I have this hypothetical question I’ve been using periodically to talk about the relevance of ad hominem in evaluating software:
What if Hitler gave you a cheese sandwich?
It’s a pretty simple question. Imagine you’re sitting there and, yeah, Hitler is eating across the table from you. He’s got a cheese sandwich and he hands it to you. “Hey, want my grilled cheese?”
Most normal folks would turn him down, politely most likely but they’d definitely not eat a sandwich from a guy who used to slowly increase his doses of arsenic. But also, you’re probably thinking, “No way, this guy’s an insane mass murderer, I’m not eating that damn sandwich.”
Ok, change this up some more, what if you were walking by and there was a box labeled “Cheese Sandwich” and right under that is a Nazi Swastika. You gonna eat it? No Hitler involved, just a box with a cheese sandwich on it sitting there looking like you can eat it if you want?
Sure, you might open it, look at it, maybe sniff it, but most normal people won’t eat it. Why? Because that Swastika has suddenly got you thinking about the history of this sandwich. Why is that on there? Where did this thing come from? Is it poisoned?
Let’s go one step further, and say you just find a random sandwich in a clear plastic bag on a table. Nobody’s around, and you’re kind of hungry. You going to eat it? Again, most normal people who can buy a sandwich won’t eat it. It’s just laying there. Who knows how long it’s been there or what the hell’s been done to it.
Instinctively, humans have this sense of avoiding things that will poison them, and that involves using their memories, sense of history, and ability to think ahead to predict what could happen. This is how we’re able to figure out how to eat a huge range of stuff no other species has figured out. We use this finely honed sense of “that food will poison you” to avoid getting sick and to find food that will keep us fed.
Programmers and other “logical” types seem to lose this ability when it comes to information. They’ll frequently get information poisoned with stupid ideas because they think the motivations and history of the person telling them something doesn’t matter. They remove the context of the words and evaluate only what’s said and nothing else, and then believe the most absurd stuff ever.
This belief that any look at a speaker’s motivations is “ad hominem” leads many smart people to believe the incredibly stupid things.
Everything Has Already Been Said
The reason evaluating a person’s motivations matters these days is because there’s been a massive increase in the amount of information created and stored over the last 500 or so years. Basically, a whole hell of a lot has already been said by someone else at some point. In fact, most ideas are so horribly unoriginal that the only thing you really have to go on when evaluating them is why someone could be telling you this.
Let’s say I tell you that my software is “language agnostic”. Well, that’s been done before in other ways, so you have to look at why I might be telling you that. The idea itself isn’t original or that useful, but if I then tell you, “because I want people to be able to use the best tool and not get caught up in language wars,” then you can evaluate the statement better.
However, if I tell you don’t look at my motivations, or where I’m coming from, or what I used to do, and claiming “ad hominem!” then I’m most likely trying to trick. An honest person has no problem with you looking past the words to the motivation. Dishonest people will try to bluff so you don’t look too closely.
If more technologists did this kind of critical thinking, then it’d be harder to get them to use potentially dangerous or crap technology. If they accepted that most everything has been said or tried already, then they can use motivations and historical context to figure out why things might be different. They can also use it to call bullshit or question why things are the way they are.
The Sordid Past And Present Of Tor
Tor by itself, without knowing its history, seems like a great idea. You point your browser at it and suddenly you can view web pages without people knowing that it’s actually you. Great right?
The problem is that Tor’s pedigree is less than stellar. First, it was originally a US Navy project then released to various “hackers” (a word which in a lot of ways is just synonymous with “NSA collaborator” or at least a wannabe). Whether the source code started there or just the idea, you have to ask why the hell the Navy would work on this and then release it.
The Navy of course gave some hand-wavy answer of wanting to use it, but the Navy just doesn’t do something like this without another reason. Who knows what it is, but I this makes my spidey sense go off.
That’s the first strike against Tor, but let’s look at more reasons to not use Tor. How about the research that showed how easy it is to break in various ways. Those might be fixable, so how about that there can be super nodes that with just a small sample of traffic can figure out a lot of content?
Alright, maybe that can be fixed, but then you read about a semi-secret volunteer group collecting data from 12 ISPs and handing it to the government. This Project Vigilant apparently has 600-1500 volunteers who are all hackers collecting and analyzing data and handing it straight to the government without user consent. Project Vigilant also claims it:
tracks more than 250 million IP addresses a day and can “develop portfolios on any name, screen name or IP address.â€
Holy crap, that’s a lot of traffic analysis. Given how small the “hacker” community is, that’s also a gigantic percentage of hackers and security experts on the volunteer payroll of a group who’s job is to illegally wiretap people and circumvent the law on behalf of the government.
I don’t have to remind you abou the panic over the OpenBSD and NETSEC accusations. What about the various entries to the Underhanded C. The truth is, if a large group of determined and patriotic hackers want to infiltrate and inject seemingly innocent maliciousness into code they definitely can. With 600+ potential recruits, they definitely are.
Conflict Of Interest
But all of this is just unsubstantiated and could be hypothetical, what actually worries me is Jacob Appelbaum works on Tor and works for Wikileaks. This to me is the Hitler Grilled Cheese of the argument, the historical context that drives me away from Tor. Wikileak’s job is to take people’s secrets and show them and who’s hiding them to the world. Tor’s job is to do the inverse. The two project’s goals don’t align, and having one dude do both gives me the willies.
You see, if it is fairly probable that there are multiple attacks against Tor, that there is a group actively trying to collect enough data to make Tor pointless, a group with enough people to infiltrate the Tor project, and then Jacob is working for Wikileaks and Tor, then there’s too much going on for me to trust jack and/or squat. Jacob’s affiliation with Wikileaks has made Tor a target big time, in addition to the obvious conflict of interest.
For me–and this is not an accusation against Jacob–the chance that someone on the Tor project is in cahoots with someone else is too high. It’s either the government, this Project Vigilant, or Wikileaks, and who knows what. When claims surfaced that Wikileaks got its initial set of magically appearing documents from Tor, I wasn’t surprised. Having Jacob claim otherwise doesn’t help at all, and I still won’t believe this didn’t happen until possibly decades later when whatever really happens is declassified.
Finally, I will go on record right now saying Wikileaks rocks. I think there needs to be more of this, and actually I think the world will benefit more from more international coverage and more corporate leaks. But, if anyone from Wikileaks tries to work with me or on any project I’m on you bet your ass I’m not trusting them one bit.
Never trust a traitor, no matter how noble their intentions.
P.S. I have a long bet that SELinux is an NSA backdoor. Any takers?