the tor scam - Re: AP deconstructed: Why it has not happened yet, and will not

juan juan.g71 at gmail.com
Sat Aug 11 14:05:19 PDT 2018 

On Fri, 10 Aug 2018 10:43:07 -0700
Mirimir <mirimir at riseup.net> wrote:

> On 08/09/2018 08:42 PM, juan wrote:
> > On Thu, 9 Aug 2018 15:01:46 -0700
> > Mirimir <mirimir at riseup.net> wrote:
> > 
> > 
> >>>>
> >>>> So? Well, if they [mix networks] are not being implemented, they're not very useful. 
> >>>

> Sure, there are better options. But they're not currently implemented at
> useful scale. How can you use a mix network that exists only as an
> academic paper, and perhaps some tens of people testing it?

	Oh my bad. I misread  and thought you said they were not being implemented because they could not possibly be useful. Since you had said that tor was 'good enough' for AP, I assumed that you further added that slow mix networks were not really needed, so no demand and no supply.


	But you are saying that a critical mass of users is required, which is of course true, and something I never denied...So not sure how that comment of yours is 'helpful'? =)

	To recap : 
	me : Better tools are needed.
	you ; but they don't exist! 
	me : well yes? THat's why they are needed...?

		

> OK, that helps maybe a little. But you've been online for many years,
> and I'm sure that you have friends and associates. So organize some
> cutting-edge mix network. 

	Ha. I have tried to sell(metaphorically speaking) more secure channels to friends and wasn't too succesful. They don't believe it's worthwhile because in the grand scheme of things  we are fucked anyway, they say.

	At any rate, that has little to do with my comments about tor and what sort of comms are needed for AP. 
	


> Maybe Riffle, developed by Young Hyun Kwon.[1]
> Or whatever you think better. And damn, I'll even help, if you like :)
> 
> 1)
> https://dspace.mit.edu/bitstream/handle/1721.1/99859/927718269-MIT.pdf?sequence=1

	Thanks. Let me see...


> > 
> > 
> > 	And yet you seem to be very uncritical of a flagship project of the US military like tor.
> 
> Maybe to you I seem insufficiently critical. But maybe ask Tor devs ;)


	When I was on tor-talk I saw little if any criticism. But meh...



> 
> >> Or in this case, I2P. 
> > 
> > 	From what I've seen of i2p content(or complete lack of it) it's a lot worse than tor. Which is saying a lot...
> 
> That's because I2P has very few clearnet exits, so all you see is stuff
> hosted on I2P. 

	Yes, that's what I looked at and that's the basic data to look at. What sort of content is hosted inside i2p.

> One of the major Russian marketplaces is (or was) on I2P.
> Also lots of porn and CP, predictably.

	By now I'm starting to suspect that your definition of 'child porn' is that of the puritan, jew-kristian, american government? Any girl under 18 wearing a bikini is 'child porn'? And even going by such 'definition' I don't think there's "lots of CP' on i2p or tor. 

	Furthermore, you can find that sort of 'CP' on clearnet...




> 
> >> For decentralized storage generally, I like IPFS. 
> >> For example, a year or
> >> two ago I put "Fast Data Transfer via Tor" on IPFS.[0] And even though
> >> I'm not currently running any IPFS nodes, it's still there. Because
> >> enough people pinned it. If I hadn't disclosed that, it would be
> >> nontrivial for adversaries to link it to me.
> >>
> >> 0) https://ipfs.io/ipfs/QmUDV2KHrAgs84oUc7z9zQmZ3whx1NB6YDPv8ZRuf4dutN/
> > 
> > 
> > 	Hm. OK. Looking at IPFS...So it's a lot newer than tor and freenet! NEW AND IMPROVED. Meaning, untested. And they have a 'filecoin' and 200 millions through an ICO...
> 
> So whatever. It's the thing now, for kids. But it does seem to work
> pretty well.

	there's also maidsafe and storj which are well funded too (or at least maidsafe is) and they are not going anywhwere as far as I can tell (though admitedly I haven't looked into them).

	Anyway, I might take a look at ipfs though for starters the reference client uses fucking go from fucking google...Not encouraging at all.




> >>
> >> Really? Gotta a link for that?
> > 
> > 
> > 	you never heard of gnutella...? 
> 
> Sure, but didn't know that it was still up. Is it?

	...you can find out for yourself? =) But yeah, although it has (a lot) less users than in the good old days it still works.


> 
> I mean, damn, I can't find any music on TPB! That sucks.

	I haven't had much trouble getting some stuff off tpb but I don't use it too much so...
	

 



> > 	If augur's interface is a shitty website accessed through tor, then I'm going to be skeptical about its success. And lo and behold, augur's web interface uses JAVASHIT, number one security hole for 'web applications'. 
> 
> The root issue isn't where Augur's website runs. The issue is trading
> Ethereum anonymously.

	I expect all parts of the system need to be secured...




> > 	If you want to run a full node you need to download some 200gb, but once you have the blockchain, keeping it synced requires ~2mb every 10 minutes average.
> > 
> > 	So depending on what you want to do, a low bandwidth network may be a problem. Maybe get the blockchain via sneakernet? 
> > 
> > 	If you want to make a payment on the other hand you only need to send some ~200 bytes (simple transaction).
> 
> Yeah, but you can't do anything unless the client is synced.

	you can send and receive payments using a SPV client. You don't need any sort of syncing to send a payment, you just sign a transaction and broadcast it.

	Also, notice that it can take up to ONE HOUR for a block to be mined and so for your transaction to be processed and that's if you pay the highest fee - on average it takes 10 minutes for a tx to be processed if you get in the next block. In other words bitcoin isn't real time at all.

	But hey, if we follow the 'low latency' 'philosophy' then paypal is so much better than bitcoin...


> 
> > 	You can also use SPV clients if you don't require the trustlessness that a full node affords. 
> 
> Yeah, that's what I do with Bitcoin.


	...and it would be better to access the servers for those clients through a mix network...




> > 	So managing a server remotely with a 1 minute delay between command and response doesn't sound fun, BUT it may be the right choice in a small number of high risk scenarios.
> 
> Yes. But whatever version of Jim's AP you're considering, I guarantee
> that it will involve managing remote servers.

	Still in that case putting up with very high latency may be a good tradeoff to avoid ending up in jail or dead. 
	





> 
> >> And DPR? He got nailed because he made too many stupid mistakes. And
> >> some of his collaborators got nailed because one of those stupid
> >> mistakes was keeping records, including images of their fucking
> >> passports, on his fucking laptop.
> > 
> > 	Sure. And you know that because the Free Government of the USA told you so. 
> 
> Do you have sources that show otherwise? If not, then all you have is
> some story based on your preconceptions.

	What I have is the basic principle of not believing the govt, especially when the very propaganda source has made it clear that they operate under secret laws, aka 'parallel construction'. Not sure what else you want from them apart from an *explicit legal acknowledgement* that they lie, which they already provided.


	
	
> 
> >> It was in the news a couple years ago. There's even a notice on the
> >> Freenet website about it. Making excuses.
> > 
> > 
> > 	https://freenetproject.org/police-departments-tracking-efforts-based-on-false-statistics.html
> > 
> > 	that doesn't sound like making excuses ^^^
> 
> Tell that to someone facing charges, and expert witnesses that a jury
> believes. But whatever.

	Yes I get that, but technically it's up to discussion how broken freenet this. Though again, I don't mean to sell freenet. 




> > 
> >>
> >> You have no clue who funded Freenet, do you?
> > 
> > 	No, who did? I saw a donation by gilmore...
> 
> No idea, myself.

	I did read this - that's why I remember about gilmore - I forgot all the rest =P

	https://freenetproject.org/pages/donate.html

	"Google open source have three times donated $18,000, as well as paying for students to work with us over summer since 2006 through the Google Summer of Code program."






> > 	Anyway, what does 'the literature' say about the traffic analysis capabilities of GovCorp? That's a topic I never see discuessed by tor advocates (but maybe I missed the discussions).
> 
> It's hard to say. 

	Exactly my point? People build networks that can be attacked using traffic analysis but they don't seem to have a clue about the traffic analysis capabilities of the adversary? That's ridiculous. 

	Notice how if you use something like AES you can make educated guesses about the resources needed to brute force it.

	If you use public key encryption it gets more difficult but it still possible. 

	But if you use something like tor there are no 'objective' metrics apart from "I saw a 'CP' .onion site on tor"!


> My best guess is that they can intercept essentially
> everything. But that it's still at least nontrivial, and perhaps not yet
> feasible, to trace particular connections through multiple hops. But
> really, who knows?

	That's the point. Furthermore, whoever knows something he isn't publishing it. And yet you have all the 'academics' writing their 'academic' papers about their 'low latency' networks and bla bla bla. Sounds like a barefaced scam to me...



> > 	As I said in a previous post you apparently ignored :
> > 
> > 	"in the past you could find links on reddit to .onion sites that kinda looked 'uncensored'. Those sites do not exist anymore. But feel free to prove me wrong and POST EVIDENCE, that is, links to content that the 'authorities' would like to remove but can't. " 
> 
> OK, let me see. I don't spend much time on .onion sites. Many sites did
> disappear over the past year or two.

	Many sites disappear EVERY year or two. That is, they don't LAST more than a year or two. And that's always been so. 

	And actually it's probably getting worse because there isn't any upgrate to tor whereas you can expect the traffic analyisis capabilities of the enemy to be upgraded all the time.


> A couple huge hosting operations
> were taken down. Ast least some of that was CMU fallout.

> 
> > 	so again, link an uncesored .onion directory. Or don't if you are afraid of going to jail, or having the cpunk list raided or something like that. But last time I checked there wasn't any noteworthy 'illegal' content on .onion sites, apart from some alleged dealers, which I assume represent something like 0.01% of dealers in real life. 
> > 
> > 	Likewise, going by the same metric, if you say there's lots of 'child porn' on freenet then the  conclusion is that freenet is as secure or more secure than tor.
> 
> Or a honeypot ;)

	Right. Just like tor =)

More information about the cypherpunks mailing list