#121
e:
yasha levine has a good new piece about how a lot of funding for privacy/'hacktivist' software projects is not just coming from the USG but actually being channeled through Radio Free Asia

http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/ posted:

Here’s a small sample of what the Broadcasting Board of Governors funded (through Radio Free Asia and then through the Open Technology Fund) between 2012 and 2014:

  • Open Whisper Systems, maker of free encrypted text and voice mobile apps like TextSecure and Signal/RedPhone, got a generous $1.35-million infusion. (Facebook recently started using Open Whisper Systems to secure its WhatsApp messages.)
  • CryptoCat, an encrypted chat app made by Nadim Kobeissi and promoted by EFF, received $184,000.
  • LEAP, an email encryption startup, got just over $1 million. LEAP is currently being used to run secure VPN services at RiseUp.net, the radical anarchist communication collective.
  • A Wikileaks alternative called GlobaLeaks (which was endorsed by the folks at Tor, including Jacob Appelbaum) received just under $350,000.
  • The Guardian Project — which makes an encrypted chat app called ChatSecure, as well a mobile version of Tor called Orbot — got $388,500.
  • The Tor Project received over $1 million from OTF to pay for security audits, traffic analysis tools and set up fast Tor exit nodes in the Middle East and South East Asia.


In 2014, Congress massively upped the BBG’s “Internet freedom” budget to $25 million, with half of that money flowing through RFA and into the Open Technology Fund. This $12.75 million represented a three-fold increase in OTF’s budget from 2013 — a considerable expansion for an outfit that was just a few years old. Clearly, it’s doing something that the government likes. A lot.

#122
i feel like it would be best if people started putting "secure" and "encrypted" in scare quotes all the time
#123
[account deactivated]
#124
has anyone come up w/ a good rebuttal to "the internet was built with US military funding too"?
#125

HenryKrinkle posted:

has anyone come up w/ a good rebuttal to "the internet was built with US military funding too"?

yeah when they flew planes into the wtc

#126
http://www.veteranstoday.com/2015/02/10/pravda-putin-threatens-to-release-satellite-evidence-of-911/
#127

swampman posted:

HenryKrinkle posted:

has anyone come up w/ a good rebuttal to "the internet was built with US military funding too"?

yeah when they flew planes into the wtc


lol

the serious answer is that the DOD funded the early development of the internet but the protocols are all open, there is by all accounts nothing nefarious built in because they are simply a set of platform-agnostic communication standards, and they have been administered by an independent international organisation since 1993 http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force

#128
http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/
#129

gyrofry posted:

http://arstechnica.com/security/2015/01/nsa-official-support-of-backdoored-dual_ec_drbg-was-regrettable/


well yeah, NSA involvement in the crypto group is kind of a separate issue tho.

#130

Petrol posted:

swampman posted:

HenryKrinkle posted:

has anyone come up w/ a good rebuttal to "the internet was built with US military funding too"?

yeah when they flew planes into the wtc

lol

the serious answer is that the DOD funded the early development of the internet but the protocols are all open, there is by all accounts nothing nefarious built in because they are simply a set of platform-agnostic communication standards, and they have been administered by an independent international organisation since 1993 http://en.wikipedia.org/wiki/Internet_Engineering_Task_Force

well sure yes no one is saying "TCP is 0wned by nsa!!11", i think it's more that it seems preposterous to think that a decentralized communication system which was inspired by cold-war-era nuclear war fears didn't catch the full attention of cold-war-era spooks immediately once it became a reality. it would have been prohibitive to do any surveillance right out of the gate but the eye of the establishment would have been on it through its entire development. even the FBI, which seems to be the fumbling clown of the intelligence agencies, had its own surveillance systems in place by at latest the early 90s. internet techs were coming to fruition at the same time as all sorts of crazy shit, counterintelligence was fucking everywhere. i would find it very difficult to believe there hasn't been some usg arm fucking around in the back wires of the internet for decades

#131
http://www.spiegel.de/media/media-35661.pdf

i think this is where the hard drive firmware hack story broke out of. is worth it just for the project names
#132

Bablu posted:

http://www.spiegel.de/media/media-35661.pdfi think this is where the hard drive firmware hack story broke out of. is worth it just for the project names



this is relevant to the firmware thing but the solid proof of firmware hacks was from a kaspersky report on actual malware they had disassembled ( http://25zbkz3k00wn2tp5092n6di7b5k.wpengine.netdna-cdn.com/files/2015/02/Equation_group_questions_and_answers.pdf ). this doc basically just shows that nsa was soliciting interns to produce these hacks as a project five years ago or whatever

e. to be clear this was def nsa i just read this stuff obsessively and like to understand Context

Edited by cutie ()

#133
email me at this webzone if you would like a pizza roll
#134

Bablu posted:

http://www.spiegel.de/media/media-35661.pdfi think this is where the hard drive firmware hack story broke out of. is worth it just for the project names

wow, i haven't seen this before. phew

also, KIRKBOMB

#135

Petrol posted:

e:
yasha levine has a good new piece about how a lot of funding for privacy/'hacktivist' software projects is not just coming from the USG but actually being channeled through Radio Free Asia
http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/ posted:
Here’s a small sample of what the Broadcasting Board of Governors funded (through Radio Free Asia and then through the Open Technology Fund) between 2012 and 2014:

Open Whisper Systems, maker of free encrypted text and voice mobile apps like TextSecure and Signal/RedPhone, got a generous $1.35-million infusion. (Facebook recently started using Open Whisper Systems to secure its WhatsApp messages.)
CryptoCat, an encrypted chat app made by Nadim Kobeissi and promoted by EFF, received $184,000.
LEAP, an email encryption startup, got just over $1 million. LEAP is currently being used to run secure VPN services at RiseUp.net, the radical anarchist communication collective.
A Wikileaks alternative called GlobaLeaks (which was endorsed by the folks at Tor, including Jacob Appelbaum) received just under $350,000.
The Guardian Project — which makes an encrypted chat app called ChatSecure, as well a mobile version of Tor called Orbot — got $388,500.
The Tor Project received over $1 million from OTF to pay for security audits, traffic analysis tools and set up fast Tor exit nodes in the Middle East and South East Asia.


In 2014, Congress massively upped the BBG’s “Internet freedom” budget to $25 million, with half of that money flowing through RFA and into the Open Technology Fund. This $12.75 million represented a three-fold increase in OTF’s budget from 2013 — a considerable expansion for an outfit that was just a few years old. Clearly, it’s doing something that the government likes. A lot.



read this article

#136
It's probably worth noting that unlike Tor, I2P is entirely volunteer-run and has not received any (known) USG funding.
#137
you can't make me read anything
#138

Petrol posted:

http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/ posted:

Here’s a small sample of what the Broadcasting Board of Governors funded (through Radio Free Asia and then through the Open Technology Fund) between 2012 and 2014:

  • Open Whisper Systems, maker of free encrypted text and voice mobile apps like TextSecure and Signal/RedPhone, got a generous $1.35-million infusion. (Facebook recently started using Open Whisper Systems to secure its WhatsApp messages.)


haha glennnnn greenwald's blog just pimped the new version of signal. nary a word about where moxie & co get their money from https://firstlook.org/theintercept/2015/03/02/signal-iphones-encrypted-messaging-app-now-supports-text/

#139
the CIA released that story to make us afraid of using Signal.
#140
CIA: We get signal.
#141
if the control rooms in modern DoD/intel communities are based on star trek i cant wait to see the ones based off of zero wing
#142

c_man posted:

if the control rooms in modern DoD/intel communities are based on star trek i cant wait to see the ones based off of zero wing


you won't be laughing anymore when you see CATS, the covert anti-terrorist surveillance system

#143

Urbandale posted:

.custom274628{color:#000000 !important; background-color:#EB9BA8 !important; }Petrol posted:e:
yasha levine has a good new piece about how a lot of funding for privacy/'hacktivist' software projects is not just coming from the USG but actually being channeled through Radio Free Asia
http://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/ posted:
Here’s a small sample of what the Broadcasting Board of Governors funded (through Radio Free Asia and then through the Open Technology Fund) between 2012 and 2014:

Open Whisper Systems, maker of free encrypted text and voice mobile apps like TextSecure and Signal/RedPhone, got a generous $1.35-million infusion. (Facebook recently started using Open Whisper Systems to secure its WhatsApp messages.)
CryptoCat, an encrypted chat app made by Nadim Kobeissi and promoted by EFF, received $184,000.
LEAP, an email encryption startup, got just over $1 million. LEAP is currently being used to run secure VPN services at RiseUp.net, the radical anarchist communication collective.
A Wikileaks alternative called GlobaLeaks (which was endorsed by the folks at Tor, including Jacob Appelbaum) received just under $350,000.
The Guardian Project — which makes an encrypted chat app called ChatSecure, as well a mobile version of Tor called Orbot — got $388,500.
The Tor Project received over $1 million from OTF to pay for security audits, traffic analysis tools and set up fast Tor exit nodes in the Middle East and South East Asia.


In 2014, Congress massively upped the BBG’s “Internet freedom” budget to $25 million, with half of that money flowing through RFA and into the Open Technology Fund. This $12.75 million represented a three-fold increase in OTF’s budget from 2013 — a considerable expansion for an outfit that was just a few years old. Clearly, it’s doing something that the government likes. A lot.

read this article


it is actually entirely possible that the us gov cares more about regime change than internal US security and funding these things makes sense. it is hypocritical of the people running these services tho and scary, but i would still say them receiving gov funding doesn't mean theres a CIA backdoor. anyone using tor already knows that the CIA could put effort in and setup a malicious onion or whatever to man-in-the-middle them

#144
fwiw spooks (or at least gchq) use tor internally
#145
malicious onion is the name of my piece of shit band, and yes we do wear diapers
#146

chickeon posted:

malicious onion is the name of my piece of shit band, and yes we do wear diapers


#147
[account deactivated]
#148

cars posted:

not a lot of people know this but russia passed a law recently saying russians' digital personal data has to live on servers within russia's borders, directly following what morozov says about going against the Brussels line and establishing centers that can be controlled before you try to control them. the reason not a lot of people know about that is because it will be a cold day in hell before an american internet company cares what the government of russia says it can or can't do.



followup:

Smartphone users in Russia can no longer download the LinkedIn app on iPhone or Android devices, following a similar move in China to block The New York Times app on iPhones.

The demand by Russian authorities to remove LinkedIn in Apple and Google app stores comes weeks after a court blocked the professional networking service for flouting local laws that require internet firms to store data on Russian citizens within the nation’s borders.



the next paragraph in this article is so dogshit crazy even for the NYT that i'm not going to post it here because people will think i'm trying to rip off tpaine's article edits.

#149

cars posted:

the next paragraph in this article is so dogshit crazy even for the NYT that i'm not going to post it here because people will think i'm trying to rip off tpaine's article edits.



i was going to give you shit about having to make me/everyone click through but you weren't exaggerating. the distance between that paragraph and the one preceding is amazing lol

#150


also

“Apps are the new choke point of free expression,” said Rebecca MacKinnon, who leads a project on open internet tracking at New America.



What a bunch of pandering horseshit, who the fuck are these New America dweebs?

$1,000,000+ donors include the Ford Foundation, notorious spook vehicle.

$250,000–$999,999 donors is a long list including Google, Microsoft, a grab bag of neoliberal vanity Foundations and think tanks, Radio Free Asia, and oh yeah the United States Agency for International Development and US Department of State.

So New America, is in fact, just America.

#151
fortunately the hacker has already figured out a way around the Roskomnadzor


https://meduza.io/feature/2016/09/15/roskomnadzor-zablokiroval-moy-lyubimyy-sayt-chto-delat
#152
Radio Free Asia is like the Legion of Doom of Yasha Levine's book about Tor
#153
i didn't notice it at first but that next paragraph in the NYT story also lets you know that the writer didn't mention china ditching the NYT phone app at all in the first draft of the story ("governments", plural, "that censor its", singular, "citizens"). so the writer either put it in themselves or was told by an editor to put it in. so the analogy ends up as tortuous nonsense but lets them advertise their phone app, lol
#154

shriekingviolet posted:

notorious spook vehicle



great username

#155
lol

“Apps are the new choke point of free expression,” said Rebecca MacKinnon, who leads a project on open internet tracking at New America.

#156
Apples are the dietary choke point of waistline expansion
#157
Not the first necromancy of this thread for 2017 but it seemed like the best place to put this - in light of recent smears of Kapersky, that it is effectively a tool of the Kremlin to gain a spook foothold in sensitive US networks, more responsible and technically literate outlets have taken notice of new leaks that confirm CIA abuse of fake Kapersky certificates to cover their tracks when hacking sensitive targets:

https://www.theregister.co.uk/2017/11/10/cia_kaspersky_fake_certs_ploy/ posted:

The CIA wrote code to impersonate Kaspersky Labs in order to more easily siphon off sensitive data from hack targets, according to leaked intel released by Wikileaks on Thursday.

Forged digital certificates were reportedly used to "authenticate" malicious implants developed by the CIA. Wikileaks said:

Digital certificates for the authentication of implants are generated by the CIA impersonating existing entities. The three examples included in the source code build a fake certificate for the anti-virus company Kaspersky Laboratory, Moscow pretending to be signed by Thawte Premium Server CA, Cape Town. In this way, if the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated.



Eugene Kaspersky, chief exec of Kaspersky Lab, sought to reassure customers. "We've investigated the Vault 8 report and confirm the certificates in our name are fake. Our customers, private keys and services are safe and unaffected," he said.

Hackers are increasingly abusing digital certs to smuggle malware past security scanners. Malware-slinging miscreants may not even need to control a code-signing certificate. Security researchers from the University of Maryland found that simply copying an authenticode signature from a legitimate file to a known malware sample – which results in an invalid signature – can result in antivirus products failing to detect it.

Independent experts reckon the CIA used Kaspersky because it's a widely known vendor.

Martijn Grooten, security researcher and editor of industry journal Virus Bulletin, said: "The CIA needed a client certificate to authenticate its C&C comms, couldn't link it to CIA and used 'Kaspersky', probably just because they needed a widely used name. No CA hacking or crypto breaking involved. Clever stuff, but not shocking. Not targeted against Kaspersky."


that last part is a rather generous interpretation tho lol

#158
i got viciously dragged recently on facebook because i called pussy riot a bunch of spooks and all the younger millennials only associate it with the racist connotation or stirner lol oops
#159
how many copies has disciplines novel sold lately
#160

aerdil posted:

i got viciously dragged recently on facebook because i called pussy riot a bunch of spooks and all the younger millennials only associate it with the racist connotation or stirner lol oops


i dont really think of todays youth as being 'into' stirner to be honest