[Chugalug] Am I Paranoid?

Dan Lyke danlyke at flutterby.com
Wed Sep 11 16:02:07 UTC 2013


On Wed, 11 Sep 2013 08:25:31 -0700 (PDT)
Peter Veotsch <petveot at yahoo.com> wrote:
> Just to clarify a small point, I only looked at Glenn Greenwald's
> key, I didn't download it.

So two points:

1. Yes you're being paranoid. I'm outraged at the levels of NSA
   surveillance, but give what's been released so far there's no way
   they're crashing people who've looked at Greenwald's keys. For one
   thing, what would they gain from that? If they have that ability,
   much better to silently monitor what you do in the background.

   But the actual machine exploits that have been revealed so far have
   largely been extremely targeted.

2. You downloaded Greenwald's key. In order to view his key, it was
   transferred from his server to your computer, where your browser
   probably cached it, and then displayed it.

This is one of the reasons that many of us computer geeks are very wary
of, for instance, the fact that simple possession of child pornography
is a crime that'll do huge damage to your life. Not that any of us
condone child abuse or the people who share evidence of it, but because
I can put files on your computer that you don't know are there, that
law enforcement can then find.

One way to do that: Take an illicit image. Create a legitimate web page
that includes that image as <img src="kiddieporn.jpg" width="1"
height="1">, wait for you to hit that legit web page, kick down your
door, find kiddieporn.jpg in your browser cache, tell you we'd love to
give you a nice plea deal if you'll just testify against your neighbor
in this unrelated case...

> I like the idea of an encrypted sub-list.  It would be great for
> testing PGP software.  And then we could have the next Chugalug
> meetup at the FBI offices.

I'll happily participate in an encrypted list. Anyone seen Mailman
stuff that'll do that? And how does it work, does everyone on the list
have to have everyone else's key, or does the list have everyone's key,
decrypt and re-encrypt to a list key?

Dan


More information about the Chugalug mailing list