In Debian:
Re-hehe-ally...

I think you know better than to say that.

But your subsequent posts discuss political issues almost exclusively, so you have unintentionally underlined my point that a political discussion must precede any technological discussion.

Your political comments are not without interest. I don't agree with much of what you said, but the thrust of my objections is that IMO your risk assessments would appear to be naive.

I think you are arguing "there is no point in enabling SSL at a public discussion forum because the posts are publically visible anyway". If so, IMO this completely misses the point, say no more, say no more.

The modern day secret policeman's worst nightmare is that some people might be doing more thinking than talking. So I urge anyone who doesn't get it to think rather than talk.

For the benefit of lurkers: secret police organizations have a presence at LQ and similar forums. They tend to be easily enraged by any suggestion that secret policemen are just the same in all times and places. The Gestapo, the NKVD, the SAVAK, and the Stasi all claimed to be "protecting society" against various "evils". Surviving agents continue to claim "the wrong side" won the several conflicts which resulted in the downfall of the regimes to which these organizations had sworn fealty. This alone should suggest that what matters is not which ideology is professed by a secret police organization, but what methods they use: surveillance, intimidation, secret judicial proceedings, indefinite imprisonment without trial, torture, assassination.

As a technological footnote to the universality of the methods employed to oppress The People, it seems noteworthy that a depressingly varied roster of well known "Western" multinational corporations sell the very same technological equipment to pretty much every regime on Earth which boasts of a well funded and extensive secret police organization. (Don't ask, but seek and ye shall find.)

The former Soviet Union was founded upon an impressive constitution, and some remnants of a civilized legal system continued to exist throughout the worst excesses of the Nazi regime. So how did these governments become criminal organizations run by thugs which perpetrated some of the worst atrocities of the 20th century? In the second case, the answer is pretty simple: the legislature voted to endow the head of state with dictatorial powers. And in the context of the times, the citizens either thought this was perfectly reasonable, or stood by passively in the belief that no sane leader could possibly intend to use such powers. But history suggests that leaders who are granted dictatorial powers always use them, and the consquences are always disastrous.

The secret police strategists have anticipated this and they are determined to thwart your ambition. Don't believe it because I said it; believe it because they say it. (Don't ask, but seek and ye shall find.)

I suspect you may not have thought hard enough (or read enough?) about how they could prevent you from using strong personal cryptography. Sometimes defense in depth places politics before technology.

To repeat a point I made earlier: I think many peaceable citizens who go quietly about their daily business, and who also consider themselves internet knowledgeable (probably with good reason in many respects), greatly underestimate both the probability that they will be personally targeted by professional spooks, and their own ability to thwart such activity. Because the bad guys enjoy overwhelming offensive superiority, ordinary citizens must use all defensive measures: political, legal, and technological. By considering only the last kind of defense, citizens of countries which have not yet slid entirely into lawless chaos are IMO encouraging the further erosion of the rule of law, a process which seems unlikely to end well.

The bad guys are in the wrong; in most nations, the wily citizen can still manuever to keep them at all times on the wrong side of the law.

The Nazi example shows that it is not neccessary that all laws be bad in order for a criminal regime to arise; it is only neccessary to enact a critical mass of really bad laws.

One of the great lies about what history doesn't teach us is the belief that "it can't happen here". That is precisely what most smart people were saying in Germany in the 1930s.

A bemused onlooker might well feel some puzzlement to see how at the very moment when some nations are struggling to throw off the oppressive weight of corrupt and ineffective dictatorial regimes, others appear to be rushing headlong, in some mad footrace of political self-destruction, towards a finish line marked "absolute dictatorship".

One of the very few statements I have seen at LQ which I can endorse without reservation.

Lets please discuss this. My understanding of current encryption technology is that the the "secret is in the sauce" so to speak. The techniques are known, well publicized, and to the minds that comprehend them, elegantly simple algorithms. However, they are based upon randomness and remainders of operations performed on factors of very large numbers. As the RSA algorithm was once explained, if I tell you the result is 100 and that it is the product of two integer numbers, did I use (1,100), (2,50),(4,25), (5,20), (10,10), etc. My understanding is that there is not a "master key" built into the system, please, enlighten me if I am wrong.

I am also reminded of one of the most profound statement's from Geo. Orwell's 1984 that effectively said that as Big Brother (via the TV) MIGHT be watching you, but yet MIGHT NOT had the maximum psychological effect. If you knew that you were always or never being observed, your behavior would be decidedly different than if you might be. This actually works both ways. If ALL of you traffic were encrypted, the need to monitor it would be different than if some of your traffic were.

There is also the reality that the encryption places a physical load on the system that, to the operators of forums such as LQ, it isn't worth the cost. I believe that they take reasonable precautions, such as encrypting the password login process, or at least use sufficient hashing to protect their member base against 99.999% of the threats. It comes down to a matter of resources and diminishing returns to gain that extra security. As an example, as I have mentioned, we run a small business operation that makes and sells hand made, tie dye clothing and I host and run the servers for the business. With regards to most of the traffic, such as viewing the current in stock inventory and looking at the pictures and descriptions of the product, there is little need or benefit to encrypt the data stream. When the time comes to make a purchase, however, and provide your shipping and billing information, this in another matter. For support in these instances, I will have paid a 3rd party to perform a background check and attest to the fact that we are a legitimate business. I have also agreed with other parties to record as little information as necessary and to safeguard as much as possible that which I do retain. Are these parties susceptible to coercion or MITM type situations, yes, but the risk to the average customer that the business is a fraud is greater - hence the benefit of these organizations.


Yes, and I have honestly tried to keep it on topic and at least relate it back to current, computer security issues. For example, my above discussion of the benefits of the SSL system and my request to discuss the strengths and weaknesses of current PKI implementation and what you would recommend that we do differently.

Perhaps it is and perhaps I am scheduled a session with the $5 wrench and perhaps there are things that I am not willing to say publicly both out of concern for my own well being and because I respect LQ and recognize that it isn't the place for it. It is an unfortunate reality these days, but one must be careful of what they say online. The main stream media even, has been full of examples of this. One doesn't have to fear a gestapo to be rightly concerned about this.

@Noway2:

Thank you for not invoking the Code Duello because I charged you with "naivety", which was a poor choice of words. Let me try again.

Good citizenship requires that citizen should try to keep abreast of current events, but we live in a complex world, which seems to spin ever faster even as it shrinks further. There are no longer enough hours in the day to read the news, much less the whitepapers.

It is in the interest of the state that citizens should acquaint themselves only with propaganda, but it is in the best interest of the nation that citizens should acquaint themselves with the nearest approximation to the truth. And the question of who is or is not permitted to read this or that is intentionally muddled, as you know. For these and other reasons, it is all too easy for the modern Surveillance State to threaten its IT professionals with ill consequences for their careers (or being brought up on charges of treason, or worse) should they exhibit "inappropriate interest" in reading the news.

And as in a perfect storm which swallows all good information in a vortex of debris and confusion, these changes are occuring at a time when muckraking journalism seems to be carried out only by amateurs who enjoy (in most jurisdictions) even fewer legal protections than the professionals.

Worse yet, the issues we are trying to discuss are particularly intricate, and in some respects very novel, and thus hard to explain without the detailed presentation of real world examples. And in other respects, the precedents are extensive, but their history is lengthy yet little known. So in regard to these issues, it is easy for the propaganda organs of the state to misinform and misdirect even well-educated citizens. But we lack even the time to write or read summaries of background information, or even lists of links.

So what is the good citizen to do? Do these lamentations sound the death knell of technodemocracy? I hope not. Perhaps there will arise technological solutions to the problem of ensuring that ordinary citizens are well informed, but I am presently unable to suggest more than a vague hope for the future.

I think we understand each other.

Even Sauron shivered, and in that instant he blinked. The secret policeman feels on the back of his neck the hot pant of history urging him towards his just fate. Agents of world domination: your Hague awaits.

Not wrong so much as... not the whole truth.

I decline to instruct the opposition in a public forum.

Forum moderators have stated that cost is not the obstacle.

You just expressed at least four beliefs which I would characterize as either wrong or experimentally disprovable, say no more, say no more.

GPG is useful for two things:

• privacy
• authentication

Contact me at the time and place and in the manner ... just bear in mind that I shall expect to come calling the Lamo in wolf's clothing.

This discussion is getting out of LQ bounds. I take it your last comments are in invitation to continue this discussion in a different venue? If, let me reciprocate by stating that my key is C3F5CF8D and it is publicly available. You will also find that my handle is part of the domain name, for either email address listed.

What is a good citizen to do?!

Understand the problem. (I've never seen Moyers so angry)

@Noway2:

Many thanks for your public key; now I must generate one and convey it to you. I have several ideas, but I must think on it, so please be patient. We need to work on the web of trust (your key is self-signed, as mine will be, so for the purpose of authentication, we should attend key-signing parties).

Yes. I've been warned against repeating myself, but I'll look for you.

@Quantumstate:

I'd like to discuss philosophies with you also, so the same hint applies.

The American journalist and former PBS commentator? Who is he angry at and why?

It is, I suppose, no secret that Moyers and Lehrer are two prominent journalists who have ties to both PBS and American spookery. Did that play some role in an incident which was widely reported last week?

@both:

I still think Rule 13 makes it difficult to discuss specific technological issues except in terms sufficiently ambiguous to make it appear that we are talking in jargon code. And that in any case, the political and legal issues must be defined before the we can wrestle with the technological issues.

But that said, I'd like to return to some issues you mentioned in passing (although I don't think we can say much about the last few items in public):

• How does the introduction of ipv6 affect Quantumstate's scheme? Any comments or thoughts on how to configure Tor relays for "safe" operation in the coming years?
• Have you investigated what crypto protocols are accepted by the Tor entry guards which are already operating? The wireshark filter
  
  Code:

  eth.dst == AA:BB:CC:DD:EE:FF and ssl.handshake.type == 1 and ssl.record.version == 0x301

  picks out the TLS v. 1.0 Client Hellos, which do appear to contain some unencrypted information, such as the cipher suites on offer. Those who seek to avoid using TLS connections with Tor will find, I think, no help at the Tor Project. Any ideas?
• Have you investigated suspicious Tor nodes? I have found it useful to combine various kinds of evidence, whereupon a consistent picture does seem to emerge. As a general comment elaborating on some points I made previously, the wary surfer confronts some difficult choices in deciding how to configure Tor clients. But not everything favors the opposition; they bad guys also face some difficult choices, and this can be used to monitor some of their surveillance activities.

And regarding MM's work on MITM attacks on SSL/TLS connections:

• Did you notice some strange activity involving a specific and fairly notorious Tor server on or about 15 March? There seems to be widespread agreement that this particular Tor server appears to be operated on behalf of the intelligence services of the most violent and lethal nation (currently) on Earth. I noticed that a few days later, a few independent journalists quietly cautioned that the events of that day might not be quite what the major news organizations rushed to assume. Maybe they noticed the same strange activity.
• Some "mistakes" made by certain organizations which have obtained genuine (but improperly issued) X.509 certificates appear to fit a pattern suggesting that "someone goofed" may be the transparent standard cover story which a variety of national and international organizations use to try (not very hard) to disguise the fact that they are deliberately messing with certificates for the purpose of surveillance.

And two further political musings:

My view of the ICC is more nuanced than my view of the secret police. On the anniversary of the Normandy invasion I may perhaps dare to express the cautious hope that several recent events might finally begin to undercut the rationale employed by the modern Surveillance State to "justify" harrassment, intimidation, secret arrests, kidnappings, secret judicial proceedings, indefinite detention without trial, torture, assasination, cyberwarfare, armed incursions violating the territory of sovereign nations, and who knows what else, by bringing government of the People by the People for the People to some regions which have long needed it. If so, recent events just might start the pendulum swinging back towards less unbalanced political mechanisms in some of the "democratic" nations which have been rushing pell mell towards absolutism. I hope so.

And as a general comment elaborating on a point earlier made by Noway2: the big picture which emerges from a study of Tor nodes suggests that the owners/operators of the backbone, the huge multinational spycos, and specialist spycos which do the dirty work for the intelligence services, all appear to be manipulating Tor in order to conduct blanket surveillance of Tor users, but with somewhat different goals. Sometimes the same company (one "telecom" springs to mind) appears to be deeply involved in all three kinds of monitoring, a supposition which is amply supported by Bamford's brilliant book The Shadow Factory. To my mind, such deeply incestuous intermingling of commercial, "law-enforcement" and "intelligence" ways and means of blanket and deeply intrusive universal population surveillance only increases the urgency of the troubling civil liberties issues raised by such activities. Which to my mind ranges from "just barely legal" through "untried in court but almost certainly illegal" to "clearly illegal". This raises another troubling question: in the 21st century, has the term "law-enforcement agency" become an oxymoron?

This is an important question, and some washington watchers whisper that is is currently being debated inside the Obama administration. Since so many states seem to slavishly follow the American example (using American technology), the outcome of this debate is likely to directly affect all citizens everywhere.

Peufelon you have to click on the link embedded in my remark.

Yes Tor was originally a Navy project and is supported to a degree by government apparatchik and is monitored by two major telecoms (as best they can, which isn't great). But the more independent operators who participate as relays, the better. Helps everyone.

I'm too old to be concerned about politics anymore. I made up my mind a long time ago, and many of my expectations were prescient. You are not American and so cannot see what is coming, and I've lost all interest in being concerned over such things. Apparently we have the government we deserve. Ever seen the movie, "The Sunset Limited"?

I see no movies. But I recognize the importance of the unrelenting and sometimes comical warfare between RIPAA and... basically everyone.

I hope you are right about that.

Indubitably. In my view, the operators of (legitimate) Tor nodes are the true heros of our time.

During the second half of the 20th century, I confess, I too had no interest in either politics or journalism. I read histories such as Tuchman's A Distant Mirror (on the disasters of the 14th century) merely for general interest and as a welcome distraction from the concerns of daily life. Came the day when to my astonishment and dismay, I was confronted with a reality unexpected, awesome, and harsh: we have the misfortune to be living in interesting times, fully comparable to the upheavals of the 14th and 18th centuries. Such events seem to occur every few hundred years; those who entered into this world not long after 1940 probably thought they had escaped the worst by an accident of good timing. Not so, and well might we rue the day.

I doubt that anyone will deny that we are currently witnessing an epic global power struggle, whose magnitude and far reaching significance can be compared only with such great events as the revolutionary struggles of c. 1775-1795. It is not a power struggle between Christianity and Islam (as a few would claim), but between The People and the ruling elite. The ideological struggle between citizens such as Mike Masnick and organs such as RIPAA is one aspect of this struggle between ordinary citizens and the centers of power. At stake is the question of whether the private citizen is to retain any privacy, or any control at all over his own destiny. Knowledge, they say--- and they are not wrong--- is power. The question is whether the ruling elite will concentrate into their possession all knowledge, and thus all power, or whether some balance is to be retained between the rights of the citizen and powers of the state. Between the economic interests of the wealthy and those of the common man. The question is whether or not the common man is to be a slave in all but name. (See Schama's book, Rough Crossing, and Winick's book, The Great Upheaval.)

One observes that a late lamented sheikh of ill repute never came close to replacing oppressive regimes in the Middle East and North Africa with a pan-Islamic theocracy. One notes two ironies concerning the consequences of the events he set in motion:

• He so terrified the Americans that (under the firm control of a malificient ruling elite which has forgotten the ideals of the Founding Fathers of a once great nation, and which seeks only to cynically further its own economic self-interest) they are well on the way to replacing a progressive democracy with absolutism, with other "democratic partners" hotly competing with the USA to see who can first achieve that fearsome goal. (Canadians desire a Patriot Act of their very own? O Canada!)
• His brothers in the Middle East and North Africa are currently struggling to replace repressive regimes with democratic governments which, if these new Patriots succeed, may ultimately resemble the Madison-Sherman model more closely than the Khomeini-Bradford model.

History is full of such ironies, which are no doubt better appreciated at the remove of several centuries.

It would be tiresome to repeatedly remind everyone that I recognize that these are only the opinions of one observer, or that history also teaches that those who have the misfortune to live during interesting times can never fully appreciate the later significance of the great events they witness. Such judgements will be the province of future historians, if any.

I agree with the earlier view that this discussion is getting out of bounds. I do not agree any political issues must be discussed before technological issues: this is not the forum for discussing politics (see the General forum) and the topic in no way mandates it. And as far as discussing potential LQ Rule violations goes I have offered the clear point that moderators will indicate transgressions. So please feel free to discuss what you need to (technical issues) and not what you shouldn't in this forum (politics).
Thanks in advance.

Well, the operators of Exit nodes, I should say. The fears out there about running an exit relay though, are overstated. Worldwide there are about two busts a year, with thousands of Exits, and all of those have gotten their equipment back once explained the Tor system. I run an exit node without concern, as the more there are of us, the better.


Dude. You are under 20, although are well brought up. Your English is good, and although it is your first language, you do use it as a barrier. Not to worry; it's OK to ask questions in a non-fascist environment. Study, man.


The struggle is lost, my friend. Moyers says it best, in my link above. Understand it, get used to it, and act accordingly.


And thanks for the reminder unSpawn, this won't get out of hand. If the goal is to have smart ppl around, a little leeway is sometimes in order.

@Noway2, Quantumstate:

I think Rule 13 killed this thread. But please see this thread in the General forum for another security-related topic which involves political issues (because of the nature of the expected threats).

sorta back towards topic, I think the key is a read-only system on a VM with as few services installed as possible. Linux Mag had an excellent article on the basic subject, focused on "disposable" systems. Such systems copied to a VM would be one implementation.

You misinterpret the LQ Rules and have not read and understood what I wrote.

[EDIT:
I hope I have now correctly decrypted Unspawn's instructions. We now return you to the original discussion, and thanks for your patience.]