Commenting Policy for This Blog

Over the past few months, I have been watching my blog comments decline in civility. I blame it in part on the contentious US election and its aftermath. It’s also a consequence of not requiring visitors to register in order to post comments, and of our tolerance for impassioned conversation. Whatever the causes, I’m tired of it. Partisan nastiness is driving away visitors who might otherwise have valuable insights to offer.

I have been engaging in more active comment moderation. What that means is that I have been quicker to delete posts that are rude, insulting, or off-topic. This is my blog. I consider the comments section as analogous to a gathering at my home. It’s not a town square. Everyone is expected to be polite and respectful, and if you’re an unpleasant guest, I’m going to ask you to leave. Your freedom of speech does not compel me to publish your words.

I like people who disagree with me. I like debate. I even like arguments. But I expect everyone to behave as if they’ve been invited into my home.

I realize that I sometimes express opinions on political matters; I find they are relevant to security at all levels. On those posts, I welcome on-topic comments regarding those opinions. I don’t welcome people pissing and moaning about the fact that I’ve expressed my opinion on something other than security technology. As I said, it’s my blog.

So, please… Assume good faith. Be polite. Minimize profanity. Argue facts, not personalities. Stay on topic.

Schneier on Security is not a professional operation. There’s no advertising, so no revenue to hire staff. My part-time moderator—paid out of my own pocket—and I do what we can when we can. If you see a comment that’s spam, or off-topic, or an ad hominem attack, flag it and be patient. Don’t reply or engage; we’ll get to it. And we won’t always post an explanation when we delete something.

My own stance on privacy and anonymity means that I’m not going to require commenters to register a name or e-mail address, so that isn’t an option. And I really don’t want to disable comments.

I dislike having to deal with this problem. I’ve been proud and happy to see how interesting and useful the comments section has been all these years. I’ve watched many blogs and discussion groups descend into toxicity as a result of trolls and drive-by ideologues derailing the conversations of regular posters. I’m not going to let that happen here.

Posted on March 24, 2017 at 2:20 PM248 Comments


LKM March 24, 2017 2:44 PM

You might want to reconsider disabling comments. There have been a bunch of studies about how comments color people’s perception of articles they’re reading online, and it’s never a positive outcome; reading contentious comments colors people’s perception of the original article negatively. That’s the reason why popsci turned off comments:

Quote: “Simply including an ad hominem attack in a reader comment was enough to make study participants think the downside of the reported technology was greater than they’d previously thought.”

I realize that this is painful, since there are people who make productive comments and contribute positively to the discourse. However, I’d also like to note that it’s still possible for people to comment on your articles, for example by posting responses on sites like Twitter, or on their own blogs. Meanwhile, your own blog will be free of this toxicity.

fer March 24, 2017 2:55 PM

I agree, disabling comments would be unfortunate as my knowledge has grown as a result of not only your blog, but also the many insightful comments pointing to further information. Let’s not feed the trolls people! Thank you again for your blog Bruce, this can’t be stress enough.

Sigma March 24, 2017 3:01 PM

It’s good to see somebody how at least tries, a lot of sites just disable comments altogether these days. So thank you Bruce, I hope you don’t give up.

S. McCown March 24, 2017 3:01 PM

Thank you for the call to civility. I enjoy your articles along with any informative discussions or debates that ensue. When the comments stay on target, it makes it easier to share articles with co-workers and such, which keeps the discussions going.

yes March 24, 2017 3:11 PM

“This is my blog. I consider the comments section as analogous to a gathering at my home. It’s not a town square.” <– Well said. And to the frequent guests who comment on a regular basis: this wall-fly always enjoys your conversation.

Ricky March 24, 2017 3:30 PM

It’s sad that this even has to be mentioned, but it is the way of the internet today.

Daya March 24, 2017 3:32 PM

Thank you — I agree with your point-of-view. Civil debate is important in all facets of life. Hurling insults only reduces respect for an idea. Thank you again.

Robby March 24, 2017 3:38 PM

I’ve developed the reflexes to reflexively evaporate most comment sections from my perception of the internet, at the general benefit of sanity, but cost of interaction.

But this particular post of yours has inspired me to shed my lurker cloak and participate.

Thank you for asserting your space.

Elliot March 24, 2017 3:38 PM

in reply to LKM above, would not disabling comments would be throwing the baby out with the bathwater? Comments have real value, and the comments on this site have more value than the average site, and platforms such as twitter and Facebook make commenting super easy but when it comes to retrieving and processing that content, they add layers of obfuscation and many milliseconds of delay in accessing content, when content can be accessed at all. The easier it is to comment, the more there will be useless comments. Merely having to fill out a proprietary form is enough to drive away some who are less than constructive. The form is almost unusable on my iphone 5s, but discouraging mobile users might also account for the high quality of the comments here. The effects measured in the study you reference might be less pronounced for a more deeply and intellectually engaged audience which we seem to have here.

With respect to anonymity, and privacy, there are contexts in which both are needed, and other contexts in which both are deleterious to society. I think it best to require people to attach their real identity to most comments, and if anonymity is needed, then a real identity should vouch for the pseudonym, sort of like when a journalist declares an anonymous source to be credible and vetted.

I should mention that the value of comments grows exponentially as the quantity of people in the discussion grows, up to a point, whereafter the value of comments shrinks exponentially with further growth of the group size. Comments by themselves have value, but the interplay of the comments has exponentially more value. This value from the interplay is an emergent phenomenon, and emergence only happens at the phase transition between order and chaos. Too many participants in a discussion = too much chaos. Solution? Cap the number of participants in any given discussion. If more people want to participate in commenting, and the discussion group is full, create a new discussion group. Multiple comment sections per article. We who’ve been around the internet have seen the rise and fall of groups, we’ve seen something special be born, flourish, thrive, and inevitably die. Entropy catches up to all of us sooner or later. But if we understand the underlying physics of the system, then maybe we can cheat entropy. 🙂 … Solution: Host multiple discussion groups, each with a limited membership. Let the group decide to what extent membership should be expanded, or contracted. The number that is good for one group might be different for another group.

I like to think this Tracy Chapman song is about the phenomenon of emergence: (Telling Stories)

Jason March 24, 2017 3:40 PM

I find your perspective and action on this subject tuned to perfection and I have no interest whatsoever in associating or engaging with anyone who disagrees. Intelligent civility is a necessity.

On another topic: have you considered writing a piece on the security implications of a group of openly and brazenly corrupt politicians gaining control of all three branches of the government of the most powerful country on Earth? I’m finding the prospect of that severely alarming from all perspectives, especially security, and am very keen to hear your thoughts on the subject with respect to the present context.

Andrew March 24, 2017 3:53 PM

It would be nice to have a political section, or time to time, some dedicated political posts / debates.
I don’t see too much gain in discussions about keyloggers alone while politicians vote to sell your browser history. They’re all about security.

Sean March 24, 2017 4:09 PM

I was wondering why comments were so interesting, valuable and respectful on this blog, as Internet tends to be more and more mediocre when it comes to anonymous comments.

You’re perfectly right to point it out. This could even be a security topic.

Completely anonymous random guy from somewhere around the world with unknown purposes March 24, 2017 4:12 PM


I read this blog a lot, although I seldom participate with comments.

I just would like to tell how much I dislike websites where I can’t leave my opinion or correct something that I thought it was wrong. I find them as if they were the only path, the only truth, and always right. And I avoid them as much as I can.

Thanks for keeping the things the way they should be. IMHO, of course.


Charmander March 24, 2017 4:12 PM

Thank you for doing this, and thank you for your continued contribution to the public discourse.

John Thurston March 24, 2017 4:13 PM

“Over the past few months, I have been watching my blog comments decline in civility. ”

It seems I’m not the only one who thought this was happening.

“I expect everyone to behave as if they’ve been invited into my home”

In the words of Roger Manifold,
“. . .good manners don’t cost nothing do they?”

Thank you, Bruce, for choosing to share your thoughts. I appreciate your time.

Steve March 24, 2017 4:15 PM

Sadly this has been the state of user comments since the BBS and Usenet days. There is always trollish behavior when there’s perceived anonymity. The only effective means I’ve seen to temper trolling was heavy moderation or a Slashdot-like system where you can filter for higher rated comments. But trolls find a way. We the readers should ignore them but it’s difficult. Especially when a single poster can use multiple sock puppet posts or accounts to appear as different people.

Marty March 24, 2017 4:30 PM

Given your concerns, I have to wonder if some form of pseudo-anonymity would be an appropriate compromise over turning off the comments. The real problem with full anonymity, is that you can’t easily ban the trolls. But, pseudo-anonymity solves that problem, as they can be banned. and as long as you can’t link from pseudonym to real name, people’s privacy and anonymity can be (mostly) maintained.

Keep a database of registered participants (so that people can’t register twice), and then link their email to a pseudonym based on their password. Now, when someone’s behavior is beyond the pale, their pseudonym can be banned, and they can’t get a new one based on the same public identity.

At the same time, this maintains the ability of people to say things without revealing their identity. It is even possible to generate a new pseudonym just by changing your password. (Something that wouldn’t be logged… You probably would also want to avoid keeping timestamps for when accounts are created.)

steven March 24, 2017 5:24 PM

I think not just on this blog (where it is quite well handled by moderators), and not just anonymous postings, but it has also become really difficult to work in collaborative projects online recently. Discussion keeps getting derailed by off-topic worry and fears, and people are very quick to lash out. Have people been too long in Code Yellow? And has social media only polarized opinions further?

substate March 24, 2017 5:34 PM


< I think it best to require people to attach their real identity to most comments

I agree with Mr Schneier’s approach to this: respect anonymity and privacy, and simply delete unacceptable comments. The reason: message content is more important than the messenger.

There are many sound arguments that requiring real names won’t fix the problem – see Deletion of offensive comments does fix the problem.
If the moderator’s workload is too high then volunteer moderators can be recruited after suitable vetting. I’m sure plenty of people would be proud to serve as moderators of such a high-quality blog.

Anonymous Cow March 24, 2017 5:39 PM


First of all, thanks for publishing your blog and providing a space for smart and knowledge readers to exchange ideas.

I’ve also noticed that the same “decline in civility” you mentioned. I have a suspicion that it’s more than just people being rude — it might be a conscious sabotage effort.

I’ve seen rude commenters in another forum dragging down the level of discourse to a very low level. There is rumor that a certain government has a host of paid trolls influencing and sabotaging online forums. Sometimes they attack other commenters like a swarm. Other times they inject rudeness and insults into the forum to stir up needless and pointless arguments. In the end, the forum becomes a much less pleasant place and will turn away many looking for intelligent conversations.

I think you should keep the possibility of sabotage in mind.

albert March 24, 2017 5:47 PM


I hope you don’t kill the comments section. In addition to your articles, and those you cite, I’ve learned so much more from the commenters here than I could ever hope to learn on my own. I value their opinions and discussions, and especially their kindness and tolerance of those of us who are new at this stuff.

By not feeding the trolls and reporting bad behavior, -we- can minimize your trouble and expense in handling the situation.

The signal-to-noise ratio on this blog, even at its worst, is much higher than any others I’ve participated in. That’s worth a lot.

. .. . .. — ….

ab praeceptis March 24, 2017 5:48 PM

Bruce Schneier

I fully agree with your stance and am, in fact, glad to see it written down.

I also agree with you that our work and thoughts relate to the real life out there and hence politics can’t be excluded. Many issues that are of importance for our discussions and work are in the realm of politics.

I do not, however, agree with your intro. Yes, I noted it too and I tried to remind ourselves and to keep ourselves away from it but, with all due respect, YOU were the decisive factor when things turned very partisan and very ugly.

Had you yourself not taken a clearly and obviously partisan position, many here wouldn’t have had a “everything goes” impression. I remember quite well, how I often shook my head and thought “Oh, Mr. Schneier, why are you feeding a fire that is disturbing and bringing down your – valuable – blog?”. I invited to be reasonable, I begged, I scolded, and in the end I mostly stayed away.

Well noted, this is your blog and you do whatever you please in it (that’s verbatim what I wrote then, too).

But I would have wished that you understood both the volatility that quickly got explosive and the problems that became ever more visible and ugly.

Bruce Schneier always was a big name and a – deservedly – respected cryptographer. I remember well how many would consider Blowfish the only trustworthy and good quality option. Moreover you always were a respected and well known activist for “the right thing ™”. Mentioning “Bruce Schneier thinks … (this or that)” cut many unpleasant discussion short, e.g. with clueless managers.

THAT is the currency, that is the force behind your blog, and that is what leads many here. We want to hear what Bruce Schneier thinks about security related matters, incl., to a degree, relevant political angles.

After trumps victory, however, things turned ugly and Bruce Schneier took a position that almost reminded of rachel maddow. I, with all due respect, had a hard time finding the very qualities that made Bruce Schneier and this blog so attractive; I had a hard time finding objectivity and reason. To make it worse you tolerated a never ending (so it felt) stream of purely partisan and often even hateful posts.

There is what I call the laws of the group – and they are valid, no matter whether in a largely technical blog or elsewhere. One of those laws states that any and every group will turn barbaric if reason and some level of proper behaviour is not demanded. I have seen it before and it reliably brought fora and blogs down.

If I may: I’m moderating a blog (of a certain visibility) myself and I have made good experience with one simple rule: The more extreme anything is, the more evidence I demand. So, if someone states, for instance, that either trump or clinton wants to destroy the country, they’d better bring evidence (not blabla or strong opinionating but tangible evidence).

Thank you for your clear statement. I’m not sure that it will be sufficient to bring this blog back to what it once was, but I warmly welcome it and as you might have noticed I anyway stay away from politics as good as I any can.

TM March 24, 2017 5:55 PM

Over the past few months, I have been watching my blog…

Over the past few months, we (the readers of your blog) have been watching your blog change its de-facto name from “Schneier on Security” to “Schneier on Politics” and the problem is that the only view promoted is that of the DNC, intel community, CNN, WaPo and other fake news. You went (or already was there before, but not visibly) to the side of the shadow government, became its vocal agent. And of course your readers are not dumb, they don’t by the fake news you started to promote.

Some of them can argue politely, some just have been pissed off and completely disappointed, that’s why the comments tone change.

The timing also surprisingly match the moment when you sold your company Resilient Systems to IBM. You said in the post announcing it: “Nuts are hard to crack, not swallow. And I would leave before that happens” in a reference to that you’d maintain your neutral PoV on sensitive issues, but what we all have been watching since then is the complete opposite.

Your blog was especially valuable because of the informed comments your readers were leaving. If you’ll start to censor them heavily from now on (and judging by the comments to this post this already started), your blog will loose most of its value.

Elliot March 24, 2017 5:58 PM

if each user who comments is required, in order to submit their comment, to rate a few comments of other users as conforming or not conforming with forum policy…

…now the non-conforming comments will be much easier to find…

…and when you do find a non-conforming comment, if any user rated that comment as conforming, now you’ve found not one non-conforming user (the OP), but several… (those who rated OP’s comment as conforming)

why moderate a community, when a community can moderate its self…

Sancho_P March 24, 2017 5:58 PM

Thank you for your blog, your input, and thank you for this topic.
Your moderator does a good job btw.

steven March 24, 2017 6:06 PM

TM: if what you say is true, it’s still not right for people to respond here with nasty comments. Rather, they should create their own blog of counter-arguments, trying to make that constructive and enjoyable to read. And actually, everyone would be better off that way, no matter whose opinion was right in the end.

Anon March 24, 2017 6:11 PM

I agree with your position, and pleased to see you won’t let it prevent the comments section existing in its present state.

There is much useful and interesting discussion here, and it would be a great loss if it stopped.

Darryl Daugherty March 24, 2017 6:31 PM

One wonders at the total figure required were there to be a crowdfunding initiative for a full-time moderator position. It might be off-shored – India perhaps – to cover nighttime trolls in the West and take advantage of lower labor costs.

Wael March 24, 2017 6:34 PM

This is my blog. I consider the comments section as analogous to a gathering at my home.

And you’ve been a hospitable host. Thank you!

paid out of my own pocket — and I do what we can when we can.

The moderator is doing an excellent job. I don’t mind chipping in, either.

If you want a model to emulate, look at Clive Robinson’s posts.

Riiiiiight. Who’s going to type that much 😉 I know I often get off topic, but it’s all in good faith, really 🙂

Clive Robinson March 24, 2017 6:35 PM

@ Bruce,

You’ve made my ears go red…

But along with others I thank you for the work and effort you have put in over the many years. Finding something new and thus interesting to post once a day is a significant effort, to frequently post twice a day much more so. I suspect a lot of people have not tried to do this even as an experiment thus don’t quite realise not just the effort but also the commitment it requires.

Sadly I think that the Internet is being killed off not just by those who would be thought of as Trolls but by the shocking levels of abuse from commercial organisations. Especialy those who see a need to monetize in any way possible. Thus I very much appreciate the lack of even discreet advertising on your blog.

But further that you have kept this blog free from needless technology. The fact that it does not need the likes of javascript or similar technologies to be enabled is likewise very much appreciated.

As many know I do not connect my personal systems to the Internet and use a Smart Phone to post. I know some in the past have thought this to be odd or slightly paranoid, but slowly people are not just begining to understand why but are taking similar action to reduce not just their attack surface bit to also minimise their value to attackers of all forms. I have seen more people start to follow in my footsteps as it were and I hope to see more people consider making themselves less easy to be attacked and reduce their potential losses if they are. Which is why I ask you to keep your site such that it can continue to be accessed with minimal technology.

As for the posters here we are an eclectic bunch from all corners, and our differing points of view encorage thinking in a wider scope and give not just bredth but often considerable depth on not just arcane technology but things that are yet to be. I’ve lost count of the number of times things have been discussed on this blog that subsiquently come to be. Sometimes the comments are years ahead of what is being considered even in academia, and as I’ve indicated before you will read here things that can not be found in any other place on the Web, and I’m reasonably certain that there are those who come here to get insipiration on technical and future matters. Thus your site is actually a resource without par in this respect.

So again thank you for your efforts they are much appreciated and I hope that you keep this “open house” meeting point open for many more years to come.

Something Special Here March 24, 2017 6:41 PM

In a world with eavesdropping technology gone crazy, Schneier on Security is at the forefront with posts that then become the news. I have little doubt your blog guides and influences those in a position of power. And yes Clive is a treasure who accurately and elegantly states just how bad things REALLY are.

For example its reported here how North Korea timed ballistic missile launches when President Trump was dining with the Japanese Prime Minister. The press did not pick up on it!
However when the Secretary of State was visiting allies in Asia they launched another! This time the timing made the national news. The launch was probably sabotaged yet no one reported or congratulated our Intelligence Agencies.
Good show guys!

There was a post last week ‘Curtailing Devious Reverse Targeting’ about incidental collection likely being misused. Then a few days later the head of the Intelligence Committee held a shocking news conference announcing documented intelligence reports on this very subject. Then surprisingly the FBI director was at the White House today. He scheduled to testify again next week.

Long Term Solutions
Do you want to improve privacy and curtail the out-of-control use of eavesdropping technology? Our country badly needs to clean up its act. Do you have the time with a stressful day job and speaking engagements? Frankly anyone would become tired. Thank you Bruce!

If you do then I’d suggest a go-fund-me page for this precious blog. I would contribute if the donors list remains anonymous. Perhaps others could set it up as a non-profit.

grcxx March 24, 2017 6:42 PM

an ad hominem attack

I see some comments here that attack Bruce’s so-called “political” comments, and even make demands! I think such ad hominem comments should IMHO be deleted. This is Bruce’s blog, he can say what he pleases. Readers can feel free to go elsewhere if they disagree with what Bruce says.

BTW, how do I flag comments for moderator’s attention?

Enrico Lefass March 24, 2017 7:03 PM

As an outsider from Germany (forgive me my bad grammar), I see your point. Lately post truth became something similar to the true truth and people are eager to follow the Path that Mr. Trump has chosen in pre-elections. This is probably my first and my last comment in this blog as my two cents are of foreign value (in german we call this a Wortwitz), but I never have and surely will not rant for someones opinion. And have to confess, I never read more than five or seven comments depending on their length and language, so any decision you’ll make regarding comments on this blog is okay. As you said, it is your gathering. Btw. Data and Goliath is really fun to read. Glad I bought one.

CallMeLateForSupper March 24, 2017 7:03 PM

Exactly what I wished for for what feels like a long time.
Thatks for that, and thanks for not throwing out us babies along with the bath water.

Clive Robinson March 24, 2017 7:07 PM

@ Anonymous Cow,

There is rumor that a certain government has a host of paid trolls influencing and sabotaging online forums.

In the case of the UK it is not a rumor. The UK SigInt Agency GCHQ has a department within it called JTRIG whose job it is to do not just what you suggest but quite a bit more. The Intercept pt has just published JTRIG’s own powerpoint slides from the Ed Snowden trove. Reading them may just make your eyebrows hide under your hair line, and your chin rest on your collar bone, whilst your brain feels as though it’s jumping gears.

As I’ve previously indicated im somewhat pesermistic if not cynical when it comes to the behaviour of the National SigInt agencies. Thus I adopt the view point of “If the laws of nature alow, they will do it sooner rather than later”. But even I felt a cold creepy feeling when looking at those JTRIG slides. Such things should not ever be part of a civil society.

Anonymous Cow March 24, 2017 7:07 PM


“the problem is that the only view promoted is that of the DNC, intel community, CNN, WaPo and other fake news. You went (or already was there before, but not visibly) to the side of the shadow government, became its vocal agent.”

This is Bruce’s blog, he can promote whatever views he like. Unless he characterizes those views as coming from “the DNC, intel community, CNN, WaPo”, I’d not attribute his views to others. Unaligned parties can and do share the same views, sometimes.

You make it sound like it’s wrong to promote only certain views. I guess you’d criticize school teachers for teaching “round-earth theory” only and not the flat-earth alternative.

You called CNN and the Washington Post “fake news.” That’s pretty serious accusation directed at news organizations that earn their keep by being trustworthy. You provided no justification why they deserve such a label. In any case, they don’t have a presence here to defend their reputation. Your labeling is unfair and doesn’t promote intelligent discourse.

You accused Bruce of being an agent of “the shadow government”. That, again, is some serious accusation. Do you have any credible evidence to back it up?

If you want to help improve the civility in this place, be respectful. Focus on the issue, not the person. And don’t make unfounded accusations.

Bob March 24, 2017 7:15 PM

Ive always been of the opinion that there is no good censorship, not even self-censorship, not even if insulting me, not even in my home… Yes, there is the scenario where ten people shouting in a room wont let me be, but there is no analogue in the internet because words are so easy to ignore. Even with youtube comments, it was an easy skill to acquire differentiating what comments Im not interested in just by reading the first words, glancing the length and form, URL, if its a reply, etc.

Besides the ethical problem, I like to know what the readers think. Even if 90% of it is garbage, I like to know it is. And I also like others to know it is, the internet has too many filter bubbles already.

One of my posts was deleted once, off-topic I guess, maybe insulting? I don’t know, I don’t mean to offend but my views are insulting to a lot a people. I didn’t imagine bruce would delete it, maybe it was a mistake on my part or something. So I reposted it, and it got deleted again.

It’s not that bad though, with or without censorship this is a very good blog to read, and I applaud your decision to keep registrations off.

@steven To create their own blog of counter-arguments is to make the filter bubble worse. Everyone would be better off if it would matter whose opinion was right in the end, no matter whose opinion was enjoyable to read.

C Baker March 24, 2017 7:21 PM

I think I’m a first time commenter here… hard to tell sometimes 🙂

Is it possible your situation can be helped either by holding all comments for approval before posting and/or asking for some volunteers to help with moderation? Two mods is really not enough for a busy and active community, unfortunately.

Think deeper March 24, 2017 7:25 PM

To all those who think a real name policy would solve the problem:

Why do so many haters and trolls post on Facebook – with their real names attached? Why do so many people treat others badly – in real life, in offices and in schools, with their names and faces known?

If real names and the obligation to disclose one’s identity were part of the solution, Facebook with its grand majority of real name users would be a place of peaceful conversation while bullying of coworkers and students would never exist. But it isn’t, so what’s the real problem? Anonymity or profound social and cultural conflicts and tensions?

As life teaches us so many times: Banning anonymity seems to be an easy and quick solution to the problem. But taking into account its side effects and ineffectiveness, overall it’s a bad “solution”.

Earl Killian March 24, 2017 7:30 PM

Thank you for being kind enough to invite strangers into your house for polite discussion. Anyone accepting the invitation really should show common decency. If you would like donations to help pay for moderation, let us know.

SG March 24, 2017 7:30 PM

@ All

It was asked, how to flag comments for the moderator? Simply post ‘hey Mod, such and such comment is trolling/spam/ is offensive etc’
the Moderator has encouraged the community to self regulate, saves the Mod works and benefits everyone. that means naming and shining light on a situation immediately.
What requires discipline, is not to respond, not to engage when troll bait is dangled.

i might add, the last few weeks have seen a strong return to clarity and cohesiveness here. so all is not lost, it proves a community is possible.

And the voice of maturity embodied, @ Clive, gets a shout out!! That made my week 🙂

@ Mod

by reading the 100 latest comments section, quite recently some spam posts have been turning up. The spam posts seem to often be placed in much older threads though. So, one would only pick them up by reading the 100 latest comments area.

Bong-Smoking Primitive Monkey-Brained Spook March 24, 2017 7:35 PM

@Anonymous Cow, @Clive Robinson,

I think you should keep the possibility of sabotage in mind.

You’d better believe it

Bob Cannon March 24, 2017 7:36 PM

I blame it in part on the contentious US election and its aftermath.

Hmmm. I think the cart is before the horse. Nasty comments have been around for over 15 years. Media policies curtailing trolls have been implemented more and more. The contentious US election was the product of a cultural shift in the US away from curated media sources from two decades ago that presented centralist information that reflected a “national viewpoint.” Current social media, from publishers to commenters, is the more sensational and troll like, the more attention you get – and where everyone gets a voice – instead of the peer reviewed, edited, accountable voices rising to the top – its the voices that shout the most that rise to the top. The election was the product of this culture, not the cause of it.

That said, I have “lightly moderated” my listserv for 20 years. The discussion has always been civil and informative. Children that do not play nicely with others are asked to leave. Eliminate that 2% that don’t know how to have a civil conversation – and its magical what can happen.

So…. like many others…. bravo for moderating. Robust debate is founded on a guiding hand.

Bong-Smoking Primitive Monkey-Brained Spook March 24, 2017 7:45 PM

@Earl Killian says:

If you would like donations to help pay for moderation, let us know.

I say: Yea! Stick a Payment icon next to the social media ones. Perhaps it’ll pan out! Moderator is due for a raise 😉

Bob March 24, 2017 7:45 PM

@Anonymous Cow

“If you want to help improve the civility in this place, be respectful.” Im not interested in civility but in truth, maybe TM thinks the same.

“Focus on the issue, not the person.” What if the issue is the person?

“And don’t make unfounded accusations.” Why not? You called CNN and Washington Post trustworthy without any credible evidence to back it up. Big news organizations become big making money, and truth makes less money than attention, covert advertising, bribery, etc.

For the record, I don’t think bruce went to the side of the shadow government, no more than partially. And I agree that its right to promote only certain views, like you said.

FR March 24, 2017 8:06 PM

Totally agree with your approach and reasons. Please keep caring.

Besides making things more secure, I hope our future includes options for excluding the free riders. Every medium that is free is used by spammers and trolls. If someone had paid to email or call or text, I’m more likely to take them seriously. Also if someone has built a serious reputation, we are all more likely to give them some of our time.

grcxx March 24, 2017 8:44 PM

@C Baker

by holding all comments for approval

I agree with this. It stops the trolls stone dead because they miss the satisfaction of seeing their comments and responses published.

Adam March 24, 2017 9:15 PM

You could let technology take care of it for you, set up an user moderation via up or down votes.
Slashdot has a set up like this, people that are vile or otherwise annoying get voted down, if you set your threshold to see only comments above a certain level you avoid the trolls.
People that have something to offer get voted up, and the innocuous level out at zero.

Just a suggestion, never really understood why that system or variations of it aren’t used on all comment sections in the media.

Perhaps I’m alone in this, but censorship by an entity, say CNN or FOX or a single person is troubling, but when done by the community less so.

In any case, you’re one of the better humans on the Net.

Steve March 24, 2017 9:24 PM

@Ted Hale literally took the word right out of my mouth. . . or off my keyboard.

Bravo, sir.

John Bullock March 24, 2017 9:31 PM

I am late to today’s love-in 🙂 but I can say without any exaggeration that it was the discovery of this blog, and the newsletter that preceded it, that lead to me changing to an infosec career in 2003/2004.

Thanks Bruce! And thanks to the many commenters I have learned from over the years.

Keep it up everyone. This space it too valuable to lose.


paranoia destroys ya March 24, 2017 9:45 PM

Which came first, Bruce’s posts being perceived as political or normally quiet people unhappy with today’s political climate?

My 80 year old mom is upset for the first time over US politics and in public discourse whether online or as a part-time substitute teacher.
She also has a better understanding of many security issues than most politicians.

Ian Graham March 24, 2017 9:58 PM

Unfortunately, the polarization of social media has even spread into this security blog. Please do whatever it takes to keep things civil! Would hate to see tis forum vanish.

Thanks for the forum March 24, 2017 10:00 PM

I would like to thank Bruce for his generosity for providing the forum.

I would like focus on the positive contributions by people who kindly offer their insights and understanding to issues on security.

I hope all contributors to the blog would focus on the objectives of this blog and refrain making contributions that are contrary to the aims of this blog.

I have learnt a lot from different contributors’ perceptions, understandings, and experiences and have often changed my opinions after being exposed to other peoples’ contributions on this blog, and most importantly have learnt many valuable lessons that I could not have gotten from any other sources in a timely manner.

Jim Bob March 24, 2017 10:25 PM

Civility is nice.

At times, the aging process can be frightening, and to some, terry’s wifi. There is a video on the internet of a man with a walking frame at a Rage Against the Machine gig, and he’s really getting down. The same man can be seen at the old church near the new bridge serving food to homeless or underpaid people, so I guess he’s a cool dude, and in fact, not shaking his fists at grey hairs at all. There is no indication of hair dye in the security tutorial videos he made, before he left the industry, and not one stress ball or ash tray.

MarkH March 24, 2017 10:28 PM

Bruce, my thanks to you in general for how your work has enlightened the public good over the years, more specifically this blog, and very particularly this post.

I know that some folks have been riled by my comments over the years, including one who’s never quite let it go.

I try never to descend into personal criticism… and I hope that I haven’t done so here. When I respond to statements I am confident were false or unfounded it is not personal!

Now that our host has spoken so clearly, can we PLEASE stop beating the dead horse of “this blog should be tech only?”

tyr March 24, 2017 11:18 PM

The clash of ideas is the foundation of the
enlightenment. I’m glad that you appreciate
the clash but once it descends to brawling
in your personal space you are quite correct
to point out the rules.
Anyone who understands the rules and then is
disobedient to simple courtesy should be
tossed out on their ear without mercy.

I treasure the community here and understand
that politics can make fools of the wisest of

Thanks Bruce.

sitaram March 24, 2017 11:35 PM

Please don’t disable comments; that would be a tragedy.

I am sure you won’t take offense if I say that I often learn more from the comments of Clive, Anura, Nick P, and others than from the main post itself. In fact, I often delay reading your posts by a day or so in order to get the comments also in one go. Especially when the topic is a news item I can get the facts on elsewhere just as well, it’s the comments that make the difference, so I’ll happily wait.

To the person who said we can see comments elsewhere — sorry but that doesn’t work. Firstly, there wouldn’t be any back-and-forth discussions if people did that.

Secondly, say I follow those 3 folks I named above, and a few others. How would I discover someone new who has something useful to say? How would an up-and-coming, nascent, “Clive” become known and come to the attention of people?

Michael Stephens March 24, 2017 11:37 PM

100% agree!

I’ve been following this blog for a long time. Sometimes the comments are fascinating but the trolls had stopped me lingering.

Civility should be a minimum requirement.

And thanks for the blog!

ME CARBOY March 25, 2017 12:14 AM

Agree with Bruce – moderation is a nuisance, yet no one should be able to turn a private blog into a public soap box for nonsense

Stephen March 25, 2017 3:11 AM

‘I agree with Bruce’ to coin a well known political phrase…

I am a million light years away from the insight and knowledge on this blog and I am sorry Bruce but I tend to gloss over your posts and get straight to the comments, particularly I enjoy reading the comments on the Friday ‘Squid like red sauce on their sausage sandwiches’ posts.

@Clive you’ve hit the big time now maybe you should start your own blog. I could do the post cast in my best Black Country….

name.withheld.for.obvious.reasons March 25, 2017 3:20 AM

Yes Bruce, you are justified and could possibly feel relieved (though time and experience might find your melancholy) in ending the vitriol and heightened level of “lows” in our discourse. Several here have often acted under your umbrella, not to be preemptive but to be a good “house guest”. When some starts throwing the fine China around we step in and attempt to intervene in a useful and respectful manner. Personally I pre-clear my comments by first stating that we are here as guests of Bruce, uninvited but not unwelcome.

Recent thoughts have led me to conclude (arguments in support of your post/blog article):

It was not long ago, reviewing comments and editorials written by Bruce Schneier, I found myself very much in agreement with Bruce’s observation and position on several topics/issues. At one point I believed his prognosis regarding the “Feudal state” was bit overstated but not unfounded in reasoning. Unfortunately I have come to understand that this narrative is inaccurate…but not in a way that leads to optimism.

While Bruce argues about the deep/security/military state which has functional transformed society visa-via a pan-optical lens wherein individuals have relinquished their interest in public AND private affairs for convenience. Instead, I argue that the resultant transformation is a form or repressive conformance that more likely resembles a “psychological gulag”.

Let me explain; as the state transmogrifies law and societal norms, the needle for normal is moving widely from the middle to a position that may defy scaled measurement. Additionally, the mouthpieces of the deep/security/military state have been afforded amplified status for operatives by an ill-informed media/press. This has a pernicious effect. For example, as simple normative discourse is pushed ever further from reason and deliberation where the appearance is dissimilar to other, recognizable intellectual enterprises in many national institutions, and as such disavows or makes impossible more effective and conscious action in response to much that troubles the broader public and world.

In essence the noise level is being elevated at a frequency, amplitude, and skew that the intelligentsia is unable (and may still be unwilling) to rationally answer the attack on the public and/or societal institutions. No replacement is in the making when it comes to institutional spheres of influence and suggests that a prison state will be the only formative structure that will or can encapsulate a more tribal/caste or draconian societal structure that is controlled in the way a gulag is often managed. Ultimately it will be the mind, not the body, that will be imprisoned; either implicitly by tacit response or explicitly by removing any private thought, idea, free expression or will.

John March 25, 2017 4:26 AM

The way I see this, Mr Schneier invited the nastiness in when he started peddling
the insanely partisan conspiracy-theory that Donald Trump (Die Oranje-Fuhrer) is a
Soviet .. sorry, “Russian” agent and that the USSR, sorry “Russia”, hacked the US election – Without a shred of credible evidence .

If I was to guest your house, I would not discuss money, religion or politics .
But this isn’t your house Mr Schneier, it’s the internet, a VERY public place as we all know . I agree people should keep it civil, not call each other nasty names etc, but :
You really can’t open the door and then complain when people use it .

Rob March 25, 2017 4:30 AM

100% support in your views above. I’m a regular, systematic reader but a rare commenter. I have both enjoyed the columns and the comments and learned much from both. Long may it continue, and thank you.

me March 25, 2017 5:24 AM

As a casual reader that was sometimes drawn away by agressive and useless comments, I welcome this. I’ve learned a lot by reading the discussions here, and the toxic atmosphere that’s taking over forums like this and the Internet in general is really a shame.

Michael March 25, 2017 5:40 AM

Two quick suggestions, to make moderation easier:
-Create a “voting” system in which certain comments go up the page? this may promote an intelligent discussion while voting down the trolls. I don’t think that this system will create a popularity contest given that (A) this site usually encourages healthy discussions; and (B) there’s no user-rating to gain, as in Stack Exchange or Reddit. Maybe worth trying.
-Automate comment removal by searching for specific words or patterns

ab praeceptis March 25, 2017 6:08 AM


Brillant, your “two quick suggestions”! When do you start working on them?

Or do you mean to suggest that Bruce Schneier spends his time to implement your “two quick suggestions” or pays someone to do the work?

moz March 25, 2017 6:30 AM


I’d be very sad with that. Clive, Nick and the others make some of the more interesting discussion on security related matters. If the trolls are allowed to stop this then there’s no guarantee that something similar comes up anywhere. Many of us actually come for the comments almost as much as the articles. Your suggestion would mean that the Trolls had won.


You might want to consider more soft security measures; e.g. hiding rather than deleting comments which are on the border which you would currently leave. Allowing more people to more quickly mark comments as bad (e.g. send them back to moderation). Please don’t give up.

Clive Robinson March 25, 2017 6:52 AM

@ Michael,

Create a “voting” system in which certain comments go up the page? this may promote an intelligent discussion while voting down the trolls.

It would probably be inappropriate for this blog where most of the comments are time/order sensitive, and would create cognative dissonance in readers if presented out of order. Thus diminish this sites utility as an important resource.

The web sites where the system you suggest works are the “shoot from the lip” types where comments are rarely about other comments –unless attacks against a commenter– and thus time/order is mainly irrelevant to their redability.

@ ALL,

Whilst it would appear to be nice to have a technical solution to the problem of “unwanted” comments you need to remember a couple of things.

Firstly the law of unintended consequences applies very strongly with such systems, and further they can actually be gamed in undesirable ways (anyone remember the Microsoft AI ‘Tay’ that got pulled within hours this time last year?).

Secondly any technological system needs increased resources not just in the server and client computers but also in human administration. All of which add costs some significantly so.

The second of these also has other knock-on consequences in that it increases the attack surface of not just the server but the client computers as well. The easiest to see would be the requirment to use javascript which would potentially be very detrimental.

As many here know the anonymity of Tor has been breached by code getting injected into client computers by various atacking agencies. This code which then runs and sends out information to the attackers strips the anonymity, privacy etc of users. Whilst it’s an open question about this site currently, the recent revelations about what GCHQ get upto with their JTRIG group, and the longer known fact that the NSA has targeted sysadmins and those involved in security work and research “at wateringholes” suggests that not having client side code is a very desirable security measure.

It also alows users off of the “hamster wheel of pain” of frequent security patches aimed at the execution engines for client side code. Which was one of the reasons Java and Flash have a “not recommend” status security wise.

Clive J March 25, 2017 7:44 AM

Firstly, I’m really sorry it’s come to this, and all the trouble it puts Bruce to.

But secondly, how to get good quality comments without compromising the free exchange of ideas or anonymity/privacy is a security engineering issue. Maybe this is an opportunity to act as a testbed for inventive solutions?

The first idea off the top of my head is similar to those doorbells that used to deter cold-callers by requiring people to insert a coin. If the caller was genuine, the coin was returned. So…

To comment, people must register an account. They don’t need to provide any personal details, but they DO need to give a US$25 deposit via some cryptocurrency. If their comments get moderated one time too many, their account is revoked and the deposit is forfeit. However, any time they’ve gone a week without making any comments, they can close their account and have the deposit refunded.

r March 25, 2017 7:52 AM


I second the position you take on such walls, those motivated (misinformation, intentional detractors) will always overcome the barriers. While keeping the door open and light on lowers the bar for the unsophisticated such arrangements do not deter those organized or financed, further registration/script/etc put other more important potentially vulnerable voices maybe in need of access to straight forward venues at further risk.

Many thanks to our host for such mindfulness and patience.

ab praeceptis March 25, 2017 8:03 AM

Clive J

… get good quality comments without compromising the free exchange of ideas or anonymity/privacy is a security engineering issue

I strongly doubt that, particularly considering that Bruce Schneier has said, what many here value, namely that he wants to keep the possibility to anonymously comment.

That said, I trust Bruce Schneier and his ability and intention to protect our privacy and I would have no problem if he required registration. Don’t get me wrong: I do not desire that but I’m ready for it, if Bruce Schneier ever feels it necessary or strongly desirable.

The problem of some discipline is a human one and can IMO only be solved by moderation, i.e. a human perceiving, judging, and acting (warning … banning).

Either way, no matter whether more moderation or technical means, would translate to our host having to face more engagement and or expenses.

Why? Why should he burdened with that? How about seeing our duty to behave reasonably and to not abuse the – already generous – frame our host has provided?

inetpro March 25, 2017 8:28 AM

I love it when I can still use a text mode browser for reading and can’t do it on most sites these days. Always good to find very informative info here. Keep up the good work!

Matt``` March 25, 2017 8:40 AM

Excellent choice. I’ve always found most comment sections to be useless, and as a result, I’ve gotten out of the habit of reading them or posting to them at all. In a world with no shortage of real problems to address, there is an awful lot of energy invested in dangling or jumping at rhetorical bait. It’s the alternative to doing real work – and actually talking to (and not at) people is part of the real work that needs doing.

I wish you the best in trying to maintain a small pocket of civil discourse during a period in history in which people actually seem to believe that repetition and volume are substitutes for reasoned persuasion and substantiation.

vas pup March 25, 2017 10:17 AM

Good point!
Basically, I called for the same (civility) multiple times on this respected blog in a past, and point out Clive as the best model to follow as well. I was following the same by my own behavior. That is integrity when thoughts, words and actions are in sync.
Personal attacks should be absolutely banned. Reasonable critics of views (based on supportive facts, reason, logic, common sense) – encouraged.
Let major emotions be left outside this blog as much as it is possible.
Suggestion @Bruce:(yeah that YOUR blog, no doubt for that): Weekly squid may have sections/tags as well to sort out more than 100 posts by the subject).

xyzzy March 25, 2017 10:18 AM

Kudos! Well said!

I’ve posted here (and elsewhere) many times when I have something to contribute. But if I can’t do so (at least semi-) anonymously, I won’t. Too much has been taken out of context and come back to haunt me over the years… I have no doubt the NSA can identify me. I’m far more worried about Joe down the hall who’s bucking for a promotion.

Bruce Schneier March 25, 2017 10:31 AM

“BTW, how do I flag comments for moderator’s attention?”

Make a short comment pointing to the offending comment. We’ll likely delete the offending comment and yours as well, just to keep things clean.

And than you all — well, almost all of you — for your support. It’s appreciated.

Patrick March 25, 2017 10:47 AM

I don’t post often, but just wanted to express my support and say I love your blog. Keep up the great work.

JPA March 25, 2017 11:54 AM

Just adding my support for you Bruce and for the people who do keep their posts appropriate.

I saw a comment earlier where the person who posted seemed to have the idea that because this was an open access website he had the right to post as he pleased, i.e. that it was not Bruce’s house. That person confuses a private area that has open access with a public area. I may not have a fence around my yard, but that does not mean people can walk onto it and shout whatever they feel like.

Etienne March 25, 2017 1:05 PM

I have only posted twice (now thrice), and was moderated once.

I think that’s a good average. My Aunt Claire once moderated me 12 times at the dinner table.

Flasher March 25, 2017 1:31 PM

“My own stance on privacy and anonymity means that I’m not going to require commenters to register a name or e-mail address, so that isn’t an option. And I really don’t want to disable comments.” I give you much respect from this. Is there some lists places similar here, where can discuss without put “personally identifiable information”? Talk about anything close to Linux or sysadmins or encryption or math dangerous for every person, every wheres. US people somehow think their government only target them, but is target whole world. China and UK and others also target every ones. let post anonymous and put bug reports and pull request by login the username cypherpunks and the password cypherpunks….. please advise me somether o projects who are that way?
Much thank for this your website/home and welcoming strangers in. Would be scagry talk anything even little little little little controversy, in a town squares, if it was needed sign in each time go to torn square. All reporting and speeching would be very “chilling effect”.
Sorry Google Translate, am not good English.

Shachar March 25, 2017 1:48 PM

By all means, don’t require commentators to register and log in to comment, but please do allow it.
Some people have personas on this blog that are quite persistent. Think about what would happen if everyone started to identify themselves as Clive Robinson…


Robert Brown March 25, 2017 1:57 PM

Thank you, Bruce!

I have read this and other security related sites for years. Threads on FD, for instance, frequently degrade into name calling and worse, but I read it because there is still valuable information to be extracted from the sludge. There is much less sludge on your blog, thus it is richer ore. Thanks again for trying to keep it this way.

Although I sometimes get a bit miffed when you say something political that I do not agree with, I don’t razz you or anyone else over it. I have been familiar with your work since the early 1990’s, and you have helped me several times not only with your writings, but with personal phone calls and personal emails. I greatly appreciate that, and consider you a somewhat distant friend, but one I can count on.

Keep blogging with freedom and openness and civility!

mesrik March 25, 2017 1:59 PM

Great post Bruce. A well justified policy that shouldn’t be too hard anyone follow.

David Rudling March 25, 2017 2:56 PM

I understand and agree with completely your objection to the uncivil posts on your blog. I have read your blog for some time but this is my first ever post on it.
In considering your options to deal with this situation you say “My own stance on privacy and anonymity means that I’m not going to require commenters to register a name or e-mail address, so that isn’t an option. And I really don’t want to disable comments.”
I am afraid I am going to take advantage of one of your other statements “I like people who disagree with me. I like debate. I even like arguments.”
I really value some of the comments by others in your blog and I really don’t want you to disable comments. But I think you are wrong to rule out stopping anonymity if the alternative is to silence everyone. I live in the UK and we don’t enjoy the constitutional protection of free speech which you are lucky enough to enjoy but on the whole we are free from repression if we speak except if it should be to openly incite terrorism or crime. Commenting in a civil way on your blog is never going to be one of those so I am quite prepared to openly identify myself even without your constitutional protection.
As a regular reader of your blog and other internet sources I am as well aware as any ordinary citizen can be of the GCHQ JTRIG activities but I believe I have no reason to fear them. As a reader of some of those sources and as one who has investigated the sites for TOR, TAILS, etc I am sure I am flagged up somewhere on one or both sides of the Atlantic.
I respect of course your stance on prvacy and anonymity but those who hide behind anonymity to issue uncivil posts are undeserving of that protection. By implicitly threatening to silence them by disabling comments you threaten also the ability to speak of those perhaps deserving of such protection.
It is true that when your constitution mentioned above was being ratified between September 17th 1787 and May 29th 1790 the pro- and anti-federalists chose, in a few notable cases, to seek anonymity in making their comments by assuming names such as Brutus, Publius etc. I accept therefore that anonymity has a long and respectable tradition in your country. But consider if those historic writers had been reliant on being able to post their comments on a blog and it had been decided that ability to post those comments should be disabled. Would they have decided to remain silent to preserve their anonymity? I rather think not. I believe they would have taken the view that if the price of the ability to continue to speak was to have to be identified as the speaker then it would have been a price worth paying.
So also I believe it to be the case for those seeking to offer civil comment on your blog. I suspect only the purveyors of “partisan nastiness” would be silenced by their identification.
You mentioned the posts of Clive Robinson as a model to emulate. Exactly. They are the posts of Clive Robinson not of a modern day Brutus or Publius.

Gweihir March 25, 2017 3:45 PM


I fully support that stance and policy. It would not be good if comments can only come from an in-group of registered commenters, as that would amount to a filter-bubble. As the same time, abusive comments are more likely to be attempts to manipulate the readers here than actual comments. (Whether it is individual trolls or organized, paid for media manipulators does not matter. Although the latter seem to be pretty active on certain topics on slashdot these days.)

I just hope your solution is sustainable, but so far it looks good, so go for it!

I am a bit doubtful about your suggestion to emulate Clive Robinson though. (@Clive: Just kidding, while I do not like some of your arguments and viewpoints, you form is beyond reproach 😉

phs318u March 25, 2017 3:52 PM

@Shachar makes a valid point. Make anonymity optional.
@Bruce thanks for fighting what seems to be a rearguard action against the trolls.

Anura March 25, 2017 4:38 PM

Hmm… You should be able to repurpose a Bayesian spam filter, trained on Clive Robinson’s past comments to give a comment a score based on how closely it resembles comments by Clive Robinson. You could then automatically delete any comment that falls below a certain threshold.

My Info March 25, 2017 4:51 PM

@Bruce Schneier

Over the past few months, I have been watching my blog comments decline in civility. I blame it in part on the contentious US election and its aftermath.

I assure you, it is no fault of your own: you simply happen to blog on a contentious subject. Human lives are daily at stake from the technical minutiae of free speech versus anonymous speech on the Internet. Various mutually hostile military interests are likewise at stake from different computer security issues and what is and is not publicly known or assumed about them.

This reminds me of a story I heard about a visit my great-grandparents received. I have a little difficulty remembering, because I was only a small child when I heard it.

There had been a strange religious cult called Urantia operating in the area of North Dakota where they had settled. Somehow the Indians had found a copy of this cult’s holy scripture in the Finnish language, called Urantia-kirja. They came, knocked on the door, and entered, in full ceremonial dress, holding their copy of Urantia-kirja. They stood, and at first, they remained silent.

One of my great-grandparents spoke first, in an effort to be polite: “Istukaa!”

The Indians remained standing, and one of them replied: “Älkää istuko!”

My great-grandparents remained standing.

The one holding the book said: “Älkää lukeko tätä kirjaa, pyhäksi raamatuksi!”

Then they turned and left.

Carver Host March 25, 2017 5:32 PM

I don’t get it. It’s your blog and you can push out political commentary if you want, but if someone makes political comments the moderator warns them to stick to discussions about security matters.

Clive Robinson March 25, 2017 6:02 PM

@ David Rudling,

They are the posts of Clive Robinson not of a modern day Brutus

Ahh but which Brutus?

There where many Bruti, but the two that spring to mind are

Lucius Junius Brutus and Marcus Junius Brutus “minor” (the Younger).

The former traditional regarded as the founder of the Republic, the latter well Shakespeare had the kindest words for him, but he was famously the friend of Julius, and then “offed him” with a few other political climbers, then lost a fight and killed himself aged 42.

Which begs the question of which you would rather I be like?

Dirk Praet March 25, 2017 6:30 PM

I’ve watched many blogs and discussion groups descend into toxicity as a result of trolls and drive-by ideologues derailing the conversations of regular posters.

Whenever implementing laws and regulations, the target audience benefits from clear and unambiguous guidelines. I propose a small page listing these. It will not stop trolls, but will create an unequivocal reference frame for what is considered acceptable, and what is not, thus providing a baseline to flag inappropriate comments to @Moderator all while avoiding unnecessary self-censorship that may stifle discussion.

Having some relevant experience drafting policies and procedures, I volunteer to outline such a draft for your consideration if neither yourself or @Moderator have the time to do so.

LG March 25, 2017 7:31 PM

Kudos! The idea that it’s helpful for one’s careful writing to be followed on the same page by any other person’s random thoughts is one of the worst ideas of the internet age.

Rather than work harder and harder to patrol a growing flood of negativity, maybe your comments section should be fully moderated — that is, not visible to anybody but you, except for the ones you flag as worthy of publication. This would remove 100% of the toxicity, while still retaining the ability for readers to take part in public conversation with you, filtered to allow passage of only the most insightful or helpful comments and threads. It would resemble the old model that newspapers and magazines had for publishing feedback, and I think they had the right idea all along.

Jeffrey Deutsch March 25, 2017 9:07 PM

Hear, hear!

Thank you so much for hosting not only this blog but also the discussions.

And thank you also for caring about the issues. Some bloggers just block (or perma-moderate) commenters who disagree with them. Yeah, it’s their right…but it would be nice if they put up a conspicuous sign: “No debate on the main points here; this is a safe space for like-minded people.”

Adam has a good idea. Some kind of community moderation might be considered. Say, after a given number of down-votes (that number could be published or secret), a given comment could be automatically deleted, or hidden until/unless released by the moderator (maybe other readers could click a button if they want to read it themselves).

Also, what Dirk Praet said about specific guidelines.

neill March 26, 2017 12:27 AM

@clive robinson

out of respect for your knowledge and willingness to share it i propose you shall team up with bruce and author / coauthor some of your own posts here

we could all learn from it, and also important, respect for others and peaceful coexistence


(lacking a peace emoji)

V March 26, 2017 12:44 AM

A suggestion only slightly related to civility: in the past there have been occasional claims of identity theft: “someone else posted using my nick!” Perhaps the software could allow a nick to be locked with a password. If voting-based moderation ever becomes necessary, people with passwords locking their nicks AND a clean posting history could be rewarded (?) / punished (?) by being awarded voting status.

Or we could just be nice. When in Bruce’s house, follow Bruce’s rules.

RonK March 26, 2017 1:25 AM

Being quite late to this party, I think I’ll just thank Bruce for the wonderful blog and add another comment moderation paradigm suggestion – the Techdirt paradigm – where the readers themselves can cause comments to be hidden (as opposed to deleted) if they are flagged enough.

Hidden comments can still be viewed if a viewer is interested enough to make the effort to “unhide” them.

I suppose Techdirt might also have some kind of rate limiting per IP address “under the hood” for those flaggings, Bruce, I’m sure if you contact them they’d be quite happy to reveal any internals (assuming you can convince them it’s actually you).

ab praeceptis March 26, 2017 2:43 AM

Dirk Praet

I fully support you in that. Probably even two or three simple rules would be sufficient.

  • We are a group of people interested in security, typically in relation to IT. Keep that in mind or your post may be deleted.
  • We want civilized and polite discussions. Disagreeing on the matter is OK, personal attacks, spam, and abusing this comment section for sectarian preaching is not OK and will be deleted.
  • This is not a public billboard for unrelated matters or spam. politics is generally unwanted unless there is a clear and evident relation to security. To avoid deletion of your post, make sure its direct relation to security can be well seen.

Plus, I would suggest to temporarily ban anything about trump, clinton, nunez, schiff, etc. unless there is a clear and obvious relation to security. “trump was (or was not) wiretapped”, for instance, does not qualify, as it’s clearly about politics, “the intelligence oversight committee found that nsa/cia/fbi eavesdropped on us of a citizens abusing their access to telephone/network providers A and B” does qualify.

bagy March 26, 2017 2:52 AM

@Carver Host

I don’t get it. It’s your blog and you can push out political commentary if you want, but if someone makes political comments the moderator warns them to stick to discussions about security matters.

My reading of it is: no, he didn’t say anything about having to “stick to discussions about security matters”, he said: if someone makes a comment “that’s spam, or off-topic, or an ad hominem attack” then moderators may delete it. Please read his post carefully.

Nothing stopping you setting up your own blog.

ShamanPrime March 26, 2017 4:36 AM

I would hate to see the comments section gone.
Too many interesting discussions going on to sacrifice them because some of our fellow netizens don’t know how to be civil.

Kudos on the policy.

Dirk Praet March 26, 2017 7:03 AM

@ ab praeceptis

… politics is generally unwanted unless there is a clear and evident relation to security.

It is rather hard not to see the political implications of Chinese industrial espionage, alleged Russian DNC or North Korean SPE hacking. Same thing for the current who’s spying on who and on whose behalf stories that have been all over US media for the last couple of weeks.

When the Snowden document trove came to light, TLA mass surveillance became a recurring subject on this forum for over 18 months. The difference between then and now is that there are NO documents for us to analyse, just allegations, assumptions and other unverified or unverifiable claims. What is clear however – especially for Europeans like @Clive and myself – is that both POTUS and GOP members like Nunes are obviously trying to divert attention away from an ongoing Trump campaign team investigation by the FBI to alleged spying on POTUS himself, and those who leaked material that substantiated certain suspicions.

Although both @Clive and myself are known to have little love for either Trump, HRC, their respective parties, previous POTUS or US IC figureheads, I can easily see how in a US context such an opinion reeks of partisanship, with strong potential to derail an entire thread just like an inadvertent remark by a newcomer about the Cincinatti night club shooting might spark yet another gun debate.

I most definitely do not agree with you that somehow TLA spying on the US population would be security related, whereas spying on POTUS would be political. Both are security related, be it that one has stronger political and partisan implications than the other.

What I do agree on, however, is that for blog’s sake we should probably avoid touching on either all together unless either our host brings it up himself or somewhere material is being published that unequivocally substantiates certain accusations in the same way Snowden’s documents did. Which for both cases you cited means that they are for now off-topic because there is currently no publicly available smoking gun evidence that corroborates either.

I realize that the burden of proof generally demanded by @Clive, myself and quite a few of the usual suspects here is probably higher than what is required by others. Which means it’s up to our host to make such calls. After all, it’s his blog and he can touch whatever subject he wants, delete whatever he wants and believe whatever he wants. It wouldn’t be any different on my own blog.

Dirk Praet March 26, 2017 7:11 AM

@ Bruce

Just noticed you added a link to Charlie Stross’s blog moderation policy to your original post. I think it’s an excellent baseline.

ab praeceptis March 26, 2017 7:43 AM

Dirk Praet

Given some bad will one can somehow declare any and everything being related to security, growing tomatoes, or extraterrestrians.

The way I see it there are certain realms that tend to be mine fields, such as politics or religion. Those should in my minds eye be avoided and stronger than usual rules should be applied.
That means that for anything with regard to politics (or religion) there should be the precondition of clearly and concisely showing that – and how – it related to security.

In my minds eye it’s strikingly clear whether it’s the trump people or the clinton/obama/media people who lie and play unfair and dirty – but I’m perfectly content to simply not discuss that here; somehow coming up with “but! but that’s related to security” excuse is no solution but merely that, an excuse for trouble. Well noted, I could even provide evidence for my position – but I accept that this blog is about security and not about politics.
Moreover, we have all seen how political discussions (or should I say fights and rants and sect-preaching?) damaged and poisoned the comments section.

Btw, my statement was not that wiretapping the potus is OK but wiretapping people is not. My statement was that politics with a concrete relation to security (i.e. something we typically discuss about here) is OK.

That said, this is only my position, well noted in the context of trying to support Bruce Schneier and this blog, as far as I have understood him. The decisive word obviously comes from our host; we guests can only try to comply with his – quite reasonable – demand.

If I may be frank, I’d like to add something: I think the problem isn’t you or me or Clive, even not if we happen to talk about politics. Simple reason: Our core interest is security and politics is just one (sometimes) relevant realm. The real problem is those aholes who don’t care a rats a about this blog or about our hosts position or rules but who just need a billboard to rant, be it pro trump or anti trump.

Dirk Praet March 26, 2017 9:23 AM

@ ab praeceptis

I think the problem isn’t you or me or Clive, even not if we happen to talk about politics.

Not entirely. The both of us recently had some of our comments deleted while discussing the propensity to mendacity of certain prominent US politicians. Which means that we are very much implicated. Most regulars here remember that some of my past exchanges with @Rolf Weber eventually turned less than civil. The same – with respect – can be said of yourself when calling BS everything you disagree with. I refer to a recent discussion with @Nick P., to name just one example.

Our host obviously took offense to either our tone or the subject matter we discussed (or both), my subsequent request for clarification and guidelines to @Moderator perhaps even triggering this thread.

The only way I see to avoid future repetition is to exercise self-restraint in either raising issues or replying to comments touching on politically sensitive US matters, even when they are the elephant in the room.

David Rudling March 26, 2017 9:30 AM

@ Clive Robinson

The Brutus I was referring to is perhaps found most conveniently here:-

see the 6th document et seq.

Scholars indeed continue to debate which original Brutus he chose as his role model.

ab praeceptis March 26, 2017 10:01 AM

Dirk Praet

I have no intention to judge you, so I will refrain from commenting on why anything from you might have got deleted.
Concerning myself you mix up different things. The comments that were (understandably) deleted were purely political and written out of anger about the many “very biased statements” (to avoid saying lies) made about trump. Well noted, my point wasn’t even about trump; it just happened to be him. My point was about the lies and the generous smearing and, most importantly, about not wanting this blog here go down the hill thanks to endless partisan political wars.

The other point you brought up (me calling something BS) doesn’t belong here. I do that when I see BS. Someone telling me about the virtues of promela after having read some papers, for instance, will get a “BS!” from me.

I’m somewhat pissed by this as I was actually among those who rather stayed away from here after calling again and again to stop the political “discussions”.

Can we now end this? Or are there more details that necessitate the political shitstorm to be followed by an internal shitstorm? It seems to me that enough damage has been done and that we should come back to (mostly) security related discussions (preferably IT related, as far as I’m concerned).

john thornton March 26, 2017 1:16 PM

Thank You Bruce for this site. This is the first time I have ever made a comment. I have been dealing with some of the things posted on your blog. Early in 2014 I noticed changes in my Family’s Computer. I am by know means a computer expert, but I do notice patterns. I went to all the Computer so-called experts to try and fix my problems. Everyone of them told me what I was telling them was, “impossable”. Yet I delt with it everyday for years. My Family and Friends and the experts almost had me believing I was crazy. Until I searched BIOS hacking, thats when I found this site. I went back and looked at the past stories and found I wasn’t crazy or alone. I can’t go into detail of what has happened or what I know about whats going on, if I do you will never see this. I got angry years ago with my Computer and did things you should never do to it. That was when I found some things and started making copies of what I saw. Needless to say, the powers that be were not very happy. I”m sure everything I do runs through a passive server, thats the reason for the general comment. I can’t verifiy my e-mail or anything else on the Computer because they are still pissed that someone like me found them a long time ago. Most of the people here are 100 times smarter than I am. I still wanted to thank you for giving me the information to shut up the so called “Experts” and giving them a place to get educated.

Dario March 26, 2017 2:24 PM

Thanks for your work, and your words.

I think that people like you is essencial.

It is also a pleasure to greet from Mexico.

Thomas_H March 26, 2017 2:37 PM

@ ab praeceptis:

In any discussion, there are two (or more) sides, both of which have some sort of responsibility regarding the direction of that discussion. Blaming a single side for derailment is usually considered rather dishonest. Now I usually do not react to your posts, but in a certain sense they are a good example of the kind of posts that tend to derail discussions on this blog, primarily because of your rather noticeable tendency that only you can be correct on certain matters (including but not limited to political ones). This is not how the world works, and is something that is detrimental to good and informative discussions.

Therefore, it is quite asinine of you to suggest that politics should be entirely banned from this blog, especially considering that politics (at any level) cannot be completely dissociated from discussions on security. Banning politics entirely would result in certain discussions on security being made effectively impossible, to wit anything even barely touching Law and Order, anything to do with matters of equality and personal freedoms (such as encryption), anything to do with Bruce’s books, etc.

One of the fortes of this blog are precisely that kind of discussion, in which various evidently knowledgeable people shine their sometimes very different lights on important matters and rather regularly point out things that are kept out of the mass media, because they are too technical for the general population, or because they would embarrass the wrong people, or simply because the journalists involved lack the proper knowledge or did not do the research thoroughly enough.

However, you seem not to be alone in your statement that politics should be entirely banned from this blog. Some people, like LMK, go even further and suggest all discussion should be nuked. You have to wonder why…purely that they feel personally offended by something and can’t deal with it like a responsible adult, or because the comments on this blog are a pain in the behind of certain organisations and/or people for whom they work now and then…

ab praeceptis March 26, 2017 2:50 PM


Therefore, it is quite asinine of you to suggest that politics should be entirely banned from this blog,

Speaking of “asinine”: I did not suggest that. In fact, I stated more than once (incl. today) that discussing politics should be allowed if a) concretely related to security, and b) it’s done reasonably civilized.

thanks anyway …

DAVID RUDLING March 26, 2017 2:51 PM

@ Clive Robinson

I realise I didn’t actually answer the question at the end of your last post. I hope you will have realised from my original post that the whole point is I don’t want you to feel the need to be the anonymous “constitution” Brutus in relation to this blog. I believe you should be able to remain Clive Robinson.

Iggy March 26, 2017 3:00 PM

Happy to see @r in accord with Bruce on this topic.

@Bruce, It’s hard not to speak on personally consequential topics, especially on your own blog. You’re right to wave off any admonitions to the contrary, we’re all adults.

(Well, actually, no. Many commenters are in fact sub-adults, able to intellectually grasp the technical outline—and fake a passable convo–but not the wisdom. Or emotionally troubled and worse. They get on the internet to race dad’s car without touching the brakes.)

I read this blog precisely because I’m trying to learn, to stay savvy. Being a mere layperson, I prefer to ask questions in the comment section.

When I decide to join a political conversation, it’s usually on something I actually know well and care about greatly, such as a different kind of defense: personal. That includes guns. (Please, don’t anyone get wound up, that’d be off topic and I won’t discuss guns here.) Like Bruce, when I care about a topic enough to discuss it, I want to discuss it such that I learn something new from someone else, and they learn something new from me. If all else fails, walk away in good humor in agreement to disagree.

What would help everywhere is for blog owners to define what he considers a troll. Because if someone is simply committed to their differing POV on a topic, that’s not trolling, that’s honest defense of their dissent. We can model civil dissent to any sub-adults and hope they catch on.

Thanks again Bruce, for sharing your brain trust with us. Thank you Clive R for being the exemplar we all can emulate.

Security Sam March 26, 2017 3:25 PM

I was wondering when are you going to wipe the M&M fingerprints from the cipher lock.

Mike Barno March 26, 2017 5:17 PM

Rather than repeating others’ comments, I want to THANK BRUCE SCHNEIER and Moderator for providing this site and this forum. I want to thank them for trying to leave the discussion as open as they can, while keeping it as civil as they can. I want to thank the comment section’s core of a dozen or so regulars (particularly Clive), and its broader community of readers who bring a range of experiences and knowledge.

Mark March 26, 2017 6:03 PM

Hi Bruce,

You may dislike needing to deal with this problem, but I dislike your country’s influence on this world, even from an information security and privacy point of view. I will continue to voice my opinion. You can do what you want with my posts; I don’t keep track of any replies.

I’m someone who comments on your blog once or twice a month, often on political decisions taken by the US government.

I will continue to comment, continue to point out the bullshit that we in the rest of the world have to put up with thanks to your government.

Erdem Memisyazici March 26, 2017 10:09 PM

Don’t be discouraged by troll swarms my good sir (I recently gave the practice a name). Your blog is one of the 2 sites where I use my real name willingly (the other is slashdot). Comments online are not the random “First! lol” anonymous comments they used to be (I miss those days). People are actually getting paid to fill up comment sections with pro X ideologies, and othertimes just to post the experience on YouTube.

So, those who respect your opinions are not going to be bothered by offensive comments on your site in the first place. I say let them blabber on.

phantom March 26, 2017 11:33 PM

I rarely read comments on any site anymore, to avoid the pointless slanging matches into which they frequently descend. In the past I have said to several people that this site is an exception – that the comments here have been useful and informative. But over the last six months or so I have been skipping them as their nature has changed.

I don’t know what the answer is, but I agree that it is time to do something about it.

Bruce, though it is a bit off topic, I would be particularly interested to know what else, besides the US election, you think has contributed to this change. Not needing to register, and the “tolerance for impassioned comment” are the same as they have always been, so while they may have allowed the slide in the standard of comments, they cannot have caused it.

Anyone else have ideas about this?

eliot March 27, 2017 3:15 AM

Hi Bruce,
Your blog has been on the top list of my reading list since many years ago. I have learned so much from the posts and some of the comments. Please keep writing.

Thank you.

Jeffrey Friedl March 27, 2017 3:16 AM

What a lovely post… makes me want to invite you into my house for a glass of wine and conversation.

If civility doesn’t return, consider keeping comments but having them invisible to the public until individually moderated on. Inappropriate comments never see the light of day, but at the same time, it creates other issues (e.g. 10 people might submit essentially the same comment before any of them become visible). Worth considering, at least.

Clive Robinson March 27, 2017 4:21 AM

@ Phantom,

Anyone else have ideas about this?

Several, but they all boil down to who has most influence. Even before Samuel Pepys those with power feared public opinion “makers”, Kings, Queens and Religion tried to control “plays” especially those that contained humor. As coffee shops carried early news sheets and flyers, these came to the attention of the powerful.

In almost all cases power for new influance came into the hands of just a few and they could be traded with hence we ended up with “Press Barrons” who saw themselves as “King Makers” or breakers.

Importantly those in political power could “lean” on the barrons in various ways so had some measure of control.

However the Internet came along, and virtually every time a politician opened their mouth to say something of substance, somebody on the internet would pull up what the pollitico had said in the past that was contradictory, and the Main Stream Media (MSM) would follow on with the old “it’s in the public domain” argument. Thus politicos moved as a defence to “sound bite” messaging and the shallow policy that follows.

Then the press barrons of the MSM found that the Internet threatens not just their influance but their existance as well.

The politicians had with the waning of the press barrons started to lose their ability to “control the messanger”. Thus the idea came up was to use “shock and awe” type tactics against the message.

Originaly called “black propaganda” (look up Sefton Delma and the Political Warfare Executive) the idea was to use a faux radio station “Soldatensender Calais” (via the Aspidistra transmitter in Crowborough) to provide “counter messages” in a very believable way to undermine the German propergander work of Joseph Goebbels. Sefton took advantage that when the British sent bomber raids to Germany the Germans turned off their main radio stations to stop the alied bombers using RDF as a navigational aid. Thus aspidistra transmitted on the radio frequency of the main German radio broadcasts. The use of aerial photographs and copies of German Census data alowed Sefton to work out approximately who’s houses had been bombed, thus send apparently personal level messages to soldiers and their families. Making the faux radio station very very believable to many germans.

Whilst mainly a British developed technique during WWII the US used Black and Grey propergander extensively during the cold war era and still does today calling it “PsyOps”.

The UK has we now know extended the idea into the Internet era as can be seen by the work of GCHQ’s JTRIG department. You can look up some of their classified powerpoint capabilities presentations that got “liberated” in the Ed Snowden document cache that the Intercepte had made public.

It is thus safe to assume that the NSA / CIA et al have also developed their own Internet PsyOps departments as have several other major powers.

Obviously there is a significant technical or human investment involved with carrying out such activities. Thus whilst the West is likely to use more technical solutions other super powers are more likely to use “contractors” who will more or less do the work for minimal financial payment. And it is likely that a fair number are doining it for non financial reasons.

Where as once you would have heard of military leaders talk of “Naval Dominance” or later “Air Dominance” or “Missile Dominance” you now hear “Information Dominance”. Thus what you are seeing on the Internet is just the logical consequence of “power” catching up with “new technology”.

The only real question is who will gain maximum dominance, the traditional Government Entities or the Global Information Corps? The money is actually more on the Corps side due to “Marketing” being the largest industry in the world. Which might account for some US legislation in effect making their access to data very low cost.

It is a development that many are only just begining to realise. In that the Corps will do the collecting and collating of information at quite high cost and hand it over to the USG for free. It’s one of the reasons behind the push in the US to overturn the FCC rules on what the likes of service providers can do with personal data.

By taking the privacy restrictions away they alow service providers to open up new revenue streams by collecting and collating personal data. Then due to existing legislation the service providers make it all available to the USG to avoide future legal problems.

I would guess that one of the reasons to crack down so heavily on people using encryption is to stop “Web 2.0” developing. Which would break this model because the Corps would not be making money from personal information if encryption provides privacy and mix nets provides anonymity to traffic analysis.

Thus if “front doors” do become mandatory, the keys will almost certainly be passed to the Corps one way or another if Web 2.0 looks like it will succeed. The excuse will almost certainly involve some kind of “IP protection” to stop the pirating of music films etc etc.

Citizen March 27, 2017 4:50 AM

The phenomenon that is happening today in the USA is normal.
The society is getting restless, as a result of the politicians examples.
It already happened in the last few years in Europe. Mainly in the countries where austerity measures were implemented, against people.
It will be like that for some years (4). The history tell us.

Z.Lozinski March 27, 2017 5:19 AM

I certainly appreciate the effort (and cost) from Bruce to create an area where we can discuss security. This blog and the comments section have one of the highest signal-to-noise ratios I have seen on the internet.

As far as registration goes, I like the current model. All the regulars are identifiable, and their reputation is based on the quality of their contributions. Hello Clive, we’re talking about you again! Whether people use a pseudonym or real name is a matter of personal preference. I know some very senior participants who contribute but prefer not to draw attention to their real-world identity. (Remember, not all organizations have the same enlightened views about staff making public comments).

There is a related topic. The active manipulation or derailment of discussions on social media. I read an academic paper from 2014 measuring targeted bot activity on Twitter. It is likely that other social media platforms are targeted. One of the things the security community needs to do is start to study and report this behaviour.

Dirk Praet March 27, 2017 5:33 AM

@ Clive Robinson, @ Phantom,

Anyone else have ideas about this?

Societal polarisation driven by neo-populists exploiting widespread discontent over a political establishment that has allowed itself to be taken over by corporate and financial special interest groups.

The divisive discourse of authoritarians like Trump, Bannon, May, Erdogan, Putin, Le Pen, Wilders, Duterte and their ilk is felt everywhere and reflected in every media outlet and discussion forum, both with their supporters and their opponents.

Keith Glass March 27, 2017 6:47 AM

Uh, people ? Freedom of speech isn’t an issue: this is Bruce’s blog, etc.

The First Amendment prevents GOVERNMENT action to limit speech. It does not limit private parties on a private site.

Bruce’s board, Bruce’s rules. . ..

Jam March 27, 2017 6:56 AM

So, this is the first article where I started reading the comments again (like I used to).

Looking forward to more!

PS: The part-time moderator is now my hero, too.

TelcoSecurityDweeb March 27, 2017 8:07 AM

Bruce :

Re your stance on commenting.

Please be aware that both I, and (I suspect) 99.9% of your reader base — is 100% behind you on this.

I have seen exactly the same thing that you describe plaguing many other blogs and commentary forums and the “solution” that is usually proposed is either just to prohibit user-end commentary at all, or to force commenters to provide all sorts of highly personal authentication information (e.g. your passport, your Driver’s License… whatever) that is totally inappropriate given the balance between what the user is being allowed to do (basically, “to enter ASCII characters into a Web forum discussion” and what the user is being required to do to authenticate himself or herself.

Given recent news about Russia’s cyber-warfare tactics as documented in the “lamestream media” I really have to wonder if the syndrome that you are describing — namely, “Internet trolls ruining discussion forums with repeated, provocative, ad hominem attacks” — is completely an organic, unplanned, uncoordinated thing.

I am beginning to wonder if there isn’t something larger, more long-term and more sinister going on here, with Putin’s lavishly-funded digital warfare teams doing this kind of thing deliberately, simply to discredit the basic idea of a civil, polite, well-reasoned exchange of differing opinions (which is, of course, one of the bedrock concepts of “liberal democracy” as we understand it in the “democratic West”). MAYBE this is all happening just because a few maladjusted, embittered commentators are behind all the personal attacks. But the sheer volume and frequency of what I see, not just here but almost everywhere else on the Net’s discussion forums, makes me wonder if a small handful of “cranks” could really be responsible for all this vitriol.

We will probably never know. In the meantime, all we — or you — can do is to keep a stiff upper lip, keep the forums open, moderate them as best we can and accept the fact that this is another aspect of an imperfect world.

Best of luck to you and thank you for implementing a reasonable solution to this issue.

John March 27, 2017 8:08 AM

One of the sites I enjoy is Slashdot. The comments have been taken over by vicious Trump / Anti-Trump yahoos — now I just skip the comments.

I do think that straying into partisan politics will cause you to lose readers who either disagree or who have come here for a discussion of privacy issues only.

Nonetheless, the information you provide is an essential public service, and I am grateful.

ab praeceptis March 27, 2017 8:57 AM

Clive Robinson

I think it’s very important to differentiate between at least 3 types:

a) defense, i.a. against type (c). Russia is a good example. They get mercilessly smeared and attacked by diverse opponents, typically from or in connection with nato countries.
Every state must see to it that its citizens do not get victimized by evil propaganda.

b) The (classical, it seems) 1% against the 99%, i.e. kings or governments or large corps trying to control the image of reality the 99%. Often arising from going over the healthy edge of (a); often also abusing (a) as an excuse.
Most nato countries are good examples. Usually having its roots in (a) during the cold war, nowadays the systems originally created for (a) are utterly abused against their own 99% to more or less completely their image of reality. Often hand in hand with (c).

c) offensive. State, deep state, or other unholy power groups using originally for information tools, typically media and internet, for offensive purpose, typically against foreign countries or groups of countries and increasingly also against their own citizens.
The attack typically serves to change and/or control the image of reality of the targets for offensive purposes, for instance to then put the controlled population against their government. Quite sometimes used i.a. by the us of a as a first stage of war which later is followed by military or paramilitary attacks.

@Dirk Praet

You might want to think about the wisdom (or lack thereof) of putting e.g. Putin, a multiple times democratic elected president with affirmative rates above 80% in the russian population, into one pot with un- or not yet elected politicians, about whose “authoritarian” style we know pretty nothing, except what information warfare tools (“media”) have told us.
And btw. Putin actually has created a less authoritarian system with more democracy. Remember pussy riot (who were caught in a staged “evil state hunts poor artists” stunt)? Well, they actually got financial state support as artists as Putins line was “We want artists to be free and we happily accept it that they often use that freedom to provoke as provocation is an important part of art”).

Unnamed lurker March 27, 2017 10:39 AM

Thanks for not going the route of disabling comments, even if at times a handful of posters to their best to deserve it. I enjoy reading comments from Clive Robinson, Nick P (even tho I’m constantly clueless, sometimes even about what the subject under discussion is at all! Damn my ignorance, I’m an utter noob about most subjects presented here.) and many other posters.
If they couldn’t write their opinions or experiences here I would learn a lot less about any topic Bruce raised. So thanks to all these posters that do contribute to the civil discussion I see here most of the time, whenever those handful posters aren’t around.

@Rob_van Stee • March 24, 2017 3:48 PM
“Have you considered using discourse? It’s good enough for BoingBoing.”

Please, NO! TheDailyWTF tried to use it the past two years and it made their forum dwellers miss Akismet! Apparently Joel Spolsky is an insufferable genius who knows better than you how you should want your forum to be like. His interaction with legitimate users was a constant display of snark. Even bug reports by users were dismissed with a sarcastic post.
When they scraped Discourse late last year there was much rejoice, a few bugs cropped up but now roughly six months later it seems that they do not feel like going back.

What I would add to Schneier’s current forum, if I may give a suggestion, is a simple button to flag a post for mod review, plus a configurable baseline for it to really be brought to a mod’s attention. One or two flags are just misclicks; thirty are a sign that someone is being an ass or a troll.

Thunderbird March 27, 2017 10:40 AM

I’ve seen several people suggesting a moderation scheme a la Slashdot. The big problem with community mod schemes is that they promote the Big Echo Chamber thing that seems so prevalent today. Removal of trolls happens, then the immune system attacks whatever is left and you rapidly end up on one end of the spectrum or other (I suspect that Clive has some electronic metaphor that applies here)–and the site becomes known as favoring a particular flavor of opinion–and others just don’t bother dropping in.

I suspect Bruce knows that people from all parts of the philosophical and political spectrum have good thoughts on security, and that’s why he values anonymity so greatly.

Anyway, I join with the chorus in favor of less trolling and more security discussion, but suggest the people in favor of moderation consider the possible effects of such.

maerwald March 27, 2017 10:42 AM

Your freedom of speech does not compel me to publish your words.

Certainly not. But this isn’t about what you are allowed to legally do. As others have stated… apart from obvious spam and hate posts, you shouldn’t filter posts for the reader. You lose integrity the more you filter. Readers can decide for themselves what is irrational argumentation and what is not. That includes both the comments as well as your blog posts.

Keep the post deletion to a minimum please, because that is good moderation.

And as others have stated too, don’t be surprised that it backfires when you’re trying to sell things that are not really certain (yet) as facts. That’s not just related to political posts, but has rarely happened in your technical statements. And that is your mistake, I’m afraid.

A lot of anger comments were due to the intellectual laziness of your political statements, where the topic was a bit more complex than you seem to have suggested, quickly derailing your own post into anecdotal political opinion that has little news or discussion value. That makes some people angry, but also invites for irrational comments. You’re not Chomsky, but some of us expect the same finesse in your political posts as we’re used to from your technical posts.

So yeah, comment behavior these days is bad anyway, especially in political discussions. But the change in comment culture here is not completely disconnected from the way you write your posts.

Thunderbird March 27, 2017 10:43 AM

Some people have personas on this blog that are quite persistent. Think about what would happen if everyone started to identify themselves as Clive Robinson…

I’m Clive Robinson . . . and so’s my wife!

Iggy March 27, 2017 11:10 AM

I meant to add, I like the current commenting system and appreciate not being forced to “show my papers” just to ask a question or offer an opinion.

I would not favor a voting system because I’ve seen that abused where a dissenting voice is silenced by the intolerant majority. Nor do I care for “asylum trustee” style moderators, pulled from the commenting population. I’ve seen them go mad with power and soon again, the differing opinion is outright silenced.

It’s rather dismaying to see that people (well, those who are actual adults) who otherwise are even-handed, mature, circumspect and deliberative, when commenting on a hot topic such as politics, become easily manipulated into losing their tempers. And they blame who they disagree with for their state!

I’ve also seen the “regulars” at a given site who are nearly all members of X political party mob the dissenter, challenging them to defend all allegations or answer all questions (“sealioning”) from each offended regular such that as they do endeavor to meet the challenge, they end up looking like a troll. Obvious trolls are obvious.

Maybe what we need is a test protocol that anyone can use to determine if someone is a troll or an honest dissenter at this site.

When some honest commenters simply cannot resist engaging an alleged troll (we’ve all been there), it’s much easier, speaking for myself, to just walk away from the whole thing.

smudge2112 March 27, 2017 1:24 PM

I’ve been reading for many years and never posted before but always knew that I could if I felt the need or desire. Thank you for keeping the comments going and thanks for doing what you do. I’ve learned as much from the comments as the articles in many cases and both have been invaluable to me.

Jeff March 27, 2017 1:35 PM

First, Bruce, i have been reading your blog since you began and it would push me even closer to retirement if we were to lose your civility, insight, depth and breadth of exploration of the security ramifications of as much of our current civilization as you have the time to explore.
Second, i would, respectfully, like to disagree with LMK about ending comments. I agree with several of the other guests here that disagreement or expansion or tangential comments only expand my ability to grok the whole. Long live The Savant, Bruce!

J. XCheck March 27, 2017 2:02 PM

Absolutely. The decline in civility, along with Social Media echo chambers and corrupt governments are all real concerns. I admire the honesty, openness and the highest professional and ethical standards Bruce embodies.

Jan-Willem March 27, 2017 4:05 PM


The point isn’t that someone remarks on political comments from Bruce (on which you of course can disagree) or on the politics of the US,with which you can disagree as well. The point is that some people are bullying and are offending in their wordings.

I do agree with most of Bruce’s opinions and sometimes disagree. Sometimes I react, other times I let it go. But as long as you come with clear statements, without bullying and without (on purpose) offending Bruce or people who comment, I think no one will remove your comments.

Grateful anonymous coward March 27, 2017 5:44 PM

Bruce, thank you for being the human-in-charge of determining civility on YOUR blog.

Too often this is seen as infeasible or costly, unnecessary or tyrannical, etc.
Most are simply too lazy to attempt it, as such edits garner no praise until screamed for.

If more organizations found the interest/time/integrity to police their site/users with human eyes and reasonable interpretations of civility, we’d be a better society in all.

I do my best to maintain personal civility and integrity when interacting with your site for the simple reason that it is worthy of my best civic effort. It’s a great blog.
You talk about powerful deep-reaching topics and you pull no punches.

If people can’t talk about them without debasing themselves, they belong on lesser sites.
Carry on sir with my respects.

Adam C March 27, 2017 7:58 PM

Really appreciate the platform here. The subject articles cover a nice range and I have always appreciated the high signal/noise in the comments. The Internet at its best.

ab praeceptis March 27, 2017 8:58 PM

@not all but quite some

And again there is a lot about trump, nunez, and whatnot. So maybe a, granted, somewhat rude wake up call can support our host somewhat better than his quite friendly request:

Have a closer look at the abc conjecture and kindly note that the points neither need to be in Z (“integers”) nor need they be limited to 1 dimension.

Quite some mathematicians have looked at and worked on the abc conjecture and variants thereof during the last 30 years. One example that is – or should be – of high interest to us is the work of erdös,ulam looking at points in R² (the rational plane). Luckily it’s still an open question. I say luckily because it’s of high relevance to ECC and might soon leave us with not much more than RSA, which is considered to be of a (somewhat) lower complexity.

So: Are you sure, really sure, that we should keep our focus on the daily farting in washington? I dare to suggest that we listen to our hosts request and focus on our field because, frankly, ECC – and crypto and good security in general – is by far more important, at least to us, isn’t it?

Thanks for finally returning to what we should really focus on (or so I hope).

Kingman March 27, 2017 10:33 PM

Unfortunately, over many years (more than 10 years), I have noticed that this blog is dominated by a handful of individuals who – by posting incredibly long und difficult to understand “essays” – are de facto behaving like trolls. The same handful of individuals also regularly request the moderator to take down posts they do not like, an attitude you do not find on other blogs.

Also, I have noted that this blog gets more and more political. Trump bashing on the one side, calling the Trump fans names on the other side.

As far as I am concerned, I call it a day on this blog. Let the few ones have their monologues. There are far more interesting blogs, such as “Wilders Security Forums”, that offer a good alternative.

Nick P March 28, 2017 12:05 AM

@ Wael

Funny. It’s about right. It’s also why being a political moderate is social or political suicide if you don’t conceal it. Not getting on bandwagons can have negative effects. Yet, if taking action, you’ll anger various people no matter what you do. (shrugs) Gotta do something or nothing. Doing nothing is for quitters. Something it is.

Ben March 28, 2017 1:21 AM

Good post sir.

It raises an interesting point on the distinction between information security and information technology security.

How do you defend against abuse and or trolling?

MarkH March 28, 2017 7:56 AM

@ab praeceptis:

180 degrees off concerning Putin and democracy. This isn’t the place to delve into it, but I wanted to register objection.

Freezing March 28, 2017 8:36 AM

I will never be able to thank you enough for your initiative. This place is the best forum on the Internet; a glimmer of light in a shadowy world. This precious resource must go on, Bruce.
Thanks for all the fish.

Greetings from Brazil. Peace and Love ya`ll.

mostly harmful March 28, 2017 6:48 PM

This is my blog. I consider the comments section as analogous to a gathering at my home. It’s not a town square.

Some parts of the anglosphere have something called a public house.

gordo March 28, 2017 7:24 PM

@ Bruce Schneier,

Your Commenting Policy for This Blog echoes both a leaflet from 1941 and sound advice of more recent vintage.

As the cyber-physical range continues its rise, your stances on security are both help and guide. As so, they matter all the more to both amateurs and professionals, novices and veterans alike. You’ve laid and continue to lay important groundwork both in and for this new terrain.

Your blog, in a manner of speaking, is one of this new terrain’s best-kept keeps, in the best sense.

Thank you, @ Moderator and, of course, the usual suspects, for keeping it that way.

All the best.

Wael March 28, 2017 8:25 PM

@Nick P,

Something it is.

Way to go! The cartoon has a subtle inaccuracy, though. Exercise for the reader 🙂

Thomas_H March 29, 2017 3:23 AM

@ab praeceptis

(I wrote)Therefore, it is quite asinine of you to suggest that politics should be entirely banned from this blog,(/I wrote)

Speaking of “asinine”: I did not suggest that. In fact, I stated more than once (incl. today) that discussing politics should be allowed if a) concretely related to security, and b) it’s done reasonably civilized.

thanks anyway …

My apologies, seems I missed out on the words “except the ones which ab praeceptis deems acceptable” (which, going by your subsequent posts in this topic, aren’t many).

@Various: RE: Definitions of troll: One that springs to mind is gleefully attacking our host for the nasty decisions of the current US government/POTUS, decisions that Bruce may very well disagree with. That kind of thing is just uncalled for, and it’s possible to criticise the US government without equaling every single American with it.

ab praeceptis March 29, 2017 3:45 AM


Let me help you out, ignoring your sarcasm, as you seem to have difficulties to understand “in concrete relation to security”.

I have an example for you:

A us of a law that requires (or allows) isps do basically do away with the privacy of their clients is a case that is concretely related to security.

While IMO the primary issue of concern to us (field of security) is probably the technical questions, particularly the question how we can help citizens to defend their privacy, some may think that a discussion about how to fight against that law, e.g. using courts or strongly demanding congressmen to see to that might be useful.

Don’t get me wrong, I’m not against discussing politics and, in fact, am actively engaged in a political forum myself. It’s just that every (well, most) community has some focus and ours here is security.

And btw: No, it’s not me who makes the rules here; it’s our host, Bruce Schneier, in whose virtual living room we are. I might be wrong but my understanding is that he has opened his doors assuming that we, like himself, are interested in security and gathering here to discuss security related matters.

randonaccountgenerator March 29, 2017 9:32 PM

You dug your own hole on this one. As other astute commentators have noted, you took a side and a side that many people will find as distasteful as you find theirs. You have sided with the deep state and keep toeing the DNC party line, parroting obvious propaganda from numerous MSM outlets. Just like Starbucks and Kellogg’s, you could have stayed neutral but you tainted your own brand with needless displays of virtue signaling.

We don’t have to abide by your rules, that’s not how reality works. Your analogy seems to go: “Its my ball and I’m taking it home if you keep scoring goals on me”. Shelter in your “own house” with your carefully vetted friends if you find reality so distasteful. If you don’t like differing political opinions to yours: either stop bringing your own political bias into your pieces, or close the comments and create your very own liberal echo chamber safe space.

I don’t support conservative governments, never have, never will, but I sure as heck no longer support whatever the democrat-labour ones are morphing into. And I’ll be in my cold, cold grave long before I support the current collusion between the global MSM and the deep state to topple a democratically elected leader of the USA, no matter how distasteful that president is.

You were so wrong on goldenshowers-gate it was ridiculous. But the veil was pulled aside for us to see where your true loyalties lie. Not with us, the people.

John Galt March 29, 2017 10:56 PM

@ randomaccountgenerator

[[[ You have sided with the deep state and keep toeing the DNC party line, parroting obvious propaganda from numerous MSM outlets. Just like Starbucks and Kellogg’s, you could have stayed neutral but you tainted your own brand with needless displays of virtue signaling. ]]]

Money talks. BS walks.

@ Schneier

1) I’ve found that today’s internet bloggers have very thin skin.
2) Moderated Blogs are designed for CONTROL … that is, preaching to the choir.
3) When a Blog “goes south”… the subject matter is deleted/buried for all of history.
4) In other words, I look at blogging as a forum for “venting”… you know what I mean.

TRANSLATION: Blogs were designed for the emotional vent. Not real discussion. Accept the reality of what I just said. Deal with it. It’s the nature of the newly created beast, “Blogs”… and your comments today will be gone tomorrow when the next “news article” is posted on the front page.

HOWEVER, Do you remember USENET??? NNTP????

Now, in THAT forum… heated debate (REAL debate) on whatever subject was a lot of fun… AND EDUCATIONAL.

We even had a name for it: FLAME WARS.

Remember them?

Ahhhhh… The good old days.

please provide facts, references or footnotes March 31, 2017 12:46 PM

@randonaccountgenerator or @randomaccountgenerator

please provide facts, references or footnotes

@Moderator or @Bruce

What might be the pros and cons of submitting an “E-mail Address”, when posting a comment here, or what is it’s function? Would the use of Tor impact your response?

Chris March 31, 2017 3:00 PM

Hi I found this blog at around 2011 i felt in love with it immediately, i try to read it at least once a weak via the 100 latest thingy, anyhow every now and again i post something if i think its interesting,
so first thing i would do, its not going to take care of the problem completely but it might do a difference: look at the source ip range, and see if the stalkers are from that range, but using different nicknames

then if so block the range

Frances March 31, 2017 11:01 PM

It would be a shame if you had to disable the comments. I have learned a lot from them over the years even though much of it is way, way over my head. Thank you for all the work you do. And you are right about Mr. Robinson who is often very interesting, even though much of it, again, is way over my head. And he has even learned to spell! (Please, just a mild tease, not a criticism).

Clive Robinson April 1, 2017 4:11 AM

@ Frances,

And he has even learned to spell!

Not as much as it looks…

I’ve started to train the Spell Checker, but still no magic soloution 😉

BS Republican Tripe Trope April 10, 2017 11:40 AM

“TM” said :

“Over the past few months, we (the readers of your blog) have been watching your blog change its de-facto name from “Schneier on Security” to “Schneier on Politics” and the problem is that the only view promoted is that of the DNC, intel community, CNN, WaPo and other fake news.”

Frankly, you’re a nutbar. You equate focusing on actual news to a political bent, and you provide no alternative of any vale. What, BREITBART? IS that your savior?

It’s idiotic. Bruce goes into some topics that touch on politics, and there is no alternative except not going into important topics. Full stop.

Your petulant whinging about his focus being broader than YOU would like falls on deaf ears for two reasons :

One, go write your own friggin blog. This isn’t your call in any way shape or form.

Two, you have no actual factual gripe with anything he reports on, you’re fed disinformation for political purposes and are apparently too simplistic/naive to filter out that dog whistle narrative and decide for yourself what is true or has factual value. Instead, you want to “hide” from politics you don’t agree with and you want other people, in this case Bruce, to shut up about those topics? yourself, TM.

Apathycrat April 15, 2017 5:41 AM

Bravo Bruce! It’s a sad commentary that you had to take action… but that’s our world now regrettably!

v4z April 15, 2017 1:23 PM

I’m a newsletter reader, and only here after reading the section about comments in the newsletter. I was quite surprised to read several of the comments. I’ll use one as an example, this one from above:

randonaccountgenerator • March 29, 2017 9:32 PM

You dug your own hole on this one. As other astute commentators have noted, you took a side and a side that many people will find as distasteful as you find theirs. You have sided with the deep state and keep toeing the DNC party line, parroting obvious propaganda from numerous MSM outlets. Just like Starbucks and Kellogg’s, you could have stayed neutral but you tainted your own brand with needless displays of virtue signaling.

What strikes me is that if this was written with the sole purpose of destroying a commenting/system blog it could not be much improved upon. Just the first couple sentences seem very much purpose-built:

“You dug your own hole…” An attack. No explanation, no comment, no attempt to engage, simply from the first line a finger-pointing-blaming attack.

“As other astute …” Oooh. Now that is good! The implication “if you are with me you are astute!” And on from there.

The level of personal venom certainly moves the discussion away from anything remotely about security. An by perverting the discussion, it removes the usefulness of a security blog and makes it a personal thing. If the conversation descends to a level of personal attacks/defense why would anyone continue to come here, or for that matter write this blog?

Being just slightly paranoid, it occurs to me that this is exactly what it appears to be – a purposeful attempt to destroy this blog, this source of information.

After reading time after time about comments section in newspapers and other places being shut down and/or moved to FB, it seems least possible this is part of a systematic attempt to shut down communication. Am I just being naive and everyone else already knows this? If so why aren’t there comments on how to defend against this type of attack?

Sensei Mitch April 17, 2017 6:36 AM

Great post. I would add that I think removing comments would be a bad move. I do not like and rarely visit sites/blogs that do not allow commenting. Like you I often find as much value in the perspective of the commentary as I do the article. That said it is nice not having to sift through the refuse!

Patriot COMSEC April 22, 2017 9:54 AM

Got it.

This is an important blog. Information security is now a very big deal that just about everyone is aware of, and we get the opportunity to make comments which will be overheard by a leading expert.

Folks who are professionals in one security area or another get to put in their two bits. Reading this blog is good way to stay abreast of what is going on in information security and consider its wider ramifications.

Writing on this blog gives us a chance to express ourselves clearly on one of the most important issues of our time.

There are probably some folks who would like to see this blog go away. In fact, they would like to see AES-256 and Twofish get out of the hands of individuals who want to have a private communication. Do you think they like to have a person whom they respect, Mr. Schneier, argue cogently that the NSA threatens U.S. national security? No, it pisses them off.

The U.S. Constitution is still there; it has not been deleted. Free speech has to be taken care of. We have to take care of it, even if no one else knows how or why.

Bob Oliver April 24, 2017 7:40 AM

Point well made, as my mother sue to say “if you can’t make you point without shouting, screaming or using bad language, please stop talking”.

Natanael L May 12, 2017 7:18 AM

As another moderator in a security focused forum, I can only agree with you. Heavy moderation and zero moderation are both dangerous in their own ways, and both can allow the topic to stray in the wrong direction. I don’t want to force any particular viewpoint, but I also don’t want to allow any viewpoint to dominate unchallenged.

Fortunately I’m able to keep politics and other off topic comments to a minimum (the topic is simply cryptography, and anybody veering away can be pointed to another forum), which is the easiest way to keep quality high – for as long as there’s already enough dedicated members providing quality content (getting to this point is the hardest part). In that way I have the network effect and an established “culture” in my favor.

But it is very hard to decide how strict to be, because human nature don’t mesh well with strict rules. Too formal and you’ll lose visitors that aren’t willing to meet your artificially high bar. As a moderator you really need the ability to read the atmosphere and you need to understand timing, as well as to carefully judge what the appropriate response is to any given infraction. Stopping conflict early is critical. And as noted by others above, you’ll never make everybody happy.

If I would have had to moderate a much more political forum, then I would probably just have quit after the first month. You’ll either need a large moderation team of people with the right experience, or you’ll be stuck with trying to put out a perpetual dumpster fire with just a water glass.

Nick May 13, 2017 2:22 PM

Glad you have posted this and agree 100%. Sad it requires so much overhead or that it is even necessary.
As I have heard some commentators say – you have to be careful what you say as any disagreement is an invitation to be attacked.

Andy May 22, 2017 11:37 PM

Invited in your home for tea, you asked politely for me to leave, but is the door still closed, and some things change

Serene September 7, 2017 11:31 PM

My 2nd guess is : “….name of this blog is Schneier on Squid

The first time I peeked at this blog I believe the fascination was on tamper-resistant bottles. But it didn’t matter what the subject happened to be, because the topic was always the same:


blockquote>What is this? What does it do? How can I break it? How can I trick it? How can it trick me?



It was as if all my rejected recess ideas from grade school had found their way here.
And now that I can finally escape from the pressures of partisan nonsense I see that it may be trying to rear its head here. I know that won’t happen. Please don’t let it.

I need this for my sanity.

I think we all really, really need some squids and a place to roam right now. There’s likely not many here who are ambivalent about the unstoppable, immeasurable force that is data making data targeting data making more data mining data mining us..

And it is scary. It can be overwhelming, no matter how much or how little one knows. Sometimes, at least for me, it can feel pretty ominous. In fact, I think a bit of creeping dread is a reasonable response,

I just want this to be a Brawl-Free Zone. A little corner to learn and play and finally get some recess catch up with our group of the Officially Over-Curious Oddballs.

And if that doesn’t do it for you, did you check out that blue freaking squid?

Petre Peter November 18, 2017 11:46 AM

what: is gratitude
why: because of; because of Thanksgiving.
how: thank you for your hospitably

what: is “town square”
why: because i would like to be in a house from a town square; because, for me, town squares are not easy to find.
how: by opening the maps application and searching for squares inside a town; note that the squares are not squares-even when they are meant to be used as a memorial.

what: is $25 testbed
why: because i am not here to argue why the house always wins; because i am not here to see the triumph of quantity over quality; because, outside The Matrix, i am not interested in reading comments that have nothing to say; because i am more interested in a ban that describes reason, and period than a corrective comment sacrificing ban_reason, and period with politeness.
how: @Clive J i am interested in the $25 testbed

what: is alias
why: because of Shang Tsung impersonating others.
how: by admitting to notice the paradox of protecting the alias at the expense of the given name while trying to prevent Shang Tsung’s attacks of impersonating.

what: is netiquette
why: because without netiquette, i am universally trapped-working hard at working less; because without netiquette, i will inevitably argue about who watches the watchers; because without netiquette, the price of ping pong balls becomes interesting; because netiquette combines reason and politeness.
how: by keeping >emails< short; by creating what, why, how indexes for long comments.

what: is politics
why: because it seems i am arguing politics; because that’s where security comes from.
how: by admitting that politics is part of security; by maintaining my “government legislation analyst” aspirations.

what: is rule
why: because w/o technology, learning from mistakes is an expensive form of education; because i don’t care how the site works; because i care that the site works; because i read the rules to be polite; because i didn’t read the rules to memorize them; because i know that ‘on security’ gives write permission to the rules; because i admit that outside nostalgia new rulez.
how: by trying to read the safety instructions on escalators and notice that i have to block traffic or walk backward because the instructions are posted on the inside of the escalator where the stairs move.

what: is moderation
why: because i cannot seem to define the meaning of the word; because i don’t trust the rules; because i trust the moderator.
how: by admitting that ‘everything in moderation’ includes moderation in moderation.

vas pup January 24, 2018 8:55 AM

@Bruce: good article resonated with your blog rules.

While some conspiracy theories are largely harmless, others have damaging ripple-effects. With new insights, researchers are getting closer to understanding why so many people believe things which are not true:

“One pioneering experiment in Norway introduced a quiz to make sure the person understood what they had read before they were able to comment on an article. This might help people “calm down” before distributing random noise, says Lewandowsky, but at the same time it is not censoring anyone from having a voice.
Grimes has found that people set in their beliefs are unlikely to change their opinions, but those who “aren’t fully committed” can be swayed when presented with evidence. That, he hopes, means we can overturn many conspiracies if people are provided with compelling, fact-based evidence.
Lastly, we can all look more closely at what we share on social media ourselves. People often share a clever-sounding headline without actually reading the contents of the article.
“We’ve got the information of the world at our finger tips and yet we’re obsessed with empty fictions,” says Grimes. That’s exactly how misinformation and conspiracy theories can so easily spread.”
This means that we really cannot always believe what we read and hear.

Alice Radulski February 18, 2018 11:33 PM

Mr. Schneier,

I was wondering if you had any comment on XKCD’s claim that your actually just two mischievous kids in a big trench coat? As an ardent follower of your work I’m very curious as to what you make of these claims.

“CVE-2018-?????: It turns out Bruce Schneier is just two mischevious kids in a trenchcoat.”

Thank You

PeaceHead May 13, 2018 3:11 PM

@Bruce: OK. Thanks; acknowledged. I understand. Sorry if I was difficult in any way. I will try to stay more on point.

12345 June 30, 2018 11:53 PM

Please offer an ‘offline’ way to flag a comment for review, plus let us say in 80chars why we see it as not ok. I would not report a creepily unpleasant comment within view of the commenter, especially if I’m unclear about whether the moderator’s standards for unacceptable content are different from mine.

Kim October 7, 2018 3:34 PM

Bruce Force will win the day! not a pun so not sorry

For anyone who missed it: DON’T reply to trolls no matter how brilliant your come back. Imo Bruce should ban anyone who replies to any troll with trollery OR anti-trollery, since they both represent the same thing to trolls: total success.

I mention this because I know how hard it can be to resist trying to out-smart a troll. Remember the troll’s goal and reward: ANY reply whatsoever, so they know they had a effect on you, their only possible intent, their only possible reward.

Mild but sincere apologies to everyone who doesn’t need to be told any of this.

Kim October 7, 2018 3:41 PM

@12345 – rather than typing 80 chrs, better that Bruce make available a short numbered list of reasons because it helps to overcome language barriers, and eliminate off-the-mark or idiosyncratic complaints. I suppose there could be an “Other” option, but it really shouldn’t be necessary.

ElMi December 10, 2018 6:51 PM

Sorry for being (perhaps a bit too?) late but for these words on YOUR very own blog i owe You, Mr. Schneier, my deepest respect and appreciation. Sorry for having had to add this “fact” to 😉

And while we are at it: Thanks a lot for all that i have learned from You Mr. Schneier in Your different publications in some 20 years by now! 🙂 Keep on securing our world! You, Your work and Your opinion is needed more than ever! 🙂

Jonathan December 28, 2018 5:22 PM

I like how you compared the blog to your home. It is very true – what is commented online should be regarded as if talking in the author’s home, speaking to their face. It is sad that things have gotten to the point of needing to remind people of this. I’m afraid the larger majority are a younger crowd who aren’t being corrected… or instructed… how to treat others – whether on-line or in-person.

tazer2000 February 22, 2019 4:30 PM


“But I expect everyone to behave as if they’ve been invited into my home.”

Very good. We might not all know about codes of conduct or agree with diverse social norms, but I think all people regardless of culture could agree with the proper way to act as a guest in another’s home. Great way to look at it. Yet, another reason i’ve been following you all these years. Keep it up!

No One / Ex Cathedra June 18, 2019 8:55 PM

This is definitely an important blog for anyone interested in information security. I think it’s the best one around. This blog is work reading because it is very informative, and I especially like it when people talk about the latest and greatest in cryptography.

I read Mr. Schneier’s books and usually echo his views across the Internet. I am grateful that this blog exists, and I will try to help take care of it.

vas pup September 14, 2019 1:46 PM

I’ve been blogger here for many years and appreciated civility from the very beginning and your position which you stated:
“I like people who disagree with me. I like debate. I even like arguments. But I expect everyone to behave as if they’ve been invited into my home.”

I understand “And we won’t always post an explanation when we delete something.”

Unfortunately, recently many of my posts were deleted by Moderator without explanation and I point Your attention that such practice looks like Thought Police.

Please provide clear guidelines.

Chris September 16, 2019 2:33 PM

I recently came back to this blog after some time away and I have to say how partisan your (Bruce) articles and comments have been. I get it, it’s your blog. And sure, you feel strongly about how awful Trump and Republicans are to the intelligentsia and Liberal Elite.

If you are going to include harsh partisan opinions in your articles then please don’t be insulted and put off that your viewers would dare to refute your opinions. Please try and remember that others have just as much interest in trying to balance out your opinions. I’ve noticed many deletion comments where you say the comment is off-topic, though it is precisely because of your injected opinions that make those comments on-topic.

On a side note, I’m forever confused why public figures continue to say and do things that alienate half of the country. I for one live to read about the supremely interesting security topics you put on the blog, but it drives me crazy to see your clearly partisan opinions cloud an otherwise interesting post. Everyone has an opinion about politics in general, we just don’t expect and want to see it come up in a security blog.

Civility is appreciated on both sides of the isle on your blog.

vas pup October 5, 2019 2:27 PM

Please ask Moderator and let me know what is against blog’s police and subject in the following post. Thank you.

The Army Wants Killer Electromagnetic Pulse Artillery Shells

Related links:

North Korea obtains EMP weapons from Russia, could now melt most of the electronics in Asia:

“Weaponized EMPs generally come in two forms: nuclear and non-nuclear. Non-nuclear EMPs are fairly weak (on the order of one million times weaker than their nuclear counterparts), but that’s not necessarily a bad thing if you’re just trying to knock out the electronics of a small, localized area (a military base or water pumping station, for example). At this point, we have no idea if North Korea has acquired nuclear or non-nuclear EMP tech from Russia — but as non-nuclear EMPs are pretty dull, let’s just assume the worst and assume that North Korea now has a nuclear EMP in its possession.”

Could Faraday Cages protect IT infrastructure
component against EMP attack?

vas pup October 16, 2019 2:24 PM


I don’t want somebody may twist you hand in order to provide them with my e-mail address. I did not send you email only for that reason.

We all good to particular point, but THEM often behave as bosses of the mafia, i.e. give you offer you can’t refuse. 🙂

God bless you, Bruce and long life span for your blog.

vas pup December 7, 2019 4:18 PM

vas pup • December 7, 2019 4:16 PM

Thank you for the link and very good presentation. [on risk]

I just curiuous do you ask Moderator to pay attention to the answer at the end of presentation (about 1h 4min)?

I love his point!


Just in case it’ll be sanitzed before YOu have a chance to read.

Thatguy April 3, 2020 11:52 PM

A random thought I’ve noticed and have been thinking about for the past couple of weeks. Before the COVID-19 was known to exist, the United States was economically doing “well”. Stocks were at record highs, unemployment at record lows. However, as soon as we decided that we needed to shelter at home for 2 weeks. The government immediately knew, that it needed to send money out to the people and quickly. How did we go from record growth to immediately needing to send money to the majority of Americans? Were those unemployment numbers accurate? or is it that the majority of Americans are so poor that they simply are not able to get by for 2 weeks without a paycheck, even with most people working? I believe its the latter which really raises questions for me. In my opinion this whole situation is going to unravel some of the inadequacies in society, which will need to be aggressively spoken about during the Lessons Learned phase of the Pandemic.

They say everyone will eventually catch COVID-19. I kept hearing the president say ‘We can’t let the Cure Be Worse Than the Problem Itself’. Which is an interesting thought. I’ve heard people say they don’t want to ruin the lives of their children and grandchildren because of the incredible costs and consequences of treating the disease and quarantine/economic pause. I was brought up with the value that life is the most precious thing and its priceless. “No job is worth sacrificing your health.” From the Presidents daily broadcast, he keeps talking about how we are going to get the economy restarted ASAP directly contradicting what the health experts say. I thought about why they keep callously talking about the economy and trade instead of the well being of the people.

In my opinion the issue runs deeper. Even though the virus itself wasn’t anyone’s fault, I don’t believe we should be in the position to choose between economic catastrophe and peoples well being and safety. What if people were paid enough so that they had an emergency savings. What if Corporations weren’t buying back stocks or giving C-suite millions in bonuses during their record profits, instead of saving for a future “rainy day”. I mean obviously no one could expect a pandemic, but going through recession/growth periods is normal. Instead of allowing corporations to viciously exploit its workers, government, and country. We might not be in such a hurry to force the economy to restart before shit hits the fan.

I’ve heard people say, “well at least the government isn’t bailing out corporations this time and sending people money instead.” And while I do applaud the gesture. In my opinion that IS bailing out corporations again albeit indirectly. The whole ecosystem of corporations, shareholders, workers rights, lobbying, corporate taxes etc needs to be reassessed and corrected. I believe in Capitalism, but it’s been warped to far from sustainability. What if corporations were forced to give meaningful amounts of shares or ownership to all of its employees?

Anyways, thats what I have been chewing on lately. Maybe im way out in left field in my thinking.

Clive Robinson April 4, 2020 8:51 AM

@ Thatguy,

You are going to hate me for saying it but the answer to all your questions can be traced directly back to,

The Great American Dream.

It’s a fight of “Individual-v-Social” “rights and responsabilities”.

The American Dream is not just unbalanced it’s unhinged, I know people will hate me for saying so but it’s a fact.

In effect it’s the equivalent of raising wildcats for nastyness then throwing the lot in a bag to see what happens… I think most of us know what the result is.

The American Dream favours “psycopathic” behaviours and rewards them not only with wealth but mating privileges that derive from it. Thus you can see where that will lead.

When you abstract out the ideology and rehtoric practical communisum and practical capitalism are the same, it’s about aquiring status be it via power, wealth, or a number of other tools of subjugation. Either way it suits the psychopaths or as others put it the “Hawks” in a “Hawks-v-Doves” first order approximation “game theoretic” way.

A balanced society knows that a balance has to be struck. Capitalism with a small “c” generates “utility” socialism with a small “s” taxes some of the utility for “social good”. Now contrary to what many people say by rote not understanding socialism is a fundemental necesity for capitalism to work. Because socialism like the tide raises all boats, it build the infrastructure that all need and use including capitalists.

The US is actually quite unbalanced and as a result extreamly fragile. I’ve pointed out several times long before this pandemic that outsourcing, long supply chains and over reliance on technology are bad. I’ve also pointed out on this blog long before that healthcare is not just a “social good” but a necesity to survival, because infection is no respector of any man made status distinctions, a sick nexus in the population due to healthcare poverty means that all get ill eventually. When Ibsaid it I was not expecting a pandemic to come along and prove it and all my other points above.

But it has, and the only real question is,

    Will things change, or more importantly will they be allowed to change?

Currently I think the answer is no, because there are way to many vested interests, who can not see past the next quaters bonus etc. Short term thinking has made America a very sick and fragile place, and I fear it’s beyond the tipping point…

zeroID May 29, 2020 5:12 PM

Bruce initial request was published in 2017, now in 2020 the comments on any blog or forum are mirroring the large society split, almost doesn’t matter from which country are the posters coming. Primarily the top runners of politics are rude and the posters partisan comments just reacting on the behavior of those boon fellows.

xyz July 6, 2020 12:33 PM

@It • May 31, 2020 9:47 AM
And sometimes delteing post without clarification of reason – like blog’s internal thought police is on duty, but there is no 1st Amendment right on the private blog. That is reality you have to accept.

name.withheld.for.obvious.reasons August 12, 2020 7:25 PM

@ Bruce Schneier

Know you are busy, have enough on your plate, and you certainly don’t need more attention to be paid on the moderation routines…but I hope I have a quick question.

What is or has been the tenure here and do you see any trends or issues that might be of concern?

We are in this together in a way, and as a community I can only hope that I am holding up my end of the bargain.

Thank you very much Bruce for all the years that you have dedicated to the subject and your willingness to speak clearly and with depth. Your voice is most appreciated, wish we had more of you about the world.

Respect and Admiration (not in a creepy or hinky kind of way),

Goat December 20, 2020 7:13 PM

My two cents: Can we consider disabling the url entry and the a tag.. The links wouldn’t be clickable, thus avoiding exploit of trust(good) and reduce incentive for spammers.

Goat December 20, 2020 7:34 PM

Those pitching for registration, at current layout it may be deceptively ensuring, for the trust ascpect

Someone Trusted December 20, 2020 7:13 PM

I can just kind of imitate them.. But this makes me curious can this comment box be used to craft different deceptions, that may be more dangerous.

Weather March 19, 2021 3:08 PM

I might be blocked, but a basic sever side script the is profanity )2 would take a lot of work load off, and I did post I read the blog a week before posting and some how assumed it was in some way my fault

Taz March 26, 2021 7:50 AM

I agree.

Can you explain this?

I don’t know Stallman or Applebaum except through wiki, but the picture being painted of Tor is not pretty. A toxic place where little gets done.

Perhaps this decline is inevitable for any organization, especially civic organizations – but I think you’ll find that the public’s tolerance for such nonsense is wearing thin.

ie”Go do your posturing on your own nickel/time, when at work DO YOUR JOB”.

I sincerely believe one doesn’t get much from Tor donations. They appear to be beyond hope/redemption. So tragic, because the public’s enemies have increased their competence.

Weather May 15, 2021 10:33 PM

Some people have interest posts, but like you asked wood through trees? This and your will get deleted due to wrong thread, but your welcome back.

Jared Hall July 3, 2021 12:48 AM

CVE-2021-34527 PrintNightmare

1) Does anybody know if PrintNightmare has been packaged for distribution?

2) If Email is a distribution channel, what are it’s signatures for identification?

Any thoughts or comments?


Anonymous August 29, 2021 11:37 AM

This article encouraged me to read the comments section, which I rarely do.

Bruce, you shouldn’t be moderating, there are way too many comments and it’s impossible to keep up. It is too much of a burden for you.

There are “automated” solutions to remove vulgar comments. (AI?)
Also, why not ask the readers to moderate the comments (Move the comment up or move it down)
Maybe even encourage meritocracy.

In all cases – Keep up the good work.

vas pup January 12, 2022 4:19 PM

Hello Bruce,
I was not surprised my post (on 01/11/2022 PM) related to DW article about Senate hearing related to new units in US DoJ and FBI was sanitized.
As I stated at the end ‘I hope it’ll survive’, but unfortunately it was not.
At the end of the post I provided my reasonable concern if those unit will not concentrate on violent acts only, but just chase folks with other opinions they decided not in a mainstream, we do have real trouble.
Patriotism is nothing to do with blind loyalty.
Constructive critics of Government policy, actions you name it is within 1st Amendment constitutional right, and is for those who really concern about vector we are moving towards.
I wish You or/and Moderator made that decision without external pressure – you know what I am talking about.

I live in USSR and uniformity of opinion and intolerance to the critic was one of substantial reason it collapsed.

Foo Dawg March 21, 2022 11:42 AM

Thanks Mr Schneier, long time fan, away for awhile and found this- agree 100% about the decline in commentary, and have witnessed same elsewhere- decline in civility that drives away valuable comments that are as much as 50% of the total value.

I’ll do my part tho its hard not to want to b1tch slap the obvious trollls who camp on your platform for one reason or another.

Seems to occur in waves with obvious correlation to current events.

Thanks for your fine work and dedication to keeping this the invaluable resource it is for lay people to get some idea whats going on.

standing desk January 28, 2023 8:59 AM

The standing desk is perfect for any home office. Consider the alternative: no matter how much research you do ahead of time, there’s simply no way to ascertain how comfortable – or how cramped – a traditional office desk may be until you try it out yourself for a few weeks. And in order to do that, somebody (probably you) needs to assemble a damn desk in your abode. This can be a daunting task, and an exercise in frustration if you get your measurements wrong. Call me crazy, but there are only so many hours of blood, sweat, and tears a person can put into FIZIBO purchase before Consumer Stockholm Syndrome inevitably sets in.

What are the best standing desks?
Whether you’re working from home or in an office, you’ll know the discomfort of sitting in one place for too long. Pain in your lower back can be helped by using one of the ergonomic office chairs, but neck pain and other aches often stick around the whole time you are sat down. One thing that can help with that is a stand up desk, which is a lot better for your body’s health. If you’re worried you’ll have to stand forever, it’s OK: The best standing desks can switch between standing and sitting mode, allowing you to sit down when you’re just not feeling up to being on your feet.

The FIZIBO height adjustable desk can also meet the use and adjustment of multiple scenes and multiple groups of people, such as sedentary office workers, creative workers, students, people with cervical and lumbar pain, and so on.

Working from home sure is en vogue these days, but not every home is conducive to work. That all changes when you’ve got a standing desk behind…err, in front of you.FEZIBO Crank standing desk small helps create a better work environment by allowing you to move throughout your day. By manually turning the crank to raise your desk, on the one hand, your wrists are effectively moved, and you are refreshed during long work. On the other hand, switching between different postures of standing and sitting will promote work efficiency and keep your mind more active.

FEZIBO standing l shaped desk,Multi-Purpose in One might just be the best investment you ever make for your home office; the beautiful tabletop is just as elegant as it is functional. A stabilization bar, built-in USB ports, and useful anti-collision feature put this standing desk at the top of the heap, making it our top pick.

Trustworthy: The concept of FEZIBO standing desk is to make and provide office furniture that is well-built, affordable and designed to create an energetic and supportive workplace
Robust Lift System: FEZIBO Lift System offers height adjustment from 27.6 inches to 47.3 inches, enhancing the efficiency when using with lower noise (under 50 dB)
Memory Function: The height of the stand up desk can be preset by 3 memory buttons. Height customized function brings convenience to different people who use this electric desk.
Reasons to consider a standing/sit-stand desk for your home office
Why should you test-drive a standing computer desk or a standing gaming desk? Well, working from home is more popular than ever, and the more time you spend hunched over a laptop keyboard with poor posture, the worse it is for your neck, spine, hips, and knees. (And psyche, probably.) From a holistic standpoint, an uncomfortable workstation can become a ticking time bomb for potential injury – both short- and long-term.
According tothe American Chiropractic Association, back pain is the cause of disability worldwide; half of all working Americans admit to back pain symptoms, accounting for more than 264 million lost work days each year. says stand up desks can also help curb unwanted weight gain, lower blood sugar levels, reduce back pain, and improve your (presumably persnickety) mood, among other positive benefits. Plus, if you’re concerned with unwanted weight gain, standing and sit-stand desks may help combat obesity (to some degree); the human body burns more calories while standing up than it does sitting down.
Granted,standing in place for extended periods can be just as detrimental to your spine as too much sitting, so it’s important to find the proper balance. At the end of the day, a than hours of cramped, unhealthy posture.
Just remember, a standing desk is no substitute for proper fitness and nutrition, spending a little more time on your feet isn’t going to reverse the effects of a sedentary lifestyle overnight. For certain demographics, however,such as middle-aged folks with daily back pain-standing desks can be an excellent tool to improve one’s quality of life. Everyone has a fitness journey, and when it comes to professional productivity, an ergonomically sound workstation is a proverbial step in the right direction.

Many adjustable standing desks are designed not only with enhanced ergonomics, but also adjustable settings that let them slide into places most stationary desks can’t. Enhanced mobility is never a bad thing, to be sure, especially when it comes to your home office. The more dynamic (and/or cluttered) your workspace, the more you’re bound to appreciate a standing desk. And the style of the standing desk with drawers enhance the overall decoration.You will have wider and more efficient space for a minimalist lifestyle. Your workspace, the more you’re bound to appreciate a standing desk.

Mury March 26, 2023 9:26 AM

As someone who has lived outside of the box for most of my life and has also been censored numerous times for stating unpleasant facts, I am passionate about the topic of free speech and censorship. Unfortunately, free speech has been weaponized, and minority voices are often silenced in a group-think world.

If in any conversation, you are finding any enjoyment from being in the majority and winning the “argument” you might need to check yourself. After all, in extreme examples, it does kill people, and I’m sure most people reading this don’t want to be even partially responsible for killing anyone. Certainly there are many less serious, yet negative consequences of groupthink which are exacerbated by censorship.

Censorship can occur on many levels, from personal dismissals to moderators deleting comments, to massive platforms like Facebook or Twitter, and on the far end of the danger spectrum… nation-states. I strongly believe that we will not advance as individuals or as a human race if our first instinct is to censor. Instead, we must strive for productive discourse and resist dismissing differing opinions.

While civility is crucial, I believe knowledge is even more important. Without knowledge, there is no advancement. Remember that knowledge is most often a multi-directional flow. Therefore, forums like this are the perfect place to set a good example, where intellectual conversation can drown out keyboard warriors.

I also believe that sites that only allow one side of the story to be told lose credibility. If you force me to go to another source to get the other side of the story, you become a propagandist. You cannot be a beacon of light when you shut yourself off or shut off those you hope to enlighten.

Stay the course and find strength in facts, learning, and progress, not in the fleeting, euphoric rush of agreement.

Anonymous October 18, 2023 2:46 PM

“We reserve the discretion to delete comments that are generally understood as any of the following: obscene, profane, threatening, contain personal identifiable information, or otherwise inappropriate”

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.