contact info (long)

DB LeConte-Spink  ::  digital~maquis

Good day, folks.

Back on my old site (and yes, I’ll get that content merged into current iteration someday… theoretically), I wrote up a contact information page that included an absurdly long-winded list of comms options available to get ahold of me.

The (moderately twee) in-joke of that is that there’s been a tendency, over the years, of some people to blurt out that it’s “difficult” to get in touch with me. Actually, except when I’m incarcerated (on whatever the most recent pretext is — which varies stochastically over the years), I’m about the easiest person in the world to contact. That’s because in “real life” (i.e. not-being-persecuted life) I’m a specialist in secure digital communications tech. There’s no “cobbler’s children” dynamic at work with that, either: I know digital comms reasonably well, and I use digital comms pretty effectively, as-needed.

So the “contact info” page was a not-so-subtle (surprising, right?) rebuke of all the derps who would accuse me of — and this is the subtext — hiding under a table someplace, too scared to come out and face the violent, bigoted, Normal-dominated world. Which is… funny, in the “that’s so dumb, it’s funny” way. Which is really not actually funny, but we’ll still use the phrase.

Also journalists used to, occasionally, use as an excuse for their total failure to fact-check anything written about me that they “didn’t know how to get in touch with me.” Thus: a gratuitously-detailled, well-Pagerank’d, broad-optioned contact page. Not that any of those journos ever used it to, you know… contact me. Still, it was funny — the “you lying cowards” kind of funny which, actually, really is a little bit funny… to me, at least?

With that said, here’s a newly-updated, gratuitously-detailed menu of options through which folks can contact me. I do actually check each of these regularly, and have (moderately-effective) automated tricks to remind me if stuff comes into some of the more obscure ones… in theory, anyhow. Point being: yes, these all work and, yes, they’re all current.

I haven’t listed my home (physical) address and phone number that rings to my handi — but if someone double-dog-dares me, I’ll probably add those in because neither is any secret and I’m not keeping them secret. I’m more worried about getting yet-more automated SMS/postal spam than anything else. But yeah, whatever… it’d be funny to post that info. And the kind of funny that… ok, that whole “kind of funny” thing isn’t funny any more. 😛

I’m not doing a full security-audit sort of review of each option, in terms of various security characteristics of each. However, below the bloated list I’ve included a few basic tips for folks who might have legit security issues to consider in contacting me.

ζ ~ primary personal email — obviously not LEO-secure, because gmail

ζ @LeConteSpink ~ primary personal twitter account, accepts non-follow DMs

ζ ~ primary tech-related email — obviously not LEO-secure because you know already

ζ ~ has my longtime PGP public key, and also nowadays some sorta crypto-messaging-app thing which seems decent

ζ github ~ I’m ‘pjstorm’ there, and it’s not actually a messaging platform but you could submit random pull requests to me with opaque personal messages included as code comments and wouldn’t we be super-tech if we did so! 😉

ζ @HavenLabs ~ twitter account I’m active in, although others (occasionally) are as well, so super-sekret DMs to it might not be seen only by me

ζ ~ the old-skool (pre-keybase) copy of my PGP public key; if you don’t know wtf this gibberish is for, I recommend that you don’t bother learning — seriously. It’s fiddly.

ζ BM-NAueHWwiZQ26TgX9iXPqtiMjMBB5dc5t ~ my primary (tech) bitmessage adddress, which I’ve had for ages so yay me! I have a long-running soft spot for bitmessage — inverted messaging ontology ftw — and there’s a pretty decent (although resource-hogging) Android client (called ‘Abit’) nowadays so it’s actually not necessary to initialise the whole pybitmessagechaotic universe to make it work — nice! Also look… I’ve not checked the security details of BM for a while, so if your life depends on the secrecy of something you are sending me, and you haven’t done a code-audit of the underlying guts of the BM ecosystem recently, then don’t use it. Otherwise, BM me bro.

ζ pond ~ AGL hasn’t updated pond in forever and it’s more of a PoC anyhow… but I put it on my old list just to be a dick, basically, so I’ll do it again here just to, err… be a dick? If you want to ‘pond’ me or whatever, wrap your esoteric handshake request in a PGP’d textbrick, stick it on pastebin (or an au courant conjugate), make a disposable twitter account, and DM me the pb URL; we’ll ‘pond.’

ζ Wire ~ I’m “@cryptostud” (too many @’s in today’s world, imho) on Wire and word is cool crypto kids use Wire nowadays (do they, really?) so I have a stateful presence there.

ζ Signal ~ I will forever be a to-the-wall supporter of Moxie’s work with the old TextSecure tool, and I will always be happy to extol its virtues. It’s still bonded in some subtle-and-critical way to SS7-based identities, so if you want to ‘Signal’ me, hit me via some other channel, I’ll provide you with POTS moniker, and off we go. I heart Signal.

ζ Telegram ~ I don’t use Telegram and never will, because it’s creepy and I don’t trust their entire security architecture… which is perhaps totally unjustified on my part — but I still won’t use it. Don’t bother trying to assure me that Telegram is not creepy… because it is! I’m old and codgy and no. {edited to add: turns out Dr. Greene is the likely source of why I don’t Telegram, hence h/t duly offered}

edited to add: someone asked me to make a Telegram account so I did (ID: digitalmaquis)… which just goes to show how reliable my statements are!

ζ ~ this basically echoes a personal PGP (public, obviously) key I’ve had for a while but afaik never actually used… but if you want to be a dick (fair enough), demand I use this and I’ll dig it out of cold storage, wherever the fuck it is. In theory. 😛

ζ stock POP3/SMTP ~ if you want to use one of these, I’ll get you a current address and we can do the 1990s thing with email. And manual PGP crypto, too, if that makes your nipples hard.

ζ ICQ ~ I have a seven-digit ICQ number I’ve had since before it was Israeli-owned, and if you want to use that then just let me know and I’ll dust off a client and log in. Please, do: looking for an excuse since forever!

ζ XMPP ~ This used to just be the backend for Google-chatwhatevername… didn’t it? But now it’s been orphaned by the Googleplex, or something? Meh, too lazy to find out currently. But I know how it works, so if you want to make Pidgin do this, tell me and I’ll download 10,000 purple-named libs (because OTR) and make Pidgin do its thing and we’ll talk, m’kay? ^_^

edited to add: ‘k so I’ve created cryptostud<at> (those guys are great, btw); also announced on twitter. Roger that.

ζ Briar ~ I’ve made an account on this interesting-looking personal messaging app (“cryptostud”) and I’m keen to use it a bit and see how it shakes out. So ‘briar’ me, if the spirit moves you.

ζ LinkedIn ~It’s not really a contact channel, that’s true… and yet it’s colourably useful for contacting folks; besides, I’ve done some work adding in lots of biographical stuff in my profile so on this list it goes!

Err… some weird dude on LinkedIn 😀

ζ ResearchGate ~ Though I’ve not loaded much/most of my research projects into RG just yet, there’s at least one there… hey, it’s a start. 😉

ζ hushmail ~ I had a hushmail address for decades, even after the pushed-.js CALEA issues (if you have to ask, don’t ask), but they went to ever-more-aggressive pay-demand business models and eventually… whatever. Done. Sorry. It was cool twenty years ago when Zimmerman was there. Now it’s like the Yahoo(!) of secure email. Which is not a flattering look.

ζ IRC ~ aaaah… now we’re getting somewhere: just tell me where you’ll be, I’ll appear there, we’ll dodge the bots and pretend the NSA isn’t sitting in admin mode logging everything we say to Bluffdale — just like the Good Old Days, long live mIRC!

ζ facebook ~noooope.

ζ Hayes AT command-set analog machine-to-machine comms ~ ok, this is getting ridiculous, even for me…

~ ~ ~

I once received a really important, really private, very short tidbit of information via a subtly-clever use of a draft-saved, server-side message in a quotidian comms channel. No, I won’t go into details — sorry. But the point of that is that, if you are dealing with legit life-and-death shit, then there’s no magic security-perfect comms gadget that will get it from me to you with nobody seeing it, 100% confidence. To do that, you need to do alot of work, think alot about adversaries, study the subtle ways smart (read: “intelligence community”) people do in the field, etc. If you aren’t willing to do that, then you had best learn tradecraft: dead drops, etc. I know fuck-all of tradecraft, btw, so don’t ask me for advice on how to do it — I fucked up the only dead drop I ever tried to retrieve, which just goes to show.

And yes, I’m one of the founders of the “consumer VPN industry” — started our first company in that space in late 2006 (using openVPN), back when Relakks was still minting money with PPTP. Wait, they still are, aren’t they? Hahahaha. Anyhow, I know a little bit about (civilian) secure comms tech, and I also know how easy it is to do it wrong. <thumps chest>

~ ~ ~

Serious note: if you are someone reading this who actually wants to communicate with me, and has legit security concerns, here’s my advice. First, think about what you’re trying to keep secure, and from whom. Your identity? The content of your message? Against LEO (ie cops), or spies, or hate-group losers, or..?

Because, at one end of the spectrum, if you’re doing heavy work that a nation-state-level adversary wants to know about and you need to talk with me about that work without anyone knowing about it or you will be tortured to death (I’ve had a few of those convos over the decades), then you need to do alot of research before you ever ping me (or read this page!). I’ll reciprocate from my end if this is the level of play in your world, and I won’t drop the ball and leave you exposed.

If — far more likely — you are a zoo who wants to talk about something, but doesn’t want to get outed or stalked by cowardly hate-bigots or have local cops sniffing around your butt because you are talking with me, then this is what I suggest:

  1. Get a free email account at a decently-secure place like ProtonMail (I hear good things, fwiw).
  2. If you have the technical chops (and yes it’s still a bit fiddly, sorry) to do VPN security, use cryptostorm for every connection you make to ProtonMail. But if this is not reasonable, honestly it’s not the end of the world for you to hit Proton from your home/mobile IP (because long boring threat modelling essay I will spare you the pain of reading).
  3. Get a message to me via whatever channel, innocuously — and ask me to make a ProtonMail account which I will gladly do and I’ll post that here (or in twitter, or whatever). Send me a message there, and we’ll talk. In terms of security, that doesn’t actually suck — and it’s not fiddly.

Alternatively, if you’re just paranoid enough that trusting ProtonMail not to be evil, or to be subverted by IC/spooks, or to be explicitly hacked by the NSA (and GRU, and APTs 1 to 1×10³), or perhaps if you (wisely) find the thought of relying on x.509 to enable TLS-layer cryptographic validation (and who hasn’t had cold sweats in the dark hours of the night when thinking about x-fucking-five-oh-nine-oh-God-we-trust-this-shit-also-ASN.1-which-holy-Jesus-on-a-sharp-stick..?), then this:

  1. Drink a cup of coffee, pull up a tutorial on PGP encryption, and learn the basics of public key cryptography. It’s got inherent complexity, because it’s functionally equivalent to magic — but you don’t have to learn the whole thing, just basically what the public key does and what the private key does.
  2. Do the same as above, wrt setting up a ProtonMail account (or any provider, really).
  3. Use my public key to manually encrypt whatever message you want to email to me.
  4. Include your own public key in the email you send me with the textblob that results from you encrypting your message to me.
  5. I’ll decrypt your message on a (moderately-hardened, best-effort) local machine, read it, reply, encrypt with your public key, and send the encrypted textbrick back to you.

Yeah, it’s a bit clunky compared to a quick DM in twitter — or to just using ProtonMail. But it actually is structurally much less vulnerable to a whole shit-ton of real, in-the-wild, these-really-work attacks that otherwise might be low-probability but are still not fantasy-land issues. Like: some disgruntled TAO genius pops Proton and injects horrific rootkits in their machines just to be an asshole, and despite end-to-end there’s obviously corruption of pushed binaries if you pwn the entire damned infrastructure via a gorgeous BIOS/CMOS subversion that the civilian world doesn’t have a name for yet, and blah blah blah… yes such things can happen, and you could in theory get caught in the crossfire of some APT-level battle or whatnot.

Meanwhile, if you just want to talk with me — for whatever reason — and the entire security thing is simply not top priority, then the conventional channels of email or twitter DM are all quite viable (even if not secured from .gov at a certain level, and etc., &c.) so please do feel free to use them.

I won’t post your DMs for the world to see. Really, I won’t. In fact, I’d go to prison for years rather than betray someone’s privacy as entrusted to me. Actually, I’ve gone to prison for years because I wouldn’t betray the privacy trust others have placed in me. So there’s that. 😛

Oh and back to bitmessage: I do think it’s cool. It totally removes some layers of security risks in conventional messaging: write to the blockchain from anywhere, and I’ll pick up that message as that ‘chain update runs through my local node. Cool! No idea if Equation Group mages (<ahem>NSA/TAO<ahem>) have borked the code already, or whatever — but even if they have, you prolly aren’t an EG target so who cares if they read your steamy zooish fantasies that you want to send to my attention… or what-ever. They’ve seen plenty of that already. Trust me.

As is pretty obvious, I could keep writing… and writing, and writing… on this subject for a really long time and not run out of words. I’ve spent a few decades of my (professional) life thinking about,and building tools for, and participating in this place in tech. And I love it — it’s fascinating, important, fast-moving, complex, and real. The real contributors in this tech space are also awesome, amazing people — each and every one, in fact.

Alas, this kind of inside-baseball security tech writing is totally boring to 99% of the people reading this, and I get that. However —and surprisingly — there’s actually a subtle but nontrivial point in my making this a longer-than-needed essay (that could turn into a book without too much additional temptation). The point is this:

There’s more than a few folks reading this who, I know, are thinking “he’s not really a tech guy — that’s all just hype” — or some variant thereof. And, no, I’m not a “tech genius” and never claimed to be. Just for the record. However, yes, this is the sort of thing I’ve done professionally for longer than some of the folks having those doubts have been alive. So there’s that, right?

For ten years, my life has been turned upside-down by attacks from every layer of “law enforcement” from local cop thugs who like hitting/shooting people all the way up to heavy United States federal government attacks with near-unlimited legal, technical, and financial resources at their disposal. Also some non-governmental adversaries that never made it into Uniquely Dangerous and that, if you’re reading this, you cannot possibly imagine what was involved in surviving those experiences. Really: you cannot imagine.

During those ten years, I’ve been thrown in and out of jails and prison — in two countries. My professional life has been subjected to all those exogenous pressures of repetitive, pretext-based incarceration— not to mention the small matter of being an outspoken advocate for a hyper-persecuted minority community, subjected to intensive and near-universal persecution from non-LEO attackers simply based on my sexual orientation. I’ve been near-death several times as a result (ask me about being poisoned, tased, also rubber bullets — yay!), I’ve earned PTSD of a sort that’s had me in years of weekly treatment (which is going well actually, thanks), I’ve seen my family murdered in order to break my spirit and make me kill myself…

And on and on. Y’all know the story (mostly) from UniquelyD, so I won’t belabour it here further.

Despite that, in those ten years I’ve been a core founding member of cryptostorm — an honour I wear with justifiable pride — and I’ve been part of globally-noted (sometimes, anyway 😉 technical forensic work with HavenLabs (formerly Baneki Privacy Labs). And numerous other related, intertwined, generally-awesome tech projects with great tech people.

In my “spare time,” as it were.

Basically I’ve ‘played the game’ at the highest possible fucking imaginabledifficulty setting (h/t @Scalzi) — and although yes I was “born this way” (h/t Gaga), far beyond that I’ve made the choice, long since, to live openly as I am because fuck you if you think I’m ashamed of myself. I made that choice knowing I would face levels of persecution, danger, violence and difficulty at every step of every part of my life. I made that choice because it matters to me to lead by example, and it matters to me to leave the world a better place for my being here — not just for my own species, and for my own (z) community, but also for our sentient friends who share our planet (not by their choice, alas): the whole, old-fashioned “animal rights” position that treating other sentient species in the disgusting, horrific way that we as a species do is absolutely, totally, utterly, inalterably wrong. Period.

Even playing at this asymptotically-difficult level setting, I’ve been able to serve as a foundational component of some really important technical projects — projects totally unrelated to my cross-species activism. I’ve done this because that technical work also matters to me— and because I love that work. And I’m pretty good at it, at least sometimes. 😉

There is not a single person who has contributed to the hatred and violence that I have faced in that decade — and for most of my adult life — who could possibly walk in my shoes, on this path, for a day, or a week, or a month. I do not say that to brag. I simply speak truth as I know it, 100% know it from living it.

None of you who have attacked me, abducted my loved ones, killed my dogs (Laura “felcher” Clark, that means you), stolen my assets (and my companies), shunned me when I was inconvenient, used me when you could profit from me, cheered the police when they (again) tried to kill me without actually getting sent to prison for premeditated murder, censored or deleted my writing, threatened to kill me yourselves (go ahead and try… I’m still waiting :-), accused me of being an “abuser” when you know — absolutely, completely know — that the accusation is complete bullshit…

None of you have a clue what it has taken to stand tall against all of you… and also, in my spare time, contribute more to the field of (civilian) digital security than all but a small(-ish) handful of gifted, amazing folks around the world who share this field with me (and who have almost all been supportive, respectful, generous, compassionate, and fair with me throughout — notable, that).

None of you hate-pushers even knew I was doing that… even as you were investing countless (hundreds of?) thousands of hours doing everything in your power to destroy me, erase me, degrade me, and silence me. Which is pretty funny, the “you got played” kind of funny. The good kind.

You all lost.

I won.

I never became the monster that you projected onto me — a monster that comes from your own minds, your own self-doubts, and your own personal flaws — not from me. I was never that person, I didn’t become that person, and I am not that person today.

Instead, I have given of myself. I have dedicated myself to helping others, to learning, to studying, to making the right decision when the right decision matters… and to never, ever giving up when the chips are down and I know I am doing the right thing for the right reasons. I have accepted your hate and your violence and your horrors — and I have never become hateful, chosen violence in return, or wished those horrors you visited on me to echo back onto you and those you love.

That is who you are.

That is who I am.

I won.

Just wanted to say that, ’cause cancer and mortality and whatnot — why wait, right? My work will continue long, long after I’m dead and gone. It will continue in a legacy of youngsters in my community who grow up with just that much less self-doubt, that much less sense that they are borne to be victims, that much less sense of helplessness or isolation or shame. It will continue in the soul of every cop or thug with a badge who figured they could pick on “someone like me” for fun and that I’d be easy prey (I’m not — and never was).

It will continue in the slow but inexorable reevaluation of human solipsism that is the true fruit of the tree planted by the story of my life.

It will continue in countless ways I can’t even get a whiff of from here, today — and that’s beautiful.

In contrast, the “work” of those bigots who have poured the darkest and most vile spew of their souls onto me — for years, and decades — will run off and vanish in no time t’all. Their legacy is that they are forgotten as the world moves forwards to a better, non-hateful, reciprocal, respectful future.

They showed their true colours in the nightmares they have visited on my loved ones and I. I have shown my true colours in my “unwavering defiance” in the face of their nightmare abuses… a defiance that never became itself hateful, or violent, or mean.

So, yep: I won. ^_^

Also — and I always wanted to write this — (because Iron Man), so…

Yes… I am Pattern Juggled.

Heh. That was fun.

~ ‘pj’

ps: thought I had a trenchant and timely ‘ps’ to add, but apparently I forgot it 😛

pps: now I remember — embed a message in one of the (many, logically-nested(!!)) vestigial fields to be found in x.509 TLS certs, set up a watering-hole-ish webserver someplace, trick me into going there, make my browser throw a flag on the cert, which ofc I’ll spend hours poking at the cert, and eventually hopefully I’ll unpack your contextually-enciphered message… do that, and you are my hero. 🙂

ppps: here’s the .sig on my tunception email account, if anyone’s curious:

ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ ܢ

DB ‘pattern-juggled’ LeConte-Spink BAMBA (PhD in process… veeery slowly) + BASE 715

☂ co-founder & founding network systems topologist/security architect☂ cryptostorm private network ☂

“unwavering defiance” in the face of bigotry, discrimination, hatred, & violent .gov persecution (cite: AUSA Susan Roe)

@lecontespink personal ¦ ðëëþ.be {@cryptostud twitters} ¦ @havenlabsdigital security research

github ~ keybase (personal) ζ keybase (tech) ζ onename (personal) ζ blah blah blah 😛

Uniquely Dangerous (biography) ζ current update ζ “the cone of silence

registered Aboriginal Canadian ~ Montagnais Métis nation (pre-alpha)

voice/sms: {redacted… because waiting for double-dog-dare}

…ὅπερ ἔδει δεῖξαι…