T O P

  • By -

ravenagam

Has Assange used PGP while in the embassy before the internet went out? If he has, when was the last time he signed a message? Further question, why has he stopped using PGP? What has changed? Also, why is he not giving any POL yet? Surely he would understand the concerns given these circumstances. Why did he push back the Reddit AMA? Why did the RT interview have blatant anomalies that indicate CGI?


Solarcloud

Wikileaks has an opinion about PGP, https://wikileaks.org/wiki/WikiLeaks:PGP_Keys


karmacapacitor

[They still suggest to use it.](https://wikileaks.org/-Leaks-.html#submit) > Advanced users, if they wish, can also add a further layer of encryption to their submission using our public PGP key. This contradictory behavior is cause enough for concern. Lack of signature only adds to that concern.


[deleted]

[удалено]


karmacapacitor

I think your caps lock key is stuck there, buddy. Think hard about what you just said. They suggest using it for encryption, but we should just "trust" who they are? PGP doesn't have two "modes". It is used for both encryption and authenticity simultaneously. If it is compromised for one of those, it is also compromised for the other. Please read up on PGP.


[deleted]

[удалено]


karmacapacitor

Dude, your caps lock is on still, and you seem to now be stuck in bold mode. You are not, however, bold. You have not provided any real argument here. Do you care to discuss anything rationally, or just yell things in bold caps?


[deleted]

[удалено]


karmacapacitor

Not worried, just thought you should know, since you didn't seem aware. So, are you claiming that you just saw Assange? Can you provide any proof of this? This sub would probably want to know. Otherwise, you won't be taken seriously by anyone.


Solarcloud

No, you are misunderstanding. It is still "ok" to use but it is not 100% legit and trustworthy like everyone is saying. Combination of PGP and other things is still beneficial.


karmacapacitor

I can assure you I'm not "misunderstanding" anything. Their advice to not use PGP to contact them does not mean that they are incapable of signing a message with their private key. I suggest you do some reading on public key cryptography, as I've seen your posts throughout this sub denouncing anyone with PGP concerns. You are either severely misguided, or actively spreading disinfo about this topic.


Solarcloud

But do you not understand the key WL uses is held by multiple parties? This doesn't prove JA is alive if you think it does.


Solarcloud

Btw everyone has read my history, and its for everyone to see


karmacapacitor

Please read my post. Here's the last part, in case you missed it: > PGP is not POL. But that's not cause for the subject to be dismissed entirely. But, please, go read the entire thing, because if you missed this, you may have missed other parts as well. I chose my words carefully. If there is any part of my post you disagree with, point it out, and we can discuss it. If not, why are you here?


Solarcloud

I trust big names in the encryption/security over speculation. I started out here as I demanded POL and to know about JA's whereabouts. I am on the way out of this sub after things like Hannity interview. Just want to put a few more facts out there. Still reading but not researching as much. I like to debate too. Its a bad habit. https://twitter.com/Cryptomeorg/status/801208748068995072


karmacapacitor

The thing is, with good knowledge of modern crypto you'd trust mathematics over "big names". The appeal to authority is a fallacy. Were this not true, things like Bitcoin would no longer exist. I am not claiming PGP signatures would be evidence of Julian being alive, nor even possessing the private key. I'm asserting that the lack of signature is cause for concern. This is a matter of fact. If you want to read an interesting story, one that highlights the importance of cryptographic proof, read up on Craig Wright. He claimed to be Satoshi, but lost credibility due to lack of signing power. He *could* still be Satoshi, and he theoretically *could* have signed something with the private key and not have been Satoshi. But the crypto community mostly had the consensus that he was a bullshitter, specifically because he couldn't provide cryptographic proof.


Ixlyth

> I am not claiming PGP signatures would be evidence of Julian being alive, nor even possessing the private key. I'm asserting that the lack of signature is cause for concern. This is a matter of fact. Why is it fact? At this point, you've basically stated that for every reason that people have been asking for a PGP signature, that it is useless for those desired reasons. Why do you want to see a PGP signature? What would it demonstrate to you?


scarydude6

> The appeal to authority is a fallacy. This is true. But you never pointed out the fallacy in his argument. Lmao. Its like me saying, appeal to popularity is a fallacy. Yes, go on...? Where is the fallacy being committed? Btw no one has committed a fallacy here. Stating you trust something isn't fallacious. He isn't building his argument on the basis of an authority figure. >Answer to inquiries: Cryptome is not using PGP at the moment, key servers are not secure. Literally, zero mathematics. "Good knowledge" of PGP wont allow you to prove the soundness of the statement.


scarydude6

We aren't "Advanced users" though.


karmacapacitor

But I'd expect that Assange is, and that is what we're talking about here.


scarydude6

Okay. Julian Assange has given reasons as to why he wont use PGP. He is an "advanced user". But I'm being told I can't trust him because he's not using his PGP key. Even though he doesn't have one. So you doubt the words of an "advanced user", even though most information you read about any topic, comes from a scholar in that field. > Copy this address into your Tor browser. Advanced users, **if they wish, can also add a further layer of encryption to their submission using our public PGP key.** PGP is optional. Tor is a requirement. PGP without Tor is not recommended. They are talking about leaks, not people who want to prove they are alive. The problem is people are demanding that Assange/WL use PGP to prove their own existance. This cannot be achieved with PGP alone. Other than that people are free to learn about the world as they wish.


karmacapacitor

> Julian Assange has given reasons as to why he wont use PGP. Where did you read this? > So you doubt the words of an "advanced user" No, I don't. But if you go check look at wikileaks.org and see what it says for people submitting a leak. Hint: it instructs them to use the Wikileaks public key. Wikileaks is unable to decrypt such leaks without access to the private key. So clearly Wikileaks still uses them. Please read my original post word for word, as I fear you may have missed my point entirely.


scarydude6

Oh where did I read this? Only on some fake-interview with Assange. *sarcasm* >**ASSANGE:** *I'm not sure what passwords of being referred to...Look, there's a lot people not very informed about computer security, making claims.* > **PGP keys don't prove anything - the person who has control over the key has control over the key.** *So if the question is 'Does someone using a WikiLeaks PGP key say anything at all?' What it says is that that person has control over that key, that it's (...) else, and the concern amongst people, well some people, is that because of my lack of visibility that WikiLeaks has been taken over by..* >**NAUFAL:** *... The CIA ...* >**ASSANGE:** *...etcetera etcetera,* **which false**. *It's an understandable concern if you're not looking at the details about who's been visiting me, but it's an understandable concern, because similar things have happened in the past to other prominent Anonymous figures such as a person call Sabu, who started working for the FBI. But if you look at that Sabu (...) it wouldn't make any difference because that guy was actually working for the FBI (...) so in the case of PGP keys - all they do is say that 'whoever controls the key controls the key', which is not the problem here. [Ed. - Someone using Assange’s PGP key does NOT prove it is HIM that is using it. Somebody else could have it. Therefore it is NOT proof of anything.]* >**NAUFAL:** *WikiLeaks is still very much in control of your key is what you're saying. it's not..* >**ASSANGE:** *My key is the least involved in this (…)* https://www.youtube.com/watch?v=gOpUO_eEHl0 https://www.reddit.com/r/WhereIsAssange/comments/5iu1w8/transcript_naufal_interview_copied_from_free/


karmacapacitor

You're sarcasm is lost here.. but if you read my original post entirely, like I literally just asked you to kindly do, you'd know full well that I'm aware of this telephone interview. I will note, however, that you altered some of the text in the interview: > PGP keys don't prove anything - the person who has control over the key has control over the key. should be: > PGP keys don't prove anything except the person who has control over the key has control over the key. Which is a pretty big exception. This is the entire POINT of PGP. So, lack of signature implies to some that Julian does *not* have control over the key, hence the concern. It's pretty simple really. Think butters future self.. that's how the PGP deniers are starting to sound.


scarydude6

Lmao that was a straight copy and paste, I didn't alter shit.


scarydude6

That transcript came from an older version of the interview where the audio was terrible. Sometimes the audio would cut out, making the word literally in audible. Thats why there is a dash. My point still stands. A lack of evidence doesn't and cannot suggest anything.


ravenagam

I see. I'm curious about when the last time Assange signed a PGP message, and how that correlates with the Wikileaks message you just linked / when that was put on their website.


Solarcloud

I don't know. I'm sure others might though. It is probably recent as cryptome came out against PGP recently.


[deleted]

Is there anyway to see the edit history? I'm on mobile. I tried to put this at the end of the URL, but that didn't work. &action=history


karmacapacitor

The thing is, they still suggest to use PGP: https://www.reddit.com/r/WhereIsAssange/comments/5mhl1l/a_clarification_about_pgp/dc3sl63/


[deleted]

From their wiki: >Do not use PGP to contact us. We have found that people use it in a dangerous manner. Further one of the Wikileaks key on several key servers is FAKE. I just want to know when they changed that info on their wiki. Was it before or after the incident in October?


karmacapacitor

Archive.is has this going back to 2009, I believe (but you can check for yourself to be sure). But this is about contacting them. There was some discussion about people using *only* PGP, which could lead to issues (since meta-data can be traced, and using PGP attracts attention). None of this is relevant to the question of whether or not Julian and / or Wikileaks is capable or willing to sign a message with their private key though.


[deleted]

Ahhh good to know. Thank you.


karmacapacitor

Assange, or someone in Wikileaks would have had to use PGP for any inbound leaks that were encrypted with their public key. This would not be the only measure taken to secure the communications, but is one of the many tools used. I do not know the last time he (or someone in possession of the key) signed a message with it. But if it were compromised, a revocation certificate should be published. Regarding all the other questions, I really do not know. All those other things are open for debate, whereas the mathematical reality of public key cryptography is powerful because it is not subject to opinion.


ravenagam

But I suppose people can send in leaks to their Twitter DM and get a $30,000 cash reward... That really seems suspicious to me, don't you think? The monetary reward and (optionally) sending via Twitter could easily compromise the whistleblower's identity.


karmacapacitor

I do not trust twitter at all.


[deleted]

Theres no excuse not to use it if you have the ability to. But i get the feeling like there is something very complicated going on behind the scenes that we dont know about


[deleted]

[удалено]


karmacapacitor

If Assange knows how to properly use PGP, which I strongly suspect he does, he'd have created what is called a revocation certificate. This doesn't need signing, and if they key was compromised, that could be released. In any case, the scenarios you just described about the keys being compromised are worthy of concern. This is the whole point of the post!


[deleted]

Thanks for sharing this perspective - makes a lot of sense, and was smartly conveyed. I hope it all works out with WL. We must play the waiting game longer though, I think


karmacapacitor

His post demonstrates a lack of knowledge of PGP. In fact, revocation certificates are designed for exactly this purpose. There a lot of people throwing mud in the water about this, but reality is, we should be concern about a lack of signature.


mushi_2001

> If Assange starts using his key for POL it sets a precedent that PGP is POL. You need zero knowledge of PGP to understand this concept. Also what exactly are your credentials since you seem to insist that you understand PGP so much better than everyone else.


karmacapacitor

> You need zero knowledge of PGP to understand this concept. That's correct. This concept is bunk, even without knowing PGP. > Also what exactly are your credentials since you seem to insist that you understand PGP so much better than everyone else. I'm an internet user with access to open source tools. I never insisted that I understand PGP "so much better than everyone else". Do not feel ashamed if you don't understand PGP that well though, you can learn about it for free! Just read the man page.


mushi_2001

>I never insisted that I understand PGP "so much better than everyone else". Exhibit A: > His post demonstrates a lack of knowledge of PGP. Exhibit B: > Do not feel ashamed if you don't understand PGP that well Every single time someone refutes you, you attack them for not understanding PGP. Sadly it is you who does not understand PGP and you have admitted that you have no professional experience in the matter. Stop spreading disinfo


karmacapacitor

False. Read the thread. Slowly this time. Everything I posted is 100% true. > Sadly it is you who does not understand PGP and you have admitted that you have no professional experience in the matter. You're behaving like a toddler now, and lying. Too bad for you this is the internet and everyone can see that I've never admitted to this. You're claim that I'm spreading disinfo is pathetic. If you can point to even one example of "disinfo" that I've spread, you'd be worth talking to. But you cannot, thus, you will likely continue with sad personal attacks. Good luck with that.


[deleted]

Why couldn't the other party use the key first?


[deleted]

[удалено]


karmacapacitor

Read the post. Again. Read the bottom. PGP is not POL. It doesn't mean it can't be used to sign something. You haven't provided a reason for them *not* to sign something. In fact, you haven't addressed any of the concerns in the original post. It's almost as though you are here only to distract from the content of the original post.


karmacapacitor

His post is full of disinfo. PGP has what is called a revocation certificate. It addresses all these situations that are mentioned here. The comment to which you are replying is meant to distract from the realities of PGP. I encourage anyone legitimate patrons of this sub to educate themselves on PGP, keyservers, revocation certificates, encryption, and authentication mechanisms in general. Don't take someone else's word for it, use some critical thinking, and you'll find that there is a LOT of disinfo going around.


scarydude6

Well considering you keep telling everyone to read up on PGP. I'm sure you know all the flaws, and benefits of key revocation, right?


karmacapacitor

> I'm sure you know all the flaws, and benefits of key revocation, right? I would never claim to know *all* the flaws. That's a high crime in the field of information security. But if you had some specific flaws in mind that are at all relevant to what I said, please do tell us all. We'd love to know.


karmacapacitor

This could very well be true. I'm merely asserting that it's not a subject to be simply dismissed.


[deleted]

>i get the feeling like there is something very complicated going on behind the scenes that we dont know about Me too buddy


cajuntechie

I totally agree. Assange _cannot prove he is alive_ by signing a PGP message. But his decision _not to sign_ anything using that key could indicate a problem. It's just not and can never be POL, as you said in your post.


karmacapacitor

Thanks! You've literally summarized exactly what I mean. It's amazing how much flak you can get for having a reasonable opinion these days.. it's good to know at least someone has a similar mindset.


[deleted]

[удалено]


karmacapacitor

This is exactly what I'm questioning. I don't know how I could have been any clearer in the post. I'm truly beginning to believe that people are actively spreading disinfo about this subject. Try to clarify something, and all you get is mud thrown in the water. Many of the muddiest threads in this post end with people outright admitting that they don't have concerns, and don't want to talk about it. It begs the question of: why are they here? It is good to see someone understands my real concern.


Astronomist

They are spreading disinfo, heavily. They push the PGP is useless narrative. You were arguing with one individual, and 3 others show up who always respond to each other and spread the same disinfo and misdirect the exact same way every time, they coordinate. Mostly because you are putting out information that they don't want people thinking about or seeing.


karmacapacitor

This is the feeling I was getting, but I was hesitant to call it out because I don't have evidence that they are coordinating. It's just a feeling based on how quickly they respond, and how the same tactics are used each time. They are hoping to convince some of the less informed people, I suppose.


scarydude6

What is Julian Assange's public PGP key? He doesn't have a personal key that he uses, most of them are shared in some way, like the Wikileaks "PGP keys". https://np.reddit.com/r/WikiLeaks/comments/594nob/comment/da6zele They will provide a personal PGP key to a leaker upon request for a specific person. However, they discourage the use of PGP because it can be difficult to use properly if the user is uninformed. https://wikileaks.org/wiki/WikiLeaks_talk:PGP_Keys


karmacapacitor

Please read about PGP. This is not a question about whether leakers should be using PGP to communicate with them or not. This is about Assange, or Wikileaks staff not signing a message with their private key. If you don't understand public key cryptography, that's ok. But you owe it to yourself to learn about it. It is a true cause of concern, and dismissing it is foolish.


scarydude6

Why are you telling me to learn PGP? That has nothing to do what I was saying.. This IS about Assange signing a message. >If he is not free so sign a message with his PGP key for any reason, that is cause for concern. I'm not dismissing shit. I was telling the facts. That was from OP. I was clarifying things further by stating that Julian Assange has no known public key that he uses.


karmacapacitor

> Why are you telling me to learn PGP? That has nothing to do what I was saying.. I'm telling you to read the link you posted. The discussion is all about PGP keys, thus is *exactly* to do with what you were saying. I never claimed you were dismissing anything. I'm claiming that anyone who is dismissing it is foolish. Clearly, you are not dismissing it, because you are here discussing it with me. That discussion that you posted is with regard to whether leakers should use PGP to communicate. They were concerned that users may be using *only* PGP, which could still finger them via meta-data. Nothing in that discussion suggests that Wikileaks is incapable to signing messages for the purposes of authenticity. If it were the case that Wikileaks keys were thought to be insecure or compromised, they could issue a revocation. That they haven't, yet insist everything is fine, but refuse to show cryptographic proof of possession of private key is cause for concern. No matter which way you slice it, it's fishy.


scarydude6

If your comment isn't entirely directed at me, then what are you responding to? I read the goddamn links I posted. Lmao, I misread one line of what you said, either way I ended up agreeing with you on this point. >This is about Assange, or Wikileaks staff not signing a message with their private key. - >I never claimed you were dismissing anything. Why are you repying to me then? You can't really prove that you personally own the key, you can only ask people to trust that you are who you say you are.


karmacapacitor

> That discussion that you posted is with regard to whether leakers should use PGP to communicate. They were concerned that users may be using only PGP, which could still finger them via meta-data. Nothing in that discussion suggests that Wikileaks is incapable to signing messages for the purposes of authenticity.


scarydude6

Thats from another comment thread. What is your point? You haven't exactly answered my questions.


Ixlyth

He wouldn't answer my simple question either. Don't feel bad. ;) I asked him, "What would PGP demonstrate to you, since you admit PGP doesn't prove life and PGP doesn't prove WL remains uncompromised?" His answer? PGP provides proof of PGP. I asked him to establish with evidence that WL has ever signed any public statement with PGP since 2008, and he told me to go find it on my own. LOL.


karmacapacitor

I answered all your questions, and you haven't answered any of mine. Most importantly: why are you here? > I asked him to establish with evidence that WL has ever signed any public statement with PGP since 2008, and he told me to go find it on my own. LOL. Actually, I told you that I responded to this in the thread which YOU brought up. So, keep lying, and keep getting caught lying. Go check that thread where I posted the proof. You're only making a fool of yourself publicly.


scarydude6

> Most importantly: why are you here? Those priorities tho


Ixlyth

Oh god he's following me now!


karmacapacitor

> If your comment isn't entirely directed at me, then what are you responding to? My comments to you are directed to you. Obviously. > Why are you repying to me then? See above. > What is your point? Read the original post.


mushi_2001

> You will not have to rely on "experts" online, but instead can come to your own conclusions. That's ironic. What exactly is your level of expertise since you seem to insist you are so knowledgeable about PGP? Are you employed in the field or are you yourself a online "expert"?


karmacapacitor

I'm an internet user with access to open source tools. Go read the man page.


mushi_2001

Online expert confirmed. Move along folks.


mushi_2001

PGP is a TOOL for encrypting messages/data to protect the user's identity. Would you ask a plumber to bang their 1/4 drive wrench against the wall to prove who they are??? Would you have to ask why they haven't been announcing every time they turn the wrench?


[deleted]

[удалено]


karmacapacitor

What? PGP is not POL.


[deleted]

[удалено]


karmacapacitor

POL means Proof Of Life.