any moment now ...

John Case case at sdf.lonestar.org
Tue Nov 30 22:27:42 PST 2010 

Hi Eugen,

On Tue, 30 Nov 2010, Eugen Leitl wrote:

> On Tue, Nov 30, 2010 at 08:57:31PM +0000, John Case wrote:
>
>> Look, if running a Tor node anonymously was difficult, this conversation
>> would be interesting.
>>
>> But unning a Tor node anonymously is trivial, so the cost/benefit
>> analysis is pretty parabolic.  No cost, all benefit.
>
> This is interesting to me personally. How would you run
> a Tor node anonymously, without breaking the bank?
>
> Apart from offshore incorporation or finding a host that
> takes cash or anonymous prepaid cards it appears not obvious.


There's a few ways to approach this.

First, there are a LOT of co-location/vps/webhost resellers operating in 
the US, and almost no regulation of them as "ISPs".  The big famous ones 
that do shell hosting and irc and all of that will not work - they are 
very vigilant about customer validation because they get so much CC fraud.

But if you can find a joe-blow VPS reseller or datacenter reseller and 
call them up like any other vendor, they will bend over backwards to take 
your money.  They're not going to ask for your drivers license or a credit 
check or anything like that.  You can just mail them a postal money order 
or two and be done with it.  Most give you a discount for paying a year in 
advance, so that's convenient.

The other way to approach it is much more convenient, but potentially more 
risky, and that is to use an assumed name with your own credit card.  You 
will find that most CC auths are done based on the numbers, and not on 
your actual name.  Try it - you can set up a working amazon account with 
your own CC and a totally bogus name.

Since most (all ?) merchants are required by their banks to dispose of the 
CC information, or never hold it in the first place after authorization, 
after your transaction they are left with your bogus information (but 
correct address) and either a hash or the last four of your CC.

This is worth considering, since we aren't guarding against "being raided 
right now", but rather against future data mining ... and if future data 
mining traces an IP back to an account that had (possibly) the same 
address as you ... it gets a bit hazy there.  The hunt is for a name, and 
that name is not there.

So that's some food for thought - I have it on good authority that all of 
the above works very well ... and we haven't even gotten to prepaid visa 
cards, which aren't exactly rocket science to procure and use...

More information about the cypherpunks-legacy mailing list