[cryptome] Re: [cryptography] To Protect and Infect Slides

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: Laurens Vets <laurens@xxxxxxxxx>,<cypherpunks@xxxxxxxxxx>, <cryptome@xxxxxxxxxxxxx>,<cryptography@xxxxxxxxxxxxx>
  • Date: Mon, 06 Jan 2014 12:32:55 -0500

Logs needed run the Internet steadily, securely and cheaply
are not what logs files have grown into: Bloated, malicious,
exploitive and very lucrative spying on users. This is why there
are thousands of firms providing log files exploitation programs
and services. Every product manufacturer touts its spying
capabilities through innocent sounding "log files" ostensibly
serving administrative purpose but then just below that claim
are the burgeoning other uses of maximizing profits.

Log files are metadata of the Internet, the tip of a giant
iceberg of metadata. This is the dirty secret, the family
jewels, of the Internet, carefully rationalized and guarded
by sysadmins. Sysadmins have become the traitors, or
patriots, of the Internet. Traitors against the public, patriots
for the powerful exploiters of the Internet.

Exploitation of bloated little known, behind the public
scene log files exceeds that of all search engines combined.
Exceeds offiical spying in all nations. Indeed, facilitates
spying in all nations for generous fees and to diffuse
understanding of how cyber spying works, who its
architects are, what is the architecture. Snowden hints
are this but so far only pretty facades have been disclosed,
the underlying operation apparently to threatening to "national
security" to be revealed to the public. Sysadmins just adore
being foundational to this architecture of deceit

The argument log files are essential to run the Internet is
a cover for the huge industry which goes right through that
tiny aperture of access to construct an unbelievable spying
operation, far more insidious than that of the official spies,
which as we know merely copy the industry and buy a small
number of its products.

At 11:42 AM 1/6/2014, Laurens Vets wrote:
On 2014-01-05 01:01, John Young wrote:
If your server or ISP generates log files, as all do, you cannot
be secure. If upstream servers generate log files, as all do,
you cannot be secure. If local, regional, national and international
servers generate log files, as all do, you cannot be secure.
So long as log files are ubiquitous on the Internet, no one can
be secure.
Log files are the fundamental weakness of the Internet
because system administrators claim the Internet cannot
be managed and maintained without them.
This is not true, it is merely an urban legend to conceal
the interests of system administrators and their customers
to exploit Internet user data.
There is no fundamental need for log files, except to
perpetuate the other urban legend, privacy policy, which
conceals the abuse of log files by web site operators
and their cooperation with "lawful" orders to reveal
user data, most often by being paid to reveal that
data to authorities, to sponsors, to funders, to
advertisers, to scholars, to private investigators,
to inside and outside lawyers, to serial cohorts,
cartels and combines, to providers and purchasers
of web sites, to educators of cyber employees,
to courts, to cybersecurity firms, to journalists, to
anybody who has the slightest justification to exploit
Internet freedom of information by way of phony
security, privacy and anonymizing schemes.
In this way, the Internet corrupts its advocates by
inducing the gathering and exploiting user data, .
It is likely your organizaion is doing this ubiquitous
shit by pretending to ask for advice on security.
As if there is any. NSA is us.

How would you monitor, maintain & troubleshoot administration & security issues on your servers if you do not have logs? Or are you talking about retention of said logs?

At 05:44 PM 1/4/2014, you wrote:
Hash: SHA256
On 31/12/13 21:13, Jacob Appelbaum wrote:
I'm also happy to answer questions in discussion form about the
content of the talk and so on. I believe we've now released quite a
lot of useful information that is deeply in the public interest.
All the best, Jacob
Hi people:
As most of the people around the world, I find really troubling all
these revelations. Of course we suspected this kind of shit, we just
didn't know the gory and surprising details.
I work in a libre-software e-voting project [0] which has been
deployed in some interesting initiatives already [1] and we strive to
make it as secure as possible [2], though our resources are currently
limited. Of course, anyone is welcome to join and help us.
Do you have any specific recommendation for securing the servers of
the authorities who do the tallying, in light of latest revelations?
it seems really difficult to get away from the NSA if they want to get
inside the servers.
Kind regards,
- --
[0] https://agoravoting.com
Version: GnuPG v2.0.22 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
cryptography mailing list

Other related posts: