[Noisebridge-discuss] Anti-piracy / anti-Pirate Bay law currently in Congress

Tue Sep 28 07:41:29 UTC 2010

> Wow, you can't trace TOR users? Guess you're not as cool as HD Moore:
>
>
> http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114
>
>
> <http://www.zdnet.com/blog/security/hacker-builds-tracking-system-to-nab-tor-pedophiles/114>
> http://digg.com/news/technology/HD_Moore_cracks_TOR
>
> <http://digg.com/news/technology/HD_Moore_cracks_TOR>As for the rest. Do I
> take you at your word for it? No. Do I beleive you? Sure. Those are actually
> mutually exclusive, unless you're gullible.
>
> I don't intend to write on this topic again. I really don't care to fight
> for "internet anonymity" because in reality, it's a flawed and noble idea
> and doesn't impact me. I really don't think it's important at all, except
> maybe for Pedos, Criminals or people just obsessively fascinated with
> encryption and privacy. I've noticed a lot of people so very obsessed with
> privacy as to miss the point of security and also enable criminal actions.
> That's sad. Maybe I'm a prick or maybe you're an idealist but at this point
> that doesn't matter either. Exploiting TOR to ID a particular user is
> possible (given certain circumstances, especially if it's habitual use I'd
> hazard to guess). The average user that's using TOR and nothing else could
> probably be ID'd so it's not a stretch to say "tor users can be ID'd". Does
> it matter if it exploits what you use with TOR? I personally don't think so.
>  I suppose PGP is still secure too, right? lol
>
> http://blog.crackpassword.com/tag/gpu-acceleration/
>
>  <http://blog.crackpassword.com/tag/gpu-acceleration/>GL
>
> HF
>
> Don't flame. :)
> <http://www.securityfocus.com/news/11447?ref=rss>
> The information transmitted in this communication is intended only for the
> person or entity to which it is addressed and may contain confidential
> and/or privileged information. Any review, retransmission, dissemination,
> copying or other use of, or taking of any action in reliance upon, this
> information, or any part thereof, by persons or entities other than the
> intended recipient, is strictly prohibited and may be unlawful. If you
> received this in error, please contact the sender immediately and delete and
> destroy this communication and all copies thereof, including all
> attachments.
>
>
> On Tue, Sep 28, 2010 at 2:19 AM, Jacob Appelbaum <jacob at appelbaum.net>wrote:
>
>> On 09/27/2010 11:04 PM, Thomas Stowe wrote:
>> > Wow, the only assertion I made was that TOR is compromised and you
>> basically
>> > just told everyone to completely ignore what I've said.
>>
>> What do you base your assertion on? It sounds like FUD to me and so
>> based on that alone, yeah, I'd suggest people not listen to you on this
>> topic.
>>
>> > Look, I know you're
>> > passionate about TOR and that's great - you guys made a really cool
>> suite of
>> > software but don't take this wrong when I say this because I don't mean
>> it
>> > as a personal slight. You're naive. You think that it's okay to run an
>> exit
>> > node and it's wrong to push people in the direction not to run exit
>> nodes,
>> > even in the case that they will have their computers taken and have
>> charges
>> > pending against them and be forced to spend money out of pocket to
>> promote
>> > anonymity. That's a dream that we all have - no consequences.
>>
>> People can configure their Tor relay in accordance with their risk
>> tolerance. I think that legally, it's pretty safe to run a Tor relay in
>> the USA. I've consulted with lawyers for many years on the topic, I've
>> spent nearly eight years of my life on the EFF legal couch. I think that
>> while I'm not a lawyer, I'm comfortable with the legal risks presented.
>> The DMCA actually has one good thing in it and it provides a kind of
>> safe harbor for network operators. Read the page on this directory
>> authority as an example:
>> http://rgnx.net:443/
>>
>> Also read this:
>> http://www.torproject.org/eff/tor-legal-faq.html.en
>>
>> > The reality is
>> > that things do happen to people and I don't really care if the guy from
>> > Germany became a developer for TOR after he had gone through hell with
>> the
>> > law. The relevant fact is, he did go through hell with the law and
>> everyone
>> > sane looking out for their own survival should consider that not running
>> an
>> > exit node would be and is a good decision. It's stupid to endanger
>> yourself
>> > for a cause that's dead before it's gotten off the ground. Personally,
>> I'm
>> > not going to a privacy-martyr and I don't think anyone else should ever
>> > consider it.
>>
>> Way to fight for what you believe in!
>>
>> > Are you saying that with the TOR code not being compromised
>> > that it equates to saftey?
>>
>> For certain values of safety? Sure.
>>
>> This is a good overview:
>> https://www.torproject.org/overview.html.en#whyweneedtor
>>
>> > Can't TOR developers find users causing problems
>> > or
>>
>> No. That's the entire point. We cannot trace users.
>>
>> > possibly a law enforcement exit-node honeypot set up to be used to catch
>> > users causing problems?
>>
>> If you sniff an exit node, you're not able to trace it back to the user
>> who initiated the connection - that's the entire point of an anonymity
>> system. It's not an empty promise, it's a design of the system itself.
>>
>> > With encryption export laws, current attitudes of
>> > law and requests made to companies and groups dealing in security by
>> > governments, are we wrong to hold the TOR network suspect because we
>> don't
>> > understand or haven't looked at the source code?
>>
>> Yeah, you're wrong for the reasons above and because you haven't looked
>> at how the system works *even a little bit* before making wild
>> statements that are absolutely false.
>>
>> > I believe your statement
>> > regarding that there is no backdoor but I still won't take your word for
>> it
>> > and I honestly don't have the time to look over the code or search for
>> > novel, new exploits that have yet to be found that would reveal TOR
>> users'
>> > identities.
>>
>> What? You just contradicted yourself a few times there.
>>
>> > I didn't state that there is one, I said that there I don't
>> > trust it and there might possibly be one. That's an opinion, logically
>> based
>> > upon other events that are ongoing in global use of the Internet and
>> > technologies. <sarcasm on> But you're right, "TOR anonymity" is more
>> > important than my possible legal fees or spending a week in jail until
>> it's
>> > figured out that it wasn't me accessing whatever it was that I could be
>> > arrested for. <sarcasm off>. But then again because you refuted me by
>> > stating that everything I stated was bullshit and of course you proved
>> your
>> > point by stating you're a TOR dev so you must be right by way of having
>> > authority on the subject. I don't find you to be objective in your
>> > criticism, but "that's only my opinion" based upon you being a dev and
>> how
>> > passionate you seem to be. If I was going to make a claim like "it's
>> > backdoored", I would've posted code to back it up and not speculated
>> based
>> > upon many other things in the world. It's not as if our government were
>> > capable on spying on all of us if they wanted in many ways, is it? :P
>> I'd
>> > say my statements are correct, sane and hold the best interest of TOR
>> users
>> > who might run an exit node first and the EFF and their "campaign for
>> > privacy" second but really showed that I care for both.
>> >
>>
>> What the hell happened to Noisebridge? Are you kids huffing NO2 again
>> near the keyboards?
>>
>> >
>> > I sometimes wonder if people think that poking fun at my signature or
>> > stating that it's idiotic means a damned thing beyond that they were
>> pretty
>> > much mentally masturbating to the fact that they could insult the fact
>> that
>> > I have it in my e-mails. Glad I could help you get off. It's not so much
>> an
>> > ice-breaker to me as one might think as it is a tell of where your mind
>> is
>> > and where you come from that you'd waste energy and time on it.
>> >
>>
>> Wowza; you're a real prick. I wonder if you will even try to understand
>> the things I've linked for you in this "discussion" - it sure feels like
>> a waste of time.
>>
>> All the best,
>> Jake
>> _______________________________________________
>> Noisebridge-discuss mailing list
>> Noisebridge-discuss at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/noisebridge-discuss
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.noisebridge.net/pipermail/noisebridge-discuss/attachments/20100928/3843ad28/attachment-0003.html>