21 August 2014

Motivational quotes

A while back I found out about a school of sharp satire: pairing “motivational” quotes — often about “fitness” — with images to suggest that they are about alcoholism.

This is several kinds of good, especially as a critique of how sick and hateful a lot of those “inspirational” mottos really are.

On Facebook, a friend proposed that this implies a useful critical tool, which I'm dubbing “Rhett's Law”:

If it makes a funny “drunksperation” meme image, it's questionable motivational advice.

He unpacks why this is a useful test.

19 August 2014

Libertarianism

Conservative commentator Jonah Goldberg of the National Review is a notorious numbskull, but he has a blind squirrel tendency to occasionally make a clarifying comment by mistake. Case in point from the article America's Selective Libertarianism.

I wish it were otherwise, but people tend to be libertarian only after it’s demonstrated to them that the government can’t deliver the results they want.

He wishes people hated government even when it benefits citizens.

Why? Because freedom, of course.

Sexist superhero art

“That art makes me feel uncomfortable.”

Classic.

18 August 2014

It's not about smaller government

Mike the Mad Biologist is shocked, shocked by the betrayal of conservative and “libertarian” principles in his proposed anti-poverty program.

Essentially, what Paul Ryan wants to do is create a government bureaucracy to monitor these ‘contracts’ (or, maybe monitor the Social Contract?). Conservatives have spent the last forty years railing against this very thing. Of course, people will disagree about whether they hit these ‘benchmarks’, so we’ll need to hire people to adjudicate that process. More ‘big government.’ It also opens people up to the predations and whims of ‘petty government bureaucrats.’

Of course, Mike is not really surprised at all. He knows what conservatism is really about.

Information resources for utopia

I keep meaning to index this stuff, so here's a start:


Appropedia

Appropedia is for collaborative solutions in sustainability, appropriate technology and poverty reduction. You are welcome to add to and edit Appropedia - your site to find, co-create and improve the solutions we need.

07 August 2014

The secret to Success

There is a thing in American society which we call Success. I use the capital S here deliberately: I don't mean success in achieving one's goals, I mean Success in the primate-status-game sense of being recognized as Successful ... and given power and opportunities.

Apropos of this I've been meaning for some time to write about Amanda Palmer's TED Talk and have not done it because I have too much to say about it. As someone who has followed her for some time it was interesting to see her appearance in the TED venue make the rounds a while back.

There's a moment I noticed in the talk when, after several minutes of attention to the amazing story she tells, she finally gets a big round of applause ... by saying how much money her Kickstarter raised. Because yeah, the TED audience — of Successful people who paid big bucks to be there — is keeping score that way.

This helped me recognize something else about Success in her TED talk, about how one becomes a Success.

Being White and male and straight help, natch, though there are plenty of straight White guys who get nowhere near Success and Ms Palmer is only one of these things.

Palmer also lacks another important factor that Americans talk about less. I read an interview with a person who had done biographies of a bunch of Silicon Valley moguls, folks like Bill Gates and Michael Dell and Larry Ellison and Steve Jobs, and the interviewer asked them what they had in common. Surprisingly little, said the biographer, but I did notice that all but one of them has a trust fund from their parents. It turns out that to make it that kind of big, you have to bet the company, and do it repeatedly, and it really helps to do that if you don't need your job to pay the rent. So, family money. But plenty of folks with trust funds don't go on to Success.

So what about personal attributes? In my observation, there are three personal attributes that tend to support Success, and Palmer has all of them. Talent really does make difference: being smart or specially capable really does open a door to Success, even if it is far from a guarantee. Ambition is powerful: some people stumble into Success but wanting it badly helps a lot. And last, narcissism is powerful. And here I mean not garden-variety narcissism, but the real deal pathological narcissism of believing beyond the ability to conceive otherwise that one is just plain better and more interesting and more deserving than everybody else. I'm not joking about that last one, it's the one we actively propagandize for in American society: you just have to believe in yourself.

Each of those three tilts people toward Success. The combination of the three is unstoppable, a near sure-fire cocktail.


Amanda Palmer.

Bill Clinton.

Steve Jobs.

Oprah Winfrey.


I think a great deal about how this has a lesson for us about the American “meritocracy” we have built.

06 August 2014

Tragedy of the commons

Over at Slate Star Codex the recent long, rambling, fascinating post Meditations on Moloch offers us this:

The fish farming story from my Non-Libertarian FAQ 2.0:

As a thought experiment, let’s consider aquaculture (fish farming) in a lake. Imagine a lake with a thousand identical fish farms owned by a thousand competing companies. Each fish farm earns a profit of $1000/month. For a while, all is well. But each fish farm produces waste, which fouls the water in the lake. Let’s say each fish farm produces enough pollution to lower productivity in the lake by $1/month.

A thousand fish farms produce enough waste to lower productivity by $1000/month, meaning none of the fish farms are making any money. Capitalism to the rescue: someone invents a complex filtering system that removes waste products. It costs $300/month to operate. All fish farms voluntarily install it, the pollution ends, and the fish farms are now making a profit of $700/month — still a respectable sum.

But one farmer (let’s call him Steve) gets tired of spending the money to operate his filter. Now one fish farm worth of waste is polluting the lake, lowering productivity by $1. Steve earns $999 profit, and everyone else earns $699 profit.

Everyone else sees Steve is much more profitable than they are, because he’s not spending the maintenance costs on his filter. They disconnect their filters too.

Once four hundred people disconnect their filters, Steve is earning $600/month — less than he would be if he and everyone else had kept their filters on! And the poor virtuous filter users are only making $300. Steve goes around to everyone, saying “Wait! We all need to make a voluntary pact to use filters! Otherwise, everyone’s productivity goes down.”

Everyone agrees with him, and they all sign the Filter Pact, except one person who is sort of a jerk. Let’s call him Mike. Now everyone is back using filters again, except Mike. Mike earns $999/month, and everyone else earns $699/month. Slowly, people start thinking they too should be getting big bucks like Mike, and disconnect their filter for $300 extra profit…

A self-interested person never has any incentive to use a filter. A self-interested person has some incentive to sign a pact to make everyone use a filter, but in many cases has a stronger incentive to wait for everyone else to sign such a pact but opt out himself. This can lead to an undesirable equilibrium in which no one will sign such a pact.

The more I think about it, the more I feel like this is the core of my objection to libertarianism, and that Non-Libertarian FAQ 3.0 will just be this one example copy-pasted two hundred times. From a god’s-eye-view, we can say that polluting the lake leads to bad consequences. From within the system, no individual can prevent the lake from being polluted, and buying a filter might not be such a good idea.

Both the Non-Libertarian FAQ and Meditations on Moloch are worth your time. But seemed extra-special and handy to keep handy.

31 July 2014

How secure is Tor?

Today I retweeted a tweet from Kenn White (@kennwhite):

SV [Silicon Valley] tech writers flip out after discovering Tor was created by the Navy & gets State Dept grants.

Wait till someone tell them about Arpanet.

For the uninitiated, Tor is a service for making online communications anonymous, to foil things like state efforts at surveillance. ARPANET was a technical precursor to the Internet created by the Advanced Research Projects Agency (ARPA) of the US military. This is a reference to the suggestion that many have made that US government funding for Tor is a sign that it may not be as secure as it purports to be.

I forwarded this tweet because it nicely summarizes the double-edged naïveté implicit in being shocked by Tor's funding. On the one hand, one can read seeing the hand of state surveillance lurking under Tor because of its funding sources as a manifestation of a kind of paranoia. If that connection indicts Tor, don't the Pentagon origins of ARPANET indict the whole of the Internet? On the other hand, the forces arrayed for state surveillance are demonstrably so powerful that one is tempted to ask “is that too paranoid, or is it just paranoid enough?”

On my Facebook feed, this inspired a lively discussion between Vinay Gupta, a “global resilience guru”, and Billings, a web security professional who reminds us that he is not speaking for his employer here. They are both people I respect very highly.

The discussion seemed useful to share with the world, so here's a lightly-edited version.



Gupta
The thesis that internal conflict in the US government is so enormous that the NSA is unable to stop the US Navy funding something which effectively makes many of the NSA's operations impossible seems, to me, to be a less likely hypothesis than “Tor is another Crypto AG.”

You pays your money, and you takes your choice.

Wikipedia: Grypto AG back-doored machines

By the way, just to clarify, I'm not accusing Tor of being consciously cooperating with the NSA. Rather, I think their technology must be flawed on the basis that the USG would not fund them if Tor did what it said on the can, and there is very good evidence that the USG loves people to use broken cryptography presuming it to be secure.

None of this involves a detailed technical analysis of Tor: it's a political rather than a technical analysis. And I could be wrong.

But so could they.

Billings
Well, except I actually know and work with core Tor developers and they both edit the code and are definitely not government shills. These people are not poor security engineers either (quite the contrary). The fact is that parts of the US Navy intelligence apparatus and others have used it to cloak their own activities and have a vested interest in keeping it secure. If only government stooges used it, then you'd know anyone coming out of a Tor node was a government stooge. If they do use it, they don't want to be tracked either.

Gupta
So we're left with the hypothesis that the Navy is paying them to thwart the NSA. I just don't buy it: a vastly more historically plausible analysis is that the NSA is good techniques for circumventing Tor, and is quite happy for the Navy to continue selling people rope, with which the NSA can later hang them. That's consistent with historical intelligence practices and the available evidence.

Billings
and the reason why the stolen Snowden docs reference often the NSA bitching about Tor is just COINTELPRO and Snowden works for them? The NSA basically says that it is a good thing that most people are so poor at opsec and they can break stuff in other places because they can't break Tor itself.

That said, if an entire nation state apparatus walks to watch Tor, they can probably watch enough end nodes eventually to nullify much of the anonymity. Tor folks are pretty aware of that and have spoken about it publicly. Without any evidence though, I generally treat people saying Tor is secretly broken as FUD, especially when the other evidence we do have contradicts that.

To quote from NSA targets the privacy-conscious:
As revealed by the British newspaper The Guardian, there have been repeated efforts to crack the Tor Network and de-anonymize its users. The top secret presentations published in October last year show that Tor is anathema to the NSA. In one presentation, agents refer to the network as “the king of high-secure, low-latency internet anonymity”. Another is titled “Tor Stinks”. Despite the snide remarks, the agents admit, “We will never be able to de-anonymize all Tor users all the time”.
I admit that this is a personal bugaboo of mine, since I know many of the Tor folks personally (and their integrity) but most of these discussions seem to run along the lines of “but but but they get most of their funding from the US government and no one ever told me that the Navy started Tor so it must all be a trip/track/setup by the government.” Other than the fact that they get money from the government, I've yet to see any proof of this offered though. I recognize Vinay is drawing the distinction with them knowingly being tools and unwittingly being tools though.

Gupta
Snowden has released nothing about cryptography so far: nothing about which ciphers can be broken. This is probably because the NSA keeps its data in tiny little boxes, and people in one box don't get to know what's going on next door. The psychology of reflexive defence of Tor while ignoring the funding paradox is simply exactly the mindset which security people love to exploit when breaking things.

Dream on.

Billings
If Tor was something the NSA had broken, they would not be doing internal presentations and circulating reports bitching about how they couldn't easily de-anonymize people using Tor. That is unless you're arguing that rank and file NSA spooks don't know the initiatory secret of the secret inner order, which knows that Tor is broken but doesn't bother to tell the NSA. I mean, these are internally circulated documents between NSA folks, not for Congress, etc.

Billings
To be clear, Snowden has released everything as of a year ago. Greenwald and the technical people, like Schneier, haven't released the information that they have. BTW, the defense isn't reflexive. My day job is in security for a browser used by hundreds of millions of folks.

Gupta
Wait, wait, hoooold on. “The NSA” is not a monolithic object. It's a sea, a foam, of little security compartments. Snowden has (as far as current data suggests) no access to the math, the crypto, the network analysis and all the rest of it. He's got brute infrastructure stuff because that's what was in his compartment.

Billings
So the NSA (meta) allows its agents to fail to catch people by not telling them that Tor is actually broken to the point where said agents to presentations, author reports, etc. to other NSA agents complaining about Tor?

Because we have seen those complaints.

Gupta
The entire point of the NSA's security compartments is so that a Snowden or a spy can't get the entire ball of wax. It's routine for one part of the org to slave for decades on a problem that another part of the org has already solved, for example. Their approach is not polite, it's battle testedly irrational. And well documented.

Billings
Of course, is the NSA was well compartmentalized, a 29 year old contractor wouldn't have hoovered up probably more than a million documents from different programs. Clearly, he was able to get past plenty of walls.

Gupta
Consider Coventry: the UK had broken the codes, they knew the bombing was coming, and they took the hit anyway. That is what cryptography is about, really. It's that depth of strategy that's the core to understanding what you see in front of you.

Nothing on the math, nothing on ciphers they've broken = he was nowhere near the crown jewels.

Billings
Or Greenwald et al simply haven't found it juicy or safe enough to release yet. They are redacting to avoid, in their opinion, getting folks killed or endangering “acceptable” things.

I still think if Tor was that broken by the NSA, their agents would be actively breaking it, not complaining to each other internally about how they had to do various work arounds to figure out who folks are.

So, if they're saving that trick and keeping it for the 40th level NSA wizards, then their agents still haven't broken Tor because they don't get to know.

Gupta
Your model of the NSA is not the same as my model. I think my model of the NSA is better founded on historical evidence. I just can't see (knowing what we know about the history of cryptography as used by intelligence agencies) how you can justify your faith in the security of a tool they are paying for. The sweet spot has always been “let the Rubes think they are using encryption” and then read their messages and gather at will. That has not changed in centuries.

Billings
So it comes down to “We have no evidence it is broken but because government groups pay for much of it, it is inherently untrustworthy” then? I'm not saying it isn't an argument that rational folks would make, just not one I'm buying.

Gupta
Do we have no evidence that it's broken? Surely “We will never be able to de-anonymize all Tor users all the time” is clear reporting that, indeed, Snowden's team can get some Tor users some of the time. How many? How much does that matter? Do we have statistics on this? So that's the first line.

Billings
Except we also, from the same slidedecks and other events, know how they denonymize users. I could find you articles if you wish but it basically comes down to “people suck at operational security and do a bunch of other stuff to identify themselves, no matter that they went through the Tor network on the way.” See how they tracked down the Dread Pirate Roberts or that fellow running a Tor hidden service in Ireland. Poor opsec, which is a relatively well understood issue. We are also aware of a number of attacks involving watching a certain percentage of end nodes or of running a certain number of nodes, en masse, and correlating traffic. Again, the guys working on Tor aren't idiots, are aware of these problems, and working to address them. You saw yesterday's news about Tor middle nodes, right?

Tor security advisory: “relay early” traffic confirmation attack | The Tor Blog

Gupta
The second line is this: deception is the normal practice of intelligence agencies. To take what they are doing at face value, to believe one leak as the entire story? “Now we understand?” My god. Read the history of intelligence operations. Look at “The Double Cross System.” Look at Angleton. The Cambridge Five. You can't just puddle through this stuff taking a single NSA document as an absolute verification of Tor's relationship to the NSA: that's what one team knew at one time, in fact, it's not even what they knew it's what they chose to write down. You just can't look at intelligence data this way and be on secure ground. It's not how these people operate.

Billings
Differences of opinion are simply uninformed, as opposed to making rational decisions that don't happen to match yours.

I'd be more strongly convinced that, for example, maybe one of the Tor founders, like Roger, might be a secretly paid agent maintaining Tor access for government this whole time (though I don't believe it) than proof by lack of proof.

Gupta
These people are your opponents. They're very, very good at these games. We know a little about what they were up to 50 years ago from WW2 releases. Do not assume, not for one minute, that the games we are entangled in now are any less sophisticated, Machiavellian and manipulative than they were in WW2. The UK government ran every single spy the Germans had on UK soil. This is the caliber of the deceptions operated by the same mechanisms we are being asked to take at face value re: Tor's funding streams. I cannot buy it.

Billings
Yes, I think your position is clear. Me? I require some actual evidence beyond “they get money from the government” as proof they are pwned.

Gupta
It is very easy to assume that our model of the technological capacities of the NSA is accurate, too. But on the math side they've had close to a 20 year head start on the two occasions when we have good evidence of their know-how (hardening DES against differential cryptanalysis, and RSA being developed at GCHQ). Is it possible that they're unwinding Tor with math we won't see in public for another decade or more? Quite possibly. Could they be routinely owning all of the network nodes that relay traffic they want to see, using some kind of low-level hardware exploits or even plain old OS bugs? We don't know. But unless you ignore the entire history of intelligence agency operations around cryptography you cannot take this story at face value. It's not remotely justifiable.

It's really cute to tell the story of US government needs a security tool so they hire hackers to build one, and it protects us and it protects them just the same. But, for god's sake, when has the USG EVER created a level playing field in something as sensitive as cryptography? It just DOES NOT HAPPEN. Not the way the institutions work. I cannot believe the level of political debate around the Tor funding stream: it's as if nothing was learned from watching the past 50 years: everything since ENIGMA is admissible as baseline data on the NSA's modes of operation. Use it.

Billings
Who is taking it at “face value”? My evaluation is based on a lot of sources, including week to week working with developers at Tor as they ship their Tor Browser based on the code of Firefox, where I work. If people offer actual evidence that Tor is broken, I'll evaluate it but I haven't seen any.

Gupta
facepalm

Billings
Rational people can hold a differing evaluation of the evidence, Vinay.

Gupta
Wrong standard of proof. Wrong. Wrong. Wrong. Your adversary is doing everything humanly possible to make sure that you do not get evidence that the system you are working on is broken. Their entire modus operandi throughout their history is to leave systems in place which people assume are secure, and then read whatever it is they like that goes over those wires. That's the goal state for the NSA. They're good at cracking systems, and they're good at concealing those systems have been cracked. Those are two halves of a whole.

Billings
Good at concealing it from their own agents too, it seems. Anyway, I'm done here. We're just repeating ourselves and I have no expectation of convincing you. I expect people will use Tor if they feel they can trust it and to use ... nothing ... if they feel they can't. No one is going to be convinced by further debate here.

Gupta
Yes. That's standard operating procedure for most of these agencies. Of course they conceal things from their own people, and lower level folks die in gutters because they didn't know the higher clearance data that would have saved their lives. Standard standard standard. That's how intelligence works.

Billings
I will say that if the NSA has broken Tor but they don't tell their agents, pretend it isn't broken, and ignore everyone but people like Snowden or Chinese master spies in order to maintain that facade then, for all functional versions of reality, it isn't broken until someone becomes important enough to blow their cover. I'm not Osama Bin Laden. If the NSA wants to watch me but not tell their agents they can break Tor so I'm anonymous to them through it, then I'm still effectively anonymous. (That said, I'm not doing anything that would actually get me in trouble so there is that.)

Gupta
Parallel construction. You peel the data out of the cracked system, and then you use it to target efforts using in-the-open technologies or you “stumble” on some lucky happenstance that lets you nail your targets. This is much more the way these things are done.

Billings
Well, clearly you're smarter than everyone else in the security community. You should contract out.

Gupta
I did. You do know that I did a contract for NSA, don't you? Designed a genocide-resistant biometric ID card scheme pointed at Iraq and Afghanistan.

Cheap ID

Never had a clearance, never went through the wire, and never worked on anything that I did not publish: that was the deal I cut.

Billings
Yes, you mention it once or twice a year. I'm aware.

All I do is work to make sure your web browser stays unowned.

Gupta
So just consider that I might know what I'm doing, and have done my research on a rather broader landscape than the technical security analysis which most of the people playing this game are doing. The actual domain of operations is far wider than most people consider, and the result is that we lose nearly every round of conflict we have with the State about civil rights. We have to think more deeply, and we have to trust far, far less.

Billings
Your concerns and mine are slightly different as a home owner with a mortgage, a spouse, a daughter entering college in a month, and other typical midlife stuff. The state isn't my enemy. Aspects of it may be but I value law and order as well as general stability. I'm not a revolutionary and have little desire to be if it means actual open warfare, death, and suffering for folks. I don't want to live in a fascist police state but I also don't want to live in some anarchist or libertarian dream world either. I'm also a pragmatist, as doing this stuff for a living will make you.

Gupta
Doing which stuff for a living?

Billings
Working in information security as my day job ... When you contact [my company] about a security bug or a zero day, I'm one of the main people with whom you deal and I'm the process guy that works to make sure things get fixed and out the door in an organized fashion, as well as evaluating the issues (with the developers). I also started the first Oakland hackerspace, which isn't directly security related but you'd be amazed at the kind of people who come through our door.

Gupta
I spent my last six months writing software for representing complex strategic situations for analysts to discuss. Would have been FOSS too, but the project ran into Issues. Hence I have a different perspective on these things.

Billings
I understand that you do and I'm not saying your perspective isn't rational. On the other hand, if people disagree with your assessment, it isn't simply because they are uninformed or ignorant of history and security. They may just be reaching different conclusions.

Jonathan Korman
It's almost as if reasonable people may differ.

Gupta
Indeed. But there is a fundamental issue here, which is that we need to be pretty clear about what assumptions we are making when we tell users what is secure and what is not. The analysis which says Tor can be trusted is based on an implicit world model. That world model is useful. As long as people know “we assume X, Y and Z” they can decide if they agree with those assumptions.

“We assume that USG funding of the Tor network does not impact Tor's security in any way” is not something the Tor guys are in any hurry to put on their home page. That bothers me. The responses of the security community around Tor to questions about the funding stream? That bothers me even more.

Here's what responsible handling of that issue looks like; “Yes, Tor is funded by the government. We believe it's because they use Tor, and that their need for Tor outweighs any negative impacts Tor has on their ability to spy on us.” Up front, clear communication about the very real security Need To Know that the USG's funding of Tor represents. Because if the community is wrong, and that money flows because the State can easily compromise Tor in some scenarios people are going to jail or getting assassinated all over the world. We need to consider this early in the process of advising users on their risks.

Billings
What was Tor's response when you asked them about this in a friendly and mannered way?

Mostly, what I see, is people tweeting (140 chars or less) “OMFG, Tor gets government money and is OWNED!!!!” That isn't going to engender much of a conversation with them.

Gupta
Never gets that far. Every contact I've had with Tor over funding has started with pathologically hostile defensiveness because the problems are really severe. Tor doesn't exist without the State, and if you doubt the State's intention in this matter, the whole project is revealed to be a honeypot for Satan. Who can consider, in all good conscience, that they may have been coopted by what they despise?

Billings
Huh. I've talked to them about it and it was perfectly friendly. Of course, I didn't open it with implicitly calling them government stooges either.

Gupta
They were probably friendly because you basically agreed with their interpretation of the situation. When pushed from the outside, understandably, they are a little more freyed. Because if they are wrong about this, they are putting all of their users in danger and acting as a Cat's Paw for the NSA.

Not a comfortable position. Not at all.

Billings
Actually, I assume they were friendly because I know them, have talked to them for years, and, again, didn't implicitly imply anything about them. I simply asked about their funding, the questions that have been raised before, etc. I waited for the eye rolling to stop and we chatted. It wasn't a big deal. Of course, if your argument is that they are unknowingly pwned, then it really doesn't matter what they say, does it? That argument says that they can have the best intentions but their technology is so broken (without anyone knowing) that it doesn't matter.

You also have to realize how many tinfoil hat script kiddies and so forth troll them every time this issue comes up on twitter in 140 chars or less without even pretending to want a real discussion. In a lot of ways, it really doesn't matter what they say because a lot of folks make up their mind without even talking to them about it. I'm not sure why the Internet collectively forgets where Tor funding comes from every 12-18 months since Tor publishes all of their tax filings and grants on their website.

Gupta
bah internets.

“Wait, we're using your software to protect us from the government, and it's funded by the government? What the fuck?” Yes, actually, I can see exactly where the script kiddies are coming from. The simple form of this argument is pretty compelling. It may be wrong, but it's not the wrong kind of analysis.

The burden of proof is actually on the Tor project to tell us why we should expect them to be secure, given the agency which funds them. It's a critical security issue which needs open, fair, comprehensive analysis to manage.

I'd even go so far as to call it a flaw: “funded by the enemy.”

Billings
I think they point to their open and vetted code, going back years, along with their complete financial transparency.

Gupta
That doesn't tell us anything about the government's motivations.

Billings
The US government isn't my enemy. The NSA may be but they aren't the entirety of government. I'm a US citizen with ancestors that fought for the Union in the Civil War and in the Revolution. I'm not ready to declare the USA my enemy.

What does it matter what the government's motivations are if the code is secure and isn't inherently flawed? That argument only works if the NSA or someone truly has super secret mathematical voodoo that can crack Tor that they haven't told their own rank and file about and don't use in most cases where they hit Tor (or share with the FBI). The government handed over the project a decade ago.

Gupta
You can be doing your part of the puzzle exactly by the book, and still be part of a bigger picture in which your perfectly innocent, perfectly well-intentioned effort is being used to throw people in jail. And the point is not whether you, or the Tor team consider the USG as their enemy: everybody involved is on US terrorist watch lists, their communications are intercepted and so on. The government treats you as the enemy. And an awful lot of Tor users are living lives which, if subjected to full prosecutorial scrutiny, would wind up in jail cells: bitcoiners for tax evasion, anonymous for site compromises, and so on. Tor is used by an awful lot of people with something to hide, and if it does not hide them effectively, it's software which is deceiving users into acting irresponsibly, regardless of how carefully the project attempts to communicate real risks.

Billings
and yet strangely, we have a lack of prosecutions of these people ...

Gupta
Today.

Gupta
“Where did they get the names?”

Wikipedia: IBM and the Holocaust

Billings
So, given that we're never going to have any evidence proving Tor is insecure or secure in the near term, you're arguing that it simply can't be trusted because of its funding sources. Correct?

Gupta
The fact that people are being put on increased surveillance lists simply for searching for privacy tools matters.

Billings
If so, it really doesn't matter what they say.

Gupta
I'm not arguing anything simply. I'm arguing in depth and with moderate sophistication.

Billings
I'm not sure what evidence that the Tor Project could provide you that would satisfy you as to its safety since even you admit that they may be unwitting tools. There is no response that can satisfy in that case. They could all honestly say that they aren't government stooges and mean it and it wouldn't change anything. Hard to prove a negative.

Gupta
In that case, they have a problem: a glaring security question (“why does the highly intrusive spying-obsessed US government fund you?”) which you suggest can never be answered. Now tell me this: faced with such a conundrum, should users choose to trust Tor or not?

Billings
They've answered that question more than once. You just don't believe/like their answer. I'm sure I can find a blog post by them or an interview with Andrew or Roger that discusses this.

Gupta
I was asking you. I know where they stand: it's their project.

Billings
I use Tor all the time.

Gupta
Do you think users should trust Tor, if this security issue can never be resolved as you suggest?

Billings
I think a calculus can be made and that Tor can be used, yes. Otherwise, why would I use it?

Gupta
So, to be blunt, this is what I feel: with thinking at this level, we will simply never evolve tools for meaningful privacy in the future. We are simply fucked.

There is simply no model I can imagine in which the burden of evidence does not fall on Tor to explain why the US government funders are getting more out of Tor's existence than it (apparently) costs the NSA. That's the core riddle at the heart of the Tor Funding Paradox. If the answer is “gee, looks good enough to me!” then we're simply defenceless against any kind of subterfuge. We're like sitting ducks.

Billings
You've gone and read the responses from the Tor Project and its leader to this question when previously asked?

Gupta
The US government has killed roughly a million people in the past 15 years, and right now it's flying killer robots all over the world to politically assassinate people based on evidence gathered by network intercepts. If the answer, in that context, is “gee, I think we can trust them” then there is simply no hope of a meaningful political response to the world we live in.

What do they have to do? Start putting hippies in death camps?

(other than, you know, the 1+ million people in jail for non-violent drug offences, in an environment which considers prison rape to be a standard part of the punishment protocol for certain demographics)

Billings
You're turning this conversation from a conversation about Tor and its trustworthiness into a referendum on US policy and whether I or other folks approve or support it in various aspects or how we exist as both US citizens and folks with issues with aspects of US government and behavior. That's not a useful conversation here and not one that I would consider to be an intellectually honest turn. I meant to bow out 20 comments ago so I think I will do so now.

Gupta
At a certain point, one's trust in the Government has to be tempered by some realistic perspective on what they are doing.

Gupta
You are essentially saying that you believe the USG's answer to why Tor is trustworthy: “we're using it ourselves, no doubt you can trust us.” Ok, that's fine, but they're also doing this whole “killer robots working on network intercepts” thing on the other hand, at which point maybe we need to re-evaluate the veracity of their initial statements. It's sorta hard to trust mass murderers, isn't it?

Billings
Vinay, please don't construct a straw man and put words in quotes and pretend that I'm saying them. You can infer lots of things but please don't put words in my mouth and then argue with them.

Gupta
At what point do we say “the people that just stalled the global eradication of Polio to do secret genetic testing of a town in Pakistan to find one terrorist leader” are maybe not the best people to trust when we need security software funded?

Is there no connection in your mind between the vast scale of US deception on the field of intrigue to the software that we are discussing? Is there some kind of firewall which separates “how the US government does security work” from “how Tor is positioned?”

This is not a straw man at all: this entire question boils down to “do you trust the US government to tell you the truth about why it funds Tor?”

(I was not using “quote” to indicate you had said something, but to paraphrase complex arguments made by a hypothetical government employee)

Gupta
Add a PS for me, please?

Why don't leaked NSA documents mention Tor funding sources? “Tor stinks” but no query of the US government funding?

That smells so weird to me. So fucking weird.


There's more from Vinay Gupta in a long Storify of a Twitter thread: Tor and security versus espionage thinking.

27 July 2014

Radical

This keeps coming up. So a quick word about radicalism.

“Radical” does not mean violent, bad, extreme, or “too much”. It means, literally, striking at the root.

A radical leftist thinks you cannot improve our political institutions, you have to replace them. A radical feminist believes that you cannot simply pass a few laws to give women equal rights, you need to transform the whole of a sexist society. One can advocate radical change in teaching curriculum for math or manufacturing methods for automobiles or programming languages for computes or women's fashion for the next season.

I use the word “radical” descriptively, not as dismissal or an insult. Many things need a radical approach.

26 July 2014

Snowpiercer

The gnostic interpretation of Snowpiercer is too obvious.

We Live In The Dark offers an analysis of Snowpiercer which is, to my mind, exactly correct.

A lot of discussions of Snowpiercer I’ve seen have been very literal, which I think is a terrible way to read this film when so much of it is densely allegorical. The train at its centre is a clear allegory for capitalism [I’ve seen this rejected so here’s the director saying it himself this is a film about capitalism]. It’s capitalism: what was promised as an ark of salvation but became a barbaric prison for all but the very privileged.

It's not a review, it's an analysis, so see the film first.

And having said that, some spoiler-ish comments from my FB feed. Elena Rose says:

It's more like the ending of Le Guin's "Omelas": we don't know what life is like outside this train any more, we've never seen it with our own eyes, and the price of getting out is, idealists' romantic hopes aside, very high. But the price of staying in is, unfortunately, even higher, and that won't last forever either, so there we are. If you wreck the train, maybe everyone dies. If you stay in the train, everyone still dies, and maybe on the way they become something less and less worth saving by the day.

The other point of that apex predator was, of course: there's an apex predator out here. There's an ecosystem to be the apex of out here! There's enough out here for a population of polar bears to live on! The world isn't dead! And maybe humanity doesn't make it, sure, but life does. That's something.

Fiat Justitia Ruat Caelum : Let justice be done though the heavens fall.

Ihe other Big Point of the film: that final seductive chance to be the new person who runs the train, who might run it better, might take the power and redistribute some of the food, change the conditions some, use...fewer...children...as...engine parts...

We can say a lot, allegory aside, about, "Maybe if he'd taken over just for a little while, slowed the train down, gotten to somewhere near the equator and hit the brakes and given people a chance to walk off, if that's even a possible thing," but I think one of the film's arguments, take it or leave it, is that the system would warp that attempt hopelessly for the worse, and that the chance to be the better, kinder runner of that system is a false temptation, not a genuine solution. We can agree or disagree, but it seems like the filmmaker was pretty clear on where he stood on that. It still comes down to the math on which children we stick in the cogs of the engine to make it run, and how many, you know?

Which helps to inspire me to say that the longer I sit with it, the more I like the ending. This is informed by the commentary I linked.

The ending is neither happy nor unhappy. We do not need to approve of the decision to destroy the train, only to understand it.

We see Curtis' hazy Marxist dream prove to be doomed: if as a denizen of the tail section he seizes the engine, he is still trapped by the material logic of the train and simply makes himself the captain of its horrors. His compassion prevents him from doing that, but he has no positive vision to offer as an alternative. He cannot leave Wilford's order in place nor can he take command of that order himself nor can he transform the train's order into an alternative which is either superior or viable, much less both. Unable to think outside the train, he is stuck.

As Elena says, Namgoong and Yona aren't really sure that a better life awaits them outside the train. They simply cannot permit the train's cruelties to continue, and if the alternative is death for everyone they are prepared to have murdered everyone. They hope that life in the snow is possible and better — and as Yona's uncanny insight allows her to perceive what lies beyond every door, she has cause to think it may be — but they are less pro-snow than they are anti-train.

We in the audience don't have to want to destroy the train. We just have to understand why they would.


Update: Very incisive video essay:


24 July 2014

The beauty of women

Something sentimental but true I just told a friend on Facebook:

We need a vast conspiracy of lies and attacks in order to drown out the plain truth about the awe that the beauty* of ordinary women inspires in most people, men and women alike. If women were all fully conscious of this truth, society as we know it would shatter.


* (I'm talking just the shallow sense of beauty as “looking good”, here. Don't get me started on beauty in a profound sense.)

Hulk smash

Just for fun:

I am, thank you. Now, if you'll forgive me the pretention of the third person ...

Hulk must destroy to the best of his considerable abilities.

23 July 2014

Kickstarter

Timothy Burke notices something about Kickstarter.

All our institutions and organizations, of all kinds, are now tangled up in their own complexity, all of them are increasingly built to collect tolls rather than build bridges.

All that money spent on market research, on product development, on vice-presidents of this and that, and what you have, especially in the culture industry, is a giant apparatus that is less accurate than random chance in creating the entertainment or products that consumers can quite clearly describe their desire for. So clearly that the consumers are giving money to people they like who have no intention of or ability to make what the donors say they want.

16 July 2014

Jocks and feminism

A while back I learned the story of Katherine Switzer, the first woman to enter the Boston Marathon, in 1967. She hid in the bushes and started the race in disguise.

When the race director saw what she was doing, he attacked her, trying to rip off her race number.

Now there were a lot of runners who were supportive of her. But still, deep resistance to women's athletics was a powerful force not so long ago, and is still around today.

So when a friend passed along this delightful video of the first woman to finish the absurdly difficult American Ninja Warrior obstacle course, I enjoyed it not just for the pleasure of seeing her do it. What really got to me is all the jockish men in the audience beside themselves rooting for her. Look at their faces.




Little victories.

Special containment procedures

The SCP Foundation is a delightful product of our moment.

What is the Foundation?
We are the last bastion of security in a world where natural laws rapidly break down. We are here to protect humanity from the things that go bump in the night, from people who wield power beyond mortal understanding. We are here to make the world a safer place. We are the holders of wonders, and the crafters of dreams. We are why the world continues. In the short form, we're a creative writing site, devoted towards horror.

The main component of the Foundation website is a kind of encyclopedia of reports on anomalous objects, like SCP-1051:

Special Containment Procedures:
Due to SCP-1051's main danger being information leakage, efforts towards containment have been placed into denial or falsification of rumors surrounding its existence. Agents are to be reminded that any reference towards SCP-1051 or similar concepts during interaction with a civilian, whether online or offline, are to be met with ridicule and/or denial. Knowledge beyond current cultural information may require the application of a Class-A amnesiac.

I recommend following the link to read more. SCP-1051 is a great spooky little idea with a note of wry humor.

Part of what I love about it is that it's a work that is made possible by the internet. There's no other way a fictional universe of such richness could emerge from the efforts of hundreds of contributing authors.

Another part I love is that I recognized it as soon as I stumbled across it. It's a cocktail of many of my popculture guilty pleasures from the last few decades. Stories about secret government conspiracies. Pseudoscientific modern legends like UFOs and Bigfoot and free energy machines. The thought while watching the end of Raiders of the Lost Ark that the big government warehouse must also contain other lost wonders. Encyclopedias of fictional worlds like Middle Earth, and roleplaying game sourcebooks.

In a world containing other people with my geeky cultural interests, of course SCP exists.