Strongbox and Aaron Swartz (The New Yorker) [LWN.net]

Strongbox and Aaron Swartz (The New Yorker)

Posted May 16, 2013 23:43 UTC (Thu) by theophrastus (guest, #80847) [Link]

(we'll assume by "This land" we mean the states) I think people are brave enough for a free press. I just think we've allowed our free press (via lapses in FCC policies, for example), to become the sole ownership of a very small number of vast monied interests. Just like has become of the political parties in the states. Capitalism is probably the best form of national government, except when it runs unrestrained.

Now back to computer technical matters: why should we _trust_ this The New Yorker "Strongbox" doesn't have a large NSA backend?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 0:34 UTC (Fri) by tterribe (✭ supporter ✭, #66972) [Link]

> Now back to computer technical matters: why should we _trust_ this
> The New Yorker "Strongbox" doesn't have a large NSA backend?

Because AGPLv3.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 20, 2013 0:13 UTC (Mon) by brouhaha (subscriber, #1698) [Link]

Assuming that you trust them to abide by the AGPLv3. Even so, that doesn't ensure that there isn't some other compromise engineered into the system, outside the AGPLv3 code.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 10:54 UTC (Fri) by randomguy3 (subscriber, #71063) [Link]

Because of the incentives involved.

Journalists, as a rule, do not wish to compromise their sources. The reason being that if they do, and if the fact that they have done so gets out, it makes it much harder to acquire such information in the future (and such information is what journalists ultimately want - the scoop). This has been demonstrated several times recently as journalists have resisted revealing their sources until strongarmed by the law.

The NSA (or whatever) would have to be offering a HUGE incentive/threat to the New Yorker in order to convince them to offer a deliberately compromised service. Admittedly, this could have happened, but I don't think any government agencies would be willing or able to offer sufficient incentives for the New Yorker to do that, given that they probably wouldn't get that much out of it.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 12:44 UTC (Fri) by drag (subscriber, #31333) [Link]

> Journalists, as a rule, do not wish to compromise their sources. The reason being that if they do, and if the fact that they have done so gets out, it makes it much harder to acquire such information in the future (and such information is what journalists ultimately want - the scoop).

Well in reality the Journalist's job is to sell their readers to people that sell lawnmowers, washing machines, pantyhose, fragrances, cars, and anything else like that.

I think that people tend to view media in a backwards manner. They mistakenly think that the printed magazine is the product, or the articles are the product. Same thing with TV and such. It's a mistake to think that news shows or sitcoms or broadcasting is the product they produce. All this stuff is just wrong.

The product that news papers, magazines, news agencies, and other media sells is, in fact, audiences. They sell audiences to the advertisers.

YOU are the product they sell. Your viewership, your attention, etc etc.

Think of it like fishing. If your a fisherman you may spend a lot of time making nets nets and fishing lures, and you may spend a lot of time collecting nets and traps and such things... but that is not how you make your money. Those are not the products you sell. The fish you catch is the product you sell.

It's the same way with news media, and most other media. It's just stuff that is produced to capture the product they sell... which is you and your attention.

All of this is because this is how they make their money. So the perception of integrity from their audience is important to keep their readership so they have a healthy product to sell to the drug companies or purse makers of the world, then that is what they will work hard on creating. Whether or not there is real integrity is something else entirely.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 13:16 UTC (Fri) by micka (subscriber, #38720) [Link]

You know, you can find journals without ads, even paper ones.
No ads, no datamining (no data on readers). They just get the sell price.

Each week I read one of those(probably the most financially healthy in my country).

So no, the journalist's job is not to sell their reader share. Some of the journalists jobs is.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 21, 2013 7:09 UTC (Tue) by Felix.Braun (subscriber, #3032) [Link]

As already mentioned, your view is a bit one-sided. Yes, certainly, ad-income matters to journalists. But so does a good story. And the readership. And their reputation. To say, that only one of these factors determine the actions of media outlets seems to be a bit too simplistic.

You can observe this on this site. From my impression Jon makes the utmost effort to reduce interference by ads to the absolute minimum necessary for the continued survival of this publication. I trust that this is equally true for other quality media, such as The New Yorker. After all, it is not only the ads that pay for these media, the readers do contribute too.

Lastly, you were missing the point of the grand-parent post: the media have no incentive to include a back-door into their whistleblower platform. This is because they want to build trust with their sources, so as to be able to be trusted with information to uncover the truth, that can be made into better stories, that attract more readership. Your point, that ad-revenue is important for journalists too, does not alter these incentives at all. The advertisers equally have no interest in working together with media outlets that betray their informers, because that would ultimately reduce the publications readership and thus their ad's reach.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 21, 2013 8:27 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

I don't see ads on LWN. Oh wait, I'm a paying subscriber!

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 16:05 UTC (Fri) by freemars (subscriber, #4235) [Link]

The NSA (or whatever) would have to be offering a HUGE incentive/threat to the New Yorker in order to convince them to offer a deliberately compromised service.

Documenting the incentive and/or threat would be the scoop of a lifetime. NSA (or whatever) would need to be supremely confident they had something dark enough to thwart every individual at the New Yorker who knew a back door existed. If they guessed wrong the story would lead at every news outlet worldwide a few hours later.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 22, 2013 0:23 UTC (Wed) by gerdesj (subscriber, #5446) [Link]

>The NSA (or whatever) would have to be offering a HUGE incentive/threat to the New Yorker in order to convince them to offer a deliberately compromised service.

>>Documenting the incentive and/or threat would be the scoop of a lifetime.

I don't know if the US has an equivalent to this beast yet: http://en.wikipedia.org/wiki/Regulation_of_Investigatory_... but if you do then I would not hold out much hope of reading the scoop.

Cheers
Jon

It is called "plutocracy"

Posted May 17, 2013 10:54 UTC (Fri) by man_ls (guest, #15091) [Link]

Capitalism is probably the best form of national government, except when it runs unrestrained.

So capitalism is now a form of government? I thought it was just an economic system, and that democracy was the best form of government. Government by the rich (those holding the capital) is called "plutocracy", money has not yet had the opportunity to exert power without the aid of those holding it.

Perhaps we should just readjust our democratic expectations.

It is called "plutocracy"

Posted May 17, 2013 15:34 UTC (Fri) by theophrastus (guest, #80847) [Link]

can you imagine a form of government based upon socialism? i think a representative democracy can be either socialist or capitalist. of course, the proper terminology for the states is that it's a republic.

It is called "plutocracy"

Posted May 23, 2013 13:16 UTC (Thu) by Seegras (subscriber, #20463) [Link]

> the proper terminology for the states is that it's a republic.

Off-Topic: Why do they use these imperial units of measurement then, and not the republican (metric!) ones? ;)

It is called "plutocracy"

Posted May 27, 2013 21:16 UTC (Mon) by nix (subscriber, #2304) [Link]

Imperialist British pressure, obviously!

yrs,
a totally metricated Englishman

It is called "plutocracy"

Posted May 17, 2013 15:37 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

> So capitalism is now a form of government?

Capitalism is an economic system, but it implies a form of government which generally upholds private property rights. That in turn implies that there are constitutional limits to the power of the majority, or whoever else is in charge, which protect individuals from having their property arbitrarily confiscated for public use (or for the private use of others). This is obviously judged on a sliding scale; governments are more or less compatible with capitalism depending of how much they respect private property rights. The nature of government implies that property rights are not always respected (e.g. taxes and the monopoly on force).

A pure democracy would not be compatible with capitalism (or rights in general) because it would make individual rights subordinate to the will of the majority.

It is called "plutocracy"

Posted May 17, 2013 15:55 UTC (Fri) by man_ls (guest, #15091) [Link]

That is a very strange view of democracy. In democracies at any point in History, public rights always trump private rights, or else it would be impossible to collect taxes (as you correctly state), build roads (for which land has to be confiscated), set rights of way (for which private rights have to be overridden), gather an army or practically anything else that a government does. In fact the government prints money and grants (or at least administers) property rights.

In a democracy it is up to the people's will (and the designated government) to define up to which point private interests have to bend to the public benefit. Obviously private citizens have to respect the rights of other private citizens, but those rules do not apply to the government, even in the US. Individual rights always have to subordinate to the will of the majority, no matter what they tell you. If in the US a communist party were to win the elections, you would have collectivized property in no time -- nothing in the US constitution precludes it (and even if it did it would be ammended).

It is called "plutocracy"

Posted May 17, 2013 17:39 UTC (Fri) by nybble41 (subscriber, #55106) [Link]

The idea that you have rights independent of the will of the majority is incompatible with the idea that rights are defined by the will of the majority. The U.S. government (and most other western governments) fall somewhere in between; they endorse the idea of private property in general, but allow that right to be violated in (more or less) specific, uniform, and well-defined circumstances. Taxes are permitted, but (as originally envisioned) they must be applied uniformly, and only exist to fund the government's enumerated powers. Confiscation of property for public use is permitted, but only with "just" compensation. The default state is that the majority does not have the right to take your private property for its own use, with narrow exceptions.

> If in the US a communist party were to win the elections, you would have collectivized property in no time -- nothing in the US constitution precludes it (and even if it did it would be ammended).

The Constitution could certainly be amended, though the requirements for an amendment are higher than simply winning elections; amendments must be ratified by three-fourths of the state governments. I doubt fully collectivized property would be considered legal under the current Constitution, however, due to the 5th Amendment:

> No person shall ... be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

Sorry for the off-topic

Posted May 17, 2013 20:24 UTC (Fri) by man_ls (guest, #15091) [Link]

The default state is that the majority does not have the right to take your private property for its own use, with narrow exceptions.

I would rather say that what can be "private property" is defined by the majority, and even that definition allows for exceptions. For example: beaches cannot be made private in Spain by law because we recognize that collective property is better for everyone. Streets are recognized as public property everywhere, and only the lots assigned to housing can be traded. You cannot own other people, or exotic animals, or dangerous pets without a license. And so on. The same is true for all money, which is even printed and distributed by the government. And money used for any purposes not approved by the government will be readily frozen or even confiscated. Some examples: drugs, gambling, trading with disliked foreign countries, weapons dealing, or terrorism.

No person shall ... be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.

This is a debate for a different forum, but think that "due process of law" is defined by the government, and "just compensation" is a rather weak concept.

I just wanted to point out, which is in line with the main article, that the democratic State is far-reaching, and this is not only theory; this is practical use and has been for centuries. However our government is not yet "capitalist" but "democratic", at least in theory.

It is called "plutocracy"

Posted May 17, 2013 16:44 UTC (Fri) by Funcan (subscriber, #44209) [Link]

Realistically, moneyed interests already have a far greater influence on our government than the man in the street. Even millions strong public protests have very little effect on government policy. We're therefore in some sort of hybrid democracy/plutocracy, and since it appears that every capitalist society is heading towards the same thing to some degree or another, is it not unreasonable to describe this as 'capitalist government', if it is a unique sort of government that comes from, and only from, a capitalist society?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 1:34 UTC (Fri) by ewan (subscriber, #5533) [Link]

Are you confusing Aaron Swartz with Adrian Lamo?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 1:57 UTC (Fri) by jebba (✭ supporter ✭, #4439) [Link]

No, I was confusing Lamo with Poulsen. Poulsen was the one who wrote Lamo's story. http://en.wikipedia.org/wiki/Kevin_Poulsen

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:08 UTC (Fri) by geofft (subscriber, #59789) [Link]

You're supposed to trust the code, not the guy who wrote it.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:27 UTC (Fri) by fest3er (guest, #60379) [Link]

That's a little like trusting a used car salesman. But who am I to talk? I still use reiserfs.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 2:28 UTC (Fri) by geofft (subscriber, #59789) [Link]

The used-car salesman relies on your inability to quickly evaluate the car and what's inside it. Free software and publicly-specified cryptography don't have that problem -- you can look at the source and see what it does.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 7:00 UTC (Fri) by tnoo (subscriber, #20427) [Link]

Still, how can I verify that an unmodified version, compiled from the same sources, is running on the remote server? And even if there is such a version running, how can I be sure that the traffic is not sniffed in between?

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 7:14 UTC (Fri) by geofft (subscriber, #59789) [Link]

A properly designed protocol for this purpose is not dependent on what runs on the remote server -- the cryptography and dissemination applied to your local data is sufficient to avoid attacks once the data leaves your computer.

I haven't audited this system, but it sounds like that was a design goal, and it's not a particularly difficult one. If you're going to use it, you'd be well-advised to make sure that this was in fact a design goal, and audit it to make sure it lives up (or find someone you trust to do so).

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 12:46 UTC (Fri) by ewan (subscriber, #5533) [Link]

You can't, of course. The Strongbox effort seems to be part code, plus a large chunk of PR to make it look attractive. That's not to say that there's a problem with it, more that even if the system is secure and well designed, it still needs the PR to actually get anyone to use it.

While the New Yorker promise to do various things, there's no real need to trust that they will; the key part is the first stage where you connect using Tor so they don't know where you're coming from. Everything else is really up to you. Clearly, there's nothing technical that can ever stop you submitting a picture of yourself with your name and address on, and the same principle applies to all submissions to a system like this - it's up to the submitter to avoid giving the New Yorker anything that could identify them, they shouldn't hand over identifying information and hope the other end keeps it secret.

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 16:27 UTC (Fri) by dmarti (subscriber, #11625) [Link]

+1 Insightful. Of course, this system also depends on random people setting up Tor nodes and leaving them running. (Another item for the Stuff to Put On My Home Server When I Finally Get Around to It list.)

Strongbox and Aaron Swartz (The New Yorker)

Posted May 17, 2013 19:28 UTC (Fri) by johill (subscriber, #25196) [Link]

However, having a .onion service doesn't require any tor _exit_ nodes, which is a huge advantage here. Since there's not even an exit node needed, not even such nodes could do traffic analysis or similar. Also, if I remember correctly, intermediate nodes can't really know what you're talking to, except that it's the next node, but I don't think they can tell the difference between talking to a .onion service on the next node, using the next node as an exit node or simply as a forward. If the node they run has enough of bandwidth to be used as a relatively busy forward as well, traffic to their .onion address might essentially vanish.

I played with getting email (SMTP) to work within the tor space with .onion addresses years ago (about 7 I think), for this very reason. Of course, the email thing never took off because running such a service is difficult and hardly anyone runs their own SMTP anymore (now even less than back then, I'd say.)