On Tue, 13 Oct 2020 15:01:03 -0400 Karl <gmkarl@gmail.com> wrote:
Yay, anonymity networks.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 14:32:53 -0400 Karl <gmkarl@gmail.com> wrote:
We were, actually, looking at the ABCs of Tor, or what do you mean?
I mean the facts that 1) tor is pretty useless for actual anonimity 2) tor
1) welllll it makes you completely invisible to your neighbors and your isp, and very identifiable to federal agents as having something to hide
you are always invisible to your neighbors unless your neighbors own your ISP. And you're not 'invisible' to your ISP anyway, see the 'fingerprinting' attacks on tor. So even at that level tor doesn't work as advertised.
is a cyberweapon created and controlled by the pentagon. That's the ABC of
the mobile phone is a way bigger cyberweapon than tor. agree? disagree?
agreed. Although retardphones are not advertised as 'anonymous', so somehow there's less fraud involved.
tor and you certainly WON'T learn that looking at the source code.
So, below you say
if you want to know how good tor is 'technically' wise then listen to the criminals who write the code
https://github.com/mikeperry-tor/vanguards/blob/master/README_SECURITY.md
"Tor has only basic defenses against traffic analysis at the moment."
Really, we're possibly getting at the same things. Tor froze after mike perry wrote that. It was never addressed, and they now have a policy against addressing it.
right, and that 'policy' has been in place since the day tor was created.
We could just address it. It seems like obviously the thing to do, if you're a bored computer programmer, is to steal the good parts of the tor code, remove all the parts designed to make the naive governments trackable by the sneaky governments or whatever, and replace them with something transparent that welcomes improvement, no?
and interestingly nobody has done it so far. Granted, it's not that easy.
signed mike perry - uh oh.
The information in the quote you posted is incredibly well known by tor users, as far as I understand.
The information is unknown to the vast majority of tor users, including all the tor users who use tor in 'dark markets' and end up in jail. Since day 0 tor has been fraudulently pushed as an 'anonymous' network while the tor developer mafia admited in their inner circles that their 'product' was shit. And when somebody like appelbaum stopped fully toeing the party line he became a 'rapist'. Yes, that's how crass these people are.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
The information is unknown to the vast majority of tor users, including all the tor users who use tor in 'dark markets' and end up in jail.
That's important information. You spew a lot of hard to believe extreme interpretations, do you have a link or personal story to back this up?
Looking Inside a Cyberweapon Let's continue our exploration of the insides of tor, since if we're spamming a coder list we might as well do it with code. If you can crack this cyberweapon, maybe you can turn it against invading aliens like me. ``` src]$ less app/main/main.c ``` Turns out the next file is the same as the previous file, just a different spot. In `less`, you can hit `/` and then type some words and hit enter, to move forward to where those words are in the file. Hit `n` to go to the next occurrence. To go up to the top of the file to cycle again, hit `g` So: `g` `/run_tor_main_loop` <enter> And there it is. The main loop of tor. ``` int run_tor_main_loop(void) { handle_signals(); timers_initialize(); initialize_mainloop_events(); ``` No comments here. Different. Three more initialization calls, but since they sound like smaller concepts being initialized than before. ``` /* load the private keys, if we're supposed to have them, and set up the * TLS context. */ if (! client_identity_key_is_set()) { if (init_keys() < 0) { log_err(LD_OR, "Error initializing keys; exiting"); return -1; } } ``` Okay, it seems like tor has a client identity key, which makes a ton of sense. These calls to `client_identitiy_key_is_set` and `init_keys` imply that tor stores its state in static global data. This means a single tor process can't run two tor nodes. It's easy to change but involves slightly altering words throughout the entire source. Meanwhile, functions are quicker to type this way, because you don't need to tell them which node they're working with. I'm now wondering where and how the running tor state is stored, and I could maybe visit `client_identity_key_is_set` or `init_keys` to start learning that. ``` /* Set up our buckets */ connection_bucket_init(); ``` The word 'bucket' is often used to represent a chunk of objects (objects are basically computer thoughts), grouped together to find and store them easily, often in a list. There's a certain kind of list called an array or a vector, that is stored as a big long line of data, all in a row, inside the computer. So when people with beards talk about arrays or vectors, they mean that the list is organized in an ordered line, inside the computer. When you just say 'list' it doesn't necessarily mean this. I imagine buckets as being part of an array or vector, but I don't really know. ``` /* initialize the bootstrap status events to know we're starting up */ control_event_bootstrap(BOOTSTRAP_STATUS_STARTING, 0); ``` Maybe this is referencing the control protocol of Tor, a server it runs that other programs can connect to control it, if you authorize them. ``` /* Initialize the keypinning log. */ if (authdir_mode_v3(get_options())) { char *fname = get_datadir_fname("key-pinning-journal"); int r = 0; if (keypin_load_journal(fname)<0) { log_err(LD_DIR, "Error loading key-pinning journal: %s",strerror(errno)); r = -1; } if (keypin_open_journal(fname)<0) { log_err(LD_DIR, "Error opening key-pinning journal: %s",strerror(errno)); r = -1; } tor_free(fname); if (r) return r; } { /* This is the old name for key-pinning-journal. These got corrupted * in a couple of cases by #16530, so we started over. See #16580 for * the rationale and for other options we didn't take. We can remove * this code once all the authorities that ran 0.2.7.1-alpha-dev are * upgraded. */ char *fname = get_datadir_fname("key-pinning-entries"); unlink(fname); tor_free(fname); } ``` Key-pinning often means a way to store what the identities of things are, so as to reject them if they change. Don't know for sure. ``` if (trusted_dirs_reload_certs()) { log_warn(LD_DIR, "Couldn't load all cached v3 certificates. Starting anyway."); } ``` Ouch! Nobody will ever see this warning. It likely relates to knowing you are connecting to the nodes that you think you are. It looks unlikely. ``` if (router_reload_consensus_networkstatus()) { return -1; } /* load the routers file, or assign the defaults. */ if (router_reload_router_list()) { return -1; } ``` I wonder if it's connecting to nodes on the internet yet. I'm curious what `router_reload_consensus_networkstatus` does. ``` /* load the networkstatuses. (This launches a download for new routers as * appropriate.) */ const time_t now = time(NULL); directory_info_has_arrived(now, 1, 0); ``` This sounds pretty important. Better check what `directory_info_has_arrived` does. ``` if (server_mode(get_options()) || dir_server_mode(get_options())) { /* launch cpuworkers. Need to do this *after* we've read the onion key. */ cpu_init(); } consdiffmgr_enable_background_compression(); /* Setup shared random protocol subsystem. */ if (authdir_mode_v3(get_options())) { if (sr_init(1) < 0) { return -1; } } ``` We can confirm with "launch cpuworkers" and `background_compression` that it's using multiple threads now. It's apparently now already loaded an 'onion key'. ``` /* initialize dns resolve map, spawn workers if needed */ if (dns_init() < 0) { if (get_options()->ServerDNSAllowBrokenConfig) log_warn(LD_GENERAL, "Couldn't set up any working nameservers. " "Network not up yet? Will try again soon."); else { log_err(LD_GENERAL,"Error initializing dns subsystem; exiting. To " "retry instead, set the ServerDNSAllowBrokenResolvConf option."); } } ``` This doesn't look that interesting; I think tor keeps an internal mapping of dns names. ``` #ifdef HAVE_SYSTEMD { const int r = sd_notify(0, "READY=1"); if (r < 0) { log_warn(LD_GENERAL, "Unable to send readiness to systemd: %s", strerror(r)); } else if (r > 0) { log_notice(LD_GENERAL, "Signaled readiness to systemd"); } else { log_info(LD_GENERAL, "Systemd NOTIFY_SOCKET not present."); } } #endif /* defined(HAVE_SYSTEMD) */ ``` I'm thinking I can totally ignore this since many valid systems don't have systemd. ``` return do_main_loop(); } ``` Here we get handed off to yet another main loop. Familiar! ``` src]$ grep -r do_main_loop\( . ./app/main/main.c: return do_main_loop(); ./core/mainloop/mainloop.c:do_main_loop(void) ``` ``` $ grep -r directory_info_has_arrived\( . ./app/main/main.c: directory_info_has_arrived(now, 1, 0); ./core/mainloop/mainloop.c:directory_info_has_arrived(time_t now, int from_cache, int suppress_logs) ``` Looks like `core/mainloop/mainloop.c` is the next place to go.
On Tue, 13 Oct 2020 15:39:34 -0400 Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
The information is unknown to the vast majority of tor users, including all the tor users who use tor in 'dark markets' and end up in jail.
That's important information. You spew a lot of hard to believe extreme interpretations, do you have a link or personal story to back this up?
if people knew that tor is a scam they wouldn't use it. That's my 'interpretation'. I guess your 'interpretation' is that everybody knows that tor is shit and they still use it? Because they like to die in jail for selling drugs, like ross ulbricht? also, majority of people know little about computers, let alone a highly specialized topic like 'anonymity networks'. Last but not least, sounds as if you never talked to any tor pusher? This list had/has a few of them... anyway, if you want to make something that actually works, don't bother with tor's source but start with the 'conceptual' design. Notice that one of tor's core 'features' is a handful of 'directory authorities' (owned by the pentagon of course) - but even if the handful of servers that control the network would not be owned by the enemy, they would still be problematic.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 15:39:34 -0400 Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
The information is unknown to the vast majority of tor users, including all the tor users who use tor in 'dark markets' and end up in jail.
That's important information. You spew a lot of hard to believe extreme interpretations, do you have a link or personal story to back this up?
if people knew that tor is a scam they wouldn't use it. That's my 'interpretation'. I guess your 'interpretation' is that everybody knows that tor is shit and they still use it? Because they like to die in jail for selling drugs, like ross ulbricht?
also, majority of people know little about computers, let alone a highly specialized topic like 'anonymity networks'. Last but not least, sounds as if you never talked to any tor pusher? This list had/has a few of them...
punk, it's not helpful to tell people not to use tor. tor _increases their anonymity_. it _is_ helpful to make sure they know they are _still not fully anonymous_ using it. We want people using tor, and understanding that they are still not anonymous. The increased anonymity reduces the random harm, and increases the flow of free information.
anyway, if you want to make something that actually works, don't bother with tor's source but start with the 'conceptual' design. Notice that one of tor's core 'features' is a handful of 'directory authorities' (owned by the pentagon of course) - but even if the handful of servers that control the network would not be owned by the enemy, they would still be problematic.
Do you assume that 'feature' can't be pulled out? last i looked it was more educational institutions than the pentagon, dunno.
I'm burning out a bit so I want to add, Please if you have better ideas of what _to_ do, suggest them. Haven't read any proposals yet. On 10/13/20, Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 15:39:34 -0400 Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
The information is unknown to the vast majority of tor users, including all the tor users who use tor in 'dark markets' and end up in jail.
That's important information. You spew a lot of hard to believe extreme interpretations, do you have a link or personal story to back this up?
if people knew that tor is a scam they wouldn't use it. That's my 'interpretation'. I guess your 'interpretation' is that everybody knows that tor is shit and they still use it? Because they like to die in jail for selling drugs, like ross ulbricht?
also, majority of people know little about computers, let alone a highly specialized topic like 'anonymity networks'. Last but not least, sounds as if you never talked to any tor pusher? This list had/has a few of them...
punk, it's not helpful to tell people not to use tor. tor _increases their anonymity_. it _is_ helpful to make sure they know they are _still not fully anonymous_ using it. We want people using tor, and understanding that they are still not anonymous. The increased anonymity reduces the random harm, and increases the flow of free information.
anyway, if you want to make something that actually works, don't bother with tor's source but start with the 'conceptual' design. Notice that one of tor's core 'features' is a handful of 'directory authorities' (owned by the pentagon of course) - but even if the handful of servers that control the network would not be owned by the enemy, they would still be problematic.
Do you assume that 'feature' can't be pulled out? last i looked it was more educational institutions than the pentagon, dunno.
On Tue, 13 Oct 2020 16:12:58 -0400 Karl <gmkarl@gmail.com> wrote:
I'm burning out a bit so I want to add,
Please if you have better ideas of what _to_ do, suggest them. Haven't read any proposals yet.
I'm proposing that you, like the trumpofascists, stop posting garbage. How about that? It's a pretty good proposal.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 16:12:58 -0400 Karl <gmkarl@gmail.com> wrote:
I'm burning out a bit so I want to add,
Please if you have better ideas of what _to_ do, suggest them. Haven't read any proposals yet.
I'm proposing that you, like the trumpofascists, stop posting garbage. How about that? It's a pretty good proposal.
This is a good idea, but is still what not to do, not what to actually do.
Karl wrote:
I'm burning out a bit so I want to add,
Please if you have better ideas of what _to_ do, suggest them. Haven't read any proposals yet.
An alternative to Tor could be the Nym Network, once in production. The Nym team is a good team and have well known researchers in the field of anonymity. At least it is a project worth to follow, IMHO. I do run a mix-node there myself and plan, once a bug issue is fixed, to run an additional SphinxSocks Proxy server. https://nymtech.net/ Regards and good night, Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On Tuesday, October 13, 2020, 03:13:30 PM PDT, Stefan Claas <sac@300baud.de> wrote: Karl wrote:
I'm burning out a bit so I want to add, Please if you have better ideas of what _to_ do, suggest them. Haven't read any proposals yet.
An alternative to Tor could be the Nym Network, once in production.
The Nym team is a good team and have well known researchers in the field of anonymity.
At least it is a project worth to follow, IMHO. I do run a mix-node there myself and plan, once a bug issue is fixed, to run an additional SphinxSocks Proxy server.
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new: 1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data. And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network. 2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR) 3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data. 4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical. Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative. Jim Bell -
jim bell wrote: [...]
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data.
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
Jim Bell
Thanks for your reply! Using a Raspberry Pi is always a good idea, because it is affordable for most of us. And did you received good feedback for your proposal? Other Networks, besides Mix-Networks and which are censor resistant and offer anonymity too are Bitmessage, which could be seen as alternative to email and Usenet and ZeroNet, which could act as additional WWW services. Both are easy to use and one only needs to install the clients. Can be coupled with Tor too. i2p so it seems has not so much users (anymore) if I am not mistaken. https://wiki.bitmessage.org// https://zeronet.io/ Regards Stefan -- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On 10/14/20, Stefan Claas <sac@300baud.de> wrote:
jim bell wrote:
[...]
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data.
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
Jim Bell
Thanks for your reply!
Myself, I'm not quite sure where to think here next. It seems like you guys are moving the thoughts forward. My conceptual contribution is that forking an existing project is easier than starting a new one. If Jim is hardware-only, he might be unaware how easy it is to pull out and replace conceptual parts of something that already exists, in software. The tor project, for example, has a lot of followers, so I bet if you added chaff you could spread news of your fork and lots of people would use it and help it grow.
Using a Raspberry Pi is always a good idea, because it is affordable for most of us.
And did you received good feedback for your proposal?
I wouldn't wait for this myself.
Other Networks, besides Mix-Networks and which are censor resistant and offer anonymity too are Bitmessage, which could be seen as alternative to email
re bitmessage, which appears a great reliable message delivery system, it's pretty clear there isn't any real anonymity if you look at the protocol, but it's easy to add a layer of it with something else.
and Usenet and ZeroNet, which could act as additional WWW services. Both are
y'know i'm a little new to usenet. i flipped through the wikipedia article and its properties of universal broadcast and storage sound a little similar to those of a blockchain; i bet it would be intuitive to add the fault tolerance of a blockchain.
easy to use and one only needs to install the clients. Can be coupled with Tor too.
i2p so it seems has not so much users (anymore) if I am not mistaken.
https://wiki.bitmessage.org// https://zeronet.io/
Regards Stefan
-- NaClbox: cc5c5f846c661343745772156a7751a5eb34d3e83d84b7d6884e507e105fd675 The computer helps us to solve problems, we did not have without him.
On 14/10/2020 18:22, jim bell wrote:
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data.
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
The problem is that a reliable cheap anonymising network for low-latency traffic like web traffic is basically impossible. Tor is about as good as we can get. When I was designing m-o-o-t I didn't include any web anonymiser for that reason. The problem is traffic volume and latency. If we want low-latency web traffic - nowadays [1] that's less than 4 seconds - we can't include fixed file sizes with realistic constraints on traffic. To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud. Ouch.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
Like fixed file sizes - essential for anonymity - chaff and covertraffic takes too much traffic, see above.
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
That doesn't work - the users want to connect to any web server somewhere. You could enforce eg TLS but even that does not hide file sizes..
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
That's OK if you are doing development, but not for production - unless the users decide the routing, as in eg Mixmaster. But you can't (or shouldn't) use an anonymiser if you don't know whether it is going to work!
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
I was at some of the early meetings when Roger Dingledene, Paul Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others were talking about a web anonymiser, which later became Tor. Other people at those meetings included many if not most of the top anonymity researchers, and some of the top cryptographers, in the world at that time. Tor was not conceived as is was by accident or in ignorance [2], many people (including myself) thought it was about the best that could be done. Roger's thought was that TOR would make mass surveillance difficult and it would be worth doing for that reason, even though it wouldn't prevent targeted attacks by major adversaries. At a set of meetings the next year Roger had gotten some funding, iirc from the US Navy, and Nick had started work on coding. I bowed out almost immediately, Len and Lucky bowed out after a while, because we knew it couldn't be done securely on the user level. After that I pretty much lost interest, though I did keep an eye on the project. The problem is that it's a super Zooko's triangle - you simply can't get reliably anonymous, low-latency and cheap anonymous web traffic. You probably can't even get reliably anonymous and low-latency, at any price. Peter Fairbrother [1] Acceptable low latencies vary according to use and user expectations - fifteen years ago people would wait 20 seconds or more for a web page to load, nowadays they lose interest at 4 seconds. Actually maybe less now, that figure is several years old. And for interactive speech or video latencies should be subsecond. [2] or with evil intent, at least from Roger and Nick. I don't think Paul had any evil intent either, but he was USN and is therefore suspect. It's like my friend from GCHQ - we are friends and we were sort-of colleagues until I retired, but it's a bit like having a policeman live next door - even when you have done no wrong you are always aware that he is a policeman. One curiousity, the .onion part of the TOR infrastructure was largely driven by Paul.
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 14/10/2020 18:22, jim bell wrote:
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data .
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
The problem is that a reliable cheap anonymising network for low-latency traffic like web traffic is basically impossible.
Tor is about as good as we can get. When I was designing m-o-o-t I didn't include any web anonymiser for that reason.
The problem is traffic volume and latency. If we want low-latency web traffic - nowadays [1] that's less than 4 seconds - we can't include fixed file sizes with realistic constraints on traffic.
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
Ouch.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
Like fixed file sizes - essential for anonymity - chaff and covertraffic takes too much traffic, see above.
I don't see how what you said above is related to whether the data is real or decoy. Obviously you would keep the sum of the two constant.
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
That doesn't work - the users want to connect to any web server somewhere. You could enforce eg TLS but even that does not hide file sizes..
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
That's OK if you are doing development, but not for production - unless the users decide the routing, as in eg Mixmaster. But you can't (or shouldn't) use an anonymiser if you don't know whether it is going to work!
Seems reasonable to make this pluggable. Final use would need all users to look the same, and no exits have a predictable source.
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
Seems to me the smaller it is to build the more likely it is to reach completion and use.
I was at some of the early meetings when Roger Dingledene, Paul Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others were talking about a web anonymiser, which later became Tor.
Other people at those meetings included many if not most of the top anonymity researchers, and some of the top cryptographers, in the world at that time. Tor was not conceived as is was by accident or in ignorance [2], many people (including myself) thought it was about the best that could be done.
Roger's thought was that TOR would make mass surveillance difficult and it would be worth doing for that reason, even though it wouldn't prevent targeted attacks by major adversaries. At a set of meetings the next year Roger had gotten some funding, iirc from the US Navy, and Nick had started work on coding.
I bowed out almost immediately, Len and Lucky bowed out after a while, because we knew it couldn't be done securely on the user level.
After that I pretty much lost interest, though I did keep an eye on the project.
The problem is that it's a super Zooko's triangle - you simply can't get reliably anonymous, low-latency and cheap anonymous web traffic.
You probably can't even get reliably anonymous and low-latency, at any price.
Peter Fairbrother
[1] Acceptable low latencies vary according to use and user expectations - fifteen years ago people would wait 20 seconds or more for a web page to load, nowadays they lose interest at 4 seconds. Actually maybe less now, that figure is several years old. And for interactive speech or video latencies should be subsecond.
[2] or with evil intent, at least from Roger and Nick.
I don't think Paul had any evil intent either, but he was USN and is therefore suspect. It's like my friend from GCHQ - we are friends and we were sort-of colleagues until I retired, but it's a bit like having a policeman live next door - even when you have done no wrong you are always aware that he is a policeman.
My gut is that evil intent is pretty rare in a group of like-minded people putting work in. It's more likely people are acting on differing information or experiences, or can't escape something difficult.
One curiousity, the .onion part of the TOR infrastructure was largely driven by Paul.
On Wed, Oct 14, 2020, 6:59 PM Karl <gmkarl@gmail.com> wrote:
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 14/10/2020 18:22, jim bell wrote:
Last year, I tried to start a discussion to implement a new anonymity router network, perhaps using the Raspberry Pi computers. I got a quote for 500 Raspberry Pi's, at $70 each. I included a few ideas, some old, some new:
1. Routers could be anywhere, but would include homes and small businesses. Anyone who has an Internet service with an adequately-large data cap. (Recently, I saw that CenturyLink had removed the data cap from some of its internet services. especially fiber. https://www.highspeedinternet.com/resources/which-internet-service-providers-have-data-caps#:~:text=CenturyLink%20has%20a%201%20TB,you'll%20enjoy%20unlimited%20data .
And their data caps, where they still exist, are 1 terabyte/month, which I think would be plenty for an anonymity network.
The problem is that a reliable cheap anonymising network for low-latency traffic like web traffic is basically impossible.
Tor is about as good as we can get. When I was designing m-o-o-t I didn't include any web anonymiser for that reason.
The problem is traffic volume and latency. If we want low-latency web traffic - nowadays [1] that's less than 4 seconds - we can't include fixed file sizes with realistic constraints on traffic.
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
Well, I see what I did wrong there now, but Peter, 1TB per user is only a 3 Mbps connection (right?). Shouldn't the bandwidth just divide by the number of hops?
Ouch.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
Like fixed file sizes - essential for anonymity - chaff and covertraffic takes too much traffic, see above.
I don't see how what you said above is related to whether the data is real or decoy. Obviously you would keep the sum of the two constant.
3. "Output nodes" would output only in encrypted form, so that people generally could not get in trouble for acting as an output node: Their output could be monitored, but not understood as to its content, since it would look like random data.
That doesn't work - the users want to connect to any web server somewhere. You could enforce eg TLS but even that does not hide file sizes..
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
4. I also thought of an idea that such a network should implement multiple algorithms for networking, simultaneously, limited only by people's imaginations: People frequently talk about new ideas for anonymity networks, but how might they try them out in practice? If an anonymity network is fated to have ONLY ONE routing method, then all new such methods cannot be easily developed: You'd have to physically build a new network, along with all such associated costs, for each new routing method. That's completely illogical.
Should there be any limit to the number of kinds of routing done? It's all software. One advantage of this feature is that all these different routing algorithms are mixed together, such it should be harder to
That's OK if you are doing development, but not for production - unless the users decide the routing, as in eg Mixmaster. But you can't (or shouldn't) use an anonymiser if you don't know whether it is going to work!
Seems reasonable to make this pluggable. Final use would need all users to look the same, and no exits have a predictable source.
TOR is doubted for many good reasons, but if it is generally agreed that some form of anonymizing network is needed, then people should be willing to work to provide an alternative.
Seems to me the smaller it is to build the more likely it is to reach completion and use.
I was at some of the early meetings when Roger Dingledene, Paul Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others were talking about a web anonymiser, which later became Tor.
Other people at those meetings included many if not most of the top anonymity researchers, and some of the top cryptographers, in the world at that time. Tor was not conceived as is was by accident or in ignorance [2], many people (including myself) thought it was about the best that could be done.
Roger's thought was that TOR would make mass surveillance difficult and it would be worth doing for that reason, even though it wouldn't prevent targeted attacks by major adversaries. At a set of meetings the next year Roger had gotten some funding, iirc from the US Navy, and Nick had started work on coding.
I bowed out almost immediately, Len and Lucky bowed out after a while, because we knew it couldn't be done securely on the user level.
After that I pretty much lost interest, though I did keep an eye on the project.
The problem is that it's a super Zooko's triangle - you simply can't get reliably anonymous, low-latency and cheap anonymous web traffic.
You probably can't even get reliably anonymous and low-latency, at any price.
Peter Fairbrother
[1] Acceptable low latencies vary according to use and user expectations - fifteen years ago people would wait 20 seconds or more for a web page to load, nowadays they lose interest at 4 seconds. Actually maybe less now, that figure is several years old. And for interactive speech or video latencies should be subsecond.
[2] or with evil intent, at least from Roger and Nick.
I don't think Paul had any evil intent either, but he was USN and is therefore suspect. It's like my friend from GCHQ - we are friends and we were sort-of colleagues until I retired, but it's a bit like having a policeman live next door - even when you have done no wrong you are always aware that he is a policeman.
My gut is that evil intent is pretty rare in a group of like-minded people putting work in. It's more likely people are acting on differing information or experiences, or can't escape something difficult.
One curiousity, the .onion part of the TOR infrastructure was largely driven by Paul.
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 14/10/2020 18:22, jim bell wrote:
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud
Let's say each user has 500Mbps up and down. I usually break out a shell interpreter like python and type things in to get them exact. A single user transfers 150 TB a month with 500 Mbps.
500*1024**2 / 8 * 60 * 60 * 24 * 30 / 1024**4 154.4952392578125
So a million users would be a _million_ times that. Each taking three hops is a pretty small factor, still beyond petabytes of transfer ... what error have I made?
On 14/10/2020 23:59, Karl wrote:
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote:
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user traffic to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
There are 500 raspberry pi's, each on the end of a 1TB/month link. That's 500 TB/month total traffic, but dividing by 3 we get approximately 150 TB/month user traffic. With a million users at any time that's 150TB user traffic per month: divided by 1 million users that's 150MB per user per month. As they are concurrent users (the total number of users is higher, but at any time 1 million users are using the service) that is 150 million bytes per month per user divided by 2,592,000 seconds per month, which is 58 bytes per second per user or 463.32 baud. Looked at another way, if people always used an anonymity service the hops would multiply their traffic by say 5 times (3 times as in TOR is not enough). Covertraffic and file size padding traffic would at least double that, so we would need at least 10 times the normal traffic the users created. And you ned a lot of traffic through your anonymisation network to get decent anonymity, you need a large anonymity set. Web traffic is expensive - making it at least ten times more expensive is not on, especially if nine tenths of it has to be paid for by someone else. That's not counting the servers etc - getting a pi to handle 386 kB/s [1] of anonymity traffic is not trivial, I don't even think it is possible. [...]
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
A good proportion of TOR traffic will be protected by TLS anyway, especially those sites which you might not want other people to know you are accessing. Visible file sizes are the main anonymity weakness in TOR. If you suspect someone you compare the file sizes of the traffic through their system with traffic through the exit nodes. In the UK at least it is legally fairly easy for the cops to demand that info (and most ISPs are legally required to obtain and store that data anyway) - getting everyone's traffic info where the cops have no suspect is a little harder, but not impossible. Of course the ordinary cops don't use that power, and the people who do use it don't want it known that they can do it, so you will find that they make up stories about reused passwords and the like being the source of their information. Peter Fairbrother [1] 1TB/month divided by 2,592,000s/month
On Wed, Oct 14, 2020, 10:48 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 14/10/2020 23:59, Karl wrote:
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote:
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user
traffic
to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
There are 500 raspberry pi's, each on the end of a 1TB/month link. That's 500 TB/month total traffic, but dividing by 3 we get approximately 150 TB/month user traffic.
How about more routers if there are more users?
With a million users at any time that's 150TB user traffic per month: divided by 1 million users that's 150MB per user per month.
As they are concurrent users (the total number of users is higher, but at any time 1 million users are using the service) that is 150 million bytes per month per user divided by 2,592,000 seconds per month, which is 58 bytes per second per user or 463.32 baud.
Looked at another way, if people always used an anonymity service the hops would multiply their traffic by say 5 times (3 times as in TOR is not enough). Covertraffic and file size
I'm curious why you believe it to be not enough (two seems good enough to my quick guesses if traffic is constant, but I can't think worth beans); I'm happy to look at a reference. padding traffic would at least
double that, so we would need at least 10 times the normal traffic the users created.
I propose constant rate: cover traffic reduces as legitimate traffic increases. Would this work, do you think?
And you ned a lot of traffic through your anonymisation network to get decent anonymity, you need a large anonymity set.
Web traffic is expensive - making it at least ten times more expensive is not on, especially if nine tenths of it has to be paid for by someone else.
That's not counting the servers etc - getting a pi to handle 386 kB/s [1] of anonymity traffic is not trivial, I don't even think it is possible.
Mmm might need good bare metal algorithms. Easier to use the client device which has more CPU.
[...]
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
A good proportion of TOR traffic will be protected by TLS anyway, especially those sites which you might not want other people to know you are accessing.
Visible file sizes are the main anonymity weakness in TOR.
If you suspect someone you compare the file sizes of the traffic through their system with traffic through the exit nodes.
Wouldn't using chaff to make your transfer rate relatively constant close almost all of this anonymity attack surface?
In the UK at least it is legally fairly easy for the cops to demand that info (and most ISPs are legally required to obtain and store that data anyway) - getting everyone's traffic info where the cops have no suspect is a little harder, but not impossible.
Of course the ordinary cops don't use that power, and the people who do use it don't want it known that they can do it, so you will find that they make up stories about reused passwords and the like being the source of their information.
Peter Fairbrother
[1] 1TB/month divided by 2,592,000s/month
On Wed, Oct 14, 2020, 11:03 PM Karl <gmkarl@gmail.com> wrote:
On Wed, Oct 14, 2020, 10:48 PM Peter Fairbrother <peter@tsto.co.uk> wrote:
On 14/10/2020 23:59, Karl wrote:
On Wed, Oct 14, 2020, 6:34 PM Peter Fairbrother wrote:
To put some BOTE numbers on that, suppose you want to provide for 1 million concurrent users. You have about 150 TB per month user
traffic
to play with (500 x 1TB, ~3 hops), 150 MB per month per user, or 450 Baud.
Could you explain your math here? How did 500TB/3 (am I wrong?) become 150MB?
There are 500 raspberry pi's, each on the end of a 1TB/month link. That's 500 TB/month total traffic, but dividing by 3 we get approximately 150 TB/month user traffic.
How about more routers if there are more users?
With a million users at any time that's 150TB user traffic per month: divided by 1 million users that's 150MB per user per month.
As they are concurrent users (the total number of users is higher, but at any time 1 million users are using the service) that is 150 million bytes per month per user divided by 2,592,000 seconds per month, which is 58 bytes per second per user or 463.32 baud.
Looked at another way, if people always used an anonymity service the hops would multiply their traffic by say 5 times (3 times as in TOR is not enough). Covertraffic and file size
I'm curious why you believe it to be not enough (two seems good enough to my quick guesses if traffic is constant, but I can't think worth beans); I'm happy to look at a reference.
I thought about this a bit, realised some strong danger of only two hops, and realised that more hops are needed if an adversary is running many nodes. Brings ideas of blockchains, trust metrics, friend-to-friend networks. Bandwidth is /5.
padding traffic would at least
double that, so we would need at least 10 times the normal traffic the users created.
I propose constant rate: cover traffic reduces as legitimate traffic increases. Would this work, do you think?
And you ned a lot of traffic through your anonymisation network to get decent anonymity, you need a large anonymity set.
Web traffic is expensive - making it at least ten times more expensive is not on, especially if nine tenths of it has to be paid for by someone else.
That's not counting the servers etc - getting a pi to handle 386 kB/s [1] of anonymity traffic is not trivial, I don't even think it is possible.
Mmm might need good bare metal algorithms. Easier to use the client device which has more CPU.
[...]
Enforcing TLS is much more reasonable nowadays. (You could add a plugin to use http tricks to hide file sizes.). Not what I would focus on once it gets nonsimple.
A good proportion of TOR traffic will be protected by TLS anyway, especially those sites which you might not want other people to know you are accessing.
Visible file sizes are the main anonymity weakness in TOR.
If you suspect someone you compare the file sizes of the traffic through their system with traffic through the exit nodes.
Wouldn't using chaff to make your transfer rate relatively constant close almost all of this anonymity attack surface?
In the UK at least it is legally fairly easy for the cops to demand that info (and most ISPs are legally required to obtain and store that data anyway) - getting everyone's traffic info where the cops have no suspect is a little harder, but not impossible.
Of course the ordinary cops don't use that power, and the people who do use it don't want it known that they can do it, so you will find that they make up stories about reused passwords and the like being the source of their information.
Peter Fairbrother
[1] 1TB/month divided by 2,592,000s/month
On Wed, 14 Oct 2020 23:33:35 +0100 Peter Fairbrother <peter@tsto.co.uk> wrote:
Tor is about as good as we can get.
textbook case of a tor propaganda bot and government agent. As a matter of fact, EVERYTHING the big brother cunt has ever written on this list is cookie-cut propaganda.
The problem is traffic volume and latency. If we want low-latency web traffic - nowadays [1] that's less than 4 seconds
'we' don't want 'low-latency' 'web traffic'.
2. Extensive chaff. (which, of course, is an old idea, strangely it's not yet implemented in TOR)
Like fixed file sizes - essential for anonymity - chaff and covertraffic takes too much traffic, see above.
there's nothing to see above. 'too much traffic' is just idiotic handwaving.
I was at some of the early meetings when Roger Dingledene, Paul Syverson, Lucky Green, Nick Matthewson, Len Sassaman, myself and others were talking about a web anonymiser, which later became Tor.
so who the fuck are you mr big brother? You're bragging about being part of the 'team' of US military scum responsible for the tor scam. You being an english cunt means you were the GCHQ 'representative', we can assume?
Other people at those meetings included many if not most of the top anonymity researchers, and some of the top cryptographers, in the world at that time. Tor was not conceived as is was by accident or in ignorance
of course not. Tor is a 'well designed' piece of malware. It has the 'right' features to serve the scumbags who 'designed'.
[2], many people (including myself) thought it was about the best that could be done.
hilarious. A bunch of US military scum bragging how they are the best 'researchers' on the universe and how their piece-of-shit malware is 'perfect'. I guess you never looked at the long list of tor's 'bugs' and exploits either.
[2] or with evil intent, at least from Roger and Nick.
I don't think Paul had any evil intent either, but he was USN and is therefore suspect.
ah yes, the boss is the only one who is 'suspect'. Guess what, all members of the tor mafia are evil pieces of shit on the payroll of the US military. Evil intent is their whole 'philosophy'.
It's like my friend from GCHQ - we are friends and we were sort-of colleagues until I retired
yes your 'friend' from GCHQ....
Roger's thought was that TOR would make mass surveillance difficult
except, that's a complete and fucking lie. Anyway, as I said, this fine list has a few torbots and the big brother cunt is a high ranking one.
On 15/10/2020 00:30, Punk-BatSoup-Stasi 2.0 wrote:
On Wed, 14 Oct 2020 23:33:35 +0100 Peter Fairbrother <peter@tsto.co.uk> wrote:
You're bragging about being part of the 'team' of US military scum responsible for the tor scam. You being an english cunt means you were the GCHQ 'representative', we can assume? I was not a part of the TOR team. I declined to join because I believed (and still believe) it couldn't work. I might brag about declining, if I felt I needed to brag. There was only one military or TLA person on the initial team, Paul Syverson, who had invented onion routing. I am not English. Peter Fairbrother
On Thu, 15 Oct 2020 03:48:50 +0100 Peter Fairbrother <peter@tsto.co.uk> wrote:
I was not a part of the TOR team. I declined to join because I believed (and still believe) it couldn't work.
and you also claimed "Tor is about as good as we can get." So 'we' can get as 'good' as...something that doesn't work? You certainly don't need a 'team' of the 'best experts on the world' bla bla to build something that just doesn't work eh?
I might brag about declining, if I felt I needed to brag.
There was only one military or TLA person on the initial team, Paul Syverson, who had invented onion routing.
I am not English.
well your surname looks rather english, and you said your father was a friend of george orwell's - which of course could have been a complete lie - but whatever.
Peter Fairbrother
On Tue, 13 Oct 2020 16:11:18 -0400 Karl <gmkarl@gmail.com> wrote:
punk, it's not helpful to tell people not to use tor.
of course it is. Tor is garbage and it has to go.
tor _increases their anonymity_.
you don't know that. At best tor gives some deniability.
it _is_ helpful to make sure they know they are _still not fully anonymous_ using it.
that's right, people should know that they can't 'trust' tor. And so why use something you can't 'trust'?
We want people using tor, and understanding that they are still not anonymous.
no 'we' don't want people using tor. Unless by 'we' you mean US govcorp.
The increased anonymity reduces the random harm, and increases the flow of free information.
you're ignoring the harm that tor causes.
anyway, if you want to make something that actually works, don't bother with tor's source but start with the 'conceptual' design. Notice that one of tor's core 'features' is a handful of 'directory authorities' (owned by the pentagon of course) - but even if the handful of servers that control the network would not be owned by the enemy, they would still be problematic.
Do you assume that 'feature' can't be pulled out? last i looked it was more educational institutions than the pentagon, dunno.
The 'directory authorities' work for the US military. You can call them 'educational institutions' or sausages or anything else. Their name doesn't change their nature.
You say the same things over and over without dialogue way more clearly than others do. I don't get it at all. Anything else I should know? On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 16:11:18 -0400 Karl <gmkarl@gmail.com> wrote:
punk, it's not helpful to tell people not to use tor.
of course it is. Tor is garbage and it has to go.
tor _increases their anonymity_.
you don't know that. At best tor gives some deniability.
it _is_ helpful to make sure they know they are _still not fully anonymous_ using it.
that's right, people should know that they can't 'trust' tor. And so why use something you can't 'trust'?
We want people using tor, and understanding that they are still not anonymous.
no 'we' don't want people using tor. Unless by 'we' you mean US govcorp.
The increased anonymity reduces the random harm, and increases the flow of free information.
you're ignoring the harm that tor causes.
anyway, if you want to make something that actually works, don't bother with tor's source but start with the 'conceptual' design. Notice that one of tor's core 'features' is a handful of 'directory authorities' (owned by the pentagon of course) - but even if the handful of servers that control the network would not be owned by the enemy, they would still be problematic.
Do you assume that 'feature' can't be pulled out? last i looked it was more educational institutions than the pentagon, dunno.
The 'directory authorities' work for the US military. You can call them 'educational institutions' or sausages or anything else. Their name doesn't change their nature.
On Tue, 13 Oct 2020 16:27:09 -0400 Karl <gmkarl@gmail.com> wrote:
You say the same things over and over
yes, and people keep ignoring them. Not my fault.
without dialogue way more clearly than others do.
Not sure what you mean. Are you 'accusing' me of 'clearly' not using 'dialogue'? The problem again is the people who can't argue their way out of a paper bag. They fail at giving any meaningful response so they fail at 'dialogue'.
I don't get it at all. Anything else I should know?
I don't know. That's for you to figure out.
I'm proposing that you, like the trumpofascists, stop posting garbage. How about that? It's a pretty good proposal.
This is a good idea, but is still what not to do, not what to actually do.
Not posting garbage is a better course of action. It IS something to do. Choosing not to post garbage IS an action. Anyway, if you want something else to do, then figure out what a p2p network that uses fill traffick would look like. See what kind of feedback you get from the rest of the list....if you get any at all.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 16:27:09 -0400 Karl <gmkarl@gmail.com> wrote: Anyway, if you want something else to do, then figure out what a p2p network that uses fill traffick would look like. See what kind of feedback you get from the rest of the list....if you get any at all.
I'm more interested in actually starting work. There's a ton of research and talk about it. If you want a start for an idea, how about an onion-router like tor, except each link has a set constant transfer rate. If you want more bandwidth, open another link to the same node, and spread bytes between them. There's going to be some issue, and the plan could be adjusted to accommodate the issue. It's most important to build it at this point.
like, poor zenaan who was forced to spread fake news all day, made https://github.com/zenaan/iqnets which basically says all the concerns to include. you just keep addressing them until they're all addtrssed. On 10/13/20, Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 16:27:09 -0400 Karl <gmkarl@gmail.com> wrote: Anyway, if you want something else to do, then figure out what a p2p network that uses fill traffick would look like. See what kind of feedback you get from the rest of the list....if you get any at all.
I'm more interested in actually starting work. There's a ton of research and talk about it. If you want a start for an idea, how about an onion-router like tor, except each link has a set constant transfer rate. If you want more bandwidth, open another link to the same node, and spread bytes between them.
There's going to be some issue, and the plan could be adjusted to accommodate the issue. It's most important to build it at this point.
On Tue, 13 Oct 2020 16:50:45 -0400 Karl <gmkarl@gmail.com> wrote:
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
On Tue, 13 Oct 2020 16:27:09 -0400 Karl <gmkarl@gmail.com> wrote: Anyway, if you want something else to do, then figure out what a p2p network that uses fill traffick would look like. See what kind of feedback you get from the rest of the list....if you get any at all.
I'm more interested in actually starting work. There's a ton of research and talk about it.
there's indeed a ton of garbage 'papers' here (exactly what you'd expect from 'academic' parasites working for the govt) https://www.freehaven.net/anonbib/date.html I've taken a look at more than a few of them and apart from the ones that show that tor is a failure(for users, not for the pentagon of course), I didn't find any 'working solution'. as a side note and shockingly, a lot of the 'papers' are written by a small mafia 'led' by US military scum syverson. also, there are things like i2p and freenet that seldom if ever get mentioned...
If you want a start for an idea, how about an onion-router like tor, except each link has a set constant transfer rate.
well yeah you need onion routing and constant rate links, that much is clear...
If you want more bandwidth, open another link to the same node, and spread bytes between them.
There's going to be some issue, and the plan could be adjusted to accommodate the issue. It's most important to build it at this point.
build without a plan and then get people to use some half-backed thing that would land them in jail. Good.
On 10/13/20, Punk-BatSoup-Stasi 2.0 <punks@tfwno.gf> wrote:
build without a plan and then get people to use some half-backed thing that would land them in jail. Good.
You added the second bit. Corporations and governments ask for complete plans first. It is faster to develop agilely, because a lot of the work is the same regardless of what the plan is. https://en.wikipedia.org/wiki/Agile_software_development Really though punk, my issues happened when I stopped using tor. It was working great. After developing my issues, tor no longer works to evade them. I expect it still works for those who haven't developed them, follow the guidelines, and keep a low profile.
participants (5)
-
jim bell -
Karl -
Peter Fairbrother -
Punk-BatSoup-Stasi 2.0 -
Stefan Claas