concerned.

 Of course, if you're just trying to keep your mom from knowing that
 you used the computer to look at boobs,  then maybe that answer is
 good enough.

- Eric

On Sun, Sep 25, 2016, at 06:01 AM, Arne Babenhauserheide wrote:
> Dear Durran,
> There should not be anything which can be clearly traced to your usage,
> as long as you use at least "low security" (not None!). Forensic
> analysis might still reveal stuff, however, for example from browsers
> leaking memory into swap or disobeying caching policies even in
> incognito mode, or from not completely deleted files.
> To be more secure, encrypt your disk (then deletions work more
> securely).
> There will be encrypted fragments of many different kinds of files on
> your 

Re: [freenet-support] Question regarding legal case

2016-07-25 Thread Eric Tully
On Mon, Jul 25, 2016, at 03:03 PM, Steve Dougherty wrote:
> Now addressing others on the list: I note an ethical dilemma here. It
> may well be that the accused is guilty of the things they are accused
> of, and invalidating this presumably-mistaken search warrant would
> allow them to go free. That said, do we want to resist the application
> of flawed statistics in prosecuting Freenet users? I'm leaning toward
> probably. Selectively assisting in fighting search warrants that seem
> invalid also seems unethical. Are we obligated to help?
This is a great ethical question and it's been answered a million times
in courts.
There is a reason you hear about bad guys going free on "technicalities"
and it's not that the system is broken or corrupt.  The system is
designed with an important safeguard:   It's better for a HUNDRED guilty
people to go free than for ONE innocent person to go to jail.
If the prosecutors are using flawed statistics or a misunderstanding of
Freenet to send GUILTY people to jail,  then there is going to come a
time when they use those same flaws to send an INNOCENT person to jail.
If you provide testimony that truthfully describes how Freenet works and
that sets a guilty person free,  that is not your fault.  (Likewise,  if
cops were using Tarot cards or a Magic 8-ball to "prove" people were
guilty, and someone provided the truth about Tarot cards and Magic 8-
ball's, and that causes a guilty person to go free,  consider it a good
thing that the system has been FIXED and good innocent people aren't
wrongly going to jail.)
Those "technicalities" that the cops in TV shows seem to hate so much
are carefully designed protections to make sure that the system errs on
the side of protecting the innocent.
You will sleep better at night knowing that you told the truth.
Consider the alternative:   If you are ONLY going to provide testimony
in cases where the defendant is innocent,  then you're going to have to
determine who's guilty and innocent.  [And if you can do that, we don't
really need courts anymore, we can all just Ask Steve.]  If you withhold
testimony because the guy is a scumbag and he goes to jail on flawed
statistics, and then you find out years later that he was innocent,  you
are going to feel a lot worse than if you found out that a guilty guy
went free.
Just tell the truth about how your software works.  Whatever happens
after that is at least done with everyone's eyes open instead of closed.
But fucking charge for it.  $300 an hour seems fair.  FOSS authors have
a right to get paid for their time, knowledge, and expertise.  If a
court needs to understand how your software works,  you already did the
world a favor by WRITING the software,  you're not obligated to ALSO
teach everyone how to use it, teach them how to read code or to teach
them statistics that they should have learned in high school.  Be sure
you get WELL paid for your time.
The EFF will back me up on everything I'm saying.  This isn't about
twisting my mustache with an evil laugh because I've figured out how to
get away with being a bad guy.  This is about freedom to use software
to be anonymous - the crypto community has been trying for decades to
get people to understand that good and bad people EACH have uses for
tools like encryption, hammers, guns, and Freenet.  Encryption and
Anonymity doesn't mean your probably guilty.  The Federalist Papers,
for example, were published anonymously and provided the ideas that
eventually grew into the US Constitution.  You are on solid ethical and
moral ground - and in good company - by telling the truth about how
your software works.
- Eric
Support mailing list
Unsubscribe at