Well, I was confused when I posted that, but there's actually a whole padding infrastructure set up that appears configurable somewhat. https://github.com/torproject/torspec/blob/main/padding-spec.txt With some review a proposal could theoretically be made to make things constant-bandwidth for those who have the patience and bandwidth to use that. The min-max times are consensus parameters and they describe the distribution. I'm not a privacy expert, but I can compare two matrices of bandwidth usage changes, and wouldn't be able to if they weren't changing.

On Sat, 29 May 2021 06:37:45 -0400 grarpamp wrote:

I posted back then that even simple netflow analysis by cooperated ISP's, tier-1's, etc could be used to match and discover endpoints. Then Tor/MPerry rolled out this padding. It has some level of benefit against some netflow analysis under certain use cases.

translation : it's just for show and mostly useless.

As with other "Tor Stinks -- NSA", it doesn't defeat other more general powerful forms of end2end

just one sample https://en.wikipedia.org/wiki/NarusInsight "Narus is noted for having created NarusInsight, a 'supercomputer' system, whose installation in AT&T's San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T"

Tor Project sees full chaff as incompatible with their views of users needs and nodes, thus they will never implement it.

lawl - the torturds know it's 'incompatible' with the orders they get from the pentagon. No need to even pretend that their excuses are 'bona fide'.

On Sun, 30 May 2021 12:53:10 -0400 Karl Semich <0xloem@gmail.com> wrote:

Whenever you make a big project that threatens the major stuff, people come in and mess it up,

tor was created and is fully controlled by the US military. Do not spread misinformation about it. Nobody 'came in', the criminals who created tor were always there. Look up paul syverson.

Juan, do you know anything about the fake-looking websites that replace the normal websites of controversial projects once they get well-known? One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ... Do you have any opinions on this?

On Sun, May 30, 2021, 2:51 PM Punk-BatSoup-Stasi 2.0 wrote:

On Sun, 30 May 2021 14:38:38 -0400 Karl wrote:

...

Juan, do you know anything about the fake-looking websites that replace the normal websites of controversial projects once they get well-known?

for instance?

I'm confused right now, no good links after my experiences, sorry. Here's a reasonable one: while i was volunteering with coal extraction resistance in west virginia some years ago, I learned that an activist effort had been lost because one of the members had portrayed the activism as illegal to authorities, and then testified to this at trial. What was unfortunate is that these activists were running a whistleblowing website, for workers and residents to leak misbehaviors of the corporation so they could be acted on and reversed, and this person who was no longet trusted by the community, stayed in charge of that website for the years going forward. Often when I ran into non-techy non-funded groups online or offline they were having serious website troubles and nobody knew how to get things onto it or change it.

One group I know lost access to their website multiple times, the old

...

website stayed up and google directed people to it, they had to register a new domain name ...

that sounds like the domain registrar stole-censored the domain name, which is exactly what I expect the ICANN mafia to do.

My dad used to run a domain registrar. Expiration deadlines are a big thing.

...

Do you have any opinions on this?

it's business as usual?

Kinda one-sided if the group's not a business I guess?

On Sun, May 30, 2021, 4:38 PM wrote:

On 2021-05-31 04:38, Karl wrote:

...

One group I know lost access to their website multiple times, the old website stayed up and google directed people to it, they had to register a new domain name ...

Could you give me the group and the domain names?

git's gpg commits can in principle deal with this, but hard to use, and people are unlikely to use them.

Git should check continuity the way ssh does.

I never learned them, that was when I was removing trojans and working around strange firmware issues and then my life took a big downturn. The things you suggest don't seem related, though? Continuity definitely needed, that's for sure. Hope you guys are well.

Whenever you make a big project that threatens the major stuff, people come in and mess it up, put others in powerful roles, send misleading communications, adjust websites and dialogues to change public impact, spend lots of money ... It's great to change that, but it's also just what happens.

Tor's ability to leave functionality gaps hinges on its users being unable to take advantage of them easily themselves.

Further helped by Tor's not equally presenting known risks, censoring, ultimately leaving users ignorant and unto wolves. Tor client as code and tool is interesting and even useful in what it does well, but its gaps are where hungry wolves are ever more present.

But if you can go into a community and creatively lobby more effectively than the people already do so, things change.

No one who does not tow the entire party line of Tor Project, including now its wokeism which may seem to some observers to be more important to Tor Project than its code and users, can "go into" the Tor Project community and lobby for anything, because the Tor Project Incorporated and all its minions now censor all opposing, alternate, rational, etc views. If they don't like you, they will co-opt your work later, they will close all your perfectly valid enhancement tickets, they will boot you out of project areas you contribute to, and censor you off all their comms channels which used to be uncensored but became inconveniently embarra$$ing so they '"bricked them up" -- Tor Project'.

Revealing things repeatedly can also help.

Tor Project hypocritically bricked all their own supposedly free speech venues, so no revealing questions will ever be approved for posting, or answered, there anymore. However, any journalist who wanted to ask Tor Project direct pointed questions in public on camera could do so here and at similar venues in the future... https://www.rightscon.org/ June 7~11 2021 Host: Tor Project Panel: Building strategies to diversify funds: stories from organizations in the internet freedom community on developing different fundraising strategies They could also ask Tor Project why it let [or put] one of its non-executive without-access thus not-in-the-know underlings, up to dismissing and closing direct pointed FOI requests from the users for corporate documents. What are Tor pitching their funders with post Snowden, do they tell them "Tor Stinks", that it still stinks now even more against TA and that Tor wrote TA off its threat model?

Maybe by measuring changes in torrent and other transfer speeds? It's a small statistic, but once something's significant it's there to display.

Statistics, changes, bumps, waves, patterns, correlations, imparting observable perturbations... that's the general form of traffic analysis that tor is unable / unwilling to do much to defeat, and that Tor Project still disinforms its users about... " Browse Privately. Defend yourself against tracking and surveillance. DEFEND AGAINST SURVEILLANCE Tor Browser prevents someone watching your connection from knowing what websites you visit. All anyone monitoring your browsing habits can see is that you're using Tor. The network is comprised of thousands of volunteer-run servers known as Tor relays. We ... defend your privacy online ... Download Tor Browser to experience real private browsing without tracking, surveillance -- torproject.org, frontpage 2021 " " https://edwardsnowden.com/docs/doc/tor-stinks-presentation.pdf TOP SECRET // COMINT // REL FVEY We will never be able to de-anonymize all Tor users all the time. We can increase our success rate ... Expand number of nodes ... other partners ... GCHQ set up Tor nodes ... ... Tor Stinks -- NSA, presentation 2012 " Parse those and other NSA quotes very carefully. Then guess which among either Tor's defenses, or NSA et al's attacks, have ***massively*** enhanced their capabilities over the last 10 years since 2012... ProTip: Tor did not. "Critical mass of targets use Tor. Scaring them away from Tor might be counterproductive. -- NSA" Did Tor Project Incorporated ever post or keep the NSA presentation about Tor's current weaknesses and NSA et al's future attack efforts on its frontpage for equal consideration by and benefit of all tor's users? Do Tor Project Incorporated's paylings and other minions ever say "Tor Stinks"? Consider that, and that the last one that did got excommunicated from Tor "community" and erased from public view years ago. Tor's design is static since 20+ years, there is little more Tor can do to counter TA without changing user expectations re traffic needs and or other semantics, thereby invalidating those long-held parts of its marketing, thus effectively making tor no longer tor. Tor Project has vacuumed up much of the research, $$$, and media over the last 20+ years. Allowing too much weight to accumulate and remain in one centralized place like that is a risk just like Fiat is... Cryptocurrencies, which themselves were born 10+ years after Tor Project Inc and its design were fixed in stone, should have taught you that, and to then route and decentralize around such risks into different new competing tech on par. It's long past time for the world's remaining and upcoming independent research, development, and deployment communities, to leave Tor and to work on new futures in new encrypted overlay networks. Tor is opensource, harvest from it whatever bits make sense. Or go in entirely different directions. Start those competitive projects.