Also remember that Assange seems to be a Russian agent. Oh, really?

So you say: * it doesn't matter we know how you can be spied on or that you can be "serendipitous" killed by a truck or that your "secure" apps that should guarantee your privacy are got around. And it still doesn't matter an organization that should look after the american public interest chooses to hoard zero-days instead of disclosing/plugging them (thus letting the public vulnerable against others). * but it does matter Assange is human (thus imperfect). Quite a twisted logic IMHO, I hope you don't mind if I'm not accepting it. Adrian On Wed, Mar 8, 2017 at 12:23 PM, Russell Coker wrote:

This isn't really news. After Snowden's information this is something most people expected.

https://www.theatlantic.com/politics/archive/2017/01/ assange-man-in-the-news/512243/

Also remember that Assange seems to be a Russian agent. -- Sent from my Nexus 6P with K-9 Mail. _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/ listinfo/free-software-melb

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

On Wed, 8 Mar 2017 01:46:00 PM Andri Effendi wrote:

I think people who dismiss Assange or Snowden as "Russian Agent(s)" are bonkers and have been manipulated by the MSM.

I have never suggested that Snowden is a Russian agent. He merely resides in Russia, there is no evidence of him favoring the Russian government. He only released information about the NSA because that's all he had access to.

I can't believe that such critical information that should be released to the public as part of being a so called "democracy" is seen as making them foreign agents.

I doubt that anyone outside a few of the more extreme members of Congress think that releasing such information makes them Russian agents. Claiming that Russia has a free press is however good evidence of being a Russian agent.

Vulnerabilities in the software that hundreds of millions (if not billions) use every day must be exposed and patched ASAP.

True. I think I've done my share of work in securing Linux systems both directly through working on SE Linux and indirectly through finding bugs in various daemons and applications (often due to SE Linux policy revealing inappropriate things). http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned- from-debian-events-after-sexual-misconduct-charges.html Could you please give us a summary of some of your contributions to Linux security? A quick Google search only turned up the above.

We can't let this Anti-Russia scare nonsense affect critically judging our government.

When wrong doing is exposed, IT must be the center of attention, NOT who revealed it.

Edward Snowden revealed wrong-doing, I and others took it seriously. Since the Snowden revelations lots of things have been done to improve security, including a massive increase in the use of HTTPS and TOR. This latest release by Assange is simply more of the same. Evidence that the CIA is doing things on Android that the NSA was known to do on other platforms years ago is not particularly interesting and doesn't change anything. I think that everyone who read about the Snowden leaks inferred that such things were being done.

Scape goating and saying "it's all russia's fault" without proof is just going to alienate people and will be 100% counter productive.

It's a good thing that I never said it's Russia's fault. But then studiously ignoring what Russia might be doing is also a bad thing. I think it's reasonable to believe that the Russian government has greater capabilities than the North Korean government and therefore they can do more than hack Sony. There are more than a few people who are happy to have the US government monitor them. Convince those people that Russia isn't a threat and they won't be particularly interested in doing anything about such problems.

Don't take "it's russia's fault" with a grain of salt, especially nowadays when it is just being used as a distraction.

That's something that Trump or Palin might say. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

On Wed, 8 Mar 2017 05:12:18 PM Glenn McIntosh wrote:

On 08/03/17 14:14, Russell Coker wrote:

...

True. I think I've done my share of work in securing Linux systems both directly through working on SE Linux and indirectly through finding bugs in various daemons and applications (often due to SE Linux policy revealing inappropriate things).

You'll be pleased to see that selinux gets a few mentions in the CIA leaks :-), particularly in the Android context (eg that it prevents normal installation of their 'RoidRage' malware, and how they get around it).

That's good to hear. Even if they managed to get around it in some cases that still means more work for them and a greater probability that in other cases it will be impossible or too difficult to justify the effort. A recent report on FBI work in cracking phones during criminal investigations suggests that some of the less popular phones can be more secure in practice because the FBI doesn't devote the resources to cracking a phone unless they are going to see it frequently. In cases like this SE Linux increases the work for attackers and reduces the frequency of their attacks.

It is a very different leak to the NSA ones. The NSA ones gave a big picture view of the scope and magnitude of US surveillance, which provided evidence that these agencies were not well regulated (at least in a democratic context). The CIA leaks have the character of random documentation about tools and processes; probably not of as much import in a political sense, but of some interest to people working to secure commonly used platforms.

If there are specific 0day exploits in that collection then that would be useful to fix them. But I doubt that it will turn up anything of long term importance. We know how systems are compromised, the vast majority of people who do such things don't work for secretive government agencies and most of them give exploits away or sell them to other people. It could start a political discussion about what US taxpayers want to pay the CIA to do. But we all know of lots of things that they do that most taxpayers wouldn't support. Due to inertia of large government agencies and political parties spending all their time fighting nothing gets done in that regard. Also the fact that it's revealed in a partisan way doesn't help things, it would be better if it was part of a larger discussion about the things that many governments do (including the Russian government). When organisations like the CIA make accumulating vulnerabilities a priority for offensive use instead of reporting the bugs it helps other countries like North Korea and Russia in their attacks. The US has more to lose from computer attacks than any other countries, their focus should really be on defense.

What is interesting is that different agencies are independently working on ways of attacking computing infrastructure. I guess duplication of effort is the nature of a large bureaucracy.

It's not surprising that they are working independently. They have different missions and as you note there are issues of bureaucracy. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

On Wed, 8 Mar 2017 10:28:33 PM Jookia wrote:

Just popping in to the less political side of the thread, it's nice to see that SELinux gets a few mentions. I still haven't put much effort in to secure my desktop how I'd like it to be done but it might be a good time to do some more messing around to get something I can feel somewhat safe with.

I could give a talk and/or training session on SE Linux as a FSM meeting if there is interest.

Regarding the leaks: There's really not much there unless I missed a huge block of information. It's annoying that some pages are empty but subpages aren't. A few things struck out at me on my brief read throughout the day:

- Most of it is aimed towards end-user devices, such as Windows or Android.

Which is easier to crack? Hundreds of millions of old Android devices that don't get security updatess because the manufacturers make more money selling newer devices, or Google's servers? Also who is more likely to notice a compromise, Google's security team or random Android users? As an aside I don't have root on my Android devices and wouldn't necessarily notice a compromise.

- Most issues come from proprietary and/or popular software. - There's no talk of defeating crypto.

The general consensus of opinion is that defeating crypto isn't a winning move. If you crack an algorithm you get fame and maybe a job teaching number theory at a university. If you crack an implementation you can commit some crimes.

Some things that interested me:

- Win32 programming is top secret. https://wikileaks.org/ciav7p1/cms/page_11629041.html

LOL

Over-classification is an ongoing issue with government security. The punishments for under-classifying data are more serious, it's easier to increase classification level than decrease it, and writing highly classified documents can make you feel important.

- EFI seems to be a really interesting attack vector. https://wikileaks.org/ciav7p1/cms/page_3375460.html

Interesting that they named a device NyanCat.

We all know how terrible EFI is, and if you're not running some version of coreboot on your machine then you should be a little worried about this.

If they gain physical access to your system they can mess with you in other ways, like sniffing the hardware on your keyboard. I think that for everyone here, if the CIA becomes so interested in you that they want to do an EFI based attack you have bigger problems than you can deal with. Making your system resistant to a low-priority drive-by attack or a widespread malware attack is a reasonable goal. Being resistant to a full- scale CIA attack isn't something you can expect to succeed in, at least not if you want to keep using computers in anything like a normal way. Any organisation that can make people disappear is not one that you can fight head on. One thing that works in our favor is that 0day attacks are very valuable. Every time a 0day is used there is a risk of it being discovered and fixed. I expect that no-one here is important enough that the CIA would risk losing a 0day on them. Making your PC resistant to a full scale CIA attack is like making your home resistant to a tank attack. But it's probably more difficult to do.

- CD-ROM based air gap jumping. https://wikileaks.org/ciav7p1/cms/page_17072172.html

It's been a standard thing since MS-DOS days that you should never trust an executable from a system that might be infected.

- Proprietary drivers exploited on Android https://wikileaks.org/ciav7p1/cms/page_11629096.html

There's not much to read, but it's VERY interesting in that a lot of the exploits are related to proprietary drivers and firmware that projects like Replicant seek to remove. For instance, GPU drivers like Adreno or Broadcom's Wi-Fi drivers. These are things people can't update.

http://laforge.gnumonks.org/blog/20160920-openmoko_10years/ This is worth reading. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

On Thu, 9 Mar 2017 07:41:37 AM Jookia wrote:

I don't plan to make my system resistant to a full-scale CIA attack, but I do like having a BIOS that isn't a complete and buggy operating system in itself. I think reducing the attack surface is always a worthy goal.

I agree that reducing the attack surface is good, but I doubt that dealing with BIOS bugs actually achieves that goal. To get to the BIOS an attacker has to either compromise the kernel/acpid or gain physical access to the system. It's well known that there are a variety of ways of intercepting key presses that an attacker could use to get the passphrase to your encrypted filesystems, GPG key, etc after they made a copy of your disk. It's easy to imagine how EFI attacks could be useful in attacking a corporate desktop PC standard running Windows with signed kernel etc. But I can't imagine how it could be the most effective attack against the typical people who are involved in groups like this.

...

http://laforge.gnumonks.org/blog/20160920-openmoko_10years/

This is worth reading.

Yeah, the state of things is really bad. I did the initial port of Replicant 6 to the i9100 last year, so I'm running that on my phone. It works well enough but I still use the compromised wi-fi blobs out of convenience. It's such a headache that at this point I'm considering avoiding using a phone for things other than calls and messages.

It seems to me that one of the biggest factors in developing free software on PCs is the ability to change floppy disks and hard drives between systems. If you mess up the configuration of Linux on a PC you can install that hard drive in another PC to fix it. Phones have images that are specific to the CPU and chipset, you can't boot an image for your Nexus 7 in a Nexus 5 for test purposes. The images are loaded in storage soldered to the motherboard so you can't switch images. If you convinced me that some new Linux distribution was worth trying I could easily install a spare hard drive in one of my PCs and test it out. I can't install a SD card in one of my phones for testing a different Android build. Android is theoretically free software (ignoring the binary driver issue) via the AOSP. But in practice it's too difficult for me to install one of the other versions, and I was using Linux in 1992! -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Hi Russell Coker, "The Debian GNU/Linux project says that former Tor developer Jacob Appelbaum is no longer welcome at its events, after charges of sexual misconduct were levelled against him" The article you are looking at isn't factually accurate. The Title of the Article says that there were 'charges' leveled against Jacob Appelbaum which never happened. There were NEVER any CHARGES laid against Jacob Appelbaum, heck the accusations posted on the "anonymous" blog were never even reported to police. Nor did they ever see the light of day in a court of law. I don't know about you, but I believe in fighting for everyone's rights, not just my own. I don't know what you are getting at here, whether you're trying to sum up my entire contribution to "linux security" by pointing to a miss leading blog written by someone else, who only quotes the written equivalent of sound bites and can't even get the title of his story inline with actual facts. Are you trying to commit character assassination? I don't see how this particular attempt to assassinate my character or credibility is relevant to the original post which was about "WIKILEAKS, Vault 7: CIA Hacking Tools Revealed". I have dedicated hours of my spare time to the Free Software movement and advocating for Privacy and other Human Rights? I have dedicated unpaid volunteer hours spent to provide people with knowledge of how to better protect their privacy online, preserve their documents by switching to Free/Open formats, advocacy against DRM and many other contributions. What gives you the right to demand me to justify my right to speak, by questioning how I contribute to the Free Software community? That is a very low place to go madam or sir. Prove your Russia conspiracy theories. I think that is way more relevant.

I think it's reasonable to believe that the Russian government has greater capabilities than the North Korean government and therefore they can > do more than hack Sony.

You don't have to be an expert to know a state sponsored attack was not necessary for the Sony Leak. Also, that you would never be able to truly pin point the location of such an attack anyway since carrying out an attack using compromised hardware scattered across the globe can mask the origin of the true mastermind. No Proof was ever produced that it was Russia or North Korea. The Sony Hack could have easily been an employee who was not satisfied about their time at sony. It could even be a staged false flag attack from within the US to be used as a pretext for a declaration of war against either of the states you have mentioned "Russia or North Korea". Personally, I would not want to start a war with either Russia or North Korea because of un-proven theories that they were responsible for hacking Sony. The same goes for the DNC leaks, which the western mainstream media and also some western politicians has purported as fact (without proof) that "it was the russians" who leaked the emails. Not only is this ridiculous, but the source of the information is only a distraction from the incriminating evidence of the DNC rigging the primaries against Bernie Sanders. This could have easily been a DNC insider, which Assange has not outright said that it was, but has eluded not only to that conclusion, but also that that person was assassinated. And in fact there was someone in a position to leak such information has actually died not long ago. Julian Assange has eluded to this in an interview. I am not saying that I believe it as fact, because I am a man of my word, I believe in Innocence till Proven Guilty. This will be my last response to you Russell Coker, as I have dedicated my time to promoting software freedom and not responding to trolls who are pulling out the "russia" card whenever they want to distract from incriminating revelations about the US government or our own. Russell Coker:

On Wed, 8 Mar 2017 01:46:00 PM Andri Effendi wrote:

...

I think people who dismiss Assange or Snowden as "Russian Agent(s)" are bonkers and have been manipulated by the MSM.

I have never suggested that Snowden is a Russian agent. He merely resides in Russia, there is no evidence of him favoring the Russian government. He only released information about the NSA because that's all he had access to.

...

I can't believe that such critical information that should be released to the public as part of being a so called "democracy" is seen as making them foreign agents.

I doubt that anyone outside a few of the more extreme members of Congress think that releasing such information makes them Russian agents. Claiming that Russia has a free press is however good evidence of being a Russian agent.

...

Vulnerabilities in the software that hundreds of millions (if not billions) use every day must be exposed and patched ASAP.

True. I think I've done my share of work in securing Linux systems both directly through working on SE Linux and indirectly through finding bugs in various daemons and applications (often due to SE Linux policy revealing inappropriate things).

http://www.itwire.com/business-it-news/open-source/73441-appelbaum-banned- from-debian-events-after-sexual-misconduct-charges.html

Could you please give us a summary of some of your contributions to Linux security? A quick Google search only turned up the above.

...

We can't let this Anti-Russia scare nonsense affect critically judging our government.

When wrong doing is exposed, IT must be the center of attention, NOT who revealed it.

Edward Snowden revealed wrong-doing, I and others took it seriously. Since the Snowden revelations lots of things have been done to improve security, including a massive increase in the use of HTTPS and TOR.

This latest release by Assange is simply more of the same. Evidence that the CIA is doing things on Android that the NSA was known to do on other platforms years ago is not particularly interesting and doesn't change anything. I think that everyone who read about the Snowden leaks inferred that such things were being done.

...

Scape goating and saying "it's all russia's fault" without proof is just going to alienate people and will be 100% counter productive.

It's a good thing that I never said it's Russia's fault.

But then studiously ignoring what Russia might be doing is also a bad thing. I think it's reasonable to believe that the Russian government has greater capabilities than the North Korean government and therefore they can do more than hack Sony.

There are more than a few people who are happy to have the US government monitor them. Convince those people that Russia isn't a threat and they won't be particularly interested in doing anything about such problems.

...

Don't take "it's russia's fault" with a grain of salt, especially nowadays when it is just being used as a distraction.

That's something that Trump or Palin might say.

Kind Regards, -- Andri Effendi Organiser of The Free Software Movement in Sydney www.freesoftware.org.au/ GPG fingerprint: 8438 138D ECDA 05E0 591F F2B4 4721 0F03 AC24 DF73 Confidentiality cannot be guaranteed on emails sent or received unencrypted.

In plain english: "WikiLeaks will provide technology companies with exclusive access to CIA hacking tools it possesses, allowing them to patch software flaws, founder Julian Assange says." Source: http://www.abc.net.au/news/2017-03-10/wikileaks-offers-cia-hack-information-... Q: does his motivations matter in this case? If so, why and, more importantly, how much do the mptovations matter in comparison with the (potential) vuln patching by their authors? Adrian On Thu, Mar 9, 2017 at 9:17 PM, Russell Coker wrote:

On Thu, 9 Mar 2017 02:27:00 AM Andri Effendi wrote:

...

"The Debian GNU/Linux project says that former Tor developer Jacob Appelbaum is no longer welcome at its events, after charges of sexual misconduct were levelled against him"

The article you are looking at isn't factually accurate.

The Title of the Article says that there were 'charges' leveled against Jacob Appelbaum which never happened.

There were NEVER any CHARGES laid against Jacob Appelbaum, heck the accusations posted on the "anonymous" blog were never even reported to police.

The word "charge" has many meanings in English. In the context of a court case it can mean an official accusation (among other things). But it also has other meanings.

8. An accusation of a wrong of offense; allegation; indictment; specification of something alleged. [1913 Webster]

Above is one of the definitions which probably best corresponds to Sam's use. Sam has a great command of the English language and uses it precisely.

...

Nor did they ever see the light of day in a court of law.

I don't know about you, but I believe in fighting for everyone's rights, not just my own.

Yes, that's why I want Jacob excluded from Debian, LCA, and every other source of victims. Some of the people who accused him are people I know IRL and some are people I know from Internet correspondence.

...

I don't know what you are getting at here, whether you're trying to sum up my entire contribution to "linux security" by pointing to a miss leading blog written by someone else, who only quotes the written equivalent of sound bites and can't even get the title of his story inline with actual facts.

https://medium.com/@violetblue/but-he-does-good- work-6710df9d9029#.ci5xlnvrc

You are a conspiracy theorist. You claim that Jacob was framed, while the more reasonable assumption is that he did what he was accused of. Until I read the above article I didn't realise it was possible for someone to be such a creep that a BDSM gay porn company had to sack them, but apparently Jacob achieved that.

http://earthfirstjournal.org/newswire/2014/04/26/notes-on- david-furcas-dont- let-police-infiltrators-distrupt-our-movements/

Now there is a history of police infiltrators sexually abusing members of political organisations, the above URL is one of many documenting that. We should consider whether Jacobs situation is more similar to an activist being targeted by the authorities (who have not arrested him as you note) or an infiltrator attacking political organisations.

As an aside when we discussed evicting him from Debian people tried the "but what about the work he did" thing. But it turned out he had contributed little to Debian and nothing for several years, it was just another group he had joined for reasons other than contributing.

...

Are you trying to commit character assassination?

I'll let your conspiracy theories and defence of the indefensible speak for itself.

...

I don't see how this particular attempt to assassinate my character or credibility is relevant to the original post which was about "WIKILEAKS, Vault 7: CIA Hacking Tools Revealed".

I have dedicated hours of my spare time to the Free Software movement and advocating for Privacy and other Human Rights?

I have dedicated unpaid volunteer hours spent to provide people with knowledge of how to better protect their privacy online, preserve their documents by switching to Free/Open formats, advocacy against DRM and many other contributions.

It's nice that you have spent hours doing that. I have spent 16 years working on SE Linux.

...

What gives you the right to demand me to justify my right to speak, by questioning how I contribute to the Free Software community?

What gives you the right to question all the victims of Jacob?

...

That is a very low place to go madam or sir.

You lack the knowledge of English needed to criticise Sam's writing.

...

Prove your Russia conspiracy theories. I think that is way more relevant.

I've shown that Assange defends Russia. If there is a reasonable explanation for that then offer it.

...

You don't have to be an expert to know a state sponsored attack was not necessary for the Sony Leak.

Also, that you would never be able to truly pin point the location of such an attack anyway since carrying out an attack using compromised hardware scattered across the globe can mask the origin of the true mastermind.

No Proof was ever produced that it was Russia or North Korea.

https://krebsonsecurity.com/2014/12/the-case-for-n-koreas- role-in-sony-hack/ https://www.schneier.com/blog/archives/2015/09/good_article_on.html

Krebs and Schneier are convinced that North Korea was behind the Sony hack. While we may never have absolute proof I think that NK is the best theory to go with.

...

The Sony Hack could have easily been an employee who was not satisfied about their time at sony.

It could even be a staged false flag attack from within the US to be used as a pretext for a declaration of war against either of the states you have mentioned "Russia or North Korea".

https://en.wikipedia.org/wiki/Korean_Armistice_Agreement

There is no possibility of a declaration of war against North Korea, there has been no "final peaceful settlement" of the last war, so the war hasn't ended.

https://en.wikipedia.org/wiki/USS_Pueblo_(AGER-2)

The US government has no desire to start hostilities with NK again. As they didn't respond with force to the Pueblo incident it seems unlikely that they will want to do anything now.

...

The same goes for the DNC leaks, which the western mainstream media and also some western politicians has purported as fact (without proof) that "it was the russians" who leaked the emails.

The CIA believe that Russia was behind it. Wikileaks is proven to be pro- Russia, so that seems plausible.

...

Not only is this ridiculous, but the source of the information is only a distraction from the incriminating evidence of the DNC rigging the primaries against Bernie Sanders.

No-one outside the US Democratic party cares much about whether they rigged their internal elections.

...

This could have easily been a DNC insider, which Assange has not outright said that it was, but has eluded not only to that conclusion, but also that that person was assassinated.

And in fact there was someone in a position to leak such information has actually died not long ago.

Recursive conspiracy theories.

...

Julian Assange has eluded to this in an interview.

I am not saying that I believe it as fact, because I am a man of my word, I believe in Innocence till Proven Guilty.

This will be my last response to you Russell Coker, as I have dedicated my time to promoting software freedom and not responding to trolls who are pulling out the "russia" card whenever they want to distract from incriminating revelations about the US government or our own.

Most people who say that don't last 24 hours. Most of the rest don't last a week.

-- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/ listinfo/free-software-melb

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Assange is a public figure and can't be excised from responsibility or relevance over the things he does. The information is fascinating, but the timing is far more fascinating. Assange has spent a number of months releasing information that happens to benefit a particular political player in the most powerful country in the world. This release is no different. It's just a coincidence that he releases information about spying at a time when Trump happens to be claiming he was spied upon? If the information is the most important thing then he won't drip-feed it to the public at times when it most suits his political purpose. The fact that he is doing it that way means that he is using the information he has access to for his own personal benefit. That makes him no better than the governments he is "exposing". He's just one more person who is collecting information to use and using it for personal benefit. Dislike the "establishment" all you like. Assange is fast turning himself into simply an alternative establishment. If the information is all that matters, wikileaks will release all information it obtains as soon as practicable and will do all things possible to ensure that they do not release information at times that just happen to suit partisan political interests. ESPECIALLY when those partisan political interests also appear to align with the partisan interests of the media star of wikileaks. Jason Cleeland -----Original Message----- From: Free-software-melb [mailto:free-software-melb-bounces@lists.softwarefreedom.com.au] On Behalf Of Andri Effendi Sent: Wednesday, 8 March 2017 1:46 PM To: free-software-melb@lists.softwarefreedom.com.au Subject: Re: [free-software-melb] FOR IMMEDIATE RELEASE: WIKILEAKS, Vault 7: CIA Hacking Tools Revealed I think people who dismiss Assange or Snowden as "Russian Agent(s)" are bonkers and have been manipulated by the MSM. I can't believe that such critical information that should be released to the public as part of being a so called "democracy" is seen as making them foreign agents. Vulnerabilities in the software that hundreds of millions (if not billions) use every day must be exposed and patched ASAP. We can't let this Anti-Russia scare nonsense affect critically judging our government. When wrong doing is exposed, IT must be the center of attention, NOT who revealed it. Its about the movement, NOT the man. Scape goating and saying "it's all russia's fault" without proof is just going to alienate people and will be 100% counter productive. It goes way beyond the US Election. So remember, always think critically of those who are speaking in Canberra, Ottawa, Washinton DC, Wellington, West minister, Berlin or any government relevant to you. Don't take "it's russia's fault" with a grain of salt, especially nowadays when it is just being used as a distraction. Adrian Colomitchi:

...

Also remember that Assange seems to be a Russian agent. Oh, really?

So you say: * it doesn't matter we know how you can be spied on or that you can be "serendipitous" killed by a truck or that your "secure" apps that should guarantee your privacy are got around. And it still doesn't matter an organization that should look after the american public interest chooses to hoard zero-days instead of disclosing/plugging them (thus letting the public vulnerable against others). * but it does matter Assange is human (thus imperfect).

Quite a twisted logic IMHO, I hope you don't mind if I'm not accepting it.

Adrian

On Wed, Mar 8, 2017 at 12:23 PM, Russell Coker wrote:

...

This isn't really news. After Snowden's information this is something most people expected.

https://www.theatlantic.com/politics/archive/2017/01/ assange-man-in-the-news/512243/

Also remember that Assange seems to be a Russian agent. -- Sent from my Nexus 6P with K-9 Mail. _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/ listinfo/free-software-melb

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/

Kind Regards, -- Andri Effendi Organiser of The Free Software Movement in Sydney www.freesoftware.org.au/ GPG fingerprint: 8438 138D ECDA 05E0 591F F2B4 4721 0F03 AC24 DF73 Confidentiality cannot be guaranteed on emails sent or received unencrypted.

On Wed, 8 Mar 2017 02:39:58 PM jason@cleeland.org wrote:

If the information is all that matters, wikileaks will release all information it obtains as soon as practicable and will do all things possible to ensure that they do not release information at times that just happen to suit partisan political interests. ESPECIALLY when those partisan political interests also appear to align with the partisan interests of the media star of wikileaks.

http://www.huffingtonpost.com/zeynep-tufekci/wikileaks-erdogan- emails_b_11158792.html Jason, your analysis is insightful and well written. But I disagree with this paragraph. The above article gives a clear example of the problems with a "release all information" approach. Releasing government information that has no relevance to security (EG the amount of money spent on coffee and biscuits for government employees) might be harmless, but releasing information on citizens can be dangerous. Releasing the addresses of most women in a country has an obvious risk of facilitating stalking and rapes. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

On Wed, 8 Mar 2017 03:43:10 PM jason@cleeland.org wrote:

On Wed, 8 Mar 2017 03:05:00 PM russell@coker.com.au wrote:

...

Jason, your analysis is insightful and well written. But I disagree with this paragraph. The above article gives a clear example of the problems with a "release all information" approach. Releasing government information that has no relevance to security (EG the amount of money spent on coffee and biscuits for government employees) might be harmless, but releasing information on citizens can be dangerous. Releasing the addresses of most women in a country has an obvious risk of facilitating stalking and rapes.

Russell, I don't disagree with the article about the dangers of releasing unfettered information. But the problem with having a secretive, unaccountable body deciding what is worth releasing to the public, and what isn't worth releasing to the public is that we have no idea what decisions are being made, why they are made, or what they are refusing to release.

Which is kind of exactly the problem that wikileaks usually argue they are addressing. Governments are collecting information about us, and are then - in a secretive, unaccountable manner - deciding what information we may or may not have.

Except that Wikileaks are part of the problem being a secretive unaccountable body without any legal oversight that decides what to release to the public.

Governments usually cite the argument, when they say they can't release some information, that by releasing the information they would be causing harm to the people they are supposed to be protecting. Strangely similar to the article you link to, and the argument about managing what is released. It's a legitimate point for governments to be making - except that we never find out what information governments happen to have chosen to keep from us for our own protection. And in that gap lies the problem wikileaks want to address.

The case that governments make is usually a lot weaker. For example the US government claims that releasing information on civilian deaths in war zones is bad for propaganda. That claim is based on the assumption that people don't already know about deaths in war zones, and I'm sure that friends and relatives of the deceased know it well. The case for releasing personal details on most women in a country is obviously bogus. There is nothing they could possibly all be doing wrong apart from voting for someone you don't like, and I hope we can all agree that persecuting people for voting for the wrong party is a bad idea. The risks of releasing personal data on women is rape and murder.

However we'll also never know what information wikileaks have chosen to keep from us for our own protection. So what's the difference?

There is a slight difference. In a democracy, at least we have the thin veneer of an opportunity to influence our decision makers. And we have laws and systems designed to try and ameliorate the excesses of the dreaded establishment. Imperfect maybe. Let's face it, however crap they are, they all far exceed any public oversight or power we happen to have over wikileaks or Julian Assange. I'm not sure when the next election for the 'board' of wikileaks is happening, but I know for a fact that I don't get a vote.

It's his personal project. He expells people who disagree.

If we are replacing one flawed, failing, not-very transparent information overlord with another flawed, even less transparent overlord, we are really not doing ourselves any favours, no matter how beautiful the core idea behind wikileaks is.

And when that organisation starts to play partisan politics with information it possesses, well it's turned into a monster that - if it isn't far worse than what it claims to be protecting us from - it's a least definitely no better.

If wikileaks want to protect individuals by withholding some information, or holding it until they have vetted it - well great. We all support not hurting innocent people through thoughtless and rash actions. So do it "as soon as practicable".

But they released the data on Turkish women without vetting it even though there is no conceivable reason for doing so. They have also released data about Saudi Arabia, so their excuse that lack of Russian language knowledge prevents them releasing data doesn't hold water.

And if by releasing information two days after President Trump claims he was spied on by the CIA, then it makes wikileaks look like they are complicit with the new US administration, then wikileaks should wait a few weeks and do it at a time where it doesn't play into the hands of one political actor over another. As others have pointed out, it's not like anyone is astounded at this news. I know I'm not. Frankly, if the US government weren't doing exactly what the Chinese government, the Russian government, the French Government, the [insert any country's name] government is doing wouldn't we all be far more surprised?

In terms of Android malware there's a lot of Chinese and Russian criminal enterprises doing that. People who believe that the US government only does good things should want better phone security to stop criminals.

Anyway, that's all off topic. The point is, if wikileaks want to remain "above politics" then they have an obligation to do everything that they can to not only BE above politics, but also to APPEAR to be above politics.

Yes, that means both actions and statements. If Assange said "I'd like to work with someone who knows Russian to get ready for Russian-language leaks" it would improve the public perception of him. When he says that there's no need for leaks from Russia he sounds like a Russian agent. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

This isn't really news. From the two messages: "Security by obscurity in these areas" vs "Assange is ..." - which one would you consider relevant for you?

The very page linked in the original poster: "The CIA made these systems unclassified. Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'. To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets." On Wed, Mar 8, 2017 at 12:23 PM, Russell Coker wrote:

This isn't really news. After Snowden's information this is something most people expected.

https://www.theatlantic.com/politics/archive/2017/01/ assange-man-in-the-news/512243/

Also remember that Assange seems to be a Russian agent. -- Sent from my Nexus 6P with K-9 Mail. _______________________________________________ Free-software-melb mailing list Free-software-melb@lists.softwarefreedom.com.au http://lists.softwarefreedom.com.au/cgi-bin/mailman/ listinfo/free-software-melb

Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/