the tor scam - Re: AP deconstructed: Why it has not happened yet, and will not
Mirimir
mirimir at riseup.net
Fri Aug 10 10:43:07 PDT 2018
On 08/09/2018 08:42 PM, juan wrote:
> On Thu, 9 Aug 2018 15:01:46 -0700
> Mirimir <mirimir at riseup.net> wrote:
>
>
>>>>
>>>> So? Well, if they [mix networks] are not being implemented, they're not very useful.
>>>
>>> not useful for what?
>>
>> Huh? Are you retarded? Sure, you and your friends can setup some super
>> duper mix network, but it won't do you any fucking good. Because, you
>> know, you're the only people using it. And once an adversary gets
>> access, you're totally screwed.
>
> Sure, but now you jumped to something else. What about keeping track of the topic at hand?
>
> Topic : there are no secure mix networks because people (stupidly) use more 'convenient' stuff. And while the faster, less secure stuff does have its use cases, so do the other systems.
>
> So what's retarded here is your line of thinking "there are no better options cause they are not useful'
Sure, there are better options. But they're not currently implemented at
useful scale. How can you use a mix network that exists only as an
academic paper, and perhaps some tens of people testing it?
<SNIP>
>> And unless you actually
>> mobilize some support and participation for whatever you want. I haven't
>> heard much of that from you.
>
>
> It should be self evident that explaining that tor is mostly useful to watch jewtube has the implicit goal of 'mobilizing support' for better alternatives.
>
> also notice that I am not an agent of the US military, but an independent individual from a banana republic - so my resources to 'mobilize support' are somewhat limited.
OK, that helps maybe a little. But you've been online for many years,
and I'm sure that you have friends and associates. So organize some
cutting-edge mix network. Maybe Riffle, developed by Young Hyun Kwon.[1]
Or whatever you think better. And damn, I'll even help, if you like :)
1)
https://dspace.mit.edu/bitstream/handle/1721.1/99859/927718269-MIT.pdf?sequence=1
>>> oh, that's nice =) (just in the highly unlikely case that you are trying to mock me, bear in mind that the joke is on you =) ).
>>
>> No mocking involved. I do agree. And you know, I really don't love those
>> Americunt fascists either. Even though I'm living there now.
>
>
> And yet you seem to be very uncritical of a flagship project of the US military like tor.
Maybe to you I seem insufficiently critical. But maybe ask Tor devs ;)
<SNIP>
>>>> But not Freenet! That shit is ~20 years out of date. More below.
>>>
>>> Keep trolling. So decentralized storage is 20 years out of date whereas using php to serve files behind a low quality proxy is the 'technology' of the next americunt century.
>>
>> No, Freenet is 20 years out of date. Because it makes _no_ attempt to
>> obscure IP addresses of peers. As far as I know, there is no protocol
>> for decentralized storage that does obscure IP addresses of peers.
>
> uh, so everything is 20 years out of date?
>
>> And so you need to use some overlay network. Such as VPNs and/or Tor.
>
> OK. So if you add a proxy before freenet then freenet is better than php in a centralized webserver?
Almost certainly, because it's distributed. But in my experience, the
Freenet community doesn't like people using proxies.
>> Or in this case, I2P.
>
> From what I've seen of i2p content(or complete lack of it) it's a lot worse than tor. Which is saying a lot...
That's because I2P has very few clearnet exits, so all you see is stuff
hosted on I2P. One of the major Russian marketplaces is (or was) on I2P.
Also lots of porn and CP, predictably.
>> Because there's no need to reach clearnet stuff.
>> However, I2P also has its issues. It's a lot smaller than Tor. And every
>> participant must be a router, analogous to a Tor relay. Which means that
>> participants attract more attention, and may get their IPs blacklisted.
>
>
> That's how a decentralized network works? If you are a peer you may attract attention. Not sure what kind of 'workaround' can be for that. If you use an 'overlay' then you will 'attract attention' for using an overlay, etc.
What's nice about Tor is that relay operators attract the most
attention. And it's my impression that they're generally not up to any
iffy shit. Or at least, they shouldn't be, if they're smart. So people
up to iffy shit just run clients. And that doesn't attract as much
attention. Especially if they use bridges that aren't published. Or
create their own bridge, on some random VPS.
>> For decentralized storage generally, I like IPFS.
>> For example, a year or
>> two ago I put "Fast Data Transfer via Tor" on IPFS.[0] And even though
>> I'm not currently running any IPFS nodes, it's still there. Because
>> enough people pinned it. If I hadn't disclosed that, it would be
>> nontrivial for adversaries to link it to me.
>>
>> 0) https://ipfs.io/ipfs/QmUDV2KHrAgs84oUc7z9zQmZ3whx1NB6YDPv8ZRuf4dutN/
>
>
> Hm. OK. Looking at IPFS...So it's a lot newer than tor and freenet! NEW AND IMPROVED. Meaning, untested. And they have a 'filecoin' and 200 millions through an ICO...
So whatever. It's the thing now, for kids. But it does seem to work
pretty well.
>>> by the way, freenet is 18 years old and your employer the tor corporation is 15 years old. So I guess tor is 'almost' ~20 years out of date?
>>>
>>>
>>> And you know, there's even older stuff than freenet, like the p2p networks based on gnutella and they are of course superior to bittorrent, let alone to 'web based' 'solutions'.
>>
>> Really? Gotta a link for that?
>
>
> you never heard of gnutella...?
Sure, but didn't know that it was still up. Is it?
I mean, damn, I can't find any music on TPB! That sucks.
>> I've been wondering where to get some
>> current music at a decent price. I will _not_ use Spotify!
>
> Well not sure if you'll find what you are looking for there but my point was how better systems get replaced by more 'convenient' and retarded stuff.
Yeah, well, in this case you're right :(
>>> We were talking about assasination politics. And you barefacedly declared that tor was 'good enough' for end users, 'good enough' for hidden services, and 'good enough' for killing trump. So here the 'crypto anarchy stuff' is AP.
>>>
>>> Now, are you trolling or what? You can't remember the topic of the discussion from one message to the next? Or?
>
>>
>> OK, so how are you planning to use Augur or whatever without revealing
>> your IP address?
>
>
> I'm not planning on doing that specifically. I am POINTING OUT that in order to run a 'prediction market' like that you need 'strong anonimity'.
We agree on that :)
> If augur's interface is a shitty website accessed through tor, then I'm going to be skeptical about its success. And lo and behold, augur's web interface uses JAVASHIT, number one security hole for 'web applications'.
The root issue isn't where Augur's website runs. The issue is trading
Ethereum anonymously.
>> And actually, if I said that Tor would work with Augur,
>> I was wrong. Because Ethereum wallets use UDP, which Tor doesn't handle.
>
> Go figure.
That's a feature, not a bug, they say.
>> So you're left with nested VPN chains. Unless someone forks to I2P. But
>> that too seems iffy, given how small I2P is.
>>
>>>> There
>>>> are web sites. There's email. There are various more-or-less P2P
>>>> messaging systems. There's SSH for managing servers.
>>>>
>>>> I agree that email and messaging would better resist compromise if they
>>>> used higher-latency mix networks. Even very high-latency ones, with lots
>>>> of padding.
>>>
>>>
>>> Not just email, but any protocol that doesn't require 'instant' messages. Which I imagine includes AP.
>>
>> Maybe. But I can't quite imagine a blockchain client via high-latency
>> networks. I mean, the classic Bitcoin client is barely usable via VPNs.
>> However, I'm no cryptocurrency expert, so maybe it'd be workable.
>
> If you want to run a full node you need to download some 200gb, but once you have the blockchain, keeping it synced requires ~2mb every 10 minutes average.
>
> So depending on what you want to do, a low bandwidth network may be a problem. Maybe get the blockchain via sneakernet?
>
> If you want to make a payment on the other hand you only need to send some ~200 bytes (simple transaction).
Yeah, but you can't do anything unless the client is synced.
> You can also use SPV clients if you don't require the trustlessness that a full node affords.
Yeah, that's what I do with Bitcoin.
>>>> But SSH via nested VPN chains plus Tor is painful enough as
>>>> it is. I can't imagine waiting minutes between typing and remote action.
>>>>
>>>>>> What have I missed?
>>>>>
>>>>> good thing that at least you are asking. Now try to answer your question.
>>
>> That's a cop out, Juan. And it's a crucial issue, because any ~anonymous
>> overlay network will involve managing remote servers anonymously.
>
>
> We are talking past each other and have been for a while. I am mostly talking about the requirements for something like Jim's AP, not about a general overlay network that can make compromises for most use cases.
>
> So managing a server remotely with a 1 minute delay between command and response doesn't sound fun, BUT it may be the right choice in a small number of high risk scenarios.
Yes. But whatever version of Jim's AP you're considering, I guarantee
that it will involve managing remote servers.
>>>> Well, I was hoping for some constructive discussion. But that's hard
>>>> with you. But whatever, we are what we are.
>>>
>>>
>>> You are expecting me to provide something that doesn't exist and can't exist? And since nobody can provide a fast and secure network, you just keep parroting tor propganda?
>>>
>>> Well I guess that's your job description?
>>
>> You say propaganda. I say objective discussion.
>
>
> True, there's that as well.
>
>
>
>>>
>>> But I guess you are still ignoring the reason for tor to exist. It is for americunt nazis to promote 'democracy' in 'repressive' regimes.
>>
>> Sure, that's part of it. So are you saying that you'd rather live in
>> China than in the US? What "repressive" regimes do you like?
>
>
> None in particular =) So I don't need to take sides. But since I've been given a false choice, overall I don't think china is worse than the US. As a matter of fact it's probably better in a few ways.
Damn ;)
> But again, seeing tor as a tool of the US empire (exactly what it is) doesn't mean I am unaware of the existence of other governments...which are as repressive as the US (some more, some less). What's laughaable is for the US nazis to point the finger at anyone - though that's exactly what the tor corporation and their idiotic talk about repressive regimes do.
It's in their contracts, probably ;)
>>>>> yes, ask all the people who are in jail thanks to tor. Or dead.
>>>>
>>>> Yeah, yeah. But nothing's perfect. And consider how many more would be
>>>> jailed or dead if they _hadn't_ used Tor.
>>>
>>> Less people. You don't do stupidly risky things if you know you are getting caught. You do them when you drink the koolaid from the US military like Ulbricht did.
>>
>> Well, that's where we differ. I do stupidly risky things because what I
>> do is up to me. And because it's fun. Cowering in fear ain't my trip.
>
> That's fine. But that's different from telling OTHER people : use tor to sell drugs, it works.
I tell them that, if they want to buy and sell illegal drugs over the
net, they ought to use some mix of VPNs and Tor. Just because it's
almost certainly better than just using clearnet. But I also typically
point out that giving your real mail address to some online drug dealer
is risky. They could be a narc, or compromised. They could get busted,
with their address list. Packages could be delivered, with cops waiting
across the street.
>> And DPR? He got nailed because he made too many stupid mistakes. And
>> some of his collaborators got nailed because one of those stupid
>> mistakes was keeping records, including images of their fucking
>> passports, on his fucking laptop.
>
> Sure. And you know that because the Free Government of the USA told you so.
Do you have sources that show otherwise? If not, then all you have is
some story based on your preconceptions.
>> It was in the news a couple years ago. There's even a notice on the
>> Freenet website about it. Making excuses.
>
>
> https://freenetproject.org/police-departments-tracking-efforts-based-on-false-statistics.html
>
> that doesn't sound like making excuses ^^^
Tell that to someone facing charges, and expert witnesses that a jury
believes. But whatever.
> anyway, attacks described here
>
> https://freenetproject.org/pages/help.html
>
>
>> That ex cop in Philadelphia,
>> who's still jailed for refusing to disclose his FDE passphrase, was one
>> of them.
>>
>> From
>> https://www.deepdotweb.com/2015/11/27/police-log-ips-making-arrest-by-planting-own-nodes-in-freenet/
>
>
>> For background on the Black Ice Project, see
>> https://retro64xyz.github.io/assets/pdf/blackice_project.pdf
>
>
>
>>
>> You have no clue who funded Freenet, do you?
>
> No, who did? I saw a donation by gilmore...
No idea, myself.
>>>> Dude, I don't ignore Tor's problems! Where we differ is that I'm willing
>>>> to work around them.
>>>
>>>
>>> So how do you work around tor problems?
>>
>> First, I _always_ use Tor via nested VPN chains.
>
>> Using Whonix to
>> mitigate against leaks. Or between remote servers and VPS that I've
>> leased as anonymously as possible, via nested VPN chains and Tor, using
>> well-mixed Bitcoin.
>
> OK, so if tor fails somehow, the VPN servers may still save you. But adding a VPN hop doesn't necessarily fix tor's vulnerability to traffic analysis. Maybe the VPN isn't being watched and so traffic analysis fails, or maybe the VPN is surveilled and treated as just one more hop inside the tor network in which case it adds nothing.
Not a VPN hop. AT least three hops, using different VPN services.
> Anyway, what does 'the literature' say about the traffic analysis capabilities of GovCorp? That's a topic I never see discuessed by tor advocates (but maybe I missed the discussions).
It's hard to say. My best guess is that they can intercept essentially
everything. But that it's still at least nontrivial, and perhaps not yet
feasible, to trace particular connections through multiple hops. But
really, who knows?
>> Second, I _never_ share anything online, even via nested VPN chains and
>> Tor, that could link to my meatspace identity.
>
>
> Well, that's general 'opsec', not related to any particular tor problem.
>
>
>>
>>>>> are you drunk or something? Again WHO gives a fuck about 'browsing the web'? Why would cypherpunks be interested in 'anonymously' reading the jew york times? Which is something you can do with any free vpn anyway.
>>>>
>>>> There's a lot more on the web than commercial media and shit.
>>>
>>>
>>> sure - so link some of it - oops - as usual you have no evidence for your claims? =)
>>
>> You're joking, right?
>>
>> OK, how about https://anarplex.net aka y5fmhyqdr6r7ddws.onion aka
>> ecc-anarplex.i2p aka anarplex.cryptogroup?
>
>
> Ok, a clearnet site about anarchy with a bunch of articles? I think I can assume that whatever stuff you can find on clearnet is pretty much 'legal' and so mostly uninteresting. No doubt you can use tor (or a vpn...) to browse anarplex but frankly, it doesn't seem necessary, even in the Land of the Free...
>
>
>
>>
>> Lots of dark markets too. And lots of CP, if you're into that shit. But
>> hey, that's mostly what Freenet is good for ;) And lots of about
>> anything you can imagine.
>
>
> As I said in a previous post you apparently ignored :
>
> "in the past you could find links on reddit to .onion sites that kinda looked 'uncensored'. Those sites do not exist anymore. But feel free to prove me wrong and POST EVIDENCE, that is, links to content that the 'authorities' would like to remove but can't. "
OK, let me see. I don't spend much time on .onion sites. Many sites did
disappear over the past year or two. A couple huge hosting operations
were taken down. Ast least some of that was CMU fallout.
> so again, link an uncesored .onion directory. Or don't if you are afraid of going to jail, or having the cpunk list raided or something like that. But last time I checked there wasn't any noteworthy 'illegal' content on .onion sites, apart from some alleged dealers, which I assume represent something like 0.01% of dealers in real life.
>
> Likewise, going by the same metric, if you say there's lots of 'child porn' on freenet then the conclusion is that freenet is as secure or more secure than tor.
Or a honeypot ;)
>> Such as https://retro64xyz.github.io/assets/pdf/blackice_project.pdf
>> which is a backup of the Black Ice Project stuff that got taken down.
>>
>> Or
>> https://www.deamuseum.org/wp-content/uploads/2015/08/042215-DEAMuseum-LectureSeries-MLS-SOD-transcript.pdf
>> which covers SOD with amazing candor.
>
>
> I'm not following. Are you saying you need to access that 'anonymously'? Maybe you do live in some amerikan gulag
No, the point there was that there's more on the web than NYT etc.
>>> Remember, three days ago you made this propaganda claim :
>>>
>>> "Adequate anonymity for assassins is a much harder problem. However,
>>> evidence from .onion marketplaces and child porn forums also suggests
>>> that Tor would be good enough. "
>>>
>>> completely shameless are you?
>>
>> Dude, many .onion marketplaces and child porn forums remain.
>
>
> OK. So we are back to square one, with the same bullshit repeated by you =)
Yeah, whatever. Let me see what I can find :)
>> It's just
>> that the clueless ones got nailed.
>
> Sure, and the 'clueless' include any and all 'big' services from freedom hosting to silk road, agora, alphabay, tormail, and whatever else was raided in the last raid or will be raided soon.
>
> oh here's tor latest failure
>
> https://www.wired.com/story/hansa-dutch-police-sting-operation/
>
>
>
>> Also the ones that CMU people found,
>> exploiting a bug in Tor.
>
> ah yes, one the many 'bugs' (never backdoors) in tor.
It's the worst that I know of, for sure :(
More information about the cypherpunks
mailing list