torproject forum hosted by 3rd party, not least of problems
On 1/13/22, nusenu <nusenu-lists@riseup.net> wrote:
Since tor-talk is apparently going to be closed down soon [1], here are a few suggestions:
[1] https://gitlab.torproject.org/tpo/community/support/-/issues/40057
let us know whether/when you will be closing tor-relays as well
https://lists.torproject.org/pipermail/tor-talk/2021-October/045779.html " I was surprised to learn that the forum is _not_ self-hosted on torproject infrastructure. It is hosted by "Civilized Discourse Construction Kit, Inc." the company behind discourse.org. That means the torproject does not have full control over the infrastructure and its security and logging practices. The forum privacy policy mentions that IPs get logged and stored over an extensive amount of time https://forum.torproject.net/privacy As Jérôme pointed out [5] the forum is also subject to discourse's privacy policy " Lol. Not to mention that hosted and "web" based means that users can, unlike distributed standalone email, now be more central exploited on attack surface from server side in browser/JS/etc by rogue, bought, mole'd staff, corp changeup, court order, etc at these companies. And who cares what the channel is when every single Tor Project communication channel has been intentionally "bricked up" and 100% fully and completely censored for *years* by the Tor Project Inc to avoid embarassement, avoid being called out, preserve their personal cashflows, keep users from learning all of tor's weaknesses and then forking or developing better, more variety, and or more resistant anon overlay projects etc. After all, Tor's monetary captured people rake in multiple millions of dollars every year, including by problematic fundraising nft drops, off a conveniently Govt funded design that's well over 20+ years old, that even the NSA was quoted well over 10+ years ago saying that the NSA could exploit tor. NSA GCHQ FVEY and myriad private and GovCorp adversaries have all since then advanced their attacks and technology light years ahead of tor's baked design. While Tor adds irrelavant non-design trappings and periphery and social-activism, decides to cancel users free concious choice to use v2 Onioncat IPv6+UDP transport for whatever they want and terminates that entire good class of usage, innovation, and app development within onionland, censors user and operator knowledge of same, ejects people who like code but refuse to apologize for Tor or/play its socio-politic, game, monoculture, and more, Tor's Government funded social marketing engine also consumes and starves out a lot of funding from and steers messaging in a space that needs a distributed nature in all things. If the world knew how the Tor Project Incorporated has become total hypocrites of the Freedom of Speech they claim to support, Tor Project would be defunded, users would leave in disgust, and the crypto overlay network space would flourish anew generation again. The fact of Tor Project's secret censorship agenda alone is enough. Add in refusing to routinely acknowledge and publicly disclose for users in exceedingly prominent places that Traffic Analysis and Sybil are in operation, actually removing warnings from their website, pasting over them with safe sounding phrases, putting users at risk that way, among many other problems... makes things even more serious. https://www.hackerfactor.com/blog/index.php?/categories/19-Tor " Today, the Tor Project seems to be more focused on fund raising than actual privacy, anonymity, or anti-censorship. " "Tor Stinks -- NSA"
https://www.hackerfactor.com/blog/index.php?/categories/19-Tor
Why would people buy NFTs, or donate at all, if tor has so many problems?
Tor Project Inc censors all its mailing lists, blog comments, forums, bug trackers, and probably even cleans its social media feeds. When you delete and censor the "bad / truth / alternative POVs", no one can see them, and thus people have nothing to think but what the propaganda and sales teams are indoctrinating them to. The advertising collateral Tor provided with the NFT sale didn't disclose the any of these things to the potential appraisers and buyers trying to evaluate and price the NFT, let alone that it wasn't actually the first onion.
How does it control the media exactly?
Was that said? But ok... Privacy is a cute fash techno topic the media drools over, yet ever see TPI talking about these tough issues at all to the media?... No. Media prints what it hears. That's how. And when that $$$ and staff are helping or running some of the larger conferences in the space, sponsoring and traveling their own people around the planet on that $$$... influence is present there too.
I thought the US Gov abandoned tor, is that not the case?
Look at Tor website corporate filings... still raking in millions from government entities and hardly govt-clean orgs. Still working with employees of government, board of directors ties to govt work, funds, and revolving-door, etc. Even recent head Tor Shari Steele husband NSA DOD Bill Vass. https://bvass.wordpress.com/tag/electronic-frontier-foundation/ And earlier, hired CIA agent DaveC too... https://lists.cpunks.org/pipermail/cypherpunks/2021-October/091554.html
You were able to speak out.
They clicked the wrong button on their censorship dashboard. Search cypherpunks list if you want to see peoples uncensored posts. More will come.
"...even the NSA was quoted well over 10+ years ago saying that the NSA could exploit tor." Could you provide a link so I can share?
search: "Tor Stinks" NSA presentation / slide deck https://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-pre...
Theoretically, if the tor project was producing bad code,
No opinion on the code itself. Other than features they're removing from people.
it would ... even be forked.
A fork away from Tor Project Incorporated, by people who have nothing to do with Tor or its people, is worth exploring. Also, entirely new projects should start making new independent overlay network designs. Competition drives advancement.
What, if anything, is holding up the OSS process exactly?
Besides funders [sponsoring [busy]work], the Tor Project Inc and its minions control what Tor does, and the DA's are chosen by, and effectively made up of and sworn to them too. The larger OSS world is free to do whatever it wants with tor, it uses BSD-3 license.
I was under the impression that in a distributed system, "Traffic Analysis" through a Sybil attack was always possible. Is there an alternative?
Possibility always there, a question of costs, odds, analysis, opportunity, etc. People have suggested various ways of reducing the risk, and than the methods Tor Project have lately begun trying. Check cypherpunks, anonbib, other projects... some of them are there. https://www.youtube.com/watch?v=Zmvt7yFTtt8 People are free to think and do what they want.
That's a decent collection of things users, donors, projects, etc should keep in mind. However that link is missing the censorship that Tor Project has been doing, among other things that have been covered here over past few years of tor subjects. VPN's aren't panacea either, mere tools, and like all tools, have uses and tradeoffs. And almost no tools are really doing anything today against Traffic Analysis and Sybil. TA and Sybil feel like downplayed and taboo subjects that need aired out across the entire privacy, devel, analyst, journo, and project space. Is the quiet due to Tor Project's big and funded voice always talking about other things and demurring on those... you decide. More will come. "Tor Stinks -- NSA"
https://www.hackerfactor.com/blog/index.php?/categories/19-Tor Even recent head Tor Shari Steele husband NSA DOD Bill Vass. https://bvass.wordpress.com/tag/electronic-frontier-foundation/
And earlier, hired CIA agent DaveC too... https://lists.cpunks.org/pipermail/cypherpunks/2021-October/091554.html
"...even the NSA was quoted well over 10+ years ago saying that the NSA could exploit tor." Could you provide a link so I can share?
search: "Tor Stinks" NSA presentation / slide deck
https://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-pre...
just for stating the obvious, "Tor Stinks" means that tor is _frustrating_ for the nsa, not that it has problems with anonymity. it _does_ have small and glaring problems with anonymity, but it still really frustrated the nsa. tor is painful for everyone involved. painful things can raise a stench when they go on for a long time. maybe if we didn't have tor then spy agencies would help secure people's firmware and software a little better. exploits provide for far more reliable logging than network compromises.
On Wed, 26 Jan 2022 22:06:47 +0000 jew-nazi <gmkarl@gmail.com> wrote:
just for stating the obvious, "Tor Stinks" means that tor is _frustrating_ for the nsa,
which is a fuckingly stupid lie, picked up by assholes who defend tor(you). But even the tor scumbags themselves admit that tor is a stupid joke that can't 'by design' work against 'global passive adversaries', like the fucking NSA, or actually anybody who controls a couple of 'autonomous systems' or an 'IXP' etc. hell, even your ISP can spy on you using 'website fingerprinting'
On 1/26/22, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
just for stating the obvious, "Tor Stinks" means that tor is _frustrating_ for the nsa,
which is a fuckingly stupid
par for the course for me? i was a little worried because of the quoted questions. seemed some wider context was worthwhile. don't know anything about the nft sale. crazy decade.
lie
i don't know what's up now, but there's an idea that anybody who uses tor can be considered a worthwhile surveillance target, simply because they use it, rather than any idea of what they are doing with it. messaging that splits the userbase might support validating such a goal. a cool thing in the past was using tor over tor. onion those onions. you can also get a vpn, and use tor over the vpn, and then connect to a further vpn over tor. you can even go to a coffee shop and do this. and then you can use i2p over tor, too. i'm also aware of cjdns which is fun.
https://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-pre...
"Tor Stinks" means that tor is _frustrating_ for the nsa, not that it has problems with anonymity.
"Tor Stinks" was two "good" words about tor out of a much larger context and future workplan, much between the lines.
it still really frustrated the nsa.
That was 12+ years past tense. The question should obviously be not what was frustrating then, but the degree to which "Tor Stinks" (bad words about tor) even more today given estimated success of those plans. And regardless, people should develop deploy and try new competing designs, even if only for comparative review and diversity away from Tor, and to give spies more things to burn their cycles on.
spy agencies would help secure people's firmware and software
Which, like cryptocurrency, could put the Spies, and the States they work for, out of business. Since, absent first use advantage, better FW and SW is global, they may be disinterested in that. People should question proclaimed benevolence... https://en.wikipedia.org/wiki/List_of_NSA_controversies https://en.wikipedia.org/wiki/Human_rights_violations_by_the_CIA https://en.wikipedia.org/wiki/List_of_CIA_controversies ... and should instead just make the improvements themselves, without, and thus deprecating, the spies. see: #OpenFabs , #OpenHW , #OpenAudit , #FormalVerification , #CryptoCrowdFunding , #OpenTrust , ... No Govt/Spies needed there. In fact, you're free to observe the entire thing.
participants (3)
-
grarpamp
-
Punk-BatSoup-Stasi 2.0
-
Undiscussed Horrific Abuse, One Victim & Survivor of