How so? It's an interesting story, for sure, highly interesting, but how does this affect the crypto scene? (Honest question! I am not exactly an expert in cryptography or the sociotope around it.)
>>"He was particularly protective of Le Roux’s birth mother, making me promise not to reveal her name. “Sad and interesting story,” he said. “His real mom’s mom is married to a U.S. Senator.” When I asked him who the Senator was, he said, “That I can’t say, mate. That’ll get me shot.”"
It'd be the daughter having the child in another country in the early 1970s.
I guess there is a good chance that there is no paper trail and a very small number of people that know any details and are still alive (because it happened 40 years ago, not because of anything nefarious).
I suspect this information would actually be really hard if not impossible to track down. The actions of D-list celebrities, and I am not even sure a senator's daughter would qualify that high, in the 1970s is not reported like it is in today's 24/7 news cycle.
And, I can't imagine international flight passengers were tracked that closely either, much less stored for over 40 years.
Not openly, but let's say some powerful people have powerful friends in government, who both have troublesome enemies. If those troublesome enemies were no longer a part of the picture, things would work out so well for everyone, don'tcha think?
I'm not sure I'd take that assertion at face value. It seemed to read more on par with something like "I took my moms car for a ride, if she finds out, she'll kill me" kind of hyperbola. Could be wrong, since there are arms dealers involved, but still, I don't think they rub people out like that and risk exposure.
You are assuming the violence would be carried out using senatorial powers. Senators are generally very wealthy people, and it doesn't take that much money to hire someone to kill another person[1].
Yes and no. My hesitation was twofold. On one side, there was the thought that if there was tracking, it could flag something, but I viewed that as mostly an irrational fear, since I doubt there's any other indicators I put out, and I doubt I'm worth following that closely.
On the other, it's just kind of embarrassing if I had to explain why that showed up in my search history if for some reason it was exposed. That's also an irrational fear, since there's no reason anyone I know would see it, but I generally try to error on the side of caution when it comes to privacy. Really, I was thinking "I hope I remember to look up this comment if this ever comes up for any reason, because that could be awkward..."
That is average. Since no one will investigate the death of a some low level guy with criminal history (just gang warfare for redistributing the market) I guess you could find them on the low end. And that leave some bigger sums for the high profile targets.
I met all kinds of people living in one of the murder capitals of the U.S. from public events to parties to tattoo shops. Some we know just don't bullshit. All I'll say is that I was told the hits are cheaper than new cars with the kills themselves dirt cheap. Most of the money goes to people in positions that determine what the courtroom or media will see. Lots of missing persons, etc aren't what they appear. I didn't ask for more information.
Far as Senators, they have bulletproof PR, low likelihood of prosecution, and ties with LEO's. They'll just ignore someone's claims, have legal action taken in a legit-looking way, or have LEO's harass the person. The latter tends to cause mental wear that makes the source's writings and actions become more erratic over time. They are dismissed as having mental illness. People are only killed when it's a straight-up blackop that they're also a serious, persistent threat to. That's rare given the selection process, planning, and field experience of those involved in such work.
So, I'd say the numbers on contract killing aren't relevant here. It's possible but unlikely. The only exception is those like Feingold deep in defense-related matters. An overlap between dirty Senators, money, and black ops has risk or results I could only guess at. I won't bother.
What a blanket statement with no backing. Do you mean in their official capacity? If so, state this. Do you mean they don't have the unofficial connections? If so, you're out of your mind.
He was born in '72, it's reasonable to assume that his birth grandmother was born around 1930, and that either she was of Rhodesian citizenship or her daughter was a missionary.
It took me five minutes on Wikipedia and NNDB to narrow the possibilities down to only four senators; the rest are women, too young, married too late, or only had sons.
So he dropped TrueCrypt and told everybody it was insecure when he was picked up by the feds, fearing that they would try and force him to open a security hole? Wow.
The article is unclear as for whether he was still involved with TrueCrypt by the time they got him though. It sounds like he had quite a lot going on to even care for TrueCrypt at that point.
Sure, but he can't assume that his captors are rational. They might very well blackbag him to some undisclosed dungeon and work him over until he convinces them that he doesn't have commit access. (Which duration might exceed his remaining lifespan, in such conditions.)
> Lulu told me that when Le Roux was 15 or 16, in the late 1980s, the local police raided the family home and arrested Paul for selling pornography online.
This seems a bit odd to me, having lived in South Africa at that time. There's almost no way a guy at home would have had that kind of access in Apartheid South Africa to the internet back then. There was access, but it was through big companies or academia and on a very controlled level.
Here's a quick rundown of internet access in South Africa during that time period from Wikipedia. From experience, it is accurate.
> The first South African IP address was granted to Rhodes University in 1988.[1] On 12 November 1991, the first IP connection was made between Rhodes' computing centre and the home of Randy Bush in Portland, Oregon.[2] By November 1991, South African universities were connected through UNINET to the Internet. Commercial Internet access for businesses and private use began in June 1992[3] with the registration of the first .co.za subdomain.
You might bring up stuff like BBS, but that was not around in South Africa until after 1990 also. You could technically have imported hardware and connected to a BBS in USA, but the costs involved and control of the only Telecoms operator allowed in Apartheid South Africa (Telkom) would have been unaffordable. Especially for Krugersdorp. I doubt you'd get some kind of USA led local police raid for pornography in Apartheid South Africa either. The whole thing would need some serious evidence.
I can confirm. My gran still has (she's not using it) her original TV bought around the time. From the stories my parents tell the SABC (think BBC) initialy broadcast a test signal and the early adopters would crowd around their TVs just to watch that.
To run a BBS you need nothing more than a C64, a 300 bps modem and a phone line. Also, I'm not sure if you know anything about phone phreaking but in the 80s it was pretty much the preferred method of connecting to BBSs internationally.
Yes but from a teenager in Krugersdorp? And South Africa did not have such easy access to the international telephone market. The country was in the middle of economic sanctions at the time - international calls had to be placed through a switchboard with the government run telecom monopoly provider - Telkom. They also cost a literal arm and a leg for a couple minutes and were heavily monitored by the Apartheid regime. An actual police state.
I didn't vote, but my guess would be that this is a me-too comment, which the community discourages. If you wish to echo a parent comment, it's expected that you add a significant contribution.
In Krugersdorp in the late 1980s? And the police were on the case - both in terms of being tech-savy enough, and not having more pressing concerns? (1)
Let's say that it's an extra-ordinary claim and we'd like a little more weight behind it.
The police likely intercepted material delivered via regular post, and worked their way up from there. No need to know how something was ordered, as long as selling it is illegal.
I'm not sure if there were additional barriers to blue-boxing out of SA, but I know people went through SA...
"In the Esquire article, Captain Crunch narrates excitedly to his interviewer Ron Rosenbaum the process by which he connected a single long-distance call via switching stations across Asia, Europe, South Africa, South America and the East coast until he reached a specific telephone in California."
Depends how much chance you have to lose yourself in an internal SA call to one or more SxS COs before the overseas hop, you could be pretty hard to catch. But, if there wasn't a lot of international traffic they could just snoop on the overseas hop and figure out who you were.
Look for "Region,49" and you'll see a small number of them, but they were in Port Elizabeth, Cape Town, and Johannesburg.
Whether they could actually dial out to the rest of the world is open to question, but they would have needed to at least be accessible from the outside world for them to even be on FidoNet in the first place.
There probably weren't many such teenagers who did that. However, the likelihood that a particular such teenager did that, given that said teenager later wrote popular security software, seems pretty high.
Wealthy kids have access to toys others don't I knew what a modem was and why I wanted one long before I actually got my hands on one, because I'd seen American teenagers using them in movies, eg War Games in 1983 (which I rewatched recently and was rather surprised to find it still holds up for what it is). Also, there may have been no need to call internationally. When I was into home and later business computers as a teen in the 1980s in Ireland (which was then as economically benighted as SA for quite different reasons) things like porn, bbs software, and lists of 'interesting' phone numbers were circulated on floppy disks; I ran a safe stash out of my school locker because the teachers thought I was too nerdy to be mixed up with the 'delinquent' kids. A single sided 5.25" floppy seemed like oodles of storage space back in those days XD
I don't find this claim so remarkable, though it's certainly possible that the details are fuzzily remembered nearly 30 years later.
First time I saw a modem in SA was on a farm in the (late) 80's in the Karoo. I was from Jhb. Krugersdorp doesn't look that insane to me! I used to get Amiga stuff from an acquaintance who ran a BBS around '90 and regularly connected overseas. He had some trickery he used to get around phone bills, police state or not.
I used to attend computer science classes in Vereeniging on Mondays after normal school. It was at another school, and I had to travel about 70km to get there. I did them from standard 8 to matric, 1986 to 1988, and in 1987 we dialled into something and connected to someone in New York, I think it was. I wasn't all that into it so probably missed a lot of the detail, but it was a big deal for the school. And clearly it was possible.
There was a small community in South Africa that used to connect to the Internet around that time by dialing into X.25-connected modems. These seemed to be owned by banks or insurance companies, and would allow break-outs to US modems that allowed local calling to ISPs. The information about the numbers and credentials were shared on local BBSs.
I agree. I used to do the same from France. Got me a a HELL of a lot of trouble in fact, as I've racked up a huge X25 bill with one company, and accidentally registered under my real name to a texan BBS that was later involved in the Hacker's Crackdown.
Also, on the note of 'porn online in the late 80's' is probably impossible, as there were no digital cameras, no scanners to speak of, and the only 'porn' you'd have found would have been rare, and very, very data intensive for the days. I know. :-)
And /most/ countries police forces had absolutely no clue whatsoever about 'online', 'computers', 'modems', 'internet' and 'keyboards'. I know the french didn't!
He could have been selling actual magazines and tapes, rather than digital files. As I'm sure you remember, snail mail orders were part and parcel of the BBS world for all sorts of things.
>> late 1980s [... ]arrested Paul for selling pornography online
> This seems a bit odd to me
Understatement of the week. As you say, it wouldn't have been on the Internet. I know nothing about the South African BBS scene of the time but it would have been very small. And selling pornography online? How would you even have gone about that? That would have been cash transactions down in the corner. For downloading porn at 1200 bits per second.
Back in the day, before video streaming or video downloading I used to buy anime fansubs online. I sent in a check to someone and they mailed me VHS tapes.
It's more likely he was using the "internet" to sell VHS tapes. Most probably via the form of Internet known as Beltel (I worked on Beltel for a while) and that is quite plausible.
There were a few that were around during the late 80s, so it's plausible that there may have been BBS catering to porn. But to sell it via BBS during the late 80s? From Krugersdorp? No ways.
The people who were really in the know about stuff like this were guys like tKC from The Phrozen Crew, and in his own words, he only started catching onto BBS in 1991.
I question the accuracy of the BBS list. There are some on there that are dated 1992 that I'm quite sure I was connecting to at 300 baud earlier than the dates given.
Could someone post a one or two paragraph TL;DR for people in here who don't have the time right now to read the entire piece? You can reasonably assume we do already a) know what tcrypt is, and b) know about the discontinuation annoucement almost two years ago.
May the upvotes then be with you.
Really the only "big" information presented is that Paul Le Roux, a man arrested recently by the DEA, is very very likely the same person who was the early leader of TrueCrypt. It discuses his background a lot - he was an extremely intelligent child and teenager, who started shady business practices as early as 16 when he was arrested for selling porn. He was rather poor and led a shaky life in his early twenties, and had a fairly strong anti-authoritarian belief, which is what led to his interest and development of TrueCrypt (and its predecessor projects that laid the foundation for TC).
He eventually started his pharmaceutical business and made hundreds of millions of dollars. According to sources, he became gradually "darker" as he got more money, including allegations he had people killed. And then recently he was arrested by the DEA.
The article got most of its information by a supposed relative - the reporter is convinced it's legitimate because of how much they know about Paul and their access to documents a non-family member is unlikely to have.
The other interesting new information is that his biological mother (edit: grandmother) is the wife of a US senator, but there's nothing to really collaborate that other than the word of the anonymous soruce.
There is no new information about the discontinuation of TC in this article. The article says that Paul disappeared from the crypto community (at least, under his own name) at about the time he started his pharma company (2004), but implied that he had worked on TC for the decade leading up to 2004. The anonymous source also said he "switched" to the pill selling, perhaps suggesting he left the TC project around that time in 2004.
If I had to guess, whoever was funding the TC developers stopped funding them. And the developers decided to move on with their lives, having worked on it for 15+ years, and possibly largely only doing so because they got paid. The "TrueCrypt is not secure" message was probably to imply that a lack of updates wasn't because they were confident they weren't needed, but rather because it was no longer maintained.
>The final "big" bombshell is that his biological mother is the wife of a US senator, but there's nothing to really collaborate that other than the word of the anonymous soruce.
His biological GRANDmother is supposedly married to a senator.
Given that this is part 3 of a series about a drug-lord, I suspect that the author is hinting/leading us to think that the "unknown financier" is Paul Le Roux, without blatantly stating it. (either as a teaser for part 4, or because there's not enough dots connected yet).
4chan is a shithole without a visible record... reddit on the other hand not only has a record it has meritocratic system aka karma that promotes harassment and internet trolling "just for the lulz and karma"
It's probably just that more people have heard of reddit and can easier relate to rather than 4chan. Although it's probably unfair - I am using reddit for a few years and they have tons of amazing communities and le reddit army (swatters, Boston bombers, etc) are amazingly easy to miss unless you're looking for them.
I think it's funny that both of those sites seems to get represented by a more vocal and publicly visible subset of their users, and in 4chan's case by a slightly unfair-seeming set of associations between anyone using the term "Anonymous" (despite the fact that Anonymous is simply a name that one can take up without it implying any real link to a group), the one board out of many that is apparently implicated in anything "Anonymous" does, and the site as a whole.
"Shortly after TrueCrypt version 1.0 was released in February 2004, the TrueCrypt Team reported receiving emails from Wilfried Hafner, manager of SecurStar, claiming that Paul Le Roux had stolen the source code of E4M from SecurStar as an employee. According to the TrueCrypt Team, the emails stated that Le Roux illegally distributed E4M, and authored an illegal license permitting anyone to base derivative work on E4M and distribute it freely, which Hefner alleges Le Roux did not have any right to do, claiming that all versions of E4M always belonged only to SecurStar. For a time, this led the TrueCrypt Team to stop developing and distributing TrueCrypt" - https://en.wikipedia.org/wiki/E4M
He's pretty much a Bond villain from those articles, like the UN claiming he funded militias in Somalia to harvest hallucinogenic plants and shipping arms to Liberia.
Probably would've made the same amount of money charging for TC premium support instead of building a pancontinental empire of mercenaries and arms trafficking.
Lord of War taught us such people won't enter such businesses because the "margins are too small." I'd also guess it's not as exciting and brings in less attention from the ladies.
'Arms dealer': one who sells arms. The point he is making is that, regardless of what is considered legitimate, both this individual and the U.S. government are, by definition, arms dealers.
Agree, US is not a "dealer" they're an "exporter" -- and no one selling weapons for a government would ever offically refer to themselves as an arms dealer.
This article is actually part 3, the first two detail his arms dealing a little bit, but like someone else mentioned, he's a very well-known arms dealer with direct links to several murders.
Looking at the article again I realize the headline here may be incorrect. It is not proven that Le Roux wrote TrueCrypt, but he definitely built the foundation for it.
> Hafner and his SecurStar colleagues suspected that Le Roux was part of the TrueCrypt collective but couldn’t prove it. Indeed, even today the question of who launched the software remains unanswered. “The origin of TrueCrypt has always been very mysterious,” says Matthew Green, a computer-science professor at the Johns Hopkins Information Security Institute and an expert on TrueCrypt who led a security audit of the software in 2014. “It was written by anonymous folks; it could have been Paul Le Roux writing under an assumed name, or it could have been someone completely different.”
tl;dr: the article describes the origin of one of the 'masterminds' of the truecrypt collective (the group that programmed truecrypt). It describes how his upbringing led to his viewpoints on privacy, hints at a conspiracy to eliminate public cryptography and talks about something called a 'cryptoparty', which I'm still scratching my head about. The article also hints he may have been involved in the illegal drug and arms business.
Back in my youth, I recall a "crytoparty" being a meatspace event in which people handed out and signed each others keys in order to create a web of verified trust.
Yes. It was a thing people did for a while to attempt to bootstrap PGP/GPG's web of trust, as you say, but also as a PR sort of thing. Crypto was even more black-arts then than now, and with some of the demonization due to the war with the Clinton administration over ITAR, you heard some of the same stuff you hear now about having something to hide, enabling terrorism, etc. (At the time, the "Four Horsemen of the Infopocalypse" - drug dealers, pornographers, terrorists and kidnappers - were the boogie men; it seems kidnapping is less scary these days, so that one gets left out.) Showing how it worked was good PR, as far as it went; I saw a lot of people get that little kid with a decoder ring look.
It was mostly a cypherpunks thing, but I understand others sympathetic to the idea picked it up. There were quite a few in the Bay Area, ca. 1993-97-ish. Perhaps later.
I recall one entertaining party where proof of identity via government issued paper was forbidden.
What a fantastic piece of journalism, I'm totally hooked. Love these long-form pieces when they have something really and truly meaty to work with. Very grateful for the chance to read it, thank you for posting it over here.
On a total segue from the topic of this post; two of the earliest memories of movie scenes that are etched into my brain are:
a) The snow globe falling down and breaking from Citizen Kane and
b) Slim Pickens riding the bomb in Dr. Strangelove
I have no idea at what age I watched them but those two scenes seem to have captivated me and are forever with me.
I haven't downvoted you, but there's always someone bitching about long-form journalism. It's a non-fiction STORY. Stories aren't technical documents or status reports - they set up atmosphere, build a character, and engage the reader.
Notice also that the title of the linked article is not "Paul LeRoux made Truecrypt" - it's not centered around that. It simply has that info in it, and as such is an interest to HN.
> there's always someone bitching about long-form journalism. It's a non-fiction STORY.
I'm fine for long-form journalism if it actually adds them. Reading through this just felt like the author tried to shove filler into it. I just didn't find it compelling or anything.
Give me a good story and I'm fine. Give me something it feels like you wrote explicitly because you get paid by the word and I'm not going to enjoy it as much.
Thanks for replying though. Maybe everyone else just feels differently about this story than me but it's frustrating to get downvoted without a reply saying why.
The article is overwhelmingly about the life and background of Paul. That's really the scoop here from the author's perspective, the fact that he happened to be the TrueCrypt founder is sort of an interesting aside (though also the reason anyone really cares to read about Paul's life).
edit: and the article author just posted on this comment thread saying the article(s) are more about Paul, not really specifically focusing on his connection to TrueCrypt.
That's a seriously unfair thing to say. It's also an artifact of the title having been changed to cherry-pick a single detail, which breaks the HN rules. Though in this case I'm not sure it's worth it to change it back.
Original author of the story here... Just to add that 1. yes, the reporting on Le Roux's childhood is more tentative based on a family source (well backed up by docs and images sent to me). But the fact that the same Le Roux created E4M which formed the basis of TrueCrypt is something I think I've established definitively, company and site registration trails show it very firmly (and PLR himself admits it in court, but that comes in a later part of my story). And 2. for the _very_ interested, TC is actually just a small part of Le Roux's story, of which we've released three of seven parts (weekly on Thursdays). I know, TL;DR, it's a lot.
Police officers, almost universally. Abortionists. Parents of little children, frequently. "This guy we pictured in front of a gay bar." Many people who find themselves targeted by one of the (numerous) Internet hate machines. Elected officials. Unelected officials. Anyone involved in a contract negotiation with the Teamsters. People who take substantial efforts so that ex-romantic partners do not discover where they live because of a well-founded fear that that ex-partner would attempt to murder them. Television personalities. People who recently won the lottery. People named Adolf Hitler (no, not that one).
There exist numerous reasons to not love the idea of one's personal information, particularly regarding one's work or home, put out there broadly, particularly when it is attached to information one does not control and/or in a circumstance which would tend to show it to people who do not respect standard middle class norms of detachment. Redditors did not invent concern over this issue. Many of the people with strong concerns about it are demographically dissimilar to the modal Redditor.
Edit to add: It occasionally happens that journalists will transgress upon society's norms in this area and persons sympathetic to the aggrevied parties will transgress back. I have not heard a journalist say, in response to that "OK, fair commentary, wot wot." This often comes up in the context "We have published gun owners' addresses because the public has a right to know who owns guns." "We have published your address because the public has a right to know who writes newspapers."
I'm a little confused. I agree that there is such a thing as maliciously or recklessly posting personally identifying information about people. Is that "doxxing"? If so, why are we pretending that this story constitutes "doxxing"?
Because that is what the comment to which I replied upthread claimed.
No relevance to this story; I've just seen you say "Doxxing is a thing that only Redditors care about" a time or three on HN, and believing that to be something that you believed generally rather than specific to this article, found it necessary to say "Actually, that's a bit more of a widely-held position than you seem to believe."
Yeah, what's triggering those responses is a Reddit-tinged reaction to nuts and bolts investigative journalism as if it were somehow contravening a new Internet norm.
There's a difference between outing details of someone's life with salacious or hostile intent and telling a story.
The fact that this guy on one hand built an incredibly high quality application that had and has a major positive impact on the world is a story that needs to be told.
The fact that he's a damaged, amoral man who is allegedly a career criminal and drug dealer is a story that demands to be told. He represents the Id of mankind -- and personifies the paradox that perfect security and privacy benefits society at large, and that society also includes the bad guys.
Maybe drug dealers are the unsung heroes of drug law liberalization. The Drug War was arguably driven by racist and authoritarian goals. So dealers are arguably freedom fighters, rather than criminals. Maybe he killed some people, but I suspect that was in self defense.
There's a difference between learning private information and disclosing it.
Publishing information on a particular private individual because the public's benefit is sufficiently great is a hard line to even vaguely pin down - a home address, all private contact methods, and enough personal data to forge their identity on a passport application is probably never warranted to publish, but you're going to acquire that information while researching private citizens for any reason, and then pare it down to the minimum required to establish whatever story you're reporting on.
One might distinguish "doxxing" as "publishing all the information you can retrieve", without any filter or goal other than making the information as public as possible.
I was not attempting to insinuate that the author had done so; I was just thinking aloud on the distinction between "doxxing" someone and what journalists often do.
Some people who do that consider themselves journalists. But then, people who doxx people might also consider themselves journalists. It's a hard call.
Personally, I interpreted the question as a shorthand for: "Aren't you afraid LeRoux could see that as doxxing, and of potential dangerous consequences to yourself?"
Yes, that's what I meant. But I do also consider the distinction between doxxing and journalism to be highly subjective. The judgment typically comes down to ingroup vs outgroup. Once someone is identified as "other", they're fair game.
This all occurs to me as a show trial. They're making an example of him, as authoritarian systems tend to do. And one aspect of that is being dragged through the mud. Being slandered. It's dog pack behavior, and I find it disgusting.
As tptacek says, I don't view reporting like this as "doxxing." As the series hopefully shows, Le Roux was a hugely newsworthy figure for many different reasons, so reporting his background and how he got there is part of understanding where he is now. As for being nervous, many of the major players in the story are in US custody, and perhaps somewhat counterintuitively a lot of people involved want to tell their part of the story. If they have beefs, they are typically with each other not with me. I do try to be careful, though.
To me, it's just semantics. Let's say that someone published this much information about you. And let's say that they had whatever justifications. That there was widespread agreement that it was OK. Whatever. How would you feel?
Are moral rules situationally dependent on the personal feelings of the person subject to those rules? I would hate to be in jail, but I think it's morally and ethically valid to put people in jail in certain circumstances. Similarly I think that politicians and public figures should be subject to a high degree of scrutiny and transparency about their personal lives, even though I personally wouldn't enjoy such treatment.
By "feel", I meant more what you might feel justified in doing about it. The key "moral rule" for me is to only mess with people who have messed with me. I don't get into third-party stuff, and I have little sympathy for those who do.
So what you're saying is, it would be moral for this guy's murder victims to dox him, but not a reporter? The funny thing with murderers is that they can only really be stopped by third parties.
I can't tell if you're being serious or facetious.
A given moral rule doesn't change because it's held by you versus someone else. Just like it makes no sense to refuse to answer the question of whether a fruit is an apple because it is in my hand instead of yours.
In other words, by having a moral rule yourself, you implicitly have a moral metarule: a rule about how to choose your moral rules.
Your refusal to answer the question doesn't make sense.
People have all sorts of moral rules. It tends to vary by culture, religion, and so on. Maybe you can abstract them all into some overall set. But you lose some subtleties.
But I also don't judge the moral rules that others hold. That's one of my operating principles. You can't judge without knowing that you're right. And there's no canonical source for that. I do have opinions about how well some moral rules work vs others. But that's not about judging, only assessing workability.
Germany has the concept 'people of public interest' for which different rules concerning media appearance and photographs apply. Politicians are an example. You could argue that it applies in this case as well.
Wrong country of course, but the idea as an ethical code is out there, that the public has some right for information on some, and only some, people.
Are you essentially positing that the only relevant consideration to whether publishing information about someone is ethically defensible is whether or not the subject feels good about having that information revealed? It seems to me there is a material difference -- and a vast one at that -- between "I have done serious investigative work and wish to present evidence that Joe Foobar is a criminal kingpin who can be linked with drug-running and murders" and "I am publishing personal information about Joe Foobar because he said something mean about a group I identify with and I wish to screw with his life."
The concept of "criminal kingpin" is entirely based on "a group I identify with". In this case, some nation or government or whatever. So, as I see it, there's arguably no fundamental distinction between your two examples. It's arguably all about power.
Dude, please. Laws are abstractions and relative and whatnot, but Really Bad People do exist and the public has a right to know. Otherwise, why have journalists or even laws at all?
Honestly, I don't have a clue. Who gets to decide? Some murderers are presidents, and others are on trial. There's really no point in arguing about it.
Use the Bible. That's something a third of the world agrees on, and the whole west is founded upon it.
But seriously, murder being bad is pretty much a human moral universal. You'll find that basic idea wherever and whenever you look (+/- various caveats).
I am not arguing that murder is OK. But I do suspect that Paul Le Roux is being railroaded. I also suspect that Barack Obama, who clearly has far more blood on his hands, will never face trial.
and is in fact deeply flawed on a fundamental level.
I can accept that it has flaws, but on the fundamental level? It seems pretty solid at that level. The creators thought through the problems and difficulties of government more deeply than most.
It's debatable whether this is a "fundamental" flaw, but the American Consitution is basically a set of procedural rules of the game. Civil rights are an afterthought.
Most modern constitutions also need all the procedures, of course, but they put certain "inalienable rights" square in the middle of it all. The procedures are merely there to support those rights.
The assumption of the time was that it was common-sense that the Constitution was a whitelist, not a blacklist. There was pushback against having an enumerated Bill of Rights because then there would be a whitelist of rights, and the Founders feared this would mean that they'd miss something and in the future their government would become oppressive.
I personally give up once a person gets so defensive that they start excusing murderers. That a person will so quickly sacrifice their morals for their face on an internet forum, is disheartening.
All too often, people confuse groupthink with morals. With a little dialog, I suspect that we could identify some accused murderers that you would excuse.
And you're conflating moral absolutism with groupthink.
Not everyone subscribes to moral relativism, as much as you might want them to.
Groupthink would be to eschew one's morality entirely, and merely subscribe to some sort of prevailing opinion on morality. Which is ironically what you're asking the parent poster to do.
But myerbergs_army's stated rationale was not that Le Roux is fair game for doxxing because he's so bad, it was that he was fair game because his activities are newsworthy.
Don't you know it's only ok when a given journalist has the blessing of the status quo and doesn't use automatic means (google doesn't count anymore of course, but copypasta of random code to help one on one's search is a big no no) of releasing such information?
If such a "journalist" wanted to write (about potentially classified™ information) about people working for defense contractors who create products only a minority of people care to voice dissent but has the blessing of the status quo, it wouldn't be ok because it would put lives at danger™. There is also an exception to this for when a billionaire helps you write about such info, but only less than 1% of it will ever see the light of day, and one must consult with the thought leaders™ of the status quo in order to have a voice where all the token freedom loving organizations also supported by such billionaire will blogspam such carefully vetted position on one's behalf.
> As the series hopefully shows, Le Roux was a hugely newsworthy figure for many different reasons, so reporting his background and how he got there is part of understanding where he is now.
Wasn't this Gawkers main argument in their defense against the hulk.
I do not understand the comparison you are trying to make. Gawker was sued for releasing a clip of the actual sex tape. Everyone involved stipulated that a detailed story about the tape would have been fine.
No, not quite. Their main argument was that it was newsworthy and "it", in particular, was the video and not the article. The article itself could exist, but without the video. The video couldn't as there was a reasonable expectation of privacy.
They were sued because they refused to take down the video and their defense was absolutely terrible in every regard including joking in legally binding statements without going through and marking them as jokes/sarcasm: so they are taken at face value in the court of law.
Making jokes about child porn ("newsworthy if the actor is over the age of four") isn't how you win over jurors.
Is Stallman a new William Safire or Brian Garner? I never knew this was one of his areas of expertise. Oxford lists "doxx" as an alternate but accepted version. I don't have an OED license so I dont have access to the full etymology they use.
It's simple: Dox is short for "docs". Shortening a 4-letter word to a 3-letter word is sensible (albeit lazy). Shortening a 4-letter word to a 4-letter word ("doxx") is stupid.
I don't know why people spell it with two. Maybe they think it looks cooler? But really it's hacker slang for "I accessed and published sensitive information about an individual" and is in most cases horrible.
Stallman has been irrelevant for years so I couldn't care less what he has to say on the subject, but tt very clearly comes from "documents -> docs -> dox" and should therefore have just 1 x.
> Thus, we usually have to write the name of the oil company as "Exxon", though its proper spelling is "e exx o n". (Don't make the mistake of pronouncing "Exxon" like "exon"; you will appear unsophisticated.)
So that's way off-topic. But what he says about "dox" vs. "doxx" is as much a preference as "focused" and "focussed", or "busing" and "bussing" - there's no "correct" way, not even if it is the original way.
Does he really think he can just imagine things, and then convince other people they are true?
Wikipedia says:
> The company initially planned to change its name to "Exon", in keeping with the four-letter format of Enco and Esso. However, during the planning process, it was noted that James Exon was the governor of Nebraska. Renaming the company after a sitting governor seemed ill-advised, and the second "x" was added to the new name and logo.
No mention of them wanting to name the company with a greek chi but not having that on their typewriters.
To be fair, the wikipedia claim isn't cited. Neither is rms's of course.
Convincing other people of things that are false is standard practice every April 1. I believe that whole Exxon article is an April Fool's joke.
...although looking at it more carefully, the doxing article is not dated April 1, and it has the same claim in it. Maybe he forgot what he was doing and successfully trolled himself. I don't know. But yes, the Exxon thing is obviously, demonstrably false.
Also, if I understand him right, he insists that the oil company Exxon is mis-spelling as well as mis-pronouncing it's own name, and he knows better. rms is an interesting guy.
Doxing is a targeted attack intended to harass and terrorize the victim as retribution for expressing dissenting opinions or beliefs. The ultimate goal is suppression of free speech.
Setup a Patreon. I'll throw in $20 per article for long-form journalism like this. Youtubers who make long-ish videos (i.e., EE's who tear down industrial gear narrating analysis[1]) have recently taken to this model and it's absolutely fantastic. My money goes to support the continued generation of new content, cutting out the middleman. "Pay because it's good" is the best content monetization model yet.
Are you me? I subscribe to Applied Science, AvE, Signal Path, and W2AEW. I'll have to check out Mikeselectricstuff and Mr Carlson's Lab. EEVblog is missing from the list, but arguably that one goes without saying :-)
Another addition to the above excellent list is "bigclivedotcom". Lots of teardowns of cheap Chinese electronics with an eye towards what exactly makes them dangerous. https://www.youtube.com/user/bigclivedotcom/videos
Clive is the best. Sometimes the cheap eBay gadgets get a little repetitive, but he does mix in a lot of different stuff. I really enjoy his videos on printing circuit boards and making his little 'nixie' lamps. He's just fun to listen to.
Awesome, thank you. In fact I was already subscribed to all of those channels except AvE and MrCarlsonsLab, so given that I just subscribed immediately without even checking out the videos.
The funny thing is, if someone wrote a novel with this plot, I would probably dismiss it as too far-fetched. Sometimes truth is indeed stranger than fiction.
There are some interesting circumstantial connections to Satoshi:
Considered to be a "brilliant" programmer with a strong C++ background - Most people would call you crazy if you attempted to put a 6 billion dollar prize behind an internet facing application without memory safety
Author of crypto/privacy software - E4M and possibly TrueCrypt written in C++
Experience hiding identity both online and off
Millionaire - Satoshi never converted any of his btc fortune
Anti-authoritarian
Understands the benefits of digital currency - Has millions of dollars stacked in boxes
Understands the payment problem - Illegal prescription drug marketplaces
Has an interest in internet gambling software - The first version of btc actually had some code for a marketplace and poker: http://imgur.com/a/NPiIs
Multifocal - Satoshi vanished around April 23 2011 to "move on to other things"
South African spelling/phrasing - analyse, colour, defence, bloody hard
Satoshis original code wasn't considered brilliant, though. Not crap, but more in the style of an academic that understood programming than that of an experienced programmer.
The code was written as a basic proof of concept, not with long term maintainability in mind, and the code for the wallet client was not well separated from the code for parsing the blockchain, or from the networking code or from the mining code, etc...
No brilliant programmer would have been willing to publish such a rudimentary proof of concept when interoperability and network effects are such important parts of its main idea.
Solotshi appears to be a very uncommon Congolese name. Le Roux's story starts in Africa, and the author alleges he was an arms dealer - maybe there's some connection there.
Paul Le Roux stole E4M source from SecurStar, and TrueCrypt programmers "forked" that source code. So Paul Le Roux surely didn't "write" TrueCrypt as such, isn't the current title here on HN inaccurate?
read the article before flaming. The author lays out a very well supported case for concluding that PLR wrote the E4M code then was hired by SecurStar to turn it into a commercial product. Also claims PLR was one of the TrueCrypt programmers, so yes, the title is accurate as far as what the author is claiming in the article.
Can you please quote the exact part where we can see that PLR was one of the TrueCrypt programmers? I somehow missed that what you claim while (admittedly) speed-reading, namely, I've got only this in the article:
"Indeed, even today the question of who launched the software remains unanswered. “The origin of TrueCrypt has always been very mysterious,” says Matthew Green".
"The article is unclear as for whether he was still involved with TrueCrypt by the time they got him though. It sounds like he had quite a lot going on to even care for TrueCrypt at that point."
I surely don't dispute that PLR wrote E4M and that TrueCrypt was kind of "fork" of that (see again my older post). But the following product is not the same thing as the original source, just as Marc Andreessen didn't "wrote the Internet Explorer" even if the later was once based on some Mosaic source.
And HN is generally against editorializing the titles to make them more linkbaity. And this one is surely such at the moment.
OP of this post here. Not sure why you're downvoted and tried to upvote it to rebalance.
I also realized after reading the article for the second time that it did not say that PLR is TC's author directly, but rather that it is unclear if he is.
Additionally, Matthew Green's twitter also further reinforced that belief. However it is too late for me to change the title but I'm not sure what I would even change it to. After all, it seems his original work is the foundation of TC (which you can argue to be different, but the title question remains).
Edit: @matthew_d_green's twitter has also published corrections at this point. However when I first learned about the post I only saw his initial tweet. It's a shame that I didn't realize that PLR is actually not the author/maintainer, tho.
Thanks to you and
lvs. At least I see the title was just changed to the original article's from the linkbaity one to which I've complained. Now it's finally
I'm not sure if that accurately reflect why this is relevant either. I think it is fairly significant that PLR is very much connected to TC (and it is suspected that he is involved with TC financially).
I do not have a better title suggestion at this point, however.
Writing something is not equal to owning. The topic here is the source in ownership of SecurStar which apparently PLR produced while working for SecurStar.
Just like if you'd work for Microsoft and then the code you produced while working there, under the contract that you've signed that the code belongs to them, you put into your own program. You wrote the program but the code you've put there is stolen.
Ahoy, moderators! Could we add a subtitle so that there's some context for the headline? He Always Had a Dark Side: How a multi-millionaire international arms dealer wrote the code for TrueCrypt
Serial works this way because it uses a lot of interviews from external folks. That would not work at all in writing. You have to design for reading or design for podcasting, there's rarely a case where something works well on both media.
Yes, but I think it's probably possible that interviews could be conducted. Maybe interviews were even already conducted and recorded for this approximately 50,000 word series...
Ok -- this is badly tripping me out. A former employee of mine in the Philippines is (was?) his wife. I'm pretty sure I met this guy while I lived in the Philippines. Even though I haven't seen her since 2008 (I think?) her family contacted me about 2 years ago wondering if I had spoken to her (I hadn't of course).
Not to be pedantic, but you wrote "cutting out the middleman." Doesn't patreon take a small cut? Aren't they a middleman? (Though undoubtedly one taking a much smaller share than previous ones.)
There's also gratipay, which doesn't take a cut. Still the credit card's cut, but gratipay offers bitcoin payments, which, if they implement it right, would eliminate the middleman (unless you count miners as middlemen) when the financee cashes out using bitcoin. If they implemented it wrong, then coinbase is the middleman.
A few people will donate bitcoin. A few things can be bought directly with bitcoin. On average, you'd expect that the fraction of your income paid in bitcoin would be similar to the fraction of goods and services that you can pay for with bitcoin.
> A few people will donate bitcoin. A few things can be bought directly with bitcoin. On average, you'd expect that the fraction of your income paid in bitcoin would be similar to the fraction of goods and services that you can pay for with bitcoin.
The point of donating money to the author of the piece is to encourage them to continue writing this epic story. Giving them Bitcoin is akin to leaving a tip to your server where the tip appears to be currency but rather instead is a Chick tract with the suggestion that you'll pray for their soul.
I suppose Patreon is technically in the middle but since their cut is small and transparent it's not like a 'man in the middle' attack where the intermediary is secretive about how much they're collecting and so on.
379 comments
[ 3.9 ms ] story [ 291 ms ] threadThis is probably a bigger story.
It's the link from that name to a Senator that is missing.
I guess there is a good chance that there is no paper trail and a very small number of people that know any details and are still alive (because it happened 40 years ago, not because of anything nefarious).
(like, did the daughter go there quietly for 4 months under an assumed name because the Senator was friends with a doctor...)
And, I can't imagine international flight passengers were tracked that closely either, much less stored for over 40 years.
1: https://en.wikipedia.org/wiki/Contract_killing#Statistics [2]
2: I have to say I was fairly hesitant to search for that data. It's not the kind of thing you want showing up in your search history...
That, in and of itself, is a very interesting phenomenon, don't you think?
On the other, it's just kind of embarrassing if I had to explain why that showed up in my search history if for some reason it was exposed. That's also an irrational fear, since there's no reason anyone I know would see it, but I generally try to error on the side of caution when it comes to privacy. Really, I was thinking "I hope I remember to look up this comment if this ever comes up for any reason, because that could be awkward..."
Here's what happened when a husband and wife separately searched for information on pressure cookers and backpacks:
http://www.thewire.com/national/2013/08/government-knocking-...
That's a surprisingly low amount. I'd've guessed $100k+ or more.
Far as Senators, they have bulletproof PR, low likelihood of prosecution, and ties with LEO's. They'll just ignore someone's claims, have legal action taken in a legit-looking way, or have LEO's harass the person. The latter tends to cause mental wear that makes the source's writings and actions become more erratic over time. They are dismissed as having mental illness. People are only killed when it's a straight-up blackop that they're also a serious, persistent threat to. That's rare given the selection process, planning, and field experience of those involved in such work.
So, I'd say the numbers on contract killing aren't relevant here. It's possible but unlikely. The only exception is those like Feingold deep in defense-related matters. An overlap between dirty Senators, money, and black ops has risk or results I could only guess at. I won't bother.
If this is part is legitimate that is.
Any hints? Hah.
Matthew Green also tweeted about this correlation on twitter: https://twitter.com/matthew_d_green/status/71481367667133644...
This seems a bit odd to me, having lived in South Africa at that time. There's almost no way a guy at home would have had that kind of access in Apartheid South Africa to the internet back then. There was access, but it was through big companies or academia and on a very controlled level.
Here's a quick rundown of internet access in South Africa during that time period from Wikipedia. From experience, it is accurate.
> The first South African IP address was granted to Rhodes University in 1988.[1] On 12 November 1991, the first IP connection was made between Rhodes' computing centre and the home of Randy Bush in Portland, Oregon.[2] By November 1991, South African universities were connected through UNINET to the Internet. Commercial Internet access for businesses and private use began in June 1992[3] with the registration of the first .co.za subdomain.
You might bring up stuff like BBS, but that was not around in South Africa until after 1990 also. You could technically have imported hardware and connected to a BBS in USA, but the costs involved and control of the only Telecoms operator allowed in Apartheid South Africa (Telkom) would have been unaffordable. Especially for Krugersdorp. I doubt you'd get some kind of USA led local police raid for pornography in Apartheid South Africa either. The whole thing would need some serious evidence.
https://en.wikipedia.org/wiki/Television_in_South_Africa
Yep, this is exactly what we did with our 8-bit machines and modems at the time.
We were global even then.
EDIT- LOL. I guess the HN downvoters have proof this isn't what we were doing back then???
Honestly, I'm outta here. Had enough of this. Changing my password to something I'll never remember.
Rage on, kids.
In Krugersdorp in the late 1980s? And the police were on the case - both in terms of being tech-savy enough, and not having more pressing concerns? (1)
Let's say that it's an extra-ordinary claim and we'd like a little more weight behind it.
1) http://www.saha.org.za/ecc25/ecc_under_a_state_of_emergency....
"In the Esquire article, Captain Crunch narrates excitedly to his interviewer Ron Rosenbaum the process by which he connected a single long-distance call via switching stations across Asia, Europe, South Africa, South America and the East coast until he reached a specific telephone in California."
Depends how much chance you have to lose yourself in an internal SA call to one or more SxS COs before the overseas hop, you could be pretty hard to catch. But, if there wasn't a lot of international traffic they could just snoop on the overseas hop and figure out who you were.
Look for "Region,49" and you'll see a small number of them, but they were in Port Elizabeth, Cape Town, and Johannesburg.
Whether they could actually dial out to the rest of the world is open to question, but they would have needed to at least be accessible from the outside world for them to even be on FidoNet in the first place.
I don't find this claim so remarkable, though it's certainly possible that the details are fuzzily remembered nearly 30 years later.
Really ? Honestly, that's even more interesting than the truecrypt/arms dealer story ...
Pictures ?
Source: was personally involved
Also, on the note of 'porn online in the late 80's' is probably impossible, as there were no digital cameras, no scanners to speak of, and the only 'porn' you'd have found would have been rare, and very, very data intensive for the days. I know. :-)
And /most/ countries police forces had absolutely no clue whatsoever about 'online', 'computers', 'modems', 'internet' and 'keyboards'. I know the french didn't!
Those were the days, etc etc :-)
"PILATE: What's so... funny about 'Biggus Dickus'?
CENTURION: Well, it's a joke name, sir.
PILATE: I have a vewy gweat fwiend in Wome called..."
(And he really did have this friend! Heh. Comedy, one way or another)
> This seems a bit odd to me
Understatement of the week. As you say, it wouldn't have been on the Internet. I know nothing about the South African BBS scene of the time but it would have been very small. And selling pornography online? How would you even have gone about that? That would have been cash transactions down in the corner. For downloading porn at 1200 bits per second.
http://bbs.hmvh.net/lists/the_list.htm
There were a few that were around during the late 80s, so it's plausible that there may have been BBS catering to porn. But to sell it via BBS during the late 80s? From Krugersdorp? No ways.
The people who were really in the know about stuff like this were guys like tKC from The Phrozen Crew, and in his own words, he only started catching onto BBS in 1991.
http://defacto2.net/wayback/the-life-and-legend-of-tkc-2000-...
Phrozen Crew were a very well-known cracking group during the 90s.
https://en.wikipedia.org/wiki/List_of_warez_groups#Phrozen_C...
Bluebeep dude! Where were you? https://twitter.com/kaihendry/status/714901743830700032
Has anyone confirmed any affirmation in the article?
(/sarcasm)
(It's not him, by the way, found an active twitter account for that person. Just having some fun creating a conspiracy theory.)
He eventually started his pharmaceutical business and made hundreds of millions of dollars. According to sources, he became gradually "darker" as he got more money, including allegations he had people killed. And then recently he was arrested by the DEA.
The article got most of its information by a supposed relative - the reporter is convinced it's legitimate because of how much they know about Paul and their access to documents a non-family member is unlikely to have.
The other interesting new information is that his biological mother (edit: grandmother) is the wife of a US senator, but there's nothing to really collaborate that other than the word of the anonymous soruce.
There is no new information about the discontinuation of TC in this article. The article says that Paul disappeared from the crypto community (at least, under his own name) at about the time he started his pharma company (2004), but implied that he had worked on TC for the decade leading up to 2004. The anonymous source also said he "switched" to the pill selling, perhaps suggesting he left the TC project around that time in 2004.
If I had to guess, whoever was funding the TC developers stopped funding them. And the developers decided to move on with their lives, having worked on it for 15+ years, and possibly largely only doing so because they got paid. The "TrueCrypt is not secure" message was probably to imply that a lack of updates wasn't because they were confident they weren't needed, but rather because it was no longer maintained.
His biological GRANDmother is supposedly married to a senator.
I think it's funny that reddit is the go-to example of an internet shithole, instead of something like 4chan.
Perhaps that's still to come in part 2, but as of right now the title is extremely linkbaity.
EDIT: title has been unlinkbaitified (previously "Truecrypt was written by a international arms dealer")
EDIT2: title has been reverted to the linkbaity version (previously changed to the original title "He Always Had a Dark Side")
http://www.nytimes.com/2014/12/21/world/asia/in-real-life-ra...
http://www.nytimes.com/2015/02/02/nyregion/us-reveals-crimin...
Probably would've made the same amount of money charging for TC premium support instead of building a pancontinental empire of mercenaries and arms trafficking.
> the US makes a massive amount of cash selling weapons
DOES NOT COMPUTE
https://en.m.wikipedia.org/wiki/Arms_trafficking
Or at least that the U.S. is an arms dealer.
https://en.wikipedia.org/wiki/Arms_trafficking#Notable_arms_...
This article is actually part 3, the first two detail his arms dealing a little bit, but like someone else mentioned, he's a very well-known arms dealer with direct links to several murders.
Part 1: https://mastermind.atavist.com/an-arrogant-way-of-killing
> Hafner and his SecurStar colleagues suspected that Le Roux was part of the TrueCrypt collective but couldn’t prove it. Indeed, even today the question of who launched the software remains unanswered. “The origin of TrueCrypt has always been very mysterious,” says Matthew Green, a computer-science professor at the Johns Hopkins Information Security Institute and an expert on TrueCrypt who led a security audit of the software in 2014. “It was written by anonymous folks; it could have been Paul Le Roux writing under an assumed name, or it could have been someone completely different.”
Interesting read, regardless.
Entertaining but not meaty with the evidence.
Possibly this: https://en.wikipedia.org/wiki/Cryptoparty
It was mostly a cypherpunks thing, but I understand others sympathetic to the idea picked it up. There were quite a few in the Bay Area, ca. 1993-97-ish. Perhaps later.
I recall one entertaining party where proof of identity via government issued paper was forbidden.
Well how else are you going to make it look like you really worked hard on something if you just give people exactly what they want right up front? /s
Seriously this article is bloated as HELL.
Edit: did anyone who downvoted me to hell even read the article? It's about 5% information, 95% useless bloat to fill the page. I mean damn...
It's literally the first word that's said in the movie. Of course at that point you have no idea that it's the sled's name ;-)
On a total segue from the topic of this post; two of the earliest memories of movie scenes that are etched into my brain are: a) The snow globe falling down and breaking from Citizen Kane and b) Slim Pickens riding the bomb in Dr. Strangelove
I have no idea at what age I watched them but those two scenes seem to have captivated me and are forever with me.
Notice also that the title of the linked article is not "Paul LeRoux made Truecrypt" - it's not centered around that. It simply has that info in it, and as such is an interest to HN.
I'm fine for long-form journalism if it actually adds them. Reading through this just felt like the author tried to shove filler into it. I just didn't find it compelling or anything.
Give me a good story and I'm fine. Give me something it feels like you wrote explicitly because you get paid by the word and I'm not going to enjoy it as much.
Thanks for replying though. Maybe everyone else just feels differently about this story than me but it's frustrating to get downvoted without a reply saying why.
edit: and the article author just posted on this comment thread saying the article(s) are more about Paul, not really specifically focusing on his connection to TrueCrypt.
We detached this subthread from https://news.ycombinator.com/item?id=11382381 and marked it off-topic.
I would not be surprised if it's a false alarm, like the Satoshi "exposure".
Do you think their might be repercussions for this? If not, why? If so, how has this affected you?
NB: I'm not claiming these rules are good or bad. But it's not like only freaks that are members of The Other have concerns about doxxing.
There exist numerous reasons to not love the idea of one's personal information, particularly regarding one's work or home, put out there broadly, particularly when it is attached to information one does not control and/or in a circumstance which would tend to show it to people who do not respect standard middle class norms of detachment. Redditors did not invent concern over this issue. Many of the people with strong concerns about it are demographically dissimilar to the modal Redditor.
Edit to add: It occasionally happens that journalists will transgress upon society's norms in this area and persons sympathetic to the aggrevied parties will transgress back. I have not heard a journalist say, in response to that "OK, fair commentary, wot wot." This often comes up in the context "We have published gun owners' addresses because the public has a right to know who owns guns." "We have published your address because the public has a right to know who writes newspapers."
I feel like I've read that story ~5 times over the years. First Googleable citation: http://www.nytimes.com/2013/01/07/nyregion/after-pinpointing...
Because that is what the comment to which I replied upthread claimed.
The fact that this guy on one hand built an incredibly high quality application that had and has a major positive impact on the world is a story that needs to be told.
The fact that he's a damaged, amoral man who is allegedly a career criminal and drug dealer is a story that demands to be told. He represents the Id of mankind -- and personifies the paradox that perfect security and privacy benefits society at large, and that society also includes the bad guys.
Publishing information on a particular private individual because the public's benefit is sufficiently great is a hard line to even vaguely pin down - a home address, all private contact methods, and enough personal data to forge their identity on a passport application is probably never warranted to publish, but you're going to acquire that information while researching private citizens for any reason, and then pare it down to the minimum required to establish whatever story you're reporting on.
One might distinguish "doxxing" as "publishing all the information you can retrieve", without any filter or goal other than making the information as public as possible.
This all occurs to me as a show trial. They're making an example of him, as authoritarian systems tend to do. And one aspect of that is being dragged through the mud. Being slandered. It's dog pack behavior, and I find it disgusting.
Anybody can do whatever they want. And they get whatever they get.
My parent question was more about the reporter's OPSEC. That is, the risks that he's taken.
I have little use for assessing the moral opinions of others.
As I wrote recently, stuff that isn't testable isn't worth worrying about.
A given moral rule doesn't change because it's held by you versus someone else. Just like it makes no sense to refuse to answer the question of whether a fruit is an apple because it is in my hand instead of yours.
In other words, by having a moral rule yourself, you implicitly have a moral metarule: a rule about how to choose your moral rules.
Your refusal to answer the question doesn't make sense.
But I also don't judge the moral rules that others hold. That's one of my operating principles. You can't judge without knowing that you're right. And there's no canonical source for that. I do have opinions about how well some moral rules work vs others. But that's not about judging, only assessing workability.
Wrong country of course, but the idea as an ethical code is out there, that the public has some right for information on some, and only some, people.
But seriously, murder being bad is pretty much a human moral universal. You'll find that basic idea wherever and whenever you look (+/- various caveats).
http://www.haaretz.com/grounds-for-disbelief-1.10757
Falsus in unum, falsus in omnibus. Sorry, that authority is impeached.
Your constitution is not the epitome of justice or democratic ideals, and is in fact deeply flawed on a fundamental level.
I can accept that it has flaws, but on the fundamental level? It seems pretty solid at that level. The creators thought through the problems and difficulties of government more deeply than most.
Most modern constitutions also need all the procedures, of course, but they put certain "inalienable rights" square in the middle of it all. The procedures are merely there to support those rights.
Different times, different mindset.
Hilariously ironic how things turned out instead.
If such a "journalist" wanted to write (about potentially classified™ information) about people working for defense contractors who create products only a minority of people care to voice dissent but has the blessing of the status quo, it wouldn't be ok because it would put lives at danger™. There is also an exception to this for when a billionaire helps you write about such info, but only less than 1% of it will ever see the light of day, and one must consult with the thought leaders™ of the status quo in order to have a voice where all the token freedom loving organizations also supported by such billionaire will blogspam such carefully vetted position on one's behalf.
Wasn't this Gawkers main argument in their defense against the hulk.
They were sued because they refused to take down the video and their defense was absolutely terrible in every regard including joking in legally binding statements without going through and marking them as jokes/sarcasm: so they are taken at face value in the court of law.
Making jokes about child porn ("newsworthy if the actor is over the age of four") isn't how you win over jurors.
Also, one X, not two: https://stallman.org/doxing.html
http://www.oxforddictionaries.com/definition/english/dox
I don't know why people spell it with two. Maybe they think it looks cooler? But really it's hacker slang for "I accessed and published sensitive information about an individual" and is in most cases horrible.
The development of the Exxon exx is shown here:
http://www.logodesignlove.com/exxon-logo-raymond-loewy
It's clearly a double-x rather than any more exotic character, the styling is just that - styling.
The Wikipedia article has it as /ˈɛksɒn/ and that's the pronunciation used in their commercials:
https://www.youtube.com/watch?v=_s80Hbac2b8
So that's way off-topic. But what he says about "dox" vs. "doxx" is as much a preference as "focused" and "focussed", or "busing" and "bussing" - there's no "correct" way, not even if it is the original way.
https://en.wikipedia.org/wiki/Exxon#History
There's no particular reason to believe they wanted to change the pronunciation as well.
woosh
This is some really advanced trolling, on the level of the emperor's new clothes.
Wikipedia says:
> The company initially planned to change its name to "Exon", in keeping with the four-letter format of Enco and Esso. However, during the planning process, it was noted that James Exon was the governor of Nebraska. Renaming the company after a sitting governor seemed ill-advised, and the second "x" was added to the new name and logo.
No mention of them wanting to name the company with a greek chi but not having that on their typewriters.
To be fair, the wikipedia claim isn't cited. Neither is rms's of course.
...although looking at it more carefully, the doxing article is not dated April 1, and it has the same claim in it. Maybe he forgot what he was doing and successfully trolled himself. I don't know. But yes, the Exxon thing is obviously, demonstrably false.
Journalism is not doxing.
[1] Ben from Applied Science [https://www.youtube.com/user/bkraz333] Mikeselectricstuff [https://www.youtube.com/user/mikeselectricstuff] and AvE are all incredible. Some of the underappreciated but really educational channels are(Sharhair from the Signal Path[https://www.youtube.com/channel/UCKxRARSpahF1Mt-2vbPug-g] and Paul from Mr Carlsons Lab [https://www.youtube.com/user/MrCarlsonsLab], along with HAM'er W2AEW [https://www.youtube.com/user/w2aew]. These guys don't even have Patreons - they just do it to because they want to disseminate knowledge.
Glad to see this sentiment here.
If Patreon is too involved, content creators can also put a PayPal tip jar on their site:
http://micheleincalifornia.blogspot.com/2015/11/how-to-make-...
The funny thing is, if someone wrote a novel with this plot, I would probably dismiss it as too far-fetched. Sometimes truth is indeed stranger than fiction.
What's with the SOLOTSHI? Was that a nickname, an additional real name, or just a false name he threw in to the mix?
Coming to a theater near you, this Summer.
Considered to be a "brilliant" programmer with a strong C++ background - Most people would call you crazy if you attempted to put a 6 billion dollar prize behind an internet facing application without memory safety
Author of crypto/privacy software - E4M and possibly TrueCrypt written in C++
Experience hiding identity both online and off
Millionaire - Satoshi never converted any of his btc fortune
Anti-authoritarian
Understands the benefits of digital currency - Has millions of dollars stacked in boxes
Understands the payment problem - Illegal prescription drug marketplaces
Has an interest in internet gambling software - The first version of btc actually had some code for a marketplace and poker: http://imgur.com/a/NPiIs
Multifocal - Satoshi vanished around April 23 2011 to "move on to other things"
South African spelling/phrasing - analyse, colour, defence, bloody hard
That's common across all of the Commonwealth countries. Could easily be Australia or NZ. If he calls traffic lights 'robots' you could be certain.
The code was written as a basic proof of concept, not with long term maintainability in mind, and the code for the wallet client was not well separated from the code for parsing the blockchain, or from the networking code or from the mining code, etc...
No brilliant programmer would have been willing to publish such a rudimentary proof of concept when interoperability and network effects are such important parts of its main idea.
I haven't looked for similarities but I'm guessing someone has already compared the two using Aylin's CodeStylometry work: https://github.com/calaylin/CodeStylometry
http://forebears.io/surnames/solotshi
Or maybe, as the above website shows, it's an alternative spelling for a similar Moldovan or Georgian name? I have no idea.
https://news.ycombinator.com/item?id=11382303
Paul Le Roux stole E4M source from SecurStar, and TrueCrypt programmers "forked" that source code. So Paul Le Roux surely didn't "write" TrueCrypt as such, isn't the current title here on HN inaccurate?
Mods can we please have the real article title
"He Always Had a Dark Side"
here instead of the current one?
"Indeed, even today the question of who launched the software remains unanswered. “The origin of TrueCrypt has always been very mysterious,” says Matthew Green".
And also as Mahn writes:
https://news.ycombinator.com/item?id=11383392
"The article is unclear as for whether he was still involved with TrueCrypt by the time they got him though. It sounds like he had quite a lot going on to even care for TrueCrypt at that point."
I surely don't dispute that PLR wrote E4M and that TrueCrypt was kind of "fork" of that (see again my older post). But the following product is not the same thing as the original source, just as Marc Andreessen didn't "wrote the Internet Explorer" even if the later was once based on some Mosaic source.
And HN is generally against editorializing the titles to make them more linkbaity. And this one is surely such at the moment.
I also realized after reading the article for the second time that it did not say that PLR is TC's author directly, but rather that it is unclear if he is.
I made a mistake while first posting as my reading made me believe he's the author of TC. I tried to point it out here: https://news.ycombinator.com/item?id=11382412
Additionally, Matthew Green's twitter also further reinforced that belief. However it is too late for me to change the title but I'm not sure what I would even change it to. After all, it seems his original work is the foundation of TC (which you can argue to be different, but the title question remains).
Edit: @matthew_d_green's twitter has also published corrections at this point. However when I first learned about the post I only saw his initial tweet. It's a shame that I didn't realize that PLR is actually not the author/maintainer, tho.
"He Always Had a Dark Side"
I do not have a better title suggestion at this point, however.
https://news.ycombinator.com/item?id=6572466
I surely don't dispute that PLR wrote E4M....
Just like if you'd work for Microsoft and then the code you produced while working there, under the contract that you've signed that the code belongs to them, you put into your own program. You wrote the program but the code you've put there is stolen.
No but really turning a long text into podcast can really add to a work. Just Look at something like Serial.
That's basically trolling in itself: "a troll like the type of person you'd find on Reddit"
Reddit fucking rocks and an AMAZING amount of quality people/content comes from Reddit...
And tell me, how does one cut out the middleman when they convert their Bitcoin earnings to US dollars or whatever currency they prefer?
The point of donating money to the author of the piece is to encourage them to continue writing this epic story. Giving them Bitcoin is akin to leaving a tip to your server where the tip appears to be currency but rather instead is a Chick tract with the suggestion that you'll pray for their soul.
I'm not in the mood to register with some service and hand out my CC data to give the author a buck. In contrast I'd scan a QR code in a heartbeat.
(maybe 'cutting out a middleman' is pedantically accurate in this case. We seem to have identified at least two middlemen in this process)
The writing style is weird; this looks more like someone's smash job. Why does www.atavist.com go to a sales page? And where's the nutgraf?
http://journal-neo.org/2015/06/12/paul-calder-le-roux-arch-v...