Nicholas Knouf on Mon, 13 Dec 2010 18:12:17 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: <nettime> Wikileaks and spam

Hash: SHA1

On 12/13/2010 07:25 AM, John Young wrote:
> After an outcry of betrayal of the trust of Tor, and Tor's own tut-tut
> to keep its gaping security quiet, WL dropped that ad of the 
> daring hacker outlaw campaign but several recent news reports 
> continue to recycle it. 

Tor's "gaping security" is an inevitable effect of the current
configuration of the internet, where the exit nodes need to take packets
from the Tor network and pass them onto hosts on the Internet.  To fix
this would require re-engineering everything, and probably with worse
results, given that the "re-engineering" that the US currently wants
would require personal attribution at the level of individual packets.

Also, using end-to-end encryption through the Tor network (such as SSL
or PGP) will likely keep the contents of your packets safe, assuming
that there don't exist some magical computers somewhere that can factor
numbers that are currently estimated to require many times the age of
the universe to complete.  You're already using this kind of encryption, no?

> Malware in the Wikileaks releases is a provocative suggestion.
> Certainly the technology for that is readily available and the practice
> obligatory, usually as a "security feature," sometimes called
> a hash or cookie or watermark or copyright-tracker or privacy
> protection. Wait a minute, did you say privacy protection. Get out
> of here, Demosthenes, there exists nonesuch except self-throttling.

Have you actually looked at the contents of the mirror file itself?  I
have, and I direct you to the list of files within it:

HTML files, some PNGs, GIFs, and JPEGs, an .htaccess file to do a local
redirect, some CSS, and an archive file with torrents.  Web programming
101: cookies and sessions require a server-side language such as PHP,
Perl, Python, or Ruby.  Cookies _cannot_ be set otherwise.  Could there
conceivably be some sort of stenographic tracking within one of the
image files?  Perhaps.  But what purpose would it serve, given that web
server logs already contain more than enough data that can easily be
correlated with other sources to track users?

Please pay attention to the materiality of the network and the data
before spreading more FUD.

Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info:
#  archive: contact: