Questionable theories in Yasha Levine's Surveillance Valley

lynx · April 16, 2018, 9:21pm

Hm, how practical is it when threads are closed merely because some people come to read two weeks later? Continuing the discussion from Review of Yasha Levine's Surveillance Valley, with a strong criticism of Google as well as the Tor project:

Interesting that the idea of doing a decentralized network was immediately connected to the idea of doing bulk surveillance and control… but it doesn’t really add up. The early Internet didn’t have central websites… DNS and IP4 assignment coordination didn’t empower anyone to really control what happens with net technology, as opposed to the way IBM’s BITNET operated for example. Also, in the 60’s it wasn’t exactly predictable that the US would remain leading provider of router technology and operating systems, and that forty years later it would become feasible to break into routers, set up deep packet inspection and ex-filtrate traffic this way. So the only thing that I know can be said about the early Internet not always being on the side of its users was the way IP spoofing was not impeded.

Time warp to the creation of G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐, I presume that part is based on “How the CIA made G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐” which is indeed an impressive read. Next, Tor. Tor was designed to achieve a lot, but not to be resistant against a global passive attacker. Until Snowden, there was no knowledge that a global passive attacker exists. It is a tool designed to – most of all – access websites, so its low latency is its greatest weakness — but this weakness is intrinsic to the kind of protocols it is forced to work with, the web. Still, not everyone immediately conceived of the kind of de-anonymization attacks you can run if your target is running a long-term hidden service website or if your target is consistently accessing web sites you are in control of. In other words, yes, the US is certainly in a position to de-anonymize a lot of Tor activity, both by being a global active attacker (FOXACID and HACIENDA are clearly beyond being passive) and having PRISM access to G-Mail and ̷̑͜F̸͛̿͜á̴̜͍k̶̡̺̃̈́e̵̲̬̎b̶̹̄̏o̵̖̾͘o̶͘ͅz̴͉̺̈́̀. But neither is viable for regional governments… so it is, to my knowledge, technically inaccurate to say that it is irresponsible for dissidents to use Tor. The only thing dissidents need to figure out is how to not get caught using Tor. Massive amounts of Chinese activity in the “darknet” seem to indicate that they know how to do that. And for the rest of us, it is still better to make it annoyingly difficult for the US to mass de-anonymize us than to use the Internet naked. The massive amounts of undetected crime going on within Tor also indicates that it isn’t as broken as some claim it to be, that’s why I suggest we should regulate Bitcoin harder…

The “stick it to the Man” philosophy in the hacker community probably goes back to those 90’s crypto punks who won the first crypto war for liberation of PGP. A spirit carried on into the “Declaration of Independence of Cyberspace.” That text reads wonderfully but makes dramatic ideological wrong assumptions which have backfired ever since. I’ve been trying to promote regulation pro-actively weeks after the Snowden scandals but found it quite hard to get any hackers involved as their indoctrination of refusing the State is so profound, they effectively enable the Man in the first place by spending all their lives producing wooden toy guns, as you put it, rather than having a say in politics. Plus working for the Man to make a living, probably. The whole tragedy of Silicon Valley counter-culture follows. By the way, here’s a copy of that Richard Stallman article without all the surveillance on it.

I still have to understand how it is ethically worse of G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐ to enable military drones when it is actually enabling the disposal of worldwide democracy and therefore a building block for worldwide dystopian conditions. I find the revolt by G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐ employees superficial, heavily in denial of the implications of G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐’s business model.

Regarding Appelbaum, USgov is a multi-headed hydra… just because some parts of it may have a strategic interest in Tor not getting used by large chunks of the population, others want it to be used by dissidents in ideologically opposed countries. So they dared to finance a guy that would heavily promote the use of Tor also among those people that produce cover traffic and make it harder for NSA to weed out relevant Tor traffic. Also, it makes it harder to do mass surveillance. If we want to be accurate rather than making wild guesses, the questions to ask in regards to the credibility of Tor are, who is running the directory servers? Are exit nodes being tolerated that try man-in-the-middle attacks on Tor users?

Jens in the comments has a point in that regard:

It would be very surprising to me if anyone could pinpoint any single person or entity in the US that drives policy decisions based on a consistent set of goals. Even more so over decades.

In the comments you say…

given the nature of ARPA’s activities, I don’t think it’s wrong to speak about it as a “surveillance and control mechanism”.

That’s inaccurate. Just because ARPA needed a system that would work if parts of it are nuked doesn’t mean that it is suitably designed for surveillance and control, which it clearly isn’t. The fact that it is digital is what made it suitable for surveillance and control in the long run, any any centralized architecture would’ve been there much earlier.

I find it delicate to post such opinionated and fact-lacking theories in the name of FSFE.

agger · April 17, 2018, 8:00am

Note, I’m not posting this in the name of the FSFE. As a supporter of the FSFE (what they formerly called a “Fellow”), I have a blog at my disposition at blogs.fsfe.org, but that does not mean that whatever I write there can be interpreted as the FSFE’s official position.

I’ll get back regarding the rest of your points. I do not agree that my (or Levine’s) theories are questionable, but as I said: Later.

agger · April 17, 2018, 8:12am

Note also that what I write is definitely not “fact-lacking”. Seriously. All of it is extremely well documented.

agger · April 17, 2018, 7:33pm

These are later design decisions. I’m referring to J.C.R. Licklider’s original memo for the “Members of the Intergalactic Network” from 1963 and other very early visions. As a director at ARPA and afterwards a long-term military research contracts, Licklider’s vision was what drove the creation of the Internet. And his motives were inspired by ARPA’s needs in Southeast Asia (bombing, spreading Agent Orange, various other kinds of genocide), and he himself described the ultimate aim as “command and control”. The decentralized layout etc. came much later, in the late 60s IIRC.

Note also that the general notion, and especially the military’s notion, of computing at the time was dominated by Norbert Wiener’s cybernetics, which was exactly (though Wiener as mentioned personally opposed that) about dominating complex systems like battlefields, enemy populations and societies through models of feedback mechanisms. That is, the notion of surveillance and control was ingrained in all of the military’s attitude to and motivation for computing. Since cybernetics is largely forgotten today, it can be difficult to remember how important it actually was in the 50s and 60s.

I have, unfortunately, no idea who you are. For me, staying anonymous is completely fair though, but I have no reference for your statement.

My criticism of Tor (and Levine’s) is not really that the product, technically, does not try to do what it intends to do. Rather, it’s political.

For many years (and still, indirectly through the Open Technology Fund), Tor’s main sponsor was the Broadcasting Board of Governors, the BBG. The BBG is not just any odd part of the US Government - it’s not the weather service, nor is it the national parks. The BBG is a branch that originated in the CIA but was later split out as its own entity in order to run the American propaganda radios such as Voice of America, with a very long etcetera, including Radio Free Asia. That is, the BBG was conceived as a branch of the American foreign policy aimed at destabilizing the governments of countries deemed hostile to the United States of America. That is, it’s practically a part of the American military, practicing the very same sort of belligerence that gave us the war against Iraq in 2003, also known as the 21st century’s so far greatest crime against humanity.

If Appelbaum’s evangelism and the marketing of the Tor Project as a “privacy NGO” is there to produce “cover traffic”, then the privacy activists are really used as dupes, as useful idiots for what’s in fact a hostile US foreign policy project of an intelligence service/military character.

And Appelbaum touring the world to teach activists to use Tor might seem commendable if he had been part of a real South-South, South-North, transversal activist network. But we now know he was not, he was helping a US foreign policy project on the government dime while pretending to be an activist. I.e., he was a willing pawn in an American colonial project.

I’m not really accusing him of being dishonest as much as of being very politically naive (or rather, that’s the best case scenario), but I am contending that this is all very problematic.

(Once again, all of this is my personal opinion and does not reflect the standpoint of any organization of which I am or am not affiliated. I do believe, though, that this analysis is spot on.)

lynx · April 18, 2018, 8:05am

… whereby he figured out that digital technology might be suitable for “command and control” which undoubtedly is one primary use case for digital technology, like when you activate your garage door opener. Anything we do with digital technology is command and control. This is not a very impressive assertion.

Yes, of course, that’s their job unless Congress defines a different job.

Aren’t we all friends of @how? I placed several links, here’s another one.

What does that mean in practice? Of course the assumption of the general reader is that you want to dissuade them from using Tor, which until we have something better (we are working on it) is certainly a very bad recommendation. I find that quite political, but if you think you are making a different political argument, then where is it? Can we agree on people need to know Tor isn’t perfect and we need something better? That’s fine, fits what we’ve been saying since before Snowden.

Or is “political” an anagram of “opinionated” — intentionally piecing together some guesses and making a political theory out of it? In that case “opinionated” is not an offence, i just don’t find it appropriate to have fsfe.org in the domain. None of the FSFE fellows should post with such a domain IMHO.

Then it is quite complicated now that Torproject Inc has kicked Appelbaum’s arse big time, with proven defamators in key positions in the “NGO”. Does it make sense to picture both sides as evil?

That is a possible theory, but why is the anonymity still working for the idiots? What exactly is the hostility… attacking US elections? BREXIT? German elections? Enabling digital drug markets? What exactly is the scenario by which you claim Tor is causing more harm than good? You may be right, but you should have some facts in place when you say that, not just allegations.

Please show me the facts in this regard because taken as such Mr Appelbaum could sue you for defamation and probably win. How exactly did he pretend when he helped survivors in New Orleans? Or when he did cryptoparties in NYC? Or when he coded tlsdate? He may have become more popular than necessary, but I see no hints that his social disabilities have kept him from being an honest activist. Maybe I missed something. Or does it make sense to you to condemn somebody for A and B if he was actually only guilty of C?

You still haven’t brought up facts that suggest that his activity was detrimental to humankind, so you’re a bit baseless here. What if the complete opposite is true: what if you are being politically naive and a willing pawn of an American colonial project in taking out the success wave of Tor and the rise of Mr Appelbaum as a potential political opposition leader on the basis of sexual allegations? What if that was the reasoning behind the scandal, precisely according to the JTRIG and Stasi cookbooks on how to dismantle a force of opposition? What if somebody was afraid the hackers could indeed unite and stop being self-referential? Are you in that case promoting exactly their agenda?

Digital technology is how the planet is being ruled today, with ̷̑͜F̸͛̿͜á̴̜͍k̶̡̺̃̈́e̵̲̬̎b̶̹̄̏o̵̖̾͘o̶͘ͅz̴͉̺̈́̀ manipulations capable to steer how election outcomes go. It is crucial that hackers have not been able to unite forces to the point of imposing secure practices on the Internet. And now you are helping to harm what’s left to oppose this development?

lynx · April 18, 2018, 8:22am

From https://www.rollingstone.com/culture/news/meet-the-american-hacker-behind-wikileaks-20101201

When he was 10, he was assigned by the courts to live with his father, with whom he had remained close. But his dad soon started using heroin, and Appelbaum spent his teens traveling with his father around Northern California on Greyhound buses, living in Christian group homes and homeless shelters. From time to time, his father would rent a house and turn it into a heroin den, subletting every room to fellow addicts. All the spoons in the kitchen had burn stains. One morning, when Appelbaum went to brush his teeth, he found a woman convulsing in the bathtub with a syringe hanging out of her arm. Another afternoon, when he came home from school, he found a suicide note signed by his father. (Appelbaum saved him from an overdose that day, but his father died several years later under mysterious circumstances.) It got so that he couldn’t even sit on a couch for fear that he’d be pierced by a stray needle.

An outsider in his own home, Appelbaum embraced outsider culture. He haunted the Santa Rosa mall, begging for change. He dressed in drag and “I Satan” T-shirts, dyed his hair purple, picked fights with Christian fundamentalists and made out with boys in front of school. (Appelbaum identifies himself as “queer,” though he refers to at least a dozen female lovers in nearly as many countries.) When a friend’s father encouraged his interest in computers and taught him basic programming tools, something opened up for Appelbaum. Programming and hacking allowed him “to feel like the world was not a lost place. The Internet is the only reason I’m alive today.”

At 20, he moved to Oakland and eventually began providing tech security for the Rainforest Action Network and Greenpeace. In 2005, a few months after his father died, he traveled alone to Iraq — crossing the border by foot — and set up satellite Internet connections in Kurdistan. In the aftermath of Hurricane Katrina, he drove to New Orleans, using falsified press documents to get past the National Guard, and set up wireless hot spots in one of the city’s poorest neighborhoods to enable refugees to register for housing with FEMA.

Upon returning home, he started experimenting with the fare cards used by the Bay Area Rapid Transit system and discovered it was possible to rig a card with an unlimited fare. Instead of taking advantage, he alerted BART officials to their vulnerabilities. But during this conversation, Appelbaum learned that BART permanently stored the information encoded on every transit card — the credit-card number used, where and when they were swiped — on a private database. Appelbaum was outraged. “Keeping that information around is irresponsible,” he says. “I’m a taxpayer, and I was given no choice how they store that data. It’s not democratically decided — it’s a bureaucratic directive.”

Etc etc — just because somebody isn’t a saint doesn’t mean he’s a pretender.

agger · April 18, 2018, 8:34am

Just two things, or so

Thanks! For the record, nothing in the polemical style should be implied to indicate unfriendliness. I have no such intention. Also, I am indeed a friend of Hellekin and Natacha, but I only met them once, in Italy last October, so I don’t have an overview of the users here.

Now that is something to discuss with the General Assembly. I’ve had that blog since 2011, when I became a Fellow, all Fellows have the option of creating such a blog. If you think that should change, you could propose it to them. Personally, I’d prefer some fair warning in that case so I can move my posts.

As for Licklider etc, Chapter 2 of Surveillance Valley is very eye-opening. I’m currently reading Norbert Wiener, though, and I think I’ll write more on the influence of cybernetics on computing and its motivations. A for the military I will not personally, ever, in any way support any US military organization, either directly or indirectly. Nor will I ever, indirectly or indirectly, support my own country in any military operation outside our own borders.

As for the rest, I believe I’ve done what I could to get my point across. I think I could communicate it better in a conversation Meanwhile, may you have a nice day & a nice time in general!

agger · April 18, 2018, 9:19am

Finally:

Thanks for the quote! I did not mean to imply that Applebaum is a fake. Also, I don’t know enough to have an opinion on the sexual harassment allegations against him. If some of it is true, it’s unsurprising that the project will distance itself from him, but honestly, who am I to know sitting here in Denmark?

And helping out in New Orleans after Katrina is very good indeed.

My problem is with giving workshops for activists in MENA and Latin America, more or less representing himself as an NGO’ish independent activist, when in fact he was promoting a product developed and funded by the US Government as a foreign policy tool (against hostile governments) and he himself paid by the very same US government given the very delicate nature of that in these countries.

Since the Rolling Stone article does indicate that he’s no fake, I think it’s very politically naive. Maybe he was thinking: “Wow, the government is paying me to do this!”, apparently without thinking properly: “Why is the government paying me to do this?”

lynx · April 18, 2018, 10:08am

By supporting free software you also support the military use of GPL2 Linux kernels which are in fact the technical foundation of the worldwide surveillance apparatus: they’re in every Android device and in every Faceboogle server. If you are a strict pacifist you should question the definition of free in free software. I personally feel betrayed by the open source ideology which also infected free software (by staying compatible with it), but I also agree that this was something indeed too hard to predict twenty years ago. Few people such as Howard Rheingold saw how the threats created by the net were not being considered, treated, regulated— leading us into today’s mess.

The Dingledine logic by which there’s an arm of USgov who needs Tor to hide their traces is convincing to some people — quite some, considering how many people are still donating time and money to it. Or maybe simply because many like me look at the facts and the facts only, and so far the facts do not look like Tor is dysfunctional. It just has its weaknesses. I still don’t see how it was wrong to teach Latin American activists to use it given that it is better than leaving them on Gmail.

My impression of an Appelbaum weakness is that he would frequently support things because he likes the people rather than look rationally at the facts. Signal because of Moxie — not because we have a solid proof that the binary downloaded from G̸͍͇̚á̶̙̘g̷̋͝ͅģ̶̓l̸͍̀e̸̻͐ Store is actually secure — debian because of the debian people, ignoring the dozens of ways you can insert backdoors into the debian distribution process. Even Snowden seems to be a bit influenced by these social factors.

agger · April 19, 2018, 5:44am

That’s completely correct, I didn’t think my statement through. I’m a strong supporter of free software as defined by the free software definition, and in that way some of my software might end up being used by the US military. But then, as the FSF and Richard Stallman argue, software licenses may not be the place to fight these battles. Otherwise I will not support or collaborate with the US military or intelligence services (and as I don’t contribute to the Linux kernel it’s unlikely that any of my work will be of real use to them).

Also, I’m not really a pacifist, more like an anti-imperialist. I want no part of the colonial wars the Western countries have been embroiled in for the last decades, and I’d like to see all Danish politicians who helped maneuver us into the war against Iraq in jail for the rest of their lives.

The thing is, the BBG, which for many years was Tor’s largest sponsor - actually, they hired the Tor project as a contractor, it wasn’t like sponsoring an NGO - is not into having agents which need to cover their tracks. Rather, as operators of Radio Free Asia etc., they’re into the enemy propaganda and regime change business. As such, its mission is a part of the American colonial project, and their investment in Tor should be seen in that light. Of course, people might still like the Dingledine theory - we’ll help the US government undermine foreign countries, and then we get a great privacy tool - but I don’t. I wouldn’t, to be precise, actively dissuade people from using it, but I will have no part in promoting it.

Finally:

The problem is that the Tor project reaches out to Latin American and Middle Eastern grass roots organizations as if they were themselves just a grass root organization run by activists when in fact they are contractors for the US intelligence services.

No grassroot organizations in Latin America can collaborate with American intelligence services and maintain their credibility. It’s a poison pill. If Tor employees reach out to such activists without explicitly revealing their ties to US intelligence services, including the BBG and the CIA, they’re compromising them and in fact putting them at risk.

natacha · April 19, 2018, 2:17pm

Hey great to have this conversation coming up here, and so much refences to back stuff,

I must say that I am well aligned with both opinions, I understand very well that TOR is certainly the only tool we have at hand for activists to keep some privacy, but I also acknowledge that feeding TOR is useful for american services and one can thoroughly disagree with this.
While both opinions can, in my view, cohabit and are not contradictory, what is certain, and most important is that all clarity is made about who does what and why, and I really do not think free speech harms any organization, it is perfectly necessary to leave space for some people to say “I do not think people should use TOR because it feeds american secret services” and “activists should use TOR in order to protect their free speech and they should learn to use it in a safe way”

Thank you both for informing us.

Heart
n.

system · April 26, 2018, 2:31pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Questionable theories in Yasha Levine's Surveillance Valley

Hybrid & Fragile Aesthetics | Share — Engage — Care