Is anyone able to verify the signature? GnuPG gives me a BADSIG error.
I was actually looking for what info was included in the signature (e.g. a timestamp), but it seems KGPG doesn't provide that. However the sig itself does not even seem to be valid, though it's probably because I copied it out of Google's cache.
Hmmm... "Musings on Underground Communication"? "Underground Communication, some thoughts"? Not really sure what's so inflammatory about the title.
When analyzing the activities of groups facing an adversarial environment to learn what works, what doesn't, and why, (unfortunately) the pool of covert organisations is somewhat limited: intelligence agencies; terrorist groups; hacker crews; narcos; insurgents; child pornographers... Few other groups face such a hostile operating environment that their security measures are really "tested".
This group had an incredibly effective set of security practices. They imposed strict compartmentation, regularly migrated identities and locations, required consistent Tor and PGP use, etc. They had legitimate punishments for people who transgressed the rules (expulsion) and they survived a massive investigation effort. Clearly, they were doing something right (actually a number of things).
Just as clearly, they are reprehensible people who engage inactivity that is immoral and unethical, by any measure. (Paying for child pornography to be produced is flat out wrong, regardless on where you stand on the spectrum of opinions regarding child porn laws.
The thing is, there are basically no nice people who provide case studies of OPSEC practices. Most are engaged in violence, serious drug trafficking (at the "kill people for interfering" level), theft and manipulation of human beings, etc. Thats the nature of the beast.
As a friend of mine said "if your secure communications system isn't being used by terrorists and pedophiles, you're probably doing it wrong".
People with well funded, trained and motivated adversaries have the strongest incentives to practice the highest level of security. They're the ones to learn from. :)
This is like antibiotics. The natural selection process will push people to use more secure communication methods etc. The conclusion, for me, is that repression is not the way to go and makes the problem only harder to monitor and control.
The strategy I would follow to address this problem is to identify the mechanism by which these type of behaviors reproduce themselves and contamine new people. This is where to target. And again, not in the Rambo way, in a chess way where everything is kept under control and will lead to the final check mate.
> but this is THE most inflammatory title I've seen in a year.
That was deliberate. I suspect that HN has somehow penalized or moderated my submissions, because while my submissions used to get on the main page literally every other day, for the past month my submissions have almost all been stuck at +1 or +2 (https://news.ycombinator.com/submitted?id=gwern). So instead of the utterly boring and anodyne title Gruqq gave his post...
The faq/guideline is pretty clear that the title field is not for editorializing. I don't know if there is a moderation feature like you posit but what can one expect after breaking community guidelines. Are the lower scored submissions items that you modified the title?
http://grugq.tumblr.com/post/68391880015/defcon-21-de-anonym...
And:
http://grugq.tumblr.com/post/68392646777/castleman-affidavit