[Noisebridge-discuss] TOR re: Anti-piracy / anti-Pirate Bay law currently in Congress

Joe Black joeblack949 at gmail.com
Tue Aug 12 21:53:33 UTC 2014


People who never have anything relevant to say are usually the people who talk the longest.

On Friday, August 8, 2014 at 9:36 AM, openfly wrote:

> Yeah.  Pretty much I made it half way through and decided this home has some serious character flaws.  And is probably borderline delusional in his narcicism. Take it from me I once tried to start a cult of worship of myself.  
>  
> On Aug 8, 2014 12:14 PM, Jeffrey Carl Faden <jeffreyatw at gmail.com (mailto:jeffreyatw at gmail.com)> wrote:
> >  
> > EXCEEDINGLY VERBOSE, DECLINED TO PERUSE
> >  
> >  
> > On Thu, Aug 7, 2014 at 9:56 PM, Thomas Stowe <stowe.thomas at gmail.com (mailto:stowe.thomas at gmail.com)> wrote:
> > >  
> > > Hi Noisebridge! I'm just taking the opportunity to well, some might say address my being wronged (treated very poorly) via your list by one of your members some few years ago. Personally, I'm just going to go there and say that this is an "I Told You So!" e-mail. Because, well, some of you treated me poorly, and well, you deserve at least that much. Maybe it's not the most constructive choice, but well, the more people that know, the more that I feel better. :-) Maybe I'm a bit of an egotist, but that's not exactly insulting to me. I am superior to most people, which is why I keep superior company for the most part. That goes with the whole not-worth-my-time thing.  
> > >  
> > > So, as the title stated, I decided to talk about it a little bit some time ago. You made it obvious that you weren't worth discussing it with, and you decided to make the Noisebridge-Discuss list a hostile place, which is why I left it and won't return. It wasn't the first time I'd noticed problematic personalities @ NB. I've included my article and a good part our original interaction from the list archives ( https://www.noisebridge.net/pipermail/noisebridge-discuss/2010-September/016627.html ), including my "crazy, unfounded speculations" to paraphrase Jacob, about the nature of global surveillance and our general ability to compromise the TOR network by highlighting it's weak points. Yes, I was right. Yes, you're a douche, and that douchery makes you a dumbass, dumbass.
> > >  
> > > Now that there're more than concepts put out there, and attacks have moved beyond what I was doing but not publishing, I hope you realize that sometimes, instead of going out of your way to insult people, it might be better to do more than make remarks and sarcastic suggestions if you want the information. Even if you think that they can't possibly be right, because *gasp* that would make them smarter than you or make you feel inferior.
> > >  
> > > Follow Leads. Ask Questions. I had better things to do, like try to find a job, rather than  than point out the obvious and search for vulnerabilities that will help, well, not me. If I'm going to do unpaid work, it'll be to people who deserve it, or abused puppies. My health hasn't been all that great, with dental issues and arthritis that I'm well, too poor to get treatment for at the moment, and the same was then. I've made progress, and have more free time, but still, not for assholes.
> > >  
> > > I felt that Jacob, of all people and those others, who like him, and perhaps because of him, were predisposed to attack anything I'd said. And thus not even worthy of my time. I had a couple of drinks tonight and decided to finally get around to writing this e-mail.  
> > >  
> > > Of course, I'm sure some of you were jizzing in your pants when you bought BlackHat tickets, or perhaps you couldn't go and wanted to the research and outcomes from the now-pulled CMU researchers. I doubt you even remembered that interaction.
> > >  
> > > After that interaction, I wrote this. I decided to publish it about 2 years later, as I do sometimes. I wrote up much more after discussing it with other security-educated individuals after it was published, but I'm more interested in watching the TOR network burn and be reborn due to it's use by so many pedos, cybercriminals and trash. TOR will have to change in nature and philosophy before anyone should give a fuck about it IMHO. It won't stay relevant, mostly because the philosophy is counter-productive, encourages "Freedom" for anyone, including those that prey upon others. The"Digital Wild West" is argued for mostly by proponents of "A Human Right of Privacy", and political components in nations where peoples are being oppressed.  
> > >  
> > > I agree with the latter. I've never assumed we have a right to, or that we had, regardless of rights, Privacy. I'm privacy-agnostic whether that be because of lexical fingerprinting algorithms, servitor-type intelligent agents or well, design flaws, In fact, I've always known differently, for reasons that I'm not going to disclose. You all can wonder about that. It won't make me any money or get me a job to explain it to you, or make me feel any better. ;)  
> > >  
> > > That you didn't play nice, Jacob & Co., and reacted like a group of bipolar shrimp, just makes you obviously gullible and perhaps a bit stupid. Hell, that was obvious from the start given your lack of emotional intelligence. Go work for Google, take their "Search Inside Yourself" class. You need it.
> > >  
> > > http://www.businessinsider.com/search-inside-yourself-googles-life-changing-mindfulness-course-2014-8
> > >  
> > > I made sure to space the text of this e-mail out so well, you would actually take the time to read, this time. ^_~
> > >  
> > > I wrote this article, published and copyrighted by 2600 Magazine. Feel free to drop me an e-mail at my 2600 e-mail addy if you doubt it. And no, it's not a super-secret identity, I've held it since I was 16 years old, and used it on EfNet IRC from the time I was 12. These days it's just another of my pen names.
> > >  
> > > My article.
> > >  
> > > Anonymity and You, Firefox 17 Edition(Link)
> > > 2600 Magazine, The Hacker Quarterly, Winter 2013-2014
> > > by l0cke (l0cke at 2600.com (mailto:l0cke at 2600.com))
> > >  
> > > I want to address this recent thing going on with the Firefox exploit used to break Tor’s anonymity. Anonymity is important to have. Privacy is a right, if not a privilege, and definitely not a privilege that can be taken away for an arbitrary reason.
> > >  
> > >  
> > > Someone had asked me years ago about how to track someone down over the Internet at one point and I said, “Just get someone to click a link or use an exploit like the Chinese were using with Flash to track down dissidents.” I’m not surprised. I’ve made my opinion on it well known to many parties and I’ve kept my mouth shut about it because at every turn privacy activists or programmers tell me that “Tor isn’t broken and your attempts to point out our flaws are asshattery,” whether motivated by wanting to keep things like that secret or to comfort themselves and others who use the service. There are many means one could use to break Tor’s protection, including taking advantage of OS and software components or by using analysis to make educated guesses about the location of both Tor users and Tor services.
> > >  
> > >  
> > > There is no such thing as true anonymity, though one might be able to set up a VPN or proxy like JonDonym, or another instance of Tor, or maybe even chain them without much, if any, technical knowledge whatsoever to prevent vulnerabilities like this from hitting. One could also make Tor the operating proxy for all of one’s Internet traffic on a machine or entire network via firewall, or by using a special app that only allows traffic through that proxy and/or VPN and disconnects any traffic outside of it before it reaches the physical network connection - or via software on the router/firewall that drops anything not going to Tor or whatever anonymity service.
> > >  
> > >  
> > > I’ve pointed out to many security software developers that the security of the Tor software just isn’t there. I suggested that either there was something in the code or something the code interacts with that was exploitable. What it was, I don’t know. But take everything that’s connected to software you use as an extension of that software. This recent event proves that even more. I know people who think there are magic services that make one anonymous. There aren’t. And with our knowledge now of PRISM - if someone can see the traffic on both ends and just match up timestamps and file size transfers, then guess what? You’re on candid camera, a lead to be pursued by someone wanting to track down who received or transferred those files or both. By files, I mean even web traffic.
> > >  
> > >  
> > > Five things to take into account that aren’t being done right now in any anonymity service:
> > >  
> > >  
> > > 1) No Real-Time Communication. A true anonymous service would be like old FTPMail. It will send a request at a randomized time that has nothing to point it back at the user. An even smarter one will send or receive traffic at a time that’s generated based upon human psychology, i.e., no porn requests at night or on weekends.
> > >  
> > >  
> > > 2) Fabricate Clues to Location. Create blocks of downtime that have no reason because one’s downtime can show one’s location.
> > >  
> > >  
> > > 3) Do Like UPS. Make the anonymity node perform the request - it sends and receives all data so that it’s not parsed by the web browser directly. Think the way a parcel service delivers mail.
> > >  
> > >  
> > > 4) Sterilize All Content. Perform transforms on text - the easiest is to translate text from an original language through several others. I’d go one step further because this can be reversed and use a mathematically generated dictionary or array using dictionaries, thesauri, and the like to add even more randomness. Plus it’d look kinda crazy and reminiscent of leetspeak. “Thee hast better not g0nn4 speek dat 2 dem, boy” for “You’d better not tell them that,” etc.
> > >  
> > >  
> > > Sterilize images, audio, video, and the like as well - at least insofar as what created the container, any information in the images, etc. Killing lighting and replacing it with a solid color would be good too - filters so that someone can’t use the sunlight or stars to tell where one is based through an image or video. Also, creating blocks over all people in images and blocks over any visible text in any language.
> > >  
> > >  
> > > Sterilize all hypertext and code - any kind of code or markup or uncommon phrasing that might be found if reposted as a fingerprint (i.e., using “hast” a lot in text instead of “has”) or processed by a computer like the code that created the GET request.
> > >  
> > >  
> > > 5) Use or Adapt Third-Party Tools. For now, use whatever you can on top of your anonymity services. Use NoScript and make sure that DNS requests don’t leak. Make sure that whatever IP protocol you use is stable and doesn’t send information to servers you request to. Don’t take a program author’s word for anything, ever. Test against tools that benchmark and look for those things or figure out how to test them yourself. Also, be wary of services that may contact another server for certificates or verification - HTTPS ends up connecting to an index to verify the certificate a site gives. If you’re not careful, some tools can contact DNS servers you already use. Use a plugin that makes sure that a proxy (like Tor) is always enabled if connecting to a site. Some services, even when working, have a big flaw: the operator. If you forget to turn on the anonymity service or ensure that it’s running, that’s on you.
> > >  
> > >  
> > > I believe that’s why TorButton is no longer a standard option in Tor. Become a programmer in spirit if not in mind. To do any less is to invite disaster. Learn how these things work and chances are if you think of some new way to do something, someone else has or you can figure out how to adapt their work to your own use.
> > >  
> > >  
> > > I’d go so far as to make it impossible to easily upload or download images via Tor, even if it means you have to kill all forms of compression or make them readable by a “processing node” that handles the no-real-time rule as well as sanitizing the stuff, killing all content that isn’t text or isn’t hypertext to be sanitized and shown as a special local only-viewing-markup in JSON or XML. That might not stop people from creating new versions of uuencode out of text or hypertext, but it would make easy access to sending and receiving child porn harder. ■
> > >  
> > >  
> > > Our original interaction. Note the date, then Google when the rest came about. Years later.
> > >  
> > > [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
> > > Thomas Stowe stowe.thomas at gmail.com (http://gmail.com)  
> > > Mon Sep 27 23:04:15 PDT 2010
> > >  
> > > Previous message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
> > > Next message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
> > > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > > ________________________________
> > >  
> > > Wow, the only assertion I made was that TOR is compromised and you basically
> > >  
> > > just told everyone to completely ignore what I've said. Look, I know you're
> > >  
> > > passionate about TOR and that's great - you guys made a really cool suite of
> > >  
> > > software but don't take this wrong when I say this because I don't mean it
> > >  
> > > as a personal slight. You're naive. You think that it's okay to run an exit
> > >  
> > > node and it's wrong to push people in the direction not to run exit nodes,
> > >  
> > > even in the case that they will have their computers taken and have charges
> > >  
> > > pending against them and be forced to spend money out of pocket to promote
> > >  
> > > anonymity. That's a dream that we all have - no consequences. The reality is
> > >  
> > > that things do happen to people and I don't really care if the guy from
> > >  
> > > Germany became a developer for TOR after he had gone through hell with the
> > >  
> > > law. The relevant fact is, he did go through hell with the law and everyone
> > >  
> > > sane looking out for their own survival should consider that not running an
> > >  
> > > exit node would be and is a good decision. It's stupid to endanger yourself
> > >  
> > > for a cause that's dead before it's gotten off the ground. Personally, I'm
> > >  
> > > not going to a privacy-martyr and I don't think anyone else should ever
> > >  
> > > consider it. Are you saying that with the TOR code not being compromised
> > >  
> > > that it equates to saftey? Can't TOR developers find users causing problems
> > >  
> > > or possibly a law enforcement exit-node honeypot set up to be used to catch
> > >  
> > > users causing problems? With encryption export laws, current attitudes of
> > >  
> > > law and requests made to companies and groups dealing in security by
> > >  
> > > governments, are we wrong to hold the TOR network suspect because we don't
> > >  
> > > understand or haven't looked at the source code? I believe your statement
> > >  
> > > regarding that there is no backdoor but I still won't take your word for it
> > >  
> > > and I honestly don't have the time to look over the code or search for
> > >  
> > > novel, new exploits that have yet to be found that would reveal TOR users'
> > >  
> > > identities. I didn't state that there is one, I said that there I don't
> > >  
> > > trust it and there might possibly be one. That's an opinion, logically based
> > >  
> > > upon other events that are ongoing in global use of the Internet and
> > >  
> > > technologies. <sarcasm on> But you're right, "TOR anonymity" is more
> > >  
> > > important than my possible legal fees or spending a week in jail until it's
> > >  
> > > figured out that it wasn't me accessing whatever it was that I could be
> > >  
> > > arrested for. <sarcasm off>. But then again because you refuted me by
> > >  
> > > stating that everything I stated was bullshit and of course you proved your
> > >  
> > > point by stating you're a TOR dev so you must be right by way of having
> > >  
> > > authority on the subject. I don't find you to be objective in your
> > >  
> > > criticism, but "that's only my opinion" based upon you being a dev and how
> > >  
> > > passionate you seem to be. If I was going to make a claim like "it's
> > >  
> > > backdoored", I would've posted code to back it up and not speculated based
> > >  
> > > upon many other things in the world. It's not as if our government were
> > >  
> > > capable on spying on all of us if they wanted in many ways, is it? :P I'd
> > >  
> > > say my statements are correct, sane and hold the best interest of TOR users
> > >  
> > > who might run an exit node first and the EFF and their "campaign for
> > >  
> > > privacy" second but really showed that I care for both.
> > >  
> > >  
> > >  
> > >  
> > >  
> > > I sometimes wonder if people think that poking fun at my signature or
> > >  
> > > stating that it's idiotic means a damned thing beyond that they were pretty
> > >  
> > > much mentally masturbating to the fact that they could insult the fact that
> > >  
> > > I have it in my e-mails. Glad I could help you get off. It's not so much an
> > >  
> > > ice-breaker to me as one might think as it is a tell of where your mind is
> > >  
> > > and where you come from that you'd waste energy and time on it.
> > >  
> > >  
> > >  
> > > On Tue, Sep 28, 2010 at 12:38 AM, Jacob Appelbaum <jacob at appelbaum.net (http://appelbaum.net)>wrote:
> > >  
> > >  
> > >  
> > > > On 09/27/2010 10:31 PM, Ronald Cotoni wrote:
> > >  
> > > > > I am sure you are right that TOR has been compromised. I would suggest
> > >  
> > > > > taking a look at the source http://www.torproject.org/download.html.en.
> > >  
> > > > You
> > >  
> > > > > can download it there and then confirm or deny this. It should be fairly
> > >  
> > > > > trivial for you to do this. A lot of other projects are open source as
> > >  
> > > > well
> > >  
> > > > > that you can use for encryption on top of tor (a vpn service over tor for
> > >  
> > > > > example if you are super paranoid)
> > >  
> > >  
> > > > Yes, feel free to audit Tor - we'd love to hear about any bugs or issues
> > >  
> > > > that you've found.
> > >  
> > >  
> > >  
> > > > > Other than that you are right, you
> > >  
> > > > > should NEVER do something that you wouldn't do in the open over tor or
> > >  
> > > > any
> > >  
> > > > > other service. It is just douchy and well wrong.
> > >  
> > >  
> > > > What? He's basically incorrect in everything that he's said - he knows
> > >  
> > > > basically nothing on the topic, offers no evidence, makes tons of bogus
> > >  
> > > > assertions, and then encourages people to stop helping. WTF?
> > >  
> > >  
> > > > There are lots of reasons to use Tor:
> > >  
> > > > https://www.torproject.org/torusers.html.en
> > >  
> > >  
> > > > All the best,
> > >  
> > > > Jake
> > >  
> > > > _______________________________________________
> > >  
> > > > Noisebridge-discuss mailing list
> > >  
> > > > Noisebridge-discuss at lists.noisebridge.net (http://lists.noisebridge.net)
> > >  
> > > > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> > >  
> > >  
> > > -------------- next part --------------
> > >  
> > > An HTML attachment was scrubbed...
> > >  
> > > URL: http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100928/90afca5a/attachment.htm  
> > >  
> > > ________________________________
> > >  
> > > Previous message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
> > > Next message: [Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress
> > > Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> > > ________________________________
> > > More information about the Noisebridge-discuss mailing list
> > >  
> > >  
> > > Regards,
> > >  
> > > Tom
> > >  
> > >   
> > >  
> > >   
> > >  
> > > Phone (Mobile, SMS & Voice Mail): +1 (210) 704-7289
> > >  
> > > E-Mail/GChat/Live: stowe.thomas at gmail.com (mailto:stowe.thomas at gmail.com)  
> > >  
> > > Skype: ThomasStowe
> > >  
> > > Social Accounts: Facebook & LinkedIn & Twitter
> > >  
> > > Web Presence: Portfolio / Resume
> > > > > > > > >  
> > > > > > > > >   
> > > > > > > > >  
> > > > > > > > > about.me/tstowe (http://about.me/tstowe)
> > > > > > > > >   
> > > > > > > > >   
> > > > > > > > >  
> > > > > > > >  
> > > > > > >  
> > > > > >  
> > > > >  
> > > >  
> > >  
> > >  
> > >   
> > > > > > > >  
> > > > > > >  
> > > > > >  
> > > > >  
> > > >  
> > >  
> > > A conscience reminder to unintended recipients of this e-mail: The information transmitted in this communication is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged information. Any review, re-transmission, dissemination, copying or other use of, or taking of any action in reliance upon, this information, or any part thereof, by persons or entities other than the intended recipient, is strictly prohibited and may be unlawful. Furthermore, this material may be copyrighted and any type of publishing of such without being the rights-holder or written permission by the rights-holder is forbidden by US and some International laws. If you received this in error, please contact the sender immediately and please destroy this communication and all copies thereof, including all attachments.  
> > >  
> > >  
> > > _______________________________________________
> > > Noisebridge-discuss mailing list
> > > Noisebridge-discuss at lists.noisebridge.net (mailto:Noisebridge-discuss at lists.noisebridge.net)
> > > https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
> > >  
> >  
> >  
>  
> _______________________________________________
> Noisebridge-discuss mailing list
> Noisebridge-discuss at lists.noisebridge.net (mailto:Noisebridge-discuss at lists.noisebridge.net)
> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20140812/f6798c99/attachment.html>


More information about the Noisebridge-discuss mailing list