externalizing_the_difficult_responsibility_of_censorship.png

Notices where this attachment appears

1. Embed this notice
   pistolero (p@fsebugoutzone.org)'s status on Thursday, 30-May-2024 06:01:29 JST pistolero

   in reply to
   @fluffy @DutchBoomerMan @NonPlayableClown @SarahGation
   
   > I've not seen any documents that describe the sort of lists that spies keep on citizens, but it is unlikely to be something I will find well-engineered.
   
   Have a look at the XKeyscore leak.
   
   > Looking briefly, I see that this was a controversy from 2010. I doubt anything has improved.
   
   Indeed. So at any rate, my security posture does not change based on whether anyone notices it: the idea is to make sure that it works no matter who notices it.
   
   > place too much faith in intsec and deeply underemphasize fundamental security practices such as compartmentalization, discretion, and inconspicuous.
   
   Sure. I'm not banking on owning the unbreakable lock, though, just I think people throw up their hands too often. Someone can jimmy the lock or smash a window, but you lock the car door and you don't leave a pile of money in the seat.
   
   > Discussions are often about Tor, about proxies, but you never hear anyone say to buy a second computer.
   
   Oh, absolutely. But someone says "The ISP is selling metadata" and my response to that is "Use Tor". But as I said about the chudbuds.lol hack, that was caused by Claire and her husband using the same computer for gaming and streaming and all of the legal documents and logging into their Frantech account and everything was on one machine. I think it's good to separate those things, keep some live-boot media handy, keep a machine around that is off so you can clean-room it. If you wanna be super paranoid, the three-letter agencies had taken to intercepting electronics shipments from Amazon (but hadn't thought to get the post office or UPS/FedEx to stop *reporting* it, so people saw the package tracking go to the FBI field office and then back to the distribution center and then arrive at their house, which they have no doubt rectified by now): procuring a computer in person on a whim and paying cash avoids that problem.
   
   > And if you read about cases such as the silk road raid,
   
   Accurate, yes: if I recall correctly, due conducted his business on an unlocked laptop at a library and let someone else get physical access to it. There's no amount of tech that will save you from that.
   
   > there's no point in using Tor if your browser has facebook cookies.
   
   You think they need a cookie?
   
   > I looked briefly online but was not able to find any details, so i hope that you can recall a hint that helps me search for more to read about.
   
   Same XKeyscore dump, nearly every proxy service that promised anonymity got you added to the same list as the people that connected to Tor nodes. I am certain this has not changed substantially, and it's definitely worse. For example, you can be certain that riseup.net, offering a proxy service and email and all sorts of non-host-proof services for left-wing radicals to collaborate, has a 90% chance of being a honeypot, and in the off-chance that it's not a honeypot, it's been compromised. Feds have gone out of their way to avoid disclosing this sort of thing: they have been caught fabricating probable cause to avoid revealing the use of Stingrays, that was in the PRISM leaks. The cozy relationship between Facebook/Twitter/etc. and the feds came to light a couple of years ago, and they cried "The government made us do it!" and then somewhat more recently, this turns out to have been a PR maneuver concocted by the government: https://screamshitter.club/rvl/full/835374c1bfa10895663d4d1c94500049823ea928fb7e9c47b01a6b7f8f07c091 . Here's a screenshot with the relevant part, and hey--there's a picture of Drand @ techhub.social, the guy that got caught scraping the shit out of fedi five months ago. What are the odds?
   
   It's not just the US government, either: Germany's BND was slapped by their courts for conducting widespread surveillance on foreign journalists, and then required to stop. Almost immediately after that, the BMBF started funding projects designed to combat "extremism": if you fund a project that does what you want done, that turns out to be enough degrees removed that you don't get in trouble there. So the Libsoftiktok dox, that came from Travis Brown's "Hatespeech Tracker", a project proudly funded by the BMBF ( https://prototypefund.de/en/project/hatespeech-tracker/ ). (Incidentally, when he joined the Nazi Party, Hitler was working for the education ministry and his job was monitoring extremists on behalf of the government.)
   
   I can't tell if I'm on a list, so I can't waste time worrying whether or not I'm on a list for using Tor or nmap or whatever: best to figure out if it matters whether I'm on a list of some sort, and in cases where it matters, assume the worst and hedge. I *can* avoid a bunch of MITM-based tracking done by the ISP if I use Tor, so if someone points out that ISPs are now legally allowed to track people and to monetize that data (and if you let them monetize it, they will, so the government can rely on the ISP keeping every byte it can, and the ISP isn't going to push back against the government too hard, so the government can rely on being able to get anything it asks for), then I say "Tor" because that's the solution to that problem.
   externalizing_the_difficult_responsibility_of_censorship.png