In the 80s, I got my first access to the internet after reading Steven Levy's book "Hackers". In the chapter on RMS, he mentioned that RMS didn't use passwords and didn't believe in security.
I found the dialup number to the MIT media lab, and tried logging in as 'RMS' and viola, no password, and I had my first shell account on an internet-connected Unix machine, although I was only a teenager, and didn't attend MIT.
RMS's act of charity benefited me greatly, I was relatively poor growing up in inner city Baltimore, and his account was a life line to a new world of the internet and away from the crackhouse infested streets.
I find it interesting that he has changed his standpoint from one of radical transparency to techno-privacy.
Remember, RMS is the guy who hacked LCS's computer lab password file, decrypted all the passwords, and emailed everyone suggesting they change their password to empty string. Now, I get that what he really wanted was to allow anyone to have access to LCS resources, and that would have been better served by just allowing anyone to create an account. But some early GNU accounts nevertheless did not have passwords, and I could read their email, shell histories, etc.
I think there is an interesting question is to the extremes of privacy and transparency in a democracy. If for example, it was not possible to discriminate against people, and if the government could not abuse any information gained on someone, then it might be the case that society would better off if there was very little privacy, because private distributed abuse amongst non-state actors would then be the biggest danger. If on the other hand, the state is far more abusive, then the fraud and violence perpetrated by small actors uncaught by surveillance is dwarfed by the damage done by the state having this information.
The question is, is it black and white, or is there some level of justifiable dragnet surveillance? Can democracy also tolerate Cryptoanarchy?
Power demands transparency. Lack of power should give you some privacy.
An individual has right to privacy and to waive said privacy when it considers appropriate. The case with Stallman you mention was waiving some of his rights to give his colleagues easier access.
Powerful organization should be forced to be transparent to maximum extent that is reasonable - you shouldn't be forced to give out your trade/state secrets, but classifying everything as such and hiding is a worse transgression. They don't have the right to waive their transparency when it suits them.
In the 70s, 80s, there are few computers and few people know what to do with computers and the Internet. It was fine. But today's hacking (or cracking) is driven primarily by the black market. So you can't just let anyone to log into your shell and do things. Back then you may be able to trace the person who logged into your account but today this is getting difficult (even for NSA this can be difficult in some situations).
Today hacking into anyone's /etc/passwd and decrypt all the password is a crime and your best friend will be more careful when handling secrets with you if you do that to him for "change your 123 to something more complicated".
One could argue he hasn't changed at all. On the contrary, it's the obligation of the actor to act transparently toward those acted upon.
In your case, you were the actor dropping in on RMS so the obligation was on you to be transparent about it. I'm guessing you weren't, since it wasn't very polite to peek at their email ;)
And therein lies the dilemma. Those with power will observe yet must be transparent about said observation. However they aren't transparent for fear of tipping their hand to what is essentially the proverbial "boogey man" that is terror.
Well, I did nothing to conceal the fact that I ran the mail command. I was only a teenager, knew nothing about Unix nor internet mail, and so I was looking at shell history and trying commands at random exploring. The system was regularly backed up and restored, so for example, if you installed something like a MUD server on RMS's account, the next day it would be reverted.
From what I could tell, the GNU accounts were held nothing more than mailing lists, there was never any private correspondence that I could see.
I'm pretty sure RMS was aware his email and everything he did on the account could be seen by everyone. In fact, his mbox file wasn't even protected, you could grep the /var/spool/mail directory.
What a wonderful and innocent time in the computer world it was back then. Thanks for sharing this. It seems they all treated mail as a message board; just a means to share ideas publicly. And if you weren't going to put it on those lists, they it didn't belong in email after all.
Many of us who aren't quite as old-school as RMS still treat electronic communications in this way.
Yes, there's communications we'll make which are more privileged, but we understand that fundamentally the system is open to observation and snooping. If we've got something to say we don't want others to know, we say it in person, using crypto, or through code (formal or informal) which will be difficult for others to understand, if at all.
And there's still good old mail. First class will often reach someone faster than they'll dig through their mail spool these days (and a letter indicates an investment in communication), even next-day mail is pretty cheap (much less expensive than FedEx).
Yeah, the Morris Worm was the first big strike against such openness. A lot more stuff got locked down after that.
I remember a lot of universities allowed you to telnet in and log in as 'guest' with no password back then. IIRC, I could telnet into Berkeley XCF and UIUC.
This is before my time, so take this with a grain of salt. But I don't think RMS has changed that much. He still advocates unlocked wifi networks ( http://stallman.org/#long-term -> https://openwireless.org/ ). My guess is that his crusade to use empty string passwords was actually just to let the common man have access to computing resources. These days, a password means much more and I'm guessing that RMS could explain why his fundamental view of security is the same still.
excerpt from Steven Levy's book "Hackers" Appendix A. The Last of True Hackers
Stallman, who liked to be called by his initials, RMS, in tribute to the way he logged on to the computer, used the Hacker Ethic as a guiding principle for his best-known work, an editing program called EMACS which allowed users to limitlessly customize it—its wide-open architecture encouraged people to add to it, improve it endlessly. He distributed the program free to anyone who agreed to his one condition: “that they give back all extensions they made, so as to help EMACS improve. I called this arrangement ‘the EMACS commune,’” RMS wrote. “As I shared, it was their duty to share; to work with each other rather than against.”
EMACS became almost a standard text editor in university computer science departments. It was a shining example of what hacking could produce.
But as the seventies progressed, Richard Stallman began to see changes in his beloved preserve. The first incursion was when passwords were assigned to Officially Sanctioned Users, and unauthorized users were kept off the system. As a true hacker, RMS despised passwords and was proud of the fact that the computers he was paid to maintain did not use them. But the MIT computer science department (run by different people than the AI lab) decided to install security on its machine.
Stallman campaigned to eliminate the practice. He encouraged people to use the “Empty String” password—a carriage return instead of a word. So when the machine asked for your password, you would hit the RETURN key and be logged on. Stallman also broke the computer’s encryption code and was able to get to the protected file which held people’s passwords. He started sending people messages which would appear on screen when they logged onto the system:
I see you chose the password [such and such]. I suggest that you switch to the password “carriage return.” It’s much easier to type, and also it stands up to the principle that there should be no passwords.
“Eventually I got to a point where a fifth of all the users on the machine had the Empty String password,” RMS later boasted.
Then the computer science laboratory installed a more sophisticated password system on its other computer. This one was not so easy for Stallman to crack. But Stallman was able to study the encryption program, and, as he later said, “I discovered that changing one word in that program would cause it to print out your password on the system console as part of the message that you were logging in.” Since the “system console” was visible to anyone walking by, and its messages could easily be accessed by any terminal, or even printed out in hard copy, Stallman’s change allowed any password to be routinely disseminated by anyone who cared to know it. He thought the result “amusing.”
Still, the password juggernaut rolled on. The outside world, with its affection for security and bureaucracy, was closing in. The security mania even infected the holy AI computer. The Department of Defense was threatening to take the AI machine off the ARPAnet network—to separate the MIT people from the highly active electronic community of hackers, users, and plain old computer scientists around the country—all because the AI lab steadfastly refused to limit access to its computers. DOD bureaucrats were apoplectic: anyone could walk in off the street and use the AI machine, and connect to other locations in the Defense Department network! Stallman and others felt that was the way it should be. But he came to understand that the number of people who stood with him was dwindling. More and more of the hard-core hackers were leaving MIT, and many of the hackers who had formed the culture and given it a backbone by their behavior were long gone.
I found the dialup number to the MIT media lab, and tried logging in as 'RMS' and viola, no password, and I had my first shell account on an internet-connected Unix machine, although I was only a teenager, and didn't attend MIT.
RMS's act of charity benefited me greatly, I was relatively poor growing up in inner city Baltimore, and his account was a life line to a new world of the internet and away from the crackhouse infested streets.
I find it interesting that he has changed his standpoint from one of radical transparency to techno-privacy.
Remember, RMS is the guy who hacked LCS's computer lab password file, decrypted all the passwords, and emailed everyone suggesting they change their password to empty string. Now, I get that what he really wanted was to allow anyone to have access to LCS resources, and that would have been better served by just allowing anyone to create an account. But some early GNU accounts nevertheless did not have passwords, and I could read their email, shell histories, etc.
I think there is an interesting question is to the extremes of privacy and transparency in a democracy. If for example, it was not possible to discriminate against people, and if the government could not abuse any information gained on someone, then it might be the case that society would better off if there was very little privacy, because private distributed abuse amongst non-state actors would then be the biggest danger. If on the other hand, the state is far more abusive, then the fraud and violence perpetrated by small actors uncaught by surveillance is dwarfed by the damage done by the state having this information.
The question is, is it black and white, or is there some level of justifiable dragnet surveillance? Can democracy also tolerate Cryptoanarchy?