Monthly Archives: October 2013

[from the cryptography mailing list]

John Young jya at
Sat Oct 19 08:37:41 EDT 2013

It is not either dribble / or “dump” as favored outlets are
pontificating, seemingly by ostentatious agreement to
limit harm to governments by harming the public.

Both: provide the documents in a publicly accessible
depository as well as narrate their significance for those
who prefer readers digest and authoritative guidance.

Right now, DocumntCloud provides this depository, holds
over 400,000 documents provided by “authenticated”
journalists to substantiate their reports and to share with
others. Nearly all of the Snowden documents are on file there.

Researchers and other journalists want to see original
material for their own edification, interpretations and
uses. And to balance the inevitable bias and lack of
understanding common to all of us. Bear in mind that
readers digests, narratives and editorials are entertaining
fiction like “news.”

Similarly, WikiLeaks initially provided copious documents as
back-up to its commentary. And still does despite an uptick
in exhortatory narratives. So does Federation of American
Scientists, National Security Archive, Public Intelligence,
Crytpocomb, and dozens more, some very old, other new:

This dribbling of documents is a moneymaking scam which
may increase in harm by concealing information that puts
people in harm’s way, not the spies and their agents. Or
worse, choking the flow is required by a confidential
negotiated agreement or policy to test the market, test
the USG response, vet with governments as most major
newpapers do “to limit harm” a code word of complicity.

At one point early on Greenwald says he considered setting a
web site for the documents to be called NSADocuments.
It is not clear what led him to go a conventional monetized
route with the Guardian. Nor the conditions under which
WaPo, O Globo, Der Spiegel, New York Times and ProPublica
were brought into the stream.

What is annoying for the special purpose of this honorable
list of understatement is the braying about encryption as if
that is now mandatory PR to show comsec responsibility.

Nothing about the well-known weaknesses of encryption, its frequent
failures, its backdoors, its extremely misleading marketing,
its long history of many failures and few successes, its
use for entrapment and tracking, its customary snake
oil claims, its recantment by original authors, its cover-up
by original authors, its hopelessly fuck-up state at the
present time and crazed efforts to patchwork temporary
solutions to prop up damaged markets and tattered
reputations amply demonstrated here and other crypto
fora, especially the chickenshit one which bans political and
embarassing topics, therefore most likely populated with
those deeply and long complicit in commercial and
governmental exploitation of the public.

No need to beat the dead horses of Tor, anonymizers,
OTR, OTP, sekret chats, sneaker nets, black nets,
key signing parties, key revocations, forgeries,
impersonations, giant corps and NGOs, use of
trusted cryptoids to front dubious surefire protection,
use of bold names to mislead corrective efforts for
damage they themselves caused, in particular
misleading Manning, Snowden, Anonymous, LulzSec
and many others about comsec.

At 11:43 PM 10/18/2013, you wrote:
>You’ve shot down the approaches of Snowden and Assange before. I
>feel like I mostly understand your argument, but I’m not sure I know
>what you would have them do differently.
>Is there anything in particular you think they should have done
>differently to accomplish their goals? Or do you think their goals
>were misguided? If so, what should their goal been, and what should
>they have done to accomplish it?
>I know this seems I’m just trying to encourage counter factual
>arguments against history. But there will be more leaks, and more
>folks who are in a position to distribute them. What should they do?
> > On Oct 18, 2013, at 13:37, John Young wrote:
> >
> > We still don’t know, and likely will never know, what is in the
> > Snowden collection. Admirable as his courage may be, he
> > erred in handing it over to media incapable of assessing the
> > whole wad, which has led to the teasing and hyperbolized
> > accounts valorizing crypto to armor info-warriors.
> >
> > Perhaps more capable assessment is being done and will
> > be made public in a credible fashion instead of the goofy
> > call for debate before much is known beyond rhetoric and
> > hype. The heavy-handed redactions suggest official advice
> > threats and culling, and do not augur well for seeing the rest.
> >
> > Stupid claims of hiding the collection, insurance as stupid as
> > that of WikiLeaks, stupidly sending some or all of it to other
> > parties, come across as patent dissimulation of the comsec
> > advertising type.
> >
> > Comsec is now a fat mark-up of junk, espoused by stupid
> > comsec advisers to journalists as if a saintly medallion to
> > stop a bullet.
> >
> >

25.10.2013, JD

Tails is a live operating system, that you can start on almost any computer from a DVD or a USB stick. It aims at preserving your privacy and anonymity, and helps you to:

  • use the Internet anonymously and circumvent censorship;
    all connections to the Internet are forced to go through the Tor network;
  • leave no trace on the computer you are using unless you ask it explicitly;
  • use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging.

It is a complete operating system designed to be used from a DVD or a USB stick independently of the computer’s original operating system. It is Free Software and based on Debian GNU/Linux.

Tails comes with several built-in applications pre-configured with security in mind: web browser, instant messaging client, email client, office suite, image and sound editor, etc.

Tails Website

PS I’m using this software since the very beginning. It’s not fool-proofed and doesn’t makes you invisible or totally and all around secure. You should use it – but you should not trust!


22.10.2013, JD
Text taken from Tails website

Heather Marsh

Omar Khadr was a Canadian kid caught in a firefight in Afghanistan in 2002. He was captured by the US and tortured at Bagram and Guantanamo for ten years. Eventually, he signed a plea deal admitting guilt in killing Special Forces Sergeant First Class Christopher Speer during the battle. He continues his legal saga in solitary confinement in Canada. 

Omar was not supposed to be in the compound on the day he was injured. A family acquaintance had taken 15 year old Omar with him as a translator as he was fluent in four languages. According to multiple sources close to him, Omar says he was the first person wounded in the attack on the compound he was in. He says the others carried him to shelter throughout the hours of fighting until he was shot twice in the back. He survived so long because he was not in the…

View original post 3,529 more words

Even if with a small delay, it is time for the Cyber Attacks Statistics derived from the Cyber Attacks Timelines of September (Part I and Part II).

As usual let us begin with the Daily Trend of Attacks chart. The chart shows a clear peak on September, 27th, due to a wave of attacks of the Anonymous against the Cambodian Government. In general, the number of attacks reported on the news had an increase in the second part of the month.

September 2013 Daily Trend

No surprisingly, US lead the Country Distribution chart. Also, it is worth to mention the second place of Cambodia, as a direct consequence of the wave of attacks carried on by the Anonymous collective. India is in the middle of a Cyber War against Pakistan and this explains his bronze medal just ahead of UK.

September 2013 Country Distribution

The Motivations Behind Attacks chart shows an unexpected overtake of Hacktivism on…

View original post 318 more words


A book by Julian Assange, Jacob Appelbaum, Andy Muller-Maguhn, Jeremie Zimmermann

The harassment of WikiLeaks and other Internet activists, together with attempts to introduce anti-file sharing legislation such as SOPA and ACTA, indicate that the politics of the Internet have reached a crossroads. In one direction lies a future that guarantees, in the watchwords of the cypherpunks, ΓÇ£privacy for the weak and transparency for the powerfulΓÇ¥; in the other lies an Internet that allows government and large corporations to discover ever more about internet users while hiding their own activities. Assange and his co-discussants unpick the complex issues surrounding this crucial choice with clarity and engaging enthusiasm.

Formats: epub, mobi, pdf

If you like this book, please consider buying it,
or make a donation to one of those organisations:
– Julian Assange defence fund
– TorProject, The Onion Routing
– La Quadrature du Net


21.10.2013, JD

[liberationtech] RiseUp
Eugen Leitl eugen at
Wed Oct 16 02:22:38 EDT 2013

----- Forwarded message from elijah <elijah at> -----

Date: Tue, 15 Oct 2013 15:47:15 -0700
From: elijah <elijah at>
To: liberationtech <liberationtech at>
Subject: Re: [liberationtech] RiseUp
Message-ID: <525DC5F3.8010604 at>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0
Reply-To: liberationtech <liberationtech at>

On 10/15/2013 03:07 PM, Yosem Companys wrote:

> If you have any thoughts about Riseup, whether
> security/privacy-related or otherwise, I'd love to hear them.

I think I am the only person from the Riseup collective who is
subscribed to liberationtech, so I will reply, although what follows is
not an official position or response from the collective.

We started when it was impossible to get even simple IMAP service that
was affordable. Very early on, it became apparent that one of the
primary issue facing our constituency (social justice activists) was the
rapid rise in abusive surveillance by states and corporations.

Riseup does the best it can with antiquated 20th century technology.
Without getting into any details, we do the best that can be done,
particularly when both sender and recipient are using email from one of
service providers we have special encrypted transport arrangements with.
Admittedly, the best we can do is not that great. And, of course, our
webmail offering is laughably horrible.

Riseup is not really a "US email provider". The great majority of our
users live outside the United States, and email is just one of many
services we provide.

There has been much discussion on the internets about the fact that
Riseup is located in the US, and what possible country would provide the
best "jurisdictional arbitrage". Before the Lavabit case, the US
actually looked pretty good: servers in the US are not required to
retain any customer data or logs whatsoever. The prospect of some shady
legal justification for requiring a provider to supply the government
with their private TLS keys seems to upend everything I have read or
been told about US jurisprudence. Unfortunately, no consensus has
emerged regarding any place better than the US for servers, despite
notable bombast the the contrary.

As a co-founder of Riseup, my personal goal at the moment is to destroy
Riseup as we know it, and replace it with something that is based on
21st century technology [1]. My hope is that this transition can happen
smoothly, without undo hardship on the users.

As evidence by the recent traffic on this list, many people are loudly
proclaiming that email can never be secure and it must be abandoned. I
have already written why I feel that this is both incredibly
irresponsible and technically false. There is an important distinction
between mass surveillance and being individually targeted by the NSA.
The former is an existential threat to democracy and the latter is
extremely difficult to protect against.

It is, however, entirely possible to layer a very high degree of
confidentially, integrity, authentication, and un-mappability onto email
if we allow for opportunistic upgrades to enhanced protocols. For
example, we should be able to achieve email with asynchronous forward
secrecy that is also protected against meta-data analysis (even from a
compromised provider), but it is going to take work (and money) to get
there. Yes, in the long run, we should all just run pond [2], but in the
long run we are all dead.


Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: Unsubscribe, change to digest, or change password by emailing moderator at companys at

----- End forwarded message -----
Eugen* Leitl <a href="">leitl</a>
ICBM: 48.07100, 11.36820
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the cypherpunks mailing list


16.10.2013, JD

%d bloggers like this: