[cryptome] Re: [cryptography] To Protect and Infect Slides

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: Eduardo Robles Elvira <edulix@xxxxxxxxx>,cypherpunks@xxxxxxxxxx, cryptome@xxxxxxxxxxxxx,cryptography@xxxxxxxxxxxxx
  • Date: Sat, 04 Jan 2014 19:01:41 -0500

If your server or ISP generates log files, as all do, you cannot
be secure. If upstream servers generate log files, as all do,
you cannot be secure. If local, regional, national and international
servers generate log files, as all do, you cannot be secure.

So long as log files are ubiquitous on the Internet, no one can
be secure.

Log files are the fundamental weakness of the Internet
because system administrators claim the Internet cannot
be managed and maintained without them.

This is not true, it is merely an urban legend to conceal
the interests of system administrators and their customers
to exploit Internet user data.

There is no fundamental need for log files, except to
perpetuate the other urban legend, privacy policy, which
conceals the abuse of log files by web site operators
and their cooperation with "lawful" orders to reveal
user data, most often by being paid to reveal that
data to authorities, to sponsors, to funders, to
advertisers, to scholars, to private investigators,
to inside and outside lawyers, to serial cohorts,
cartels and combines, to providers and purchasers
of web sites, to educators of cyber employees,
to courts, to cybersecurity firms, to journalists, to
anybody who has the slightest justification to exploit
Internet freedom of information by way of phony
security, privacy and anonymizing schemes.

In this way, the Internet corrupts its advocates by
inducing the gathering and exploiting user data, .
It is likely your organizaion is doing this ubiquitous
shit by pretending to ask for advice on security.
As if there is any. NSA is us.

At 05:44 PM 1/4/2014, you wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 31/12/13 21:13, Jacob Appelbaum wrote:
> I'm also happy to answer questions in discussion form about the
> content of the talk and so on. I believe we've now released quite a
> lot of useful information that is deeply in the public interest.
>
> All the best, Jacob

Hi people:

As most of the people around the world, I find really troubling all
these revelations. Of course we suspected this kind of shit, we just
didn't know the gory and surprising details.

I work in a libre-software e-voting project [0] which has been
deployed in some interesting initiatives already [1] and we strive to
make it as secure as possible [2], though our resources are currently
limited. Of course, anyone is welcome to join and help us.

Do you have any specific recommendation for securing the servers of
the authorities who do the tallying, in light of latest revelations?
it seems really difficult to get away from the NSA if they want to get
inside the servers.

Kind regards,
- --
[0] https://agoravoting.com
[1]
http://www.theguardian.com/world/2013/sep/11/joan-baldovi-spain-transparency-bill?CMP=twt_gu
[2]
https://blog.agoravoting.com/index.php/2013/01/03/agora-a-virtual-parliament/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlLIjtMACgkQqrnAQZhRnaqPhwEA8DWIYkdp4gyC4uo6asng0Olc
1viSsZazIcv1TC9w8S4BAN0Q+iZ7boZOconhKCBBfele9Im9/+0Dt0j/M+ySVeQ7
=e6ab
-----END PGP SIGNATURE-----
_______________________________________________
cryptography mailing list
cryptography@xxxxxxxxxxxxx
http://lists.randombit.net/mailman/listinfo/cryptography



Other related posts: