[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FYI



>indeed.  though this does bring up another question:
>  i wonder if JYA will ever give in and support httpS?
>... it would at least avoid trivial plaintext observation.

We did in October 2012 for acessing a few files:

https://secure.cryptome.us

Looks like a joke, right?

Rigging the whole site for https would require labor
beyond our diddly life-support system. And cheat the
visitors with sleight of clickery.

But there's more to this than sloth. Cryptome does
not offer security on the premise -- learned here, there
and everywhere HTTPS Everywhere promises -- that
Internet, telecom, whole wide world users need to
learn, be forced to learn, to provide their own security
and to never ever trust those who promise it for them.

Sysadmins and website operators spy viciously, all of them,
and it is a villainous -- business-like -- to offer security in the
same way spies do, as lure, trick and trap. Whenever a
sec system is invented that does not require sysadmins,
bosses and investors, with reliance upon government
funding for success, then it may be possible to rely upon
it for a single test, then abandon.

Comsec is a racket, remember rule 0. RSA and NSA are
merely the latest to be pilloried to hide the pillorers' complicity.

As discussed repeatedly, here, and at the winetasting blood
of christ, this treachery was known long ago, hey, Jude, bitch
about it for a while, then get on with doing it with new wine in
old bottles means and methods.

Which does raise the question: what the fuck is Cryptome up
to? Confession, har, hold a congressional hearing for that,
then read a slicker expose about the slick expose.

First, confessions are lies told to confessors who share
the gossip with cohorts to rig fancier recording booths.

Second, truth telling is as deceptive as comsec, salvation and
honesty.

Third, all security is corrupt like comms systems and
cipher systems -- deception is a synonym for security,
security a synonym for thievery by confidence gaming,
confidence a synonym for terrifying the populace in order
to sell faulty protection -- perfect protection kills the
market.

Finally, it should be be obvious, at least here, that HTTPS
is horse puckey. Any widely used means of security -- comsec
to natsec, anonymizers to Tor -- is compromised at birth and
by lifetime economic life-support systems, that is why it is
widely promoted, used and abused -- and very profitable.

"Electronic freedom," now that is ingenious cover-up of
absolutely no way to protect against EM compromise.
Like juxtaposing, embedding, Liberty with Security.