Thursday 24 September 2015

Tor is Broken

For a long time in my mind there's been no doubt that Tor is broken, at least with respect to the powers available to the United States and its allies. Think about it. There are no where near a million Tor nodes and even fewer exit nodes, and a million servers is a rounding error in the DoD black budget for a year.

Sure, non DoD Tor nodes exist, but what % of them are p0wned? (Zero Day Exploit) I'll hazard a guess; just that % required to make it statistically implausible that, combined with traffic analysis, context gleaned from exit nodes a handful of zero-days etc. etc. no one can use Tor and expect sustained anonymity from the government.

I actually think that's a good thing. Hear me out. For the general Tor user who just wants their ISP , nosy Shark Wire aware neighbor, political opponents, large corporations, website owners land various databrokers to fuck off, they have what they want For dissidents in oppressive nations, those nations probably can't muster the resources to de-anonymize Tor users. For very bad people who want to do very bad things, we can get them, with some effort.

I know this is a minority opinion, but I think that the opposing opinion is regressive. Once, it wasn't possible for a small group of non-nation-state individuals to wreak mayhem on millions of people at once.

Once, the amount badness that could be achieved by Bad Guys was a trade-off between the number of people the Bad Guys wanted to effect, the number of people the Bad Guys could enlist to help them and the degree of severity of the Badness itself. Not any more. This changes everything.

We are living more and more in a world in which a few or even one really fucked up person can reach out and kill. This is nothing but the advancement of technology, and it's not going to stop. That means the power of small groups gets larger and broader even as the size of that group spiral down to one.

How are we going to counter this general phenomena? I agree, that giving any government unchecked, unobservable, unlimited powers is always a bad idea. (Ironcially, I believe this because of the actions members of administrations who profess to want to "get government off our backs" and told us "government isn't the solution, it's the problem"- Oliver North, James Secord, Dick Cheney, Alberto Gonzales etc etc. )

But in the face of this hypothetical and not-always hypothetical threat we still have the facts on the ground with respect to advancing technologies and the leverage it gives just anyone.

I don't think the answer is to limit the power of government. We need that power to exist. I think the answer lies in the people being able to hold the government accountable and their actions rendered transparent to a degree that would shock most people today, both in and out of government. We need to radically re-think the national security 3rd-rail issues like national security classifications, clearances, Presidential directives, etc. etc.

It will tear this country apart if the government continues to do what it knows it needs to do in order to avert terrorism and societal chaos and the people continue to feel like they have no faith in the integrity of the processes and powers of the government- that it could at any moment turn the death ray on them, and probably will. That whole dynamic, the whole world view needs to be addressed and not just addressed but actually resolved by some radical out of the box thinking no one had done yet.

We can have both security and freedom, but it's not going to just arise naturally by continuing on with the status quo conceptual categories we are using now.

Friday 18 September 2015

"Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come."

IMPORTANT ONE IS GROUP POLICY (gpedit.msc):

Go to Computer Configuration, Administrative Templates, System
Internet Communication Management, Internet Communication Settings

ENABLE (to turn it on, it is a disabler)

"Turn off Windows Customer Experience Improvement Program"

---

TO REMOVE THE BOGUS OPTIONAL TELEMETRY HOTFIXES MANUALLY:

Open command prompt
Type powershell
issue these commands

---

TO SEE WHAT ONES ARE INSTALLED:

get-hotfix -id KB3035583, KB2952664,KB2976978,KB3021917,KB3044374,KB2990214

---

TO UNINSTALL THEM (these for sure, per url next below):

wusa /uninstall /kb:3035583
wusa /uninstall /kb:2952664
wusa /uninstall /kb:2976978
wusa /uninstall /kb:3021917
wusa /uninstall /kb:3044374
wusa /uninstall /kb:2990214

per http://www.ghacks.net/2015/04/... [ghacks.net]

---

DESCRIPTIONS OF EACH (these uninstalled properly):

KB3068708 (Telemetry)
KB3075249 (Telemetry)
KB3080149 (Telemetry)

KB3022345 (Telemetry)
KB2977759 (Windows 10 Upgrade preparation)
KB3021917 (Windows 10 Upgrade preparatioon + Telemetry)
KB3035583 (Windows 10 upgrade preparation)

---

I GOT "NOT INSTALLED ON THIS COMPUTER" ON THESE INITIALLY SINCE I HAD IE11 installed (PROBABLY ONES FOR IE9/10/11):

KB3075249
KB3080149
KB2505438
* KB2670838 (See IE 9/10/11 notes below)
KB3044374
KB2990214 (Windows 10 Upgrade preparation)
KB2505438 (Although it claims to fix performance issues, it often breaks fonts)
KB2976978 (Windows 10 Upgrade preparation)

---

I GOT "NOT INSTALLED ON THIS COMPUTER" ON THESE (*PRIOR* TO PULLING KB2670838 which is IE 11):

* KB2670838 (This update often breaks AERO on Windows 7 and makes some fonts on websites fuzzy. A Windows 7 specific update only
                        (do not install IE10 or 11 otherwise it will be bundled with them, IE9 is the max version you should install to avoid this).

THESE RE-APPEAR AFTER UNINSTALLING IE11 RIGHT ON RESTARTING & CHECKING WINDOWS UPDATE:

* KB2952664 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3021917 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3068708 (Windows 10 Upgrade preparation prior to IE9/10/11 install)
* KB3092627 (Windows 10 Upgrade preparation prior to IE9/10/11 install)

---

run cmd as administrator

sc stop Diagtrack
sc delete Diagtrack

---

*Task Scheduler Library:

Everything under "Application Experience"
Everything under "Autochk"
Everything under "Customer Experience Improvement Program"
Under "Disk Diagnostic" only the "Microsoft-Windows-DiskDiagnosticDataCollector"
Under "Maintenance" "WinSAT"
"Media Center" and click the "status" column, then select all non-disabled entries and disable them.

*services.msc:

"Remote Registry" to "Disabled" instead of "Manual".