SOS

Cathal Garvey cathalgarvey at cathalgarvey.me
Mon Nov 18 12:00:46 PST 2013


Tokens are a clever way to solve a specific problem; when you sign up
for a VPN service, whether with credit card or bitcoin, the service
knows that *one person* has just signed up, and *this person* is the
one using the secrets and settings provided to allow access to the
network.

Tokens are transferable, and transferring tokens is encouraged. This
means that when I buy a token, the service cannot know for sure whether
I am the one using them later on, or someone I've given them to or sold
them to.

However: The VPN provider still knows that *this IP address with this
configuration of settings and this operating system (+version) is using
this browser to connect to these sites at these times*. In other words,
the actual identities of users are still very much in the clear to the
VPN provider if no other steps are taken; tokens just make it harder to
correlate these users with the payment information provided, and can
potentially allow many users in the same city (who may be NAT'd
together at the public-IP level) to achieve increased anonymity by
mixing their traffic.

You can make things much more secure (I think?) by chaining VPNs,
because now the first VPN knows your public IP address, and the second
knows your traffic, but neither knows both unless they collude.
However, both probably still can infer a lot by your OS/Browser/Access
times/traffic volume, etc.

On Mon, 18 Nov 2013 12:40:18 -0500
Lilith Lela <lela at cyberguerrilla.org> wrote:

> Hi,
> 
> We received a request from https://twitter.com/S0Sph for us using and
> recommending this site/service http://sos.ph/
> 
> Earlier, a few weeks ago, I had been briefly looking at this
> https://cryptostorm.is/
> 
> These darknet tokens. R it useful in activist contexts? What you
> think? Got perhaps (external to this service(s)) links and/or
> insights for us so we can figure out how it works exactly, and what
> its vulnerabilities r?
> 
> Cheers,
> 
> Lilith

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131118/f6bb7323/attachment-0001.sig>


More information about the cypherpunks mailing list