Re: SOS

18 Nov 2013

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cathal,

Thank you. Yes, we were NOT going to use without chaining.
We'll just give it a try for a month, and dig sum deeper.

Cheers,

Lilith

On 18/11/13 15:00, Cathal Garvey wrote:
...
Tokens are a clever way to solve a specific problem; when you sign
up for a VPN service, whether with credit card or bitcoin, the
service knows that *one person* has just signed up, and *this
person* is the one using the secrets and settings provided to allow
access to the network.
Tokens are transferable, and transferring tokens is encouraged.
This means that when I buy a token, the service cannot know for
sure whether I am the one using them later on, or someone I've
given them to or sold them to.
However: The VPN provider still knows that *this IP address with
this configuration of settings and this operating system (+version)
is using this browser to connect to these sites at these times*. In
other words, the actual identities of users are still very much in
the clear to the VPN provider if no other steps are taken; tokens
just make it harder to correlate these users with the payment
information provided, and can potentially allow many users in the
same city (who may be NAT'd together at the public-IP level) to
achieve increased anonymity by mixing their traffic.
You can make things much more secure (I think?) by chaining VPNs, 
because now the first VPN knows your public IP address, and the
second knows your traffic, but neither knows both unless they
collude. However, both probably still can infer a lot by your
OS/Browser/Access times/traffic volume, etc.
On Mon, 18 Nov 2013 12:40:18 -0500 Lilith Lela
 wrote:
...
Hi,
We received a request from https://twitter.com/S0Sph for us using
and recommending this site/service http://sos.ph/
Earlier, a few weeks ago, I had been briefly looking at this 
https://cryptostorm.is/
These darknet tokens. R it useful in activist contexts? What you 
think? Got perhaps (external to this service(s)) links and/or 
insights for us so we can figure out how it works exactly, and
what its vulnerabilities r?
Cheers,
Lilith
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSinunAAoJED5ZhUWuz7u0iKQH/3QuSe1aaSgyF4Jx0tmkJxzC
6NsBYIiU4rgxwCqWMgGXno1C0d2g2VcBidSCC+I7oXEpL6XMoNeAkVbaNfu1RKi2
9SwDvI/QlBGgV1z8AFFjtJVd7lElJsDaKcMOS5KsYPyhoiStuwKdLgea/zLrBwxh
Z4SR1gcJcgN7N7aUmhEqtu4JC0xHDcVsDXqY6t05vf15U7XFz/aUQdVdy66ov3RN
wz3o3w7FBl3iSgfkmUwT9QTxSqXAcmDJ+ppuIFvC8OvXFkjdAleGnlaucaM69DAJ
UYgtUOZgIBu+UcH1IDGjbB9UVEoj8AXtQQMOxL/CzobvxeFihAa3DHBDRW2xeHI=
=9bVr
-----END PGP SIGNATURE-----