For those without showdead on, there's an insightful comment from beedogs:
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks.
The conversation probably went something like this:
USG: Install this machine in your datacenter. Route all traffic through it.
Accept installation of this new fiber demarc and allow us access to
configure this new router. You do not need to know where this
traffic is going. If you refuse, we'll slap you with a contempt order
and throw you in federal prison. If you tell anyone about this, we will
slap you with a contempt order and throw you in federal prison.
LL: Get fucked. I'll shut everything down instead.
-----
Why beedogs is shadowbanned is beyond me. A quick glance through his comment history doesn't indicate he's done anything to deserve it.
----
Hey beedogs: I can't reply to you directly because you're hellbanned. Send an email to PG. I'm not usually a fan of posting people's contact information, but in this case it's everywhere anyway - pg [at] ycombinator.com
The official way to appeal is to ask info@ycombinator.com about it. I did that once and they said I got banned by accident.
[Edit: ignore this part, it's wrong] If anyone gets shadowbanned (which can happen for automated reasons), use this link with your IP. https://news.ycombinator.com/unban?ip=ipaddress PG made this link as an automated appeal, he says it only works once.
Emailing is definitely the way to go. I've emailed PG about a post that got flagged to death and he was fairly quick about unbanning it.
I don't think that link is for un-hellbanning an account. I think that's if you have a bot that messes up, or doesn't respect the rate limiting expressed in the site's robots.txt, and the IP of the bot gets blocked. If it were for un-shadowbanning, the username would be asked for rather than the IP address. Having said that, I forgot about that unban link -- thanks!
Just to confirm, you are spot on - the link has nothing to do with hellbanning. But I guess the most common cause is if you restore a browser session with lots of HN pages.
If the government said "comply with this order or go to prison" and he said "I'll shut down instead", doesn't that still count as failure to comply? Is that like me burning down my house in response to a search warrant?
My bet is the government told him to modify his codebase to capture passwords at the point where they're in cleartext and gave him x days to do it. He didn't refuse to do it, but closed up shop instead so he didn't have to. I doubt the government can compel him to continue running a business he wants to close down. It'd be like having a broken taillight and being given 15 days to fix it. If the person took the car off the road, they'd not be compelled to make the repair.
Perhaps they can demand he continue to do business (although it seems like a pretty tenuous request), or perhaps they can blackmail him with threats of criminal prosecution lest he keep his show on the road. Who knows?
If they asked him to produce customer data and he deletes instead, then he is in violation. If they asked him to install some middleware for all his traffic, he can just say "Sure, but I don't have any traffic anymore".
beedogs, you can probably send an e-mail to the powers that be to restore your account. If they won't, then at least you've got a new story worth sharing.
There is a fair bit of irony at play huh? All content being observed. Punishment dishes out arbitrarily and without explanation. Liberty (speech) curtailed. And this is one of the favorite platforms for pro Snowden discussions!
And all because of a legitimate policy goal of preventing the destruction of an insightful commenting community due to the chaos that would ensue if unrestrained posting were always allowed.
For the umpteenth time, moderation is not censorship. HN is akin to a private club not a country that you are born into forced to live in. And furthermore, the chaos is anything but unknown. It is mob/troll rule ala slashdot/reddit/4chan and every other online community that grows beyond a critical mass.
To Censor: to examine in order to suppress or delete anything considered objectionable.
So this is censoring speech. They have the right to do it as they're a private entity. But don't confuse their right to censor with the definition of censorship. I see that happen a lot.
Wow. Fantastic. A flip comment is hardly worthy of a hellban. What gives, admins?
(For what it's worth, that was in reference to the "NSA to cut sysadmins by 90 percent" story from yesterday. As a SA, I can tell you right now that if someone decided to increase my workload by 1000 percent, I'd walk, too.)
As someone who ate a bunch of hellbans, even subtracting my personal learning process, I would say posting on HN is kind of like turtle eggs hatching and trying to crawl across the beach into the ocean before the birds snatch them up. It seems as if oldtimers can sometimes post things newbies would never get away with, and newbies get treated extremely harshly for making a slightly wrong move too early on.
edit: sorry, I didn't realize we're talking about an acount that's over 5 years old... so none of what I said applies here, and I'm just as puzzled as the next guy.
turn on showdead and you'll find dozens of other cases where people have been banned for similarly egregious reasons. In some cases people go on posting for years without knowing their posts are dead. it's the most horrible aspect of HN.
I've seen mentions of of this but didn't realize that people weren't even being notified. That's fucked up and I really think this policy needs to be reevaluated.
I was also surprised to find it here. Afaik the name (and popularization as a forum-management technique) comes from SomethingAwful, but it fits the culture there.
I've always been kind of confused about that... after a few comments, if you see they never get a single upvote, and never get a single reply... wouldn't it quickly become pretty obvious?
People should post some contact information in their HN bio. I agree, this is the ugliest part of HN, and it's sometimes nice to be able to give someone a heads up as to what's happened so they don't go on wasting their time posting comments that most people won't see.
Granted, there are other cases like losethos (or whatever his screenname is) that are repeat offenders and deserve to be hellbanned. (Yeah, I know his case is due to mental illness.)
If that's the case it seems your profile got blanked when you got shadowbanned. Here's a screenshot I took of it: http://i.imgur.com/KbS3heF.png
---
It's just occurred to me that you're probably referring to the email field, not the about field. Anything in the email field isn't public, and I'm under the impression you don't get notified when you're hellbanned, which is pretty much how it gets its name! If, on the other hand you put your email address or other contact details in the about field, and they're no longer there, then that's a different matter. For example, my email address is in the email field of my profile but it's not public. The only public information that's there right now is my Twitter name.
Wow. I'm trying to think of something more to justify this comment, but "wow" is all I can come up with. There's moderating, and there' being kinda inhumane :(
There are other options. For example, if someone's status = hellbanned, them change the header bar to reflect it. It's simple and doesn't require anything to be sent out.
Yeah, to add to this further, the reason is to slow down the user so it takes them a while (if ever) to figure out they're banned, otherwise they'd just create a new account which would be more work for the mods and would drag down the quality of comments and content submitted. (Of course, this assumes the person being banned is being banned for justifiable reasons.)
That's what I did this time. I tried to Google some contact details for the guy (Twitter account, etc), but who knew there were bee costumes for dogs? His profile was blank too.
Yes this happened to me, despite being polite and courteous. Was very fucking annoyed.
It's unethical. Surely locking a thread is ok, but allowing people to toil away without any remark is just plain wrong regardless of who it is or what they say.
I mean even 4chan manages to reach a higher ethical plateau than HN on the moderation front.
Pragmatic response: If you can, put some way of contacting you in your HN profile. Conscientious HN readers will send you mail if you're posting thoughtful comments but are hellbanned. You can then contact the admins, and I've found they are typically amenable to restoring your account.
I think maybe you'll think twice next time before making a emotional quip with no actual content. If I was a mod, there would be a lot more hellbans being handed out in this thread.
Why should he have special privileges? I got none in the several times I've been banned. If you don't like the game, go somewhere else (reddit) to play.
There has been actual well known engineers who have been hellbanned from HN. They didn't get special treatment either. If you want a nepotistic forum, make one yourself and see how well it does...
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks and ship unencrypted communications directly to the NSA.
The conversation probably went something like this:
USG: Install this machine in your datacenter. Route all traffic through it.
Accept installation of this new fiber demarc and allow us access to
configure this new router. You do not need to know where this
traffic is going. If you refuse, we'll slap you with a contempt order
and throw you in federal prison. If you tell anyone about this, we will
slap you with a contempt order and throw you in federal prison.
LL: Get fucked. I'll shut everything down instead.
The truly terrifying thing about this scenario is that they're likely already doing this elsewhere on a huge scale.
For the umpteenth time, PRISM is just a database, it's not the program that siphons data from all the telcos. PRISM only contains data that is retrieved via NSLs, Subpoenas, warrants, cooperating parties and possibly data siphoning if it's found useful and has been tagged/organized.
If we want to fight the government on this, we'd better know what we're fighting against.
>If we want to fight the government on this, we'd better know what we're fighting against.
Yes. The gov is very careful with their admissions. They have and will continue to narrow the focus of the debate as much as possible. Notice the President's proposed compromise yesterday focused on the possibility of reforming part of section 215 of the PATRIOT act. This might answer the original Snowden disclosures and should have been done weeks ago. The disclosures to date go quite a bit further than that which can reasonably be addressed by section 215 reform. They want to play a shell game, and if we aren't observant, they will turn this fiasco into a win for them.
It's not terminology, it's basic ignorance about what the government is doing and how. You can't fight NSA snooping on any level if you think that they're sticking a vacuum hose into your server and siphoning out all the bits. These details are important.
No one in this thread suggested that the NSA is copying data out of servers except you. It has been reported that they are wholesale tapping communications lines, and trying to collect SSL private keys, so Sneak's sentiment is not wrong. To argue terminology is to play their game, which they are good at and we will lose. If you disagree with something on a factual level, say that instead.
If a reporter asks a government stooge if the NSA engages in bulk collection of Americans' data, the stooge can say no with a straight face because the NSA has officially defined "bulk collection" to mean something other than "collecting in bulk." In order to carve through their lies, we need to be able to understand and navigate their twisted terminology.
Where is this blanket outrage you have imagined? There are other programs that do what the original comment suggested. To get hung up on the fact that they are not called PRISM is to miss Sneak's point that the NSA is already doing it.
No, PRISM is the facility that allows them to take data directly from backdoors in Facebook, Twitter, etc. It's complemented by upstream, which allows them to collect disorganized data on a much larger scale.
PRISM and upstream are the two data siphoning programs that have names.
XKeyscore is the PRISM db search plugin/front end. There's a giant vacuum of everybody's personal data and XKeyscore allows you to see it in real time while it's archived into PRISM or look it up afterwards.
Bruce Schneier: First, be careful with names. PRISM is a specific NSA database, just a part of the overall NSA surveillance effort. The agency has been playing all sorts of games with names, dividing their efforts up and using many different code names in an attempt to disguise what they’re doing. It allows them to deny that a specific program is doing something, while conveniently omitting the fact that another program is doing the thing and the two programs are talking to each other. So I am less interested in what is in the specific PRISM database, and more what the NSA is doing overall with domestic surveillance.
Does what we're fighting against even have a name?
If you don't have a name to reference something with, you give it one. PRISM is fine except insofar as using it would let the government go "oh we've reformed PRISM, nothing to see here" while continuing all other kinds of malfeasance.
That doesn't make much of a difference. The prosecutor only has to make the charge remotely plausible in order to coerce a guilty plea to a lesser charge. (This is what they did to Aaron Swartz.) With a 20-year maximum sentence, anticipatory obstruction is a mighty powerful lever.
From the URL that ibejoeb posted above (italics are mine):
Unceremoniously titled “Destruction,
Alteration, or Falsification of Records in Federal
Investigations and Bankruptcy,” and part of § 802 of the
Sarbanes-Oxley Act of 2002, § 1519 provides:
Whoever knowingly alters, destroys, mutilates,
conceals, covers up, falsifies, or makes a false
entry in any record, document, or tangible
object with the intent to
impede, obstruct, or influence
the investigation or proper
administration of any matter
within the jurisdiction of any
department or agency of the
United States or any case filed
under Title 11, or in relation to
or contemplation of any such
matter or case, shall be fined
under this title, imprisoned not
more than 20 years, or both.
That's absolutely the best part, and that's why Zimmermann's comment almost seems naive. "...before justice comes calling" is exactly what they're talking about here. What is contemplation, and when does it begin?
I learned from Hanni Fakhoury of EFF that a proposed defense in this kind of action is to have had in place a strict data retention policy. For example, prior to beginning operations, the policy would state something like "we will retain all data aged 6 weeks or less; older data will be destroyed." Now, you adhere to that policy, perhaps with some activity record around the procedure itself, and your argument is something like, "it is not obstruction and not anticipatory obstruction because we defined and abided by the policy before anything happened, before any event warranting an investigation could occur, and, therefor, before contemplation of an investigation could occur."
I could swear I read an article a couple of years ago about a wall street bank losing an obstruction charge specifically because of an email retention policy just like you described.
Bigger picture, we all know that the reason companies implement email retention policies is to minimize the risk of the discovery process in any potential lawsuit - practically the cost of storage is nil so any savings there is a drop in the bucket. The policies are huge productivity killers for all employees -- everyone I know who has worked under such conditions has had at least one case where they needed information from an expired email that they had not personally archived. The only reason for a company to shoot itself in the foot with a policy like that is because it is easy to imagine a one-shot potential million dollar liability loss compared to the essentially unmeasurable productivity loss spread across the entire company on a daily basis.
Once you've been contacted the first time under an NSL letter, what stops you from choosing to broadcast the entire duration of the ordeal.
government: "Here's an NSL."
recipient: "Cool deal. I will respect it and not mention it to anyone, but be aware that from this point forward I will always have a device that will broadcast every interaction verbal or electronic that anyone has to me publicly live in real-time to the Internet. You have the right to remain silent. Do you understand? Anything you say may be used against you in the court of public opinion. Do you understand? If you wish to continue to communicate with me, be aware that any statement that you or anyone from your office makes to me will instantly and irreversibly become part of the public record."
On top of that you can hand them a special email address for their use only and you can delete your own personal email. You can also wear a shirt with friends and family that informs them in big bold letters that everything is a matter of the public record.
This would essentially serve to shield you entirely from secret communication by placing a "force field" of publicity around you. There might be some law somewhere that prohibits this tactic, I cannot imagine how they would counteract this tactic legally so long as you always greet them with disclosure that your are recording everything. I imagine that they could try to force you somehow to interact with them in a location that prohibits recording devices.
Courts are made of people, not computers; and they care about the bottom line, not the reasoning behind the loophole. What you describe -- and every other thought experiment, like warrant canaries -- is a good way to spend the rest of your life in jail for contempt of court.
If you get an NSL, shut down your business and leave the country.
Putting the data on Dropbox's service may well be a felony itself. They don't really care how you transmit the gag-ordered information to the third party.
Also, AFAIK, they get to read the NSL/FISA warrant but not keep a copy. So there's that, too.
We can already see the Ladar knows how to use publicity. Every time he ends a communication, it's some unsupported, wild accusation that gets everyone talking. I feel like everyone is throwing away good scientific skepticism to jump on the anti-NSA bandwagon. There is a legal and logical reason for the NSA to have some secrets. Ladar should be more forthcoming however. He has yet to say anything substantial, imho. There is plenty he could be saying but the press loves this shit; they will do fine without actual content in their releases.
The thing is, no NSL is keeping Ladar Levison from telling us what he knows about email in general. NSLs are specific to the information being sequestered, everything else if fair game. Yet he says "if you knew what I knew." That's just immature posturing. Tell us what you know or say nothing. Waving around your supposed "big secret" in the press like some celeb for gossip? It's not what honest engineers do. Every time I hear a word from the mouth of this Ladar character, I trust him less.
This idea of "Using a force field of publicity" is completely illogical because all it does it serve to fuel wild speculations and distractions! Where are the FACTS?
He did share the problem with us. The problem is that he's not allowed to say exactly why he had to shut down 10 years of work. That's not speculation---it's his account of the facts. Presumably we give him credibility because of the history of Lavabit. I know I do.
Yes exactly, that's all we know. Lavabit got an NSL. Snowden had an email account there in July. We knew that for a while now so what is this post about?
You're reading too much into the title. That's just using a quote to get page views, so don't get hung up on it. The actual content is about what he went through, which is still relevant.
He should contest the NSL gag orders. They've already been declared unconstitutional at least 3 times, but they managed to trick the justice system by changing a few random words in the law (with the help of Congress), in effect creating a "new" law that was wiped clean of any "unconstitutionality" ruling.
The NSL is still unconstitutional in principle, it's just that it needs to be contested every time they change the law to escape the ruling. Hopefully this time Congress will stop playing along and creating new laws for them.
Kind of like how pharma companies change a tiny little thing about a drug at the end of its patent term, and then have an entirely "new" patented drug to sell.
Maybe it's time for a new type of email service. Something along the lines of two way auth, private key on cell phone, public on server. Cell phones have cameras now, so you could generate a QR code or something which your auth app could look at and generate a response in order to generate a unique token to gain access to your message(s). On the server side guys could have a deadman switch which would purge all data if not heard from administrators for 12 hours. That way they could delete data and not be in jeopardy of obstructing any government or whomever is seeking to gain access. Bonus points could be had for not hosting in US too.
The whole problem with email is the asynchronous thing.
You want to be secure, then it needs to be in such a way that there's minimum reliance on a central server. But in that case, what happens if your local machine (which is both your mailserver and an end client) is offline? Should the email bounce around in the network (like bitmessage does)? Or should you notify the sender with the standard "Mail Subsystem Delivery failure" that we all know and love.
Actually after reading this, I want to seriously sit down and write a spec but if I include the assumption that there is a chance for the end-server/recipient to be offline, it throws everything into chaos.
This is really the crux of it for me. Peer to peer is no good because it requires both parties to be online. The best I've been able to come up with is multiple servers, which work a bit like command and control servers for malware. Sync from client to server. Server replicates to other known servers. When a server is threatened, shut it down. Update server list on remaining servers to let clients know a server is gone. Add a new server and similarly let clients know.
This requires at least 3 servers to be online at any time. It also assumes client-side key gen and encryption. There are a few more subtleties I'm building in, but that's my thinking so far.
How about a client that does the following, but still uses email: A secure attachement creation client.
You type your email into the app, which is just a word processor. When you send it - it saves an encrypted attachment, attaches it to the message and sends via email.
The other party will need the client to read the attachment, and their client will need to connect to a secure central ID entity to confirm they are the recipient client which can open the message.
This is something which I did not think. It's basically like sending truecrypted packets between people. But this doesn't solve one problem - metadata. I still know you sent an email at time X to person P2. Tor's method of onion routing looks quite nice though.
I still know you sent an email at time X to person P2.
We need a giant public "mailstore" where everybody (or at least a large pool of people) put the encrypted messages with encrypted recipient information. Everybody who uses this mailstore gets a copy of every message posted to it, but unless they are the intended recipient with the right private key they can't make heads or tails of it.
Maybe usenet could be drafted into handling it. Usenet already handles terabytes of encrypted data on a regular basis nowadays.
I don't think we can solve meta-data issue any time soon. But I am really disturbed by the slide in the NSA XKeyScore ppt that said "Show me all word documents sent [emailed] from Iran that contain X" -- This is NOT something I can accept any intelligence agency having the capability to do.
Ok, what about a new email spec. That as a part of it sends random noise at random intervals. This makes it hard to determine if you actually sent a mail, or if it was just the noise part of the spec. ...
Wait, that's so wrong. Why don't we just fix our laws. ...
Wait, we will always have bad actors or regimes, do we just design for that?
When you're worried about things at this level, laws are just an external dependency not under your control, i.e. a security hole waiting to be exploited.
Indeed, the nature of email transport is such that security should be somehow enforced while it's not in your domain of total control. It should be presumed all sorts of eyes are looking at your package and should be dealt with accordingly. One approach is to write locally, encrypt and send it. Likewise for receiving - receive encrypted and decrypt locally. Thing is how to make this happen to work unobtrusively for users as well as how to make it work with current infrastructure of users not using encryption. That's the challenge.
NB: All presuming NSA or whoever doesn't have capability to break your encryption scheme. Great addition would be if attempt of breaking in to your package could notify you, but that's not technically possible as far as I know.
I don't think the encryption thing is the problem. I honestly have a hard time accepting that he was unable to provide decrypted content even with a warrant. That pretty much makes this a Swiss bank account for data and you better believe criminals would be all over it. I'd rather go through legal channels to end violations of due process.
But I'm still not entirely clear on what lavabit used to do to encrypt email once it arrived on its servers. As far as I can tell, they still store an encrypted version of the private key, that they can't decrypt with the other data they store: but would be able to decrypt as soon as a user logs in, and supplies them with the password (again).
So while they don't store enough information to decrypt information, at any point when you log in; you provide enough information for them to decrypt all the stored emails.
Additionally, they could store a plaintext copy of all new email. If the mail you receive is already encrypted with something like GPG, the cannot read it, of course.
There are already some existing Bitmessage gateways such as http://bitmsg.cc/. Looks like using something like this would be a better solution for a Lavabit-successor: Use a secure messaging protocol and then only use gateways to send messages between the traditional email world and your own secure protocol.
Of course, the gateway could still log your messages, but the same security issue applied to Lavabit. The main advantage is that once the gateway has forwarded your message, no one can force the operator to retroactively decrypt the message.
Bitmessage sounds like one potential solution for this, but it has some scalability issues. Using RetroShare would be another approach.
So why doesn't he share with everyone? If he's willing to shut down his service in the spirit of security, why not expose details in the spirit of transparency?
I can't imagine all of it would be subject to a lawsuit.
Well, presumably because he doesn't want to end up in jail or Russia.
I very appreciate his actions, what he has felt able to say publicly and his dilemma in general. Part of me wants to call him a coward, but I can not say I would do better. I can't criticize. What this does show is how brave and "heroic" people like Snowden, Bradley, and the like really are.
What would be interesting is to see if he tries to get his story heard via routes acceptable to government, and if so, what happens.
I'd imagine that it's because under the current law he's gagged. Disclosing an NSL to the public (i.e. anyone that's not his lawyer or a judge) is something that will send him to jail. Rather than go to jail (where less useful and free), he's using his standing to try to have a legal precedent set that being gagged by an NSL is unconstitutional. Hence him asking for help with legal costs.
> I can't imagine all of it would be subject to a lawsuit.
Where have you been all this time? Have you not read the news recently? Basically every US IT company is being NDA'd and backdoored/taped. Lavabit is the first one in choosing a different option: closing the business.
I'm leaving out a lot of transport detail for brevity, but that's the essence.
Also, email is generally stored unencrypted at rest. Even if you take precautions to secure your own mailbox, the recipient might just have it floating around in plain text in their Gmail account, just waiting for it to be nabbed by whoever can get a court order, or whatever.
Also, even if your email is encrypted, the metadata isn't. So you can figure out who is talking to whom, when, and usually from where (by the IP address). Also, there are a lot of headers indicating details about your computer (if you used a fat client rather than webmail), such as the user-agent header which indicates what software you're running (e.g. Thunderbird, version x, on Linux/Windows/OS X for x architecture, etc) which can give clues about how to attack that client with some 0day exploit.
> What about an alternate messaging system addressIng these issues ?
In case he was talking about unencrypted email, it's obvious:
-> Only use encrypted email (with an email client).
In case he was talking about encrypted email, all the "metadata" is still open (sender/receiver address, time/frequency, message subject). Then you can cross-reference that data with other data to get a more precise picture of the users.
>>-> Only use encrypted email (with an email client).
>
>In case he was talking about encrypted email, all the "metadata" is still open (sender/receiver address, time/frequency, message subject). Then you can cross-reference that data with other data to get a more precise picture of the users.
But this isn't much different from the technological metadata needed to transport snail mail (the sender of an e-mail is usually, unless messing around, known whereas snail mail only has a return address ; the subject field isn't mandatory).
Mail encryption ensures the same level of privacy (regarding the 4th) a user of snail mail could expect.
Snail mail can be sent anonymously though. It can be dropped in a public mailbox with no return address on the envelope and it will be delivered. It's also much more physically difficult to track. Yes the post office does now optically scan mail for sorting and routing, but that doesn't happen until it gets to regional sorting centers, making the precise origin impossible to discern.
Well, shutting themselves down since they can't deliver perfectly safe and secure email because the problem is technically impossible.
SilentCircle's other services are still up and running, for example, because they can be made secure.
Ironic in SilentCircle's case (if you're an HNer) is that PZ noted to the BBC how important his service was because it protects Navy SEALs deployed to areas fighting terrorism where they might otherwise be detected.
email is a tool. you can use it for what it works for.
it doesn't have to be used for all communication.
assume a world where all your emails are archived in publicly accessible databases. you've lost privacy, but could it still be a useful tool?
send birthday emails. send your friends funny cat videos.
you don't have to use email for everything you used it for before -- you can just use it in different ways. i would still like to be able to near-instantly communicate with relatives across the world.
i know bacon clogs my arteries and making bacon has a terrible environmental footprint relative to eating only grains, but i love it.
you're missing the point: maybe email is not good for privacy.
the article is about not using email.
no tool is perfect. you know what would be great? if hammers cured cancer. they don't though, so we just use them to hammer nails into wood.
speaking to people in public places is also a way to communicate, though equally bad for privacy. if there's nothing you can do to change the privacy attribute of "speaking to people in public places", does that mean you should never do it again?
or: use codes that only you and the other person know, hold hands and tap morse code into each others palms, find secure rooms.
people get upset when one tool doesn't do all the things they want, but its a weirdly tech centric thing.
"your startup doesn't do X so i'll criticize it". you can play the "need more features" game ad infinitum -- but nobody criticizes cast cups for their failure to keep drinks cold indefinitely or couches for failing to give them back massages.
Because a feature makes a tool better doesn't make it a requirement for its usage.
>or: use codes that only you and the other person know, hold hands and tap morse code into each others palms, find secure rooms.
What? What am I some sort of criminal on the run?
You're missing the point!!! -- This whole damn thing is completely unacceptable.
I don't give a shit about "legal" the government is an institution made by men, and these actions and programs are wrong. The term "legal" holds absolutely zero meaning to me any longer.
What is more mature: calling out bullshit as it is or acquiescence to something that is completely wrong due to lack of testicular fortitude?
I am in no way "kicking and screaming" in an immature manner, I am instead saying "fuck you" to a system with which I will acknowledge no further authority over me.
I am no longer interested in the opinions or doctrines of the agents of all systems in this world which are not singularly for the advancement of Humanity as a singular species.
I am not american, Jewish, atheist, ethnic, sexually-preferential or any other wedge label.
I am a conscious being who is, from this point forward, only accepting of an advancement of the Human Race without any profit motive (money, ego, power, resource) outside of that which benefits the entire planet.
It's not a stupid question, but often times open sourcing something involves one or more of the following:
1. Documenting everything so it's actually usable. At a minimum, "here is how to install the dumb thing" should probably be documented.
2. Often times there are hard-coded values that would need to be extracted out for security reasons or to simply allow someone to install it on a system not quite like yours.
3. Often times there are other dependences that would also have to be open sources such as modifications to libraries, internal libraries released, shell scrips, cron jobs, messaging queues, delayed job worker tasks, etc that the system may rely on. These all need to be packaged up, documented and/or released.
In short it is a ton of work to take something that is running in our way on our hardware and generalize it enough that anyone else can run it.
On the other hand, you wouldn't need their service to give you the protections they offered. Essentially, encrypted email storage. You can get that mostly off the shelf using any linux distro if you run your own mail service.
I didn't use Lavabit because I mostly don't use email, but I'm guessing Lavabit was an easier service to use rather than setting up your own email service. I think @ssimpson has a point though. I don't think he [Ladar Levison] would be turned off by the difficulty of the task of open sourcing his project, but he may be waiting to see how the case works out first.
As far as I can tell it is a service that suffers from many of the same things as other services, especially concerning email that is sent to a recipient in clear text:
1) The email can be intercepted in clear text
2) If the service is compromised; a plain text copy can be made
3) If the service is compromised; a copy of the session key can be stored
4) If the service is compromised; a predictable/insecure session key can be used
5) They store a copy of the secret key; if the service is compromised - all session keys can be recovered when the user logs in (provides the password).
I've thought about engineering a similar system; but one based around GPG -- have users upload/associate a public key with their account, and if they receive unencrypted email encrypt it to them using their public key. 1,2,3 and 4) remain though -- and 4) may be the worst as it is almost impossible to detect/defend against AFAIK.
An alternative would be to set up a service that detects whether or not incoming mail is encrypted, and rejects it if it is not (along with information of where/how to install and set up GPG).
As others have mentioned this would not help with the who talks to who meta-data problem.
> He doesn’t have the technological capability to decrypt his customer’s data but if someone could intercept the communication between the Lavabit’s Dallas-based servers and a user, they could get the user’s password and then use that to decrypt their data.
Is it really what I understand from this or LL is trying to say something else.
""The way we encrypt messages before storing them is relatively unique. We only know of one commercial service, and one commercial product that will secure user data using asymmetric encryption before writing it to disk. Basically we generate public and private keys for the user and then encrypt the private key using a derivative of the plain text password. We then encrypt user messages using their public key before writing them to disk. (Alas, right now this is only available to paid users.)"
Does not make sense to me. Lavabit claims that it cannot decrypt customer's data, but if someone else could read what goes through Lavabit server and a client it could decrypt the data?? So, how come Lavabit can't do tha same thing?
But my guess is he's referring to replacing the login page's Javascript code with a malicious one that phones back the plaintext password. Kinda like a keylogger.
Lavabit's original architecture only store's an encrypted version of the private key needed to decrypt the messages. The private key is encrypted with the users password, and they don't store this password in plain text.
However; if you could intercept this password, and already got a copy of the encrypted private key as well as the encrypted data from lavabit, you could then decrypt the data.
Presumably lavabit didn't want to back door their services, by either storing a copy of the session keys, the password, or the plain text -- and chose to shut down instead.
“In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said. (from article)
I am a new immigrant to America. I came with my wife from Australia 8 months ago. All my life I heard about how the US supported the freedom and rights of its people, and now that I'm here, I find that that was a sick joke. This place is a KGB state on the brink of happening.
I went the other direction, from the US to Australia, and I've been watching from afar as the remnants of the America I grew up taking for granted are being systematically and increasingly quickly stripped away.
I'm in the same boat, though I took an intermediate stop in Ireland. It kills me to see the country I grew up in and still love losing its soul. This is most definitely not what the Founding Fathers had in mind when they drafted the Constitution.
Forces of the Federal government have been on the march and increasing power for the last 140 years. They show no signs of slowing down, let alone stopping.
The irony is that the original impetus for the Federal government to assert supremacy was to give freedom to the slaves -- the right thing to do, but it's unlikely that we'll recover from that power shift any time soon.
My great grandmother spent 15 years staying up late at night to watch which buildings the KGB agents went into and who they black bagged every single night. My great grandfather's brother was black bagged and dragged away in the middle of the night. My family found out where he was buried decades later through an government inquiry after the attitude towards these inquiries had changed (before, if you sent one in, they instead dragged you away).
The moral of the story is that the US is not nearly as bad as people might think/say, but governments watching people's every move is the first rung in the 1000 step ladder down to hell.
Somewhat, I think. I think a good way to judge a society is by how it treats its worst citizens. Holding someone without a fair trial is bad if you say your core value is that all people deserve a fair trial. Arresting someone without a warrant is bad if you say that the police is not the judge, jury, and executioner.
However, there is a difference here in frequency/intensity. My great grandfather's brother was innocent as far as I can tell. He held a fairly high city-level position as a factory manager, so when he spent enough years in his job someone decided that he got a little too comfortable and might nt fall in line if push came to shove (remember this was Stalin, the paranoid maniac bank robber who killed tens of millions of people for fear of being replaced). This kind of stuff does not happen in the US. You have to piss someone off at the Federal level to get on a kill list. Bad mouthing the government is still fine so long as you do not leak actual facts.
While I agree we've seen worse regimes in history, I'm not sure we've seen much worse "democracies" in recent memory.
Circumstantial evidence is apparently now enough to both be disappeared and assassinated (never mind the collateral damage). No judge, no jury. This isn't the rule of law any more.
Add to all this the fact that we can now assume the NSA possess comprehensive evidence that could be used to indite major financial institutions in the wake of 2008 -- and yet that is seemingly impossible. The fact that "it's not quite as bad as Iraq was under Saddam Hussein, only with less government health care" -- isn't a very strong argument.
"So the poor and the ignorant go to jail
while the rich go to San Clemente"
-- We Beg your Pardon America
Gil Scott-Heron, 1975
Circumstantial evidence is perfectly legal and does get many people convicted every day. One piece may not be enough, but you get supporting evidence and you have your case --it's a very basic tool.
Indicting savvy bad bankers is very very hard. That and when the investigative ranks (those who understand the intricacies of finance law, etc.) are reduced to a fraction of what they were makes it even more difficult.
I should've made an effort to make two distinct points:
1) killing someone over circumstantial evidence alone is questionable
2) killing someone based on unilateral interpretation of any evidence (as opposed to the result of a verdict from a court) is questionable
Other than that: Are you seriously arguing that it is harder to verify if someone conspired to defraud, assuming the NSA could provide rich evidence of both communication and content, than it is to prove that someone is conspiring to do harm?
That is: in the latter case you (would/should) have to prove intent before any crime is committed (and that a crime is likely to be committed) -- while in the latter case you would only have to be able to document the most likely path that led to recorded events taking place? You're even able to document profit, in the case of the banks.
I agree with your points 1 & 2. It's questionable.
to the other point, yes. Securities laws, from what I can tell, are very convoluted. Even experts find it hard to tell when one enters or exits the grey areas. In addition, in 2008, there were other considerations to take. Until, I know better, I don't think the NSA is allowed to use whatever information they have, to prosecute domestic crimes. They may 'tip off' the SEC, etc. but the SEc must gather their own info and evidence. Also, it's not as if the NSA are experts in Securities. They look for physical threats rather than soft threats to the economy/population.
IgorPartola, it's not about where we're at at the moment, it's about where we're going, and currently, that doesn't seem to be a good place.
No, this isn't Stalinist Russia, but the question is, if we continue down this route, could we BECOME Stalinist Russia, or something similar? I think that the consensus on that is definitely yes. Intimidation of journalists, secretive detainment, interrogation and assassination, the USA is definitely headed down a dark path.
I cautiously agree. The government watching people is a very bad thing. It should be the other way around.
However, I want to emphasize that if you invoke the slippery slope argument, you better realize that the slope is very very slight. Instead, I think it makes sense to talk about things on a case by case basis. For example "NSA does more harm than good" is a more rational and direct argument than "NSA is the coming of Stalin to America".
On top of this, there is the big picture: the US's largest export is weapons. This leads to a lot of people hating the US, which leads to terrorism. That leads to counterterrorism in the form of drones and spy agencies. Even if the US made nice with the various governments around the world that do not like us, we would be stifling our main export, so there is no incentive to do that.
chasing, when I was living abroad, I had a Palestinian friend who worked with me. One day he told me his neighbors had disappeared in Gaza because they were vocal against Arafat. I might be spoiled, but I've seen where a lack of freedom leads.
I just thought America was a place where this stuff wouldn't happen, and where the people were protected by the Constitution. Guess I was being naive and idealistic.
> [paraphrasing] We're still better than [other country] so it's OK!
If two countries have a problem then the problem isn't worth fixing?! I've never understood this retort. This is the USA, we're supposed to be crazy about freedom not "eh, we're slightly better than the competition for now so let's take a nap and see where we wind up in 10 years."
I was in love with the passion of the American people for civil rights. I visited in 2004 and read Archibald Cox "The Role of the Supreme Court in American Government" and "Freedom of Expression" in the Boston Public Library after some college student left it on a table, and then went and annoyed other Australians about it for years.
I came here because I wanted to create a better life (the same as any other immigrant), not because I had any axes to grind. Can you blame me for being disillusioned? Again, not cool.
I don't know, barking. I make a lot of mistakes. Most of them before breakfast...
If you want me to justify my reasons for moving here, fine.
Australia was starting to slide into a quiet recession(link below), and I was having serious issues with some of the decisions the government was making.
That and I had always been fascinated by the "American dream". We saw it in movies and theatre growing up and I wanted to check it out for myself. Is that so culpable?
Totally understandable. Even though American culture seems to be seen around the world, you rarely hear of the issues.
In Canada, there is less isolation/insulation. I've stated for many years now that I'd refused to move to the US until their country is fixed. Which is a damn shame, because there is so much cool, interesting shit happening.
Tell me about it! By being part of the tech industry here, you get to rub shoulders with the likes of Zuckerburg, Dorsey, & Bezos. That type of exposure just doesn't exist in Australia. Unfortunately there are some other issues though....
Why don't all these tech companies form a coalition and release the details together ? The government would never dare going after a dozen companies at once, that would in essence spell doom for Silicon valley (and Obama's liberal rhetoric, such as it is). Surely there are times when breaking the law is the right thing ?
"What happens to your customer's e-mails and data?
Levison: I'm looking into setting up a site where users can download their data and set up a forwarding [e-mail] address, but that may take a week or two to set up. That's all I can do until I feel confident that I can resume the service without having to compromise its integrity.
I will make it clear that I don't plan to use any encryption for that site. [People] should only use it if they feel comfortable with the information being intercepted. And yes, I do plan to have that disclaimer on the site.
Unfortunately, what's become clear is that there's no protections in our current body of law to keep the government from compelling us to provide the information necessary to decrypt those communications in secret.
I'm still looking at seeing if that's even logistically feasible -- there's half a billion messages [sent in the 10 years Lavabit operated]. By shutting down the service, I will be losing the infrastructure that I used to support all those people.
There's stuff that I can't share with my own lawyer. This is going to be a long fight."
It's a secure e-mail service. If you had some sensitive data and thus used a secure e-mail service, wouldn't you prefer your sensitive data to be destroyed or fall in the hands of the government in the country where their servers are?
Good chance he had some clients who'd rather see that data destroyed.
I hope he advised all users to backup regularly, though. :)
If you are willing to leave your security in the hands of some third party like that -- and do not think for a moment that you are doing anything else when you use Lavabit/Hushmail/etc. -- it is probably because you do not want your email to vanish like that (and security comes second to convenience for you). Think of the alternatives:
* Keeping your secret keys on your disc. Now you crash it, format it, etc. and lose all access.
* Smartcards -- better not lose it!
The reason people use Lavabit is that they want to maintain access regardless of the system they connect from. Of course that also means that other people can gain access (your security is now reduced to the strength of your passphrase, a classic bad strategy), but Lavabit users do not really care. Hushmail and Lavabit both had headline-making stories about how they handed plaintexts over to the government and did not lose their customer base over it.
From what I've read I'm under the impression that his paying customers have their mailboxes encrypted. The mailboxes themselves probably aren't deleted, but login has been disabled to protect his customers. There's a point where the password is in an unencrypted state on the web server, and he's probably been ordered to stream these unencrypted passwords off NSA HQ. By shutting down, LL is protecting against passwords being compromised.
Also, if I understand this correctly, his customers most probably had a copy of the emails on their computers so their loss was only the email address (and emails eventually received after the closedown).
his customers most probably had a copy of the emails on their computers
Based on the fact that a number of them are talking about having lost data, I suspect that at least a significant number of customers only used webmail to access their accounts, so they never had a local copy of their data.
It's still showing not encrypted on the screen which allows all sort of possibilities when done on a browser. For example, let's say you're using Chrome, hard to make sure page contents are not being used somehow.
Which will still see your data unencrypted. And there are open-source browsers too.
In any case, as I said several posts ago, a number of Lavabit customers were complaining about having lost their stored emails; if they were using a desktop email client with IMAP, that wouldn't be the case.
My guess (and he intimates this in his comment about backdoors in Chinese products) is that the US government asked him to basically break his entire system so they could do MitM attacks.
The conversation probably went something like this:
-----Why beedogs is shadowbanned is beyond me. A quick glance through his comment history doesn't indicate he's done anything to deserve it.
----
Hey beedogs: I can't reply to you directly because you're hellbanned. Send an email to PG. I'm not usually a fan of posting people's contact information, but in this case it's everywhere anyway - pg [at] ycombinator.com