On Mon, Jan 10, 2022 at 1:20 AM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Mon, 10 Jan 2022 00:49:28 +0100 Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
On Mon, Jan 10, 2022 at 12:40 AM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
that's a ridiculous comment because you do NOT know which nodes are 'trustworthy'
Well, I can only speak for myself, because I know some operators of those nodes and ran in the past my own.
that still means nothing. Notice also that one of the basic ideas behind tor is to use routers in different 'jurisdictions'. The chances that you know 'trustworthy' routers in 3 different countries are...zero.
And even if you did, the comment is still wholly misleading because the typical attack against tor is based on 'traffic analysis' based on packet/byte counts and timing. And those data are not 'encrypted'. So you can choose all the 'trustworthy' nodes you want, you are still fucked.
Quote:
MULTI-LAYERED ENCRYPTION
Your traffic is relayed and encrypted three times as it passes over
That has nothing to do with what I said. Encryption does not prevent traffic analysis at all. Those three layers of encryption are stripped off at the end, and if you connect to an http: server for instance, then the server's ISP sees all the plaintext.
On the other hand, connections to 'hidden services' are end-to-end encrypted and you know you're talking to the 'right' service because the url is the public key so that's good, but it's a property that's independent of any node selection you can do.
So...the 'hidden services' infrastructure does provide end to end encryption and some kind of public key management but that's about it. (I need to take a look again at the details of the DNS system, because it's probably another surveillance/weak point)
Please forget for one moment the encryption and anonymity people like when using Tor. What I proposed and can do with such a set-up is run with my friends in a local community a Network, once we all come home and exchange (encrypted) messages or files, with whatever device we like to use and without relying on a third party client-server model so to speak, let alone that we do not need a static IP address, or external email service and what not and it is super simple to use and the Golang software is small and easy to use compared to setting up an Apache2 or Nginx web server etc. Regarding using Gougle Groups etc. which you hate or do not like ... I use Usenet since 1985 and the reason why I use Google Groups links is that Google Groups has a retention Usenet Servers do not have, and the URLs can be inserted everywhere. Regards Stefan