A Geek With Guns

Chronicling the depravities of the State.

Everything Old is New Again

with one comment

During the Cold War Senator Joe McCarthy believed that the Soviets had infiltrated every branch of the United States government. Unhappy by the prospect of evil communists infiltrating his beloved fascist government, McCarthy decided to do the only thing he knew how to do, perform witch hunts. He made the lives of many people miserable all because he didn’t want international socialists in his national socialist government.

Those who don’t remember history are doomed to repeat it. Those who do remember history are doomed to watch everybody else repeat it:

On Tuesday, Democratic Whip Steny Hoyer (D-Md.) and six ranking members of major House committees sent President Obama a letter declaring, “We are deeply concerned by Russian efforts to undermine, interfere with, and even influence the outcome of our recent election.”

A prominent signer of the letter — Rep. Adam Schiff (D-Calif.), the ranking member of the House Intelligence Committee — is among the Democrats most eager to denounce Russian subversion.

A week ago, when the House approved by a 390-30 margin and sent to the Senate the Intelligence Authorization Act for fiscal 2017, Schiff praised “important provisions aimed at countering Russia’s destabilizing efforts — including those targeting our elections.” One of those “important provisions,” Section 501, sets up in the executive branch “an interagency committee to counter active measures by the Russian Federation to exert covert influence.”

The only difference between the beginning of this story and the beginning of McCarthy’s story is that in this revision Russia isn’t a communist nation anymore.

If you read the document you’ll see that it tasks the committee with nebulous responsibilities that are vague enough to mean anything. My favorite responsibility is probably dealing with media manipulation. It must be noted that the document is tasking the committee with specifically countering Russian media manipulation, not manipulation performed by the United States government because that form of manipulation is doubleplusgood. What this requirement will boil down to is any media reports that aren’t favorable to the interests of the United States will likely be called Russian influence and dealt with accordingly. I’m sure there are a lot of journalists out there that will find themselves under federal investigation, probably of the secret variety, because they reported the wrong side of a story.

After the conclusion of the Cold War you might have expected the United States to chill the fuck out. With its only credible adversary out of the picture the United States could stop living in a constant state of fear. Instead it sought high and low for a new threat. Many were tried; Iran, al Qaeda, Iraq, etc.; but it quickly became obvious that the hole in the United States’ heart could only be filled by Russia. So here we are, decades after the fall of the Soviet Union, still looking to hold witch trails on account of Russia.

Nothing changes.

Written by Christopher Burg

December 9th, 2016 at 11:00 am

Conservative Political Correctness

with one comment

If you mention the words “political correctness” to a conservative they’ll often respond by acting as seemingly offensive as possible. You’ll also listen to them scream about how everything is terrible because of liberal political correctness. But cognitive dissonance is the staple of any political diet. Conservatives love political correctness, they just love a different form of it:

But conservatives have their own, nationalist version of PC, their own set of rules regulating speech, behavior and acceptable opinions. I call it “patriotic correctness.” It’s a full-throated, un-nuanced, uncompromising defense of American nationalism, history and cherry-picked ideals. Central to its thesis is the belief that nothing in America can’t be fixed by more patriotism enforced by public shaming, boycotts and policies to cut out foreign and non-American influences.

If you want to “trigger” a conservative try sitting for the national anthem. When they start complaining double down by telling them that it’s a shitty song. If you invite your conservative friends over for dinner keep in mind that it’s acceptable to wipe your mouth with American flag napkins but if you have a flag outside and it touches the ground you’ll be getting an ear full. The next time a white cop shoots a unarmed black man under very questionable circumstances bring up the topic of racism as it pertains to policing. Just make sure to have a handkerchief on hand to wipe their spittle off of your face as they’re screaming incoherently at you.

Everything conservatives make fun of liberals for, such as political correctness and safe spaces, is something they also tend to exhibit.

Written by Christopher Burg

December 9th, 2016 at 10:30 am

Posted in Politics

Tagged with ,

Degrees of Anonymity

without comments

When a service describes itself as anonymous how anonymous is it? Users of Yik Yak may soon have a chance to find out:

Yik Yak has laid 70 percent of employees amid a downturn in the app’s growth prospects, The Verge has learned. The three-year-old anonymous social network has raised $73.5 million from top-tier investors on the promise that its young, college-age network of users could one day build a company to rival Facebook. But the challenge of growing its community while moving gradually away from anonymity has so far proven to be more than the company could muster.

[…]

But growth stalled almost immediately after Sequoia’s investment. As with Secret before it, the app’s anonymous nature created a series of increasingly difficult problems for the business. Almost from the start, Yik Yak users reported incidents of bullying and harassment. Multiple schools were placed on lockdown after the app was used to make threats. Some schools even banned it. Yik Yak put tools in place designed to reduce harassment, but growth began to slow soon afterward.

Yik Yak claimed it was an anonymous social network and on the front end the data did appear anonymous. However, the backend may be an entirely different matter. How much information did Yik Yak regularly keep about its users? Internet Protocol (IP) addresses, Global Positioning System (GPS) coordinates, unique device identifiers, phone numbers, and much more can be easily collected and transmitted by an application running on your phone.

Bankruptcy is looking like a very real possibility for Yik Yak. If the company ends up filing then its assets will be liquidated. In this day and age user data is considered a valuable asset. Somebody will almost certainly end up buying Yik Yak’s user data and when they do they may discover that it wasn’t as anonymous as users may have thought.

Not all forms of anonymity are created equal. If you access a web service without using some kind of anonymity service, such as Tor or I2P, then the service has some identifiable information already such as your IP address and a browser fingerprint. If you’re access the service through a phone application then that application may have collected and transmitted your phone number, contacts list, and other identifiable information (assuming, of course, the application has permission to access all of that data, which it may not depending on your platform and privacy settings). While on the front end of the service you may appear to be anonymous the same may not hold true for the back end.

This issue becomes much larger when you consider that even if your data is currently being held by a benevolent company that does care about your privacy that may not always be the case. Your data is just a bankruptcy filing away from falling into the hands of somebody else.

Written by Christopher Burg

December 9th, 2016 at 10:00 am

Secure E-Mail is an Impossibility

with 2 comments

A while back I wrote a handful of introductory guides on using Pretty Good Privacy (PGP) to encrypt the content of your e-mails. They were well intentioned guides. After all, everybody uses e-mail so we might as well try to secure it as much as possible, right? What I didn’t stop to consider was the fact that PGP is a dead end technology for securing e-mails not because the initial learning curve is steep but because the very implementation itself is flawed.

I recently came across a blog post by Filippo Valsorda that sums up the biggest issue with PGP:

But the real issues I realized are more subtle. I never felt confident in the security of my long term keys. The more time passed, the more I would feel uneasy about any specific key. Yubikeys would get exposed to hotel rooms. Offline keys would sit in a far away drawer or safe. Vulnerabilities would be announced. USB devices would get plugged in.

A long term key is as secure as the minimum common denominator of your security practices over its lifetime. It’s the weak link.

Worse, long term keys patterns like collecting signatures and printing fingerprints on business cards discourage practices that would otherwise be obvious hygiene: rotating keys often, having different keys for different devices, compartmentalization. It actually encourages expanding the attack surface by making backups of the key.

PGP, in fact the entire web of trust model, assumes that your private key will be more or less permanent. This assumption leads to a lot of implementation issues. What happens if you lose your private key? If you have an effective backup system you may laugh at this concern but lost private keys are the most common issue I’ve seen PGP users run into. When you lose your key you have to generate a new one and distribute it to everybody you communicate with. In addition to that, you also have to resign people’s existing keys. But worst of all, without your private key you can’t even revoke the corresponding published public key.

Another issue is that you cannot control the security practices of other PGP users. What happens when somebody who signed your key has their private key compromised? Their signature, which is used by others to decide whether or not to trust you, becomes meaningless because their private key is no longer confidential. Do you trust the security practices of your friends enough to make your own security practices reliant on them? I sure don’t.

PGP was a jury rigged solution to provide some security for e-mail. Because of that it has many limitations. For starters, while PGP can be used to encrypt the contents of a message it cannot encrypt the e-mail headers or the subject line. That means anybody snooping on the e-mail knows who the parties communicating are, what the subject is, and any other information stored in the headers. As we’ve learned from Edward Snowden’s leaks, metadata is very valuable. E-mail was never designed to be a secure means of communicating and can never be made secure. The only viable solution for secure communications is to find an alternative to e-mail.

With that said, PGP itself isn’t a bad technology. It’s still useful for signing binary packages, encrypting files for transferring between parties, and other similar tasks. But for e-mail it’s at best a bandage to a bigger problem and at worst a false sense of security.

Written by Christopher Burg

December 8th, 2016 at 11:00 am

Time Urges Readers to Stop Paying Taxes

without comments

You know we’ve all been sucked into a wormhole and dumped out into Bizarro World when statist rags like Time start sounding more like me:

The approximately 65 million Democrats who voted for Hillary Clinton should pledge that in the future if a Republican wins the presidency with fewer votes than a Democrat for the third time in our era, we won’t pay taxes to the federal government. No taxation without representation!

Admittedly, I didn’t really care which of the two crooks was elected president but watching the Democrats suddenly become more anti-state has been filling with me no minor amount of joy. The anti-war left is starting to come back out of the woodwork, Democrats are suddenly outraged by the expansive surveillance powers the State has granted itself, Californians are talking about secession, and Time is urging their readers to stop paying taxes. Of course they will revert to their old selves as soon as their guy gets back in power but for at least four years I’ve got some really good entertainment to watch.

Written by Christopher Burg

December 8th, 2016 at 10:30 am

Pebble Goes Bankrupt

without comments

Pebble was an interesting company. While the company didn’t invent the smartwatch concept, I have a Fossil smartwatch running Palm OS that came out way before the Pebble, it did popularize the market. But making a product concept popular doesn’t mean you’re going to be successful. Pebble has filed for bankruptcy and effective immediately will no longer sell products, honor warranties, or provide any support beyond the material already posted on the Pebble website.

But what really got me was how the announcement was handled. If you read the announcement you may be lead to believe that Fitbit has purchased Pebble. The post talks about this being Pebble’s “next step” and the e-mail announcement sent out yesterday even said that Pebble was joining Fitbit:

It’s no surprise that a lot of Pebble users were quite upset with Fitbit since, based on the information released by Pebble, it appeared that Fitbit had made the decision to not honor warranties, release regular software updates for current watches, and discontinue the newly announced watches. But Fitbit didn’t buy Pebble, it only bought some of its assets:

Fitbit Inc., the fitness band maker, has acquired software assets from struggling smartwatch startup Pebble Technology Corp., a move that will help it better compete with Apple Inc..

The purchase excludes Pebble’s hardware, Fitbit said in a statement Wednesday. The deal is mainly about hiring the startup’s software engineers and testers, and getting intellectual property such as the Pebble watch’s operating system, watch apps, and cloud services, people familiar with the matter said earlier.

While Fitbit didn’t disclose terms of the acquisition, the price is less than $40 million, and Pebble’s debt and other obligations exceed that, two of the people said. Fitbit is not taking on the debt, one of the people said. The rest of Pebble’s assets, including product inventory and server equipment, will be sold off separately, some of the people said.

I bring this up partially because I was a fan of Pebble’s initial offering and did enjoy the fact that the company offered a unique product (a smartwatch with an always on display that only needed to be charged every five to seven days) but mostly because I found the way Pebble handled this announcement rather dishonest. If your company is filing bankruptcy you should just straight up admit it instead of trying to make it sound like you’ve been bought out by the first company to come by and snap up some of your assets. Since you’re already liquidating the company there’s nothing to be gained by pussyfooting around the subject.

Written by Christopher Burg

December 8th, 2016 at 10:00 am

Unite and Rule

with one comment

I’m sure all of you have heard the phrase divide and conquer. It’s basic wisdom. If you can divide a large united force into multiple smaller groups (preferably groups at odds with each other) it’s easier to conquer each of them one at a time. I feel as though there needs to be an addendum that says unite and rule.

Several of my friends have been circulating this piece by The Daily Show host Trevor Noah. It’s titled Let’s Not Be Divided. Divided People Are Easier to Rule. As the title promises, Mr. Noah tries to make an argument that we must all unite because united people are harder to rule.

I have to call bullshit on that. While divide people may be easier to conquer initially they tend to be harder to rule. Why? Because you have to appeal to each group in order to successfully rule them. But anybody who manages to appeal to one group is likely to put themselves at odds that group’s enemies. When you’re dealing with a united people then you just have one group to please, which generally means you only need to appeal to whatever tribe identity they share.

This is why rulers work so hard to instill nationalism into their people. We see this every day here in the United States. If you can trigger the part of Americans’ monkey brains that deals with their identity as Americans you can get them to roll over for almost anything. Do you want to invade Iraq? Do you have no pretense for doing so? No problem, just convince the people that Iraq is somehow a threat to the United States. Do you want to pass draconian surveillance powers? No problem, just convince the people that those powers will protect the people of the United States. And less somebody think this is unique to the United States, it’s not. It’s a common tactic used throughout history by rulers. Britain, for example, has probably played the nationalism game even better than the United States currently is.

Instilling strong individualism and a small group mentality into people will make them much harder to rule than instilling collectivism and a large group mentality.

Written by Christopher Burg

December 7th, 2016 at 11:00 am

Using Data Classification to Hide the Truth

without comments

Continuing on my theme of the State having many layers of protection that hinder any meaningful change, I came across a story about how the Department of Defense used data classification to protect itself from possible budget cuts:

In January of 2015, as the US Department of Defense was chafing under the sequestration of its budget, the Pentagon leadership got some great news. A study prepared by the Defense Business Board (DBB) and a team from the global management consulting giant McKinsey and Company found that even with “moderate” changes to business practices, the DOD could save $125 billion over five years.

[…]

That good news, however, did not fall upon welcoming ears. DOD officials had no real idea how much bureaucratic overhead was costing them, as the costs were never accurately measured. When they saw the numbers from the DBB, the Washington Post reports, some of the Pentagon’s leadership was afraid of a legislative backlash. After DOD officials had complained for years about not having enough money to Congress, the department feared findings would trigger further cuts to the DOD’s budget. So the data for the study was designated as sensitive, and an overview of the report that had already been published to the Defense Business Board website was pulled.

You will never find a department within the State that will willingly submit to a budget cut. In fact, departments will go to great lengths to justify expanding their budgets. Different departments have different strategies to argue against cuts but they all work together to ensure that the State always has a justification to keep cranking up taxes.

I would have liked to see the looks on the faces of those Department of Defense (DoD) bureaucrats when they saw that they could cut $125 billion for their budget. I’m sure they made more than a few implied threats to the people who created the report to discourage them from performing such an investigation in the future. And if the DoD didn’t have a policy to mark any reports arguing in favor of a budget cut as sensitive before, I’m sure it does now.

People talk about changing the system from the inside but that’s not possible when every component of the system has hundreds or thousands of roadblocks preventing changes. Concealing information is one such roadblock. How can somebody make an accurate budget when the information they need is inaccurate or missing? So long as every department only reveals information arguing for the need to increase their budget there is no way anybody within the system is going to be able to make a valid (to the State, not to the people) argument for decreasing taxes.

Written by Christopher Burg

December 7th, 2016 at 10:30 am

Renting Freedom

with 3 comments

Robert Higgs is one of my favorite anarchist philosophers. He has a knack for pointing out the bloody obvious that many people fail to see. In October he wrote a short post pointing out that nobody who is required to pay taxes is truly free:

In the antebellum South, it was not uncommon for slaves to rent themselves from their masters. As a young man, Frederick Douglass did so, for example. His owner gave him leave to go out on his own, to find employment where he could, and to pocket the pay he received for such work, except that each month he had to pay his master a fixed sum for his freedom. Douglass worked in the shipyards of Baltimore, caulking ships. Aside from his rental payment for his own body, he lived as he wished, subject to his income constraint. He found his own housing, acquired his own food and clothing, and so forth, just as a free wage worker would have done.

It strikes me that this practice has much in common with the situation in which an ordinary private person finds himself in any modern country today. The person is in general at liberty to arrange his own employment, spend his earnings as he pleases, acquire his own food and housing, and so on, except that he must pay a rental for this personal liberty, which takes the form of a portion of his earnings that must be paid to the various governments that collect income and employment taxes in the jurisdiction.

People believe that feudalism and slavery are, for the most part, a thing of the past. We’re living under both of those systems but under different names. Instead of being serfs we’re called citizens. Instead of barons, lords, and other royal titles we have sheriff’s, city councils, and other bureaucratic titles. Much like the slaves of the South, we must rent our freedom. We can’t own land, we can only rent it. If we fail to pay our rent on either our freedom or our land one of the royal slave catchers will find us and kidnap us so that a royal judge can decide how best to punish us.

The United States isn’t the freest country on Earth. In fact, it’s one of the more draconian countries because it not only has ridiculous high rents but also because those rents are enforced by a ruthlessly efficient government.

Written by Christopher Burg

December 7th, 2016 at 10:00 am

So Much for Farook’s Phone

without comments

Shortly after the attack in San Bernardino the Federal Bureau of Investigations (FBI) tried to exploit the tragedy in order to force Apple to assist it in unlocking Syed Rizwan Farook’s iPhone. According to the FBI Farook’s phone likely contained information that would allow them to find his accomplices, motives, and basically solve the case. Apple refused to give the FBI the power to unlock any iPhone 5C willy nilly but the agency eventually found a third party that had an exploit that would allow the built-in security to be bypassed.

One year later the FBI hasn’t solved the case even with access to Farook’s iPhone:

They launched an unprecedented legal battle with Apple in an effort to unlock Farook’s iPhone and deployed divers to scour a nearby lake in search of electronic equipment the couple might have dumped there.

But despite piecing together a detailed picture of the couple’s actions up to and including the massacre, federal officials acknowledge they still don’t have answers to some of the critical questions posed in the days after the Dec. 2, 2015, attack at the Inland Regional Center.

Most important, the FBI said it is still trying to determine whether anyone was aware of the couple’s plot or helped them in any way. From the beginning, agents have tried to figure out whether others might have known something about Farook and Malik’s plans, since the couple spent months gathering an arsenal of weapons and building bombs in the garage of their Redlands home.

Officials said they don’t have enough evidence to charge anyone with a crime but stressed the investigation is still open.

This shouldn’t be surprising to anybody. Anybody who had the ability to plan out an attack like the one in San Bernardino without being discovered probably had enough operational security to not use an easily surveilled device such as a cellular phone for the planning. Too many people, including those who should know better, assume only technological wizards have the knowhow to plan things without using commonly surveilled communication methods. But that’s not the case. People who are committed to pulling off a planned attack that includes coordination with third parties are usually smart enough to do their research and utilize communication methods that are unlikely to be accessible to prying eyes. It’s not wizardry, it’s a trick as old as human conflict itself.

Humans are both unpredictable and adaptable, which is what makes mass surveillance useless. When an agency such as the National Security Agency (NSA) performs mass surveillance they get an exponentially greater amount of noise than signal. We’re not even talking about a 100:1 ratio. It would probably be closer to 1,000,000,000,000:1. Furthermore, people with enough intelligence to pull off coordinated attacks are usually paranoid enough to assume the most commonly available communication mechanisms are being surveilled so they adapt. Mass surveillance works well if you want a lot of grandmothers’ recipes, Internet memes, and insults about mothers made by teenagers. But mass surveillance is useless if you’re trying to identify individuals who are a significant threat. Sure, the NSA may get lucky once in a while and catch somebody but that’s by far the exception, not the rule. The rule, when it comes to identifying and thwarting significant threats, is that old fashioned investigative techniques must be employed.

Written by Christopher Burg

December 6th, 2016 at 11:00 am