22 December 2013

FYI HTTPS

From thread on White House report on NSA spying:

List-Archive: http://cpunks.org/pipermail/cypherpunks/
List-Post: <cypherpunks[at]cpunks.org>
List-Subscribe: https://cpunks.org/mailman/listinfo/cypherpunks

Date: Sun, 22 Dec 2013 08:32:58 -0500
To: cypherpunks[at]cpunks.org
From: John Young <jya[at]pipeline.com>
Subject: Re: FYI

Coderman wrote:

"Liberty and Security In A Changing World"
If it's the NSA review group report, it can also be found at Cryptome:
http://cryptome.org/2013/12/obama-nsa-report.pdf

indeed. though this does bring up another question:
i wonder if JYA will ever give in and support httpS?
... it would at least avoid trivial plaintext observation.

We did in October 2012 for acessing a few files:

https://secure.cryptome.us

Looks like a joke, right?

Rigging the whole site for https would require labor beyond our diddly life-support system. And cheat the visitors with sleight of clickery.

But there's more to this than sloth. Cryptome does not offer security on the premise -- learned here, there and everywhere HTTPS Everywhere promises -- that Internet, telecom, whole wide world users need to learn, be forced to learn, to provide their own security and to never ever trust those who promise it for them.

Sysadmins and website operators spy viciously, all of them, and it is a villainous -- business-like -- to offer security in the same way spies do, as lure, trick and trap. Whenever a sec system is invented that does not require sysadmins, bosses and investors, with reliance upon government funding for success, then it may be possible to rely upon it for a single test, then abandon.

Comsec is a racket, remember rule 0. RSA and NSA are merely the latest to be pilloried to hide the pillorers' complicity.

As discussed repeatedly, here, and at the winetasting blood of christ, this treachery was known long ago, hey, Jude, bitch about it for a while, then get on with doing it with new wine in old bottles means and methods.

Which does raise the question: what the fuck is Cryptome up to? Confession, har, hold a congressional hearing for that, then read a slicker expose about the slick expose.

First, confessions are lies told to confessors who share the gossip with cohorts to rig fancier recording booths.

Second, truth telling is as deceptive as comsec, salvation and honesty.

Third, all security is corrupt like comms systems and cipher systems -- deception is a synonym for security, security a synonym for thievery by confidence gaming, confidence a synonym for terrifying the populace in order to sell faulty protection -- perfect protection kills the market.

Finally, it should be be obvious, at least here, that HTTPS is horse puckey. Any widely used means of security -- comsec to natsec, anonymizers to Tor -- is compromised at birth and by lifetime economic life-support systems, that is why it is widely promoted, used and abused -- and very profitable.

"Electronic freedom," now that is ingenious cover-up of absolutely no way to protect against EM compromise. Like juxtaposing, embedding, Liberty with Security.