That wouldn’t tell you anything. Lots of hackers in U.S. and Europe used relays in countries that oppose the U.S. for similar reasons. On top of it, the go back to gmail message might just be an insult on top of them slamming the private service. I’ve seen online comments telling people to use Gmail or Fastmail just because the newcomers won’t be reliable enough. I say the same thing where availability of email is most important, esp if money or court action is or might be involved. These small outfits might not be able to keep up on that even if more private.
So, it could be anyone if just going off that comment. Only thing I know for sure is that they took the small players down while the big ones are still up as predicted. Some things just take lots of money to stop rather than good design or intentions. It’s why I say split usage between big players for where availability is more important and smaller ones where privacy is more important. And GPG encrypt text/zip files with boring names sent over the smaller ones so you don’t have to trust them or mail clients either. That’s basic concept.
I hear you on that. Cool to know. Just imagine me saying, “itistoday, I’m American. I can tell when an American is pretending to X with speech saying Y. Take my word for it.” You’d probably want something you or others could verify. Things like this are more verifiable with experience seeing it. Maybe the Russian hackers being so common justifies a project illustrating their techniques in situations that had strong evidence of being them. That compared to stuff that wasn’t. People’s minds would see the patterns looking at it all.
It’s not that important to me in this case. I was just reminding people that both independent and nation-state groups will try to fake that to mislead people. It worked, too, before surveillance states with multinational partnerships were a big thing. At least the governments are probably good at spotting the BS. The non-government parties are still vulnerable to that misdirection, though.
I wasn’t making any observations about them. I don’t follow tweet or propaganda storms since it’s a lot of work for 99% noise. I was solely responding to a comment you made about attribution without details people might be interested in. You giving them just reinforced in my mind how tricky this stuff is. For instance, I used to script things to happen at certain times to mislead people in that exact way. Copying slang of certain groups to direct hate at them is something run-of-the-mill trolls do. You saying zero incentive is just an argument without evidence given companies get attacked all the time by customers, employees, con artists, and hackers for a huge range of reasons with nonsense or emotional being common. Quite a few individuals and groups have done sprees just for fun and publicity watching folks run around.
Now, again, I have no doubt you’ve been watching this stuff closely enough that your mind cemented patterns that might tell you stuff. I just know the patterns themselves can be bullshit. I’ve seen and done it. To this day, people believe one thing happened when an entirely different thing happened. I’m not sure consistent attribution is even possible with high certainty once state actors are involved outside some use of malware samples. That’s kind of what I was getting at in making you share details which turned out to be fakeable.
Truth is, I’m too focused on bigger, easier-to-pin-down problems to fight a losing battle against propaganda teams with money to spread lies far and wide. Since you posted on one, I’ll switch over to that one.
i was making a joke… but as i understand it, you won’t have these issues if your mail client doesn’t render HTML or doesn’t make external HTTP requests. pretty much all mail clients can be set that way; many have it as the default.
I’m not sure that reddit detective and outage threads are things we want on here.
That wouldn’t tell you anything. Lots of hackers in U.S. and Europe used relays in countries that oppose the U.S. for similar reasons. On top of it, the go back to gmail message might just be an insult on top of them slamming the private service. I’ve seen online comments telling people to use Gmail or Fastmail just because the newcomers won’t be reliable enough. I say the same thing where availability of email is most important, esp if money or court action is or might be involved. These small outfits might not be able to keep up on that even if more private.
So, it could be anyone if just going off that comment. Only thing I know for sure is that they took the small players down while the big ones are still up as predicted. Some things just take lots of money to stop rather than good design or intentions. It’s why I say split usage between big players for where availability is more important and smaller ones where privacy is more important. And GPG encrypt text/zip files with boring names sent over the smaller ones so you don’t have to trust them or mail clients either. That’s basic concept.
Note: Reposted from Reddit.
Nick, I’m Russian-American. I can tell better than most when someone’s pretending to be Russian.
I hear you on that. Cool to know. Just imagine me saying, “itistoday, I’m American. I can tell when an American is pretending to X with speech saying Y. Take my word for it.” You’d probably want something you or others could verify. Things like this are more verifiable with experience seeing it. Maybe the Russian hackers being so common justifies a project illustrating their techniques in situations that had strong evidence of being them. That compared to stuff that wasn’t. People’s minds would see the patterns looking at it all.
It’s not that important to me in this case. I was just reminding people that both independent and nation-state groups will try to fake that to mislead people. It worked, too, before surveillance states with multinational partnerships were a big thing. At least the governments are probably good at spotting the BS. The non-government parties are still vulnerable to that misdirection, though.
I dunno, how about maybe the fact that they seem to have a preference for speaking almost exclusively in sophisticated English slang?
How about the fact that most of their tweets are on American time and not Russian time?
Or the fact that there’s basically zero incentive for non-state actors to attack these companies? (If anything, an anti-incentive).
How about a million other blindingly obvious tells?
Now you’ve gone from Argument from Authority to sharing reasons for what you believed just like I recommended. Good examples.
You’re a smart guy Nick. I struggle to understand how you couldn’t make these observations yourself.
I wasn’t making any observations about them. I don’t follow tweet or propaganda storms since it’s a lot of work for 99% noise. I was solely responding to a comment you made about attribution without details people might be interested in. You giving them just reinforced in my mind how tricky this stuff is. For instance, I used to script things to happen at certain times to mislead people in that exact way. Copying slang of certain groups to direct hate at them is something run-of-the-mill trolls do. You saying zero incentive is just an argument without evidence given companies get attacked all the time by customers, employees, con artists, and hackers for a huge range of reasons with nonsense or emotional being common. Quite a few individuals and groups have done sprees just for fun and publicity watching folks run around.
Now, again, I have no doubt you’ve been watching this stuff closely enough that your mind cemented patterns that might tell you stuff. I just know the patterns themselves can be bullshit. I’ve seen and done it. To this day, people believe one thing happened when an entirely different thing happened. I’m not sure consistent attribution is even possible with high certainty once state actors are involved outside some use of malware samples. That’s kind of what I was getting at in making you share details which turned out to be fakeable.
Truth is, I’m too focused on bigger, easier-to-pin-down problems to fight a losing battle against propaganda teams with money to spread lies far and wide. Since you posted on one, I’ll switch over to that one.
while you’re at it don’t use email at all, just use signal because PGP can’t protect you from security leaks in your mail client
And what protects you from security leaks in your signal app? Signal desktop recently had several CVE’s issued.
https://www.cvedetails.com/vulnerability-list/vendor_id-17912/year-2018/Signal.html
yeah i realize my sarcasm didn’t come off well
Just write your own mail client, or stick with mutt. ( I’m contemplating both. I have betrayed mutt, and I’m “homesick” now)
Also nobody is going to protect from security leaks in your Signal client, and than you have an OS underneath in both cases…
I think GPG and plain text email are OKish for most threats, just as well as any other alternatives.
i was making a joke… but as i understand it, you won’t have these issues if your mail client doesn’t render HTML or doesn’t make external HTTP requests. pretty much all mail clients can be set that way; many have it as the default.
Yes, or you can set up a paranoid firewall that way…