[ExI] Wikileaks

Eugen Leitl eugen at leitl.org
Tue Dec 7 21:34:47 UTC 2010

On Tue, Dec 07, 2010 at 12:11:33PM -0400, Darren Greer wrote:

> So what do you do? You can't punish contributors, so you punish those who
> make it possible to contribute and are trying to protect those involved.

In practice, if you have thousands and ten thousands (or hundreds
thousands and millions) of nodes spread all over the world, run
by volunteers (and nonvolunteers, see the average botnet) the
enforcement is completely impractical.

> It's not just Assange and Wikileaks here. Amazon has paid a price for
> hosting the site. An independent cooperation forced by political pressure to

That's just the point: a single site is a single point of attack.
What do you attack if the only thing the publishers and the readers
see is localhost? DDoS or ::1? Won't work too well, I'm afraid.
How do you forge document references like

How do you abuse the network if you need reputation in order
to be able to publish, and the only way to gain reputation is
to prove you're serving reliably, without knowing what you're
serving, and hence not being able to censor other than denying
service, and thus being denied reputation in turn?

> remove it? Someone somewhere can always be forced to be take responsibility,
> even if it's way down the line. You're right that the battle is not really

Spread the risk over many buckets, including involuntary volunteers.
Send the SWATs to Redmond and Cupertino. That'll teach'em.

> about these people or Assange. It's a public relations battle in the long
> run. But forcing these people into the public eye is key to it.
> >If you know what the signature is, it's pretty easy to remove.<
> Perhaps. I don't know enough about internet technology to say for certain.

A number of psedonymous/anonymous and outright dark networks are in
operation on the Internet. They are only a minor nuisance to the
authorities, and furthermore useful as training sandboxes, so but
for minor harassments their operators are left in peace. If the stakes
are raised high enough no doubt at least parts of the network will
go underground, and hence entirely out of reach of law enforcement.

> But Spike mentioned in this thread that someone in this group was once
> worried about some things he had posted. Since it turned out to be
> impossible to remove the comments from the database, the group just started
> imitating each other's style and posting along similar lines so that it
> would be difficult to tell who was posting what and the guy with the

In the case of leaks, you're just the conduit. If you're a smart leaker,
to take great pains to not put your own fingerprints on the material.
You must take care to not leak anything watermarked to you personally.

> original concern would get lost in the shuffle. The question I asked myself
> when I read that is how did that person originally communicate his concern
> over what he posted? Via the group? How was the plan of
> action communicated to everyone involved? Also via the group? Private
> e-mails? Snail mail. Code?

If you don't want to be known, use a nym. If you don't want to produce
style fingerprints linkable to a different nym, do not post under a different
> Given world enough and time, to quote Andrew Marvel, you could probably get
> to the bottom of it. There's a trail somewhere. Not just via the web, but

You're in a maze of twisty passages, all alike.

> through traditional tracking systems -- real world intelligence services,

Their possibilities are limited. So they've got network probes upstream
of all those ~1 k public Tor nodes, so what? Leaker network can easily
tolerate ~h latencies, so put that into your chaffed onion mix cascade, 
and smoke it.

> courts, subpoenas, etc. In most cases, the effort is just not worth it. In
> this case, however, some governments have decided it is. They will fail
> miserably, and for all I know there may be a million ways to keep
> your activities on the web a secret from all, including determined
> government agencies and hackers from China and internet service providers
> and the like.  But when the people doing the looking are as good if not
> better than those doing the hiding, nothing is for certain.

The people doing the hiding need only to install a piece of hardware.
The expertise needs to reside with people who designed and implemented
said piece of software. Most operators can be Mallory, a properly
designed system should be able to deal with that.
> Anyway. It seems to me there is nothing new taking place here. Just
> another information power struggle similar to the one five hundred years ago
> when William Tyndale translated the bible into English and was killed for

Arguably we're at the stage of Gutenberg, where the means of mass
production of text were taken out of the hands of professional scribes
and exacerbated the "problem" of proliferation of unsanctioned thoughts.

> it. Mean-time it was too late: it had already had been copied and
> distributed and Tyndale became a martyr for the faith. I'm not saying
> Assange will have the same fate, but if they keep it up, he'll be a digital
> saint before sundown.


Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the extropy-chat mailing list