www.nsa-observer.net is on clear web, don't use clear web.

coderman coderman@gmail.com
Wed Feb 4 03:50:56 PST 2015


On 2/4/15, grarpamp <grarpamp@gmail.com> wrote:
> ...
> Moving 10G/day/node to or from clearnet is possible. Posting in the
> darknet might find you parallel armies of sympathetic nodes willing
> to help with task.

don't use clear-web, not even once. not even one-way. it is DEF CON
wireless; pre-pwned and malicious since many years.
this includes:
 - don't use DNS
 - don't use HTTP over public IPv4 or IPv6
 - don't use HTTPS over public IPv4 or IPv6
 - don't use TCP over public IPv4 of IPv6
 - do use UDP VPN at least past first last-mile ISP, most likely to be
onery and RST'ery.
 - do use Tor bridges to avoid like UDP VPN above, with even better cover.
 - must use resume capable HTTP/1.1 range based capable client with
secure digest verification!
 (multiple reports of cryptome.org streams of Cfour.7z getting RST
inline, or otherwise frequent and frustrating failures before complete
on some specific provider networks; bonus points for RST inject
filtering, but not all OS support it.)


for array of onion hosts (location hidden mirrors)
 - 5 x connections, to 5 of 9 onions, max two conns per host
 - 18 x connections to 9 onions, two conns per host [ e.g. aria2c
--piece-length=1M --min-split-size=1M --split=18
--max-connection-per-server=3 --max-concurrent-downloads=18 ... aria2c
does sha256 for free ] => 1.8MByte/sec to 3.5MByte/sec sustained over
50G archive in whole over various rounds of testing the fy2014 dist.
add randomized filling, and you can stack parallel instances with
multiple Tor clients for added capacity.
 ... anything more seems limited by client side, even in best of
circumstances ...

hey look, latter is simpler! two things to solve it.
 ;)


best regards,



More information about the cypherpunks mailing list