Julian Assange: Debian Is Owned By The NSA

65 replies [Last post]
Fernando_Negro
Offline
Joined: 06/17/2012

"Julian never stated that OS [Debian] in the video interview"

Lie.

Debian is specifically mentioned, at 21m and 47s in the interview, in a segment that can start at the following time mark: https://www.youtube.com/watch?v=UFFTYRWB0Tk#t=21m21s

Concerning the validity of the title of the posted article,

The term "owned", from what I can understand of modern-day English slang, is now used to mean that someone has obtained a partial or temporary control - or victory - over something - or someone - and, that has, therefore, defeated it's integrity, or defences - or rhetoric. (http://www.urbandictionary.com/define.php?term=owned)

(Look on YouTube for videos containing this term.)

dadix
Offline
Joined: 07/01/2013

The big problem here is Debian. They must to include in their distribution all security programs,encryptions and only software which communicate with encryption by default. They have a big responsibility because all major distributions are based on it inclusive Ubuntu.

This is what Debian must do:
(Jacob Appelbaum: Free software for freedom, surveillance and you )
http://media.libreplanet.org/u/zakkai/m/free-software-for-freedom-surveillance-and-you/

Fernando_Negro
Offline
Joined: 06/17/2012

"Jacob Appelbaum"... :) haha

The present-day developer of a program created, and that is still financed, by the US government. :)

(https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26792)

If there's any Free Software program here, that is actually "owned" by the NSA, and the likes, is the US Government's/Jacob Appelbaum's "Tor" network, known not to be secure - and that, therefore, serves as a very good trap for the more naïve.

(I wouldn't listen to any advice coming from that US Government-helped hacker, that also works for the controlled corporate media...)

Sim
Sim
Offline
Joined: 09/29/2013

Jacob Appelbaum lives in germany because he worked with the german news magazine "der Spiegel" about the Merkel's phone and he fears to fly back to the US. He is one of few people who had direct access to the NSA files leaked by Edward Snowden and reported many times about their contents (e.g. on 30c3). Jacob Appelbaum is a great supporter for open source and strong encryption. He also continually tries to get more money from third parties, so that Tor does not depent on NSA's money anymore.

It's unbelievable you trust Infowars but not someone who did so much for the free community and the free society. Maybe you work for the NSA to discredit people like Jacob.

BTW: Edward Snowden used tails, which is a tor live CD, to hide for the NSA. But maybe you don't trust Edward Snowden either. Even in one of the talks of the leaked NSA files it says that "tor stinks" and that they probably will never be capable of anonymise all Tor users.

Fernando_Negro
Offline
Joined: 06/17/2012

Well, ignoring that accusation made to me, from someone who's profile reveals nothing about him or herself...

So do the people who plant "bugdoors" in OpenSSL, and similar software, are "great supporters for open source and strong encryption"...

Infowars has certainly done much more than Jacob Appelbaum, "for the free community and the free society" - since, there's much more to fight for in society, in terms of Freedom, than in the mere domain of which computer programs should people use.

All that Appelbaum does for society, is:

- To say, to the people who fear the US government's intrusion on their lives, for them to try to hide from Big Brother - which, as I've previously said, in here, is a counterproductive attitude for one to take (https://trisquel.info/en/forum/how-use-tor-trisquel#comment-26804). (While Infowars, and the likes, say for people to fight this type of outrageous surveillance, by neutralizing that same governmental threats to our privacy - which I consider to be the correct attitude, for one to have.)

- And, also, to work for a clearly controlled mass media outlet, involved in the process of manipulating and lying to the masses, in order to keep them passive, obedient, and not a real threat to the same governmental-corporate interests that violate our privacy - as it is clearly shown by this publication's recent cooperation with Edward Snowden.

Snowden is (still) an obvious CIA/NSA puppet (with an incredible story, only to be swallowed by the more naïve - and by those not aware of what "fake desertions", often portrayed by intelligence assets, and the purpose of such type of actions are - and someone) who's trying to control the debate about corporate-governmental intrusions in our lives.

(For people with no, to very little, experience in activism - and, that know nothing about the counteractions that the mentioned corporate-governmental interests take, in order to fight their opposition - the key terms used to describe this kind of operations, and that you should inform yourselves about, are described here: https://trisquel.info/en/forum/rms-alex-jones-tues-mar-11-2014#comment-50771)

And, for Snowden to say that he uses a distribution based on the US Government's "Tor" network (implying that it's a safe one, that other people should use) it's just another clear indication of his true nature (https://trisquel.info/en/forum/rms-alex-jones-tues-mar-11-2014#comment-50798).

Sim
Sim
Offline
Joined: 09/29/2013

It is usual that bugs are produced by people who write code, especially in a program as complex as openssl. In my opinion it is not legitimate to claim that someone's bug is a backdoor. One must keep in mind that Debian (as well as many other distributions) was never designed to give security the topmost priority. Even Linus Torvald said that he 'consider[s] security bugs to be just "normal bugs"' and he 'is not interested in adding even the option of very useful security features that can help prevent buffer overflow exploitation'.

I disagree with you about the primary goal of Tor and I have a different point of view concerning news magazines. But I have no desire to argue with you about these issues. I think your judgment about other people is too strong.

Fernando_Negro
Offline
Joined: 06/17/2012

Concerning bugs,

I know that bugs are a usual occurrence, when writing computer code. And, even more, when we're talking about complex programs - as most programs, nowadays, increasingly are.

If the bugs that are discovered in specific security features and programs, are there on purpose, or not... Given the very serious possibility that they might be (due to the obvious interest that some very rich and powerful people have, that these Free Software programs are not effectively secure)... It's something that we have to judge on a case by case basis, I believe.

The author of the posted article thinks that some of the bugs discovered in the SSL and SSH protocols are there on purpose. And, I strongly suspect so, also. But, since that, even if they were indeed there on purpose, the people who put them there are never going to admit it - and, there's no way to prove it - we'll have to stay in the field of (strong or weak) suspicions, and/or possible interpretations. (Which everyone, like is the case of the author of that article, has a right to express.)

I don't doubt that the Debian project (that I happen to like very much) is a serious/honest one. But, what I do know (and, from experience) is that every activist/progressive organization of an open nature, can be easily infiltrated, by people who have the required knowledge to participate in them. And, given the obvious interest that the powers-that-be have to also infiltrate this type of Free Software organizations... I'll let it for everyone to draw their own conclusions (or suspicions). :)

Concerning the "Tor" network,

Its story doesn't add up. Since that, if this was a tool built in order to escape the US government's surveillance apparatus, why would it then have been developed by the US government itself, and still be financially supported by it, to this day? (But, again... I'll let everyone draw their own conclusions.)

Concerning the mass media,

I also speak from experience, when I "evaluate" them (like I did) based on their behaviour. Since that, having been a "citizen journalist" myself, I used to follow their work pretty closely, noticing how they would hide and manipulate facts, and only give publicity to the those issues and people that were in their (corporate-governmental) interest to call people's attention to. And so, I've come to be able to easily spot, nowadays, if I'm in the presence of a media outlet controlled by the big economic interests, or not. (But, this is something that I would have to argue much more about, in order to explain it better. And, since this is not the place to, I'll also leave it at that...)

Sim
Sim
Offline
Joined: 09/29/2013

"If the bugs that are discovered in specific security features and programs, are there on purpose, or not [...] It's something that we have to judge on a case by case basis, I believe."

This is exactly my point I was trying to focus on. I don't believe that we have to judge the peron who writes code and eventually produce a bug. Maybe it feels good to pin the blame on someone. But it's by no means important, because an operating system that is not designed to be secure will never withstand the attacks of an organisation like the NSA.

"Since that, if this was a tool built in order to escape the US government's surveillance apparatus, why would it then have been developed by the US government itself [...]"

The NSA has two aims: defence and attack. Obviously both aims contradict each other. This is the nature of the NSA. The people, who are working there, often don't know what the guys in different sections of the NSA work on.

Fernando_Negro
Offline
Joined: 06/17/2012

The US government doesn't use the "Tor" network for encrypted communications...

It uses its own separate networks, including "Skynet"-type of satellite ones, which are not open to "civilian" use.

The "Tor" network is something only used by people who think they're going to escape the US or some other government's surveillance, by using such provenly insecure communications network.

(Which might indeed work, to escape surveillance in less developed countries, that are not capable of intercepting and decrypting the communications in question - but, that won't work, if you're trying to escape surveillance from a government that the US one might be willing to pass on information to.)

lembas
Offline
Joined: 05/13/2010

Thanks for the link.

It's a good vid, watch it.

But only after you've watched his CCC30 talk, "to protect and infect part 2".

Dark Orange
Offline
Joined: 03/28/2014

Apple backdoor http://rt.com/usa/apple-nsa-ios-exploit-693/

windows have backdoors too
see hunting in widows www.cryptome.org/2014/01/nsa-windows-event.pdf

GNU/LINUX much more secure than anything else reverse engineering on proprietary software is not a child play these days

GNU/LINUX anyone can see the code and check everything
but Linux kernel is designed and maintained by the guys who work in big corporations and paid so well , Linux kernel is not free .kernel may be backdoor easily .millions of lines of code while few line can fuck entire hard work in a blink of an eye

I. Khider
Offline
Joined: 01/19/2013

It is informative when you read documentation by the OpenBSD teams, one of the more secure distros. They assert that even a locked-down OS is useless if the user is careless. There is a series of behaviors and precautions a user needs to take when handling sensitive information. At best, you can make it very difficult for an attacker to get at the information. If an attacker is determined, s/he can get at the materials in question--but you can influence "when". There are many ways to check if your computer is being compromised. Read some of the docs on openssh, really informative stuff. I am not saying use OpenBSD, but taking cues from some of their practices in safeguardding an OS is helpful. There is a lot to be learned from other Distros and it is unfortunate when some adopt a 'turf war' mentality. A diverse ecosystem of OS's is a positive thing and I am always happy when new, independent OS' are forked/developed.

axgb
Offline
Joined: 09/22/2013

I suppose it is quite a good thing that Windows is so popular because it means that people who like to crack computer security, or make software that does it for them target on windows, not us GNU/Linux users.

axgb
Offline
Joined: 09/22/2013

I suppose it is quite a good thing that Windows is so popular because it means that people who like to crack computer security, or make software that does it for them target on windows, not us GNU/Linux users.

salparadise
Offline
Joined: 09/08/2013

A bit late in the day, but...

If you were going to compromise a distro then Debian and Red Hat would be the obvious ones to go for as they're more or less the root distros of all others (Arch and Slackware aside). Compromise Debian and you compromise Ubuntu and all it's spin offs. Compromise Red Hat and you have the Corporate sector in the palm of your hand. That's a lot of distros and a lot of data that's yours for the taking.
Further - given that the current kernel has around 15 million lines of code in it, just how many hundreds of millions of lines of code are in the average distro? And these are all watched? All the time? And everyone watching them is 100% open hearted, honest and uncorruptible? Seems a little unlikely. Particularly given the fact that much of what is in GNU/Linux is Corporately developed or payrolled and the levels of double-mindedness that Corporate employees display are more than well documented.
There is the now infamous incident where Linus Torvalds was asked if he had been approached by the NSA and he said "no" whilst nodding. And it all seems so gentlemanly, as though they said "We don't suppose you'd be willing to compromise the kernel? No? We didn't think so, oh well it was worth a try" and not "if you value your children's lives, you'll do as you're told" or, far more likely, they found someone on the kernel dev team who had a weakness, or need of money and as such was turnable. And no one is going to submit a patch with the P.S - "I've been approached by the NSA and they asked me to put a back door in this, so be aware..."
And even if none of this is true, fear and suspicion will destroy a community far more effectively than infiltrating it will. So a whisper here and a carefully crafted blog post there and suddenly everyone's behaving like that scene in the Clint Eastwood movie where we're all standing in a graveyard, eyeing each other warily, hands hovering over guns, waiting for someone to make the first move. Divide and rule has been practiced for millenia and whilst those who practice such methods have millenia of archives and manuals on how to do it, those who resist seem to have to relearn, from the ground up, in each and every generation.

That said, it's now known that backdoors are being built into the hardware and are deisnged to be OS agnostic, so it matters little whether Debian has been compromised, if it's running on compromised hardware. And to my mind, the development of OS agnostic backdoors in the hardware is a direct response to OpenSource software. "Think you've outsmarted us, just because you use Linux?"

I read the article and the lengthy debate. It comes down to paranoia (a very healthy attitude considering all we now know) vs trust. All the arguments for trust are based on an appeal to the majority or on a specific lack of evidence of corruption. Neither are valid arguments.

So, either I learn all the necessary languages and then audit the code myself (for who else can I really trust?) or I have to 'hope for the best' despite overwhelming evidence to the contrary. The former is impossible and the latter is no choice worth making. I have zero expectations of privacy. Regardless of what software I use, there is no escape from State surveillance. Even if there was a 100% clean OS, my ISP is spying on me anyway. This post I'm typing on my nice 100% libre OS, will still be sent through servers, in a series of packets and it's almost certain that they can be read by those I have not given permission to.

So why bother at all then?

For me, it's about personal morality. I believe in marriage, but I don't entertain ideas that because I believe in marriage that this will lead to an end to one night stands, or divorce. But neither will I say "marriage is going out of fashion so I won't bother either". I tend to regard the majority as unsavable. They are blind, deaf and dumb; deprived of the wherewithall to make informed decisions and programmed to despise those who do. So all we have is our little corner of the world and it's good to find others who feel the same way, albeit in varying degrees. But changing the world for the better? Not going to happen. That doesn't mean don't try, it just means be realistic about our chances and be ruthlessly discerning over who says what and why. If your first reaction to "Debian owned by the NSA" was anger, then you're almost certainly not thinking straight about the deeper issues. The title was intentionally provocative, to get people to read it, to try to get people to think beyond the badges and sales slogans that we're all familiar with and over which we should, by now, be very questioning, regardless of who states them. When a High Street Bank says "the name you can trust" anyone who watches the news will fall about laughing. Even the Co-Op bank (here in the UK) has abandoned ethical practices and is now going down the Corporate dishonesty route. Why should Debian be any different? Becuse it uses the words "open source"? So do Microsoft.

Should there be a panel of code reviewers? Yes. Could they be trusted? For about a week or two, then suspicion would have to return, because such a body would arguably be a target for compromise and as such would be compromised, as every other body set up to "keep an eye on things" has been. Corporate law has to be changed and that requires a legislature that is also not compromised and that in itself is a problem as old as humanity.

All of which is a long winded way of saying, to my mind, suspicion is the default setting. If you can prove trustworthiness to me then so much the better, but it's for you to prove I can trust something and not for me to prove that you cannot trust it. Because the evidence for the argument that very little is not compromised is all around us.