the tor scam - Re: AP deconstructed: Why it has not happened yet, and will not

juan juan.g71 at gmail.com
Thu Aug 9 20:42:47 PDT 2018 

On Thu, 9 Aug 2018 15:01:46 -0700
Mirimir <mirimir at riseup.net> wrote:


> >>
> >> So? Well, if they [mix networks] are not being implemented, they're not very useful. 
> > 
> > 	not useful for what? 
> 
> Huh? Are you retarded? Sure, you and your friends can setup some super
> duper mix network, but it won't do you any fucking good. Because, you
> know, you're the only people using it. And once an adversary gets
> access, you're totally screwed.

	Sure, but now you jumped to something else. What about keeping track of the topic at hand? 
	
	Topic : there are no secure mix networks because people (stupidly) use more 'convenient' stuff. And while the faster, less secure stuff does have its use cases, so do the other systems. 

	So what's retarded here is your  line of thinking "there are no better options cause they are not useful'



> 
> >> You
> >> can fume all you want about some ideal that ought to exist. But that
> >> alone doesn't really help much.
> > 
> > 	you mean, discussing the 'technical details' doesn't 'help' whereas  US military propaganda 'helps'? Well, of course, that's true, depending on what is being 'helped'...
> 
> Sure, "discussing the 'technical details'" helps. But not if you're just
> bitching about what's wrong with existing stuff.


	lol - in other words,  there's a laundry list of criticism that you are fully unable to counter so you call it 'bitching'. 



> And unless you actually
> mobilize some support and participation for whatever you want. I haven't
> heard much of that from you.


	It should be self evident that explaining that tor is mostly useful to watch jewtube has the implicit goal of 'mobilizing support' for better alternatives. 

	also notice that I am not an agent of the US military, but an independent individual from a banana republic - so my resources to 'mobilize support' are somewhat limited.


	

> > 
> > 	oh, that's nice =) (just in the highly unlikely case that you are trying to mock me, bear in mind that the joke is on you =) ).
> 
> No mocking involved. I do agree. And you know, I really don't love those
> Americunt fascists either. Even though I'm living there now.


	And yet you seem to be very uncritical of a flagship project of the US military like tor.



> 
> >> But that's not the only reason. There's also the
> >> latency vs usability tradeoff. 
> > 
> > 	Which I think I acknowledged...
> 
> Yes, you did. Barely. And them you hand-waved it away ;)


	Bullshit. Just in case my position isn't clear. You want to watch jewtube videos or control drones to murder children use tor,  a 'low latency' network. You want some half decent anonimity? Use something else. 

	This being the cpunks mailing list, not the tor mailing list, or other outlet for US military propaganda, it seems to me that your constant 'bitching' about 'usability' is misplaced. 

	
 
> 
> >> Or even if it is, maybe you ought to be
> >> promoting them?
> > 
> > 	And what am I doing here? 
> 
> So far, you've promoted Freenet. Which is arguably _worse_ than Tor.


	It's not my intention to promote freenet, and I barely promoted it. 
	
	What needs to be done is getting rid of the tor scum =)


> 
> >> But not Freenet! That shit is ~20 years out of date. More below.
> > 
> > 	Keep trolling. So decentralized storage is 20 years out of date whereas using php to serve files behind a low quality proxy is the 'technology' of the next americunt century. 
> 
> No, Freenet is 20 years out of date. Because it makes _no_ attempt to
> obscure IP addresses of peers. As far as I know, there is no protocol
> for decentralized storage that does obscure IP addresses of peers. 

	uh, so everything is 20 years out of date? 

> And so you need to use some overlay network. Such as VPNs and/or Tor.

	OK. So if you add a proxy before  freenet then freenet is better than php in a centralized webserver? 


> 
> Or in this case, I2P. 

	From what I've seen of i2p content(or complete lack of it) it's a lot worse than tor. Which is saying a lot...


> Because there's no need to reach clearnet stuff.
> However, I2P also has its issues. It's a lot smaller than Tor. And every
> participant must be a router, analogous to a Tor relay. Which means that
> participants attract more attention, and may get their IPs blacklisted.


	That's how a decentralized network works? If you are a peer you may attract attention. Not sure what kind of 'workaround' can be for that. If you use an 'overlay' then you will 'attract attention' for using an overlay, etc.


> 
> For decentralized storage generally, I like IPFS. 
> For example, a year or
> two ago I put "Fast Data Transfer via Tor" on IPFS.[0] And even though
> I'm not currently running any IPFS nodes, it's still there. Because
> enough people pinned it. If I hadn't disclosed that, it would be
> nontrivial for adversaries to link it to me.
> 
> 0) https://ipfs.io/ipfs/QmUDV2KHrAgs84oUc7z9zQmZ3whx1NB6YDPv8ZRuf4dutN/


	Hm. OK. Looking at IPFS...So it's a lot newer than tor and freenet! NEW AND IMPROVED. Meaning, untested. And they have a 'filecoin' and 200 millions through an ICO...



> 
> > 	by the way, freenet is 18 years old and your employer the tor corporation is 15 years old. So I guess tor is 'almost' ~20 years out of date? 
> > 
> > 
> > 	And you know, there's even older stuff than freenet, like the p2p networks based on gnutella and they are of course superior to bittorrent, let alone to 'web based' 'solutions'.
> 
> Really? Gotta a link for that?


	you never heard of gnutella...? 

> I've been wondering where to get some
> current music at a decent price. I will _not_ use Spotify!

	Well not sure if you'll find what you are looking for there but my point was how better systems get replaced by more 'convenient' and retarded stuff. 




> > 	We were talking about assasination politics. And you barefacedly declared that tor was 'good enough' for end users, 'good enough' for hidden services, and 'good enough' for killing trump. So here the 'crypto anarchy stuff' is AP. 
> > 
> > 	Now, are you trolling or what? You can't remember the topic of the discussion from one message to the next? Or?

> 
> OK, so how are you planning to use Augur or whatever without revealing
> your IP address? 


	I'm not planning on doing that specifically. I am POINTING OUT that in order to run a 'prediction market' like that you need 'strong anonimity'. 

	If augur's interface is a shitty website accessed through tor, then I'm going to be skeptical about its success. And lo and behold, augur's web interface uses JAVASHIT, number one security hole for 'web applications'. 


> And actually, if I said that Tor would work with Augur,
> I was wrong. Because Ethereum wallets use UDP, which Tor doesn't handle.

	Go figure. 


> So you're left with nested VPN chains. Unless someone forks to I2P. But
> that too seems iffy, given how small I2P is.
> 
> >> There
> >> are web sites. There's email. There are various more-or-less P2P
> >> messaging systems. There's SSH for managing servers.
> >>
> >> I agree that email and messaging would better resist compromise if they
> >> used higher-latency mix networks. Even very high-latency ones, with lots
> >> of padding. 
> > 
> > 
> > 	Not just email, but any protocol that doesn't require 'instant' messages. Which I imagine includes AP.
> 
> Maybe. But I can't quite imagine a blockchain client via high-latency
> networks. I mean, the classic Bitcoin client is barely usable via VPNs.
> However, I'm no cryptocurrency expert, so maybe it'd be workable.

	If you want to run a full node you need to download some 200gb, but once you have the blockchain, keeping it synced requires ~2mb every 10 minutes average.

	So depending on what you want to do, a low bandwidth network may be a problem. Maybe get the blockchain via sneakernet? 

	If you want to make a payment on the other hand you only need to send some ~200 bytes (simple transaction).

	You can also use SPV clients if you don't require the trustlessness that a full node affords. 


> 
> >> But SSH via nested VPN chains plus Tor is painful enough as
> >>  it is. I can't imagine waiting minutes between typing and remote action.
> >>
> >>>> What have I missed?
> >>>
> >>> 	good thing that at least you are asking. Now try to answer your question. 
> 
> That's a cop out, Juan. And it's a crucial issue, because any ~anonymous
> overlay network will involve managing remote servers anonymously.


	We are talking past each other and have been for a while. I am mostly talking about the requirements for something like Jim's AP, not about a general overlay network that can make compromises for most use cases. 

	So managing a server remotely with a 1 minute delay between command and response doesn't sound fun, BUT it may be the right choice in a small number of high risk scenarios.

	
> 
> >> Well, I was hoping for some constructive discussion. But that's hard
> >> with you. But whatever, we are what we are.
> > 
> > 
> > 	You are expecting me to provide something that doesn't exist and can't exist?  And since nobody can provide a fast and secure network, you just keep parroting tor propganda? 
> > 	
> > 	Well I guess that's your job description?
> 
> You say propaganda. I say objective discussion.


	True, there's that as well.



> > 
> > 	But I guess you are still ignoring the reason for tor to exist. It is for americunt nazis to promote 'democracy' in 'repressive' regimes. 
> 
> Sure, that's part of it. So are you saying that you'd rather live in
> China than in the US? What "repressive" regimes do you like?


	None in particular =) So I don't need to take sides. But since I've been given a false choice, overall I don't think china is worse than the US. As a matter of fact it's probably better in a few ways. 

	But again, seeing tor as a tool of the US empire (exactly what it is) doesn't mean I am unaware of the existence of other governments...which are as repressive as the US (some more, some less). What's  laughaable is for the US nazis to point the finger at anyone - though that's exactly what the tor corporation and their idiotic talk about repressive regimes do. 

	



> 
> >>> 	yes, ask all the people who are in jail thanks to tor. Or dead. 
> >>
> >> Yeah, yeah. But nothing's perfect. And consider how many more would be
> >> jailed or dead if they _hadn't_ used Tor.
> > 
> > 	Less people. You don't do stupidly risky things if you know you are getting caught. You do them when you drink the koolaid from the US military like Ulbricht did.
> 
> Well, that's where we differ. I do stupidly risky things because what I
> do is up to me. And because it's fun. Cowering in fear ain't my trip.

	That's fine. But that's different from telling OTHER people : use tor to sell drugs, it works. 
	

> 
> And DPR? He got nailed because he made too many stupid mistakes. And
> some of his collaborators got nailed because one of those stupid
> mistakes was keeping records, including images of their fucking
> passports, on his fucking laptop.

	Sure. And you know that because the Free Government of the USA told you so. 





> It was in the news a couple years ago. There's even a notice on the
> Freenet website about it. Making excuses.


	https://freenetproject.org/police-departments-tracking-efforts-based-on-false-statistics.html

	that doesn't sound like making excuses ^^^

	anyway, attacks described here 

	https://freenetproject.org/pages/help.html


> That ex cop in Philadelphia,
> who's still jailed for refusing to disclose his FDE passphrase, was one
> of them.
> 
> From
> https://www.deepdotweb.com/2015/11/27/police-log-ips-making-arrest-by-planting-own-nodes-in-freenet/


> For background on the Black Ice Project, see
> https://retro64xyz.github.io/assets/pdf/blackice_project.pdf



> 
> You have no clue who funded Freenet, do you?

	No, who did? I saw a donation by gilmore...



> >>
> >> Dude, I don't ignore Tor's problems! Where we differ is that I'm willing
> >> to work around them. 
> > 
> > 
> > 	So how do you work around tor problems? 
> 
> First, I _always_ use Tor via nested VPN chains. 

> Using Whonix to
> mitigate against leaks. Or between remote servers and VPS that I've
> leased as anonymously as possible, via nested VPN chains and Tor, using
> well-mixed Bitcoin.

	OK, so if tor fails somehow, the VPN servers may still save you. But adding a VPN hop doesn't necessarily fix tor's vulnerability to traffic analysis. Maybe the VPN isn't being watched and so traffic analysis fails, or maybe the VPN is surveilled and treated as just one more hop inside the tor network in which case it adds nothing. 

	Anyway, what does 'the literature' say about the traffic analysis capabilities of GovCorp? That's a topic I never see discuessed by tor advocates (but maybe I missed the discussions).

	


> Second, I _never_ share anything online, even via nested VPN chains and
> Tor, that could link to my meatspace identity.


	Well, that's general 'opsec', not related to any particular tor problem. 


> 
> >>> 	are you drunk or something? Again WHO gives a fuck about 'browsing the web'? Why would  cypherpunks be interested in 'anonymously' reading the jew york times? Which is something you can do with any free vpn anyway.
> >>
> >> There's a lot more on the web than commercial media and shit.
> > 
> > 
> > 	sure - so link some of it - oops - as usual you have no evidence for your claims? =)
> 
> You're joking, right?
> 
> OK, how about https://anarplex.net aka y5fmhyqdr6r7ddws.onion aka
> ecc-anarplex.i2p aka anarplex.cryptogroup?


	Ok, a clearnet site about anarchy with a bunch of articles? I think I can assume that whatever stuff you can find on clearnet is pretty much 'legal' and so mostly uninteresting. No doubt you can use tor (or a vpn...) to browse anarplex but frankly, it doesn't seem necessary, even in the Land of the Free...



> 
> Lots of dark markets too. And lots of CP, if you're into that shit. But
> hey, that's mostly what Freenet is good for ;) And lots of about
> anything you can imagine.


	As I said in a previous post you apparently ignored :

	"in the past you could find links on reddit to .onion sites that kinda looked 'uncensored'. Those sites do not exist anymore. But feel free to prove me wrong and POST EVIDENCE, that is, links to content that the 'authorities' would like to remove but can't. " 


	so again, link an uncesored .onion directory. Or don't if you are afraid of going to jail, or having the cpunk list raided or something like that. But last time I checked there wasn't any noteworthy 'illegal' content on .onion sites, apart from some alleged dealers, which I assume represent something like 0.01% of dealers in real life. 

	Likewise, going by the same metric, if you say there's lots of 'child porn' on freenet then the  conclusion is that freenet is as secure or more secure than tor.


> 
> Such as https://retro64xyz.github.io/assets/pdf/blackice_project.pdf
> which is a backup of the Black Ice Project stuff that got taken down.
> 
> Or
> https://www.deamuseum.org/wp-content/uploads/2015/08/042215-DEAMuseum-LectureSeries-MLS-SOD-transcript.pdf
> which covers SOD with amazing candor.


	I'm not following. Are you saying you need to access that 'anonymously'? Maybe you do live in some amerikan gulag 




> 
> > 	Remember, three days ago you made this  propaganda claim :
> > 
> > 	"Adequate anonymity for assassins is a much harder problem. However,
> > evidence from .onion marketplaces and child porn forums also suggests
> > that Tor would be good enough. " 
> > 
> > 	completely shameless are you? 
> 
> Dude, many .onion marketplaces and child porn forums remain. 


	OK. So we are back to square one, with the same bullshit repeated by you =)


> It's just
> that the clueless ones got nailed. 

	Sure, and the 'clueless' include any and all 'big' services from freedom hosting to silk road, agora, alphabay, tormail, and whatever else was raided in the last raid or will be raided soon. 

	oh here's tor latest failure

	https://www.wired.com/story/hansa-dutch-police-sting-operation/



> Also the ones that CMU people found,
> exploiting a bug in Tor.

	ah yes, one the many 'bugs' (never backdoors) in tor.

More information about the cypherpunks mailing list