Thus spake Gregory Maxwell (gmaxwell@xxxxxxxxx): > On Sat, Aug 11, 2012 at 11:51 PM, Greg Norcie <greg@xxxxxxxxxx> wrote: > > Some crazy new correlation attack might be possible... but using it as > > evidence in court would be quite difficult. Yeah, I was just saying that Bitcoin *might* not be very safe, given the built-in transaction surveillance properties. It might be possible to make it safe, if you're part of the 1% in terms of your ability to use the software. But also, don't forget that both classification/correlation attacks in specific and academic research in general are of course expected to be bullshit by default until publicly reproduced externally (which never happens, because why publish your data or even your source code?). I would *hope* that most real scientists already know that latter part. But that is only the tip of the iceberg... > You're assuming a "lawful" attacker. This is just fundamentally > incompatible with any definition of attacker that I care about. A real > attacker doesn't follow rules that can be bent or broken. If you want to know what *really* drove me over the line into full madness when #opdarknet didn't give up, this was the core idea: http://www.thebulletin.org/web-edition/op-eds/cyberweapons-bold-steps-digital-darkness During the #opdarknet attack, I kept waiting for a "dump" of my personal files to show up with "evidence" of Freedom Hosting content inside. Here's why: In a world where intelligence agencies and maybe even LEO organizations stockpile software exploits, do we really have chain of custody over evidence? Can these lunatics who purchase exploits really expect their exploit dealers not to get owned by organized crime, or *other* intelligence agencies? After my #opdarknet attack, I now wonder how long until any one of us gets framed up for Silk Road. I also wonder who will be the lucky winner this time. I really hope I get a pass this time. I need a vacation from this shit ;). I mean, Silk Road is an organization with a budget large enough to "anonymously" purchase Chrome 0days at the rate of at least *two per month*... And they're like 1% of the almost *ONE TRILLION* annual market for illegal drugs: http://www.guardian.co.uk/global/2009/dec/13/drug-money-banks-saved-un-cfief-claims They also seem to have little else to spend their "cash" on that isn't obviously traceable by old-skool finance... At least, not until they achieve Real Ultimate Power. In other words: they could frame up anybody they want. After my comments earlier about the potential traceability of their bitcoin flows, I actually had a panic attack today that I might soon be unwittingly running some of their infrastructure. Exciting times we live in, for sure. Everything about how we do computer security is totally fucked. I mean, totally. We're in a whole lot of trouble, and if COMSEC doesn't start winning out over SIGINT again (did I just type that? must be the greys) there's really no hope of justice for any of us. Except maybe the super-rich. Let the good times roll, eh? Here's an idea: perhaps instead of spending quite so many hundreds of billions on datacenters in Utah, perhaps we should be spending a couple of bucks here and there to pay to keep exploits out of the hands of the lunatics, and make sure the bugs actually get fixed, for *everyone*? Also, you know what, fuck the drug war too. It's going to consume us all like a cancer. That shit is so *over*. P.S. "Be seeing you!" ;) -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk