[Noisebridge-discuss] TOR re: Anti-piracy / anti-Pirate Bay law currently in Congress

Pirate Matt bugsglo at gmail.com
Fri Aug 8 16:44:30 UTC 2014


*facepalm*


On Fri, Aug 8, 2014 at 9:36 AM, openfly <openfly at xn--kgbed8a0h.xn--ngbc5azd>
wrote:

> Yeah.  Pretty much I made it half way through and decided this home has
> some serious character flaws.  And is probably borderline delusional in his
> narcicism. Take it from me I once tried to start a cult of worship of
> myself.
>
> On Aug 8, 2014 12:14 PM, Jeffrey Carl Faden <jeffreyatw at gmail.com> wrote:
> >
> > EXCEEDINGLY VERBOSE, DECLINED TO PERUSE
> >
> >
> > On Thu, Aug 7, 2014 at 9:56 PM, Thomas Stowe <stowe.thomas at gmail.com>
> wrote:
> >>
> >> Hi Noisebridge! I'm just taking the opportunity to well, some might say
> address my being wronged (treated very poorly) via your list by one of your
> members some few years ago. Personally, I'm just going to go there and say
> that this is an "I Told You So!" e-mail. Because, well, some of you treated
> me poorly, and well, you deserve at least that much. Maybe it's not the
> most constructive choice, but well, the more people that know, the more
> that I feel better. :-) Maybe I'm a bit of an egotist, but that's not
> exactly insulting to me. I am superior to most people, which is why I keep
> superior company for the most part. That goes with the whole
> not-worth-my-time thing.
> >>
> >> So, as the title stated, I decided to talk about it a little bit some
> time ago. You made it obvious that you weren't worth discussing it with,
> and you decided to make the Noisebridge-Discuss list a hostile place, which
> is why I left it and won't return. It wasn't the first time I'd noticed
> problematic personalities @ NB. I've included my article and a good part
> our original interaction from the list archives (
> https://www.noisebridge.net/pipermail/noisebridge-discuss/2010-September/016627.html ),
> including my "crazy, unfounded speculations" to paraphrase Jacob, about the
> nature of global surveillance and our general ability to compromise the TOR
> network by highlighting it's weak points. Yes, I was right. Yes, you're a
> douche, and that douchery makes you a dumbass, dumbass.
> >>
> >> Now that there're more than concepts put out there, and attacks have
> moved beyond what I was doing but not publishing, I hope you realize that
> sometimes, instead of going out of your way to insult people, it might be
> better to do more than make remarks and sarcastic suggestions if you want
> the information. Even if you think that they can't possibly be right,
> because *gasp* that would make them smarter than you or make you feel
> inferior.
> >>
> >> Follow Leads. Ask Questions. I had better things to do, like try to
> find a job, rather than  than point out the obvious and search for
> vulnerabilities that will help, well, not me. If I'm going to do unpaid
> work, it'll be to people who deserve it, or abused puppies. My health
> hasn't been all that great, with dental issues and arthritis that I'm well,
> too poor to get treatment for at the moment, and the same was then. I've
> made progress, and have more free time, but still, not for assholes.
> >>
> >> I felt that Jacob, of all people and those others, who like him, and
> perhaps because of him, were predisposed to attack anything I'd said. And
> thus not even worthy of my time. I had a couple of drinks tonight and
> decided to finally get around to writing this e-mail.
> >>
> >> Of course, I'm sure some of you were jizzing in your pants when you
> bought BlackHat tickets, or perhaps you couldn't go and wanted to the
> research and outcomes from the now-pulled CMU researchers. I doubt you even
> remembered that interaction.
> >>
> >> After that interaction, I wrote this. I decided to publish it about 2
> years later, as I do sometimes. I wrote up much more after discussing it
> with other security-educated individuals after it was published, but I'm
> more interested in watching the TOR network burn and be reborn due to it's
> use by so many pedos, cybercriminals and trash. TOR will have to change in
> nature and philosophy before anyone should give a fuck about it IMHO. It
> won't stay relevant, mostly because the philosophy is counter-productive,
> encourages "Freedom" for anyone, including those that prey upon others.
> The"Digital Wild West" is argued for mostly by proponents of "A Human Right
> of Privacy", and political components in nations where peoples are being
> oppressed.
> >>
> >> I agree with the latter. I've never assumed we have a right to, or that
> we had, regardless of rights, Privacy. I'm privacy-agnostic whether that be
> because of lexical fingerprinting algorithms, servitor-type intelligent
> agents or well, design flaws, In fact, I've always known differently, for
> reasons that I'm not going to disclose. You all can wonder about that. It
> won't make me any money or get me a job to explain it to you, or make me
> feel any better. ;)
> >>
> >> That you didn't play nice, Jacob & Co., and reacted like a group of
> bipolar shrimp, just makes you obviously gullible and perhaps a bit stupid.
> Hell, that was obvious from the start given your lack of emotional
> intelligence. Go work for Google, take their "Search Inside Yourself"
> class. You need it.
> >>
> >>
> http://www.businessinsider.com/search-inside-yourself-googles-life-changing-mindfulness-course-2014-8
> >>
> >> I made sure to space the text of this e-mail out so well, you would
> actually take the time to read, this time. ^_~
> >>
> >> I wrote this article, published and copyrighted by 2600 Magazine. Feel
> free to drop me an e-mail at my 2600 e-mail addy if you doubt it. And no,
> it's not a super-secret identity, I've held it since I was 16 years old,
> and used it on EfNet IRC from the time I was 12. These days it's just
> another of my pen names.
> >>
> >> My article.
> >>
> >> Anonymity and You, Firefox 17 Edition(Link)
> >> 2600 Magazine, The Hacker Quarterly, Winter 2013-2014
> >> by l0cke (l0cke at 2600.com)
> >>
> >> I want to address this recent thing going on with the Firefox exploit
> used to break Tor’s anonymity. Anonymity is important to have. Privacy is a
> right, if not a privilege, and definitely not a privilege that can be taken
> away for an arbitrary reason.
> >>
> >>
> >> Someone had asked me years ago about how to track someone down over the
> Internet at one point and I said, “Just get someone to click a link or use
> an exploit like the Chinese were using with Flash to track down
> dissidents.” I’m not surprised. I’ve made my opinion on it well known to
> many parties and I’ve kept my mouth shut about it because at every turn
> privacy activists or programmers tell me that “Tor isn’t broken and your
> attempts to point out our flaws are asshattery,” whether motivated by
> wanting to keep things like that secret or to comfort themselves and others
> who use the service. There are many means one could use to break Tor’s
> protection, including taking advantage of OS and software components or by
> using analysis to make educated guesses about the location of both Tor
> users and Tor services.
> >>
> >>
> >> There is no such thing as true anonymity, though one might be able to
> set up a VPN or proxy like JonDonym, or another instance of Tor, or maybe
> even chain them without much, if any, technical knowledge whatsoever to
> prevent vulnerabilities like this from hitting. One could also make Tor the
> operating proxy for all of one’s Internet traffic on a machine or entire
> network via firewall, or by using a special app that only allows traffic
> through that proxy and/or VPN and disconnects any traffic outside of it
> before it reaches the physical network connection - or via software on the
> router/firewall that drops anything not going to Tor or whatever anonymity
> service.
> >>
> >>
> >> I’ve pointed out to many security software developers that the security
> of the Tor software just isn’t there. I suggested that either there was
> something in the code or something the code interacts with that was
> exploitable. What it was, I don’t know. But take everything that’s
> connected to software you use as an extension of that software. This recent
> event proves that even more. I know people who think there are magic
> services that make one anonymous. There aren’t. And with our knowledge now
> of PRISM - if someone can see the traffic on both ends and just match up
> timestamps and file size transfers, then guess what? You’re on candid
> camera, a lead to be pursued by someone wanting to track down who received
> or transferred those files or both. By files, I mean even web traffic.
> >>
> >>
> >> Five things to take into account that aren’t being done right now in
> any anonymity service:
> >>
> >>
> >> 1) No Real-Time Communication. A true anonymous service would be like
> old FTPMail. It will send a request at a randomized time that has nothing
> to point it back at the user. An even smarter one will send or receive
> traffic at a time that’s generated based upon human psychology, i.e., no
> porn requests at night or on weekends.
> >>
> >>
> >> 2) Fabricate Clues to Location. Create blocks of downtime that have no
> reason because one’s downtime can show one’s location.
> >>
> >>
> >> 3) Do Like UPS. Make the anonymity node perform the request - it sends
> and receives all data so that it’s not parsed by the web browser directly.
> Think the way a parcel service delivers mail.
> >>
> >>
> >> 4) Sterilize All Content. Perform transforms on text - the easiest is
> to translate text from an original language through several others. I’d go
> one step further because this can be reversed and use a mathematically
> generated dictionary or array using dictionaries, thesauri, and the like to
> add even more randomness. Plus it’d look kinda crazy and reminiscent of
> leetspeak. “Thee hast better not g0nn4 speek dat 2 dem, boy” for “You’d
> better not tell them that,” etc.
> >>
> >>
> >> Sterilize images, audio, video, and the like as well - at least insofar
> as what created the container, any information in the images, etc. Killing
> lighting and replacing it with a solid color would be good too - filters so
> that someone can’t use the sunlight or stars to tell where one is based
> through an image or video. Also, creating blocks over all people in images
> and blocks over any visible text in any language.
> >>
> >>
> >> Sterilize all hypertext and code - any kind of code or markup or
> uncommon phrasing that might be found if reposted as a fingerprint (i.e.,
> using “hast” a lot in text instead of “has”) or processed by a computer
> like the code that created the GET request.
> >>
> >>
> >> 5) Use or Adapt Third-Party Tools. For now, use whatever you can on top
> of your anonymity services. Use NoScript and make sure that DNS requests
> don’t leak. Make sure that whatever IP protocol you use is stable and
> doesn’t send information to servers you request to. Don’t take a program
> author’s word for anything, ever. Test against tools that benchmark and
> look for those things or figure out how to test them yourself. Also, be
> wary of services that may contact another server for certificates or
> verification - HTTPS ends up connecting to an index to verify the
> certificate a site gives. If you’re not careful, some tools can contact DNS
> servers you already use. Use a plugin that makes sure that a proxy (like
> Tor) is always enabled if connecting to a site. Some services, even when
> working, have a big flaw: the operator. If you forget to turn on the
> anonymity service or ensure that it’s running, that’s on you.
> >>
> >>
> >> I believe that’s why TorButton is no longer a standard option in Tor.
> Become a programmer in spirit if not in mind. To do any less is to invite
> disaster. Learn how these things work and chances are if you think of some
> new way to do something, someone else has or you can figure out how to
> adapt their work to your own use.
> >>
> >>
> >> I’d go so far as to make it impossible to easily upload or download
> images via Tor, even if it means you have to kill all forms of compression
> or make them readable by a “processing node” that handles the no-real-time
> rule as well as sanitizing the stuff, killing all content that isn’t text
> or isn’t hypertext to be sanitized and shown as a special local
> only-viewing-markup in JSON or XML. That might not stop people from
> creating new versions of uuencode out of text or hypertext, but it would
> make easy access to sending and receiving child porn harder. ■
> >>
> >>
> >> Our original interaction. Note the date, then Google when the rest came
> about. Years later.
> >>
> >> [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in
> Congress
> >> Thomas Stowe stowe.thomas at gmail.com
> >> Mon Sep 27 23:04:15 PDT 2010
> >>
> >> Previous message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay
> law currently in Congress
> >> Next message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law
> currently in Congress
> >> Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >> ________________________________
> >>
> >> Wow, the only assertion I made was that TOR is compromised and you
> basically
> >>
> >> just told everyone to completely ignore what I've said. Look, I know
> you're
> >>
> >> passionate about TOR and that's great - you guys made a really cool
> suite of
> >>
> >> software but don't take this wrong when I say this because I don't mean
> it
> >>
> >> as a personal slight. You're naive. You think that it's okay to run an
> exit
> >>
> >> node and it's wrong to push people in the direction not to run exit
> nodes,
> >>
> >> even in the case that they will have their computers taken and have
> charges
> >>
> >> pending against them and be forced to spend money out of pocket to
> promote
> >>
> >> anonymity. That's a dream that we all have - no consequences. The
> reality is
> >>
> >> that things do happen to people and I don't really care if the guy from
> >>
> >> Germany became a developer for TOR after he had gone through hell with
> the
> >>
> >> law. The relevant fact is, he did go through hell with the law and
> everyone
> >>
> >> sane looking out for their own survival should consider that not
> running an
> >>
> >> exit node would be and is a good decision. It's stupid to endanger
> yourself
> >>
> >> for a cause that's dead before it's gotten off the ground. Personally,
> I'm
> >>
> >> not going to a privacy-martyr and I don't think anyone else should ever
> >>
> >> consider it. Are you saying that with the TOR code not being compromised
> >>
> >> that it equates to saftey? Can't TOR developers find users causing
> problems
> >>
> >> or possibly a law enforcement exit-node honeypot set up to be used to
> catch
> >>
> >> users causing problems? With encryption export laws, current attitudes
> of
> >>
> >> law and requests made to companies and groups dealing in security by
> >>
> >> governments, are we wrong to hold the TOR network suspect because we
> don't
> >>
> >> understand or haven't looked at the source code? I believe your
> statement
> >>
> >> regarding that there is no backdoor but I still won't take your word
> for it
> >>
> >> and I honestly don't have the time to look over the code or search for
> >>
> >> novel, new exploits that have yet to be found that would reveal TOR
> users'
> >>
> >> identities. I didn't state that there is one, I said that there I don't
> >>
> >> trust it and there might possibly be one. That's an opinion, logically
> based
> >>
> >> upon other events that are ongoing in global use of the Internet and
> >>
> >> technologies. <sarcasm on> But you're right, "TOR anonymity" is more
> >>
> >> important than my possible legal fees or spending a week in jail until
> it's
> >>
> >> figured out that it wasn't me accessing whatever it was that I could be
> >>
> >> arrested for. <sarcasm off>. But then again because you refuted me by
> >>
> >> stating that everything I stated was bullshit and of course you proved
> your
> >>
> >> point by stating you're a TOR dev so you must be right by way of having
> >>
> >> authority on the subject. I don't find you to be objective in your
> >>
> >> criticism, but "that's only my opinion" based upon you being a dev and
> how
> >>
> >> passionate you seem to be. If I was going to make a claim like "it's
> >>
> >> backdoored", I would've posted code to back it up and not speculated
> based
> >>
> >> upon many other things in the world. It's not as if our government were
> >>
> >> capable on spying on all of us if they wanted in many ways, is it? :P
> I'd
> >>
> >> say my statements are correct, sane and hold the best interest of TOR
> users
> >>
> >> who might run an exit node first and the EFF and their "campaign for
> >>
> >> privacy" second but really showed that I care for both.
> >>
> >>
> >>
> >>
> >>
> >> I sometimes wonder if people think that poking fun at my signature or
> >>
> >> stating that it's idiotic means a damned thing beyond that they were
> pretty
> >>
> >> much mentally masturbating to the fact that they could insult the fact
> that
> >>
> >> I have it in my e-mails. Glad I could help you get off. It's not so
> much an
> >>
> >> ice-breaker to me as one might think as it is a tell of where your mind
> is
> >>
> >> and where you come from that you'd waste energy and time on it.
> >>
> >>
> >>
> >> On Tue, Sep 28, 2010 at 12:38 AM, Jacob Appelbaum <jacob at
> appelbaum.net>wrote:
> >>
> >>
> >>
> >> > On 09/27/2010 10:31 PM, Ronald Cotoni wrote:
> >>
> >> > > I am sure you are right that TOR has been compromised.  I would
> suggest
> >>
> >> > > taking a look at the source
> http://www.torproject.org/download.html.en.
> >>
> >> >  You
> >>
> >> > > can download it there and then confirm or deny this.  It should be
> fairly
> >>
> >> > > trivial for you to do this.  A lot of other projects are open
> source as
> >>
> >> > well
> >>
> >> > > that you can use for encryption on top of tor (a vpn service over
> tor for
> >>
> >> > > example if you are super paranoid)
> >>
> >> >
> >>
> >> > Yes, feel free to audit Tor - we'd love to hear about any bugs or
> issues
> >>
> >> > that you've found.
> >>
> >> >
> >>
> >> > >
> >>
> >> > > Other than that you are right, you
> >>
> >> > > should NEVER do something that you wouldn't do in the open over tor
> or
> >>
> >> > any
> >>
> >> > > other service.  It is just douchy and well wrong.
> >>
> >> >
> >>
> >> > What? He's basically incorrect in everything that he's said - he knows
> >>
> >> > basically nothing on the topic, offers no evidence, makes tons of
> bogus
> >>
> >> > assertions, and then encourages people to stop helping. WTF?
> >>
> >> >
> >>
> >> > There are lots of reasons to use Tor:
> >>
> >> > https://www.torproject.org/torusers.html.en
> >>
> >> >
> >>
> >> > All the best,
> >>
> >> > Jake
> >>
> >> > _______________________________________________
> >>
> >> > Noisebridge-discuss mailing list
> >>
> >> > Noisebridge-discuss at lists.noisebridge.net
> >>
> >> > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >>
> >> >
> >>
> >> -------------- next part --------------
> >>
> >> An HTML attachment was scrubbed...
> >>
> >> URL:
> http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100928/90afca5a/attachment.htm
> >>
> >> ________________________________
> >>
> >> Previous message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay
> law currently in Congress
> >> Next message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law
> currently in Congress
> >> Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> >> ________________________________
> >> More information about the Noisebridge-discuss mailing list
> >>
> >>
> >> Regards,
> >>
> >> Tom
> >>
> >>
> >>
> >>
> >>
> >> Phone (Mobile, SMS & Voice Mail): +1 (210) 704-7289
> >>
> >> E-Mail/GChat/Live: stowe.thomas at gmail.com
> >>
> >> Skype: ThomasStowe
> >>
> >> Social Accounts: Facebook & LinkedIn & Twitter
> >>
> >> Web Presence: Portfolio / Resume
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> about.me/tstowe
> >>>>>>>>
> >>>>>>>>
> >>
> >>
> >>>>>>>
> >>>>>>>
> >> A conscience reminder to unintended recipients of this e-mail: The
> information transmitted in this communication is intended only for the
> person or entity to which it is addressed and may contain confidential
> and/or privileged information. Any review, re-transmission, dissemination,
> copying or other use of, or taking of any action in reliance upon,
> this information, or any part thereof, by persons or entities other than
> the intended recipient, is strictly prohibited and may be unlawful.
> Furthermore, this material may be copyrighted and any type of publishing of
> such without being the rights-holder or written permission by
> the rights-holder is forbidden by US and some International laws. If you
> received this in error, please contact the sender immediately and please
> destroy this communication and all copies thereof, including all
> attachments.
> >>
> >>
> >> _______________________________________________
> >> Noisebridge-discuss mailing list
> >> Noisebridge-discuss at lists.noisebridge.net
> >> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> >>
> >
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20140808/8a35647a/attachment.html>


More information about the Noisebridge-discuss mailing list