[cryptography] Snowden Comsec Is Stupefying

coderman coderman at gmail.com
Sun Oct 20 20:53:03 EDT 2013

On Sat, Oct 19, 2013 at 5:37 AM, John Young <jya at pipeline.com> wrote:
> It is not either dribble / or "dump" as favored outlets are
> pontificating,...
> Both: provide the documents in a publicly accessible
> depository as well as narrate their significance...

the latter is always done it seems, when the information is available.
the former, providing "in publicly accessible depository" is the crux.

so there it is: leakers should dump!

> Right now, DocumntCloud provides this depository, holds
> over 400,000 documents provided by "authenticated"
> journalists...
> http://www.documentcloud.org/public/search/

amused by your recent Twain discovery:
"We are of the Anglo-Saxon race, and when the Anglo-Saxon wants a
thing he just takes it!"

the more things change, the more they stay the same... ;)

> What is annoying for the special purpose of this honorable
> list of understatement is the braying about encryption as if
> that is now mandatory PR to show comsec responsibility.
> Nothing about the well-known weaknesses of encryption, its frequent
> failures, its backdoors, its extremely misleading marketing,
> its long history of many failures and few successes, its
> use for entrapment and tracking, its customary snake
> oil claims, its recantment by original authors, its cover-up
> by original authors, its hopelessly fuck-up state at the
> present time and crazed efforts to patchwork temporary
> solutions to prop up damaged markets and tattered
> reputations amply demonstrated here and other crypto
> fora, especially the chickenshit one which bans political and
> embarassing topics, therefore most likely populated with
> those deeply and long complicit in commercial and
> governmental exploitation of the public.
> No need to beat the dead horses of Tor, anonymizers,
> OTR, OTP, sekret chats, sneaker nets, black nets,
> key signing parties, key revocations, forgeries,
> impersonations, giant corps and NGOs, use of
> trusted cryptoids to front dubious surefire protection,
> use of bold names to mislead corrective efforts for
> damage they themselves caused, in particular
> misleading Manning, Snowden, Anonymous, LulzSec
> and many others about comsec.

this is a potent criticism. encryption a convenient focus of hardness
while OPSEC weaknesses abound and multiply.

perhaps this is a suitable shibboleth: mention of encryption without
operational cautions an indicator of incompetence; the purveyor worse
than mis-informed - actively harmful!

More information about the cryptography mailing list