GoldBug Messenger Fraud? [was: FBI encrypted app, global arrests]
believe
How GoldBug claimed EFF support, censored users, did many shady practices, never explained themselves, etc... is all in the archive. Whether people ever find, read, verify, spread, believe, or beware that history, try to resolve it, or audit the app themselves or not... is up to the user. Whether GoldBug, and the whole rest of their fishy suite, people, and actions, ever explains itself... is up to GoldBug. "GB does not provide checksums for the binary downloads as the source is given for those who want to build on their own. GB has a build date in the gui so the sums might differ." See how they still dodge around the basics that every real crypto project gets right. Referring to "checksums" as if that wasn't deprecated decades ago, claim opensource given is an excuse to not sign their binaries or sources, it's just the "build date" (which absolutely no project ever needs, and law of reproducible builds forbids) numbing people to fall for that excuse. And how no legitimate crypto comms dev people or projects on the internet seem to be using, reviewing, or citing them. Yet there's plenty of GoldBug's shill review sockpuppets, fake wiki pages, oddball software listing sites they spammed all over the internet. Etc, etc, etc... Fraud? Or best software ever? You decide. Maybe it is amazing tool, yet whatever it is, how they are acting is more than suspicious enough to hopefully impart a big amount of caution on potential users.
I did an analisys on GoldBug many years ago (in 2013) and i concluded it's evidently a covered operations. It's formally unknown and hidden team, but it's advertising on specifically focused countries, it ask with active marketing for endorsement to the NGO world. If you wish to see the 2013 analysis to go forward, if they are still in operations: https://drive.google.com/drive/folders/0B6tQ4kKC2rLzUG0yS0FkWHpHZ3c?usp=shar... -naif On 09/06/2021 09:15, grarpamp wrote:
believe How GoldBug claimed EFF support, censored users, did many shady practices, never explained themselves, etc... is all in the archive. Whether people ever find, read, verify, spread, believe, or beware that history, try to resolve it, or audit the app themselves or not... is up to the user.
Whether GoldBug, and the whole rest of their fishy suite, people, and actions, ever explains itself... is up to GoldBug.
"GB does not provide checksums for the binary downloads as the source is given for those who want to build on their own. GB has a build date in the gui so the sums might differ."
See how they still dodge around the basics that every real crypto project gets right. Referring to "checksums" as if that wasn't deprecated decades ago, claim opensource given is an excuse to not sign their binaries or sources, it's just the "build date" (which absolutely no project ever needs, and law of reproducible builds forbids) numbing people to fall for that excuse.
And how no legitimate crypto comms dev people or projects on the internet seem to be using, reviewing, or citing them.
Yet there's plenty of GoldBug's shill review sockpuppets, fake wiki pages, oddball software listing sites they spammed all over the internet.
Etc, etc, etc...
Fraud? Or best software ever? You decide.
Maybe it is amazing tool, yet whatever it is, how they are acting is more than suspicious enough to hopefully impart a big amount of caution on potential users.
The link to the press release from the "osint" goes to a post by grarpamp. I'm guessing this data indicates that naif and grarpamp were forced to disrepute the goldbug projects, and are now being forced to reveal that they did this. Or that a mitm is making it appear so.
I sent this earlier but it disappeared from my outbox before uploading completed. I was asking, are these the files you intended to send? Each one seems like a small fluff document and no primary source documents are included.
Their own self-delegitimizing and self-disreputating actions forever precede whatever their code may or may not be. Those wishing to know what those [and indeed all] codes may or may not be, should audit them to their own satisfaction, preferably publicly. That applies to everything from the CPU to "Hello, World"... as surely many exploitable things lie waiting inside them all. And operations surely behind some of those.
On Sat, Jun 12, 2021, 5:08 AM grarpamp <grarpamp@gmail.com> wrote:
Their own self-delegitimizing and self-disreputating actions forever precede whatever their code may or may not be.
No self-delegitimizing or self-disreputing actions from the goldbug project have reached me. What behavior are you referring to?
Hi Randolph, I saw in 2013 you shared a press release from GoldBug 0.1 with different communities. I'm afraid at this point your shares are the only web results I'm getting for that press release. I understand you're not affiliated with GoldBug yourself, but were simply interested in people's opinions. If you're still around, do you recall at all where you found the press release? We're having a discussion on the cypherpunks list regarding the trustworthiness of GoldBug, and of course one question is the claim of being endorsed by the CCC and the EFF in the press release that came from you. Thanks so much for any reply at all, K
Randolph removed from this public email. The more primary source links for this controversy are at https://lists.gnupg.org/pipermail/gnupg-users/2013-July/047140.html and https://lists.cypherpunks.ca/pipermail/otr-users/2013-July/002232.html . If you click forward on the second link, which appears to have no replies, you can see Randolph continues discussing GoldBug in a different thread. I am _guessing_ that Randolph was either involved in developing GoldBug, or was trying to influence GoldBug's public appearance in some way. It's hard to tell whether the expressions are intended to advertise GoldBug or make them appear sketchy. My first guess was that Randolph was a one-man team who did not speak English as their first language, and they were trying to advertise their work in ways they were familiar with, by pretending to be somebody else stumbling upon it. I don't really know. The comments on the echo protocol make it sound a little bit like the bitmessage protocol. As always, the answers are in the source code, and it is open source. If it phones home it is bad, etc, if it does everything e2e it is good, etc.
I presently am seeing this commit for https://github.com/textbrowser/spot-on.git f7cf61dc5ee25b4b5b9184926a81711e6ae037db master 2021-06-07T09:52:12-04:00 The repository starts in 2015, so does not include the svn data from the 2013 press release.
I have the first spot-on git commit as 7580ca1dc3e0a811a272b1be530c84a5a4559a6b 2015-02-23T08:20:54-0:500 The svn repo is at https://svn.code.sf.net/p/spot-on/code The README file differs but other files appear to be the same between the first git commit and the last svn commit: find */ -type f -exec cat {} + | sha256sum cf5221c736d0907e4a53f9673e4f1b448f2e7c5bdd3b40a1ccedd1af3e1d7d20 My emails are unsigned and I handed the has with only a double-check. I occasionally make errors when double-checking.
To add on to the other thread, of course I do find this hard, because I have to handle the fallout from my political targeting, including b ing barely able to direct my body and brain from schizophrenia etc. Normally, it would be because people have a job and a family taking up their time, after graduating college.
I see things change on me a lot due to my different states of mind, so hashes are really helpful. I'm not sure how to quickly and reproducible hash the history of an svn repo offhand any more, so I'm importing it to git. My steam for this is running out a little. It sounds somebody may have lied about an endorsement and grarpamp won't let the project live it down. These repos demonstrate continuous transparent public activity, but I haven't looked at the code yet.
r1571 has a message containing "New version." and is dated the day before the possible press release.
svn update -r 1571 # took me a while to find this find */ -type f -exec cat {} + | sha256sum d54a76bbf8df1b577a0e070fb6144e6bd33211cbcebe65c18d974f35ca76f027
- the repository contains binaries to ease compilation for windows users. It specifies how to redownload these binaries. - spot-on is presently listed as the source code for goldbug at https://sourceforge.net/projects/goldbug/?source=navbar . I do not see the source code for goldbug in the july 2013 version of spot-on. - in july 2013, libspoton at a cursory glance appeared to be a small c library that used openssl and libgeoip. I'm guessing its sole functionality was to save webpages to an encrypted database, but my guesses are usually immature. - libspoton in 2013 didn't have the content I would expect for a messenger, but it doesn't appear to have code to harm the user in any way.
(it doesn't look like geoip was used for another yet then. pretty sure I am looking at the wrong thing and this is just a draft of something, but not certain)
On Sat, Jun 12, 2021, 8:51 AM Karl Semich <0xloem@gmail.com> wrote:
(it doesn't look like geoip was used for another yet then. pretty sure I am looking at
*anything yet then
the wrong thing and this is just a draft of something, but not certain)
The spot on source is also referenced from the questionable press-release, so either I have something wrong or the goldbug gui source was not available in 2013. But some subtle advice to download and encrypt the web to an sqlite database may have been, unsure. Trying for latest code.
Okay! The goldbug source is inside branches/trunk . The tree was never normalised since svn and use of it continued. It's not about encrypting to a tiny sqlite database.
I've uploaded the svn history as I downloaded it to https://github.com/xloem/spot-on-svn.git My tip commit is 975df40782c5d413361115abcd2164fecb41865b
I'm having trouble working with the svn branches, which I have not uploaded to github, but the associated commits are likely there. Here are some extracts: 0.01 43d1d9a939b9a08dc3afa0d05704e33f0077ae4f 0.10 6afb5031b1caedc3be6a341d9218f79d589a9491 0.x 2fd439c7f69fbf9421e857481ed723461fdc07f4 1.x 5be0b65e0d9573adac9b2c27053e0b41a2482827 trunk 975df40782c5d413361115abcd2164fecb41865b
Branches uploaded! Let's check that press release source again.
v0.01 is dated Sep 7, 2013. The press release said "V0.1" and was re-shared a few weeks later. Goldbug is a fully open-source Qt project.
No, I have the dates wrong. The last commit for branch 0.01 in the source history is dated Sep 7. The press release mentioning V0.1 was dated Jul 27. The email from Randolph asking list members whether the software on the press release was any good, was dated Jul 26. The last commit for branch 0.x was dated Jul 26. So branch 0.x is a better candidate here. Still a qt project.
Instructions on how to build the 2013 pre-release version of spot-on are in Documentation/COMPILING There is also a file there called RELEASE-NOTES, where the version is described as 0.01, not 0.1 as the purported press-release did. The release notes are short and to the point: "Version 0.01 of Spot-On is now available." There is also a TO-DO file under Documentation which shows the parts of the software being developed by the author.
In this July 2013 branch, there is no mention of the software "goldbug". It is called simply "spot-on" . Maybe I'm still looking at the wrong thing?
goldbug project files were introduced to the repository in 2014 168713d0dd goldbug strings added to ui Jul 26 2013 e54980a10cbc That's 1 commit prior to 0.x Previously, "goldbug" is used throughout the source as a string that replaces a symmetric aes256 key, possibly with other meaning, unsure ... I infer that goldbug used to build as a project simply called spot-on
On Sat, Jun 12, 2021, 9:51 AM Karl Semich <0xloem@gmail.com> wrote:
Previously, "goldbug" is used throughout the source as a string that replaces a symmetric aes256 key, possibly with other meaning, unsure ...
To clarify here, I saw a variable named "goldbug" containing a symmetric key, not a string with the value "goldbug" .
I'm probably going to tell grarpamp I disgree because the press release uses the wrong version format. I'll also want to see if I can check the binary hashes. But now I want to try to compile it ;p
It is hard to do things when most of your ganglia misfire. Goldbug needs libspoton. But I got these sources from libspoton. I am confused and need to review the systems and verify my beliefs.
It looks like the repo I ported to github expects to be a subfolder of the svn repo I was looking at earlier. Maybe I typed something wrong when importing it.
I seem to have overly confused myself and failed at this, for now. [thread:wrong]
svnadmin --version # svnadmin, version 1.10.4 (r1850624) svnadmin create spot-on-svn-mirror cd spot-on-svn-mirror # for digest to match, set to my uuid svnadmin setuuid . 6c93ff20-5766-4f58-8b6a-37614513fa33 # svnsync needs this change to function echo '#!/bin/true' > hooks/pre-revprop-change chmod +x hooks/pre-revprop-change # mirror svnsync init file://"$(pwd)" https://svn.code.sf.net/p/spot-on/code svnsync sync file://"$(pwd)" # lots of mirroring happens through revision 4133 # checksum svnadmin dump . | b2sum -l 256 # lots of dumping happens through revision 4133 0f5c6bf5b334c2570dae9384255b60eeeff435db903afbd28f4be4c07d2ccaf7 The synced svn repository that dumps to that b2sum for me is at: https://github.com/xloem/spot-on-svn.git commit 6d869cce8caf2329001fb4a70faa1a4e95b3a48c
# local checkout from b2sum'd repository # from parent folder svn checkout file://"$(pwd)"/spot-on-svn-mirror spot-on-svn-local cd spot-on-svn-local # the pre-release 0.x that seemed likely to be current for the press release document was revision 1567 svn update -r 1567 cd branches/0.x # now building might finally work! qmake -o Makefile spot-on.pro make # I have a bunch of issues likely from breaking changes made to system stuff since 2013 though
- [ ] loosely find what possible is the software can connect to - [ ] compile and run it, see if it is easy to contact the dev via it - [ ] see what os calls it performs, verify nothing is blatantly put on network - [ ] compare checksums of included binaries or - use argument with grarpamp: argument against software has as many or more sketchy parts as the points it is making against the software
On Sat, Jun 12, 2021, 1:47 PM Karl Semich <0xloem@gmail.com> wrote:
- [ ] loosely find what possible is the software can connect to
*possible ips
I attempted 3 times to visit http://web.archive.org/web/*/https://torbrowser.sourceforge.net/ so as to find it appearing as a clone of the tor website. I received an internal server error each time. I did not try from different networks, due to it being a server error, apparently via ajax, but it is possible doing that could change things.
I'm of course not in contact with anyone to share the information with. Might change some day.
I revisited the archive.org link from the same device, and received a 503 for the whole http request, rather than a 503 or 500 via ajax.
I'm looking through the goldbug audit a little. On page 8 they describe a feature of "Instant Perfect Forward Secrecy (IPFS)". I'm not a cryptographer and haven't learned about cryptographic primitives since before forward secrecy was a thing, but I don't get any website for this and it has a misleading acronym, so I'm wondering if they made it up to align with the popularity of the IPFS project to readers. Such behavior is similar to the claim of being endorsed by the CCC and EFF, or the claims for all the developers and projects being suspicious after one suspicious thing happened.
On Sat, Jun 12, 2021, 4:16 PM Karl Semich <0xloem@gmail.com> wrote:
I'm looking through the goldbug audit a little.
On page 8 they describe a feature of "Instant Perfect Forward Secrecy (IPFS)". I'm not a cryptographer and haven't learned about cryptographic primitives since before forward secrecy was a thing, but I don't get any website for this and it has a misleading
*any webhits for this
acronym, so I'm wondering if they made it up to align with the popularity of the IPFS project to readers. Such behavior is similar to the claim of being endorsed by the CCC and EFF, or the claims for all the developers and projects being suspicious after one suspicious thing happened.
It's notable that in the work they actually gave their own made up names to a lot of things, and this is documented in their manual. It's probably helped them be able to share their work longer, to have it less recognisable for people who might not want it.
I'm roughly guessing that this might be marketing rather than an audit, and if so I'm sad that the project hasn't had an opportunity and ability to get real validation.
So, most of my visual cortex doesn't work for me. I see text in little clumps, like looking through a cardboard tube that moves around on its own. It's hard to get a general sense of things, for me. When I think of "audit", I want to know what the avenues are for compromising the various kinds of security a system has, so that people know how to continue using it and developing it, so that they are informed when doing so. I have no idea what an audit formally is. But these people know. They have all the sections and followed all the manuals. It looks like the result of being self-taught and putting incredible hours in, to me. It doesn't look like a deep fake. I don't know where to look to find information on security weaknesses. Glancing around the beginning, I mostly find verbiage about software features. I'm guessing this was written by developers of the project, laboriously, to support the project. It doesn't look independent.
Imagining doing this more. Imagining things being safe and possible. The patterns like it when I post, maybe I can post something that doesn't worry me too much.
Fyi for people still using svn, dump full backups from remote to disk... svnrdump dump https://remote > dumpfile
archives, search: goldbug
Why should people you don't believe bother rehashing it all for you when you can pull it all out of the archives of all the lists involved yourself. If that's too hard for you to do, then go ask both the EFF and CCC separately for a copy of their GoldBug announcement and post the text of their replies here. " From: Randolph D. <rdohm321@gmail.com> Date: 2013/7/26 Subject: Fwd: Goldbug.sf.net - Secure Multi-Crypto-Messenger v0.1 released the EFF in conjunction with the Chaos Computer Club announced a new secure Instant Messenger called: GoldBug.sf.net (http://goldbug.sf.net) "
On Sat, Jun 12, 2021, 7:21 AM grarpamp <grarpamp@gmail.com> wrote:
archives, search: goldbug
Why should people you don't believe bother rehashing it all for you when you can pull it all out of the archives of all the lists involved yourself. If that's too hard for you to do, then go ask both the EFF and CCC separately for a copy of their GoldBug announcement and post the text of their replies here.
" From: Randolph D. <rdohm321@gmail.com> Date: 2013/7/26 Subject: Fwd: Goldbug.sf.net - Secure Multi-Crypto-Messenger v0.1 released
the EFF in conjunction with the Chaos Computer Club announced a new secure Instant Messenger called: GoldBug.sf.net (http://goldbug.sf.net) "
At this point the amount of work you're asking me to go through to verify things when you could paste links to me instead of unsigned quotes, is the biggest reason to trust GoldBug instead of where-ever your emails come from.
To clarify here: - Experienced software developers don't find it hard to scan through code. - People usually hide because they are in danger, not because they are untrustworthy.
On Sat, Jun 12, 2021, 5:08 AM grarpamp <grarpamp@gmail.com> wrote:
Their own self-delegitimizing and self-disreputating actions forever precede whatever their code may or may not be.
So, where I'm at now is uncertainty as to whether Randolph and the press release are associated with GoldBug or not. But it's quite strange to hear that the quality of the code itself may not matter to you.
I found naif's chatlogs with Randolph in his google drive folder. Randolph seemed to only partly understand the project and seemed to not respond to all the words that were said in english. I misrepresented the investigation by naif because I didn't understand how little information there was. It sounds like nobody reached out to the real devs. It reads like Randolph had an unspoken goal involving encrypted communication and wanted to form a communication path with somebody. I'm not sure if that ever happened. It's notable that they somehow found out about goldbug before its initial release. Goldbug presently is still downloaded on a daily basis.
nail, we're talking about you a lot in front of your face. What do you need here to be protected?
[appropriate joke] PGP seems pretty suspicious, too, no? Also POSIX? [/appropriate joke] I don't know why I'm receiving expression from you guys of such poor information. What can this cypherpunks list do for either you, or your mitm if that is the reason for the poor information? I can influence the people here. I do so overtly and forthrightly. Are there any needs or concerns?
I found https://www.mail-archive.com/cypherpunks@cpunks.org/msg05277.html from the web. It looks like bullying to me, not investigation.
On Wed, Jun 9, 2021, 6:53 AM Karl <gmkarl@gmail.com> wrote:
[appropriate joke]
PGP seems pretty suspicious, too, no? Also POSIX?
[/appropriate joke]
I don't know why I'm receiving expression from you guys of such poor information.
What can this cypherpunks list do for either you, or your mitm if that is the reason for the poor information?
So, the reason I responded this way was because the information didn't show anything suspicious to me. The reasons for suspicion were a press release that wasn't included, and various behaviors that seem tiny to me. Meanwhile a lot of people's personally identifying information was being shared, when these people were running, using, and advocating an open source encrypted network . Most of the documents are sharing personal details on the people found related to the network. This can get people very hurt in my opinion; but I infer it is just there so that other people can continue the work and figure out what is real. It seems to hard to figure out if that press release is real unless the dev says it is.
On Sun, Jun 13, 2021, 7:24 AM grarpamp <grarpamp@gmail.com> wrote:
It seems to hard to figure out if that press release is real
Go ask both the EFF and CCC separately for a copy of their GoldBug PR announcement and post the text of their replies here.
This seems to be something that you care about. Has it been done before? I don't think it will discern whether the project actually made the press release, but it looks like the developers might bend the truth harmlessly sometimes and I think that's human and normal. The software looks to be a convenience messaging wrapper for openssl written by dedicated non-experts, in need of experienced review. A user from their community asked the list for an experienced opinion 8 years ago and as far as I can tell were rejected due to suspicion. Trustworthiness here could be discerned by - can we reach the actual devs - do they respond to learning of problems in their software, by fixing those problems - do they accept contributions containing fixes to problems in their software That's probably been tested some time ago in the archives. Randolph does behave really funny. Never did they say they were affiliated with the project. Your reply regarding the rooftop monitoring system was really cool, I'm having some issues directing my replies and this comment ended up in this thread, sorry.
re broken thread Subject: Evidence of Enforcement Workers Portraying Activists as Criminal You have to audit the code to claim it is clean. All anyone else had to do was point to their lies, dodging, censorship, already proving dirty project behaviour. Do you want that in your unaudited crypto messaging, in those apps, from such people? You decide. Since you already use everything else unaudited, you probably do. At least admit it instead of trying to incorrectly claim they are saints. On gnupg, 'Dohm" used context "we" referring to, and directly joining himself into status of being part of, the devel group, the projects themselves. Their fake language did not hide that. The OSInt done by people years ago was sufficient to back the position of the investigators. Nothing about the projects has changed since then, no explanations were ever offered, no convincing rationale proposed by anyone as to why the lies, etc. As with everything else, use at your own risk.
On Tue, Jun 15, 2021, 11:10 PM grarpamp <grarpamp@gmail.com> wrote:
re broken thread Subject: Evidence of Enforcement Workers Portraying Activists as Criminal
You have to audit the code to claim it is clean.
That goes both ways. You have to audit the code to claim it is faulty. As with everything else, use at your own risk.
"rdohm: the EFF in conjunction with the Chaos Computer Club announced a new secure Instant Messenger called: GoldBug" "rdohm: We all need to evaluate this and will come back to you"
You have to audit the code to claim it is faulty.
No one ever claimed the code was faulty, only that the group was and is still doing things that are disreputable... lying about nonexistent press releases to con users into using it, censoring user inquiries, refusing to code signing reproducibility, dodging and faux-assert-confirm based redirecting tactics instead of simply answering simple questions, and questionable actions and methods irregular to usual work in the field... all documented on the internet, which people are too lazy to follow, to lazy to even get a copy of the PR from the EFF CCC. The advice has always been to audit code. Many people won't bother using or auditing any codes that come from groups that have disreputed themselves... that works for them. Others make careers out of analysing malwarez. And careers spreading it all over the net. No one ever claimed or forced that dev groups cannot or should not be anon, that's just as utterly ridiculous a position as claiming that posing any given question/request to anon devs is improper, that such queries are somehow not freespeech, that the askers should be cancelled. In fact, other than confidants, and the NSA GCHQ FBI etc, Satoshi was anon. (Satoshi never claimed EFF+CCC announced or had anything to do with Bitcoin, never disreputed the Bitcoin project by doing any of those type of shady and suspicious things.) The world needs anon devs to code the important softwares. And there are a lot more anon codes coming ;) Is GoldBug an op... you decide. Regardless... Expect Ops.
On Wed, Jun 16, 2021, 6:24 PM grarpamp <grarpamp@gmail.com> wrote:
"rdohm: the EFF in conjunction with the Chaos Computer Club announced a new secure Instant Messenger called: GoldBug"
"rdohm: We all need to evaluate this and will come back to you"
You have to audit the code to claim it is faulty.
No one ever claimed the code was faulty, only that the group was and is still doing things that are disreputable... lying about nonexistent press
??? if the code is not faulty then why are you talking about unsigned messages as if they are related to anything? go get an signed message, and then talk about what you are talking about -- people, not software -- once you can demonstrate they actually did what you say. releases to con users into using it, censoring user
inquiries, refusing to code signing reproducibility, dodging and faux-assert-confirm based redirecting tactics instead of simply answering simple questions, and questionable actions and methods irregular to usual work in the field... all documented on the internet, which people are too lazy to follow, to lazy to even get a copy of the PR from the EFF CCC.
The advice has always been to audit code. Many people won't bother using or auditing any codes that come from groups that have disreputed themselves... that works for them.
It is well known that disruptors disrepute groups for no fault of their own. I will be reading 1 more reply from your email address for now. Regardless... Expect Ops.
People will protect themselves when you can use cryptographic signatures to get through the ones shilling us to you.
??? if the code is not faulty
No one ever claimed the code was not faulty either.
demonstrate
Deletions by the projects of content on the services they controlled, and internet rot elsewhere, has removed some of the demos you seek from your view now years later, obviously now people may only find some references to those situations, as they weren't there then, or weren't party to them. Since you "don't believe" those possibilities exist outside your limited ledger view, and won't even do the work to find whatever refs remain on your own, and won't even go do simple dyor by asking EFF/CCC to send you a copy of their announced press release, then that is the end of this thread for you.
https://en.wikipedia.org/wiki/Special:Contributions/Fuchshuber That's GoldBug et al inserting themselves into more random wiki pages on 2016-07-18. Someone really needs to start a formal project to publicly investigate and debunk or clear their software claims and fishy methods once and for all, for any user's sake since they can get hurt.
https://en.wikipedia.org/w/index.php?fulltext=1&search=goldbug+messenger Pick any of their names as search strings, they've inserted themselves all over the place.
On Fri, Aug 13, 2021, 5:47 AM grarpamp <grarpamp@gmail.com> wrote:
https://en.wikipedia.org/w/index.php?fulltext=1&search=goldbug+messenger
Pick any of their names as search strings, they've inserted themselves all over the place.
Poor goldbug.
I saw quickly on wikipedia that the socialist millionaire protocol might be insecure in the face of mitm attacks. Is this true or relevant?
participants (4)
-
Fabio Pietrosanti (naif) -
grarpamp -
Karl -
Karl Semich