Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] when you are using Tor, Twitter will blocked your acc

Rich Kulawiec rsk at gsp.org
Sat Jun 21 07:10:50 PDT 2014


On Mon, Jun 09, 2014 at 07:52:51PM -0700, Seth wrote:
> I'm in agreement with pretty much all the points made, but how do
> you feel this approach?
> 
> 1) ALWAYS publish the original source information via
> freedom/privacy/dignity respecting services using a name-space (a
> DNS domain,.onion,.gnu,.i2p,namecoin,whatever) that you control.
> 
> 2) Syndicate a copy of that information to the CSW (Corporate
> Surveillance Whore) networks such as Google/Facebook/Twitter to
> obtain the widest reach.
> 
> 3) Ease out of the CSW networks as your home grown following reaches
> critical mass.

I see where you're going with this, and I agree with the goal.  But I still
have a major problem with point #2.  Let me try to explain why via a
fictitious example.

Suppose that I were the dictator of Elbonia (the mythical country from
Dilbert cartoons).  I would be autocratic, ruthless...oh, wait, I already
*am* those things...anyway, I would be the typical tyrant attempting
to retain power in the face of democratic movements and civil rights
movements and worker's rights movement and other petty annoyances.

I would *not* block Twitter.  I would *not* block Facebook.  I would *not*
block Instagram or any of the others either.  I wouldn't do this because
the idealistic, enthusiastic, hard-working, noble young people who are
most likely to pose a serious threat to my supremacy and are also naive,
gullible, careless and stupid.  They're using Twitter and Facebook and
the rest and that is extremely helpful to me, since I very much would
like to monitor them and know who they are and where they are and what
they're up to.  They've wiretapped themselves, saving me much of the
trouble and expense.

Instead -- because I *am* the dictator, thank you very much -- I
would order the long-since nationalized telecoms and ISPs to provide a
real-time feed of network traffic to my intelligence agency.  I would
monitor who is following #OverthrowTheDictator and who is liking the
"DesposeTheDictator" page.   And so on.

And when the moment came that I felt really threatened, I would decapitate
their movement by disappearing the 22 or 37 or whatever most active
participants.  Not a tidy solution, I'll grant you, but effective in the
short term and it would certainly discourage others.  I could probably
do this 3-4 times before they caught on that they were making a major
strategic mistake.  That might buy me another decade in power.

Now you might say...but what about HTTPS?  Would about VPNs?  What about
Tor?  ("What about Houston?  What about Detroit?" Thank you David Byrne.)

Yeah.  I know.  Most inconvenient.  Fortunately, I have another way.
Several other ways, actually.

You see, Twitter wants to do business here in Elbonia.  So does Facebook.
So I would summon their corporate weasels to a meeting.  In that meeting,
one of my minions (you don't think I'd do this personally, do you?) would
explain to them that we must protect our great nation from subversives
and criminals and anarchists and terrorists (ding ding ding magic word!)
and thus we must have certain data fed to us...or, most regrettably,
we will not be able to allow them to do business in our country.

I think they'll cave.  Don't you?  After all, there are profits to be
made and it's such a small thing that I'm asking.  And if the corporate
weasels are perhaps..hesitant...than maybe some tax breaks will help.
Or maybe some help with a few bureaucratic obstacles they're currently
facing.  Or maybe an envelope full of tax-free income will help persuade
them to cooperate.  (I have plenty, you know.  We dictators have buckets
of cash.)  Or women.  Or men.  Or both.  Or cars, condos, boats: surely
they have an itch that I can scratch.

And then I will do everything I said above, content with a full real-time
feed of data-of-interest into my pet intelligence agency.

Oh...come now, you don't *really* think that corporate weasels will stand
on principle, do you?  These are trained professional liars and con men,
the finest products of business school: they don't have principles.
Or spines.  What they *do* have is greed.  Lots of it.  Their loyalty is
purchased by the highest bidder, and that will be me.  Before you know it,
they'll be working for me and moonlighting for their "real" employer.

"But what if they're discovered?"  Not a problem.  Setting up plausible
deniability is easy and we'll simply make it look like the Evil Nefarious
Diabolical Hackers associated with the local liberatiXXXXXXterrorist
movement did it.  Or we'll blame Anonymous.  Or we'll just stonewall.

Oh?  You think that maybe, just maybe, that won't work?  Fine.  There
are other ways.  I don't actually *need* the willing or even knowing
cooperation of the people at the top of those companies.  One engineer
in the right place will probably suffice.  I strongly doubt that they've
architected themselves to defend against insider attacks.  Why would they?
Why would Twitter or Facebook spend the money?  It's not THEIR data.
Their track records clearly indicate that they don't give a damn about
protecting it, so why would they suddenly start now?

I just need to find an engineer who's feeling a little under-appreciated
and make a deal.  Or I need to find one who can be blackmailed, extorted,
threatened, etc.  Maybe someone who has family still under my rule.
Maybe someone with a monkey on their back.  Maybe someone with a nice
house, beautiful wife, two kids and three mistresses.  This is what I
*pay* my intelligence operations services to do, you know: find the weak
points and turn the screws on people until they comply.

And then I will get a full data feed of everything of interest to me.
I won't *have* to care about HTTPS or VPNs or Tor or any of that because
I'll be tapping in at the source.

Suppose that doesn't work?  I'll buy a 0-day or six.  Or I'll use one of
their many security holes -- again, why should they fix those?  It's not
THEIR data.  There are plenty of talented, clever people out there who
are capable of breaking into these operations and some of them will
work for me willingly (because I pay well) or unwillingly (see coercive
tactics above).

And if not *that*?  Given enough time, I can get one of my own people --
someone completely loyal to me -- hired there.  (Of course, since this
requires lead time, I already had my people get to work on that six years
ago.  I've got people planted in various startups, some of which will
succeed, some of which won't, but if they make it I'll have someone
well-positioned on the inside when they do.)  This is pretty good work
for someone who wants to take home two paychecks, and the best part
is that they may not ever have to do *anything* for me.

But but but...suppose that doesn't work either.  (Highly unlikely,
but let's go there.)  I have allies.  Either political or economic or
military or otherwise.  Some of them have probably done exactly what I'm
trying to do and would be willing to make a deal.  I can get all this
data from them in exchange for oil or arms or maybe a little military
help with a small problem they're currently experiencing.  I help them
out with their annoying pro-labor movement, they help me out with my
pesky pro-democracy agitators.  A little quid pro quo between dictators,
if you will, because we have common interests in crushing dissent.

Of course, being a highly competent dictator, my approach is to use
ALL of these and a few more I won't trouble you with.  I don't want
my access to be limited to a single method which might fail at an
inconvenient time.

The bottom line is that I *will* get the data that I want, I'll probably
get it in real time (or close), and I'll use it to ruthlessly crush any
movement or organization that I think poses an existential threat to my
reign.  And I'll chuckle quietly to myself that they were so very helpful
in providing the instruments of their own demise.

	------------------------------

My point in writing this snarky little narrative is that it's a bad move
to use Twitter, Facebook or the rest to organize.  It is one of the worst
possible things that any political/social/economic/etc.  movement can
do, because it means that they're handing extremely useful, real-time,
geolocated, correlated, actionable intelligence over to a third party
which has, no doubt, long since by subverted not just by agencies of
the US government, but by as many other governments as can manage it.

And quite likely by non-governmental entities.  If you think about it for
a moment, you'll realize that anybody with sufficient power (i.e. money)
could do exactly the same things as the mythical dictator of Elbonia.
If you think about it for another moment, you should be able to come up
with a list of entities that have both the money and the desire to do so.

And this is the point at which you, if you're an activist using those
sites, should be sweating.  Because it should be dawning on you about
now that you have been doing your adversary's intelligence work for them.
For free.  All they have to do is harvest the results...which is not
a particularly challenging problem for any intelligence agency worthy
of that title.

So...if you don't think the Chinese or the Saudis or the Elbonians have
a data feed, then you're being highly optimistic.  Of *course* they do,
it's a completely obvious, highly cost-effective move.  As soon as *any*
of these so-called "social networks" gets popular enough to matter,
it WILL be targeted and while not every country can afford it, and not
every country, corporation, or organization will succeed, enough will
try and enough will manage it.  And if not?  They'll try again tomorrow.
And the next day.

So when I see a note on liberation-tech from some well-meaning,
highly-motivated organization that says "...and follow us on Facebook"
I just shake my head slowly.  They've not only turned themselves into
sharecroppers, but they're doing their best to get their own supporters
surveilled, tracked, and much worse.

---rsk



More information about the liberationtech mailing list