This is happening to us here. I think they're doing it by using the "No true Scotsman" informal fallacy and other methods. We'd blame the hundreds of thousands of new users. I believe they've found a way to unwind this community. Nothing revolutionary will ever come from here (how could it?). I think the community has been compromised and that we won't find out until 50 years from now when most of us are dead.
This is how I feel after years of watching the community. I have no stake in it either way. I'm open to opposing views.
Thanks vermontdevil for finding the link. If in 1944 they had a field manual for subverting physical organizations, it's foolhardy to believe they don't have a field manual for subverting "online communities with up and down arrows."
And chat bots are now being powered by NLP.
Subverting an online community would not be difficult for anyone with some programming knowledge and a desire to learn.
The study in the link notes that detection is exceedingly difficult, and even then, in the case of Reddit, the Mods and Admins have negligible power to mitigate such attacks even if they do detect them.
And my favorite psyOps which is Military Memetics/Memetic Engineering only because there's a guy in the US Army in charge of 'Meme Warfare'. As for this community bikeshedding distractions and somebody coming along with bait to derail a conversation with illogical fallacies (trolling) isn't anything new happened on newsgroups since as long as I can remember.
But it formed an interesting question in my mind:
As much as I feel these disclosures are great and necessary, are they not inspiring and informing other (unsavory) nation states on great strategies and tactics to use?
I just wish they would publish this type of info and include how to defeat them.
Because the only thing they seem to say in response to these awful things is we're better than this, and it shouldn't be allowed whereas certain dictatorships would just laugh it off and say "Thanks, GREAT ideas!"
See also: https://www.reddit.com/r/videos/comments/4lmfmj/ceo_of_reddi...
Also, perhaps more importantly, why? What motive could "they"(the CIA, I guess?) have for diluting the conversations here? Your post reads as though there's some existing knowledge other readers are assumed to have about the context.
I think it won't happen because HN (like many or most communities) seems to be vulnerable to, for lack of a better term, "groupthink." Like when an article about a specific topic pops up and seemingly the entire community has already formed a specific opinion about it. It's nearly impossible to make a dent in it and most of us learn pretty quickly that the opposing view will be attacked, sometimes viciously.
> because of mismanagement and poor quality discussion
Not at all. My reference to the CIA paper (I'm guessing that's where the management aspect comes in) was an illustration of the types of things the intelligence community spends time fleshing out. I don't think HN particularly suffers from poor quality discussion or mismanagement.
> Also, perhaps more importantly, why? What motive could "they"(the CIA, I guess?) have for diluting the conversations here?
There are few large places where the influential tech community gathers to discuss topics of importance. In the same way that control over public opinion (propaganda) is beneficial to motivated parties, it seems reasonable to me that control over our opinions can be used.
Intranet and localhost services often have a lot of implicit trust in whoever can access them. They rarely have strong passwords, if any, for example.
Gaming this out a little bit, another interesting application of this technique could be to create a fairly accurate map of a Windows-centric private network. Example: Start with a bunch of known private network IP spaces, scan through as many IPs as possible, report back addresses that have open/closed/filtered ports.
It seems to me using these tools is enough in to provide a suspicion and thereby having the opposite effect than what they are intended for.
So essentially, using Chrome on Windows, though perhaps less secure makes you less likely to be targeted than using Tor on Windows or on Tails.
Philip Zimmermann was talking about encryption in general, but the same idea also applies to anonymity tools.
What if everyone believed that law-abiding citizens should use postcards for
their mail? If a nonconformist tried to assert his privacy by using an envelope
for his mail, it would draw suspicion. Perhaps the authorities would open his mail
to see what he's hiding. Fortunately, we don't live in that kind of world, because
everyone protects most of their mail with envelopes. So no one draws suspicion by
asserting their privacy with an envelope. There's safety in numbers. Analogously,
it would be nice if everyone routinely used encryption for all their email, innocent
or not, so that no one drew suspicion by asserting their email privacy with encryption.
Think of it as a form of solidarity.
I considered using Tor as my default browser but it felt like I was putting a big red target mark on myself even though I am not doing anything illegal. I would like encryption and obfuscation to be the status quo as mentioned in your quote - so it would be more of a passive protection and therefore less suspicious.
Tor itself says that it is not secure against advanced attackers with the state-level resources.
Do NOT use Tor if you're a state-level target unless it is on a system that's not sensitive and used for counter intelligence.
Secondly, the tails/TBB setup has a very unfortunate side-effect: it gives LEA a specific target they can aim for in terms of hunting for vulnerabilities and writing exploits. The situation is made significantly worse by the fact that firefox hasn't yet fully implemented a sandbox - hence why FF is rarely seen in pwn2own style hacking challenges; it's just not a difficult target.
UAE prisons, are also notorious hell holes devoid of any shred of humanity according to escort blogs who've been arrested there and forced to serve the mandatory 3 month sentence for prositution. People dying in the cells from lack of insulin or other medical treatment is common.
Case in point, attribution based on the skill of these attacks does not dox the attacker, but the end result of their attacks. Meaning these may not have been sponsored attacks, but someone farming intel to capitalize on.
For Internet Explorer, it attempts to create several
instances of ActiveXObject to get the versions of
Flash, Shockwave, Java, RealPlayer, Windows Media
Player, and Microsoft Office (classified as either
2003, 2007, or 2010).
For non-Internet Explorer browsers, it attempts to get
a list of enabled plugins from navigator.mimeTypes.
For all browsers, it captures the user agent, whether
cookies are enabled, the OS, the size of the browser
window, and the timezone. It classifies browsers into
different versions, denoted by letters, based on the
The script attempts to exploit an information leak in
older versions of Tor Browser. We explore the
technique used in Section 3.5.
For Windows browsers (except Opera, and versions of
Internet Explorer before IE9), it sends a series of
XMLHttpRequests to 127.0.0.1, which we believe are
designed to deduce if the computer is running any one
of several specific antivirus programs. The code for
this appears to be borrowed from the JS-Recon port
scanning tool.21 The creator of JS-Recon presented the
tool at BlackHat Abu Dhabi in 2010.22 We explore such
techniques in more detail in Section 3.6.
This may be enough information to produce a targeted attack.
They also used timing attacks against various localhost ports using XMLHttpRequest. This is enough to detect Avast, Avira, ESET, Kaspersky, and Trend Micro antivirus products