TYLER.



    Saved July 1st, 2012

    ==============================================================


    Project Mayhem 2012 Artistic Disclaimer: http://pastebin.com/Ux0Uk2em


    IMPORTANT: To anonymize your IPs, you are strongly advised to access this Pad via TOR  or buy a VPN (pay with bitcoins), OR get a b0x so that you can tunnel your traffic through an SSH connection.


The BACKUP PADs are available at:

https://ttbmov2dezfs2fln.onion/p/TYLER (via TOR)
http://pad.fnordig.de/p/ TYLER
http://piratenpad.de/p/TYLER
http://notes.occupy.net/p/TYLER
http://wuselpad.ironhide.de/p/TYLER
http://pad.tihlde.org/p/TYLER
http://brownbag.me:9001/p/TYLER
http://pad.tn/p/TYLER
http://dev.ardupad.cc/pad/p/TYLER
http://qikpad.co.uk/p/TYLER
http://beta.publishwith.me/p/TYLER
https://pad.lqdn.fr/p/TYLER
http://pad.planka.nu/p/TYLER
http://typewith.me/p/TYLER
http://beta.primarypad.com/p/TYLER
http://pad.factor.cc/p/TYLER

Latest BACKU@pastebin:
Saved July 1st, 2012 - http://pastebin.com/3yFJU5nA

As an extra security layer, please feel free to keep encrypted local copies of this pad in your PC.

********************************************************************************************************
********************************************************************************************************
*** IF YOU INTERPRET *** ANYTHING *** YOU READ ON THE FOLLOWING PAGES *** *** AS BEING ILLEGAL/forbidden IN YOUR COUNTRY or in your local jurisdiction, then  ***              DO NOT DO IT | DO NOT DO IT | DO NOT DO IT                                   ***
********************************************************************************************************
********************************************************************************************************

Also,

|=----------------------------------------------------------------------------------------------------=|
|=----------------------------------------------------------------------------------------------------=|
|=--------=[                                                                              ]=--------=|
|=--------=[  « Never do anything against Conscience even      ]=--------=|
|=--------=[    if the State demands it. »                                    ]=--------=|
|=--------=[                                Albert Einstein                         ]=--------=|
|=----------------------------------------------------------------------------------------------------=|
|=----------------------------------------------------------------------------------------------------=|

The ideally non-violent state will be an ordered anarchy.
That State is the best governed which is governed the least.
— Mahatma Gandhi, Collected works of Mahatma Gandhi, Vol. 79 (PDF), p. 122

ordered anarchy here means:


        BEE Kind to all and make sure we all leave our egos aside.


        Keep the PAD strictly technical. We do NOT discuss beliefs/politics here.


        It is preferred that you do NOT choose a nickname but just edit anonymously or as "PM+random number" each time.


    The    key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",    "SHOULD", "SHOULD NOT", "RECOMMENDED",  "MAY", and "OPTIONAL" in this    document are to be interpreted as described in RFC 2119.

    See http://www.faqs.org/rfcs/rfc2119.html


        If you AGREE on an item/idea, add a +1 next to it. 1

    I disagree with this


           If you DISAGREE on an item/idea, do NOT delete it (this is the main    purpose of BRAINSTORMING): EXPLAIN why you disagree and OFFER an    alternate solution to it.

    I disagree with this because sometimes you just don't need a reason...


tl;dr:

    Universal Cryptographic Wrapper (Tor/I2P/Freenet...APIs) +

    a temporary Trust Authority aka HiveMind [that follows an Ethical c0de] to keep informational noise to the minimum +

     a distributed Wiki to sort out and crowdsource all leaks from Conscientious Insiders (C.I.) worldwide =

____________________
    TYLER

Remember : There won't be only ONE TYLER, but MANY #TYLERCANDIDATES.
BEE AWARE: it *IS* EXPECTED that @DHSgov, @DARPA, @CYBER, #NSA, #MOSSAD...and related 'side players', WILL release one or several subtly trojanized #TYLERCANDIDATES, for obvious reasons.
Obviously, the cipherhacking community will audit all and decide which one is the SIMPLEST and SAFEST.
Consider this the most challenging SUMMER OF CODE ever.

Resources:

TYLER as described by PM2012: http://pastebin.com/Wt15GXTn
#LETSCODETYLER Call to Hackzion! Code TYLER!:
http://www.youtube.com/watch?v=XnR8wo-1utI - (UPRISING soundtrack)
http://www.youtube.com/watch?v=fKfX9SN0p44&hd=1 - (Golden Ratio Re-Evolution)
Project Mayhem 2012 'Dangerous Ideas #1 and #2': http://pastebin.com/sLLwJbtz
Dangerous Idea #1 video: http://www.youtube.com/watch?v=EGxDqpOxDkw
Dangerous Idea #1 mp3: http://soundcloud.com/pm2012/dangerous-idea-number-one
Dangerous Idea #3 video: http://www.youtube.com/watch?v=eZnVWH0Ilo0
rEVOLUTIONART2012 vids: http://www.youtube.com/user/rEVOLUTIONART2012/videos
All "Project Mayhem 2012" vids:
http://www.youtube.com/results?search_query=%22Project+Mayhem+2012%22
#OpMINDFUCK: http://PM2012.tumblr.com
http://en.wikipedia.org/wiki/Operation_Mindfuck
Project Mayhem 2012 Artistic Disclaimer: http://pastebin.com/Ux0Uk2em

Tags :
#TYLER
#LETSCODETYLER
#INTYLERWETRUST
#PROJECTMAYHEM2012
#PM2012
#PM2012art


Plan :
- Before June 2012 : Dev' begining
-
-
- November 5th, 2012 :


    All TYLER CANDIDATES get out of Beta version and their source code, network design diagrams & documentation MUST be released ANONYMOUSLY & into the Public Domain.

    This (=this Pad's) one is supposed to be just one TYLER CANDIDATE.

    The more TYLER CANDIDATES coded by different coders/groups in STEALTH mode, the better resilience the Project gets.

    Remember: a potential Conscientious Insider (CI) has to be able to trust TYLER with his life before deciding to leak sensitive data [through/with/to] it. Hence total transparency code wise is not just a desired feature: TRUST is the CORE of TYLER. Hence the motto: 'In TYLER we TRUST.'


Once TYLER be on the wild and Truths be revealed:

   1. You DO ask questions.
   2. You DO ask questions.
   3. No excuses.
   4. No lies.
   5. You HAVE to trust TYLER: for YOU are the Watchmen."


- 12-21-2012 11:11: The End of Fear. [Doesn't the end of fear require change? Isn't change scary?]
Not all change is scary

Scholarly Resources:

http://scholar.googleb' from all countries, pa.com/

P2P resources:
http://crypto.stanford.edu/~miron Conscientious Insiders worldwideov/p2p/
List of Anonymous Networks:
http://kpvz7ki2v5agwt35.onion (TOR)
hb' from all countries, pattp://kpvz7ki2b' from all countries, pav5agwt35.onion.to/wiki/index.php/List_of_Anonymous_Networks (clearnet)
https://secure.wikimedia.org/wikipedia/en/wiki/Anonymous_P2P
https://secure.wikimedia.org/wikipedia/en/wiki/Category:Anonymity_networks

The 'kpvz' links are The Hidden Wiki right? That things down all the time: Mirrors: http://www.reddit.com/r/onions/comments/qm2cw/hidden_wiki_down_here_are_the_mirrors/

Anonymity resources:

Selected Papers in Anonymity
http://freehaven.net/anonbib/date.html

Handbook of Peer-to-Peer Networking
Shen, X.; Yu, H.; Buford, J.; Akon, M. (Eds.)1st Edition., 2010, XLVIII, 1500 p.
"Handbook of Peer-to-Peer Networking-rwt911.pdf"
Torrent hash: C3BA97707C9E3C80019DD55E2207529AB876700D

Crypto Anarchy, Cyber States, And Pirate Utopias, by Peter Ludlow
http://www.scribd.com/doc/44385837/Crypto-Anarchy-Cyber-States-And-Pirate-Utopia
See: http://en.wikipedia.org/wiki/Peter_Ludlow

Whistleblowing resources:

Brian Martin, The Whistleblower's   Handbook: How to Be an Effective Resister
(Charlbury, UK: Jon   Carpenter; Sydney: Envirobook, 1999). Out of print from 2008.
The Whistleblower's Handbook in pdf, 89 pages, 1.6MB
http://wwb' from all countries, paw.bmartin.cc/pubs/99wh.pdf
http://www.bmartin.cc/pubs/99wh.html

Related projects (TYLER CANDIDATES too?):

    The Amnesic Incognito Live System (Tails):

"Tails    is a live system that aims at preserving your privacy and anonymity.   It  helps you to use the Internet anonymously almost anywhere you go  and  on  any computer but leave no trace using unless you ask it  explicitly.
It    is a complete operating-system designed to be used from a DVD or a  USB   stick independently of the computer's original operating system.  It is   Free Software and based on Debian GNU/Linux.
Tails    comes with several built-in applications pre-configured with security    in mind: web browser, instant messaging client, email client, office    suite, image and sound editor. Tails relies on the Tor anonymity   network  to protect your privacy online: all software are configured to   connect  through Tor, and direct (non-anonymous) connections are   blocked."
https://tails.boum.org/about/index.en.html


    OpenRelay

OpenRelay    is a p2p (peer to peer) based web hosting solution. OpenRelay  is  free   (as in freedom), which means it is currently licensed under the   GNU   GPLv3. The goal of OpenRelay is to decentralize hosting, create  an   alternative  to paid hosts, and to allow anyone (with a few  friends) to   be able to  host a site.  OpenRelay builds upon the  BitTorrent  Protocol  developed by Bram Cohen,  as well as other  projects like  Twitter's  Bootstrap, Werzeug, Django,  Python-gnupg,  PyCrypto, and   AutonomoTorrent.
http://peer.to/peer/about


    Freehaven (MIT):


"The    Free Haven Project aims to deploy a system for distributed data   storage  robust against attempts by powerful adversaries to find and   destroy  stored data. Free Haven uses a secure mixnet for  communication,  and it  emphasizes distributed, reliable, and anonymous  storage over  efficient  retrieval. Some of the problems Free Haven  addresses include  providing  sufficient accountability without  sacrificing anonymity,  building trust  between servers based entirely  on their observed  behavior, and providing  user interfaces that will  make the system easy  for end-users. "
http://freehaven.net/overview.html


    Globaleaks:


http://globaleaks.org/ & http://wiki.globaleaks.org
https://github.com/globaleaks/

According to ProjectPlan-08.05.2012.pdf ( See: https://github.com/globaleaks/advocacy/blob/master/ProjectPlan-08.05.2012.pdf?raw=true )

"Effort estimation: The total effort to fully implement the overall project is forecasted to be 1292 days of activity (a couple of solar years at least)."

(note: unless pushed really hard, Globaleaks wouldn't make it by November 5th, 2012)

See: http://en.wikipedia.org/wiki/GlobaLeaks


    TELEX:


"Telex    is a new approach to circumventing Internet censorship that is     intended to help citizens of repressive governments freely access    online  services and information.  The main idea behind Telex is to    place  anticensorship technology into the Internet's core network     infrastructure, through cooperation from large ISPs.  Telex is   markedly   different from past anticensorship systems, making it easy   to  distribute  and very difficult to detect and block."

Paper: Telex: Anticensorship in the Network Infrastructure
By Eric Wustrow,     Scott Wolchok,     Ian Goldberg and     J. Alex Halderman
         To appear in Proc. of the 20th      USENIX Security Symposium, August 2011.

https://telex.cc/

(note: TELEX has a very interesting approach on using Public Key Steganography to circumvent censorship.
http://scholar.google.com/scholar?q=public+key+steganography
See also:
http://www.phrack.org/issues.html?id=6&issue=49 - Project LOKI
http://www.phrack.org/issues.html?issue=51&id=6 - Project LOKI2. The Implementation.)

Distributed wikis:


        See "Distributed-wiki" project http://trac.i2p2.de/wiki/gsoc/ideas/apps/distributed-wiki

        See: Wooki Wiki: decentralized wiki on P2P network http://wooki.sourceforge.net/

        See: Wiki over Freenet https://wiki.freenetproject.org/Wiki_over_Freenet

        See: freekiwiki Official Page http://freekiwiki.sourceforge.net/

        See:  Fniki

    (http://127.0.0.1:8888/USK@Gq-FBhpgvr11VGpapG~y0rGFOAHVfzyW1WoKGwK-fFw,MpzFUh5Rmw6N~aMKwm9h2Uk~6aTRhYaY0shXVotgBUc,AQACAAE/fniki/30/ )
    Wiki over Mercurial over Freenet using python scripts for editing and FMS for it's WoT and commit notification.

        See:  Jfniki

    (http://127.0.0.1:8888/USK@UB0RPdoXvA61bfDbpvIVFyft1JiqUPhTLONHsWVGU0k,gFG9I3679g-1dUZvOorUuudr~JvSgRemmMdfiPxxcY8,AQACAAE/freenetdocwiki_mirror/61/jfniki.html )
    Jfniki is a port to Java that does not depend on having Mercurial installed.

        See: ikiwiki http://ikiwiki.info/ is a wiki backed by git.


What :

TYLER is described as a:
"Massively Distributed Uncensorable & Collaborative Wiki-P2P Cipherspace Structure"
Reference: http://pastebin.com/Wt15GXTn

Why :


    "[Any    leaking platform dependant of easyly identifiable human beings] puts    the role of the Editor in great personal danger and in risk of being    'totally incapacitated' —CIA's term to refer to Daniel Ellsberg— by    potential enemies while it dramatically slows down the

release process.


    By its own nature, WikiLeaks mirror servers are limited in numbers, and

very much resource-hungry during media peaks.

    Being limited in numbers means that they are prone to attack, DDoS,
    international IP bans, governmental inclusion in blacklists... etc. etc.
    These are single point of failure that threaten the infrastructure of the
    whole system.

TYLER aims to circumvent these issues."


    To help Mr. Obama to fulfill his promises and to make them extensible to the whole of society. World. Wide.


The Obama-Biden Ethics Plan, November 2008 read like this:
____________________________________________________________________

Protect Whistleblowers:

"Often the best source of information about waste, fraud, and abuse in
government is an existing government employee committed to public
integrity and willing to speak out. Such acts of courage and patriotism,
which can sometimes save lives and often save taxpayer dollars, SHOULD
BE ENCOURAGED rather than stifled. We need to empower federal employees
as watchdogs of wrongdoing and partners in performance.
Barack    Obama will strengthen whistleblower laws to protect federal workers   who  expose waste, fraud, and abuse of authority in government. Obama will ensure
that federal agencies expedite the process for reviewing whistleblower
claims and whistleblowers have full access to courts and due process."

Via: http://change.gov/agenda/ethics_agenda/
____________________________________________________________________

Reference: http://pastebin.com/Wt15GXTn

How[Principles] :

--> We have to propose some constant "laws" for TYLER :

    - EVERYONE SHOULD BE ABLE TO SEND data throught the network
    - EVERYONE SHOULD BE ABLE TO READ data throught the network
    - ALL data SHOULD BE sent ANONYMOUSLY
    - ALL data SHOULD BE read ANONYMOUSLY
       - ALL data MUST pass an ETHICAL CODE VALIDATION by a majority (3 out   of  5 OR 4/7 OR 5/9 OR 6/11?) of positive KARMA JUDGES randomly chosen    within those currently logged on and available within the HIVEMIND (=random, distributed & temporary TRUST 'AUTHORITY', hence no risk of being abused by 'permanent' powers, hence the "Power corrupts; absolute power corrupts absolutely" common to hierarchies is successfully solved.)
    - ALL data sent SHOULD BE stored somewhere in the network, even if no verification was procedeed.
    - ALL data belongs to everyone/nobody after sending
    - ALL trusted/accepted data* SHOULD PERSIST in the network, even if a people of a small group of people wants to delete it.
    -  ALL trusted/accepted data* SHOULD BE EASILY REACHABLE, using keywords, a public key / Secure Hash Algorithm / Magnet URI scheme.
    -  ALL trusted/accepted data* SHOULD BE EASILY CONTEXTUALIZED within a distributed Wiki that mimics Wikipedia structure. i.e.: [TYLER]/wiki/Company_Name
    See "Distributed-wiki" project http://trac.i2p2.de/wiki/gsoc/ideas/apps/distributed-wiki
    See: Wooki Wiki: decentralized wiki on P2P network http://wooki.sourceforge.net/


    KISS Principle: Keep It Simple, Stupid!

"We need to design an USER-FRIENDLY software, so with a really simple interface that anyone non-computer-savvy can use and which works on all operating systems (including Android, ou  iOS)."
See: http://en.wikipedia.org/wiki/KISS_principle


    Main goals for TYLER: SIMPLICITY, SAFETY & TRUST.

A Conscentious insider has to be able to trust TYLER with his life before deciding to use it to leak their sensitive information on corruption and illegal deeds.
    If a choice between Anonymity & speed has to be made, speed will always come second.
    TYLER is also described as an "EXTREMELY SIMPLE interface, so that anyone can do it."

A Conscentious insider has to be able to trust TYLER with his life before deciding to use it to leak their sensitive information on corruption and illegal deeds. +2


    Kerckhoffs's principle:

In cryptography, Kerckhoffs's principle (also called Kerckhoffs's Desiderata, Kerckhoffs's assumption, axiom, or law) was stated by Auguste Kerckhoffs in the 19th century:

A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.

Kerckhoffs's principle was reformulated (perhaps independently) by Claude Shannon as:
"The enemy knows the system."
In that form, it is called Shannon's maxim. In contrast to "security through obscurity," it is widely embraced by cryptographers.

http://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

ERRORISM is fine: Goal is not "perfection" but to MOVE UPWARDS the spiral.

"To avoid stalling, we won't aim at 'perfection': errors happen...Everything is OK!

'Almost good enough' might be MORE than a 'good enough' mentality. Less Syntactics, More Semantics.

'Evolutionary Computing', 'Adaptative Thinking', 'Dynamically Adhocratic' and 'Mutating problem solving' are key elements here.

We    don't aim to find the 'best'  solution, as there might be infinite   ways  to achieve a single goal: we  aim to MOVE UPWARDS the spiral.

Or, in Herman Hesse's words:

"We    have learned a lot, Siddhartha, there is still much to learn. We are     not going around in circles, we are moving UP, the circle is a  SPIRAL,    we have already ascended many a level."

Taken from: http://pastebin.com/Wt15GXTn

How[Technical] :

- How to ensure that a content is not a bullshit ?+2

Coding a crowdsourced & karma based "TRUST AUTHORITY" into TYLER's HiveMind.

The users that the HiveMind TRUSTS the most will be those whom be awarded with the most karma. Karma = TRUST.

How do you earn good Karma?


    By proving that you are a Conscientious Insider (CI).

    - How?
        - By providing semantical authentication:

           "publish some kind of internal info that only people who might have    actually worked in that Company might know, in order to semantically    AUTHENTICATE you towards fellow leakers and colleagues.

           "Then other workers would know that you have actually been there, so     your level of TRUST for anything you might have to say about the    company  would be thumbed up by the very internal people to that    company.  External people to that company could thumb you up or down,    but that  wouldn't mean much, for their votes would have much less    weight, unless  they can prove they have actually worked there by    providing a NEW type  of environmental/semantical information."
           "the  users with the highest karma, as they have proved to be   reliable,  might  have more weight in the system, towards thumbing up  or  down  other users"

           "The karma based "Trust Authority" should be based in "epistemic     reliability". That is to say: any leak would pass the filter and be     published by default. Yet, there would be an internal karma based     ranking for each WikiTYLER contributor that would allow anybody     completely foreign to that Company to quickly sort out the leaks  based    on the "trustability" karma.

A    leaker would not only provide the internal evidence on     corruption/fraud but would it would be upon them to also disclose if     they worked there, for how long and so on. They could also provide     information regarding the physical environment / the servers rooms  and    so on, so that other Conscentious leakers can spot that  information  and   verify it as TRUSTED. They would get, say 100 karma  points for  each   member in the Hivemind that trusts them.

This    could be abused by bots / Artificial Intelligence agents / etc., of     course. DARPA has been heavyly busy building "social armies". Google     their project called "Social Media in Strategic Communication (SMISC)".
See also: Revealed:    US spy operation that manipulates social mediaMilitary's 'sock  puppet'   software creates fake online identities to spread  pro-American   propaganda.
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks

More brainstorming here: a possible solution might be to issue  semantical challenge-response queries in the way of CREATIVE tasks, in a  peer-to-peer way. In other words:

TYLER might include a Hivemind of "validators" that challenge potential leakers to pass
a quick Turing test. See http://en.wikipedia.org/wiki/Turing_test
 A    candidate leaker might  have to solve a certain creative task in  order   to tell them from a  machine. Say, compose a two line poem with  the   words "lurk" "evolve" and "countdown". Machines cannot  understand/solve   that. Humans do."
 Also:    CAPTCHAS challenges can be maliciously proxied to other humans,  (i.e.:   setup a free image hosting and use the humans that use it to  upload   images to solve CAPTCHAS that TYLER might present to potential  leakers.   Hence we MUST NOT trust them to be able to tell the  difference between  a  human and an AI.
 Challenges can be CONTEXT based    ((= compose a surrealist poem about Fight Club with the words "lurk"    "evolve" and "countdown", tell me a joke about TYLER or draw a simple    picture of a lion, etc., so that they cannot be meaningfully    (=semantically meaningful, context wise) proxied to other humans.    Obviously the goal is not that the poem be aesthetically beautiful but    that a human can judge that it was actually CREATED by another human.    (== #DARE2KREATE)


    By providing good information (=TRUSTABLE & VERIFIABLE) into TYLER.


Reddit-like importance rating?

    > The system could choose 5 "judges" randomly:
          - Step 1 : A judge receive a query (give query to another if no   decision within amount of time?). "Wants to be judge for this doc ?"
            - Yes (Goto Step 2)
            - No, or timeout (Another judge is choosen randomly)
        - Step 2: Chosen person judges the document, YES/NO
            - Yes (If 3/5 judges say YES, go to step 3A)
            - No (If 3/5 judges say NO, go to step 3B)
        - Step 3:
            - 3A:
                   Majority of judges voted yes. Document is accepted, now general users    can vote YES or NO in case judges were wrong. Enough negative votes    (~100?) remove the document from the main list.
            - 3B:
                   Document is rejected, placed into pile of rejected docs. General  users   can vote YES or NO in case judges were wrong. Enough positive  votes   (~100?) make it accepted to the main list. --> Good solution  if  malicious people suceeds to reject a good document in the rejected  list.

            See:
            http://en.wikipedia.org/wiki/Reputation_system
            http://en.wikipedia.org/wiki/Collaborative_filtering
            http://en.wikipedia.org/wiki/Reputation_management
            http://en.wikipedia.org/wiki/Honor_system

- How is "bullshit"=informational noise defined?


    "DOXA" = Beliefs & opinions. Doxa (δόξα) is a Greek word meaning common belief or popular opinion. See: http://en.wikipedia.org/wiki/Doxa

    Any information that that doesn't correspond to verifiable and factual data.

Scientific    method refers to a body of techniques for investigating phenomena,    acquiring new knowledge, or correcting and integrating previous    knowledge. To be termed scientific, a method of inquiry must be based   on  gathering empirical and measurable evidence subject to specific    principles of reasoning. See http://en.wikipedia.org/wiki/Scientific_method

- Should TYLER be abided by an ETHICAL CODE that the random judges in TYLER's karma based TRUST AUTHORITY will be guided by?

Yes.

With much power comes much responsibility.

Also:

"Every news organization has only its credibility and reputation to rely on."

- What should be TYLER's ETHICAL CODE?

To respect citizens PRIVACY by rejecting to publish information that invades the privacy of individuals.

"Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance." Bruce Schneier

Also, this privacy requirement for citizens MAY not apply precisely to those in power:

"When a man assumes a PUBLIC TRUST,
he should consider himself as PUBLIC PROPERTY."
Thomas Jefferson

See: The Philosophy behind Freenet, by Ian Clarke
        https://freenetproject.org/philosophy.html

See: http://en.wikipedia.org/wiki/Privacy
        http://en.wikipedia.org/wiki/Information_privacy
        http://en.wikipedia.org/wiki/Internet_privacy

See: http://en.wikipedia.org/wiki/Objectivity_%28journalism%29
       http://en.wikipedia.org/wiki/Journalism_ethics_and_standards
       http://en.wikipedia.org/wiki/Media_ethics

- How to avoid robots/scripts ?
    CAPTCHA or other difficult challenges for machines
    Maybe you have to have some sort of invite code or something, that only RATs know?

- How to make data available everytime ?
        - Duplicate !
        - Divide (and conquer)

           May be there should be some sort of sub-system that is run by m0ds    where people with leaks can request an invite code where they can  input   to upload
        WE DON'T WANT SHITTY/NON-VALID LEAKS, the fuck is the point of that?

           Not trying to create a difference in power or anything, but it is    important that the leaks are legitimate. Maybe some sort of proof/logs    of the origin of the leaks? Only trusted members should be mods, this    system can and will fail if we do not choose wisely.-1

    Something else to consider: who gets to be a mod? What if mods become corrupt? Non-mods moderate the mods in that case?-1

         Nobody should get to be a mod but, at much, a temporary jury.

            Reason: in order to minimize abuses by 'Power', we shouldn't rely on     'permanent mods' or in 'trusted members', for, as someone has  rightly    pointed out, Power corrupts and absolute power corrupts absolutely.

        A nice way to minimize 'corruption by power' would be by making that power/authority temporary.     I.e.: to issue a temporary ticket/token to a random set of validated     humans to act as a temporary jury whose limited mission is to     temporarily approve that a certain leak submission passes TYLER's     Ethical Code, in order to flag it accordingly.+2


    What happens if leaks cannot be traced to proof? For example, no photo/video/audio/transcribed docs to indicate legitimacy.
    That would be fine, yet, that would be flagged    in the leak entry, and that would be reflected in a kind of karma for    the corresponding TRUST for each leak, according to the validations  of   the HiveMind.

How [Dev]

Laws :
    - Portable (should work without system install)
    - Lightweight (30 MB MAX with potential plugins)-1
       30 Mb might be too much. We should consider TYLER to fit    steganographically hidden in a non suspicious JPG/PNG or an MP3 (see "Plausible deniability"    below) that a potential leaker could either carry with her or  download   from the net (successfully bypassing all firewall security  policies  like  this), and then unwrap it locally, execute it (inside a  sandbox?)  and  then, once the leaks be uploaded, it would securely  delete itself   forever. If TYLER is going to be an "extremely simple interface" then it might be only a matter of coding a sort of universal wrapper + a Trust Authority + a distributed Wiki to sort all leaks. So, let's say, 500kb-1Mb MAX? <-- way too small, may not be possible.
    See discussion below.

       - For people without admin (Windows7) i suggest that a guest/normal    should be able to use this. ie two points above this one, no sysinstall.

- ! Use I2P : http://www.i2p2.de/ (SAM seems good to easily open anonymous communcations, so I can create/adapt a C/C++ library for V3)
i2p , i think we on t expect I2p
- ? Use Tahoe-LAFS for more large files (video/audio) : https://tahoe-lafs.org
      --> But need to preserve anonymity  (when i2p is used as the   transport layer with tahoe-lafs that solves it  more or less [i2p+tahoe   exists and is implemented, and deployed]) --> Interesting
http://killyourtv.i2p/tahoe-lafs/  (currently have about 20 nodes inside i2p would be nice to see tyler use it and / or syndie too, see below)
[disagree] Tahoe-LAFS is only anonymous when combined with i2p. Why not just use i2p if we want this?

See also : Syndie -> http://syndie.i2p2.de/

-   Or ... from scratch ?  --> IMO it's better to unify what is  existing  already with  "application layer glue" instead of reinventing   cryptographic transports  and fragmenting cypherspace further. That   would be the case if we use Tor/I2P/Freenet APIs <--- syndie does   that for us (or rather it attempts to do so)

Maybe    a TOR/i2p network that forces the leaker's ip to be hidden/spoofed.  No   one should know where the leak came from, only whether it is a  real  leak  of not.

Specifications :

Features :
 - ability to run live, leaving no forensic trace. (conceal & carry)+1

     Consider the possibility of the WHOLE system running in RAM memory.

    See note on TELEX above: they have a very interesting approach on using Public Key Steganography to circumvent censorship.

     http://scholar.google.com/scholar?q=public+key+steganography
 -have self-destruct mode (instant dban of the device it runs off of. (if discovered)
 -should masquarade as a common process, as to not alert authorities. (injection technique)
 -language translator (global standing)
 -have    self-check mode upon startup - checks against the source code for a    specific number of online users (5 or so). Ensures that the version is    not modified, hacked, or a trojan before being allowed onto the    hivemind. Automatic hivemind rejection system which will block any    modified TYLER. +2

- Maybe we should make a whole package that includes:
                  - a live CD boot for people who need to access files which they    wouldn't necessarily be able to access in normal circumstances.
                  - Maybe we should just make our own distribution of linux aswell, one    with TOR/i2p/TYLER etc etc, from that Linux one should be able to   access  all of the Windows sys files.

               I you guys want, i can help with this... (I'm not brilliant at network programming.)

 Think about self discovery.  Think about self expression.  Think about self sacrifice.

 Most important:  EVERYTHING IS A DOUBLE EDGED SWORD.+1
 -

Communications:

If    a potential leaker inside a protected & firewalled network cannot    carry in or out of the company a USB key, the leaker could try to   upload  it straight to TYLER from inside the company network. But the   leaker  might have difficulties bypassing firewalls/IDS security   policies and so  on. Even worse, if he tried to "test" communicating   with TYLER, he  might be setting off the alarms as a potential leaker   about to leak.

There are several ways to bypass firewalls & IDS:

1. http://en.wikipedia.org/wiki/Covert_channel
"a covert channel    is a type of computer security attack that creates a capability to    transfer information objects between processes that are not supposed  to   be allowed to communicate by the computer security policy. "
2. http://en.wikipedia.org/wiki/Timing_channel
"A timing channel is one example of a covert channel    for passing unauthorized information, in which one process signals    information to another process by modulating its own use of system    resources (e.g., central processing unit time) in such a way that this    manipulation affects the real response time observed by the second    process."
3. PUBLIC KEY STEGANOGRAPHY.    This is a novel and extremely interesting approach. Basically, the    client and TYLER negotiate a certain "code" (i.e.: I'm going to send   you  11 ICMP packets: that means the firewall is not going to inspect    unsuspiciously looking traffic. You only check one every three ICMPs   for  a certain flag, and we can build and arrange a certain binary code   from  there. Then we start communicating. (Just a simple example).
No IDS/Firewall can check for this. If implemented properly, this should be virtually undetectable: total stealth mode on.
For a very interesting approach on using Public Key Steganography, check TELEX, already cited above and now here too:


    TELEX:


"Telex     is a new approach to circumventing Internet censorship that is      intended to help citizens of repressive governments freely access     online  services and information.  The main idea behind Telex is to     place  anticensorship technology into the Internet's core network      infrastructure, through cooperation from large ISPs.  Telex is    markedly   different from past anticensorship systems, making it easy    to  distribute  and very difficult to detect and block."

Paper: Telex: Anticensorship in the Network Infrastructure
By Eric Wustrow,     Scott Wolchok,     Ian Goldberg and     J. Alex Halderman
         To appear in Proc. of the 20th      USENIX Security Symposium, August 2011.

https://telex.cc/

(note: TELEX has a very interesting approach on using Public Key Steganography to circumvent censorship.
http://scholar.google.com/scholar?q=public+key+steganography
See also:
http://www.phrack.org/issues.html?id=6&issue=49 - Project LOKI
http://www.phrack.org/issues.html?issue=51&id=6 - Project LOKI2. The Implementation.)


 Possible "simple solution" for TYLER (following the OSI Model):
Piggyback Syndie

 (Application Layer) Tyler,    the top layer UI, is in charge of being what the user sees and    interacts with, user submits content via the UI and it gets passed to    the Presentation Layer where it is packed and prepared for transport
 (Presnetation Layer) standardized    format with cyptographic signatures, checksums etc used to package    content, implementation details, format is not important YET, must be  a   standardized format.
Details aren't important, but this layer is "our" layer, so the quality of Tyler will depend mainly on theses decisions.

 (Session Layer) no real need for one?
 (Transport Layer) syndie,    it is by nature meant to be network agnostic, using the syndie   protocol  would take away from the hardships of implementing new   transports, let  syndie care about interfacing with tor, mixmaster, i2p   etc.


tl;dr for yellow stuff:
decide on a common cryptographic format for messages and piggyback on syndie.

Tyler    would be the UI that would package and unpackage data in a common    cryptographic format that would be transported via syndie


--> Study Syndie : Someone has the source code ?

HOW TO GET SYNDIE SOURCE CODE :+1

Prerequistes :
- Have I2P installed on your computer.
- Download "mtn" (Google it, or check-it with your Package management system : apt, pacman, etc)
- Start "mtn" tunnel on your pannel (http://127.0.0.1:7657/i2ptunnel/)

mtn is a CVS-like (like git and svn)

mtn -d i2p.mtn db init
mtn genkey <mail_or_fake>@mail.i2p

SYNDIE source code is on I2P mtn repo :
With I2P installed (and mtn relay activated) :

mtn -d i2p.mtn pull 127.0.0.1:8998 i2p.syndie
mtn -d i2p.mtn co --branch=i2p.syndie


Data format :

(ideas) We can distinguish two data formats :
    - Plain text/html (light)
    - Binary files (pdf, videos, audio, etc)

      - Use PGP signed and encrypted file that can be mounted locally as a   file system (TrueCrypt+GPG?)  <-- sounds like redundant encryption,   multilayer maybe but in the  end you'd need to figure out a way to   package the keys for multilayer  crypto.

      I.E. vfat partition as a file that was encrypted by gpg.
       - Possible problem: cross platform compatibility, (need a good    filesystem that every OS can mount. maybe FAT32 since things will not   be  too large and message size will be an issue due to using transport    layers that are slow)

    rProxy might be useful aswell

    Features of RProxy:


    HTTP    pipe-lining to reduce connection overhead to a downstream (this   reduces  latency of a full handshake per-request to a downstream)

    Easily take downstream servers out of rotation.

    Various methods of load-balancing client-requests to a downstream.

    Full SSL support:

    TLS False start

    x509 verification

    Certificate caching

    Session caching

    All other commonly used SSL options

    Transparent URI rewriting.

    Various X-Header configurations including options for added extended TLS fields.

    Upstream and downstream thresholding (to reduce memory for slow/blocking downstream connections)

    Per-downstream backlog, and backlog timeout management.

    Flexible logging configuration.

    Optional memory optimizations on systems which support mallopt()

    Very low memory usage with optimal configuration.

    It’s really @#$@#$r* fast.


source code for Rproxy here https://github.com/mandiant/RProxy/downloads

Talk to TYLER when you have an idea so dangerous you can't share it with anyone else
Register TellTyler.com -5
Reason:    TYLER doesn't need to depend upon any one site/person, specially not   on  any dotcom = certainly would be censored. "Distributed" means   precisely  that.
centralized = bad idea

SPECIFICATIONS :

Interesting eMule specs : http://www.cs.huji.ac.il/labs/danss/presentations/emule.pdf
(good thing to keep in mind with eMule is that they have it on i2p as well)

Use cases (ideas) :

Offline mode :
When an user wants to grab some data, he will launch TYLER from its USB key (ie), and he will choose files/folders to grab.
Files and folder will be locally stored in the USB key (ie), but encrypted by a user-defined password.
Files SHOULD never be unencrypted.


Online mode :
When TYLER is in online mode file sharing is enabled via P2P protocols (we have to abstract I2P/Tor/Freenet layers).
Files or chunks should also be encrypted during transfers.
Example with an I2P transport :
- Local grabbed files/leaks are encrypted with the user password (in a local db)
-    When file is sent to another peer, it will be decrypted using user    password but immedialty reencrypted depending on the protocol (here,    with I2P public key).
-    When the receiver receive chunks/file he will decrypt it with peer    public key (sender) a immediatly reencrypt it locally with his own    password

Any    user can choose to decrypt one or some local files with his own    password, but I can be dangerous, and should be done only on HIS    computer.
TYLER    should provide user-friendly interfaces to decrypt files and display    them in RAM (not on hard drive disk) for better security.


Proposed cryptogaphic container specs:


PGP signed (optionally encrypted) tar.xz archive with structure as follows:
   message/ -- contains the origional file(s) that are sent
   manafest.json -- manafest file, contains checksums and metadata(? maybe not needed ?)
   reply/ -- holds the pgp signature of each file that is "agreed with"
   comments/ -- holds general comments of the origonal files

how it could work:
   ~ files can be targeted  to a specific set of users if needed
   ~ to post a tyler message you post in the given format on the syndie network or any other network.
      ~ public key identities can be tallied and tracked, a leaderboard of    "identity newness" can be established to keep track of karma.
   ~ any user can compute the current karma of a user given that all the posts are still archived.
      ~ to +1 a post you'd replay the message and append a pgp signature of    each file in the original message that you agree with in the reply    folder of the new archive

it    now looks more like automating a cryptogarphic format with a gui.    basically a gpg wrapper using anonymity networks (just like it should   be  done). It could be done in bourne shell at this point. +1+1

It    is good that this be the case, for this way it can benefit from    years-long tested projects and technologies such as I2P, Tor, GPG,  etc.   Actually most of the really delicate work security wise  (=cryptography   implementation) has been developed already.

If we want TYLER to be an "extremely simple interface" then it might be only a matter of coding a sort of universal wrapper + a Trust Authority + a distributed Wiki to sort all leaks.

This    has the added benefit that it could potentially be extremely    lightweight. Not only it could fit in a USB key: our goal SHOULD be   that  it could EVEN fit steganographically hidden inside a non suspicious PNG/JPG image or inside an MP3    that a potential Conscientious Insider (CI) might either carry with   her  or download from any non-suspicious hosting site and then unwrap    locally, execute (inside a sandbox, so that it be untraceable?), leak    data and then securely delete forever.+9001

Plausible deniability

i.e.:

"In cryptography and steganography, deniable encryption    is encryption that allows its users to convincingly deny  that some    specific encrypted data exists, that a given piece of data is     encrypted, or that they are able to decrypt a given piece of  encrypted    data[citation needed].  Such denials may or may not be genuine. For example, although     suspicions might exist that the data is encrypted, it may be    impossible  to prove it without the cooperation of the users. If the    data is  encrypted, the users genuinely may not be able to decrypt it.    Deniable  encryption serves to undermine an attacker's confidence    either that data  is encrypted, or that the person in possession of it    can decrypt it and  provide the associated plaintext.
Normally    ciphertexts decrypt to a single plaintext and hence once  decrypted,    the encryption user cannot claim that he encrypted a  different   message.  Deniable encryption allows its users to decrypt the    ciphertext to  produce a different (innocuous but plausible) plaintext    and insist that  it is what they encrypted. The holder of the   ciphertext  will not have  the means to differentiate between the true   plaintext, and  the  bogus-claim plaintext."

See:
http://en.wikipedia.org/wiki/Plausible_deniability
http://en.wikipedia.org/wiki/Deniable_encryption
http://en.wikipedia.org/wiki/Rubberhose_%28file_system%29

What about using and adapting OpenPuff steganography tool

http://embeddedsw.net/OpenPuff_Steganography_Home.html

Supported formats : Images, audios, videos, flash, adobe.
Layers of security : Data, before carrier injection, is encrypted (1), scrambled (2), whitened (3) and encoded (4).
Layer    1 - Modern multi-cryptography : A set of 16 modern 256bit   open-source   cryptography algorithms (chosen from AES Process   [1997-2000], NESSIE   Process [2000-2003] and CRYPTREC Process   [2000-2003]) has been joined   into a doublepassword multi-cryptography   algorithm (256bit+256bit) :   AES / Anubis / Camellia / Cast-256 /  Clefia /  FROG / Hierocrypt3 /   Idea-NXT / MARS / RC6 / Safer+ / SC2000  / Serpent /  Speed / Twofish /   Unicorn-A
Layer    2 - CSPRNG based scrambling : Encrypted data is always  scrambled to    break any remaining stream pattern. A new cryptographically  secure    pseudo random number generator (CSPRNG) is seeded with a third    password  (256bit) and data is globally shuffled with random indexes.
Layer    3 - CSPRNG based whitening : Scrambled data is always mixed  with a    high amount of noise, taken from an independent CSPRNG seeded  with    hardware entropy.
Layer    4 - Adaptive non-linear encoding : Whitened data is always  encoded    using a non-linear function that takes also original carrier  bits as    input. Modified carriers will need much less change and deceive  many    steganalysis tests (e.g.: chi square test).

Features of OpenPuff
OpenPuff is a professional steganography tool:

    HW seeded random number generator (CSPRNG)

    Deniable steganography

    Carrier chains (up to 256Mb of hidden data)

    Carrier bits selection level

    Modern multi-cryptography (16 algorithms)

    Multi-layered data obfuscation (3 passwords)

    X-squared steganalysis resistance

Unique layers of security and obfuscation:

    256bit+256bit symmetric-key cryptography with KDF4 password extension

    256bit symmetric-key data scrambling (CSPRNG-based shuffling)

    Data whitening (CSPRNG-based noise mixing)

    Adaptive non-linear carrier bit encoding

OpenPuff supports many carrier formats:

    Images (BMP, JPG, PCX, PNG, TGA)

    Audio support (AIFF, MP3, NEXT/SUN, WAV)

    Video support (3GP, MP4, MPG, VOB)

    Flash-Adobe support (FLV, SWF, PDF)

OpenPuff is a portable/stealth software:

    Native portable structure (no installation, registry keys, .ini files)

    Runs in user mode with DEP on

    Multithread support (up to 16 CPUs) = Faster processing

OpenPuff is freeware!

    Spyware/adware-free

    Fully redistributable

    OpenSource core crypto-library (libObfuscate)


Source Code
http://embeddedsw.net/libObfuscate_Cryptography_Home.html
Source
http://embeddedsw.net/OpenPuff_Steganography_Home.htmlhttp://embeddedsw.net/OpenPuff_Steganography_Home.html


Syndie route:
PGP   Signed archives -> distributed wiki (how)? [disagree] Freenet   already does this with hg. We don't need another distributed wiki. Then   what IS Tyler if not a distributed wiki? I assumed that is what is  being  worked on, as that is what is being advertised.


IDEA 1: TYLER as an anonymous DVCS

Possible suggestions:
~ patch files for text ( could mean that tyler could be used to do more than just a wiki it could be a dvcs that holds a wiki)
~ placing media could be done via inline/included base64 datablobs (could include encryption but that would be client side)
[disagree] Freenet already lets you use hg and insert into the network

IDEA:
- We need a way to stop trolls from trolling the pads.
Time tested interwebz way of dealing with trolls: IGNORE & focus.
Keep local copies of the Pad, rebuild and keep going with 108% commitment, STEALTH mode on. http://i.imgur.com/PT2b3.jpg +1+1
"No Fear. No distractions.
The ability to let that which does not matter truly slide."
http://i.imgur.com/E61is.jpg


We are Anonymous
We are Legion
We do not Forgive
We do not Forget
It is to late to Expect Us


 Attention all anons:

 I2P has had an anonymous non shitty version of tyler deployed since jan/feb 2012
 the setup is not SUPER simple or SUPER hard but it is miles more robust and expandable
 most importantly it does NOT have the flaws that RS does with non anoynmous f2f.
 you don't NEED a vpn but if you choose to you can if that makes you feel better.

 i2p + tahoe is anonymous distributed redundant fault tolerant storage of data
 perfect for leaking relatively small files like html documents docx pdf and png/jpg
 NOT huge mp4 videos and such, use i2p torrent system for that.

 it is using PROVEN TO WORK GOOD software https://tahoe-lafs.org/
 working inside a pretty damn good p2p anonymizer https://www.i2p2.de/

 Why not Retroshare?

 * Retroshare's F2F provides 0 anonymity, in theory it sounds good, in practice it's hell  VPNs make a papertrail and you go to jail if they want to find you
  ( think facebook style social mapping + bittorrent + financial records of you having a vpn == you go to jail )
 * Retroshare (2006) is relatively under developed compared to i2p (2003) and tahoe-lafs ( a riff off of mojo nation, 1980s and before )
 * Retroshare isn't geared towards revolutionary type users like tor and other anonymizers
 * Bots

 pre-requsites:
 * ubuntu or other linux / unix
 * i2p
 * brain


 guide:
 http://killyourtv.i2p/tahoe-lafs/install
 clearnet link:
 http://killyourtv.i2p.in/tahoe-lafs/install

 for additional (possibly live) assitance:
 while i2p router is on connect to localhost port 6668 with irc client
 channels: #tahoe-lafs #i2p #i2p-chat #torrents #anonops (for faggotry)


 and yes, i2p's ui sucks balls, and yes,  it's getting worked on.
 and no you can't have any pot brownies they are ALL MINE!

 once tahoe+i2p is set up visit this link:
 http://127.0.0.1:3456/uri/URI%3ADIR2-RO%3Aixlxe44vhuzeqbrpghqzivnh64%3Ak24e35hdhiuv4wzhv7s4ydapjjdu5hyii6uu56e2muflmksp7f2a/index.html
 it has much info about this project and other softwares that go with it that enhance the user experiance

 be warey of non anonymous networks with their non-existant promises of hope and security
 be sure to also hate me for exposing some inconvienant truths at a very bad time for you guys