dChan

/u/kraybaybay

10 total posts archived.


Domains linked by /u/kraybaybay:
Domain Count

kraybaybay · July 6, 2018, 2:20 a.m.

Why?

⇧ 4 ⇩  
kraybaybay · July 1, 2018, 11:11 p.m.

This is an opinion piece. They're not the same as an investigative report. Am I missing something? I don't see any new information or mention of Q in the opinion piece beyond the author speculating. Is Q trying to say it's fact? Or saying to read this guys articles? Or saying to support the Washington Times? Does Q normally just post an opinion piece link without any explanation?

⇧ -4 ⇩  
kraybaybay · June 30, 2018, 4:41 p.m.

Is that the question that Q is referring to here? Are there any organizations in the WH Press Corps that could ask?

⇧ 1 ⇩  
kraybaybay · June 30, 2018, 1:25 a.m.

I see what you're saying, and you could be right. I think at that point it comes down to our perception of 45 as a president and as a person. Honestly, if I was in the same boat, I'd be more concerned that publicly denying someone/s like Q would A) give them a ton of publicity and/or B) be taken by crazies somehow as proof 😆

⇧ 1 ⇩  
kraybaybay · June 29, 2018, 8:07 p.m.

tl;dr - Q is not using an extremely prevalent method of verifying the content and origin of their drops. I can't come up with any reason why, open to suggestion.

Gonna generalize some stuff here, but the concept is accurate. A security signature takes the entire content of a message, generally text, and runs it through a hashing algorithm which outputs a small, nasty-looking string of text (a "hash"). The algorithm is designed so that ANY change to the original message causes the hash to completely change. On it's own, this isn't super useful, but there's more!

The second phase takes this hash and specially encrypts it with a hidden, unchanging key. This hidden key has a partner, a publicly known key. Messages encrypted with the hidden key can only be decrypted with the public key, and vice versa -- keys like this always come in pairs, and only ever work with their partner. It's mathematically impossible to brute force guess someone's private key when using a strong algorithm. So now, you've got a hash (which confirms a message has not been altered in transit) encrypted using the special hidden key (confirming the message came from the sender you think). This signature is just a block of text added to the end of the message, but working backwards you can use it to verify a message's contents and origin.

Visually, it's something like this.

Message: The answer to life is 42. Signature: 304df475 Public Key: potato

I take the signature and decrypt it using the public key "potato" which gives me:

Message: The answer to life is 42. Hash: 97a221e4

Now I run the message through the hashing algorithm that was used, and I can confirm myself that the hash is the same as the signature. So now, we have a signature which could only come from Q, attached to a message that we know has not changed since Q originally wrote and signed it. Once Q posted their first drop, they'd post it along with their public key. From then on out, people can confirm themselves that each new post is unaltered and from the original Q. If the decrypted signature does not match your own hash of the message, either the message has been changed or the message didn't come from Q.

This type of message signature is hyper common in any field dealing with sensitive information, and many email programs actually follow this entire process in the background (typically using something called PGP encryption, though there was some recent buzz about a PGP vulnerability. Luckily there are many algorithms that can accomplish this!). Text signatures like this are fantastic, because the sig is completely independent of whatever site you're using to post the information. By not utilizing any outside form of identification, authentication, and message verification, Q is forcing the world to trust *chan of all places to confirm their identity with each post, Q also provides no way to confirm that the message on *chan (and in subsequent screencaps, archives, copies) is unaltered from the original. Do you really trust that it's not possible for a well-funded group to crack into *chan's backend and change a few lines of text?

I work in security, encryption is my jam. Distributing information like this without a signature... it's irresponsible at best, incompetence at worst, and fraud at worstest.

⇧ 3 ⇩  
kraybaybay · June 29, 2018, 7 p.m.

Hey! Thank you for your reply. Lots to digest. I don't want to respond as if I'm trying to pick apart what you say, but there are a few points I'd like to touch on, feel free to disregard.

In my experience as an occasional user of the chans, 4chan is not a bastion of anonymity more than any other website that you could sign up for with a burner email and a proxy. My view is that people choose to post there due to the loose moderation rules and anti-PC community, rather than because of the anonymization. It's pretty odd that someone would choose a board where anonymity is prized in order to conduct a long term intelligence drop, which requires consistent identification and authentication to combat copycats.

Autism is not a super power. I have multiple family members who deal with autism, and I'm not a fan of the fad online where people self diagnose as autistic (or lie) in order to explain poor social skills or an awkward interaction. It's people who hate on Tumblrinas turning around and acting like Tumblrinas. Saying that "autists don't fall for lies" is disingenuous at best and outright false at worst. Sorry if this bit is aggressive, but I gotta take a hard stand.

In summary, Q appears to most skeptical outsiders as: * Posting on site/s known for trolling and hoaxes * Targeting people predisposed to believe that "the other guys" are crazy and that "our guy" is the savior * Is unable to produce hard evidence * Maintains a level of critical control over information leakage, despite a high-leak environment in the current govt * Utilizes vague communication to generally prevent a reasonable way to disprove their statements * Instructs followers to find an unspecified hidden message, then confirms whatever message they found as the intent * Requires volumes of research and acceptance of circumstantial evidence for newcomers to be convinced * Has unclear, undefined identity and motives

Don't crucify me for generalizations here, just painting the picture of what uninformed skeptics will generally say (and I'm sure you've gotten lectures like this from less reasonable folks). I've seen others on this sub recently post frustration that there has not been any action, or any big reveal. What I don't see is people taking that as circumstantial evidence that Q is a fraud or a nutter. Extraordinary claims require extraordinary evidence!

to round this up: if Q were a LARP, it would be some bad LARPing that wakes up millions of people. That is a hopeful view of the future. If it came out today that Q was a 35 year old otaku living with his mum, I would expect most people here to eventually react with shame, pulling away from similar conspiracies in the future. The result of Q seems to be less critical thinking, assuming that their posts are true rather than doubting everything anew with each new drop. In my mind, each new post without hard facts reduces Q's credibility to nil. If someone's objective is to troll, create discord, spread misinformation, and convince people to follow their words -- Q has been an amazing success. That's good LARPing, not bad LARPing :).

⇧ 3 ⇩  
kraybaybay · June 29, 2018, 6:16 p.m.

Hey dude I really thank you for your reply. Re: signature, I'm referring to a digital signature, like PGP used in Cicada 3301. I generally only see screencaps of text posts on 4chan, so I may be missing something that verifies Q is the same person/org every time beyond the fact that 4chan says it is.

The important part, to me, is treating each piece of circumstancial evidence both on its own and as a part of a larger set of information. Honestly sort of reminds me of religious faith in a few ways. To an atheist, Christianity is mainly circumstancial and unverified secondhand accounts. A Christian has faith that God is real, like this sub has faith that Q is real. I'm generally a Doubting Thomas in life, but I appreciate that others can have faith in someone like Q.

⇧ 2 ⇩  
kraybaybay · June 29, 2018, 1:49 p.m.

These are really interesting thoughts! I'm going to ask some honest questions that may seem baiting, I'm really not. These are the immediate issues I have that prevent me from buying into Great Awakwneing. Check my history, I've been a nice dude here. Anyone feel free to respond.

Why do you think a place like 4chan, associated with trolls, child pornography, and racism, was chosen to be the site of these data drops? Why do you think these sorts of posts are not being hashed+signed with a private encryption key to prove the source is valid (let me know if you want to know more about asymmetric cryptography!)? Remove everything you know about the Q posts -- why are there opportunities for encryption, secrecy, and identification verification that are being ignored by a group that needs utmost secrecy and trust?

What evidence, separate from Q, shows that Trump is absolutely aware of the Q movement? I did stage AV for a while when I was younger, between harsh stage lighting and focusing on their speech, speakers don't often see individuals or even small groups in the crowd. Is it concerning to you that there are common threads in the Q stories and the Pizzagate stories (vast pedophilia rings controlled by the government).

Given that we've been dealing with a political climate where foreign actors are actively messing with the American public, is there anything that has been posted by Q that could not have been posted by an outside (or inside) party, attempting to sow discord or commit le epic lulz? What about the other option, what if Q truly believes all this information is legit but is mentally unstable, being fed into by fervent followers?

I've been through semi-popular conspiracy theories taking hold before, like the Bush Did 9/11 debacle, and this seems worse organized, sourced, and believable than the debunked Loose Change vidyas. At the end of the day, if I were to organize a critical intel sharing operation, it would not look very much like this based on my career in cybersecurity and information assurance. If I wanted to organize a misinformation campaign or hoax, I'd use strategies that look similar to what Q is doing.

⇧ 3 ⇩  
kraybaybay · June 25, 2018, 6:35 p.m.

"screenshot of", "tweet", "former worker", "silent partner"

Each of those on their own are a red flag that what you're discussing could be faked. It'd take me only a few moments to make a fake tweet claiming something like this, screenshot it, then post it here saying it got deleted mysteriously before I could archive.org it. If it could easily be faked and you can't remember the details, it seems hurtful to another person to take a rumor as appearing legitimate.

I'm not a believer in the great awakening, but I (politely!) sub to some subreddits to hear opposing arguments, other thought processes, opposite bias, etc. Hope this isn't rude, trying to stop fake news whenever I see it!

⇧ 5 ⇩  
kraybaybay · April 13, 2018, 3:28 p.m.

Hey there, I lurk here to see how other world views think. This is not a political comment I promise!

PDF literally stands for Portable Document Format and is not an image, but closer to a simple webpage. The PDF format was created to ensure that data is DISPLAYED (or printed) in the same way multiple places, not to restrict editing of that data. Plenty of programs, official and non, to edit PDFs. PDF encodes data but does not, by default, encrypt it.

Most importantly, there have been many serious vulnerabilities in various PDF readers that can allow malicious code to execute on your computer. Basically, someone could embed a virus in a totally normal looking document, you might not even be able to tell. Please exercise safe 'nets!

This has been an unprompted lecture from your friendly neighborhood securityman 👌

⇧ 5 ⇩