qubes-fan at tutanota.com:
> Feb 16, 2019, 4:08 AM by xaver at protonmail.com:
>>>>>>>>> Sent with ProtonMail Secure Email.
>>>> 鈥愨愨愨愨愨愨 Original Message 鈥愨愨愨愨愨愨
>> On Friday, February 15, 2019 10:58 PM, <> qubes-fan at tutanota.com <mailto:qubes-fan at tutanota.com>> > wrote:
>>>>> Dear Patrick,
>>>>>> I appreciate your answer and understand your point of view. On the other side, the issue raised by the law in Australia (and GCHQ asked for that too, like the request of ghost user in all the "encrypted" conversations) is an important security concern and should be taken into consideration in the thread/trust model not only with Whonix, but with all the HW, SW, infrastructure and personnel. As of today, it is not.
>>>>>>> While this threat is certainly a concern it is nothing new. Although new in Australia, many other countries have had similar laws and/or don't have any laws that would prevent the govts from forcing a person to do pretty much what ever they want. With ever evolving threats it would be near impossible to keep up. Once a mitigation is found for one, two more emerge. How do you combat adversaries that have near unlimited resources? Trust model/concerns have been considered in > /wiki/Trust </wiki/Trust>> . (Has anyone bothered to read it?)
>>>> I am not talking about magical 100% protection or 10$-wrench-decryption. I believe this attack is different by its implications and consequences. Sure many govs using different methods today, many of which are but un-lawfull. Doing this can ruin any case be it getting to the court. By having these laws in place, like the ones in Australia, this attack yesterday unlawful, is lawful today. This has high consequences. To ruin any project today it is enough that they come and ask you for your keys, or ask to plant a backdoor. If not, you go to jail. Project is over, perfectly fit with law. Yesterday it wasn't possible so simply, they had to be on border with or cross the law, considering morality of the dev constant.
It's trying to establish security by policy. What is that policy? If you
want to do something, you need to be serious about it. Of course such a
policy shouldn't have logical contradictions.
###
- Everyone residing in countries with laws that can force someone to add
backdoors must be ostracized.
- Obey the white listed destination country list. It is forbidden to
travel to countries with laws that can force someone to add a backdoor.
- Everyone who got caught traveling to such a country must be ostracized.
- Anonymous development is banned in our project.
- Everyone must regularly post proof of physical location.
###
If you'll see such a concept/policy in theory or even in effect in
practice somewhere, let me know. Will be interesting.
The problem is, that there's not even need for obvious backdoor code
that describes how a third party can break it using authentication.
Every remote code execution vulnerability can also be used as backdoor.
If you look at the Obfuscated C Code Contest, how subtle innocent
looking mistakes can make the difference between secure code and a backdoor.
Therefore, ban all developers from countries with laws that can force
someone to add backdoors from all projects such as Linux, Firefox, etc.?
Let's assume the "countries with laws that can force someone to add a
backdoor" issue is solved for a moment: Please also, give me the
ultimate guide to establish who's trustworthy and who isn't. The
ultimate guide to human relationships. How to vet someone's
trustworthiness. In a clear, comprehensible, replicable, objective way.
I heard that secret services and scientology are pretty good at choosing
their members with the goals of avoiding infiltration, leaks, dissent
and backdoors? Do you suggest Libre Software organizations should be
structured the same way? I guess if one wanted to be serious about
security by policy, they would have to?
>>> Existing thread models are currently not considering this form of attack. Same way as the existing thread models, including those of Qubes, TAILS, Whonix and others, are not covering the thread of being forced on the border to GB or US to hand over all the keys to all your digital devices under the thread of imprisonment. There is no Hidden OS functionality mentioned, and no known development in this area, even the thread exists and ppl are already successfully exploited by these attacks.
>>>>>>> If anyone can come up with a mitigation to an adversary putting a gun to a developers head and asking nicely for their private key - id like to hear it. How exactly does someone overcome an impossible situation? How do you you cover a - do as is say or die- threat model? Holy shit! It was here all along! > /wiki/Trust#Free_Software_and_Public_Scrutiny </wiki/Trust#Free_Software_and_Public_Scrutiny>
>>>> As an example, if developer is anonymous, one can point gun at his own head only. This should be part of the thread model, mitigations and contingency plans. You are again trying to find 100% solution for everything, and if not available, you call it impossible situation. It is possible situation and must be analyzed separately from other threads with different characteristics.
So should pseudonymous developers be more trusted than those who's
country location is known?
Pseudonymity comes with its own set of issues.
Who trusts pseudonymous developers? How you'd even know in which country
they reside?
Never meet anyone in real life whatsoever to discuss the project.
Typing would be the only form of communication.
As a developer it's required to express oneself frequently and in large
volumes in text as well as in code. This makes one vulnerable to
stylometry. Meaning, no non-pseudonmous publications (something to make
a living) on the side to avoid being linked to the pseudonymous project.
Inability to host one's own website since. Super hard anonymously.
Customers who are anonymous are widely unwanted in most places. Payments
with anonymous currencies little supported. There's laws there such as
imprint obligation and GDPR publication of name and Address of the
controller which one would have to break to stay pseudonymous.
Also inability to receive donations (mostly just crypto currencies) or
breaking the tax code. Or receive crypto currency donations, do the
proper accounting but hope it won't break anonymity when doing so?
You'll never know if "they" already know who you are. So if you get
politely ask to cease all development or if you simply disappear, no one
will even know what is going on. Totally outside of public eye.
https://forums.whonix.org/t/giving-up-pseudonymity-after-collecting-experiences-with-pseudonymous-project-development/2369
If that is the standard by which Linux, Firefox, etc. should be
developed, good luck.
> But the sec projects like Qubes, TAILS and similar, don't have it in their description. They are supposed to be resistant to the threads, mentioned in their thread model.
When did anyone's threat model include that? Citation?
> To use torture, murder or any other violent or unlawful measures, (to get the same effect as following Ausie law today), needs completely different attacker's determination, very different and rare, highly specialized resources to do that job, and there is much lower probability for this measure to be executed in real life. How many sec devs were tortured and killed this year, because they denied to hand over their keys?
> To execute the attack today with law in hand is incomparably simpler, with the same or even higher effect. It needs incomparably much less determination from the attacker, largely available, non-specialized resources can be used to do the job, and so the probability to execute the attack is much higher too.
What countries remain nowadays which are strongly determined to the rule
of law, checks and balances, cracking down on corruption and unlawful
measures?
We're running out of countries.
I doubt that violence is required. You're asking developers to stand
against an virtually, for all practical purposes, all powerful entity.
Many developers are just people who like to build and share things.
You're expecting them at the same time to be solid as rock against all
non-violent psychological attacks. I bet this is totally unrealistic.
What would most developers do if they get invited and friendly asked "we
don't like what you're doing, can you stop please?" by the government?
"Btw we've better paid job for you." "No need to into any possibilities
what might happen if you refuse."
They have a variety of non-physically violent buttons they can press
that will make someone's life hell.
If it failed to resist the government by preventing such a law being
passed, why assume fewer people are capable to resist the government in
application of even non-violent unlawful practices?
Wouldn't be surprising at all if similar laws will be passed in other
countries as well. Things will probably get worse before they get
better, if ever.
Cheers,
Patrick
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 tawo5.net.cn www.1net1.com.cn www.zuoyu9.com.cn www.hezhe2.net.cn www.woque6.net.cn www.juege4.net.cn wudan2.com.cn hebai0.net.cn www.4y54y45.com.cn all-long.com.cn