Re: Anonymous not freedom fighters

[Paul Vixie <vixie () isc org>]

> From: <robert_mcmillan () idg com>
> Date: Sun, 13 Feb 2011 14:58:26 +0000
>
> "Denial of service is not merely a peaceful protest meant to garner
> attention for a cause. Denial of service is forcible and it is
> injurious. It is not like any form of civil disobedience, but rather
> it is criminal behaviour more like looting. "
>
> But is it really? If I loot your shop, I now possess something that
> rightfully should belong to you. DoS isn't entirely like this. How is
> DoS different from shutting down business at a brick-and-mortar
> location by holding a big rally?  They're both "forcible" and
> "injurious."

i'll address those two issues independently.

first, possession does not matter and durability does not matter.  forcible
injury occurs in this case because someone is deprived of value whether it's
measurable in dollars are not and whether it can be possessed by the depriver
or not.

second, there are checks and balances in place for "big rallies".  if egypt
does not settle down at some point and stop having big rallies and restart
their economy they're going to have trouble growing and importing food.  i
think the "rule of law" is pretty much out the window on such things, and the
exact same issues are at stake -- the crowd ultimately has to balance the
need for chaos against the need for order.  the "rule of law" wins out in
some form even if it's a new government afterward.

so, suspending the "rule of law" in that situation is beyond the scope
of my blog post.  if a million disgruntled citizens want to protest
their government that's a very different matter than a few dozen
disgruntled activists protesting the existence or nonexistence of
something like wikileaks.

the internet infrastructure has too many coupled dependencies to be used
for protests in this way -- there's no way to isolate the effects so that
people and activities who aren't being protested won't be injured.

but even if it were possible to isolate the effects i would find statements
of the form "i'm for freedom so i'm ddos'ing you" to be totally irrational.

> People are often arrested at these G20 protests, but they're generally
> later released or charged with a misdemeanor. The consequences of
> those arrests are much less severe than in the case of DoS attacks.
> In fact, the consequences of those protests seem much more severe than
> a DDoS attack. I was in Toronto last summer and the city's center was
> essentially shut down both in anticipation of the G20 protests, and
> then moreso when the protests actually happened.

there are in that situation checks and balances.  the protesters at a G20
summit are expecting to get arrested and it's a risk they're willing to
take.  if the people who ddos'd wikileaks or who ddos'd the banks who did
not want wikileaks as a customer were taking the same risks i'd be less
concerned about the instability of their implied new social order which
seems to be "anybody who is angry at anybody can take pot shots at them
through the internet infrastructure without any cost or risk to themselves."

that way lies madness and there is no moral foundation for it no matter
what the ddos'er may say or may believe.  as a habitat, the internet
infrastructure is fragile and easily overrun by bad acts or bad actors
who behave nonsustainably and for whom no checks and balances exist.  i
am working on that but my work is way behind the curve for ddos attacks.

> Anyhow, I'd be interested in seeing you expand on this a little more,
> as I think it's an interesting question.

loving as i do the sound of my own voice, i'm glad you asked for details.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.