Crypto-Anarchism – Page 7 – A Geek With Guns

The Networks Have Ears

Can you trust a network you don’t personally administer? No. The professors at the University of California are learning that lesson the hard way:

“Secret monitoring is ongoing.”

Those ominous words captured the attention of many faculty members at the University of California at Berkeley’s College of Natural Resources when they received an email message from a colleague on Thursday telling them that a new system to monitor computer networks had been secretly installed on all University of California campuses months ago, without letting any but a few people know about it.

“The intrusive device is capable of capturing and analyzing all network traffic to and from the Berkeley campus, and has enough local storage to save over 30 days of *all* this data (‘full packet capture’). This can be presumed to include your email, all the websites you visit, all the data you receive from off campus or data you send off campus,” said the email from Ethan Ligon, associate professor of agricultural and resource economics. He is one of six members of the Academic Senate-Administration Joint Committee on Campus Information Technology.

When you control a network it’s a trivial matter to setup monitoring tools. This is made possible by the fact many network connects don’t utilize encryption. E-mail is one of the biggest offenders. Many e-mail server don’t encrypt traffic being sent so any network monitoring tools can’t read the contents. Likewise, many websites still utilize unencrypted connections so monitoring tools can easily read what is being sent and received between a browser and a web server. Instant messaging protocols often transmit data in the clear as well so monitoring tools can read entire conversations.

It’s not feasible to only use networks you control. A network that doesn’t connect to other networks is very limited in use. But there are tools to mitigate the risks associated with using a monitored network. For example, I run a Virtual Private Network (VPN) server that encrypts traffic between itself and my devices. When I connect to it all of my traffic goes through the encrypted connection so local network monitoring tools can’t snoop on my connects. Another tools that works very well for websites is the Tor Browser. The Tor Browser sends all traffic through an encrypted connection to an exit node. While the exit node can snoop on any unencrypted connections local monitoring tools cannot.

Such tools wouldn’t be as necessary to maintain privacy though if all connections utilized effective encryption. E-mail servers, websites, instant messengers, etc. can encrypt traffic and often do. But the lack of ubiquitous encryption means monitoring tools can still collect some data on you.

Security Is Critical Even If You Think You Have Nothing To Hide

In my position as a discount security advisor to the proles one of the hardest challenges I face is convincing people how important security is. Most people assume they have nothing to hide. They usually claim they won’t lose anything of importance if an unauthorized party gains access to their online accounts. I can’t remember how many times I’ve heard, “If they get into my Facebook they’ll just learn how boring I am.”

Even if you are the most boring person in the world, preventing unauthorized persons from accessing your accounts is critically important. Failing to do so can lead to severe real life ramifications:

In one nasty spurt in May, a hacker gained control of Amy’s Twitter account, which she had used only twice before, and posted a series of racist and antisemitic messages. (See if you can tell where Amy’s tweets end and the hacker’s begin in the timeline below.)

That same day, a hacker used Amy’s email account to post a message to a Yahoo Groups list of about 300 residents of the Straters’ subdivision, including many parents of students at the elementary school that the family’s youngest daughter attends. According to local news reports, the message carried a chilling subject line—“I Will Shoot Up Your School”—and detailed a planned attack on the school. Oswego police quickly verified that Amy’s account had been hacked and that the message was a hoax, but the damage had been done.

Later that day, Amy discovered that her LinkedIn profile had been hacked, too. The hacker posted a message calling her employer, Ingalls Health System, “A TERRIBLE COMPANY RAN [sic] BY JEWS.”

Amy, who had worked at Ingalls for seven months as a director of decision support, had suspected that the trolls might target her employer. She says she had previously alerted the company’s IT department that the company’s systems might be compromised by the same people who were attacking her and her son.

She expected support—after all, if it was her house that was being repeatedly robbed, rather than her social media accounts, wouldn’t the company be sympathetic? But none came. Shortly after the hack, Ingalls fired Amy from her six-figure job, giving her 12 weeks of severance pay. Amy says she got no satisfactory explanation for her dismissal, other than a hint that she was “too much of a liability.” (A spokeswoman for Ingalls Health System declined to comment.)

[…]

She hasn’t been able to get another job in hospital administration because for months, her first page of Google results has included her LinkedIn profile and her Twitter account, both of which were filled with racist and anti-semitic language. (She recently regained access to her LinkedIn account after contacting the company’s fraud division, but her defaced Twitter account is still up, since the attacker changed the password to prevent her from restoring it.)

I won’t lie to you and claim proper security practices will thwart a dedicated attacker such as the ones praying on the Straters. What proper security practices will do is make you a harder target. The cost of attacking you will go up and when it comes to self-defense, whether it’s online or offline, the goal is to raise the cost of attacking you high enough to dissuade your attackers. If you can’t dissuade your attacker entirely you can still reduce the amount of damage they cause.

Twitter, Yahoo, Google, LinkedIn, Facebook, and many other websites now offer two factor authentication. Two factor authentication requires both a password and an additional authentication token, usually tied to a physical device such as your phone, to log into an account. Enabling it is a relatively easy way to notably raise the cost of gaining unauthorized access to your accounts. If nothing else you should make sure your primary e-mail account supports two factor authentication and that it is enabled. E-mail accounts are a common method used by websites to reset passwords so gaining access to your e-mail account often allows an attacker to gain access to many of your other online accounts.

I also recommend using a password manager. There are many to choose from. I use 1Password. LastPass is still a managed I’m willing to recommend with the caveat that I don’t trust the new owners and therefore am wary of it as a longterm solution. Password managers allow you to use a unique, complex password for each of your accounts. If you use a common password for all of your accounts, which is a sadly common practice, and an unauthorized party learns that password they will have access to all of those accounts. Using a password manager allows you to limited damage by securing accounts with complex passwords that are difficult to guess and ensures an unauthorized party cannot gain access to any additional accounts by learning the password to one of them.

I must note that there is the potential threat of an unauthorized party compromising your password manager. In general the risk of this is lower than the risks involved with not using a password manager. There are also ways to mitigate the risk of unauthorized parties gaining access. LastPass, along with many other online password managers, supports two factor authentication. 1Password syncs passwords using iCloud or Dropbox, both of which support two factor authentication. You can also disable syncing in 1Password entirely so your password database never leaves your computer. LastPass, 1Password, and most other password managers also encrypt your password database so even if an unauthorized party does obtain a copy of the database they cannot read it without your decryption key.

Using two factor authentication and a password manager are by no means the only actions you can take. I mention them because they are simple ways for the average person to bolster the security of their online accounts quickly.

Nothing I’ve described above will protect you from social engineering attacks. Due to the lack of authentication inherent in many systems it’s still possible for an attacker to send the police to your home, order pizzas to be delivered to your home, call your employer and harass them enough to convince them to fire you, sending anonymous bomb threats in your name, getting your utilities disconnected, etc.

What I’ve described can reduce the risks of an attacker gaining access to your social media accounts and posting things that could cost you your job and haunt you for the rest of your life. And regardless of what most people believe, keeping attackers out of these accounts it important. Failure to do so can lead to dire consequences as demonstrated in the linked story.

The Risks Of Backing Up To The Cloud

Online backup services are convenient and offer resilience. Instead of managing your own backup drives a cloud backup service can upload your data to the Internet automatically whenever you’re connected. If your house burns down you don’t lose your data either. But, as with most things in the universe, there are trade offs. By placing your data on somebody else’s server you lose control over it. This can be mitigated by encrypting your files locally before uploading them but sometimes that’s not an option as with Apple’s iCloud Backup for iOS:

“If the government laid a subpoena to get iMessages, we can’t provide it,” CEO Tim Cook told Charlie Rose back in 2014. “It’s encrypted and we don’t have a key.”

But there’s always been a large and often-overlooked asterisk in that statement, and its name is iCloud.

It turns out the privacy benefits Apple likes to talk about (and the FBI likes to complain about) basically disappear when iCloud Backup is enabled. Your messages, photos and whatnot are still protected while on your device and encrypted end-to-end while in transit. But you’re also telling your device to CC Apple on everything. Those copies are encrypted on iCloud using a key controlled by Apple, not you, allowing the company (and thus anyone who gets access to your account) to see their contents.

I don’t use iCloud Backup for precisely this reason. My backups are done locally on my computer. This brings me to my point: you need to fully understand the tools you use to hope to have any semblance of security. One weakness in your armor can compromise everything.

iMessage may be end-to-end encrypted but that doesn’t do you any good if you’re backing up your data in cleartext to somebody else’s server.

Democracy Has No Place In The Crypto Wars

AT&T’s CEO, Randall Stephenson, had some choice words for Apple’s CEO, Tim Cook. Namely, Stephenson doesn’t appreciate Cook’s stance on effective encryption:

AT&T CEO Randall Stephenson doesn’t think Apple CEO Tim Cook should be making long-term decisions around encryption that could ripple across the technology industry. “I don’t think it is Silicon Valley’s decision to make about whether encryption is the right thing to do,” he told The Wall Street Journal in an interview on Wednesday. “I understand Tim Cook’s decision, but I don’t think it’s his decision to make,” said Stephenson. “I personally think that this is an issue that should be decided by the American people and Congress, not by companies.”

I’m sure this has everything to do with Stephenson’s strong belief in democracy and nothing at all to do with his company’s surveillance partnership with the National Security Agency (NSA). But let’s address the issue of democracy.

Stephenson says that effective cryptography should be decided by the American people. Unless I’m missing something Tim Cook is an American citizen. His stance on effective cryptography is his decision. Therefore is position is decided by an American person. Furthermore, why should anybody outside of Apple have a voice in the company’s stance? Stephenson is an employee of AT&T so his opinion shouldn’t be relevant to Apple. Congress, likewise, isn’t employed by Apple so their opinions shouldn’t be relevant to Apple either. Democracy, outside of groups voluntarily decided to vote on matters involving only themselves, is bullshit. It’s a tool for people to inflict their will on others. In fact it may very well be the grossest form of might makes right our species has developed.

I understand Stephenson’s decision, part of his business relies on surveillance, but it’s not his decision to make. This is an issue that should be decided by those creating the tools. If Stephenson wants to insert backdoors into his company’s products that’s fine, I’ll simply avoid using his products. But his has no right to demand other companies follow suit.

News From The Crypto War Frontline In New York

I continue to be amused by politicians’ efforts to prohibit math. A bill has been introduce in New York that would require manufacturers to implement backdoors in their mobile devices or face… some kind of consequence, I guess:

A New York assemblyman has reintroduced a new bill that aims to essentially disable strong encryption on all smartphones sold in the Empire State.

Among other restrictions, the proposed law states that “any smartphone that is manufactured on or after January 1, 2016 and sold or least in New York, shall be capable of being decrypted and unlocked by its manufacturer or its operating system provider.”

If it passes both houses of the state legislature and is signed by the governor, the bill would likely be the first state law that would impose new restrictions on mobile-based cryptography. Undoubtedly, if it makes it that far, the law would likely face legal challenges from Apple and Google, among others.

One of the great things about democracy is if a vote doesn’t go the way you want you can reintroduce the vote and waste everybody’s time again.

One question you have to ask is how this bill could be enforced. As written, it would punish sellers who sold phones that couldn’t be decrypted by law enforcers. But New York isn’t that big of a landmass and Ars Technia points out the rather obvious flaw in Assemblyman Titone’s clever plan:

UPDATE 3:49pm ET: Also, it’s worth pointing out that even if this bill does pass, it wouldn’t be terribly difficult for New Yorkers to cross a state line to buy a smartphone.

It doesn’t take a rocket scientists to see what would happen if this bill was signed into law. Sellers in New York may go under but sellers in neighboring states would see a jump in sales. In addition to sellers in neighboring states, the sales of online stores would likely increase as well since, you know, you can just order a cell phone online and have it delivered to your home.

Part of me is amused by the idea of strong cryptography being outlawed. Imagine millions of Android users flashing customer firmware just so they could remove government mandated backdoors. Such a prohibition would almost certainly create a sizable black market for flashing customer firmware.

David Chaum Becomes A Quisling

Online anonymity is important. In fact it’s the difference between life and death for many political dissidents around the world. Recognizing this many developers have put their efforts into developing effective anonymity tools such as Tor and I2P. But what makes an anonymity tool effective? An effective anonymity tool is one designed in such a way where a third party cannot utilize the tool itself to discover the identity of a user (no tool, however, can be designed in such a way to stop a user from voluntarily revealing identifiable information about themselves).

One of the downsides of the current slew of popular anonymity tools is they tend to be slower than tools that don’t attempt to maintain anonymity. Accessing a website over Tor usually takes longer than accessing that same site over the regular Internet. David Chaum, a well-known and previously (I’ll get to that in a second) well-respected cryptographer is promising a new “anonymity” tool that doesn’t suffer from the performance issues of popular tools such as Tor:

With PrivaTegrity, Chaum is introducing a new kind of mix network he calls cMix, designed to be far more efficient than the layered encryption scheme he created decades ago. In his cMix setup, a smartphone communicates with PrivaTegrity’s nine servers when the app is installed to establish a series of keys that it shares with each server. When the phone sends a message, it encrypts the message’s data by multiplying it by that series of unique keys. Then the message is passed around all nine servers, with each one dividing out its secret key and multiplying the data with a random number. On a second pass through the nine servers, the message is put into a batch with other messages, and each server shuffles the batch’s order using a randomized pattern only that server knows, then multiplies the messages with another random number. Finally, the process is reversed, and as the message passes through the servers one last time, all of those random numbers are divided out and replaced with keys unique to the message’s intended recipient, who can then decrypt and read it.

Sounds good, doesn’t it? Chaum even claims PrivaTegrity is more secure than Tor. But as it turns out this “anonymity” tool isn’t effective because it allows third parties to unveil the identity of users:

On top of those security and efficiency tricks, PrivaTegrity’s nine-server architecture—with a tenth that works as a kind of “manager” without access to any secret keys—also makes possible its unique backdoor decryption feature. No single server, or even eight of the nine servers working together, can trace or decrypt a message. But when all nine cooperate, they can combine their data to reconstruct a message’s entire path and divide out the random numbers they used to encrypt it. “It’s like a backdoor with nine different padlocks on it,” Chaum says.

[…]

“It’s like the UN,” says Chaum. “I don’t think a single jurisdiction should be able to covertly surveil the planet…In this system, there’s an agreement on the rules, and then we can enforce them.”

One Key to rule them all, One Key to find them, One Key to bring them all and in the darkness spy on them.

You know who else had an agreement on the rules? The Nazis! Put down the Godwin brand pitchforks, that was purposeful hyperbole. My point is agreement on the rules is meaningless fluff just as his claim that no single jurisdiction should be able to surveil the planet. By implementing a backdoor he has made his network a single jurisdiction capable of surveilling everybody who uses it. His network is also the rule maker. The only reason I would shy away from calling PrivaTegrity a government is because it still outsources enforcement to the State by handing over identifiable information of users deemed guilty by the Nazgûl. PrivaTegrity isn’t about protecting the identity of every user, it’s about protecting the identity of favored users.

This backdoor capability also means PrivaTegrity is less secure than Tor since Tor doesn’t have a built-in method to reveal the identity of users. Every major government in the world will try to compromise PrivaTegrity if it every comes into wide usage. And due to the existence of a backdoor those efforts will bear fruit. Whether compromising the servers themselves, buying off the administrators of the servers, or by other means it will only be a matter of time until governments find a way to utilize the built-in backdoor for their own purposes. That is why the mere existence of a backdoor renders an anonymity tool ineffective.

The only upside to PrivaTegrity is that the existence of a backdoor almost guarantees nobody will adopt it and therefore when it’s compromised nobody will be put in danger.

Political Victories Are Only Temporary Victories

I hate redoing work. This is part of the reason I don’t pursue politics. Any political victory is only a temporary victory. At some future point the victory you achieved will be undone. The Cybersecurity Information Sharing Act (CISA) is just the latest example of this. If you go through the history of the bill you will see it was introduced and shutdown several times:

The Cybersecurity Information Sharing Act was introduced on July 10, 2014 during the 113th Congress, and was able to pass the Senate Intelligence Committee by a vote of 12-3. The bill did not reach a full senate vote before the end of the congressional session.

The bill was reintroduced for the 114th Congress on March 12, 2015, and the bill passed the Senate Intelligence Committee by a vote of 14-1. Senate Majority Leader Mitch McConnell, (R-Ky) attempted to attach the bill as an amendment to the annual National Defense Authorization Act, but was blocked 56-40, not reaching the necessary 60 votes to include the amendment. Mitch McConnell hoped to bring the bill to senate-wide vote during the week of August 3–7, but was unable to take up the bill before the summer recess. The Senate tentatively agreed to limit debate to 21 particular amendments and a manager’s amendment, but did not set time limits on debate. In October 2015, the US Senate took the bill back up following legislation concerning sanctuary cities.

If at first you don’t succeed, try, try again. This time the politicians attached CISA to the budget, which as we all know is a must pass bill:

Congress on Friday adopted a $1.15 trillion spending package that included a controversial cybersecurity measure that only passed because it was slipped into the US government’s budget legislation.

House Speaker Paul Ryan, a Republican of Wisconsin, inserted the Cybersecurity Information Sharing Act (CISA) into the Omnibus Appropriations Bill—which includes some $620 billion in tax breaks for business and low-income wage earners. Ryan’s move was a bid to prevent lawmakers from putting a procedural hold on the CISA bill and block it from a vote. Because CISA was tucked into the government’s overall spending package on Wednesday, it had to pass or the government likely would have had to cease operating next week.

Sen. Ron Wyden, a Democrat of Oregon, said the CISA measure, which backers say is designed to help prevent cyber threats, got even worse after it was slipped into the 2,000-page budget deal (PDF, page 1,728). He voted against the spending plan.

All those hours invested in the political process to fight CISA were instantly rendered meaningless with the passage of this bill. However, the bill can be rendered toothless. CISA removes any potential liability from private companies that share customer data with federal agencies. So long as private companies don’t have actionable information to share the provisions outlined in CISA are inconsequential. As with most privacy related issues, effective cryptography is the biggest key. Tools like Off-the-Record (OTR) messaging, OTR’s successor Multi-End Message and Object Encryption (OMEMO), Pretty Good Privacy (PGP), Transport Layer Security (TLS), Tor, and other cryptographic tools designed to keep data private and/or anonymous can go a long ways towards preventing private companies from having any usable data to give to federal agencies.

In addition to effective cryptography it’s also important to encourage businesses not to cooperate with federal agencies. The best way to do this is to buy products and services from companies that have fought attempts by federal agencies to acquire customer information and utilize cryptographic tools that prevent themselves from viewing customer data. As consumers we must make it clear that quislings will not be rewarded while those who stand with us will be.

Effective cryptography, unlike politics, offers a permanent solution to the surveillance problem. It’s wiser, in my opinion, to invest the time you’d otherwise waste with politics in learning how to properly utilize tools that protect your privacy. While your political victories may be undone nobody can take your knowledge from you.

Fascism Returns To Europe

I know what you’re thinking, fascism never left Europe. It’s true but it has been hidden under euphemisms like emergency powers, social democracies, and parliamentary procedures. But France is finally throwing off the visage of liberty, equality, and fraternity. With the Paris attacks as the excuse the French government is moving to silence those who would question it:

According to leaked documents from the Ministry of Interior the French government is considering two new pieces of legislation: a ban on free and shared Wi-Fi connections during a state of emergency, and measures to block Tor being used inside France.

The documents were seen by the French newspaper Le Monde. According to the paper, the new bills could be presented to parliament as soon as January 2016. The new laws are presumably in response to the attacks in Paris last month where 130 people were murdered.

The first proposal, according to Le Monde, would forbid free and shared Wi-Fi during a state of emergency. The new measure is justified by way of a police opinion, saying that it’s tough to track people who use public hotspots.

The second proposal is a little more gnarly: the Ministry of Interior is looking at blocking and/or forbidding the use of Tor completely. Blocking people from using Tor within France is technologically quite complex, but the French government could definitely make it difficult for the average user to find and connect to the Tor network. If the French government needs some help in getting their blockade set up, they could always talk to the only other country in the world known to successfully block Tor: China, with its Great Firewall.

This is just another feather in the hat of fascism that already includes detaining activists in their homes so they can’t exercise their supposed right to free speech and targeting members of a minority religion. But the target of these measures is very clear: removing the anonymity of the people the French government wishes to target.

Fortunately the French government is setting itself up for failure. Tor has proven to be a difficult target for tyrannical governments to suppress. Every time an effective means of censoring Tor traffic is implemented a workaround is also implemented. Open Wi-Fi access points are easy to shutdown until the network is decentralized. Finding and shutting down every node in a large mesh network would be extremely expensive. In addition to taking a great deal of time and money it would also divert a sizable amount of labor from other suppression activities. And there’s no guarantee the French government would be able to find and tear down new nodes faster than activists could replace them. If the people of France are smart they’ll start working on their own version of Guifi.net.

Guns, Weed, and Crypto

Because I advocate apolitical action to achieve change in the world I periodically get political types snidely asking, “Well what have you done for liberty?” It’s a fair question. My recent efforts have been primarily focused on teaching people how to defend themselves online. Fortunately I’m not alone. I’ve been working with some phenomenal people to run CryptoPartyMN, and organization created specifically to teach people how to use security means of communications.

Our work hasn’t gone unnoticed either. A few weeks ago James Shiffer from the Star Tribune contacted us. He was working on an article covering Crypto War II and wanted to interview members of CryptoPartyMN to understand the counterarguments to the State’s claims that effective cryptography puts everybody at risk. In addition to interviewing several of us he also attended the last CryptoParty. The result was this article. As you can tell from the article we’ve got everything you could possibly want:

The three CryptoParty presenters were Burg, 32, a Twin Cities software developer and Second Amendment supporter whose blog is called “A Geek With Guns.” The two others are cannabis activists Cassie Traun, 26, an IT professional who “never really trusted the government,” and Kurtis Hanna, 30, an unsuccessful candidate for Minneapolis mayor and state Legislature who said he became interested in the issue after the revelations of NSA spying.

Guns, weed, and crypto. Between the three of us we’ve got pretty much every important freedom issue covered!

So, yeah, that’s one of the things I’ve been up to.

You Can’t Vote Your Way To Libertarianism

Are you a libertarian? Are you politically active? If you answered yes to both questions then I have a question for you: why? I came across a good article by Jason Farrell that addresses the contradiction of political libertarianism:

There’s a good reason libertarians remain at the ideological fringe: “Libertarian politics” is a contradiction in terms. Libertarianism is not a third party, like the Know-Nothings or the Whigs or a prescription of policy tweaks to make the government more efficient. It is a distinct value system that abhors political power itself, even if some of its adherents consider power a necessary evil.

Libertarians may disagree whether the state should be abolished or minimized, but the difference matters little to the average American: Both seem frighteningly outside his own experience. Even the most moderate libertarians will wax poetic about ending intellectual property or privatizing the welfare system. Moreover, virtually all voters are deeply invested in government services they have come to depend on, and libertarians have been unable to present hypothesized private-sector alternatives while the state forces dependence upon itself. Conceptually, libertarians are on a page that most people find bizarre.

Libertarianism is best understood as the latest in a long line of radical liberation ideologies, rooted in the principles of natural law and individualism, that have provided the intellectual basis for rebellion since the American Revolution. It is a reaction to the perpetual expansion of government power in the U.S. and its frequent abuses. But radicalism, by definition, is immoderate and cannot compromise its way to reforms. Rather than moving toward the “Overton window” of public opinion by moderating controversial views (as Rand Paul attempted), radicals must pull public opinion towards their own viewpoints. Rand’s straying from libertarian principles means that he likely has little unique appeal even for the tiny libertarian electorate his father created. David Boaz’s research shows that 70% of libertarian-leaning voters went with Mitt Romney over Gary Johnson in 2012, so we know even libertarians who believe in politics are willing to blunt their own sword.

Libertarianism is a radical ideology and therefore doesn’t enjoy popular support. Politics is a popularity contest. If your candidate doesn’t support the views of the majority of voters then they’re not going to get elected. And one need only look at some of the more popular presidential candidates to see what the majority supports.

The current frontrunner for the Republican Party is Donald Trump. Trump is a raging asshole. If it were up to him Muslims would probably be wearing armbands. Ben Caron, another popular Republican candidate, believes the pyramids were funny shaped grain silos.

On the other side of the field we have Bernie Sanders. Sanders spends most of his time bitching about economics, a field he demonstrably knows absolutely nothing about. He also supports dropping bombs on foreigners, which is something he shares with Hillary Clinton who is his primary competitor.

So the majority of voters want a candidate who will blow up foreigners, promise them free shit, or believes archeology is a made up science. They’re not interested in freedom. Quite the opposite in fact. They enjoy their comfortable slavery.

This is usually where some political libertarian tells me that victory can be achieved by slowly moving the political needle towards libertarianism. They will say Rand Paul isn’t perfect but he’s palatable to the masses. According to them his victory will show Americans that a tiny bit of freedom doesn’t hurt. This will supposedly make them receptive to a little more freedom when the next election rolls around. I’ve seen absolutely no proof of this. In fact my observations lead me to believe the opposite is true. The masses are always a crisis away from accepting more chains to wrap them in the false feeling of safety. Maybe the needle moves so slowly I can’t perceive it. If that’s the case I’ll be dead before any perceivable freedom is gained so what’s the point?

Politics is a lost cause for libertarianism just as it is for any radical philosophy. Instead you’re better off taking direct action to advance freedom:

Instead, libertarians might be more useful as single-issue activists and innovators. While U.S. politicians fail to shrink government, individualists like Erik Voorhees, Cody Wilson, Peter Thiel and the pseudonymous Satoshi Nakamoto are using technology to forge a new path. Time will tell exactly where that leads. But Rand’s decline underlines the fact that libertarian ethics predicate disruption and revolution, not moderation and compromise. As such, it is unlikely to ever get big votes in American politics.

Cody Wilson and Satoshi Nakamoto accomplished more for freedom than Rand Paul ever will. Wilson showed the world how technological advancements will overcome restrictions against self-defense. Nakamoto gave the world a functioning alternative currency that is highly resistant to centralized control. Disarming citizens and controlling their money are two of the State’s biggest tools for dominating people.

Direct action, unlike politics, has the advantage of not needing popular support. Most people probably don’t support Wilson’s efforts to make firearms easy accessible or Nakamoto’s, probably inadvertent, contribution to empowering the underground economy. But the masses were powerless to stop either of them just as they were powerless to stop Dread Pirate Roberts from building and operating an online market for illicit substances. Even when the State managed to take him down nothing was really accomplished because alternatives sprang up like wildfire. The man that started the first major hidden service marketplace might have been taken down but the idea can’t be destroyed. Hell, the idea is only advancing. Now efforts are being made by projects such as OpenBazaar to create decentralized online marketplaces, which will be even more resilient to government interference.

Freedom is advancing but not because of libertarian politics. It’s advancing because people unwilling to accept their chains chose to rebel. If you’re willing to rebel you too can play an active role in advancing freedom. But if you’re only willing to beg the masses to see things your way you’re doomed to fail. The masses don’t want what you’re selling.