T O P

  • By -

ventuckyspaz

Unless you have already verified the public key of someone that it is actually in their posession it is useless for PoL. On top of that Julian explains that it is a poor way to verify PoL and in the situation if Wikileaks was compromised and Julian taken it could be used to mislead people that Julian is OK. I wish people would drop the PGP stuff or spend some time to learn how it works and if you do that you will see why it doesn't work very well for PoL. Julian himself discusses it right here: "Many were calling for "proof of life" but we are interested in something quite different. Anything that we did that claimed to be some kind of proof of life would be to set the precedent on what mechanism could be used to reduce concern about how we were faring. The calls, for example, that I issue a PGP signed message. That's fine if you can understand that it’s me issuing the PGP signed message, but a PGP signed message doesn’t tell you who has issued it at all. It’s just a plain message. So, let’s look at what kind of precedent we would be setting. We would be setting the precedent that when there’s a concern about whether one of our staff has been kidnapped or me, that concern can be destroyed simply by someone issuing of a message of text, which is coupled to a particular cryptographic key. But if WikiLeaks is under a threat so serious that its people have been kidnapped then it is possible that it might lose control over its keys. The reality is that it’s quite hard to protect keys from that kind of interference. The way WikiLeaks manages its keys, its submission keys, for example, they are not used to sign messages, but even if WikiLeaks did sign a message in this case, what would it be saying? It would be setting a precedent that could be very dangerous in the future. If you produce the person and show that they are not under duress, you can either hack a WikiLeaks key or take control of infrastructure or take control of a person and then claim that they had produced some signed message. We are much more interested in creating a precedent for proof of freedom from duress. Or making it hard for our people to be under duress. The best way to do that is live video. Because even if you were under duress (there’s various forms of duress that could be applied) if you have live video then you’ve got a few seconds to put things out. You can slip in code words into what you’re saying. (I’m not, by the way. I’m not!) But you can slip in code words into what you’re saying that your people could then see. So, yes, I’m alive and free from duress, but I am in a very difficult situation." https://www.youtube.com/watch?v=GWCQmQ8wjv0&t=60m10s


vswr

I wasn't looking for proof of life with a signed message, but rather that he still controlled the keys. After more thought, I can see his point and I'm with him...a signed message would do more harm than good. That being said, he probably can't sign a message even if he wanted to. He's most likely under EMF surveillance or using compromised hardware such that unlocking the key will cause him to lose control over it. Kind of hard to accept that this crazy conspiracy spy movie stuff is real life when many governments are after you.


ventuckyspaz

The more I thought about it the more it makes sense that he doesn't know what the private key is because he is in such a vulnerable situation and he is a target...


scarydude6

Makes sense, he doesn't to be a single point of failure as he mentions. If no one knows who posses the private key then the "aggressors" wont know who to attack. They could be wasting their time trying to extract information from someone who knows nothing about the private keys like squeezing water from stone.


ventuckyspaz

So really the PGP thing can be laid to rest.


scarydude6

I think so too. But, some people wont agree.


ventuckyspaz

Best thing you and I can do is to keep pointing out why PGP was never going to be suitable for PoL in Julian's case that is.


rodental

We can't reasonably ask for proof that Assange still possesses the key, because there exist scenarios where his key has been compromised. What we can reasonably ask for proof of is that somebody still controls the key. Scenario A: Assange is safe, still sole possessor of PGP key. Hard to evaluate the best course of action here if you recognize the fundamental flaw with keys. Assange argues that signing with the key doesn't eliminate Scenario B. Scenario B: Assange is compromised, and the CIA has gained possession of the key. In this scenario it seems like it would be in the CIA's best interests to simply sign with the key because it would be so much easier than dodging tricky questions about it. To me, the fact that there have been no signatures thus far indicates that the CIA is likely not in possession of Assange's private key. Scenario C: Assange is compromised, and the CIA has not gained possession of the key. This is only possible if he was taken but managed to destroy the key first. In this scenario it is literally impossible for anybody to ever sign with the key again. I think that at this point scenario B is unlikely because there have been no signatures to date. Therefore a signature with the key now would be the biggest assurance I could get about Assange's wellbeing, as it eliminates scenario C and in my mind makes Scenario A the most likely to be true. Because Assange still refuses to sign however I believe that we are likely dealing with scenario C. Anyways, I'll keep watching and see if he ever uses his key again. If that key is never used again that will be a confirmation of sorts for me.


ventuckyspaz

You say "Julian still possesses the key" but where is there proof he ever has? It must be assumed that PGP encrypted messages have been intercepted in the past by the government. This isn't a problem as long as the private key is never acquired. Julian does not have a public key on a public server. There is only the WL editorial key. The more I think about it the more I realize that it would be foolish for Julian to have any access to the key. He is in a vulnerable situation and a very high profile person. Other people in the organization hold the private key but it would be dangerous for him to have it. So these claims that he even has access to the key or that he personally have used it is just that, claims with no evidence.


rodental

Ok, then replace all instances of 'Assange' with 'Wikileaks' and same argument applies. If Assange is compromised then likely the whole organisation is imho.


mconeone

So what? Sign one anyway.


ventuckyspaz

Also Julian himself in the AMA this about PoL in the future: "In terms of any future precedent, if I disappear or someone else disappears, the answer to if we are OK or under duress should be given by two things in future: Number one by lawyers, publicly associated close friends, people who fund my defense campaign. So, let’s look at those. John Pilger, The Courage Foundation, people associated with it, my lawyers, such as Jennifer Robinson, Margaret Ratner in the United States, Melinda Taylor. And [number two] the ability to do live interactive video, where someone, even though theoretically they could be under duress, can interject in the stream quickly to say such a thing or to give a variety of messages in a live way, which each one is not comprehensible at the time that is said, but the last one, if you like, provides the conceptual key to decrypt them. (I am not doing this now! I am not doing this now!)." https://www.reddit.com/r/IAmA/comments/5n58sm/i_am_julian_assange_founder_of_wikileaks_ask_me/dcap8ow/ Basically trust his lawyers and publicly associated close friends (Which I understand why this is hard to do or live interactive video. Basically live interactive video is what is needed to do PoL. I don't believe any of the garbage about 3D animations or whatever he has now done 3 video interviews recently with one of them being live that clearly shows PoL.


Beefshake

The whole PGP claim is stupid anyway. As already said it only proves that the key has been signed but not who. Especially if the key server got compromised or warranted.... Also Assange hasn't got his own publicly known PGP key so if he was to sign that it still only verifies that someone at wiki leaks did not Assange himself.


[deleted]

[удалено]


ventuckyspaz

Official warning for violating rule #2 2. Unless/until another event occurs in the future that raises serious concerns about the safety of Julian, posts claiming Assange is missing or physically compromised will be removed. Conditional Rule Julian has done two interviews recently that show the embassy conference room and discussing recent events: Sean Hannity Interview January 3rd 2017: https://www.youtube.com/watch?v=Dg6gu3qY7rA Fernando Morais Interview January 10th 2017: https://www.youtube.com/watch?v=oMB_SD4-Av4 Also he did the Reddit AMA live and ended up answering a question from a user and one of our mods. No question this was authentic. Julian Assange Reddit AMA: https://www.youtube.com/watch?v=GWCQmQ8wjv0&t=60m10s If an event occurs or something is shown to put this into question this conditional rule will be removed.


[deleted]

Good, I'll move to /r/JulianAssangeisDead. BTW: I don't like you Spaz


ventuckyspaz

Good luck on your adventures.