and whats with the kcuffing Homeland Security department issuing those Java security warnings last week?!?

I don't want to be suspicious of the government commandeering control of network pieces in the interest of "national security" but there's no other reason for Homeland Security to be vetting java.
posted by Colonel Panic at 10:02 PM on January 20, 2013

We kinda dug into his posts to Cypherpunks and Bugtraq mailing lists once before in the Bruce Sterling sez Assange is a dirty cyberpunk post. I still think it is impossible to understand WikiLeaks without understanding the core philosophy of Cypherpunks as espoused by Tim May in The Crypto Anarchist Manifesto and impossible to understand Assange without the paranoiac writing and Assassination Politics of Jim Bell. These are people who slept wearing bullet proof vests, posted detailed target analysis of federal buildings, and legitimately worried about "rubber hose deniability". I posted to Cypherpunks too, I was much more interested in the technical details of Mixmaster remailers than the sometimes harebrained politics.They sure are persuasive in their beliefs that the American government is out to kill us all though.
posted by Ad hominem at 10:05 PM on January 20, 2013 [1 favorite]

THE CYPHERNOMICON

These guys are very free-market Libertarian oriented aren't they? The assassination market shit is scary, wtf?
posted by Golden Eternity at 10:24 PM on January 20, 2013

and whats with the kcuffing Homeland Security department issuing those Java security warnings last week?!?

Because there was (is) a massive security hole in it; there have been earlier massive security holes; Java is known to be a clusterfsck of an OS with who knows what other security holes in it; and warning us of these dangers is probably the best and most cost-effective thing that DHS has ever done.
posted by Joe in Australia at 10:31 PM on January 20, 2013 [5 favorites]

Buried at the bottom of the MARUTUKKU link is a reference to some old lore I hadn't run across before (and I find this sort of crap endlessly fascinating):

"The Xenix Chansaw Massacre" - reads a bit like Charles Stross on acid; apparently written by Carl Johnson / toto / carljohn (although this isn't obvious from the posting). It has the dubious honor of being mentioned in this US Attorney's investigative report.

WebWorld & the Mythical 'Circle of Eunuchs' - apparently part 2 of "The True Story of the InterNet", but I can't find the first part anywhere (it's un-Googleable due to a similar-named legitimate documentary).

"The Final Frontier" - carljohn's personal webpage, which went dark after his legal troubles but is still on the Wayback Machine, and contains (among other stuff, mostly links):

• SoulMates: The Final Frontier of Relationship
• Assassination Politics: The Final Frontier of Politics - Early versions of parts 1-8 of the infamous essays by Jim Bell.

posted by Kadin2048 at 10:38 PM on January 20, 2013 [3 favorites]

The assassination market shit is scary, wtf?

The kicker is Bell was convicted and sentenced to 10 years in prison for stalking the very FBI agent who had investigated him for intimidating an IRS agent. I'm going to note that not all Cypherpunks appreciated Bell's antics. For every guy who ranted endlessly about Ruby Ridge, there were 10 who just cared about encryption. This stuff is pretty fascinating, I don't know all the roots since I was mostly a lurker but it has made me more wary of WikiLeaks than I would have been otherwise since I can pretty accurately be described as a nihilistic technofetishist and Assange should be my hero.
posted by Ad hominem at 10:49 PM on January 20, 2013 [3 favorites]

It has the dubious honor of being mentioned in this US Attorney's investigative report.

Wow, that is a crazy document. Serious tech reporter and "occasional cypherpunk participant" Declan Mccullagh sure got a lot of encrypted anonymous email about unexploded bombs and bomb plots.
posted by Ad hominem at 11:02 PM on January 20, 2013

In other Assange news, a local actor and Something Awful Goon who played one of his hacker buddies in a telemovie is trying to game the TV awards show, The Logies. I'm pretty sure he was laughed out of SA when he tried, though.
posted by Charlemagne In Sweatpants at 11:24 PM on January 20, 2013

Imho, there is no good solution to the chicken vs. egg problem for assassination markets, really they aren't even remotely like say silk road. There isn't exactly a legally acceptable outlet if you want to make recreational drugs. If otoh you want to kill for money, then you'll just hire yourself out to the existing power structure, ala CIA, XE, Halliburton, CocaCola, BP, etc., actually that's probably how you got trained. A priori, a successful assassin who kills for defined ideological reasons might create a anonymous financial drop box for donations to support their work, but they never survive long given the amount of resources that'd be thrown at catching them once the stunt became public knowledge. Ain't happening folk. Assassination markets are just an amusing thought experiment or McGuffin.

We should applaude that though : Assassination cannot create legitimacy for whatever ideology practices it. In principle, assassins working against an authoritarian structure might delegitimize their target because the authoritarians holds power by virtue of "might makes right" anyways but they cannot build anything to replace it.
posted by jeffburdges at 3:23 AM on January 21, 2013 [1 favorite]

I think the idea of the assassination market is that nobody actually hires the assassin. The assassin just bets a small amount of money that the target will die on a particular date; and they receive the bets of everyone who predicted a different date. The bettors are notionally just gamblers: they don't have any connection with the assassin, even though their bets increase the "value" of the assassination. I suppose that you'd end up with a vicious circle in which totally unrelated people would spot a hot target and hasten to place their bets before he or she was killed.

Now, in reality I expect that anyone winning a bet like this would be very heavily scrutinised; and I don't suppose a court would enforce the terms of the bet, if the person running the assassination market chose to keep the money. So the idea is a bit incoherent as well as being morally invidious. But it's not as blatantly suicidal as hiring an assassin via Craigslist, and I can see why the idea appeals to the sort of Libertarian mind which thinks that everything has a price.
posted by Joe in Australia at 3:38 AM on January 21, 2013

If the assassination market is used for assassinations, then the court would see right through it, so we're still back to remaining anonymous. You might try transactional if-statements like bitcoin uses for escrow, but afaik any currency that supports that offers no better anonymity than bitcoin, i.e. not enough. Also, your target can pretty easily ask the state for help faking their own death to remove the price on their head, especially if using a non-reversible transaction system like bitcoin. Just doesn't work.

There is an interesting observation here that poorly designed life insurance markets create an assassination market. Imagine a life insurance market that worked as you make small bets that you'll die before various dates and insurance companies bet that you'll live longer. If the short better isn't restricted in being you, either by law or by convention, then you create an assassination market. This already happens though, remember that post about that guy some bar owner tried to make drink himself to death. Afaik, the courts have always scrounged up enough other evidence to see through it even when hidden within a larger life insurance market.
posted by jeffburdges at 4:05 AM on January 21, 2013

What would the court see through? Any random bettor can plausibly say that they were just hoping to be the lucky winner of the death pool - and remember, each individual bet is probably relatively small, far too little by itself to interest any assassin. The winner may not even be an assassin; the target may have died of natural causes or have been killed by someone else. If the winner is successfully identified (I understand the original proposal invoked some sort of anonymous payments) then I expect the police would look at him or her very carefully indeed - but the point is that the bettors are plausibly innocent: they put down a small bet in the hopes of receiving a large payoff, just like people who buy a lottery ticket.
posted by Joe in Australia at 4:19 AM on January 21, 2013

We're saying almost the same thing, the courts need more than a payment anyways, but the payment impacts the nature of the murder charge. If you've the other evidence for murder, then the insurance payment suffices for elevating the murder charge.
posted by jeffburdges at 4:49 AM on January 21, 2013

I don't think we ought to draw many judgements about someone's character or actions today based on what they posted to usenet or a listserv 20 years ago.
posted by humanfont at 7:26 AM on January 21, 2013 [1 favorite]

So good to see old Cypherpunks discussions again. That community was so vital and essential in the 90s Internet culture. A lot of technical and social ideas were established then that have yet to bear fruit. We're talking about Assassination Markets here, and the idea is provocative if obnoxious. But there's much more practical things that came out of the Cypherpunks movement. Anonymous remailers, cryptocash, non-repudiatable timestamps, even simple secure file storage in the cloud. It's taking forever for all this crypto technology to become real products, 20+ years in many cases. And while I don't think we're going to get the full cryptoanarchy half the Cypherpunks envisioned, I do still think cryptography technology can do a lot more to enable personal liberty.

Has anyone written a good summary of the Cypherpunks movement? Something not too axe-grindy, and getting past the more flashy stuff like assassination markets?
posted by Nelson at 7:45 AM on January 21, 2013 [2 favorites]

There isn't as much market for cryptography done right as for services that spy on you. Worse, you encounter fairly deep interactions between the mathematics and the user interface design if you want ordinary people using it by choice, rather than simply their employer imposing policies.

There isn't a key management for email that "just works", instead we get the GnuPG/PGP unix geek level key management. Off-the-Record messaging works better, but not great. Also OTR key migration requires tricky tools like otrfileconverter. ZRTP does key exchange right, so hope remains alive. :)
posted by jeffburdges at 12:16 PM on January 21, 2013

Has anyone written a good summary of the Cypherpunks movement?

If you haven't read it already, Steven Levy's Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age provides a good summary of the early cypherpunks. It focuses mostly on the battle over public-key cryptography, talking about the early researchers in the field, specifically Whitfield Diffie and Martin Hellman. His Wired article, Crypto Rebels covers the movement a little more generally, but still focuses on that area.

Kevin Kelly also talks some about the movement in Out of Control.

These guys are very free-market Libertarian oriented aren't they?

Careful of that label. The cypherpunks were libertarian, but that term had a different meaning at the time. John Perry Barlow, an early cypherpunk and Grateful Dead lyricist on Twitter: I've always thought of myself as a libertarian. Why do I feel so little resonance with the Tea Party?. I'm still a libertarian (the "l" is very lower case now), but I say we pass Health Care Reform. Pass it. Then fix it.

One of the worst thing to happen to liberal causes in the past decade has been the Tea Party. Not because it's a racist movement that wants to bring us back into the stone age, but because it has made liberals reject out-of-hand many libertarian viewpoints that are in-line with their own values.

I think the recent death of Aaron Swartz, and the continual decline of citizen's rights in the US shows they cypherpunks, while paranoid, had a very good handle on what could happen if the government became too powerful.

A recent thread on the loss of abortion access quickly devolved into hurf-durf guns!. Meanwhile, over a decade ago the libertarian cypherpunks realize the potential value of cypherpunk technologies to abortion rights and access to RU-486.

Google starts making Google+ mandatory, which is especially troubling given their anti-pseudonym history. In response to "This expectation of anonymity on net is just a wish to escape/minimize the consequences of whatever you do. ", women speak up talking about online harassment and the need for anonymity. Over a decade ago, libertarians point out "women and others are often sent "wannafuck?" messages from the males that outnumber them 20-to-1 in many newsgroups-- pseudonyms help."

Their choice of future technologies: p2p, reputation systems, prediction markets, and the like, share a philosophical underpinning that is more community-minded than the term "libertarian" would indicate. These technologies require cooperation and trust. And they realize the difficulties and issues building up trust. They reject authority, but that's not the same thing as rejecting community.
posted by formless at 1:57 PM on January 21, 2013 [5 favorites]

Anonymous remailers, cryptocash, non-repudiatable timestamps, even simple secure file storage in the cloud.

Yeah, but as you point out, few of those systems ever got off the ground out of the cypherpunk community. It's 2013 and the high water mark of encrypted email, the thing you buy if you want encryption that just works without any screwing around by end users? It's still Lotus Fucking Notes, same as it was in 1997. That's pathetic. Digital signatures on documents are even worse, and some software does nothing but literally slap an image of a signature on a PDF and call it "signed." Most cloud services are woefully insecure; the recent launch of Mega has got everyone all excited because it might, maybe, hopefully, offer basic end-to-end security (but probably not).

I'm not sure exactly what went wrong. You can't say the cypherpunks didn't "ship", in the sense of producing usable products; there's tons of actual, working (if now slightly ancient and fairly arcane) code around as a result of that community's work. But it seems to serve a dwindling userbase.

IMO, it never got marketed properly. To many of us interested in this stuff, something like end-to-end encrypted email is such an obviously good idea that it seems like it should sell itself. But that is evidently not true of the public at large, and when casual users came online in droves in the late 90s, most of them never knew what they were missing versus the analog world, where the security or insecurity of a particular medium is at least fairly well-known and widely understood.

That's what pains me about all of it; there was a missed opportunity of sorts to build security into the plumbing of the Internet, but it didn't quite happen and it's certainly proving an uphill battle to get it bolted on after the fact.
posted by Kadin2048 at 5:34 PM on January 21, 2013

IMO, it never got marketed properly. To many of us interested in this stuff, something like end-to-end encrypted email is such an obviously good idea that it seems like it should sell itself. But that is evidently not true of the public at large, and when casual users came online in droves in the late 90s, most of them never knew what they were missing versus the analog world, where the security or insecurity of a particular medium is at least fairly well-known and widely understood.

I honestly think most of don't care. You don't just need to develop the technology - you need to explain why I need to worry if somebody reads my messages, since there's nothing really private in them. Unhinged manifestos don't help.
posted by Charlemagne In Sweatpants at 5:39 PM on January 21, 2013

I'm not sure exactly what went wrong.

Security is an anti-feature. Crypto makes things harder and no one wants it. I put the blame firmly on usability, not marketing.

At least we have SSL and HTTPS, they work pretty well. And ssh is the glue that holds devops together.
posted by Nelson at 5:41 PM on January 21, 2013 [1 favorite]

There is also the issue that crypto is one of those things that need specialists to do correctly and easy to screw up; also it has to be maintained. Md5 was once the standard for hashes and now it is a huge source of vulnerabilities because the math got better and it got weaker.
posted by humanfont at 7:21 PM on January 21, 2013

I remember browsing his old site and being really affected by this bit:

"Every time we witness an injustice and do not act, we train our character to be passive in its presence and thereby eventually lose all ability to defend ourselves and those we love. In a modern economy it is impossible to seal oneself off from injustice.

If we have brains or courage, then we are blessed and called on not to frit these qualities away, standing agape at the ideas of others, winning pissing contests, improving the efficiencies of the neocorporate state, or immersing ourselves in obscuranta, but rather to prove the vigor of our talents against the strongest opponents of love we can find.

If we can only live once, then let it be a daring adventure that draws on all our powers. Let it be with similar types whos hearts and heads we may be proud of. Let our grandchildren delight to find the start of our stories in their ears but the endings all around in their wandering eyes.

The whole universe or the structure that perceives it is a worthy opponent, but try as I may I can not escape the sound of suffering. Perhaps as an old man I will take great comfort in pottering around in a lab and gently talking to students in the summer evening and will accept suffering with insouciance. But not now; men in their prime, if they have convictions are tasked to act on them."
posted by dunkadunc at 7:45 PM on January 21, 2013 [4 favorites]

"We Steal Secrets": Alex Gibney’s New Documentary Explores the Story of WikiLeaks

WikiLeaks Legal Adviser: "We Steal Secrets" Overlooks Key Facets of Julian Assange’s Persecution
posted by homunculus at 9:06 AM on January 23, 2013 [3 favorites]

Benedict Cumberbatch as Iggy Pop as Julian Assange in new telemovie.

Christ, that's awful.

Considering the USG has paid for anti-drug TV plots in the past, I wonder what forces have been at work steering Assange's portrayal in film.

The movie title "We Steal Secrets" strikes me as rather damning- of the studio.
posted by dunkadunc at 2:15 PM on January 23, 2013

The movie title "We Steal Secrets" strikes me as rather damning- of the studio.

I'm not sure if Roman Polanski or Victor Salva would be a better director.
posted by Charlemagne In Sweatpants at 2:46 PM on January 23, 2013

Bad analogy.
posted by dunkadunc at 2:53 PM on January 23, 2013

Excellent quote, dunkadunc!
posted by JHarris at 5:46 PM on January 26, 2013