Crypto-Autonomist - All Comments

re: Police raid blogger, seize his hardware, data. Are you prepared?

N/A — Mon, 06 Apr 2009 00:10:35 GMT

There are ways to hide your identity online, but I doubt they all work. The Chinese were blamed for hacking into US government computers, but a few months later a London server admin was arrested for the hacking. I say that because the admin was "tracked down", so you will be too in all likelihood. Perhaps keeping your server abroad would help a lot. A local police force would have a harder time tracking you down abroad, but I believe the CIA/FBI could still do it.

re: Microsoft to include NSA backdoor algorithm in Windows Vista SP1

Andrew — Sat, 14 Mar 2009 13:24:26 GMT

Seriously guys? you buy this crap? Microsoft products have had vulnerabilities exploited by hackers since the beginning. THATS WHY YOU HAVE CISCO ASA'S! INSPEC AND SOLICIT EVERY PACKET (NOT AT THE OS LEVEL!!!!) AND YOUR FINE. You conspiracy theorist kill me. You're ammusing none the less though

re: Any interest in crypto services on Mises.org?

Junker — Sun, 11 Jan 2009 00:26:58 GMT

HeroicLife,

imo, it's a good thing to do all around, esp. as a public awareness issue and as an example of a "good public practice". I'd like to see all private messaging go encrypted. You might become a public key server... oh, and PublicID too. :-) ty.

re: Any interest in crypto services on Mises.org?

HeroicLife — Sat, 10 Jan 2009 01:53:41 GMT

Patrik and Patrick:

I am not trying to turn mises.org into any kind of anonymizing proxy or crypto-anarchist central. The Mises Insistute has enough to worry.

I just want to cooperate on some open-source/open-recipe projects and promote good practices.

Even so, we can take some measures to promote security - we can disable logs where appropriate and the mises.org domain does have a SSL cert, so when they are ready, we can publish service to https.

Also, it is my intention to release desktop or browser-based versions of software so the server never sees plaintext data.

re: Any interest in crypto services on Mises.org?

David C — Fri, 09 Jan 2009 21:36:07 GMT

(copied from the libertarian mailing list)

Uhh, I really hope they know what they're doing. First off, if you have digital security, but you don't have physical security then you don't have security. I noticed the link was not https, and the ".com" domain uses US based root nameservers. As it is, it's basically usless for hiding private messages from the involved internet carriers or the US government - unless the message is already encrypted and even then it does nothing to hide the source or recipient. In fact, the false sense of security may do more harm than good.

Also which country is the server in? Which internet carrier does it use? How and who has control over administration? What kind of checks are there? Also, what about local browser caching. IMHO, a web browser is not a good platform for secure messaging unless very careful care is taken about caching, and deletion of memory and files. Anyone watching the IP's (unless it's tor) could go back to the source and retrieve cache. Computers almost never delete files, or memory, only free up the headers. Even if you wipe a disk with zeros, it still leavs a magnetic trace, even if you rewrite a disk with random data, the write heads often change alignment on tracks ... (even though pratically speaking, they would need to take an electron microscope to the tracks ... at a costs over 100K, so in practice they almost never do that)

How will they deal with a court order of a government supoena of records?

In San Diego, there is a service called anonymizer.com that provides anon services, but I always thought it was funny that a private company required a government secrecy clearence for employment? Is that because they want to carefully check the background of their employees, or is it becasue they are helping the feds spy on their customers and cant afford for someone to blab. How would they know it's a valid clearence without government collaberation anyhow?

On the internet, I don't think it's wise for people to assume security or annonimity without great care. I hope they really know what they're doing.

re: Best PGP/GPG software?

gcopenhaver — Sun, 04 Jan 2009 22:15:38 GMT

I've used Enigmail (http://enigmail.mozdev.org/), which is an extension for Mozilla Thunderbird (and Seamonkey), and it seemed relatively simple to use. The only way this will work with Gmail is if you setup Thunderbird to use Gmail's SMTP and IMAP (or POP3) servers, and then you would use Thunderbird instead of Gmail's web interface. I think it requires GnuPG to be installed, but I didn't have to do anything directly with GnuPG (I'm using Ubuntu Linux). This is a little technical, but I think reachable for the average user, if they follow the setup instructions on Enigmail's website, and the server configuration information on Gmail's website.

When I was using Enigmail, it was when I was hosting my own mail server and using Thunderbird regularly. My domain name has since expired, and I now use Gmail for email and have put some thought into possibly using my mail server software to automatically download the messages from Gmail and relay my sent emails through Gmail, and once again use Thunderbird with this setup. I will then be able to get the benefits of using Gmail normally, while also having all of my email stored locally, which can speed up access to my email as well as provide a good backup (in the rare case that something might go wrong at Gmail) and provide access to any potentially important emails, even if my internet connection goes out for a period of time (which might happen a few times a year, but usually isn't a big deal). This is beyond what the average user would do, however.

re: Do you have something to hide?

matt — Sat, 09 Feb 2008 04:19:51 GMT

@navaburo: I use LUKS for full-disk encryption (including the swap partition). It was an option in the Debian Etch installer so I didn't need to configure anything, it was setup automatically.

Of course, there are also other ways to do this. I haven't looked at TrueCrypt, yet.

re: Real privacy requires encryption

Juan — Fri, 08 Feb 2008 23:32:19 GMT

So, Second Life will be just one more police state. Cool.

The government's paranoia machine at work

Crypto-Autonomist — Fri, 08 Feb 2008 18:42:39 GMT

After 9/11, the U.S. government didn't have much trouble blasting away any expectation of privacy

re: TrueCrypt 5.0 is out!

Autonomist0 — Fri, 08 Feb 2008 18:38:46 GMT

"I used to have PGP but now I've switched to TC. I wonder though how secure it is ?"

PGP and TrueCrypt are complementary products. PGP is used for encrypting communications and individual files, whereas TrueCrypt is for encrypting entire disk volumes.

"How can end users who don't know cryptography be sure that it really 'works' ?"

Are you asking whether the algorithm is secure, or whether the implentation in any particular program is secure?

Encryption algorithms become publicly accepted by independent validation by numerous public and private organizations. Algorithms are mathematical formulas, which can be "proven" to be secure. ("Proof" means that the amount of effort necessary to decrypt the message is not practical with available hardware.)

The only way to be sure that a particular implementation of an algorithm is secure is to use one for which the source code is available and has been reviewed by independent security experts.

Real privacy requires encryption

Crypto-Autonomist — Fri, 08 Feb 2008 17:33:07 GMT

Are you using encryption software for all your data and communications yet? If not, are you aware that

re: The State's paranoia machine at work

okvol — Fri, 08 Feb 2008 16:50:03 GMT

What is the end goal?

Fighting terror? No, this is using terror to build more terror. If all terrorism was eliminated, they would need a new enemy to justify their existence.

Track all the internet traffic to find terrorists? This is impossible. The volume would flood any centralized system. But this is closer to the actual driver of this push.

Sell expensive security systems to the US Government? Bingo! The data used is generated by contractors. The laws are being written by corporate lawyers. Interpretation is being done my lobbiests with expensive gifts.

Just like the massive failure of the central database for the FBI, this is another ploy to sell a bad system to the government. Will any useful information be harvested? I doubt it. Will any of our tax dollars be wasted? I expect it.

re: TrueCrypt 5.0 is out!

Juan — Fri, 08 Feb 2008 01:18:28 GMT

I used to have PGP but now I've switched to TC. I wonder though how secure it is ?

How can end users who don't know cryptography be sure that it really 'works' ?

The State's paranoia machine at work

Crypto-Autonomist — Wed, 06 Feb 2008 08:29:05 GMT

After 9/11, the U.S. government didn't have much trouble blasting away any expectation of privacy

The anti-privacy paranoia machine spins up

Crypto-Autonomist — Wed, 06 Feb 2008 08:26:46 GMT

After 9/11, the U.S. government didn't have much trouble blasting away any expectation of privacy