I'm looking at orbot and seeing it has "circuit padding" now. I don't know whether this meets the requirements of chaff, and would like to know. I want to point out that zenaan harkness compiled posts from this list about research attributes a technology needed, to stay anonymous. I haven't read them, myself: I'm only aware of the chaff issue. My way of making change in the world is to make a strange stink that could get authorities to take action for something unrelated. When they take the action, they stumble on information about corruption impact and try to fix the situation. Repeat until actually fixed, shift environments if needed. If I can get message delivery working for this list again, I can stick around to stay on issues like the forthrightness of Tor for defending journalists and activists. It would be helpful to know what is actually needed. I am very very very slow. Yes I do likely have schizophrenia and am posting this like a dream, yes I was brainwashed by something like a corporate mafia, and yes you can't clean up a blockchain on a timescale that anybody cares about.
Looks like circuit padding's been around for 2 years now. Guess I'd better plan to learn its limits eventually. [thread:schizo]
On Fri, 28 May 2021 10:10:29 -0400 Karl <gmkarl@gmail.com> wrote:
I'm looking at orbot and seeing it has "circuit padding" now. I don't know whether this meets the requirements of chaff, and would like to know.
according to their docs that padding is supposedly a defense against 'netflow' based analysis. I think 'netflow' is the name of the packet counting system on routers or something like that. there is no reason to believe that such padding achieves much.
Well, I was confused when I posted that, but there's actually a whole padding infrastructure set up that appears configurable somewhat. https://github.com/torproject/torspec/blob/main/padding-spec.txt With some review a proposal could theoretically be made to make things constant-bandwidth for those who have the patience and bandwidth to use that. The min-max times are consensus parameters and they describe the distribution. I'm not a privacy expert, but I can compare two matrices of bandwidth usage changes, and wouldn't be able to if they weren't changing.
I posted back then that even simple netflow analysis by cooperated ISP's, tier-1's, etc could be used to match and discover endpoints. Then Tor/MPerry rolled out this padding. It has some level of benefit against some netflow analysis under certain use cases. As with other "Tor Stinks -- NSA", it doesn't defeat other more general powerful forms of end2end and or endpoints analysis, or cover other use cases. One general form of full chaff has been mentioned that might be able to do that, and even disable some active attacks that traffic analysis could pick up. It is yet unexplored whether that chaff could be done via the anti-netflow apparatus above. Tor Project sees full chaff as incompatible with their views of users needs and nodes, thus they will never implement it. Tor Project is already arbitrarily claiming bogus reasons to kill off users reasonable and rightfully self gauged tradeoffs made regarding their own free choice to use IPv6 and UDP applications across tor v2 onions using tor + onioncat, users will never be able to use those apps, including say voice/video chat, bittorrent, future protocols. Tor Project Inc and its minions prefer to silence, censor, kick, and ban independent voices than credit and or address critique. Tor Project Inc just censored at least two more messages in support of tor users in one week. Tor Project claims to be about anti-censorship, they are hypocrites, that is sad, and might likely end up being more than a bit dangerous to users. Tor Project gets paid $Millions of dollars to do these things.
On Sat, 29 May 2021 06:37:45 -0400 grarpamp <grarpamp@gmail.com> wrote:
I posted back then that even simple netflow analysis by cooperated ISP's, tier-1's, etc could be used to match and discover endpoints. Then Tor/MPerry rolled out this padding. It has some level of benefit against some netflow analysis under certain use cases.
translation : it's just for show and mostly useless.
As with other "Tor Stinks -- NSA", it doesn't defeat other more general powerful forms of end2end
just one sample https://en.wikipedia.org/wiki/NarusInsight "Narus is noted for having created NarusInsight, a 'supercomputer' system, whose installation in AT&T's San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T"
Tor Project sees full chaff as incompatible with their views of users needs and nodes, thus they will never implement it.
lawl - the torturds know it's 'incompatible' with the orders they get from the pentagon. No need to even pretend that their excuses are 'bona fide'.
Whenever you make a big project that threatens the major stuff, people come in and mess it up, put others in powerful roles, send misleading communications, adjust websites and dialogues to change public impact, spend lots of money ... It's great to change that, but it's also just what happens. Tor's ability to leave functionality gaps hinges on its users being unable to take advantage of them easily themselves. But if you can go into a community and creatively lobby more effectively than the people already do so, things change. Revealing things repeatedly can also help. Thinking a little on an app that users could use that reveals tcp traffic at a distance. Maybe by measuring changes in torrent and other transfer speeds? It's a small statistic, but once something's significant it's there to display.
On Sun, 30 May 2021 12:53:10 -0400 Karl Semich <0xloem@gmail.com> wrote:
Whenever you make a big project that threatens the major stuff, people come in and mess it up,
tor was created and is fully controlled by the US military. Do not spread misinformation about it. Nobody 'came in', the criminals who created tor were always there. Look up paul syverson.
My memory is not completely the same as yours, but it does seem important to be willing to take and improve on things made by people we do not trust. I lose some technical advantage by using mostly free-licensed software; it reduces my options in emergencies. Still, it's certainly very important to support whoever tor's next competition is. I'm not remembering the project names I know offhand I'm afraid.
Juan, do you know anything about the fake-looking websites that replace the normal websites of controversial projects once they get well-known? One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ... Do you have any opinions on this?
On Sun, 30 May 2021 14:38:38 -0400 Karl <gmkarl@gmail.com> wrote:
Juan, do you know anything about the fake-looking websites that replace the normal websites of controversial projects once they get well-known?
for instance?
One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ...
that sounds like the domain registrar stole-censored the domain name, which is exactly what I expect the ICANN mafia to do.
Do you have any opinions on this?
it's business as usual?
On Sun, May 30, 2021, 2:51 PM Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Sun, 30 May 2021 14:38:38 -0400 Karl <gmkarl@gmail.com> wrote:
Juan, do you know anything about the fake-looking websites that replace the normal websites of controversial projects once they get well-known?
for instance?
I'm confused right now, no good links after my experiences, sorry. Here's a reasonable one: while i was volunteering with coal extraction resistance in west virginia some years ago, I learned that an activist effort had been lost because one of the members had portrayed the activism as illegal to authorities, and then testified to this at trial. What was unfortunate is that these activists were running a whistleblowing website, for workers and residents to leak misbehaviors of the corporation so they could be acted on and reversed, and this person who was no longet trusted by the community, stayed in charge of that website for the years going forward. Often when I ran into non-techy non-funded groups online or offline they were having serious website troubles and nobody knew how to get things onto it or change it.
One group I know lost access to their website multiple times, the old
website stayed up and google directed people to it, they had to register a new domain name ...
that sounds like the domain registrar stole-censored the domain name, which is exactly what I expect the ICANN mafia to do.
My dad used to run a domain registrar. Expiration deadlines are a big thing.
Do you have any opinions on this?
it's business as usual?
Kinda one-sided if the group's not a business I guess?
On 2021-05-31 04:38, Karl wrote:
One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ...
Could you give me the group and the domain names? git's gpg commits can in principle deal with this, but hard to use, and people are unlikely to use them. Git should check continuity the way ssh does.
On Sun, May 30, 2021, 4:38 PM <jamesd@echeque.com> wrote:
On 2021-05-31 04:38, Karl wrote:
One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ...
Could you give me the group and the domain names?
git's gpg commits can in principle deal with this, but hard to use, and people are unlikely to use them.
Git should check continuity the way ssh does.
I never learned them, that was when I was removing trojans and working around strange firmware issues and then my life took a big downturn. The things you suggest don't seem related, though? Continuity definitely needed, that's for sure. Hope you guys are well.
On Sun, May 30, 2021, 4:50 PM Karl <gmkarl@gmail.com> wrote:
On Sun, May 30, 2021, 4:38 PM <jamesd@echeque.com> wrote:
On 2021-05-31 04:38, Karl wrote:
One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ...
Could you give me the group and the domain names?
Sorry. I thought you were replying to my other reply. I was actually summarising multiple groups when I said that, but one of the ones i was thinking of was ELF. The inaccurate-looking current wikipedia article links to http://www.originalelf.com/earthlib.htm which is a totally ridiculous looking websige full of statements that look totally unrelated to anything.
Whenever you make a big project that threatens the major stuff, people come in and mess it up, put others in powerful roles, send misleading communications, adjust websites and dialogues to change public impact, spend lots of money ... It's great to change that, but it's also just what happens.
Tor's ability to leave functionality gaps hinges on its users being unable to take advantage of them easily themselves.
Further helped by Tor's not equally presenting known risks, censoring, ultimately leaving users ignorant and unto wolves. Tor client as code and tool is interesting and even useful in what it does well, but its gaps are where hungry wolves are ever more present.
But if you can go into a community and creatively lobby more effectively than the people already do so, things change.
No one who does not tow the entire party line of Tor Project, including now its wokeism which may seem to some observers to be more important to Tor Project than its code and users, can "go into" the Tor Project community and lobby for anything, because the Tor Project Incorporated and all its minions now censor all opposing, alternate, rational, etc views. If they don't like you, they will co-opt your work later, they will close all your perfectly valid enhancement tickets, they will boot you out of project areas you contribute to, and censor you off all their comms channels which used to be uncensored but became inconveniently embarra$$ing so they '"bricked them up" -- Tor Project'.
Revealing things repeatedly can also help.
Tor Project hypocritically bricked all their own supposedly free speech venues, so no revealing questions will ever be approved for posting, or answered, there anymore. However, any journalist who wanted to ask Tor Project direct pointed questions in public on camera could do so here and at similar venues in the future... https://www.rightscon.org/ June 7~11 2021 Host: Tor Project Panel: Building strategies to diversify funds: stories from organizations in the internet freedom community on developing different fundraising strategies They could also ask Tor Project why it let [or put] one of its non-executive without-access thus not-in-the-know underlings, up to dismissing and closing direct pointed FOI requests from the users for corporate documents. What are Tor pitching their funders with post Snowden, do they tell them "Tor Stinks", that it still stinks now even more against TA and that Tor wrote TA off its threat model?
Maybe by measuring changes in torrent and other transfer speeds? It's a small statistic, but once something's significant it's there to display.
Statistics, changes, bumps, waves, patterns, correlations, imparting observable perturbations... that's the general form of traffic analysis that tor is unable / unwilling to do much to defeat, and that Tor Project still disinforms its users about... " Browse Privately. Defend yourself against tracking and surveillance. DEFEND AGAINST SURVEILLANCE Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor. The network is comprised of thousands of volunteer-run servers known as Tor relays. We ... defend your privacy online ... Download Tor Browser to experience real private browsing without tracking, surveillance -- torproject.org, frontpage 2021 " " https://edwardsnowden.com/docs/doc/tor-stinks-presentation.pdf TOP SECRET // COMINT // REL FVEY We will never be able to de-anonymize all Tor users all the time. We can increase our success rate ... Expand number of nodes ... other partners ... GCHQ set up Tor nodes ... ... Tor Stinks -- NSA, presentation 2012 " Parse those and other NSA quotes very carefully. Then guess which among either Tor's defenses, or NSA et al's attacks, have ***massively*** enhanced their capabilities over the last 10 years since 2012... ProTip: Tor did not. "Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive. -- NSA" Did Tor Project Incorporated ever post or keep the NSA presentation about Tor's current weaknesses and NSA et al's future attack efforts on its frontpage for equal consideration by and benefit of all tor's users? Do Tor Project Incorporated's paylings and other minions ever say "Tor Stinks"? Consider that, and that the last one that did got excommunicated from Tor "community" and erased from public view years ago. Tor's design is static since 20+ years, there is little more Tor can do to counter TA without changing user expectations re traffic needs and or other semantics, thereby invalidating those long-held parts of its marketing, thus effectively making tor no longer tor. Tor Project has vacuumed up much of the research, $$$, and media over the last 20+ years. Allowing too much weight to accumulate and remain in one centralized place like that is a risk just like Fiat is... Cryptocurrencies, which themselves were born 10+ years after Tor Project Inc and its design were fixed in stone, should have taught you that, and to then route and decentralize around such risks into different new competing tech on par. It's long past time for the world's remaining and upcoming independent research, development, and deployment communities, to leave Tor and to work on new futures in new encrypted overlay networks. Tor is opensource, harvest from it whatever bits make sense. Or go in entirely different directions. Start those competitive projects.
You describe hungry wolves. Predators watch their entire ecosystem, making paths where they need to, to manage their prey. Those paths shift when where they are, is no longer a good idea. A rural hunter on a game trail, displaces the wolves. New paths form. Some include chickens. A blockchain vlog in a nonprofit or business making deals with a military or spy organisation, might make a lot of surprises. But a new public organisation without one, ends up making new deals with others.
participants (6)
-
grarpamp -
jamesd@echeque.com -
juan -
Karl -
Karl Semich -
Punk-BatSoup-Stasi 2.0