Thursday, September 22, 2016

From: goncalo.costa at kpnqwest.pt (Goncalo Costa)
Subject: JAP back doored

>
> Don't be a smart ass.
>

Well, good morning to you too !

> Your arguments have nothing to do with the argument at hand which is quite
> simple: Governments should have no right to force developers to trojanize
> their applications and keep silent about it.
>

Governments have a lot of powers they should not have but German government
had nothing to do with this.

I hope you can tell the difference between a government eavesdropping on
someone and a judge/court order to eavesdrop on a suspect to gather evidence
against him.

> There have been some notes come out of this:

1> Germany has now removed this legal action, which is great

I think you should stop for a minute and try to learn the difference between
Germany (country), the German state, the German government and the German
judicial system.

"Germany" did nothing.

If you want to talk about the German government you could talk about
http://www.gnupg.org/aegypten

> 2> They intended to only watch traffic to a single German server

It seems you did not follow some posts on this list. I believe someone from
Germany explained the why and how of this JAP backdoor, and mentioned that.

3> The developers may not
> have been so forced into doing this, as much as willing -- I rather doubt
> this, especially since the order was rescinded, but their culpability does
> factor into this

So you mean these guys offering a free public anonymizing service are to
blame for complying with a court order ? I'm sure you would rather go to
jail. Where's the free public anonymizing service you're providing to the
Internet ? I'd like to use it. I'm sure I can trust you to keep my id safe.

4> I, personally, admit I would not care if they did this
> for a very serious reason such as for pedophiles or terrorists... I think a
> lot of people outraged would have to agree with this... However, I am sure
> a lot would not
>

(I believe the same person also wrote) it was a pedophilia case.

> As for the US government, this is utterly unimportant. I was playing around
> even to begin to mess with that. Yes, I am unaware of the US actively
> trojanizing applications by forcing the developers to do this.

Lotus Notes NSA backdoor ?
We're not talking about a court order here.
And Notes was not free software - its customers paid for it.
Nor it was open source software as is the case with JAP.

> So are you.
> This is illegal. You wouldn't like it if it was the US doing this. So, what
> are your real motives here?
>

Besides money that is ? :-)

Your emails seemed more focused on the German government than anything else.
German government had nothing to do with this. This was a judge/court order.

My motives were plain and simple:

- you seem to believe that your government and its agencies always play by
  the book - I was trying to show you that they don't

- you should not bash (especially the way you did) the German government when
  your own government has a much worse track record on eavesdropping on
  everyone else around the world

- you should not blindly trust your government nor its agencies as you seem
  to. They have abused their powers in the past. They are abusing their
  powers in the present. They will abuse their powers in the future.

Governments are made of people like you and me (worse in fact ;-).

Complaining of these decisions (which are mandated by a judge or court) is
really useless and a paradox. In my opinion either:

case 1. you don't trust the state/authorities/whatever and you cannot trust
        anything and you cannot expect anonymous services to work as
        advertised (this is the case in dictatorships/authoritarian regimes)

case 2. you are a hardcore privacy advocate and accept no eavesdropping on
        anyone no matter what - not even eavesdropping on the suspect of
        kidnapping your child

case 3. you (almost) trust the state/authorities/whatever and recognize/accept
        the need to do certain things, as eavesdropping, that need to be done
        in "some situations but not all" to "some people but not all"

As you said:

> 4> I, personally, admit I would not care if they did this for a very
> serious reason such as for pedophiles or terrorists...

So you are clearly in case 3. 

(probably the same goes for everyone else who complained about this)

But if you trust the system then you must also trust that this is done only
when "it has to be done", and there's no use in complaining there, is there ?

In this case you were clearly not trusting the German state and were bashing
it as if it was a "case 1" (dictatorship or authoritarian regime).

Will there be _abuses_ by the authorities and the people behind them ?
Sure, but we'll complain about _that_ with reason on our side then.

>
> >
> > The world is made of people and people are the same
> > everywhere. Time and place don't seem to make a great
> > difference. Being naive and keeping your eyes shut doesn't
> > help either.
>
> I love being called na?ve by teenagers that have never even seen a dead
> body.
>

As I said before, from your posts to this list regarding this thread you seem
to have a blind faith in your government and its agencies. I would call that
being naive. 

Thanks for the tip: I've modified my mail headers not to leak my age again !

And please explain that "dead body" part again.

>
> You think for some reason that I am opposed to intelligence actions by the
> US? I am not even opposed to Germany if they did this because it was
> against terrorists or pedophiles.
>

Well. As I explained before, if you accept this for some reasons then you
must trust "them" to know when to do it.

> You are the one quite na?ve if you believe your nation can exist free
> without an intelligence agency.
>

I don't remember having written this in my post. Did I ?

> Regardless, the existence of intelligence agencies is entirely a different
> matter.

Again: I don't remember having written anything about this in my post.

> What errors these agencies may have done in the past - US or German

Errors ? What errors ? Errors are something you do by mistake.
These agencies make no errors (unless when they're caught).

They deliberately abuse their powers when they have to.

> - is entirely irrelevant.
>

To this thread and list: yes.
To know history and to learn from it: no.

> Each matter must be taken at a time.
>
> Apples give no insight into oranges.
>

I always suspected that ! :-)

> > I would also suggest a daily reading at http://cryptome.org/
>
> Yeah, a lot of great American sites like this. In fact, I bet you know a
> lot more about the US intelligence then you do about Portugese.
>

You almost got it right: "Portuguese". Don't hesitate to ask me if you
need help with your English ! :-)

(I do hope you have a sense of humour)

> In fact, I bet you know a
> lot more about the US intelligence then you do about Portugese.
>

Well ! That's easy isn't it ?
There's not much to know about Portuguese intelligence agencies is there ? 

And I'd like to hear your comments on my post to FD included below
(http://lists.netsys.com/pipermail/full-disclosure/2003-August/009108.html)

Best Regards to you too
Goncalo


-------------------------------------------------------

Subject: Java Anonymous Proxy (JAP) backdoored - another interesting story 
Date: Tue, 26 Aug 2003 11:02:32 +0100
From: Goncalo Costa goncalo.costa@...qwest.pt
To: full-disclosure@...ts.netsys.com


For those of you shocked at learning that JAP had been backdoored at
the request/order of a judge/court to investigate a criminal, here is
another interesting story.

Notice the SURFOLA.com disclaimer.

----------  Forwarded Message  ----------
>Date: Sat, 23 Aug 2003 00:00:11 +0200
From: Barry Wels 
>Subject: blackmail / real world stego use
>Sender: owner-cryptography@...zdowd.com
>To: cryptography@...zdowd.com

Cielo e terra (duet with Dante Thomas)