Tag: Crypto-Anarchism

Spook Squad

I’ve often wondered how Geek Squad stays in business. The prices it charges for even the most trivial repairs are absurd. More and more I’m becoming convinced that Geek Squad stays in business because it is being propped up by the Federal Bureau of Investigations (FBI):

After the prosecution of a California doctor revealed the FBI’s ties to a Best Buy Geek Squad computer repair facility in Kentucky, new documents released to EFF show that the relationship goes back years. The records also confirm that the FBI has paid Geek Squad employees as informants.

EFF filed a Freedom of Information Act (FOIA) lawsuit last year to learn more about how the FBI uses Geek Squad employees to flag illegal material when people pay Best Buy to repair their computers. The relationship potentially circumvents computer owners’ Fourth Amendment rights.

While Geek Squad has been caught red handed working with the FBI, any employee at any computer repair company could be operating under the same deal. The FBI has a vested interest in access the information on as many computers as possible and people who repair computers often have unrestricted access to a lot of information on a lot of computers.

If you’re going to send your computer to somebody else for repairs, here are my recommendations to guard your privacy. If the device you’re sending in has a removable hard drive, remove the drive that is in it and replace it with a blank drive (one that has never been used to store personal information). On the blank drive install the operating system that came on the device and a user account with generic credentials (this is one of the few times where the password “password” is a good idea) so the repair person can log in. By doing this you ensure that the repair person doesn’t have access to any of your personal data. When the device comes back, format the drive that you provided the repair person, remove it, and install the hard drive with your data again.

If your device doesn’t have a removable drive, ensure that the first thing you do when you initially start the device after getting it out of the box is enable full disk encryption. When you need to send the device in for repairs, format the drive, reinstall the default operating system, setup a user account with generic credentials, and send the device in. When the drive comes back, wipe the drive again and restore your data from a backup. For those who are wondering why full disk encryption should be enabled it’s because formatting a drive doesn’t necessarily erase the data. By default formatting a drive wipes the file allocation table but leaves the data preserved. Enabling full disk encryption ensures that the data on the drive is unreadable without the proper decryption key. While formatting won’t erase the data, the data will be unreadable to the repair man if they attempt to restore the old file allocation table to pilfer your data for law enforcers.

Possible Theft Versus Guaranteed Theft

There are a lot of criticisms against cryptocurrencies. One criticism that I see come up periodically is that transactions can’t be reversed. If somebody manages to steal your cryptocurrency, there is no way to reverse the fraudulent transfer. Fraudulent electronic transactions in dollars, on the other hand, can be reversed.

That is a valid criticism. But I would like to point out something that is generally ignored by advocates of government issued money. Holders of dollars are being stolen from every moment of every day via purposeful inflation and there is no way to recover the purchasing power lost to inflation.

Cryptocurrencies can be stolen and if your cryptocurrency is stolen, there isn’t a damned thing you can do about it. However, government issued money is guaranteed to be stolen and there isn’t a damned thing you can do about it.

The Beginning of the End for Unsecured Websites

Chrome looks to be the first browser that is going to call a spade a spade. Starting in July 2018, Chrome will list all websites that aren’t utilizing HTTPS as unsecured:

For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

I think Let’s Encrypt was the catalyst that made this decision possible. Before Let’s Encrypt was released, acquiring and managing TLS certificates could be a painful experience. What made matters worse is that the entire process had to be redone whenever the acquired TLS certificates expired. Let’s Encrypt turned that oftentimes annoying and expensive process into an easy command. This made it feasible for even amateur website administrators to implement HTTPS.

The Internet is slowly moving to a more secure model. HTTPS not only prevents third parties from seeing your web traffic but, maybe even more importantly, it also prevents third parties from altering your web traffic.

Decentralized the Internet

I’m glad to see that other people are beginning to understand the need to decentralized the Internet:

Net neutrality as a principle of the federal government will soon be dead, but the protections are wildly popular among the American people and are integral to the internet as we know it. Rather than putting such a core tenet of the internet in the hands of politicians, whose whims and interests change with their donors, net neutrality must be protected by a populist revolution in the ownership of internet infrastructure and networks.

In short, we must end our reliance on big telecom monopolies and build decentralized, affordable, locally owned internet infrastructure. The great news is this is currently possible in most parts of the United States.

I’ve been saying this for years. If you want a feature like net neutrality, you have to control the infrastructure. Personally, I’d like to see a decentralized Internet that encrypts all traffic by default for both confidentiality and anonymity purposes. What people are calling net neutrality would be enforced by default on such a network because nobody could see the traffic to throttle or block it. However, it would come at a performance cost (TANSTAAFL).

One thing is certain, begging the Federal Communications Commission Fascist Communications Club (FCC) to enforce net neutrality isn’t a longterm solution as we’re seeing today. Under the Obama administration net neutrality was enforced by the FCC. Under the Trump administration it looks like it won’t be enforced. When the next administration comes into power it could go either way. Begging Congress isn’t any better because what one Congress passes a future Congress can eliminate.

Open Whisper Systems Released Standalone Desktop Client

Signal is my favorite messaging application. It offers very good confidentiality and is easy to use. I also appreciate the fact that a desktop client was released, which meant I didn’t have to pull out my phone every time I wanted to reply to somebody. What I didn’t like though was the fact that the Signal desktop client was a Chrome app. If you use a browser besides Chrome you had to install Chrome just to use Signal’s desktop client. Fortunately, Google announced that it was deprecating Chrome apps and that forced Open Whisper Systems to release a standalone desktop client.

Now you can run the Signal desktop client without having to install Chrome.

The FBI’s Performance Issues

When the Federal Bureau of Investigations (FBI) isn’t pursuing terrorists that it created, the agency tends to have a pretty abysmal record. The agency recently announced, most likely as propaganda against effective encryption, that it has failed to obtain the contents of 7,000 encrypted devices:

Agents at the US Federal Bureau of Investigation (FBI) have been unable to extract data from nearly 7,000 mobile devices they have tried to access, the agency’s director has said.

Christopher Wray said encryption on devices was “a huge, huge problem” for FBI investigations.

The agency had failed to access more than half of the devices it targeted in an 11-month period, he said.

The lesson to be learned here is that effective cryptography works. Thanks to effective cryptography the people are able to guarantee their supposed constitutional right to privacy. The restoration of rights should be celebrated but politicians never do because our rights are directly opposed to their goals. I guarantee that this announcement will lead to more political debates in Congress that will result in more bills being introduced to ban the plebs (but not the government, of course) from having effective cryptography. If one of the bills is passed into law, the plebs will have to personally patch their devices to fix the broken cryptography mandated by law (which, contrary to what politicians might believe, is what many of us plebs will do).

If you don’t want government goons violating your privacy, enable the cryptographic features on your devices such as full disk encryption.

Another Evolution of the 3D Printed Handgun

While politicians in Washington DC have been discussing gun control, denizens on the Internet have been busy evolving the 3D printed handgun. The WASHBEAR is a newly released 3D printed .22LR revolver:

It looks very similar to numerous Nerf guns. Like the Pepperbox handgun created by Hexen, the WASHBEAR has steel sleeves inserted into the chambers to reduce stress on the plastic. While this means that the entire gun isn’t 3D printable, steel inserts can be had at any hardware store.

Politicians and advocates of gun control can continue wasting their time but the truth is gun control is a fantasy. Granted, it has always been a fantasy but now we’re at the point where a person with even modest means can acquire everything necessary to build firearms. Gun control is dead. Technology killed it.

Saving the Internet

I guess today is the annual Save the Internet celebration. What I mean by that is that a bunch of websites have gotten together in a bid to once again circlejerk about saving net neutrality. I call it a circlejerk because, like the last several years, this year the websites participating in this “action” are urging people to contract various government officials and beg them to enforce net neutrality. Of course, since this “action” has taken place so many times I have my doubts about the effectiveness of pleading with government officials.

Instead of urging you to waste your time by contacting people who don’t give a shit about you I’m going to offer an alternate idea. Unfortunately, I already know that this proposal will be unpopular because it requires people to take actual action. TANSTAAFL. If you want a neutral Internet you’re going to have to work for it.

Longtime readers probably already know what I’m going to propose because I’ve proposed it before. The only way to enjoy a neutral Internet is to own the infrastructure and enjoy the ability to run it however you goddamn please. So my proposal is to build out small interconnected mesh networks. Why mesh networks? First, they’re relatively cheap to build. You don’t have to bury a bunch of fiber optic cable or build expensive cellular towers. All you need is off-the-shelf hardware loaded with freely available firmware. Second, mesh nodes are controlled by the individuals who own them, not a single entity. This makes it difficult to enforce undesirable rules on the mesh network because there isn’t a single entity to buy off or coerce. Third, large scale mesh networks are a proven technology. Catalonia has one called Guifi.net, which has been operating and expanding since 2009.

Obviously this proposal will initially rely on the currently established Internet to interconnect geographically separated mesh networks. If this proposal took off though this condition would be temporary because eventually the meshes would grow numerous enough and large enough where they could be directly interconnected. Once that happens the need for the currently centralized Internet would cease along with the centralized control that is the root of the net neutrality problem.

If you really want to “save the Internet” don’t wasted your time by pleading with government officials, take some direct action and start learning about building your own infrastructure.

The Future is Bright

A writer at The Guardian, which seems to be primarily known for propagating left-wing statist propaganda, has shown a slight glimmer of understanding. While neoconservatives and neoliberals fight for power over other people, crypto-anarchists have been busy working in the shadows to develop technology that allows individuals to defend themselves from the State:

The rise of crypto-anarchism might be good news for individual users – and there are plenty working on ways of using this technology for decent social purposes – but it’s also bad news for governments. It’s not a direct path, but digital technology tends to empower the individual at the expense of the state. Police forces complain they can’t keep up with new forms of online crime, partly because of the spread of freely available encryption tools. Information of all types – secrets, copyright, creative content, illegal images – is becoming increasingly difficult to contain and control. The rash of ransomware is certainly going to get worse, exposing the fragility of our always connected systems. (It’s easily available to buy on the dark net, a network of hidden websites that are difficult to censor and accessed with an anonymous web browser.) Who knows where this might end. A representative from something called “Bitnation” explained to Parallel Polis how an entire nation could one day be provided online via an uncontrollable, uncensorable digital network, where groups of citizens could club together to privately commission public services. Bitnation’s founder, Susanne Tarkowski Tempelhof, hopes Bitnation could one day replace the nation state and rid us of bureaucrats, creating “a world of a million competing digital nations”, as she later told me.

The biggest threat to statism is individual empowerment. While technology is a two-edged sword, serving both the State and individuals without concern for either’s morality, it is difficult to argue that it hasn’t greatly helped empower individuals.

A combination of Tor hidden services and cryptocurrencies have done a great deal to weaken the State’s drug war by establishing black markets where both buyers and sellers remain anonymous. Weakening the drug war is a significant blow to the State because it deprives it of slave labor (prisoners) and wealth (since the State can’t use civil forfeiture on property it can’t identify).

Tor, Virtual Private Networks (VPN), Hypertext Transfer Protocol Secure (HTTPS), Signal, and many other practical implementations of encryption have marvelously disrupted the State’s surveillance apparatus. This also cuts into the State’s revenue since it cannot issue fines, taxes, or other charges on activities it is unaware of.

3D printers, although still in their infancy, are poised to weaken the State’s ability to restrict objects. For example, the State can’t prohibit the possession of firearms if people are able print them without the State’s knowledge.

But if the State disables the Internet all of these technologies fall apart, right? That would be the case if the Internet was a centralized thing that the State could disable. But the Internet is simply the largest network of interconnected networks. Even if the State shutdown every Internet Service Provide (ISP) in the world and cut all of undersea cables, the separated networks will merely have to be reconnected. That is where a technology like mesh networking could come into play. Guifi.net, for example, is a massive mesh network that spans Catalonia. According to the website, there are currently 33,191 operating nodes in the Guifi.net mesh. Shutting down that many nodes isn’t feasible, especially when they can be quickly replaced since individual nodes are usually cheap off-the-shelf Wi-Fi access points. Without the centralized Internet a span of interconnected mesh networks could reestablish global communications and there isn’t much the State could do about it.

Statism has waxed and waned throughout human history. I believe we’re at a tipping point where statism is beginning to wane and I believe advances in individual empowering technologies are what’s diminishing it. Voting won’t hinder the State. The Libertarian Party won’t hinder the State. Crypto-anarchists, on the other hand, have a proven track record of hindering the State and all signs point to them continuing to do so.

Keybase Client

Keybase.io started off as a service people could use to prove their identity using Pretty Good Privacy (PGP). I use it to prove that I own various public accounts online as well as this domain. Back in February the Keybase team announced a chat client. I hadn’t gotten around to playing with it until very recently but I’ve been impressed enough by it that I feel the need to post about it.

Keybase’s chat service has a lot of similarities to Signal. Both services provided end-to-end encrypted communications, although in slightly different ways (Keybase, for example, doesn’t utilize forward secrecy except on “self-destructing” messages). However, one issue with Signal is that it relies on your phone number. If you want to chat on Signal with somebody you have to give them your phone number and they have to give you theirs. This reliance on phone numbers makes Signal undesirable in many cases (such as communicating with people you know online but not offline).

Keybase relies on your proven online identities. If you want to securely talk to me using Keybase you can search for me by using the URL for this website since I’ve proven my ownership of it on Keybase. Likewise, if you want to securely talk to somebody on Reddit or Github you can search for their user names on those sites in Keybase.

Another nice feature Keybase offers is a way to securely share files. Each user of the Keybase client gets 10GB of storage for free. Any data added to your private folder is encrypted in such a way that only you can access the files. If you want to share files amongst a few friends the files can be encrypted in a way that only you and those designated friends can access them.

On the other hand, if you’re into voice and video calls, you’re out of luck. Keybase, unlike Signal, currently supports neither and I have no idea if there are plans to implement them in the future. I feel that it’s also important to note that Keybase, due to how new it is, hasn’t undergone the same level of rigorous testing as Signal has so you probably don’t want to put the same level of trust in it yet.