[cryptome] Re: [cryptography] To Protect and Infect Slides
- From: In Harms Way <11414150173@xxxxxxxxxx>
- To: cryptome@xxxxxxxxxxxxx
- Date: Sun, 05 Jan 2014 13:37:48 +0300
Thanks for highlighting this again, John.
In my search I have come across several servers/hosters, who state
clearly that they do not keep any logfiles.
I guess your key point is not to ask if they generate logfiles, if they
state that they don't keep them (its obvious), but to ask how fast they
are destroyed.
How secure is one, if - let us say as integral part of a programme the
user operates with on the server - logfiles are generated but
immediately discarded?
Please elaborate.
IHW
John Young wrote, On 05/01/2014 03:01:
> If your server or ISP generates log files, as all do, you cannot
> be secure. If upstream servers generate log files, as all do,
> you cannot be secure. If local, regional, national and international
> servers generate log files, as all do, you cannot be secure.
>
> So long as log files are ubiquitous on the Internet, no one can
> be secure.
>
> Log files are the fundamental weakness of the Internet
> because system administrators claim the Internet cannot
> be managed and maintained without them.
>
> This is not true, it is merely an urban legend to conceal
> the interests of system administrators and their customers
> to exploit Internet user data.
>
> There is no fundamental need for log files, except to
> perpetuate the other urban legend, privacy policy, which
> conceals the abuse of log files by web site operators
> and their cooperation with "lawful" orders to reveal
> user data, most often by being paid to reveal that
> data to authorities, to sponsors, to funders, to
> advertisers, to scholars, to private investigators,
> to inside and outside lawyers, to serial cohorts,
> cartels and combines, to providers and purchasers
> of web sites, to educators of cyber employees,
> to courts, to cybersecurity firms, to journalists, to
> anybody who has the slightest justification to exploit
> Internet freedom of information by way of phony
> security, privacy and anonymizing schemes.
>
> In this way, the Internet corrupts its advocates by
> inducing the gathering and exploiting user data, .
> It is likely your organizaion is doing this ubiquitous
> shit by pretending to ask for advice on security.
> As if there is any. NSA is us.
>
> At 05:44 PM 1/4/2014, you wrote:
> On 31/12/13 21:13, Jacob Appelbaum wrote:
> > I'm also happy to answer questions in discussion form about the
> > content of the talk and so on. I believe we've now released quite a
> > lot of useful information that is deeply in the public interest.
>
> > All the best, Jacob
>
> Hi people:
>
> As most of the people around the world, I find really troubling all
> these revelations. Of course we suspected this kind of shit, we just
> didn't know the gory and surprising details.
>
> I work in a libre-software e-voting project [0] which has been
> deployed in some interesting initiatives already [1] and we strive to
> make it as secure as possible [2], though our resources are currently
> limited. Of course, anyone is welcome to join and help us.
>
> Do you have any specific recommendation for securing the servers of
> the authorities who do the tallying, in light of latest revelations?
> it seems really difficult to get away from the NSA if they want to get
> inside the servers.
>
> Kind regards,
>> _______________________________________________
>> cryptography mailing list
>> cryptography@xxxxxxxxxxxxx
>> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
>
Other related posts:
