I can relate to that very much. Your former friend sounds exactly like one of my friends with whom I am trying to not end friendship and be as empathetic and helpful as I can be.
> while at the same time those same sources get used easily for their own arguments
100% this!
Telegram channels and Substack seem to be super popular for this sort of propaganda. I also did a technical analysis of many of the websites shared in these channels and found:
Good luck! It's incredibly hard, not breaking the friendship. I had to block my friend, I just could take discussions any longer. I was being insulted every time and was mentally completely exhausted. Just thinking about it already increases my heartrate.
I'm wondering about your friend. In hindsight I can see some of the behaviour also in how he was when he was young. He always had a bit of a chip on his shoulder (some of it justified being a Turkish emigrant in Germany), and always blamed bad things happening to him on outside influences never on his own behaviour. Very similar how he argues about conspiracies. Is/was that similar with your friend? I'm wondering if there is some pattern.
Do you have any go-to public tools for fact-checking or any internal tools that you might have had access to in the past?
More generally speaking, how do you defend yourself against PsyOp in this age with heavily degraded trust in the government and judiciary system in the west particularly?
It is misinformation because it is outright wrong. Follow Malone for a couple of weeks and you will see he has nothing else to share but: Vaccines are bad, Vaccines are killing people.
> As we prevent three deaths by vaccinating, we incur two deaths.
> "Are we headed for the situation where the ~30% unvaxxed will be devoting their lives to operating whatever is left of the economic infrastructure and serving as caretakers for the vaxxed?"
This is what got him banned from twitter.
Why don't you try to investigate a bit yourself? People with credentials can have no other motive to spread misinformation and all the motive to "save the humanity" ? Sad to see this on HN.
I listened to the podcast he did with Joe Rogan. 95% of what he talked about was fairly convincing and I agreed with it pretty strongly (or mundane and uncontroversial,). 5% was questionable and less convincing. Based on Malone's history (I think he had a strong, rare allergic reaction to one of his COVID shots that very nearly killed him) it seems likely that he argues in good faith. My prior here is that I already considered the harms in censoring good faith incorrect arguments greater than the benefits of it.
The things he mentioned in the podcast that I agreed with and honestly are pretty convincing:
- censorship of criticism of COVID medicine online is out of control and dangerous. How can you ethically give a drug if you're not allowed to publicly question whether it's safe or not? He gives a ton of examples of very mundane statements by many different people on many different platforms that led to disproportionately negative impacts on their lives relative to the fairly mundane claims they made.
- conflicts of interest exist and are not to be taken lightly. The FDA, CDC, drug companies, are all basically the same people. There is a profit motive to minimize the harms of certain drugs. This is not a hypothetical -- see oxycontin, tobacco, etc. There is reason to be suspicious of "health authorities".
- a lot of people seem to have crazy, obviously wrong/outdated views of COVID that are orders of magnitude off from the actual risks, and are very militant about policing those views and imposing them on others through government action. In some respects it resembles mass hysteria (this is the "mass formation psychosis" meme that went the rounds on the news, where he compared it to the rise of the Nazis. This was taken out of context largely I think, but you should listen to it for yourself).
- the nuance is lost in discussion of covid these days. You're either a science-based smart person or a conspiracy theorist antivaxxer. There is no in-between, and the truth is probably not absolute on one side even if it's heavily leaning on one side.
The thing he mentioned that I disagreed with or found less convincing, but are worth mentioning because they raise points that can and should be addressed:
- Malone's most questionable claim and the one he caught the most flak for is his claim that the risk of serious side effects in some populations as an adverse reaction to the MRNA vaccines can exceed the reduction in risk from covid-19. These are populations like kids, 20-year-olds, or people with a history of allergic reactions to vaccines. He claims that while the data on its own suggests the opposite is true, the side effects of vaccines are underreported due to flaws in the federal vaccine side effect reporting system, and that the deaths by covid are overreported by hospitals.
(He gives a fairly reasonable argument for this, and I think it's worth listening to it for yourself rather than reading the same mostly out-of-context sentences repeated on news articles reporting on the podcast, but after further research I am mostly unconvinced -- the main counterargument that is convincing to me being that over 100 countries have given the MRNA vaccines and you'd expect at least one of them to notice such a serious effect if it existed)
I have not responded without listening to what he said, I followed him for quite some time to see what exactly he had to say.
I do not like censoring by big tech as well, but when they take down outright lies which actually get viral and change people's opinions, I am no longer sure. Nuanced facts, data does not go viral. Tweets with controversial information do.
Serious side-effects, risk-benefit calculations, are very nuanced and take much more effort to bring up and share [1]. He presents a very one-sides story, every single day. That is not helpful.
He took very selective parts of news which aligns with his opinions and tweeted just that. Thanks to twitter's censoring, I can't even share those :facepalm: but you can look up archived data [2]. It is not even a single person, they have a pretty good group doing it every single day (Peter McCullough, I am sure you heard of him) [3] [4].
I find it difficult to create a censorship model that can distinguish between "nuanced counterfactual take" and "contrarian falsehood". I think a lot of people already know this is a problem (e.g. censorship of the Wuhan lab theory).
I am fairly biased though -- I would rather 100 dangerous falsehoods get shared (even if it results in a lot of people believing wrong things) than a even 1 true fact get censored and that puts me in the weird position of often defending people and takes I disagree with and dislike.
WHO: "As a matter of global equity, as long as many parts of the world are facing extreme vaccine shortages, countries that have achieved high vaccine coverage in their high-risk populations should prioritize global sharing of COVID-19 vaccines through the COVAX facility before proceeding to vaccination of children and adolescents who are at low risk for severe disease."
Germany: "Since children and adolescents have a relatively low risk of getting seriously ill with COVID-19, the risk-benefit assessment of illness or vaccination is different than for adults. Therefore, the STIKO has not issued a general recommendation to vaccinate all children from the age of 12, but recommends that children and adolescents with certain underlying conditions who are particularly at risk get the coronavirus vaccination"
France: "In the light of these elements and taking into account the evolution of the epidemic, the HAS considers that the individual benefit of the vaccination has been established for children aged 5 to 11 years with comorbidities and who are at risk of severe forms of Covid-19 and death. In total, this concerns a little over 360,000 children in France."
This is definitely not precise. I confirmed that the lookup is also performed by Proton servers for mails sent to third party mail services, not just from third party mail services. Are they also scanned?
> We do NOT have access to encrypted message content, but unencrypted messages sent from external providers to ProtonMail are scanned for Spam and Viruses to pursue the legitimate interest of the protection of our users.
It might be because of path normalization by your http client. For example, with `curl` you will also need to use `--path-as-is` to correctly test traversal. Another reason could be path normalization by the reverse proxy/WAF.
> --path-as-is
> Tell curl to not handle sequences of /../ or /./ in the given URL path. Normally curl will squash or merge
Thank you for the detailed writeup. This is a topic which I think is not discussed much.
> We will split public-facing CI from release infrastructure and internal CI infrastructure. (teleport#8268)
Did you also consider some form of out-of-band approval mechanism for production environment access? (via a chatbot / push notification etc). I think something like that might work technically, but scalability might be a challenge. It might be easier to manage in comparison to a self-managed complete second CI system though. I have been pondering over it for some time to be able to utilize Gitlab CD without providing Gitlab all keys to the kingdom.
> Did you also consider some form of out-of-band approval mechanism for production environment access?
No, not before your comment at least. Vendor CI tools (be it GitLab, Drone, etc) often make it difficult to use this workflow. Their typical model is long lived static creds, and gating authn/authz around job kick off. I'm not aware of any that would work with delegated/approved credentials, at least without writing a custom secrets plugin. If anyone knows of such capabilities, give a me a holler.
Furthermore, there is still the risk of any service available to external contributors being compromised (as we saw in the this vulnerability). I'd just as soon have "no prod secrets touch a system that does external CI" as a security invariant -- no matter how trustworthy that external CI system is.
In a bittersweet irony, out-of-band approvals are in our product:
but we're not there with CI yet. :/ It would be fantastic if we could have short lived credentials issued only for the duration of the job, after approval (or better: after delegation) from a trusted party. Something like AWS's `CalledVia`.
Not that we have public evidence to prove whether it was a nation-state or not, but in my experience as a vulnerability researcher, finding high-impact flaws in popular tools (closed + open source) and government services is much more easier than people realize.
Take a look at the number of vulnerabilities reported to US Department of Defense via Hackerone: https://hackerone.com/deptofdefense/hacktivity?filter=type%3... (and these are just the ones publicly disclosed, a lot of them remain undisclosed, you can change the filter to see how many are reported in last few days/hours)
Reported at: December 19, 2019 4:19pm +0000
Resolved: 1 Month ago
And this is when there is no bounty attached to these, just some Hackerone points which help you gain higher reputation and possibly win some private program invitations. Imagine how many reports a monetary reward would bring in. I would really be surprised to know that adversaries are not already hoarding the flaws, especially when this is their daily business.
Pursuing research in different fields (especially computational physics, bioinformatics) in personal capacity.
I had once asked the same question to a scientist friend who actually wanted to switch back from research to engineering to find some practical implementation of the things he had been working. I guess it was partly because organizational research does confine you within certain bounds and most of the times its taxpayer money so you have that in the back of your head to make sure you do not abuse it and actually perform relevant research which is "useful". This is why I have explicitly mentioned "personal capacity".
> regularhours.net and holdmydoor.com appeared on a Turkish CERT list in November 2019
> we observed MONARCHY and SNEAKY KESTREL continue to use these domain names in attacks through August 2020.
Interesting to see that the malicious hosts are not in any standard blacklist or safe browsing databases for browsers while Turkey's CERT has been sink-holing them via ISPs on a national level since at least 2019.
> while at the same time those same sources get used easily for their own arguments
100% this!
Telegram channels and Substack seem to be super popular for this sort of propaganda. I also did a technical analysis of many of the websites shared in these channels and found:
- they use very heavy trackers
- keylogging for webpages is common
- they all use privacy shields for `whois` info
- third party cookies
You can find some of these if you want to take a look in https://github.com/Langer81/Summer-REU-Research