SOS

[Lilith Lela]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cathal,

Thank you. Yes, we were NOT going to use without chaining.
We'll just give it a try for a month, and dig sum deeper.

Cheers,

Lilith

On 18/11/13 15:00, Cathal Garvey wrote:
> Tokens are a clever way to solve a specific problem; when you sign
> up for a VPN service, whether with credit card or bitcoin, the
> service knows that *one person* has just signed up, and *this
> person* is the one using the secrets and settings provided to allow
> access to the network.
> 
> Tokens are transferable, and transferring tokens is encouraged.
> This means that when I buy a token, the service cannot know for
> sure whether I am the one using them later on, or someone I've
> given them to or sold them to.
> 
> However: The VPN provider still knows that *this IP address with
> this configuration of settings and this operating system (+version)
> is using this browser to connect to these sites at these times*. In
> other words, the actual identities of users are still very much in
> the clear to the VPN provider if no other steps are taken; tokens
> just make it harder to correlate these users with the payment
> information provided, and can potentially allow many users in the
> same city (who may be NAT'd together at the public-IP level) to
> achieve increased anonymity by mixing their traffic.
> 
> You can make things much more secure (I think?) by chaining VPNs, 
> because now the first VPN knows your public IP address, and the
> second knows your traffic, but neither knows both unless they
> collude. However, both probably still can infer a lot by your
> OS/Browser/Access times/traffic volume, etc.
> 
> On Mon, 18 Nov 2013 12:40:18 -0500 Lilith Lela
> <lela at cyberguerrilla.org> wrote:
> 
>> Hi,
>> 
>> We received a request from https://twitter.com/S0Sph for us using
>> and recommending this site/service http://sos.ph/
>> 
>> Earlier, a few weeks ago, I had been briefly looking at this 
>> https://cryptostorm.is/
>> 
>> These darknet tokens. R it useful in activist contexts? What you 
>> think? Got perhaps (external to this service(s)) links and/or 
>> insights for us so we can figure out how it works exactly, and
>> what its vulnerabilities r?
>> 
>> Cheers,
>> 
>> Lilith
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJSinunAAoJED5ZhUWuz7u0iKQH/3QuSe1aaSgyF4Jx0tmkJxzC
6NsBYIiU4rgxwCqWMgGXno1C0d2g2VcBidSCC+I7oXEpL6XMoNeAkVbaNfu1RKi2
9SwDvI/QlBGgV1z8AFFjtJVd7lElJsDaKcMOS5KsYPyhoiStuwKdLgea/zLrBwxh
Z4SR1gcJcgN7N7aUmhEqtu4JC0xHDcVsDXqY6t05vf15U7XFz/aUQdVdy66ov3RN
wz3o3w7FBl3iSgfkmUwT9QTxSqXAcmDJ+ppuIFvC8OvXFkjdAleGnlaucaM69DAJ
UYgtUOZgIBu+UcH1IDGjbB9UVEoj8AXtQQMOxL/CzobvxeFihAa3DHBDRW2xeHI=
=9bVr
-----END PGP SIGNATURE-----