-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cathal, Thank you. Yes, we were NOT going to use without chaining. We'll just give it a try for a month, and dig sum deeper. Cheers, Lilith On 18/11/13 15:00, Cathal Garvey wrote:
Tokens are a clever way to solve a specific problem; when you sign up for a VPN service, whether with credit card or bitcoin, the service knows that *one person* has just signed up, and *this person* is the one using the secrets and settings provided to allow access to the network.
Tokens are transferable, and transferring tokens is encouraged. This means that when I buy a token, the service cannot know for sure whether I am the one using them later on, or someone I've given them to or sold them to.
However: The VPN provider still knows that *this IP address with this configuration of settings and this operating system (+version) is using this browser to connect to these sites at these times*. In other words, the actual identities of users are still very much in the clear to the VPN provider if no other steps are taken; tokens just make it harder to correlate these users with the payment information provided, and can potentially allow many users in the same city (who may be NAT'd together at the public-IP level) to achieve increased anonymity by mixing their traffic.
You can make things much more secure (I think?) by chaining VPNs, because now the first VPN knows your public IP address, and the second knows your traffic, but neither knows both unless they collude. However, both probably still can infer a lot by your OS/Browser/Access times/traffic volume, etc.
On Mon, 18 Nov 2013 12:40:18 -0500 Lilith Lela <lela@cyberguerrilla.org> wrote:
Hi,
We received a request from https://twitter.com/S0Sph for us using and recommending this site/service http://sos.ph/
Earlier, a few weeks ago, I had been briefly looking at this https://cryptostorm.is/
These darknet tokens. R it useful in activist contexts? What you think? Got perhaps (external to this service(s)) links and/or insights for us so we can figure out how it works exactly, and what its vulnerabilities r?
Cheers,
Lilith
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJSinunAAoJED5ZhUWuz7u0iKQH/3QuSe1aaSgyF4Jx0tmkJxzC 6NsBYIiU4rgxwCqWMgGXno1C0d2g2VcBidSCC+I7oXEpL6XMoNeAkVbaNfu1RKi2 9SwDvI/QlBGgV1z8AFFjtJVd7lElJsDaKcMOS5KsYPyhoiStuwKdLgea/zLrBwxh Z4SR1gcJcgN7N7aUmhEqtu4JC0xHDcVsDXqY6t05vf15U7XFz/aUQdVdy66ov3RN wz3o3w7FBl3iSgfkmUwT9QTxSqXAcmDJ+ppuIFvC8OvXFkjdAleGnlaucaM69DAJ UYgtUOZgIBu+UcH1IDGjbB9UVEoj8AXtQQMOxL/CzobvxeFihAa3DHBDRW2xeHI= =9bVr -----END PGP SIGNATURE-----