Hacker News new | comments | show | ask | jobs | submit login
Julian Assange: Cryptographic Call to Arms (cryptome.org)
355 points by gbrindisi 1359 days ago | hide | past | web | 261 comments | favorite



I think this is very relevant here - interview with the NSA whistleblower, William Binney, on how NSA is storing every post people are making online, so they (and FBI) can use it later:

http://www.youtube.com/watch?v=TuET0kpHoyM

No wonder NSA and FBI want warrantless access to private companies by lobbying for new laws like CISPA, and trying to build backdoors in services like Facebook, Skype, Twitter etc. They want to know absolutely everything you do online, besides your public posts:

http://www.wired.com/threatlevel/2012/05/fbi-seeks-internet-...

I don't know if they are doing it out of malice/power grabbing/control, or purely as a way to make their jobs more "efficient". But their #1 priority should always, always, be respecting the Constitution, and not trying to skirt around it. And I think they've forgotten all about that long ago.


"But their #1 priority should always, always, be respecting the Constitution, and not trying to skirt around it. And I think they've forgotten all about that long ago."

That's the irony of the whole American security apparatus. They are in place, nominally, in order to protect American citizens rights to live with the freedoms inherently granted to them by the Constitution.


This doesn't detract from your point, but I thought I should correct something just because there are a lot of overseas readers here who might not be very familiar with the US Constitution:

The Constitution does not grant freedoms to citizens. Instead, it delegates specific powers from the citizens to the federal government.


^ This -- nailed it.


I think the point is democratic states should (need) not have intelligence agencies with unlimited powers. They corrupt the state as they establish themselves as a central pillar of power (next to the military and the government).

They don't even have any historical roots in western political systems. The country with the claim to that is Russia (http://en.wikipedia.org/wiki/Okhrana), where they were commonly used to quell internal unrest and combat opposition.


The role of an internal secret police goes back at least as far as the Roman Frumentarii[0] and I think you can trace a direct lineage from Walsingham's[1] operations to the CIA/NSA.

[0] http://en.wikipedia.org/wiki/Frumentarii [1] http://en.wikipedia.org/wiki/Francis_Walsingham#Entrapment_o...


> their #1 priority should always, always, be respecting the Constitution

Presumably their #1 priority can be specified in a more rational way without random worshipping of some old document? Other countries, not blessed with the Constitution of the USA, also have intelligence and law enforcement agencies.


No. The Constitution defines the proper form and responsibility of American government. If the Constitution falls, we no longer have legitimate government. That's historical fact.

Other governments' law enforcement agencies follow the laws of their own countries (or don't). Are you saying they shouldn't do that?


Right. The point of a Constitution or whatever is to have some kind of law to follow. You don't need to worship it, it's just your axioms of government. That's your "rational way" of specifying priority #1.


oelewapperke (who is suffering from one of the worst cases of hellbanning I have seen here) wrote:

Weird that nobody realizes that the constitution does say that the government not only has the right to violate any (other) law to violate the constitution, but actually has the duty to do so. To protect the constitution (and it's application within it's jurisdiction), the president (ie. the government) has the right AND the duty to violate ANY American law except clause 1 and 2 of the constitution. To put it plainly : the ONLY thing the president cannot do to defend the constitution is to mess with elections. That's it. It also states that the president is the person making the assessment if an action is necessary (and thus, not the courts, though of course, the president can be removed from office for making a decision that either congress or the courts think was not reasonable. That does not change the fact that the president cannot be punished for implementing that action. The maximum penalty for any crime for the president is impeachment, unless this is specifically extended by congress). This is because article 2 of the constitution overrides every other law in the US, except article 1, including all following articles and amendments. If you think this sequence is by accident, you should talk to a lawyer about things like this. Sequence in laws, and the principle that earlier rules override later ones is extremely well established technique of law. What everybody seems to think these laws state, that you have extensive rights without any qualifications whatsoever, is just plainly not true. If you are a danger to the application of the US constitution within US borders, the president is not bound to any standard, nor does he have to respect any form of human rights in his attempts to stop you from doing so. If you think it is better in European states, think again. Specifically, read what the Dutch monarch is allowed to do (e.g. she can have someone killed - both her and the actual murderer go free, she can confiscate any amount of property - with no legal recourse for anyone, etc.). Similar things are true for other Euro countries.


oelewapperke 5 hours ago | link [dead]

Weird that nobody realizes that the constitution does say that the government not only has the right to violate any (other) law to violate the constitution, but actually has the duty to do so.

To protect the constitution (and it's application within it's jurisdiction), the president (ie. the government) has the right AND the duty to violate ANY American law except clause 1 and 2 of the constitution. To put it plainly : the ONLY thing the president cannot do to defend the constitution is to mess with elections. That's it. It also states that the president is the person making the assessment if an action is necessary (and thus, not the courts, though of course, the president can be removed from office for making a decision that either congress or the courts think was not reasonable. That does not change the fact that the president cannot be punished for implementing that action. The maximum penalty for any crime for the president is impeachment, unless this is specifically extended by congress).

This is because article 2 of the constitution overrides every other law in the US, except article 1, including all following articles and amendments.

If you think this sequence is by accident, you should talk to a lawyer about things like this. Sequence in laws, and the principle that earlier rules override later ones is extremely well established technique of law.

What everybody seems to think these laws state, that you have extensive rights without any qualifications whatsoever, is just plainly not true. If you are a danger to the application of the US constitution within US borders, the president is not bound to any standard, nor does he have to respect any form of human rights in his attempts to stop you from doing so.

If you think it is better in European states, think again. Specifically, read what the Dutch monarch is allowed to do (e.g. she can have someone killed - both her and the actual murderer go free, she can confiscate any amount of property - with no legal recourse for anyone, etc.). Similar things are true for other Euro countries.


They don't mean to grab particular information about every individual. They want to ensure completeness of their data mining results.


You know, people keep repeating this assumption that the NSA stores every post that people make online. Maybe someone should do a quick back of the envelope calculation to see how feasible that actually is?

My guess is that it's nowhere near possible given the amount of network traffic coming into/out of the US and current hard drive storage technology. IMHO the extreme amount of volume and limitations of storage space should create a necessity to be at least somewhat targeted in scope.

Not sure why people don't use common sense a bit more often...


> the extreme amount of volume and limitations of storage space.

Speak for yourself then. I've already got 10TB of storage at home in a case the size of a shoebox. It's got my entire life in it (at least every file I've created since university), but most of it is storing my movie and music collection. So, realistically your entire life can fit in a 1TB drive once you exclude videos and transcode audio. 2-4TB if you're a person of interest.

Do know that 1 Backblaze 4U-server holds 135TB. They are building a datacenter in Utah with 100,000sqft[1] of rackspace. 20,000 racks per floor (I don't know if there are multiple stories) gives you 29.7 petabytes if they used a Backblaze solution.

So yes, if the US govt wanted to record everything you did everyday they are more than capable of doing it, now.

[1]http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/


They are sitting on at least an Exabyte. With multiple-Yottabytes of traffic.


You're right, I'm off by a few magnitudes. 29.7 exabytes if they use every square foot for servers JBOD. And that is with current disk tech.


So somebody else should do a calculation, and based on the result of that calculation which you didn't do, people should use common sense more often?


You know, people keep repeating this assumption that the NSA stores every post that people make online. Maybe someone should do a quick back of the envelope calculation to see how feasible that actually is?

Think of Google. The have downloaded and stored lots of the internet. How else can they search it?

So if we know at some level that it's possible, could the NSA do it?`


I wonder how many times goatse.cx appears in that database.


Forget about the Constitution. Rather, they should respect basic human rights and the principles of the Enlightenment. All this focus Americans put on their Constitution makes it easier for their government to become oppressive, because it encourages complacency. As though you could write the perfect set of laws, that you could define the perfect set of operating principles for your government, and in that way free yourself of tyranny forever and guarantee a free and open society for you and all your descendants. No, the price of liberty is eternal vigilance.


Forget about the Constitution. Rather, they should respect basic human rights and the principles of the Enlightenment. All this focus Americans put on their Constitution…

It's part of the American mythos/story/narrative, that the USA constitution/bill of rights/founding fathers were some sort of genius people who were the first to come up with this brilliant and perfect text.


That's not it at all. "Basic human rights and the principles of the Enlightenment" have no position in American law while The Constitution is the foundation of all American law and of the actions of American law enforcement people.


Yes, legally the US constitution is king. However the US constitution was not the source of the idea that "all men are created equal" or that "no-one shall be imprisoned unless they get a fair trial", these ideas predate the US consitution.


I don't disagree, but courts are much more likely to enforce laws that are written down and (implicitly) agreed to by US agencies.


If you take a glance at the development of Constitutional law you realize the document itself is largely meaningless. What matters is the progression of SCOTUS cases that interpret a simple archaic document in order to apply it to a massive, complex government.

It's quite easy for a Supreme Court to rationalize the disposal of civil liberties. Look at air travel. The argument is that people are consenting to the invasive searches because they are choosing to fly; never mind that flying is basically the only reasonable way of getting across this giant country. They can say the same thing about the internet. "You are consenting to use the option of internet based communication. If you want privacy, speak in person."


You don't even need to pick modern things like air travel.

The US consitution & bill of rights were fine with the slavery, racial segration, denying women the vote, denying men without property the right to vote, legal sexism, etc.

You're right that it's all about how it was interpreted.


(in case anyone missed the reference, "the price of liberty is eternal vigilance" is attributed to Thomas Jefferson)


Insightful. I'm curious as to what you think are the basic human rights and the principles of the Enlightenment.


An easy way is to read history, and see what things were like. It's amazing how many things that seem common sense and accepted now are from the enlightenment.

* Democracy. That one's obvious. Universal adult sufferage regardless of sex, race, creed, property ownership. We all know about "women getting the vote", but men without property used to not have the vote, catholics/prodestants/muslims/jews (delete as appropriate) used to not have the vote. Race based voting restrictions are similarly common. Some countries allow restricting voting based on criminal record (USA) other's done (most of europe), some countries prevent current criminals being elected (UK did this after some IRA terrorists were getting elected).

* Inherent rights. Who gives you your human rights? The Crown/State? So can they take them away? Does everyone have rights? Or just people/men of the right colour/creed/aristocracy? Does everyone have the same rights? No. We view that everyone has rights all the time that cannot be taken away.

* Rule of law. You/anyone should be able to know what the law is. The crown/state cannot just make up a vague law that only they can interpret. Laws cannot apply retroactively. The law should apply to everyone. It should be wrong if a certain law doesn't apply to the local lord, but it does apply to you.

* Fair trials. It's wrong that the crown/state alone gets to decide guilt/innocence, there should be an independent trial. You are allowed to argue your case. You are allowed appeal. The jury cannot be punished for how they decide your trial. You should be presumed innocent. You cannot be locked up unless you have been tried.

* Constitutionalism. There should be a document that overrides the crown/state and defined how the state works. It should list what powers the state/crown has. The King/state is not allowed to just do whatever it feels like. (Fun fact: Nazi Germany, the USSR and the USA have/had constitutions. The UK doesn't really. :P )


Can't speak for the OP, but the Declaration of Independence is a short, punchy summary of those things. You probably are familiar with some of it even if you aren't an American simply by virtue of being an English-speaker:

"We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.—That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, —That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness."

I recommend reading the whole thing if you have five minutes. It's a very fine piece of writing, and there are a lot of interesting details that most Americans either willfully ignore or fail to notice:

- Safety is mentioned in the first paragraph as a reason for government to exist.

- Many of King George's offenses will sound very familiar to us as things our government does today: maintaining standing armies, levying taxes, etc.

- Many of those offenses also have the phrase "without our consent" in them, which tends to be missed by people who bring up that second point.

- One of the offenses listed is limiting immigration. Whoa buddy!

The ending is a quite powerful summary of the rights of the state and probably about a thousandth as well known:

"We… solemnly publish and declare, That these United Colonies are, and of Right ought to be Free and Independent States… and that as Free and Independent States, they have full Power to levy War, conclude Peace, contract Alliances, establish Commerce, and to do all other Acts and Things which Independent States may of right do."

It's worth noting that interventionism doesn't seem to be on that list, even though we wouldn't even make it 40 years into countryhood before that changed.

So I think the OP and Chris are both right. The court cannot be expected to "defend liberty" outside the legal framework; they're beholden to the Constitution and the rest of the law. There is the "black ice" problem of case law, and the citizenry are going to have a very poor command of that, and that's just a fact. But the OP is right that it is the citizen's job to defend their own liberty as best as possible. The problem with that perspective is that resisting the government carries a price and most government infractions are not significant enough to pay that price. If you take that philosophy to the extreme you wind up with a Ruby Ridge scenario where a lot of people die because they misunderstand the founding fathers' opinions of taxation.

I also think we should have some awareness of the level of crap King George visited on the colonies as described in the Declaration. He wasn't merely taxing them, he was essentially waging war on them from within and without. Even with all that there were still significant numbers of loyalists in the colonies. We like to imagine that Britain raised taxes and we joined together as one to secede the next day. The way it played out on the ground was much messier.


Does it matter? I'm not debating the principles of the Constitution here, but rather the American focus on the document rather than the principles themselves.


I don't think the principles are common knowledge. Of course they matter.


I think his deflection of your question suggests he was using them as rhetorical literary devices.


Insightful. ;)

Yes, I was surprised by his responses, I thought his initial remark was great, but people mean quite different things by those lofty abstractions.


How about the both of you rub those brain cells together and see if you can organize a cogent point. Otherwise, piss off.


So much for insightful.


The FBI's actions aren't in any way different then Google. Who also crawl the Internet and download every post people make.


I'm sorry, but you couldn't be more wrong. The NSA's dossiers are automatically being built from data they're getting via the expensive hardware they forced telecom companies to install, not scraped data from the web.

If your email, or SMS, or voice call, or fax, or IM, or whatever else they care about and know how to parse, ever goes through any of their boxes, it's stored and associated with your entity forever, and may be used to glean unknown levels of insight about you, or used against you in criminal cases.


Sure they aren't, the difference lies on what they do with the data.

While Google will use that data to show you harmless text advertisement, the FBI might use it to backup a phony case against you, that can ultimately put an end to your freedom.

I'd say that's an incredible difference. Wouldn't you too?


Still, you cannot know everything they do with that data. They show us the advertises, but what else are they doing? What guarantees do we have that they do not sell or give out information?

I'd stay both sides are bad. We may see them as completely different things, but you have to agree, in both sides, what we see is just the tip of the iceberg.


Yes, both sides are bad.

But only one of these can lock you up in jail for whatever reason they want whether or not you're guilty. Besides, if you want to avoid having your data collected and possibly sold without you conscent just stop googleling your thoughts.

Now, the real question. How to avoid governments taking over our rights?


First, recall that states are systems through which coercive force flows. Factions within a state may compete for support, leading to democratic surface phenomena, but the underpinnings of states are the systematic application, and avoidance, of violence. Land ownership, property, rents, dividends, taxation, court fines, censorship, copyrights and trademarks are all enforced by the threatened application of state violence.

As if we lived in a halcyon utopia prior to that. I can't buy into Assange's Manichean view of government, given the pre-governmental state of society as war of all against all, qua Hobbes: "In such condition there is no place for industry, because the fruit thereof is uncertain, and consequently, not culture of the earth, no navigation, nor the use of commodities that may be imported by sea, no commodious building, no instruments of moving and removing such things as require much force, no knowledge of the face of the earth, no account of time, no arts, no letters, no society, and which is worst of all, continual fear and danger of violent death, and the life of man, solitary, poor, nasty, brutish, and short."

Back when Wikileaks first came to prominence, it exposed malfeasance by private actors as often as states, notwithstanding the desire of those private actors to keep their doings private or even encrypted; Trafigure being a prime example (http://en.wikipedia.org/wiki/Trafigura).

States can certainly be destructive of liberty, but the absence of a state (either literally or by legal limitation ) does not necessarily yield liberty; often it results in mere libertinism.


Your argument is a non sequitur: states are necessary, therefore states are not systems through which coercive force flows.

If you want to argue that states are necessary, fine. But call a spade a spade. Can you imagine a state that doesn't wield violence? That's what a state is.

The lack of clarity on this issue leads to a lot of bad conclusions. When we argue that the state should solve any particular problem, we are explicitly saying the problem needs to be solved by coercive force. Maybe that's necessary. But let's not have any illusions about how states work and how laws are enforced.


Your argument is a non sequitur: states are necessary, therefore states are not systems through which coercive force flows.

I did not say that at all. I am OK with states being systems through which coercive force flows, because I think channeling and supervising said force usually results of less of it flowing than otherwise would.

Can you imagine a state that doesn't wield violence? That's what a state is.

It's hardly the only distinguishing feature. States also build infrastructure, promulgate laws, provide forums for resolution of disputes and so forth. Your argument as made here is both narrow and immature.


I believe his point is that taken to its logical conclusion, states are able to do all of the things that they do because there is inevitably the consequence of violence for non-compliance. All of your examples result in violence for disobedience: destroying infrastructure, breaking laws, ignoring subpeonas. A core idea is that property ownership requires the threat of violence to work; don't pay your rent but don't move out and the sheriff will show up sooner or later. Do you have an example of something a state does that is not actually supported by its power to wield violence?


Violence is a valid perspective through which to understand all that a state is. This is true. The existence of the state is to provide mechanisms to regulate violence so that it can be directed in a moderately controlled fashion; this has been true from village chieftains to imperial legions to the FBI and KGB.

This can be a useful perspective, but it's rarely actually used to any intellectual benefit: people generally bring it up only as an excuse to dismiss the concept of statehood as worth exploration, because we've internalized the notion of violence as bad. It's just libertarian fear-mongering, and it drives away discussion of real issues of violence from the public arena into the private backrooms of government where we don't have a say because we act like a lynch mob when it comes up.


I think it's important simply to be aware of how things work. I certainly wasn't advocating libertarianism or even any other political position.


The thing is that the violence-based perspective isn't "how things work". It's simply one way to explain how things work, and it's a wildly ineffective one with a bare minimum of explanatory power: enough, mostly, to set up a false dichotomy between "bad violent people, i.e. amoral men in black with guns" and "you, who are totally not a violent person but would be only if forced, right?"


I didn't say that the violence-based perspective is how things work, I said that it's important to understand how things work and the implication there in my mind was that the violence-based perspective is an important part of that. I thought it was just too obvious to mention that there are many lenses through which to see the world.

For me, the way to refute Assange's point that states depend on violence and are therefore bad is not to say no they don't, or that that's not a useful perspective, but rather, "Look at the wondrous things we can build using our ability to marshal force effectively."

When I first heard about this violence-based perspective, it threw into question the notions of society and in particular human rights that I had from my high school education, because as you say, we have this internalized notion that violence is bad.

But now that I understand that rights really are just agreements between people that are brought into existence by violence, it actually makes me glad to have this violence around, and I don't see it as a universally bad thing. Nevertheless, I would prefer a society in which there is as little violence as possible, but I'm not by any means convinced that the answer there is "less state".


Regardless of whether a state exists or not, the only meaningful definition of "property" includes a threat of violence. It is not meaningful to say "this is mine" without the implied threat of violence against those who would take it - whether carried out by the individual themselves or outsourced to the local emperor.

Without property there is not commerce, there is not agriculture, no civil growth and development to speak of.


There is a difference between defensive violence and offensive violence. For example, do you believe that you own your body? I do, and I would defend myself if necessary. I would only use violence against those that are threatening me though. If you hold that you own your body, then by extension you own the output of the things you create with your body.

There has been much thought on this line of philosophy, it's called the non-aggression principle (https://en.wikipedia.org/wiki/Non-aggression_principle)


As for your first paragraph, of course. I was just pointing out how things are with states, but you're right that for property it extends to individuals. As for your second, communism begs to differ, but it hasn't done so admirably in the world...

http://dbzer0.com/blog/private-property-vs-possession

It would be nice if a society could exist that wasn't reliant on violence and also not suck, but I'm not sure if it's really possible.

Oh and "this is mine" has meaning in the context of a relationship where one party will simply be upset if the object is taken and the other party cares enough about them not to take it for that reason, even though there is no threat of violence if they do. This is how many couples and families work.


All kinds of organizations and people build infrastructure; churches and companies also promulgate laws and provide dispute-resolution forums. What distinguishes the state from other organizations that perform similar tasks is that the state holds a monopoly on (legitimate) violence. This is not a "narrow and immature" point of view; this is the normal definition. Quoting Wikipedia:

The most commonly used definition is Max Weber's,[6][7][8][9][10] which describes the state as a compulsory political organization with a centralized government that maintains a monopoly of the legitimate use of force within a certain territory.


Churches and companies don't promulgate "laws", they promulgate "rules." Rules have consequences to breaking them, but these consequences may vary widely in effect on the individual. A priest can try to make you feel guilty for breaking the religious edicts of his church, but if you don't consider his self-proclaimed authority in your life to have any basis, then guilt will be an ineffective consequence for breaking the rule. Companies, similarly, can fire you for breaking their rules, and while this deprives you of money and possibly opportunities, it does not deprive you of your life or freedom.

In short, the authority of these private organizations are opt-out, while the authority of the state is not.

It's circular logic to say that a state has a monopoly on only legitimate violence since it's the same state which defines which violence is legitimate and which is not. Can you think of any organizations that successfully exercise a monopoly on illegitimate violence? Successful states do not allow such activities to continue for long.

A state is, as others have already said, simply a political institution which exercises a monopoly on violence and determines how to apply it within its political domain.


It sounds like you think you disagree with me but I can't tell why. (Except for the semantic hairsplitting at the beginning, which is simply mistaken, but unrelated to the rest of the discussion.)


Perhaps a good intuition pump is how we react when this breaks down. If some group within a state's borders is using violence (i.e. sending soldiers to attack skyscrapers in another country), the attacked country has a cassus belli against the harboring country.

This feature is so critical to how the modern system treats territorial integrity that we sometimes refer to states which can't control violent groups within their own borders as "failed states."


Was this example really necessary? You basically said: If terrorists (who, by the way, happened to travel to Afghanistan once) attacked the WTC, the US have a casus belli against Afghanistan.

See, the reason why the war in Afghanistan is controversial is precisely because it is not clear that a country has a casus belli against another country if there is a (remote) connection of offenders to that country. In fact, the pilots lived and planned most of the plot in Germany.

A better example of a failed state would be the results of the war on drugs in Mexico.


> Can you imagine a state that doesn't wield violence? That's what a state is.

That's part of what a state is, but it's more than that. A state is a violent organization that has managed to convince the vast majority of society that its violent actions are acceptable. In any conceivable society (state or no state), you will have violence. The difference between "criminals" (druglords, thieves, rapists, etc.) and "government" is that the vast majority of society condemns the violence of the former but accepts (and often even praises) the violence by the latter.


> A state is a violent organization that has managed to convince the vast majority of society that its violent actions are acceptable.

Got that a bit backwards there. A state is a violent organization formed by society meant to enforce the rules of said society. We prefer the state to criminals generally because we have some say in how the state works or find its rules preferrable to the criminals.


We as individuals don't have a say in how the state works in any meaningful way. There is absolutely no difference, in practice or theory, between a "criminal" busting down my door or a "DEA agent" busting down my door. The fact that >50% of society supposedly approves of the "DEA agent" is no consolation and certainly no justification to the victim.


You can vote, and that is proportionally meaningful. Want more say, convince more people to agree with you.

You have zero say about anything criminals do.

There is a vast difference.


That's simply not true. The odds of my own actions being able to prevent or interrupt a common criminal are vastly higher than the odds of a single vote affecting the outcome of any but the smallest local election.

Again, proportions simply do not matter to the victim of violence. Like I said, if DEA agent busts down my door and shoots me, it is absolutely no consolation or justification that >50% of voters approve of drug prohibition. If you propose the question "is it okay for a robber to take 30% of my paycheck as long as 51% of my community is okay with it?" most people will say "of course not!," but if you propose the exact same question, but with "a robber" to "the government," most people will say "yes of course that's okay."


> The odds of my own actions being able to prevent or interrupt a common criminal are vastly higher than the odds of a single vote affecting the outcome of any but the smallest local election.

I'm not talking about a crime; I'm talking about government rule vs warlord rule. And the issue is which most people prefer, not which allows you a better chance to disobey.

> Again, proportions simply do not matter to the victim of violence. Like I said, if DEA agent busts down my door and shoots me, it is absolutely no consolation or justification that >50% of voters approve of drug prohibition.

It absolutely is consolation and justification for the majority of people who support that policy. You might not like it; but individual liberty is not unlimited and the will of society, right or wrong, beats the pants off any other form of government we've found.

> If you propose the question "is it okay for a robber to take 30% of my paycheck as long as 51% of my community is okay with it?" most people will say "of course not!," but if you propose the exact same question, but with "a robber" to "the government," most people will say "yes of course that's okay."

The robber is taking something without giving something back; the government is taking their share of your wages for services rendered to you as a citizen. Completely different situations.


> It absolutely is consolation and justification for the majority of people who support that policy.

Yes, but not for the victim of the policy. Slavery used to be approved by the vast majority of society.

> You might not like it; but individual liberty is not unlimited and the will of society, right or wrong, beats the pants off any other form of government we've found.

I don't like it, and I don't want to replace it with another form of government. My whole point in this thread has been that government actions are indistinguishable from actions which are widely accepted to be crimes, except that government has convinced society that its actions are acceptable.

> The robber is taking something without giving something back; the government is taking their share of your wages for services rendered to you as a citizen. Completely different situations.

Fine then, change my analogy to a robber that takes 30% of your paycheck, uses part of it to blow up some people in other countries, part of it to feed the poor, part of it to pay prison companies to contain nonviolent criminals, and part of it to build some roads.


> except that government has convinced society that its actions are acceptable.

Government is society, we are our government, it is not some entity that has tricked everyone. It does what it does because open your eyes and look around, people want it doing those things.


But you're still just saying that violence is fine as long as >50% of society approves of it. And that's being gracious, since there's no reason to actually believe that >50% of society approves of the actions of the government.


Violence is a natural and inevitable human trait, and is not necessarily wrong. There are times when it is OK, and is even the right thing to do. What better way to determine what those times are than democratically?


How do you measure the is-ness of the state? By it's budgetary expenditures? Many existent states (like Canada) have relatively small military budgets. For them, wielding or even threatening to wield violence is not their primary reason for being. Their primary reason for being is to ensure the health and welfare of their citizens, and they do so not by threat of violence, but by collection and distribution of taxes and passing of laws.

The vast majority of people in most democratic societies do not require the threat of arrest and imprisonment to follow the majority of laws. Assuredly there are minor disagreements about which the validity of certain laws, and many people cheat a little here and there. But when the majority of citizens believe that the majority of the law, and the state which imposes it, is unjust, you have an authoritarian government, and a revolution is inevitable.

It might also be worth noting that even if, based on budgetary spending, the US government is primarily an institution of the force and its display, most of that is happening outside of US soil. Most of it, in fact, is deployed in protecting sea lanes for the benefit of shipping and the people who rely on it: namely, everyone on Earth. I'm not American, and I don't like everything about America, but I'm damn grateful for the fact that the American government is funding the security of the machinery which keeps food and goods flowing around the world, since a lot of people where I live (Canada) would have difficulty surviving the Winter (and maybe even in Summer) without it.

To what extent global commerce and trade are just or unjust is another question, but I suggest it can be addressed on a case-by-case basis, and that the vast majority is far more beneficial than detrimental to everyone involved.


The definition of a state as a "geographic monopoly on the legitimate use of violence" is not particularly controversial.

It is the definition of a state as started by Max Weber and sociologists in the tradition of political realism:

http://en.wikipedia.org/wiki/Monopoly_on_violence

Max Weber's definition is used by wide variety of political factions, and is not a construct of anarchists\libertarians. During the Iraq War when discussing the use of mercenaries, the current President Barack Obama was quoted as stating:

"the core of our military relations to our nation, and how accountability is structured, you are privatizing something which sets a nation state apart, which is a monopoly on violence." [1]

Any action that is legitimate for the state institution to enforce, but would not be legitimate or legal for a non-state institution to enforce, derives its legitimacy from this monopoly on violence. This definition is simply stating that unlike other social insitutions, the state is the only institution which has the power to commit legal incarceration, execution, and confiscation.

The fact that non-state organization cannot impose taxes upon individuals and threaten fines and incarceration for non-payment indicates that taxation is a forcible (violent) means of appropriating revenue. If it were not, the revenue would be referred to as a donation, purchase, charity, or trade.

[1] http://www.youtube.com/watch?v=ewQl-qAtNwQ


"Many existent states (like Canada) have relatively small military budgets. For them, wielding or even threatening to wield violence is not their primary reason for being. Their primary reason for being is to ensure the health and welfare of their citizens, and they do so not by threat of violence, but by collection and distribution of taxes and passing of laws."

The definition of a state as an institution which wields a geographic monopoly on violence is agnostic towards the "purpose" of the state. The definition concerns the means not the ends of the state. The goals of states are diverse and change over time, but their fundamental principles of operation do not.

"The vast majority of people in most democratic societies do not require the threat of arrest and imprisonment to follow the majority of laws."

Consider if this statement would remain true (and if so, for how long) if the threat of state violence were not present.


Assange speaks truth. You cannot deny the fundamentals of the state are violence. The US speaks already of a capacity for instant global weapon strikes within the hour. You claim it is wrong to question the system, implicitly suggesting there is no alternative. But anthropology shows clearly that premodern societies had more free time, greater material and economic equality. (Try 'Debt: The First 5000 Years').

You attack a perspective, quoting on a tangent, without contributing anything meaningful except the notion that government can have value: but of course! Nobody denies this.

Assange and other politically engaged hackers like him seek improved systems of governance: greater protection of fundamental freedoms, greater availability of additional freedoms, greater truth and transparency.

Relax, nobody wants to topple your car and burn your house down.


You claim it is wrong to question the system, implicitly suggesting there is no alternative.

No I didn't. How can you expect me to engage with the rest of your comment in any serious fashion when you just make up claims like this?


I read your "As if we lived in a halcyon utopia prior to that..." paragraph as implicitly denying alternatives to the status-quo of modern society. Apologies if this was not your intent; in any case, in that paragraph you have done essentially to Assange's views what I did with my comment to yours. Haha :) May we all live long and prosper; peace amongst all.


I'm not denying alternatives to it; I'm pointing out that absent a state people still employ violence to assert things like land and property rights, and usually in a more direct and short-term fashion at that.


> But anthropology shows clearly that premodern societies had more free time, greater material and economic equality.

I already disagreed with the grandparent comment, but I need to criticize this too: those metrics are terrible, and we shouldn't be looking to the past for the good old days.

Free time: only if you don't consider all the free time lost by all the people who died as children (extremely high premodern child mortality).

Material and economic equality: being equally poor is not really a solution anyone would like.


Well, the metrics could definitely use some work and context, but there is some real truth behind them. Up until the 18th century or so, non-state spaces existed in abundance, and given a choice between either being a subject of a sedentary state or being a person outside state control, you were nearly certainly better off by choosing the latter. Many people did, in fact, and there was a constant flux of people out of and into state spaces. It was only when technology became sufficiently developed that virtually everyone was subjected to the State.


But I don't think there are any humans who can live free from social constructs. Living in a tribe, or under a warlord seems like the antithesis of freedom in the sense that most are discussing here.


> we shouldn't be looking to the past

History informs the present and future. My point in bringing up anthropology was that the OP's implicit suggestion that there is no alternative is demonstrably invalid.

> being equally poor

I would also heartily recommend the same book to you. It's quite an eye opener.


> Free time: only if you don't consider all the free time lost by all the people who died as children (extremely high premodern child mortality).

That's only relevant if all those children died due to some specific form of government being in effect.


I don't at all disagree with you but for the benefit of the others I'd like to ask you, what do you mean by truth? (What do you indicate by the term of truth?)

edit: To say something is truth if it's true is too circular - as a definition it doesn't have matters that can be confirmed by others so isn't so helpful to convince them.


This is a complete straw man. Assange wasn't calling for the abolition of government, nor did he say they're the only ones who do bad things.

Further, Hobbes' state of nature has zero grounding in empirical fact. Which historical state of nature does it refer to?


> Which historical state of nature does it refer to?

Hobbes' state of nature is probably an ahistorical argument. That all men used to live under a state of nature is not necessary to Hobbes' argument. It is a thought experiment, showing the consequences of there not being a state, and allowing him to infer the rights of the people within the state. In terms of history, Hobbes would have had in mind cases contemporary to him when state authority collapsed and violent chaos took hold -- the English Civil War etc.

He is not arguing from history, and to dismiss his argument on that ground alone might risk disengaging from what Hobbes' was trying to get at.


I agree with the sentiment, but Assange's prose is a little dense. Maybe it's OK for his target audience, as I assume the layman won't be reading cryptome.org.

What we really need is a champion to explain in relatable, plain English why encryption is essential even for mom and dad, and to explain it in a more mainstream venue. I think a big reason why people don't encrypt mail, etc., is because:

1) they don't know why it's important because nobody can explain it to them in relatable terms (like saying: when you send an email, Google keeps a copy forever, and the FBI can read it just by picking up a phone and asking nicely), and

2) if they do know the importance, the practicalities of encryption are explained impenetrably. A blur of acronyms, bad metaphors ("keys?" terrible choice of metaphor, considering how a pair is intertwined and their actual use), and no well-known authority you can trust to explain it all simply.

The problem isn't that people don't care. They would care if they knew the realities of how their communications are stored, processed, and exposed to their governments. The problem is that nobody can explain it to them in a way that's not ridiculously complex or laden with terms like "Platonic realm" and "transnational dystopia".


The problem isn't that people don't care.

You are right, people care. But not about things that would make reducing government power likely nor encrypting things by default probable.

They care about getting to work in the morning and getting home at night. They care about dinner with the family and a couple hours mindless television. They care about being safe while they do these things, and they've fully bought into the government's mantra of "we will protect you", so, as long as that's happening, they don't care about anything else.

Go talk to just about anyone outside of sites like Reddit or HN about the TSA, and you will be told how good a job they are doing. When the government tells them it is time to randomly drop their pants for the cavity check, as long as they are told it is making them safe, they will willingly oblige.

As much as the government's power grab, the complete lack of concern for it scares the hell out of me.


The government doesn't have a "mantra" of "we will protect you". It has an obligation to actually protect its citizens, and, in America, does a pretty good job of it.

The notion that reliance on the government for protection is a brainwashed delusion is one of those conversational signifiers that convince normal people that all this encryption stuff has nothing to do with them.


    > It has an obligation to actually protect its citizens
Perhaps you can claim agents acting on behalf of the state have a metaphorical obligation to protect citizens. But they do not have a literal, legal, or contractual obligation to do so in the majority of circumstances:

http://en.wikipedia.org/wiki/Warren_v._District_of_Columbia

http://en.wikipedia.org/wiki/DeShaney_v._Winnebago_County

http://en.wikipedia.org/wiki/Castle_Rock_v._Gonzales


Of course the government's job is to protect it's people. Even the most libertarian-minded people subscribe to that.

The problem is the government has been leaning on that to expand to things that are of questionable "protection".

Does millimeter-wave scanning protect you? The government sure expects you to believe it does.

What about seizure of property? That will surely protect you from drugs.

Why should we need a warrant for things like accessing somebody's email? Terrorists might be sending emails.

In some way, each of these things might increase our safety, but the cost of that protection is intolerable to me and many others. Unfortunately, most people don't seem to realize any price is being paid.


> people don't seem to realize any price is being paid.

this hit the nail on the head, because the pain of the price isn't felt by the average person _at all_. It is only felt by people at society's margin, who may skirt the law at times.

Now, someone might argue that this is actually a good result, because this will prevent laws from being skirted at all! If, or when some form of revolution is required, that necessarily entails breaking the law (otherwise it wouldn't be a revolution). This means, by slowly seeping such privacy invasion laws into place, its like boiling a frog alive - the frog doesn't even know its being killed.

This is why you have to watch very carefully, any form of censorship, or measures that strip away any sort of right that a citizen is entitled to.

unfortunately, no one is going to care. i hope i will be dead by the time things turn sour (if indeed they do).


People are especially not going to care if we frame our arguments against the TSA as a symptom of the entire system being an illusion used to turn us into docile sheep while providing the illusion of protection.


So how would you frame the discussion? How would you convince people that the security they think they are getting isn't as good as they are being told and the price they are paying is higher than (I think) we should be paying?


The main reason I think, is because its hard.

Either you use a 3rd party service to encrypt, its easy and also extremely dumb (since its not end to end encryption).

Either you use PGP or SMIME and guess what: it's too hard. Their design is fine. I especially like GnuPG (PGP), but the UI, even in CLI, is terrible, terrible!

Most people don't even understand that a GnuPG keychain generally contains 2 private keys, not one (one for signing, one for encryption!) or the concept of master signing key and subkeys.

These concepts are relatively simple, but their use is hard. Terribly hard.


Here's a relevant paper called Why Johnny Can't Encrypt[1], which does an excellent job of defining understanding and usability problems with encryption. It's certainly dated, but I find that its main points are still very true today.

[1] http://www.gaudior.net/alma/johnny.pdf


My idea was that public key cryptography should be done under the hood, so I created a easy to use ResoMail, but people still were not interested (or I was a bad marketer).


It uses it's own protocol/port/programs it seems. Too many people rely on email right now. Else, we could just use XMPP.

Thus the solution should work over email, and with our current email clients. S/MIME/GnuPG/PGP do, but their implementation is far from friendly.


The part of the solution is to switch to secure domain names, each domain name comes with bundled key pair (like SSL) this is why it's easier to work securely with public key encryption under the hood - the signing of the e-mail public key is done under the hood, the user doesn't have to do it manually.


For this reason I am fond of Jonathan Zittrain. Not that he particularly aligns with Assange but he is very good at presenting these issues in a compelling manner.


Eben Moglen has also made several good talks about the abolishment of privacy, and its effects. I would especially suggest listening to the Berlin talk made this year called "Why Freedom of Thought Requires Free Media and Why Free Media Require Free Technology".


Link for the lazy: http://youtu.be/sKOk4Y4inVY


"The problem isn't that people don't care"

I think you are overly optimistic here. Let's put it this way: if people were told that they had to report one crime committed by their neighbors in order to watch the superbowl, what do you think would happen?

"They would care if they knew the realities of how their communications are stored, processed, and exposed to their governments"

I have a lot of friends who know this, some of whom know it in more depth than many HN readers. Guess what? They all stopped bothering to maintain a PGP key. They all carry cell phones, and they do not even take the time to try to disable location services. They are all users of at least one of (Facebook Twitter Google+ GMail LinkedIn). If the people who know these things do not care, what make you think that people do not know these things would care if they became knowledgeable?


I wonder how many people who think it's important think that it's important enough to merit actually being said champion.


how about, without encrypted comms, its like posting a letter by not putting it in an evelope and sticking it to the outside of a bus


It's a very hard problem IMO. Not just finding the words, but everything. For example, before learning linux to a degree where it wasn't a pain to use as a desktop, I thought it made no sense to waste time learning this or that security feature (like email encryption), because an expert would probably be able to fuck me anyway. Now that I have a better understanding, and I can mentally trace the information from end to end, know where it could be compromised, etc, I started caring, secured everything the best I could, and my friends now call me a paranoid (that didn't stop me from installing Thunderbird and Enigmail in their PC's).

So I think someone should explain to the people in a clear way that you don't need 100% security, but you need to understand when and where your information can get compromised, and what you can do about it. Eg:

- Private message on facebook - you are screwed

- Messenger - you are screwed

- Post on a blog - you are screwed, unless you posted anonymously and hidden your IP (which is not that easy, we know of many geeks who were caught even when they were using Thor, because they didn't fully understand the technology - hint: exit nodes)

- Email - you can encrypt it, and you are safe as long as both computers (sender's and receiver's) stay safe (assuming you store your private key there)

- Data on your computer - you are safe unless malware is installed, or someone gets physical access. You can use full disk encryption, but you will probably have to use Linux (personally, I use Ubuntu), so this is a far fetched goal for the regular Joe. There is also truecrypt for windows, but it's not full disk if I recall correctly.

- Etc.

I'll add a recent anecdote here: Just the other day a friend of mine replied to one of my emails, saying that gmail broke the encrypted email (meaning he couldn't read it, not that gmail decrytped it). In his reply, I received the broken email, and four emails from a private conversation he was having with other people. Something happened in gmail, something went wrong, and I got those emails. They came with headers and everything, he didn't copy/paste those (he wouldn't know how to do that). So there's another reason to encrypt emails: mails server can make mistakes apparently.


Can you please elaborate on Tor exit nodes vulnerability? As far as I know they can read your passwords if you're not using secure connection, but how can it compromise your identity? I'm assuming the new account was created for an anonymous blog post.


Exactly, if you are careful you are safe. But it takes just one mistake to get caught. For example, if you have javascript activated (without it most of the web is useless), you could get fingerprinted, and then make a match with facebook or gmail, or if you are already a suspect, just get raided and make the match there. I don't know exactly how these guys I mentioned got caught, they probably did something stupid like logging in to a website with a real account. If I remember correctly, the news article only said that the police started running an exit node and sniffing the data that went out.


Can the downvoter show his face and elaborate? Thanks


I wasn't the downvoter, but I suspect they may have been pointing out you are missing the forest for the trees.

"The people" don't need detailed explanations about why one form of technology is "more secure" than another. Instead they need motivation to care about security from their government.


Yes I understand that. But in my case, even being into computers, and wanting privacy, I dind't even know where to begin. A friend of mine told me he is in that exact position right now: he doesn't bother, because he does not have a full picture, and thinks he won't be safe should the government decide to target him. Here's another case: someone I know needed to protect some data and store it. I gave him fool-proof steps on how to do that, and explained how it worked. How did it end? He just stored everything unsafely in a pendrive and took it with him everywhere, he even sleeped with it. Granted, he was safe from a warrant to confiscate his PC, I concede that. But it was a pain and he probably had deleted the files from the PC insecurely, so it was in vane.

Security and "being able to sleep" is more about understanding, and less about installing things on your PC. If everyone suddenly started encrypting their emails, of course we would be safer. But nobody is going to bother doing that, if they don't really feel safe (because they don't understand how safe they are, or which risks they are taking).

TL;DR - To sum up, even if you get people to want privacy, there is quite more work to do after that. People have lives to live, and if the cost of privacy is becoming a security expert, in most cases they won't bother.


A sufficiently motivated government has a nearly infinite amount of tools available for breaking encryption. Ignoring the possibility that it might know proprietary weaknesses to various systems (a hypothesis that is unknowable), there's just so much you need to secure at each node in a computer system.

Are you personally sure no backdoors exist in the physical hardware you use? In the operating system you use? In the compiler used to build your OS? In any of the applications on your system? Are you sure that there's not a hardware keylogger on your keyboard, and do you check every day before sitting down that there's not one? Are there any secret cameras pointed at your keyboard, or sensitive microphones hidden nearby that can distinguish what keys you hit?

And once you're sure of all that, are you just as sure everyone you communicate with is equally diligent?

And, while we're at it, have you come up with a solid patch to prevent the well-known rubber hose vulnerability that exists in all cryptographic systems?

That doesn't mean the crypto-anarchist project must fail. Encryption is invaluable: while the vast majority of other technological advances--sedentary agriculture, writing, maths, roads, sewage systems, paper, the telegraph, electricity, the light bulb, cars, "computers," satellites, Google--have all increased the legibility of the world to the State, encryption does the opposite. The panopticon isn't an existing, established system but instead an equilibrium point that the State has to constantly push us toward: anytime the economic cost of that push is increased, it gives us more opportunities for creating spaces of genuine human autonomy.

But once you recast crypto-anarchism in that more moderate and stronger form, encryption moves from "our one hope against total domination" and a "hope that with courage, insight and solidarity we could use to resist" to something more banal: one tool of many. Not even a particularly effective tool: governments don't care about a bunch of nerds throwing PGP parties, and all the encryption in the world hasn't prevented the State from throwing Assange into jail (a pleasant jail with some fine Ecuadorian decor, but a jail nonetheless) and obliterating his organization.


In Cory Doctorow's talk at Google, he said that all routers today have interception technology in them. It's only a matter of being enabled or not in some countries or in others. But it seems so many have asked for it, that they don't even bother to build routers without that interception technology in them, so now their default router has interception built-in by default.

http://www.youtube.com/watch?v=gbYXBJOFgeI


Sigh. Routers are an interception technology.


Routers are a routing technology.


Even using encryption that is trivially defeated is effective at resisting broadly applied surveillance as long as the fact that it's trivially defeated isn't public. That's because you need to restrict the application of the technique to a rather limited circle to maintain secrecy, which more or less guarantees that it's only applied in a targeted fashion.


My idea is that encryption must be so easy as to be used by all without configuration. It will make much harder mass surveillance, all other methods you cited are much more expensive methods, in most of them you must have physical contact or dedicate an attack against somebody, but to find that somebody you need to follow his correspondence.


This kind of over-the-top writing confirms what I already thought, which is that despite whatever good he might do in terms of exposing corrupt governments in the world, Julian Assange is just desperate for attention.

Being this paranoid he should be advocating "post-quantum cryptography", i.e. cryptographic methods that are secure even once somebody develops a quantum computer.

https://en.wikipedia.org/wiki/Post-quantum_cryptography


Nice username you got there. So you're saying this all conspiracy theory stuff? I think we've gotten way passed the point where the fact that the government monitors everyone online is just a conspiracy theory.


Thanks :) I don't think it's a conspiracy theory, I just think that the way he frames it is a bit overly dramatic. Personally I just try to stay relatively anonymous and I operate under the assumption that whatever I say or do is basically public information. I can't be bothered with encryption when I'm talking to my friends because those conversations usually consist of things like, "Where do you want to eat?"


I see, so you think if you just try to be as boring as possible, then you have nothing to fear from surveillance? Good luck with that.

What if the world changes, and yesterday's orthodoxy is tomorrow's heresy? This used to happen in the old Soviet Union, all the time.

What if, unknown to you, you are friends with a guy who the government doesn't like? This very thing happened to Maher Arar - actually it was two hops away, his friend's brother signed his lease, and that's all that was needed for the US government to whisk him from JFK airport to be tortured in a Syrian dungeon. Maher Arar is a guy just like you and me - he works in wireless tech, and crossed from Canada to America all the time. See http://maherarar.net/ .

Why do I have to explain this to someone whose nick is georgeorwell?


Why would I mention anything except boring stuff over an insecure channel? Why would I even assume that secure channels or trustworthy conversation partners truly exist? As for Arar, like it or not, it seems like his problem was that he was born Syrian.


Times change. 12 years ago being born Syrian wasn't such a risk.


Absolutely an attention whore.

A few people took on the risk of giving him a treasure trove of stolen documents (the VAST majority of which did had zero positive impact in being released), and he turned it into a soapbox.


I think that more focus, at least in the short term; needs to be put on making crypto accessible to windows users. As an example, consider the following project website:

https://www.gpg4win.org/

An invalid security certificate, and even that only if you go out of your way to specify https. If the vast majority of users saw this, they'd go running; including myself. I can't in good conscious recommend crypto that doesn't have it's own security certificates under control.

I have as yet not seen any less shady open implementations of PGP out there.

Of course, because of the proprietary nature of windows, it is totally possible for them to have back doors which will break your encryption, but I'm fairly sure that there are ways to verify, even without source code; that Microsoft isn't pulling any funny business.[0]

[0]: Besides, I'd prefer a situation where politically unsavory backdoors have to be used to read your data, as opposed to it being plain text and free for all.


I feel pretty safe predicting that most communications are moving to mobile, vs. desktops. Even if you have a desktop, most of your communications will happen on a mobile device.

The thing we really need (and what I'd fund if I had a spare $Xmm or so) is a great crypto API and solution to the user key management problem for iOS and Android, hooked into apps. It's technically easier to do on Android. On iOS, you're kind of stuck due to the core apps (mail, messages, etc.) being first-party Apple). It basically would take Apple deciding they cared about this issue, then building it into the OS in a way which didn't actually require trusting Apple completely, to work very well. Android has some steps toward this with some NSA projects, and wouldn't even necessarily require a full forking.

Some way to do tokenization and thus fairly transparent encryption on the client (phone) inside apps like the Facebook App, Twitter, etc. would also be nice. That's both a technical challenge and a UI/UX problem.

Silent Circle (from Jon Callas, Phil Zimmerman, Vinnie Moscaritolo (the PGP team...) and some Navy SEALs and defense contractors I knew from Iraq) actually seems like a pretty viable choice for sms, email, and voice right now. It unfortunately doesn't integrate into the social networks and other services people use, though.


Silent Circle appears to be for people who both

1) Want military-grade(ish) hardened coms

and also

2) Aren't willing to set it up themselves, but trust a service provider to do it for them

I read their docs a bit ago and don't really get it. I didn't really get Whisper Systems offering either as it appeared to have a broken trust model on a variety of levels.

If I cared about this kind of thing, and I really don't, I'd likely want to own all parts of the transport system and have the only available threat surface be the encryption algorithm as much as possible http://www.voip-info.org/wiki/view/Asterisk+encryption

Might it all be pointless without massive amounts of traffic padding based on this attack? I wouldn't know. http://link.springer.com/article/10.1007%2Fs10207-010-0111-4...


I feel pretty safe predicting that Desktop computing will be around for a while yet.

I also feel pretty safe in saying it's not an either or thing, we can have both; and should.


I'd prefer to stick to http://www.activism.net/cypherpunk/manifesto.html

I also find Eric Hughes much easier to rally behind than Julian Assange, although John Gilmore is better still (although largely focuses on drug policy, now). Or John Perry Barlow or Mitch Kapor.


I'd be interested to know what you think of the Cryptoparty 'movement', rdl? Eric Hughes talked in Amsterdam. Would you get involved?


It's too broad in scope for me to be really interested, I think -- meetings more focused on specific problems and solutions to those problems, vs. "the overall concept of cryptography and secure communications" seem more likely to be productive.

There are really no shortage of events like this in the Bay Area. I think "how to help mainstream developers build and operate services securely" would be the only thing I'm really into; end users are too varied and stressful for me. (there are usually a critical number of true tinfoil hat, "I've been marginalized by society and need someone who hack my girlfriend's email" types at open end-user crypto meetings...) At least based on the previous several attempts at this kind of thing (2600, Ian/Len's key signing parties, cypherpunks physical meetings, etc.)


I've certainly found the experience of talking about Tor to end users quite stressful, but I haven't had the experience of tin-foil hat users. There was an obvious low-level cop asking about the Silk Road at one of them.

In-fact if I look around the room, I'm the one talking about what William Binney has said & Echelon, so I'm probably the tin foil hat.

I agree about the focus. What's interesting is some of the bugs that I've found because I don't often see things from a UI perspective, and talking to end users has made me see some new bugs, also see problems that remain to be solved that I am currently working on.

I think the bay area is unique, there is nothing much of it's kind like this in Sydney.


> The world is not sliding, but galloping into a new transnational dystopia. This development has not been properly recognized outside of national security circles.

I agree with Moxie Marlinspike on that, we were preparing for fascism but got social democracy[1]. Assange is still preparing for fascism.

[1] https://www.youtube.com/watch?v=eG0KrT6pBPk


"Assange is still preparing for fascism."

You mean the guy who is in internal exile in Britain because as a journalist he revealed war crimes committed by Britain's partner the United States? He's the guy who is delusional about the form of government that surrounds him, huh? Glad it's as simple as that.


To add some more complexity: the reason he is in a dodgy situation in the first place are rape allegations. Looking at some "leaked" parts of his biography this doesn't sound too far-fetched to me.

I definitely appreciate his engagement in disclosing many interesting documents about the micro-social diplomatic environment. But after all, what about the more interesting stuff? Leaked documents from the center of the turbo capitalist universe are still pending. (IIRC those were promised for around last christmas...)


There have been no charges laid against Julian Assange. The only 'dodgy situation' as you put it is that there has been so much effort to get him extradited to Sweden by a UK government who would not normally be interested in 'allegations' without substance from abroad.


There have been no charges laid against Julian Assange

Isn't this because he refuses to undergo questioning? As I understood it, the laws under which he is to be charged prohibit laying charges against him until they question him. So in this case, to say he has not been charged is devoid of meaning.


He offered to be questioned from the embassy, where he cannot be extradited from. Officials said no.

He offered to go in for questioning under the condition that it was agreed that there would be no extradition. Officials said no.

So he sought asylum in the embassy under the pretense that he would otherwise face torture and death at the hands of the United States. Ecuador agreed that this was a valid concern, so they let him stay.

Seems telling.


I don't remember the reason for the first one, but in regards to the second line item, I am told that again, their legal process simply does not allow them to make such promises.

Honestly, to me it looks a lot like Assange's argument boils down to, "I've asked for special treatment, but they won't give it to me. Clearly, they are conspiring against me."


You make my argument for me. Crypto means nothing when you can be accused of rape, pedophilia, drug trafficking etc and have your life destroyed at the leisure of the powers that be. The only defense the average person has is security through obscurity.


In that video, Moxie argues for a slightly different focus due to a different situation, but the overall concern is the same.


This was a really great talk. Thanks so much for posting it! Lots of things I had not ever considered before, and the OTR model is really neat.


In maybe five to ten years, the internet will effectively split in two. There will be major, commercial service providers such as Facebook-type social media hubs, major news sites but there will also be an invisible internet that is everything internet used to be, and in addition to that encrypted, anonymous, and untraceable.

How it shows most prominently at the moment is file sharing. Setting the endless copyright debates aside, what happens is that governments and large companies want to interfere with the privacy of what citizens are doing with their own bits. They say copying is theft while citizens consider twiddling their own bits a private matter that's none of anyone else's business. The citizens don't understand that while it's de facto legal to form a sneakernet—the actual legal status probably varies from place to place but nobody has ever been sued for sneakernet filesharing because nobody else never knows about it—it's illegal to form a filesharing network over the internet.

I don't promote or demote filesharing per se: it's just the cutting edge where the future trends will show years before they land elsewhere and that's what it makes it so interesting. A marginal slice of file sharing has already moved to anonymous darknets but in a few years and after a few more bad copyright/freedom-of-speech incidents with bad publicity, there will eventually be a breakthrough and the whole filesharing activity will go underground en masse.

When the masses go for it, the capacity and availability of invisible darknets will raise in orders of magnitude. That means there will be other providers in the anonymous networks as well, websites and services. There already are some, from anonymous wikis, anonymous project pages to anonymous forums but currently those are playgrounds. That is not so in ten years: there will be a major "bazaar" going on underground. While everything is anonymous and untraceable, everything is also secure. An online bank could very well operate in the anonymous network because the traffic is already cryptographically signed, and users can enjoy strong authentication if they wish to or remain a pair of anonymous public/private keys.

At that point the traditional grasp of internet control is lost.

The institutions governing the internet and the copyright and whatnot are faced with a big dilemma: do they dare to ban and make illegal anything that's not specifically permitted on the internet and if so, how to go about it in actuality. Do they lobby for laws that only allow ISPs to let citizens connect to a http proxy that validates all traffic to be "approved"? Do they extend the charges for any use of the invisible internet that is deemed illegal, to cover all users of the invisible internet?

We're still in the shadowdancing mode but the stakes are going higher, and in at most ten years the problem of control versus anonymity will have come out in the public.

We better know what we want, at that point.


> I don't promote or demote filesharing per se: it's just the cutting edge where the future trends will show years before they land elsewhere and that's what it makes it so interesting.

One interesting thing I've noticed that the people behind the best filesharing networks tend to have tremendous success with their later projects.

Napster is the obvious one. After Napster went down, Shawn Fanning co-founded Rupture and Path, and Sean Parker went on to become the first president of Facebook, key investor in Spotify, and managing partner at the Founders Fund.

Kazaa is another great example. After their legal walloping, the founders and development team behind Kazaa regrouped to form Skype.

And then there's The Pirate Bay, which is still rolling merrily along, court rulings notwithstanding. Its team hasn't created any billion-dollar companies yet (we'll see what happens with Flattr), but they created a political party that's won elections in multiple countries, as well as the webhosting company PRQ, which was Wikileaks' home in its early days.

I don't think all of these later successes are a coincidence. Filesharing involves hard technical problems, hard logistical problems, and intense competition. If you were an investor, a blind strategy of giving money to the best pirates you can find seems like it might be surprisingly sound.


The Pirate Bay people didn't create the Pirate Party. There isn't a lot of overlap between the (publicly known admins of) the Pirate Bay, the (no longer existing) Pirate Bureau that gave rise to it and the Pirate Party. This is true both in terms of people, and also frankly terms of politics, beyond the basic realisation that the status quo is untenable.


they created a political party that's won elections in multiple countries

"won elections" is a bit of a stretch. In countries with multi-seat constituancies and proportional representation, there are often minority/niche candidates.


They haven't won many heads-up elections, but they have won a few.[1] They're also pulling significant percentages in Germany, and close to a full percent in a few other countries. They're active in 40 at the moment. They're hardly a major party, but doing pretty well for one that's only six years old.

[1] http://en.wikipedia.org/wiki/Pirate_Party#National_Pirate_Pa...


I would say reaching the parliament, and hence being represented, is kind of a win.


I found your comment very interesting. Could I perhaps ask you to take a look on what I've build? It's a student project in a very related field. If so, I'd be delighted to hear from you. lkaslkaslkaslkaslkaslkaslkas@aol.com


> there will be a major "bazaar" going on underground

I thought most people here had heard of The Silk Road onion service: https://en.wikipedia.org/wiki/Silk_Road_%28marketplace%29

> An online bank could very well operate in the anonymous network because the traffic is already cryptographically signed, and users can enjoy strong authentication if they wish to or remain a pair of anonymous public/private keys.

Or you can use bitcoins to accomplish the same and you don't even need banks.

As William Gibson said, "The future is already here — it's just not very evenly distributed".


The Silk Road will be a tiny tiny spot of activity if every startup is forced to the alternative network. If the "open" internet is based on who can pay the most to get a competitive quality of service, anything competing with existing products will be pushed out of that market.

Bitcoin and the silk road are not the future, but prototypes of it. It will be interesting to see if they become more than that, but they are showing the way forward if society continues to go down the directions currently being perused.


Or you can use bitcoins to accomplish the same and you don't even need banks.

The longer this fiction persists, the less chance a fundamentally decentralized crypto currency will take hold. Trusted 3rd parties will always be necessary, and that's not a de facto bad thing.


Why is this a "fiction" and why do you need banks? Why do you dismiss Bitcoin? Please explain.


He's not dismissing Bitcoin, but the idea that through Bitcoin you can "remain a pair of anonymous public/private keys". This is explained here: https://en.bitcoin.it/wiki/Anonymity (and yes, I know that the technology can theoretically support this, it just doesn't in its current incarnation).


I'm not dismissing that either. I love Bitcoin, and I believe in its abilities. That's why it's really annoying when those with certain philosophies try to ascribe them to Bitcoin.

BTC can work without trusted 3rd parties, and transactions can be performed in a completely anonymous way. Not every transaction requires or even benefits from these qualities, however. For Joe User's grandma to use BTC, there are going to need to be trusted 3rd parties (e.g. banks) to manage the minutia of transacting. These 3rd parties will make things simple for grandma, and ensure that she doesn't get screwed.


Ah, my bad. You were calling something a fiction and I assumed it was the "you can use bitcoins to accomplish this [in the context, performing transactions while remaining an anonymous pair of encryption keys, which you can't right now]", when you probably were referring to the "you don't even need banks" part.


Your anonymity is compromised if/when you use "trusted 3rd parties (e.g. banks)." In order to not get shut down by governments, they must comply with applicable laws, which include identifying your identity in some way. (At least as far as I know).


You can be anonymous if you use Tor with Bitcoin. The problem is that you need to buy bitcoins first, what usually isn't anonymous, but you might be able to buy them anonymously over the counter.


Just as a thought experiment, what do you think of an alternative reality in which even more of reality is transparent - including the operations of commercial, political, and other entities? Preferably collated and maintained by the community rather than centralized entities, crucially; somewhat akin to a shared wikipedia.

The thing that worries me about this push towards encryption and anonymity is that it does afford nefarious elements a lot of safe harbor. I imagine it's fairly possible to identify individuals given a few message traces, even in an encrypted anonymous environment, and layfolks simply aren't going to have the skills to cover all their digital tracks - can even expert cypherpunks? Meanwhile, a few malevolent elements in unison could easily co-ordinate and harvest details, with enough cover to be hard to track down (and even harder to prosecute).

An alternative is a world of transparency and openness - with a huge loss of privacy, but also a loss of privacy for those who would push their own causes of power and control, and/or commit crimes.

I honestly don't know what the long-term best path would be - or if there is even a genuine dichotomy between anonymity/privacy at all. I value my privacy, but I also value the opportunity to identify the sources of problems and use the structures of society to deal with them.


I don't think the transparent reality would work. For thousands of years people are known to gather in the back of the woods to hatch plans that must be kept secret before the execution. That's just how people want to deal with a part of the things in their lives.

The secret might be a terrorist plan, a plan to open a new business, a plan to rob a neighbouring village or a plan to arrange a surprise birthday party. You never know, but people like their privacy. Even before the internet and telephone people could talk to other people to arrange things to come, while in the outside it just looked like the folks are walking around the town.

A transparent government and officials would be nice but I think that would never happen either. There are always matters that must be processed with confidentiality in the first stages, or the system just wouldn't work. Consider the old-fashioned hard-boiled journalism: people will talk if they can remain anonymous and confidential, and by talking they can prevent something worse from happening.

Limiting the secrecy of government/public sector affairs to a certain, absolute period of time might work, though. Things should be public as soon as they're finished.

I think that equal anonymity and confidentiality is better than the current world where most people are not anonymous and the powers to be can snoop on the rest and yet retain their own confidentiality in their actions.


Thanks for the reply! Would I be mis-representing things to say that you feel that the need for privacy/hidden communication is predicated by the fact that it has beneficial purposes as well?

The world might certainly be a very dull place if nothing was private - no more surprise birthday parties as you mention, for example - but perhaps there would be equal and opposite benefits to shared knowledge/information?

The situation regarding whistle-blowing itself requires that there is something worth reporting, which wouldn't be the case if the knowledge was already available (unless, perhaps, the knowledge was available but simply not highlighted well enough for people to spot any malicious behaviour).

Totally agree with your final point - it's a very strange dichotomy that as average people are finding less and less privacy, those with privilege or power are the ones who are afforded it.


I would prefer a reality/society where everything is public and transparent, however, we cannot do that yet. We would need much more evenly distributed social power and means of production. Maybe robots can enable that in a few decades?

See http://marshallbrain.com/manna1.htm


At the turn of the 20th century, this optimism was widespread: science and industrialization would, according to popular thought, bring about a golden age where disease, famine, and war would all be forgotten. Some people, like H. G. Wells, had different ideas; rather than bringing about an age of peace, new technology would be used as a tool of war. H. G. Wells thought that radioactivity (which was cutting edge at the time) would be used to make bombs so powerful that whole cities could be destroyed and that airplanes would be key to military tactics (he was a bit off the mark on some things: he thought submarines would not work, that airplanes would not be invented until the 1950s, and that nuclear bombs would explode continuously for an entire day -- nobody said he had a crystal ball).

Robots distributing social power? I think it will be the exact opposite. Robots will be used to maintain social power, to prevent people from every gaining it. Your robot will be like an iPhone: you will be locked out of the software, forbidden to make modifications, forbidden to hack. Your robot will produce only as much as you need to survive; you will not receive enough to gain any more power than you already had. Your robot will also spy on you, so that if you start organizing a group of people to rebel against those with power, you will be thwarted by some means (perhaps your food will be drugged to reduce your cognitive abilities, or maybe for simplicity you will just stop receiving food). The people with power will never have to worry about being unseated, because they will have total control over the means of production. The only threat to the powerful at the point will be their own incompetence; only when they are not able to make the right decisions about managing society will society have a chance to rebel.

Here is a microcosm of what a world where robots run everything would be like:

http://www.wired.com/cars/coolwheels/news/2006/08/71554


"The thing that worries me about this push towards encryption and anonymity is that it does afford nefarious elements a lot of safe harbor"

I have yet to see any evidence that this is true; all I see are anecdotes from law enforcement agencies who are pushing for less crypto, and even those anecdotes only tenuously describe "nefarious" elements. You cannot encrypt a blood stain or a fingerprint, nor can you use an anonymity system to hide the fact that a known terrorist group is increasing the volume of data it sends and receives.

So what nefarious elements do you think are going to avoid prosecution by using crypto? A few years ago, there was a case of a group of child molesters using PGP and anonymous remailers (and possibly other privacy technologies) to communicate and exchange photos of themselves abusing children over Usenet. They were caught, arrested, and prosecuted following a well-coordinated investigation -- otherwise known as "good police work." Only a handful managed to avoid identification or prosecution, and it is worth noting that this was the case with investigations of criminal organizations long before good encryption was widely available. It should hardly be surprising that such a group was ultimately caught: they were sending each other photographic evidence of their own crimes.

It is also worth pointing out that anonymity systems are used by the police to catch criminals. In the case described above, the police used the very anonymity system that the child abusers were using, and were thus able to observe their messages while maintaining the secrecy of their investigation. Similar scenarios have played out with Tor. Criminals who use the Internet will eventually figure out which IP addresses belong to the police; it will be critical for the police to use anonymity systems to mask their IP addresses (this, in fact, is closely related to the reason the Navy created Tor in the first place). It is not so much that society's nefarious elements are more empowered now; it is more that the nature of the game has changed, that new tactics and strategies will be developed by both criminals and the police to utilize and cope with these systems.

I would argue that crypto and anonymity systems have benefited society more than they have harmed it. The same crypto and anonymity technologies used by the group I mentioned above have been used by political dissidents and activists to protect themselves from abusive governments; human rights activists have used such systems to protect the people they work with. Whistleblowers have used such systems in the past, and will have to do so in the future. For people who do not have an army at their command, these sorts of systems are necessary for their protection. If you were going to report Mafia activity to the police, would you rather use Tor/remailers/etc. or would you walk into the police station in person?

There is no such thing as a world of transparency and openness, because crime is part of human nature and because political ambition is part of human nature, and both of these behaviors exploit openness and transparency. I am all for an open government, but even I acknowledge that the government will need to keep some things secret -- military plans, investigations of dangerous criminal enterprises, the locations of witnesses to crimes, and many other things must be kept secret for society's benefit. Open and transparent government does not mean "secret free," it means "secrecy when it is absolutely necessary;" it is the responsibility of citizens to ensure that their representatives in the government are not declaring too many things to be secret, and it is the job of journalists to report to the citizens what is being kept secret from them. The sooner society realizes that, the better.


Thanks for the detailed response - first of all, I don't see all uses of crypto as problematic by any means - and I'm very glad that good police work and investigation can, and does, track down malicious behaviour even when enabled by the latest technology. Ultimately all these things are about human networks at the end of the day, and we're all fallible, and I generally trust that there's more sunlight than darkness.

I also completely agree that pretty much every technological innovation throughout history - weapons, communication mediums, etc - are used by both 'police and thieves', or whichever actors fit in the white/black boxes in the given situation.

The problem in my mind is more general - it's that crypto and concealment are just an evolution of the status quo - the arms race continues, with more 'secrets whispered in the woods', yet average people are already losing their day-to-day privacy, in vast numbers, and crimes still occur of course.

Opening everything is clearly radical and/or impossible, and it's a long-term idea/concept rather than anything feasible in the near future. Despite my ramblings, I'm a realist, and I've worked on migrating many, many legacy systems, so I'm familiar with the challenges, but this is the only process I've reasoned about so far regarding disruption of the arms race itself, as opposed to just evolution of arms, so I'm hunting for counter-arguments and these are good ones.

Enabling dissidence is a very good point, and I think it highlights the problems with hierarchy/power itself and information disparity. If neither party was able to operate without the knowledge of the other, then dissidence could take place openly without fear of hidden/unknown retribution. Trusting that the system is really 'open' and that you can see all the communications is definitely a challenge though (unsolvable?)

Regarding your final point, I'd say that although crime is part of a darker aspect of human nature (which can be encouraged, manipulated or instilled), we have been controlling our own education and evolution for generations through society and religion and choice of partners - so why can't we see this as an optimization problem, and try to guide ourselves towards a less criminal and violent nature?

(PS: the final point is a bit rhetorical - I think we have been for a long time already - cannibalism isn't hugely popular for example)


> When the masses go for it, the capacity and availability of invisible darknets will raise in orders of magnitude.

this is predicated on the assumption that providers are not strangled by their balls by the authorities (who is in turn strangled by the balls by lobbiests/companies/vested interests).

If you could run your own routes with private equipment (such as a mesh like wireless network?), instead of having to sign up to an isp, then i see this as more viable a future.


Will ISPs be forced to disallow all encrypted traffic? That would be disastrous.

It's already possible to connect to a website over https (with a self-signed cert you've obtained through a second channel) and be pretty much certain no one is snooping. The target you're connecting to doesn't have to be obvious either.


ISPs can be forced to disallow all encrypted traffic, but ISPs can't be forced to disallow all steganographic traffic, e.g. sending pictures of cats via Facebook.


ISPs cannot truly be forced to disallow encrypted traffic, because encryption is necessary for secure online commerce, DRM systems, the security of corporate secrets, etc., etc., etc. However, it is possible that a government might try to impose licensing for encryption, similar to how licensing for radio works -- perhaps a licensing system that requires one end of an encrypted connection to have a special registration that only businesses can afford / obtain (likewise with WDE). Thus the "little people" will be unable to legally use encryption to protect their privacy, and hackers will be charged with yet another "crime."

Most governments care about business these days. Do you think any government would say "no crypto" when Coca Cola says they need to protect the secrecy of their formula, or when HBO says they need to prevent people from copying movies?


That would be impossible. How do you define and detect encrypted traffic? Sure it's possible to block a known encryption protocol such as https. But we would get creative if that happened.


If you want to become the next evil overlord, it's quite simple really. Whitelist known traffic.


That's not going to meet anyone's definition of "internet service". Not even folks who think it's just "the web" and email.


You maybe right. But if _everyone_ does it, the customer doesn't really have a choice now does he?


I found your comment more insightful than the article.


It's not an article. It's a call to action, and also an advertisement.


"article" also means "item, object, thing". By that definition almost everything is an article, including the linked piece.


By that definition, the comment is an article. So what were you talking about?


" ... invisible darknets ..."

Not invisible to governments and corporations, just to your fellow citizen.

The corporate-state "owns" the infrastructure. Get your TCP/pigeons (or whatever network you can throw together) working and we can meaningfully discuss "invisible darknets".


Meh. Assuming you have some good way to avoid the Warden problem (like, say, sneakernet) you could probably get build some sort of stegosystem for this. It would be very high latency, but then again, so was the original Internet.


This is why I'm glad HTTP 2.0 intends to implement SPDY's always-on encryption. It probably won't be long until governments find a way around that, especially the US government, who can pretty easily gain access to companies like Google, Verisign, and even ICANN, but it would be a good first step in the right direction. Hopefully future steps like web crypto will help increase the security of people's conversations online further.


Alway-on encryption is necessary but not sufficient. As long as Facebook or Google have the decrypted information, you are still subject to the transnational dystopia.

The other day I found this fellow's idea for a peer-to-peer social network service: http://code.google.com/p/peer-book/

"Your data is stored in a distributed fashion, across the network, so that even when you turn off your instance of PeerBook, your friends will still be able to view your Profile and send you messages.

"Of course, all of this data is encrypted and backed up several times, so that even if Alice's data is being stored on Eve's machine, Eve will only be able to read it if she is Alice's friend; and Eve will only ever be able to delete her local copy of Alice's data which has no effect on its overall availability to the rest of Alice's friends."

He's got the right idea. I haven't examined the project, and it doesn't seem active.


It's difficult to work on a project when you don't see the support, the people who would like to use it.



How on earth can you bring up diaspora in this context? Some kind of cruel joke?

I'm downvoting parent and giving you the right link: https://freenetproject.org/


Heh, I probably should have said it's not an endorsement. Just another example of a (dubious) attempt at a distributed social network.


Thanks, it was useful to learn of the project.


Do Freenet now have any social features in it? Last time I looked (few years ago) it didn't have any significant.


It appears to be useful for admins getting convicted of CP trafficking for running a node. Does that count?

Try this one: http://distributedcity.github.com/

The previous incarnation of Distributed City was pretty cool. I haven't looked at their new code.


Forget Google, Verisign and ICANN. Any of these people can generate certificates that completely eliminate the MITM protection of https:

http://www.mozilla.org/projects/security/certs/included/


Will it be an option to serve unencrypted content under HTTP 2.0?


This xkcd strip was never more on-topic than now.

http://xkcd.com/538/


Ha - this is what I was thinking the entire time. As long as humans are physical, we will be subject to coercion. I think Assange has good points, but the internet could still be used for plenty of harm even if they couldn't tell exactly what you're saying - even that is doubtful.



They will torture you just in case.


Does it seem strange to anyone that the whole book isn't available for free? This doesn't appear to be intended as mere entertainment. This is supposed to be about maintaining freedom . . . it seems like a case where you'd want to get your ideas out and save the day over earning money from it.


I think his call to action at the end is too abstract. It's important to understand that there is a problem, but the solution lies in understanding why the government is the way it is and why people vote to have such a government (fear).

The battle is winning the minds of the average person, by showing them that an encrypted, unmonitored, uncensored internet is in their best interests and not something to fear.

Or in the worst case, show that an all powerful (and therefore eventually corrupt) government is the greater of two evils. The proper tool for this is probably cheap, scalable marketing stunts and compelling media that spells this out in layman's terms.


Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem.

Not entirely false, but http://xkcd.com/538/


Long before Wikileaks, Assange worked on a project called "Rubberhose". (A hidden encrypted filesystem designed to offer protection against cryptanalysis by torture.)

http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis | http://en.wikipedia.org/wiki/Rubberhose_(file_system)

Wired in 2008: "Among other achievements, he [Assange] co-invented Rubberhose deniable encryption, which would let a dissident being tortured reveal one key to unlock a hard drive, while not giving away that there was a second or third password-locked folder of information."

http://www.wired.com/politics/onlinerights/news/2008/07/wiki...


See also: TrueCrypt hidden volumes.


It is interesting that this preface has been extracted and hosted on Cryptome. Given the history of Cryptome and Wikileaks; and having had the opportunity back in 2009 to ask Assange in person about his views of Cryptome, I am no doubt his eyebrows would raise as well. I wonder if John Young posted it himself or it was submitted. IIRC part of Assange's concerns around Cryptome were some well reasoned arguments around editorial and source protection policy.


I feel that we have to understand that using technology to fight legal battle never is the right answer. As soon as the government sees a particular technology as a hinder, threat or even an inconvenience, they can legislate against it. This holds true for encryption, VPNs and all other technological "saviours" that internet evangelists keep ranting about.

The truth is that the only reasonable thing to do is to become politically active.

If you can't beat them, join them.


Yes and no. Sure, we have to fight bad laws. Here's the thing: Encryption is legal now, but what good is it if we don't use it?

We need to build and use technologies that respect human rights and we need to fight to make sure that they remain legal. One without the other is nothing. There is no point fighting to keep something legal if you don't have the technology and infrastructure to use it.


I generally agree with you that there is no technological solution to these issues, not on a broad scale at least. Educating everyone about using encryption isn't going to fly because as soon as it becomes effective, they will legislate against it.

But I wonder what shape any political activism could have. Maybe this cryptography movement should be seen as just that, a way to force a political debate and make any political activism relevant.


> and if all else fails, to accelerate its self-destruction.

Unfortunately, that is how you know if someone has gone off the deep end.

I agree though that we should all be encrypting communication, but our government helped develop the methods of encryption, and some methods have been known to have backdoors: http://www-cs-faculty.stanford.edu/~eroberts/cs201/projects/...

Why it is highly recommended not to implement your own encryption method, we shouldn't be using something that could easily be decrypted by the wrong people either. We need to study methods that we use extremely well, and be aware that encryption susceptible to decryption via brute-force with significant resources are just as dangerous as backdoors.

I also advocate development of wireless mesh networking technology to handle larger adhoc networks. While those that wish to spy could still become a member of an adhoc network, it would significantly complicate things for them.


Tim Bray said it better:

Why It Matters: [...] This blog isn’t terribly controversial. But if only the “controversial” stuff is private, then privacy is itself suspicious. Thus, privacy should be on by default.

https://www.tbray.org/ongoing/When/201x/2012/12/02/HTTPS

EDIT: Ironically, I accidentally linked to the non-HTTPS version. Fixed.


My initial thoughts are, I don't know if this is the right way to combat widespread warrantless search and seizure, although maybe it is. I'm not sold either way.

Let's say there were some massive breech of probable cause before billions of people used the internet every day. Maybe some king is issuing multitudinous search warrants to go and seize all postal mail correspondence within some large sector of the population. I'm thinking of something "old tymey" here.

Okay. Well, it seems to me, the 18th century version of Julian Assange would essentially argue that people need to start getting good at writing in and decoding cryptograms. What we really need is the 21st century version of James Otis.

I know, it's a very, very unfair analogy. But it explains my point. If this stuff that William Binney is talking about is really going on, wouldn't a legal or a socio-political (not sure if I'm even using that term correctly) response be more lasting and effective than having everybody start writing letters in the form of a NY Times crossword puzzle?


This article seems to propose that encryption is the solution to everything. However, it should be relatively easy to discern an encrypted message from an unencrypted one. When everbody starts encrypting and this really poses a threat to intelligence agencies and governments it will simply be outlawed and payload that is deemed encrypted will not be routed.


I'm toying with a very low bit rate protocol for short length messages. Low bit rates are associated with high signal to noise ratios at low power. Most of the messages people send aren't worth sending or receiving, and among those that are worth sending, many are short and non-urgent. There is a need for a slow, highly obfuscated messaging service...


Here's another excerpt from "Cypherpunks" at Salon:

http://www.salon.com/2012/12/02/julian_assange_the_web_can_c...

You can only buy this book direct from the publisher. Amazon isn't carrying it.


You can also find it on popular torrent sites, as information wants to be free. (I would have bought it if it had been on Amazon, but, well.)

1dc2e5b6f0d5036a182e85ab34da839d15eaf1ed cypherpunks.epub

5d546aaa83aebd43a2342f6dc737d271a34ff684 cypherpunks.mobi

ccaf1c45fc31633c9728dcd2cd4545b55a27be7c cypherpunks.pdf


Wait...so your two options are buy from Amazon or pirate? Amazon is basically the worst corporation on the face of the earth. Supporting a small publisher -- especially a small publisher willing to publish Julian Assange, books about Bradley Manning, and books about Wikileaks, is basically a decent thing to do.


Why do you say Amazon the worst corporation on the face of the earth? I can honestly think of nothing that would justify that statement.


Yeah, it's not so much a moral argument as that I'm willing to pay ~10 seconds and up to $20 (and ideally, $10) for a book.


Actually I poked around the site more; it's not as bad as I thought (it takes normal credit cards, although authorize.net is kind of a pain). And the non-DRM ebooks are fairly acceptable. I'd still strongly prefer Amazon, but wouldn't pirate out of spite.


payment is very inconvenient.

That's why a free payment system (without state control) should be given the top priority.


Even the strongest encryption is only as strong as the will of the person who knows the key. And what if the state decides to enforce controls over access to encryption algorithms and software? What if it's a crime to use unbreakable encryption?

The only defence against tyranny is the effort of a sufficient number of people, with the will and means to resist, choose to actively support freedom and dismantle tyranny. Specifically, people in power: politicians, judges, lawyers, and police. If the people who run the state, and exert force in its name, prefer tyranny, then tyranny is what we'll get. And that's exactly what happens when those who oppose tyranny abandon the state those who support it.


I'm afraid until most people will understand the use of cryptography, there will not be move forward.

I've spent a lot of time on ResoMail, a an easy to use open source secure alternative mail, but during beta testing it didn't show user interest, people don't understand the dangers of trusting their data to corporation and didn't use it, so now the project is on hold, now I'm looking for new opportunities to develop it.


>"Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem."

No, but most average citizens' crypto is still ridiculously vulnerable to the three Bs: Burglary, Blackmail, and Blunt force trauma.


very platonic, but totally oblivious to "rubber hose cryptanalysis" ...unless you have a group of fanatically loyal people at the core of your "freedom protectors" group and the "engineers" that implement your cryptography systems part of this group, force and bribery will always win.

...and if you have a group of people truly loyal to freedom, then you don't need much crypto anyway ...just spoken words, physical transfer written/printed papers or usb sticks (this is how bin laden supposedly communicated his speaches if I remember well, right?) or other media and a brotherly handshake...


You might be interested to learn that Assange had developed the Rubberhose file system. https://en.wikipedia.org/wiki/Rubberhose_%28file_system%29 So I don't think he's oblivious to the concept.


do you how does it compare to similar features offered by TrueCrypt?


TrueCrypt's plausible deniability system is dependent on a passphrase instead of an auth key iirc.

Another likely difference is that truecrypt works.

Neither will stand up to scrutiny for the purposes of deniability. It's obscurity which is effective in the scenarios that the docs outline below.

http://www.truecrypt.org/docs/?s=plausible-deniability


And you can't donate with Bitcoin? What is this?


This is Cryptome, who isn't associated with Wikileaks. You can donate to Wikileaks using Bitcoin.


Many governments now have no fear of encryption - trust no one....


SHA-1024 Should only take a million square foot datacenter filled with GPUs an hour or so.


TLDR: P ≠ NP


It's not proven that anything in TFA is actually NP.


It's funny, I've come to think of the HN community as being the most skeptical and contrarian of all internet forums. (Jokingly, to the point that if someone posted a blog about how Hitler was evil, there would be an a reliable proportion of posters here pointing out how the citation free post was rhetorically weak and that there were some little understood benefits to the Nazi regime).

Now, this short excerpt of Assange's argument strikes me as outlandish, and there's only a couple of skeptical posts to be found!

There are a bunch of problems that I can see with it, I'll just list a few off the top of my head.

1) It's a predictive argument, which is hard (prediction). The prediction is that society will become worse because of the internet.

2) Glorification of the past: a casual consideration of societies and governments of the past highlights that they are, all of them, horrible. You don't have to go back far in US history to get to an amazingly evil government (1970s CIA activities for example)

3) The increased transparency brought on by the internet is a good thing. ,I'm glad Petraeus got his ass busted, as the phony hero creation meme has been weakened that provides cover for US misdeeds in the war theaters. Governments have been literally getting away with murder since time immemorial. There is a better chance of stopping them if there is, in general, more public, unencrypted communication (this is precisely what brought Petraeus down)

4) There is no way the public at large is going to start encrypting their communication. That kind of secrecy is just not that useful to the average citizen. It is also too complicated to understand for busy non-hackers.

5) The benefits created by network effects will be significantly diminished by introducing private encryption. One of the main uses of the internet is the creation of large scale markets. Markets are by definition public, or at least open to a group. To get efficient markets you need a sizable group. To keep access to a market private gets harder the more participants it has. Fairly determined efforts to conduct secret, anonymous actions by hacker groups like Anonymous have proved to be easily broken by law enforcement. And these are hackers!

6) Efforts at resisting tyranny can be demonized, and crushed, more readily if conducted in secret. The fact that Wikileaks acted somewhat non-anonymously to release supposedly secret data to public is what made it effective. If Assange had tried to undermine the secret making apparatus of the power structure in secret, he would have been just another terrorist (and maybe dead)

I could go on, but my point is that I think what Assange is promoting here is pointless. I can't even conceive of how private keys could be distributed to a large network without being easily compromised. I would love to hear some of you smarter folk comment on this.


1) It's a predictive argument

We might be there already.

2) Glorification of the past

I don't think so. More like a broken promise.

3) The increased transparency brought on by the internet is a good thing. ,I'm glad Petraeus got his ass busted

That's just disingenuous. The secrets that really matters about military operations are not public in any way, while you are happy because this guy gets caught cheating his wife. Meh.

4) There is no way the public at large is going to start encrypting their communication.

Oh, that's a predictive argument. Make something usable and we'll see.

5) The benefits created by network effects will be significantly diminished by introducing private encryption.

So that networks effects are more important that freedom, aren't they?

6) Efforts at resisting tyranny can be demonized, and crushed, more readily if conducted in secret.

Sorry, that's total nonsense.


I can see how you can think I'm being disingenuous on point three, let me expand a bit. I'm not glad he got busted for cheating on his wife just because. My point is that the military uses propaganda, spread through the mainstream media, to further it's agenda (which I think is bad). Petraeus' image as a straight shooting, old school, unimpeachable hero type was used as a cover for the morally unsavory aspects of our recent wars. It just happens that he was brought down by a very human indiscretion which was revealed through the use of an insecure network.

It illustrates that the indiscriminate sharing of information on public networks gives increased transparency into the lives of people, including the rich and powerful. Even if they know how to cover their tracks, they can be exposed through the insecure practices of "civilians" with whom they interact.

Something that Assange doesn't quite address in the excerpt is that not only do people not care about about secure communications, they actually want their personal information on the "public" web. Most people do not have a group of people they would like to communicate with but in a highly secure manner. The exception would be for affairs.

Even people working for companies that have requirements for secrecy need low friction method of exchange of information with larger networks of individuals that they don't know well.

There are negative consequence to this (specifically the ease with which the govt can spy on its citizens, as Assange points out).

But the cost to individuals, and to society, is too high for whatever benefits a widely used "darknet" would have. The value of the internet is connecting large numbers of people who are engaged in the various life activities that people do. It is not compatible with secure networks. The porousness is a feature not a bug.

I mean really, what sort of activities would an average person find it useful to use a secure network for? Illicit, illegal, or insurgent. Not a real high demand for this.

FWIW, I think what Assange has done with Wikileaks is heroic. I just think his vision of a sort of private internet is impossible. It would have to be based on "insiders" and "outsiders," a sort of division in the population. Those sorts of division are only maintained through nasty applications of "real life" power as far as I can see.


I mean really, what sort of activities would an average person find it useful to use a secure network for? Illicit, illegal, or insurgent. Not a real high demand for this.

I think that that's our fundamental point of disagreement. Demand doesn't follow needs at once because people still doesn't know what they need. But they will. Cases like Petraeus' will contribute to raise awareness.

Also sometimes people tend to use at home what they've learned to be useful at work. Increased security in companies could contribute to the success of an easy-to-use product.

More: piracy, people living under tyrannic regimes, cheaters, etc.


Assange certainly has a flair for the dramatic... but he doesn't understand encryption.

http://www.zdnet.com/blog/btl/wikileaks-insurance-file-decry...

Wikileaks has distributed AES encrypted files that it claims are full of government secrets. They have withheld the information needed to decrypt some of those files ( although some keys have leaked from wikileaks, oddly enough) as a deterrent to persecution by governments. There's just one minor problem... This is effectively publication with delay, and it forces governments to go after them hard rather than deterring them.

AES is based on computationally difficult to crack algorithms. If you assume there will be no advances in algorithms, no new types of computers, no weaknesses found in the implementation of AES, etc. then it will take a comfortingly long period of time for these files to be cracked. These assumptions are bad. Cracking algorithms are advancing rapidly. It is astronomically improbable, but not impossible that someone could come up with an efficient algorithm for factoring tomorrow that would render all factoring-based cryptography impotent overnight. The prospect of quantum computing on the horizon also places a time limit on how long these files can remain secure.

When you commit secrets to a current form of encryption based on computationally difficult problems and distribute the cypher text broadly, you have effectively published those secrets with an unknown delay.

This is why governments want Assange so badly. He's not keeping secrets to deter them, he's publishing them with a delay because he doesn't know what the heck he's doing when it comes to encryption. If he used a one-time-pad (Vernam cipher) and kept the key on his person he'd be in a far better position, but he's apparently too stupid to do this. How do you use a one-time pad?

Cipher = message XOR key (XOR = exclusive OR)

10110101... (secret message in binary)

11010111... (true random key)

--------

01100010... (ciphertext)

For this to work, Assange would have to distribute the ciphertext and keep the random key secret, perhaps on a USB key around his neck. This method of encryption has been mathematically proven to completely secure provided the key is truely random and not from a pseudo-random number generator. True random number generators can be bought for relatively cheap these days. If Assange had encrypted the files this way they would be safe from any cryptographic attack, safe from quantum computers, or anything else out there. For all time. The only thing that could unlock these files would have been his USB key. Obviously, this is not a convenient method for online transactions, since transmitting the secret gives eavesdroppers all they need to decode the ciphertext. However, for the use Assange has been putting AES to, one-time pads are perfect.

Why didn't Assange use a one-time pad? The only answer can be that, for all his bluster, he remains utterly ignorant of how encryption works. Thanks to his ignorance the governments of the world have a vested interest in taking him down. Even if someone else picks up where Assange left off, hopefully that someone will understand how encryption works.


So Assange, who has actually developed part of Truecrypt, doesn't understand encryption. In that case I wonder what the rest of the tc team is smoking to let him contribute :p

The use of AES is clever. It will be crackable at some point in the future for sure - everyone knows this. I'd be willing to put 20 bucks on NSA already having cracked it anyway, even if that makes me one of those tinfoil hat types, but that would make no difference to Wikileaks - in fact it probably plays into Wikileaks' hands.

The fact that the insurance file probably -will- be cracked at some point in the future means that the information will ultimately be public. Perhaps this encourages more prompt action against Assange but it's a matter of weighing up this risk with the perhaps higher priority of eventually releasing the information - even if every mechanism of distributing the key in case of emergency fails, it will be cracked ONE day. I think this strategy is easily plausible enough.

One could claim that Assange's strategy is poor - certainly being under house arrest hasn't been empowering - but saying Assange is ignorant of encryption is ridiculous.


Hell, it would not have even been a bad idea for Assange to send them a copy of the key when he initially released the insurance file. If the insurance file has anything of substance, it would work better if they know what is in it. Giving them the key would be giving them proof that you are not bluffing.


To anyone reading this, please note that while some of beloch's points are valid, the analysis of AES and the breakability thereof is not. While it's true that at some point it's likely that AES will be broken, it's also true that at some point our solar system will be destroyed.

OTP is theoretically unbreakable, but that would require a key that is as long as the ciphertext, at which point Mr Assange can just keep the data on the USB stick around his neck.


Yeah, the whole point of distributing huge "insurance" data in an encrypted form is that the key is tiny. It's possible to maybe censor distribution of a 10GB file, at least generally, but it would be exceedingly difficult to prevent distribution of a 128-256 bit key. Literally you could shout it from the rooftops.

Nothing remains sensitive forever. It's likely everything in the "insurance file" would be public and mainly of interest to historians in 50-100 years, even without Assange. Most sensitive information in government ceases to be sensitive once everyone involved in the decision-making process is dead, and almost all of it is only operationally sensitive or for the lifetime of a piece of technology or particular source.

I mean, if we found out incontrovertible proof about the USS Maine or Gulf of Tonkin being engineered casus belli, who would really care?


It may be sensitive, but have you ever tried to put in an FOI request for anything. The entire process is marred by bureaucracy. Wikileaks would have a role to play even if there were no classification system. Don't underestimate how hard it is to get a good historical record :-)


I actually supported Wikileaks (and thank god didn't donate!) back when they were publicizing public-but-not-popular information, like about corporate malfeasance, public government documents, etc. Which is partially why I'm so pissed at Julian Assange for hijacking it into a largely anti-US agenda. ("Collateral Murder" had a really obvious spin when released, which was intentional; if they'd just dropped the video without commentary it would have been much more defensible.) Obviously I'm also against the illegal disclosure of any sensitive or classified government data; the correct recourse for someone like PFC Manning is to bring issues up through the chain of command, and if that fails, to the IG, and failing that, to Congress or the judicial system.


"if they'd just dropped the video without commentary it would have been much more defensible."

Have you seen the video? It has no commentary. It has subtitles. It has title screens. No commentary. https://www.youtube.com/watch?v=5rXPrfnU3G0

And how does that video have an anti-US agenda? It's recorded by US soldiers, it's illuminating a particular act on a particular day.

I think the public has a right to know, history has a right to know what goes on in Iraq.


The problem with one-time pads, is that they require a password with the same length as the data you want to encrypt. That mean, if you don't pre-distrubute the key as well, you are in the same boat as if you don't distribute anything at all. To give everyone the one-time pad key, its the same trouble as sending the actually data unencrypted to everyone. As a threat value, pre-releasing xor'ed data has exactly zero value.

One could suggest that he could use something semi-random but well published information instead of random generated blob for a one-time pad. Earth rotational speed, stock market numbers, intensity of the sun radiation comes to mind. In that case, the password would be the exact dates to take data from, something that could be spread faster than gigs of data. The problem with this is, as soon people start to use it, people would start testing those data to decrypt with, and the key-size essentially becomes the size of time ranges of existing data.


True.

A one-time pad as a consumer encryption has yet to be realized though, even though the programming effort needed to create a system like this is low. It's even easier to use such a system in todays world of 64 GB USB drives. (64 GB could be used as a key for almost a life-time of text correspondance.)

What the public would benefit from is a system that works as follows:

- Program has a create key mode. Lets you specify key size, or use the rest of the capacity (eg. a full thumb stick).

- Creates two of these files (one for each participant).

- Has a simple interface for encrypting/decrypting content based on the key file.

- Each message is prefixed with the offset of the file

- Party 1 starts at the beginning of the file. Party 2 at the end of the file. In order to avoid resending data using the same offset. When they get close to overlapping in the middle, they create a new key.


> AES is based on factoring.

And you say _he_ doesn't understand cryptography?


I'm not in classical crypto, so I occasionally mess up and call algorithms based on computational difficult "based on factoring". The end result is the same though. Publication with delay.


RSA and AES are wildly different animals. You break RSA by factoring very large numbers. Currently this is done with GNFS, which is steadily improving. Theoretically, it may also be possible to do it much faster. Nobody brute forces RSA.

In order to crack AES though you need to either brute force it (which you will never do. Not that many bits, just forget about it.) Or you need a cryptanalytic attack that allows you to do it with reasonable computation and memory complexity. An attack that is currently unknown.

But surely such an attack could conceivably appear.. so what is the difference? The difference is that while RSA is a ticking clock (worse case scenario: slap on another ~256 bits to "factor-able" every 5 to 10 years), AES is only a ticking clock in the sense that we cannot rule out the possibility that one day it may start to tick.

If anyone in the world can crack AES, or will be able to crack AES anytime soon, it's the NSA, And it does not matter to Assange if they can crack it (unless the entire insurance file is a bluff).

AES was and is absolutely the correct choice for an insurance file. (I believe this is about when tptacek steps in, correctly calls me an idiot, and points out that another symmetric key cipher is a better choice.)


[deleted]


s/worst/best/

I meant worse in the sense of slowest progress. The slowest RSA is going to continue to degrade is pretty much the standard that it has been doing so consistently. Bad wording on my part.


The NSA doesn't use code it can't crack...

AES is broken on-the-fly now.

Even if information is encrypted. They now just store EVERYTHING indefinitely until they can crack it.

Makes you wonder if in the future, when they crack your encrypted content if your grandchildren will get a visit...

The nazi's did that kind of thing too...


> If he used a one-time-pad (Vernam cipher) and kept the key on his person he'd be in a far better position, but he's apparently too stupid to do this. How do you use a one-time pad?

A 1.4 GB key... Yeahhhhhh, very practical.

edit: and btw I hope you're also confident on the quality of your RNG to output 1.4 GB of random bytes.


I don't get it. You seem to be inferring that it's impractical to store a couple of gigabytes on your person.


I've changed my mind.

The problem isn't with storing that 1.4 GB, it's with distributing it quickly to very many people.

Something much smaller is just a copy-pastable string that'll find its way into Wikipedia edit summaries or onto t-shirts or whatever.


It is difficult to store a couple of gigabytes, withstand a potentially intrusive search incident to arrest or intelligence action (i.e. on the Gulfstream, wearing a hood...) without that data being found or destroyed or removed from your control, and then widely disseminate that information while held in detention, potentially incommunicado, etc.


a) No one time pad is used, because that would make the whole point of publishing the encrypted blob pointless in the first place. The point of publishing it is that the key could be published very easily in an emergency, e.g. using a tweet. If the one time pad key has to be published, he could just keep the data to himself and publish it unencrypted later. Pretty pointless.

b) The argument about deferred encryption may be correct. However this is not related to the relations between Wikileaks and any government. (The argument may also be wrong. It could turn out that decrypting AES is still hard even in 100 years. In any case it is likely to be safe until the data is de-classified anyway.)


Distributing a OTP encrypted ciphertext ahead of time doesn't accomplish anything because the ciphertext can be translated into any plaintext you want by choosing the correct key.


A practical demonstration of this BTW (in scala):

  def otp(s: String, key: String): String = {
    def base64decode(s: String): String = {
      new String(new sun.misc.BASE64Decoder().decodeBuffer(s))
    }
    def xor(a: Char, b: Char): Char = (a ^ b).toChar

    val s2 = base64decode(s)
    val k2 = base64decode(key)

    val sb = new StringBuilder()
    for (i <- 0 to s2.length - 1) {
      sb.append(xor(s2(i), k2(i)))
    }
    sb.toString
  }

  val ciphertext = "LQcGRC0HFR4ME0sjHhkOHBVSGB0ZGhIcWRUPQgsNFkYIHwdE"

  val key1 = "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXphYmNkZWZnaGlq"
  val key2 = "eW9jZF5vemoscCpOezlobno/OGlxfzJ7K3R8MXItfShnaGtq"

  otp(ciphertext, key1)
  otp(ciphertext, key2)
So releasing the ciphertext into the wild accomplishes nothing.


Did you just s/RSA/AES/ ?

And you are suggesting he use a OTP?

Assange is not the one that does not know anything about cryptography here.


You're talking about the Insurance Files, right? Why would Assange give a toss if the government decrypted that? Its their stuff in the first place. Also, the Insurance Files were an exception to the way Wikileaks usually did business, not a demonstration of their typical use of encryption.

What use would a one-time-pad be with the only key around his neck when he got arrested? He needed a dead-mans-handle type arrangement.

There are lots of things that can be claimed about Assange, but claiming that he doesn't know encryption is not one of them.

ref: http://en.wikipedia.org/wiki/WikiLeaks#Insurance_files


so the purpose of the whole scheme is so that you can publish a very small amount of information that would decrypt the entire blob. a key has these properties.

the 'key' in this case would be a multi-gb random document. how do you publish this quickly?


Your politics is broken too. Publishing with a delay would mean "no use going after wikileaks, it's already out there". Keeping the key would mean "if we close them down, it's over". Given the delay to crack AES might be far longer than it takes stuff to emerge anyhow as declassified obsolete history, that's as good as keeping the key. And they have gone after wikileaks.


[deleted]


The OTP idea is incredibly idiotic. It is functionally no different than not releasing the insurance file at all, and just claiming that you will release it in the future.

I am frankly stunned this isn't downvoted to oblivion already. I guess people really just like hearing that Assange is dumb.


ANU claims to have a quantum number generator available over the internet for free http://qrng.anu.edu.au/index.php Interfaces in several languages already available, including an F# interface I published yesterday https://github.com/jackfoxy/RandomBitsSolution I'm not qualified to judge the efficacy of the ANU generator, but I suspect it is good.


Thanks for that; good sources of random numbers are always appreciated.


3 <- chosen by fair dice roll


Assange is very aware of Rubber hosing

http://en.wikipedia.org/wiki/Rubberhose_%28file_system%29


In your scheme, the random key is as large as the message. It would be pointless to publish the ciphertext.


If someone figures out how to crack AES or how to factor very efficiently, leaks will be the least of our problems.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: