A Geek With Guns

Chronicling the depravities of the State.

Archive for the ‘Technology’ tag

Technology to the Rescue

without comments

One of the reasons that the State fails to maintain its control is because it’s competing with the creative potential of every human on Earth. Let’s take the drug war. The federal government of the United States has been dealt significant blows in its crusade against cannabis in recent years as individual states have legalized consumption of the plant either entirely or in approved manners. Hoping to regain some semblance of control, the feds tried to use their influence on the banking industry to make life difficult for cannabis related businesses. However, the centralized banking system isn’t as powerful as it once was:

Enter bitcoin, the cryptocurrency that consists of digital coins “mined” by computers solving increasingly complex math problems. At least two financial-technology startups, POSaBIT and SinglePoint Inc., use the cryptocurrency as an intermediate step that lets pot connoisseurs use their bank-issued credit cards to buy weed.

[…]

Once a customer decides on which marijuana product to buy, an employee asks if he or she would like to use cash or digital currency, Lai said. If the buyer prefers the latter, the Trove employee explains that the customer can use a credit card to buy bitcoin through a POSaBIT kiosk, with a $2 transaction fee tacked on.

The customer, who would now own bitcoin equal to the value of the purchase, can then redeem the currency in the store. Or the buyer can keep their bitcoin and use it anywhere else that accepts the currency. If the customer finishes the purchase in the store, POSaBIT, which pockets the transaction fee, then sends the value in U.S. dollars to Trove’s bank account.

Cryptocurrencies have been making the State red in the face ever since the first person realized that they could be combined with hidden services to perform anonymous online transactions. Now they’re disrupting the fed’s war on drugs in the physical world in states where cannabis has been legalized.

Cryptocurrencies are a technology gun stores should also be looking into. Banks have been closing the accounts of many businesses tied to the gun market. Technologies like Bitcoin and Ethereum could allow these businesses to circumvent the need for centralized banks by either utilizing an intermediary like the cannabis industry is starting to do or by being a direct store of wealth outside of a third party’s control.

Written by Christopher Burg

June 15th, 2017 at 11:00 am

Now You Can Vote Harder

without comments

The security of voting has always been a joke. The people counting the votes could always manipulate the results, boxes of ballots could disappear, voters could vote more than once pretty easily, etc. Electronic voting machines could have solved many of these issues. Instead they are merely continuing the tradition of terrible security:

A 29-year-old former cybersecurity researcher with the federal government’s Oak Ridge National Laboratory in Tennessee, Lamb, who now works for a private internet security firm in Georgia, wanted to assess the security of the state’s voting systems. When he learned that Kennesaw State University’s Center for Election Systems tests and programs voting machines for the entire state of Georgia, he searched the center’s website.

“I was just looking for PDFs or documents,” he recalls, hoping to find anything that might give him a little more sense of the center’s work. But his curiosity turned to alarm when he encountered a number of files, arranged by county, that looked like they could be used to hack an election. Lamb wrote an automated script to scrape the site and see what was there, then went off to lunch while the program did its work. When he returned, he discovered that the script had downloaded 15 gigabytes of data.

[…]

Within the mother lode Lamb found on the center’s website was a database containing registration records for the state’s 6.7 million voters; multiple PDFs with instructions and passwords for election workers to sign in to a central server on Election Day; and software files for the state’s ExpressPoll pollbooks — electronic devices used by pollworkers to verify that a voter is registered before allowing them to cast a ballot. There also appeared to be databases for the so-called GEMS servers. These Global Election Management Systems are used to prepare paper and electronic ballots, tabulate votes and produce summaries of vote totals.

The files were supposed to be behind a password-protected firewall, but the center had misconfigured its server so they were accessible to anyone, according to Lamb. “You could just go to the root of where they were hosting all the files and just download everything without logging in,” Lamb says.

Login passwords posted where they’re publicly accessible? That sounds like fun. Oh, and the site is running an old version of Drupal, which means it has plenty of vulnerabilities for malicious individuals to exploit. With this information in hand it might be possible for a malicious hacker to actually vote hard enough to change the results of an election.

What lessons can be taken away from this? The most obvious lesson is that the Georgia government doesn’t give a shit about security. With how important statists claim voting is you would think that hiring a few security researchers to verify the security of purchased voting machines and the systems they rely on would have been at the top of Georgia’s list. Apparently it wasn’t on the list at all. The second lesson that one could take away from this is that voting is meaningless. Not only are you more likely to die on your way to your polling place than to change the election with your vote but the security of the voting process is so terrible that there’s every reason to believe that your vote won’t be counted or will be counted incorrectly.

Written by Christopher Burg

June 15th, 2017 at 10:30 am

The Dangers of Insecure Internal Networks

without comments

It’s fairly well known that internally telephone networks operate on an insecure protocol called Signaling System 7 (SS7). How insecure is SS7? It has no mechanism for authentication so anybody able to access a network using SS7 can manipulate it. As you can imagine, gaining access to a global network that has no real authentication mechanism isn’t terribly difficult.

Security researchers have been warning about the dangers of SS7 for ages now but the telecom industry has shown little motivation to transition away from the insecure protocol. Now there is a Tor hidden service that claims to sell the ability to track individual phones using the SS7 protocol:

For years, experts have warned of vulnerabilities in the network that routes phone calls and cellular service — but those attacks may be more widespread than anyone realized. For more than a year, a Tor Hidden Service has been offering ongoing access to telecom’s private SS7 network for as little as $500 a month. Combined with known vulnerabilities, that access could be used to intercept texts, track the location of an individual phone, or cut off cellular service entirely.

Accessible on Tor at zkkc7e5rwvs4bpxm.onion, the “Interconnector” service offers a variety of services charged as monthly fees, including $250 to intercept calls or texts, $500 for full access, or $150 for cellphone reports (including location data and IMSI numbers). Well-heeled users can even pay $5,500 for direct access to the SS7 port, billed as “everything you need to start your own service.”

I checked the hidden service address and it appears that the site either went darker or never had much in the way of public information. Now it only lists an XMPP address to contact. However, while the service may or may not actually provide what it claims, the fact that it technically could offer such services should give people cause for concern.

SS7 is another example of the insecure legacy protocol that operates critical infrastructure. Considering the number of these legacy protocols being used to operate critical infrastructure, it’s a wonder that there aren’t more stores like this one.

Written by Christopher Burg

June 14th, 2017 at 10:00 am

Government Holds Everything Back

without comments

What if I told you that we could have had cellular technology as far back as 1947 if the government hadn’t interfered? You’d probably label me a cooky conspiracy theorist and file me with the people who say that we could have had electric cars decades ago if it weren’t for oil companies. But a conspiracy theory ceases to be a theory when it turns out to be true:

When AT&T wanted to start developing cellular in 1947, the FCC rejected the idea, believing that spectrum could be best used by other services that were not “in the nature of convenience or luxury.” This view—that this would be a niche service for a tiny user base—persisted well into the 1980s. “Land mobile,” the generic category that covered cellular, was far down on the FCC’s list of priorities. In 1949, it was assigned just 4.7 percent of the spectrum in the relevant range. Broadcast TV was allotted 59.2 percent, and government uses got one-quarter.

Television broadcasting had become the FCC’s mission, and land mobile was a lark. Yet Americans could have enjoyed all the broadcasts they would watch in, say, 1960 and had cellular phone service too. Instead, TV was allocated far more bandwidth than it ever used, with enormous deserts of vacant television assignments—a vast wasteland, if you will—blocking mobile wireless for more than a generation.

The Fascist Communications Club Federal Communications Commission (FCC) was granted a monopoly on electromagnetic spectrum by the United States government (or, in other words. the government granted a monopoly to itself). Through this monopoly the FCC enjoyed and still enjoys life or death powers over a great deal of technology. Back in 1947 when AT&T wanted to develop cellular technology the FCC decided the technology should die. As television became more popular the FCC decided that the technology should live. It didn’t matter that there was enough spectrum for both technologies to coexist, the FCC wanted one to live and the other to die so it was made so.

The FCC’s power isn’t unique, it’s the inevitable result of any monopolized authority. Cannabis, a plant that shows a great deal of promise in the medical field, is prohibited because the United States government has a monopoly on what you can and cannot legally put into your own body. A lot of drugs and other medical technologies either don’t make it into the United States or are delayed for years because the Food and Drug Administration (FDA) has been given a monopoly on deciding which medical technologies are legal and illegal.

Written by Christopher Burg

June 13th, 2017 at 11:00 am

The Future is Bright

without comments

A writer at The Guardian, which seems to be primarily known for propagating left-wing statist propaganda, has shown a slight glimmer of understanding. While neoconservatives and neoliberals fight for power over other people, crypto-anarchists have been busy working in the shadows to develop technology that allows individuals to defend themselves from the State:

The rise of crypto-anarchism might be good news for individual users – and there are plenty working on ways of using this technology for decent social purposes – but it’s also bad news for governments. It’s not a direct path, but digital technology tends to empower the individual at the expense of the state. Police forces complain they can’t keep up with new forms of online crime, partly because of the spread of freely available encryption tools. Information of all types – secrets, copyright, creative content, illegal images – is becoming increasingly difficult to contain and control. The rash of ransomware is certainly going to get worse, exposing the fragility of our always connected systems. (It’s easily available to buy on the dark net, a network of hidden websites that are difficult to censor and accessed with an anonymous web browser.) Who knows where this might end. A representative from something called “Bitnation” explained to Parallel Polis how an entire nation could one day be provided online via an uncontrollable, uncensorable digital network, where groups of citizens could club together to privately commission public services. Bitnation’s founder, Susanne Tarkowski Tempelhof, hopes Bitnation could one day replace the nation state and rid us of bureaucrats, creating “a world of a million competing digital nations”, as she later told me.

The biggest threat to statism is individual empowerment. While technology is a two-edged sword, serving both the State and individuals without concern for either’s morality, it is difficult to argue that it hasn’t greatly helped empower individuals.

A combination of Tor hidden services and cryptocurrencies have done a great deal to weaken the State’s drug war by establishing black markets where both buyers and sellers remain anonymous. Weakening the drug war is a significant blow to the State because it deprives it of slave labor (prisoners) and wealth (since the State can’t use civil forfeiture on property it can’t identify).

Tor, Virtual Private Networks (VPN), Hypertext Transfer Protocol Secure (HTTPS), Signal, and many other practical implementations of encryption have marvelously disrupted the State’s surveillance apparatus. This also cuts into the State’s revenue since it cannot issue fines, taxes, or other charges on activities it is unaware of.

3D printers, although still in their infancy, are poised to weaken the State’s ability to restrict objects. For example, the State can’t prohibit the possession of firearms if people are able print them without the State’s knowledge.

But if the State disables the Internet all of these technologies fall apart, right? That would be the case if the Internet was a centralized thing that the State could disable. But the Internet is simply the largest network of interconnected networks. Even if the State shutdown every Internet Service Provide (ISP) in the world and cut all of undersea cables, the separated networks will merely have to be reconnected. That is where a technology like mesh networking could come into play. Guifi.net, for example, is a massive mesh network that spans Catalonia. According to the website, there are currently 33,191 operating nodes in the Guifi.net mesh. Shutting down that many nodes isn’t feasible, especially when they can be quickly replaced since individual nodes are usually cheap off-the-shelf Wi-Fi access points. Without the centralized Internet a span of interconnected mesh networks could reestablish global communications and there isn’t much the State could do about it.

Statism has waxed and waned throughout human history. I believe we’re at a tipping point where statism is beginning to wane and I believe advances in individual empowering technologies are what’s diminishing it. Voting won’t hinder the State. The Libertarian Party won’t hinder the State. Crypto-anarchists, on the other hand, have a proven track record of hindering the State and all signs point to them continuing to do so.

It’s Not Your Data When It’s in The Cloud

without comments

I’ve annoyed a great many electrons writing about the dangers of using other people’s computer (i.e. “the cloud”) to store personal information. Most of the time I’ve focused on the threat of government surveillance. If your data is stored on somebody else’s computer, a subpoena is all that is needed for law enforcers to obtain your data. However, law enforcers aren’t the only threat when it comes to “the cloud.” Whoever is storing your data, unless you’ve encrypted it in a way that make it inaccessible to others before you uploaded it, has access to it, which means that their employees could steal it:

Chinese authorities say they have uncovered a massive underground operation involving the sale of Apple users’ personal data.

Twenty-two people have been detained on suspicion of infringing individuals’ privacy and illegally obtaining their digital personal information, according to a statement Wednesday from police in southern Zhejiang province.

Of the 22 suspects, 20 were employees of an Apple “domestic direct sales company and outsourcing company”.

This story is a valuable lesson and warning. Apple has spent a great deal of time developing a reputation for guarding the privacy of its users. But data uploaded to its iCloud service are normally stored unencrypted so while a third-party may not be able to intercept en route, at least some of Apple’s employees have access to it.

The only way you can guard your data from becoming public is to either keep it exclusively on your machines or encrypt it in such a way that third parties cannot access it before uploading it to “the cloud.”

Written by Christopher Burg

June 9th, 2017 at 10:00 am

Keybase Client

without comments

Keybase.io started off as a service people could use to prove their identity using Pretty Good Privacy (PGP). I use it to prove that I own various public accounts online as well as this domain. Back in February the Keybase team announced a chat client. I hadn’t gotten around to playing with it until very recently but I’ve been impressed enough by it that I feel the need to post about it.

Keybase’s chat service has a lot of similarities to Signal. Both services provided end-to-end encrypted communications, although in slightly different ways (Keybase, for example, doesn’t utilize forward secrecy except on “self-destructing” messages). However, one issue with Signal is that it relies on your phone number. If you want to chat on Signal with somebody you have to give them your phone number and they have to give you theirs. This reliance on phone numbers makes Signal undesirable in many cases (such as communicating with people you know online but not offline).

Keybase relies on your proven online identities. If you want to securely talk to me using Keybase you can search for me by using the URL for this website since I’ve proven my ownership of it on Keybase. Likewise, if you want to securely talk to somebody on Reddit or Github you can search for their user names on those sites in Keybase.

Another nice feature Keybase offers is a way to securely share files. Each user of the Keybase client gets 10GB of storage for free. Any data added to your private folder is encrypted in such a way that only you can access the files. If you want to share files amongst a few friends the files can be encrypted in a way that only you and those designated friends can access them.

On the other hand, if you’re into voice and video calls, you’re out of luck. Keybase, unlike Signal, currently supports neither and I have no idea if there are plans to implement them in the future. I feel that it’s also important to note that Keybase, due to how new it is, hasn’t undergone the same level of rigorous testing as Signal has so you probably don’t want to put the same level of trust in it yet.

Written by Christopher Burg

June 8th, 2017 at 11:00 am

What Happens When You Rely on a Third Party for Revenue

with 2 comments

Earlier this year many gun channels on YouTube reported that their videos were suddenly disqualified from receiving ad revenue. This change in policy happened without warning and the rules established by YouTube were vague to say the least. In the hopes of appeasing both advertisers and content creators, YouTube attempted to clarify its rules. But if you read YouTube’s guidelines you’ll notice that they remain incredibly vague.

A lot of people have been screaming about free speech but that’s irrelevant. YouTube is a private entity and therefore can make whatever rules it wants. The real issue here is relying on a third party for revenue.

There are two ways content creators can guard their income from arbitrary rule changes made by their hosts. The first is having a contractual agreement where the host can face penalties if they arbitrarily change the terms. The second, and this is the one I generally prefer, is to host their own material on their own systems. This is what I do with this blog (and every other service I rely on). If you own everything you get to make the rules. If, for example, I decided to monetize this site, there would be no way for a third party to cut of my revenue by changing the rules.

YouTube looks like a sweet deal because content creators can put their material online without facing the costs of hosting the material themselves. But there ain’t no such thing as a free lunch. The price content creators pay for using YouTube is being entirely at the mercy of its one-sided user agreement, which can be changed at any moment without prior notice being given. Content creators can scream about free speech or censorship or whatever else makes them feel oppressed. But they only have themselves to blame because they put themselves into a position where their revenue source could be cut off by a third party at any moment.

Written by Christopher Burg

June 2nd, 2017 at 11:30 am

What Could Kill Bitcoin

with 2 comments

I greatly appreciate Bitcoin. By enabling pseudonymous transactions it has made many forms of commerce, specifically those deemed illegal by various governments, easier. It also offers an opportunity for individuals to conceal at least some of their wealth from the State. However, Bitcoin exists in a market environment, which means a superior competing product could come along at any moment and topple it.

When Bitcoin first came on the scene its community promised low transaction fees. They often compared the transaction fees of, say, Western Union to the miner fees of Bitcoin for sending money across the globe. At the time sending money via Bitcoin was significantly cheaper.

Fast forward to today. The price of sending Bitcoin has skyrocketed. If you want a Bitcoin transaction to clear in a reasonable amount of time you’re looking at a transaction fee of over $2.00 (as of this writing). Why is this? It’s because the Bitcoin network is running into a block size ceiling problem. This problem has created an environment where more transaction are being made then can be processed so convincing miners to process your transaction requires offering a significant reward. No problem, right? It’s just the market at work after all.

It’s true, Bitcoin’s current state is an example of supply and demand. Demand has exceeded the supply of miners so the price to get transactions cleared has increased. But markets are finicky things. If enough people decide that they’re unwilling to spend $2.00 on a transaction fee for a $5.00 coffee they’re going to look for a better solution. Bitcoin isn’t the only cryptocurrency in town so failing to address the block size ceiling problem will likely encourage consumers to find an alternate cryptocurrency.

Considering this you would think that the Bitcoin community is working diligently to solve the problem, right? As it turns out, not so much. Now a lot of the Bitcoin community is changing its tune. Instead of addressing the issue they are denying the fact that low transaction fees were a selling feature of Bitcoin not too long ago. In addition to denying the past they’re trying to explain how high transaction fess are acceptable. I highly doubt most consumers see the “wisdom” in paying a $2.00 transaction fee to buy a $5.00 espresso at Starbucks. And that’s the thing, for a cryptocurrency to succeed it needs to be useful.

I can hear some Bitcoin advocate saying, “But, Chris, Bitcoin will simply become the new gold while another cryptocurrency will become its silver!” Gold and silver run into a divisibility problem. You can only divide gold so far until it becomes difficult to use. Nobody is going to pay for a coffee using gold dust because it’s a pain in the ass. Instead they use a less valuable metal, silver, for smaller payments. Cryptocurrencies don’t have this problem. You can divide a cryptocurrency down to as many decimal places as you want and it’ll be equally easy to use. Whether a cup of coffee costs me 1 Bitcoin or 0.000001 Bitcoin doesn’t make a usability difference to me. This means that any cryptocurrency that takes over Bitcoin’s current task of handling small transactions will likely rise to dominance overall.

Governments have been unable to destroy Bitcoin but the unwillingness of its community to address technical problems very well could lead to its destruction.

Written by Christopher Burg

June 1st, 2017 at 10:00 am

Hiding Public Records in the Private Sector

without comments

Axon, the company formerly known as Taser, announced that it would give free body cameras and one year of online video storage to any department in the United States for one year. This seems like a phenomenal deal but there ain’t no such thing as a free lunch. The deal is meant to make Axon money and to please its biggest customers, the police:

But isn’t just video. Police agencies and local governments are using Evidence.com to store other evidence, too. Defense attorney Rick Horowitz recently put up a post about how in order to access discovery in a case, the district attorney told him to log on to the website. And in order to log on, Horowitz had to sign this user agreement:

You consent to Axon’s access and use of the Account Content in order to….improve Axon’s Products and Services. In addition, for content that is covered by intellectual property rights, like photos and videos (“IP Content”), you specifically give us the following permission: you grant us a non-exclusive, transferable, irrevocable, royalty-free, sub-licensable, worldwide license to use any IP Content that you post on or in connection with the Services (IP License).

[…]

Second, this isn’t just any public record. We’re talking about evidence in criminal investigations. To have that evidence stored on servers owned by a private company creates some bad incentives. The company’s primary client isn’t the public; it’s the police agency. And it’s primary interest isn’t just outcomes in courtrooms; it’s keeping the client happy. For example, the company might win favor with police agencies — for example, allowing officers to take certain liberties with body camera video in a way that keeps the courts or opposing attorneys in the dark.

Body cameras were sold as a tool for police accountability but it has become clear that they were meant to collect evidence that the State can use to prosecute more individuals. Axon’s primary customer is the State and therefore it is incentivized to help the State use body cameras to collect evidence against individuals while not allowing the footage to be used to hold police accountable.

People often wonder why the State empowered corporations so much. At one point I thought it was primarily a protection racket, the State offers corporations extra legal privileges in exchange for money. But now I’m starting to think that the primary purpose was so the State could conceal its dirty laundry from the public by hiding behind the shield of the private sector. Remember, the State has given you permission to file a Freedom of Information Act (FOIA) request against it but not against a private entity. So long as it can give a corporation the job of hiding information the State can rightfully say that it has no information pertaining to your FOIA request.

Written by Christopher Burg

May 16th, 2017 at 10:30 am