lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: JAP Wins Court Victory

> That is not the point. They were required by law to do
> this secretly. Actually, publishing the source code that
> revealed the changes was already bending the law. So
> what you are asking for is that they break the law and
> give up their careers.
To be honest? I don't know.
I could hope that if I were in their position, I would put my public pledges
of anonymity above expediency, but would probably have caved too (just like
their CEO handed over the data rather than have the police trash his home
and office to try and find it, despite knowing it was almost certainly
encrypted) if putting food on the table for my family required it.
The other alternative that occurs to me was to add code to block access to
those sites in addition to the "spy" code - thus guaranteeing that code
wouldn't return any results (and attracting instant interest as to *why*
sites were being blocked)
I haven't seen the order, but unless it didn't specify non-blocking that
would presumably have corresponded to the letter of the law, if not its
spirit (and again, given the police used the threat of trashing the offices
and homes of everyone involved to obtain the data, this is probably also too
dangerous a move if your family is depending on the income)

> Yes, I agree that they have compromised trust in their service. But
> anyhow,  technically the collection of data records only works when all
> MIXs in the chain use the changed code. So the police has to go to
> every single operator.
Indeed so - this is how the email remailler network operates

> At the moment, a JAP chain consists of only two MIXs. This will hopefully
> change in the future. So if you want to help, set up a MIX in a country
> where German police has no jurisdiction.
unfortunately, I am in the UK - where police practices make the german
situation seem fair and balanced.....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ