Tag: Crypto-Anarchism

Fabricating Controversy

I’m always amused when non-technology publications attempt to write about technology. They either get the details laughably wrong or they try to drum up controversy over nothing. The Washington Post decided to post an example of the latter:

BROOKLINE, Mass. — Researcher Garth Bruen long has investigated the seamier corners of the Internet, but even he was shocked to discover Rapetube.org, a site urging users to share what it called “fantasy” videos of sexual attacks.

[…]

Sickened, Bruen tried to determine who operated the sites, a first step toward possibly having them shut down. But he quickly hit a wall: The contact information listed for Web sites increasingly is fictitious or intentionally masked by “privacy protection services” that offer ways around the transparency requirements built into the Internet for decades.

Oh. My. God. These pornography sites are so seedy and evil that they’re concealing their WHOIS information! They’re up to no good and this proves it! Except it doesn’t prove anything. Many domain owners utilize privacy services to conceal their personal information from WHOIS look ups. In fact I use such a service. If you do a WHOIS look up for this domain you’ll receive the following response:

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: CHRISTOPHERBURG.COM
Registry Domain ID:
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-02-26 07:56:55
Creation Date: 2009-03-06 02:30:35
Registrar Registration Expiration Date: 2014-03-06 02:30:35
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller: Hover
Reseller: help@hover.com
Reseller: 416.538.5498
Reseller: http://help.hover.com
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Contact Privacy Inc. Customer 0130416343
Registrant Organization: Contact Privacy Inc. Customer 0130416343
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165385457
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: christopherburg.com@contactprivacy.com
Registry Admin ID:
Admin Name: Contact Privacy Inc. Customer 0130416343
Admin Organization: Contact Privacy Inc. Customer 0130416343
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165385457
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: christopherburg.com@contactprivacy.com
Registry Tech ID:
Tech Name: Contact Privacy Inc. Customer 0130416343
Tech Organization: Contact Privacy Inc. Customer 0130416343
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165385457
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: christopherburg.com@contactprivacy.com
Name Server: NS1.HOVER.COM
Name Server: NS2.HOVER.COM
DNSSEC:

Am I doing something nefarious? No. I simply don’t want my personal address and phone number accessible to anybody with enough know how to type whois christopherburg.com into their command line. Pornographers most likely want the same protection because their business is seen by many in this country as dirty, immoral, and deserving of punishment. In fact this story affirms the value of a WHOIS privacy service. It’s talking about a man who is on a personal crusade against so-called violent pornography websites. While that’s not my particular kink I see no reason to harass pornographers creating fiction for those with more violent fantasies.

Media outlets always try to insinuate that those utilizing anonymity tools are up to no good. In reality most users of anonymity tools merely want to protect their privacy. Time and time again we see media outlets try to drum up controversy over onion routers, encrypted communications, and location hidden services. These attempts are desperate grasps for ratings by old media outlets that are incapable of changing with the times.

Enable Two Factor Authentication Where Available

This type of news is why I encourage people to enable two-factor authentication on whatever accounts they have that support it:

The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.

All in all some 318,000 Facebook, 70,000 GMail, and 22,000 Twitter passwords were part of the heist. All three of these sites allow users to enable one time passwords for two-factor authentication. Facebook and GMail both use Google Authenticator, which ties to an application on your phone. The application has a token that generates a new six digit password every 30 seconds. When you log into either of these sites you will be asked to enter the current six digit password before you’re allowed access to your account. What makes such a system useful is that you need access to your phone in order to log in, just having the password alone won’t grant access. Twitter uses it’s own system that ties to the Twitter smartphone app. When you attempt to log into your Twitter account a notification is sent to your phone and you have to authorize the log in from there. Once again it requires your phone in addition to your password to successfully log in.

It’s not always clear when your password has been compromised. Hackers have gained access to use password from website databases before. When such breaches are discovered most websites reset all their users’ passwords. But until the breach is discovered anybody with the list of passwords can log into the accounts that appear in that list, unless those users have enabled two-factor authentication.

Being Offline Won’t Stop the State from Tracking You

After Edward Snowden leaked the National Security Agency (NSA) documents that unveiled how vast its surveillance has become there were a lot of reactions. Some people decided they didn’t have anything to hide so the state’s spying wasn’t an issue, otherwise decided to pursue technologies that would allow them to keep private communications private, and others decided to go offline. Of the three reactions the last one was, by far, the most irrational. You don’t have to be online for the state to track you. As this article points out, there are other ways for the state to surveil you:

The people who have actually attempted to live without being tracked–most often due to a safety threat–will tell you that security cameras are just about everywhere, RFID tags seem to be in everything, and almost any movement results in becoming part of a database. “It’s basically impossible for you and I to decide, as of tomorrow, I’m going to remain off the radar and to survive for a month or 12 months,” says Gunter Ollmann, the CTO of security firm IOActive, who in his former work with law enforcement had several coworkers who dedicated themselves to remaining anonymous for the safety of their families. “The amount of prep work you have to do in order to stay off the radar involves years of investment leading up to that.”

People who believe themselves to be very clever will often brag about the fact that they use a burner phone (a pre-paid cellular phone you can buy in most convenience stores) that they bought with cash. In their mind this means that the phone isn’t tied to them in any way and that they are untrackable while using it. Most convenience stores have security cameras looking at every square inch of the store. Those cameras can have some fantastic optics that give crystal clear images (the days of grainy black and white video footage from security cameras is ending). Facial recognition software is frighteningly accurate (just post a picture of a friend’s face on Facebook sometime). The state can requisition surveillance video whenever it wants (assuming it doesn’t just collect all surveillance footage like it does with phone calls and e-mails). In addition to that, the NSA collects phone records. It doesn’t take much to look at the numbers you called and develop a social map that has a good chance of identifying you. Using a burner phone won’t keep you safe from Big Brother’s gaze.

Another major source of leaks when it comes to your personal information are your friends:

Friends can be an impediment to a life off the radar. For one, they probably think they’re doing you a favor when they invite you to a party using Evite, add you to LinkedIn or Facebook, or keep your information in a contact book that they sync with their computer.

But from your perspective, as someone trying to remain as untraceable as possible, they are selling you out. “Basically what they’ve done is uploaded all of my contact information and connected it to them,” Sell says.

This is the biggest one in my opinion. My family has given out my phone number and personal e-mail address to people even though I’ve told them numerous times that I didn’t want them to do that. Just because you’re paranoid doesn’t mean your friends and family are. Unless you’re willing to sever all ties with other people you’re trackable. You may not have a Facebook account but that won’t stop your friends from posting pictures of you and writing your name in the description.

Going offline won’t save you. It won’t even make tracking your more difficult. The only thing going offline does is prevent you from utilizing very powerful technology to your advantage.

Raspberry Pi Bitcoin Miner

As those of you reading know, I’m a big fan of Bitcoin and a big fan of the Raspberry Pi. It was only a matter of time until I decided to follow in the footsteps of many and setup a Raspberry Pi Bitcoin miner. In an unrelated Amazon search I noticed that the ASCIMiner Block Erupters had come down in price (they sell for $29.98 on Amazon’s main page but cheaper units can be had from other Amazon vendors) so I decided to order a couple.

Mind you, nobody is going to get rich off of a Block Erupter. My desire was to experiment with them. I’ve often wondered how much a somewhat decent miner could be built for. Combining cheap Block Erupters with cheap Raspberry Pis seemed like an excellent want to build an affordable miner (with the acknowledgement that the setup was unlikely to pay for itself). I followed the setup guide on Adafruit and was mining Bitcoin in minutes. What follows are some issues I ran into.

First, my Raspberry Pi wasn’t able to provide reliable power to both modules. This wasn’t unexpected. While the Pi could run one Erupter without any issue the second one would periodically die from loss of power. The mining application I used, cgminer, continuously notified me of hardware errors. Fortunataly, I have a second Raspberry Pi that runs my Tor relay so I unplugged the second Erupter from the first Pi, plugged it into the second Pi, and got it up and running without any trouble. The obvious solution to this problem is to purchase a powered USB hub.

Second, Block Erupters run hot. I learned this lesson when I went to unplug my second Erupter from my first Pi. If you’ve been running an Erupter make sure you give it time to cool down before touching it (or be impatient, like me, and grab some gloves). You will also want to invest in a small fan to keep your Erupters cool. This USB powered fan has been recommended by several people and costs all of $8.00.

Third, as I feel this needs to be pointed out, setting up a mining rig isn’t the most efficient way to acquire Bitcoin. Sites like Coinbase are better sources. The amount of Bitcoin you can mine with an Erupter isn’t going to pay for the hardware for quite some time (even before calculating in the cost of electricity, fans, powered hubs, etc.). I’m perusing this project for fun and to fulfill my curiosity. When I need to acquire Bitcoin in usable quantities I tend to buy from sellers.

FBI Having Troubles Seizing Dread Pirate Roberts’ Bitcoin Stash

This story demonstrates one of the features I most like about Bitcoin:

In order to transfer Bitcoins out of a “wallet”, the name for the digital file which contains the encrypted information necessary to spend the currency, users need to know that wallet’s password or “private key”.

According to Forbes’ Kashmir Hill, that hurdle is causing the FBI difficulty.

“The FBI has not been able to get to Ulbricht’s personal Bitcoin yet,” wrote Hill. An FBI spokesperson said to Hill that the “$80m worth” that Ulbricht had “was held separately and is encrypted”. At current exchange rates, that represents slightly more than 5% of all bitcoins in circulation.

It looks like Bitcoin is pretty secure against state seizure. Mind you, that doesn’t do Mr. Ulbricht much good as he’s currently being held in a cage. But the Federal Bureau of Investigation’s (FBI) inability to take Ulbricht’s supposed $80 million worth of Bitcoin is good news for other people facing state theft.

Think about countries such as Greece and Spain that are seizing personal fortunes and freezing assets in bank accounts. If you want to conceal your personal wealth from the state money grabbers converting it to Bitcoin seems like a pretty good option. Here in the United States things are worse. Your wealth can be stolen under civil forfeiture laws if a police officer simply suspects that wealth is tied to a drug-related crime. Under civil forfeiture laws the burden of proving any wealth isn’t tied to a drug crime is on the accused. Bitcoin may be an effective defense against civil forfeiture laws and a dying state’s last ditch attempt to raise money by stealing directly from the bank accounts of citizens.

Admittedly, Bitcoin fluctuations can be pretty wild. But everything has its risks. You risk losing wealth if Bitcoin’s exchange rate drops but you risk losing wealth if you keep cash on hand or in a bank account. I recommend divesting wealth. While divestment doesn’t protect all of your wealth it stands a good chance of losing everything if the one protection strategy you’ve chosen fails.

Tor Stands Pretty Secure Against NSA Attack

We all know that the National Security Agency (NSA) hates Tor. Tor stands for everything the NSA is against, such as anonymity and information security. It comes as no surprise to find out that the spy agency has been attacking the Tor network:

The National Security Agency has made repeated attempts to develop attacks against people using Tor, a popular tool designed to protect online anonymity, despite the fact the software is primarily funded and promoted by the US government itself.

It’s pretty funny when one government agency is focused on destroying something originally created by another government agency (Tor was originally funded by the United States Naval Research Laboratory). Fortunately the NSA has met with very little success:

But the documents suggest that the fundamental security of the Tor service remains intact. One top-secret presentation, titled ‘Tor Stinks’, states: “We will never be able to de-anonymize all Tor users all the time.” It continues: “With manual analysis we can de-anonymize a very small fraction of Tor users,” and says the agency has had “no success de-anonymizing a user in response” to a specific request.

Another top-secret presentation calls Tor “the king of high-secure, low-latency internet anonymity”.

There has been a lot of speculation about Tor’s security. Even now people are arguing over whether or not the Tor Stinks presentation is still accurate. It is possible that the NSA has developed a way to successfully remove a Tor user’s anonymity since the presentation was leaked. So far we’ve seen no evidence of this though. The two primary stores involving Tor, the take down of Freedom Hosting and the apparent arrest of Dread Pirate Roberts, were both accomplished using old fashioned investigative work. This leads me to believe the the Tor Stinks presentation is still accurate and that the NSA hasn’t found a reliable way to attack a Tor user’s anonymity.

Once again, we can speculate about the powers of the NSA. The problem is we can’t work off of speculations. I agree with Bruce Schneier who said we should “trust the math.” Unless we have evidence to the contrary we can only assume that Tor works. With that said, it’s never good to rely entirely on a single tool. Tor is great but you should also take other precautions to protect your anonymity online (for example, Tor doesn’t do you a lot of good if somebody has already managed to install a trojan onto your computer).

Semiautomatic 3D Printed Handgun

I guess my prediction came true. The year hasn’t even closed yet and we now have designs for a semiautomatic 3D printed handgun. As with most 3D printed firearms so far it’s an ugly thing but one that uses several easily acquired firearm components:

***UPDATE: Files available on Defcad.com and Fosscad Twitter!***
I have designed a .22 LR Semiautomatic firearm. Unlike former designs such as the Shuty, this design uses almost all plastic parts (All non-plastic parts currently except the FCG cannot physically be plastic or a semiautomatic will not function) and uses weights to bring the bolt to a correct weight. You will need the following parts:
*3D Printer with ABS capability
*AR-15 FCG
*AR-15 Buffer Spring
*Ruger 10/22 Mag Spring
*AR-15 Firing Pin
*1x8mm metal insert (Case extraction)
*.44 bullets to weigh down bolt (More info in the .readme)

It’s very interesting to see how quickly 3D printed firearms are advancing. The rate of advancement really shows how powerful cooperation between a group of people from around the world can be. Thanks to 3D printer technology we are beginning to see a world where prohibitions on physical goods are infeasible. I believe it’s also important to note that these prohibitions aren’t being killed by political activism but by direct action. People from around the world who believe in freedom of information created designs for physical objects that can be replicated by anybody with a 3D printer, which are becoming cheaper and more capable every day.

AgoraFest 2013

I’ve got nothing for you today, sorry. This week has been a little hectic as I’ve been finishing up what I need to do for my AgoraFest talks. If you look at the schedule you’ll note that I’m doing four presentation on crypto-anarchy covering Off-the-Record Messaging, OpenPGP, Tor, and TrueCrypt. I will also be giving a short presentation during the Ten Talks about my idea to stop basing societal agreements on geographic location.

To make matters more difficult access to reliable Internet connectivity is in question so I’ve had to build a couple of server images to host the software I want to distribute and perform the demonstrations on. Nothing makes crypto-anarchy talks more exciting than questionable Internet connectivity.

Anyways, I plan to be back on Monday with more material. Until then enjoy yourselves and remember that it’s not too late to sign up for AgoraFest.

AgoraFest 2013

As some of you have probably guessed, I’ve been rather busy with side projects as of late. While I apologize for the lower than usual number of posts I am happy to reveal one of the projects I’ve been involved with: AgoraFest 2013.

It may surprise many people to hear that Minnesota, especially the Twin Cities, has a thriving anarchist communit. Some of Minnesota’s anarchists are socialist, some are capitalists (Yeah, yeah. Anarcho-capitalists aren’t “real” anarchists. Whatever. I don’t give a shit), and some of us are agorists. Those of us who have gone the agorist way have been looking for a way to promote agorism to, hopefully, give people who have become disenfranchised with the political means an alternative way to fight for freedom.

I’ve taken it upon myself to give several presentations on computer security. Keeping with the spirit of things I have dubbed these tracks the crypto-anarchy tracks. In addition to my presentation there will be presentation on starting agorist businesses, making fermented foods, and a presentation by our keynote speakers: Catherine Bleish and John Bush. If you don’t know Catherine she has the honor of being on the Southern Poverty Law Center’s list of evil terrorists. John Bush writes about anti-statism on websites such as the Foundation for a Free Society. We’re honored as heck to have both of them. And in addition to the currently scheduled events the floor is open to anybody who wants to give a presentation.

When is this gathering of freedom lovers? September 20th through the 22nd. Where will it be? You’ll have to sign up to find out. How can you get an invite code to sign up? E-mail me and we can talk. Due to the fact that this is our first year (and hopefully not our last) we’re trying to keep attendance at a certain level. To ensure people interested in agorism have a guaranteed ticket we’re giving priority to those who are known within the local agorist community.

Please note that if you want to attend to promote some political bullshit we’ll probably have you hang out in the violent speech zone. This isn’t a political event, it’s an anti-political event. AgoraFest is for people interested in taking direct action against statism by participating in mutually beneficial, voluntary interactions with your fellow human being.

3D Printed Pepperbox Handgun

3D printed guns are all the rage today. Those of us who believe in the free flow of information, advancing technology is beneficial, and gun rights are cheering the continuous advancement of these infinitely replicable pistols. The other side of the table, the Luddites who believe modern technology must be wiped from the face of the planet, are being hysterical. I’m happy to say that my side is winning. What’s interesting is that the advancement of 3D printed handguns is starting to take a similar path as the original advancement of handguns. The currently limitation, besides the ones caused by the nature of the materials being used, has been an inability for 3D printed firearms to fire more than one round at a time. That problem has been solved with the introduction of a 3D printed pepperbox handgun:

Consider, for example, the Hexen pepperbox, which has stainless steel liners for its six barrels and is undergoing constant strengthening and improvement as discussed over in the DefCad forum. The video below shows the Hexen successfully fired (actually, it appears to be a related five-shot model), using 6mm Flobert (low-powered .22) ammunition.

The designer, Franco, even printed ammunition holders for the pepperbox, along with a tool for ejecting expended cases (both pictured above).

At this rate I’m beginning to think we’ll see functional 3D printed semi-automatic pistols later this year or early next year. Reality isn’t kind to those who try to suppress the advancement of technology. Every law put into place to stop people from acquiring guns will be rendered meaningless once 3D printers become more widespread and 3D printable firearms become reliable. Technology has a way of overcoming state barriers. Anybody who thinks they can use the state to stop technology is a deluded fool.