On Fri, 10 Aug 2018 10:43:07 -0700
Mirimir <miri...@riseup.net> wrote:

> On 08/09/2018 08:42 PM, juan wrote:
> > On Thu, 9 Aug 2018 15:01:46 -0700
> > Mirimir <miri...@riseup.net> wrote:
> > 
> > 
> >>>>
> >>>> So? Well, if they [mix networks] are not being implemented, they're not 
> >>>> very useful. 
> >>>

> Sure, there are better options. But they're not currently implemented at
> useful scale. How can you use a mix network that exists only as an
> academic paper, and perhaps some tens of people testing it?

        Oh my bad. I misread  and thought you said they were not being 
implemented because they could not possibly be useful. Since you had said that 
tor was 'good enough' for AP, I assumed that you further added that slow mix 
networks were not really needed, so no demand and no supply.


        But you are saying that a critical mass of users is required, which is 
of course true, and something I never denied...So not sure how that comment of 
yours is 'helpful'? =)

        To recap : 
        me : Better tools are needed.
        you ; but they don't exist! 
        me : well yes? THat's why they are needed...?

                

> OK, that helps maybe a little. But you've been online for many years,
> and I'm sure that you have friends and associates. So organize some
> cutting-edge mix network. 

        Ha. I have tried to sell(metaphorically speaking) more secure channels 
to friends and wasn't too succesful. They don't believe it's worthwhile because 
in the grand scheme of things  we are fucked anyway, they say.

        At any rate, that has little to do with my comments about tor and what 
sort of comms are needed for AP. 
        


> Maybe Riffle, developed by Young Hyun Kwon.[1]
> Or whatever you think better. And damn, I'll even help, if you like :)
> 
> 1)
> https://dspace.mit.edu/bitstream/handle/1721.1/99859/927718269-MIT.pdf?sequence=1

        Thanks. Let me see...


> > 
> > 
> >     And yet you seem to be very uncritical of a flagship project of the US 
> > military like tor.
> 
> Maybe to you I seem insufficiently critical. But maybe ask Tor devs ;)


        When I was on tor-talk I saw little if any criticism. But meh...



> 
> >> Or in this case, I2P. 
> > 
> >     From what I've seen of i2p content(or complete lack of it) it's a lot 
> > worse than tor. Which is saying a lot...
> 
> That's because I2P has very few clearnet exits, so all you see is stuff
> hosted on I2P. 

        Yes, that's what I looked at and that's the basic data to look at. What 
sort of content is hosted inside i2p.

> One of the major Russian marketplaces is (or was) on I2P.
> Also lots of porn and CP, predictably.

        By now I'm starting to suspect that your definition of 'child porn' is 
that of the puritan, jew-kristian, american government? Any girl under 18 
wearing a bikini is 'child porn'? And even going by such 'definition' I don't 
think there's "lots of CP' on i2p or tor. 

        Furthermore, you can find that sort of 'CP' on clearnet...




> 
> >> For decentralized storage generally, I like IPFS. 
> >> For example, a year or
> >> two ago I put "Fast Data Transfer via Tor" on IPFS.[0] And even though
> >> I'm not currently running any IPFS nodes, it's still there. Because
> >> enough people pinned it. If I hadn't disclosed that, it would be
> >> nontrivial for adversaries to link it to me.
> >>
> >> 0) https://ipfs.io/ipfs/QmUDV2KHrAgs84oUc7z9zQmZ3whx1NB6YDPv8ZRuf4dutN/
> > 
> > 
> >     Hm. OK. Looking at IPFS...So it's a lot newer than tor and freenet! NEW 
> > AND IMPROVED. Meaning, untested. And they have a 'filecoin' and 200 
> > millions through an ICO...
> 
> So whatever. It's the thing now, for kids. But it does seem to work
> pretty well.

        there's also maidsafe and storj which are well funded too (or at least 
maidsafe is) and they are not going anywhwere as far as I can tell (though 
admitedly I haven't looked into them).

        Anyway, I might take a look at ipfs though for starters the reference 
client uses fucking go from fucking google...Not encouraging at all.




> >>
> >> Really? Gotta a link for that?
> > 
> > 
> >     you never heard of gnutella...? 
> 
> Sure, but didn't know that it was still up. Is it?

        ...you can find out for yourself? =) But yeah, although it has (a lot) 
less users than in the good old days it still works.


> 
> I mean, damn, I can't find any music on TPB! That sucks.

        I haven't had much trouble getting some stuff off tpb but I don't use 
it too much so...
        

 



> >     If augur's interface is a shitty website accessed through tor, then I'm 
> > going to be skeptical about its success. And lo and behold, augur's web 
> > interface uses JAVASHIT, number one security hole for 'web applications'. 
> 
> The root issue isn't where Augur's website runs. The issue is trading
> Ethereum anonymously.

        I expect all parts of the system need to be secured...




> >     If you want to run a full node you need to download some 200gb, but 
> > once you have the blockchain, keeping it synced requires ~2mb every 10 
> > minutes average.
> > 
> >     So depending on what you want to do, a low bandwidth network may be a 
> > problem. Maybe get the blockchain via sneakernet? 
> > 
> >     If you want to make a payment on the other hand you only need to send 
> > some ~200 bytes (simple transaction).
> 
> Yeah, but you can't do anything unless the client is synced.

        you can send and receive payments using a SPV client. You don't need 
any sort of syncing to send a payment, you just sign a transaction and 
broadcast it.

        Also, notice that it can take up to ONE HOUR for a block to be mined 
and so for your transaction to be processed and that's if you pay the highest 
fee - on average it takes 10 minutes for a tx to be processed if you get in the 
next block. In other words bitcoin isn't real time at all.

        But hey, if we follow the 'low latency' 'philosophy' then paypal is so 
much better than bitcoin...


> 
> >     You can also use SPV clients if you don't require the trustlessness 
> > that a full node affords. 
> 
> Yeah, that's what I do with Bitcoin.


        ...and it would be better to access the servers for those clients 
through a mix network...




> >     So managing a server remotely with a 1 minute delay between command and 
> > response doesn't sound fun, BUT it may be the right choice in a small 
> > number of high risk scenarios.
> 
> Yes. But whatever version of Jim's AP you're considering, I guarantee
> that it will involve managing remote servers.

        Still in that case putting up with very high latency may be a good 
tradeoff to avoid ending up in jail or dead. 
        





> 
> >> And DPR? He got nailed because he made too many stupid mistakes. And
> >> some of his collaborators got nailed because one of those stupid
> >> mistakes was keeping records, including images of their fucking
> >> passports, on his fucking laptop.
> > 
> >     Sure. And you know that because the Free Government of the USA told you 
> > so. 
> 
> Do you have sources that show otherwise? If not, then all you have is
> some story based on your preconceptions.

        What I have is the basic principle of not believing the govt, 
especially when the very propaganda source has made it clear that they operate 
under secret laws, aka 'parallel construction'. Not sure what else you want 
from them apart from an *explicit legal acknowledgement* that they lie, which 
they already provided.


        
        
> 
> >> It was in the news a couple years ago. There's even a notice on the
> >> Freenet website about it. Making excuses.
> > 
> > 
> >     
> > https://freenetproject.org/police-departments-tracking-efforts-based-on-false-statistics.html
> > 
> >     that doesn't sound like making excuses ^^^
> 
> Tell that to someone facing charges, and expert witnesses that a jury
> believes. But whatever.

        Yes I get that, but technically it's up to discussion how broken 
freenet this. Though again, I don't mean to sell freenet. 




> > 
> >>
> >> You have no clue who funded Freenet, do you?
> > 
> >     No, who did? I saw a donation by gilmore...
> 
> No idea, myself.

        I did read this - that's why I remember about gilmore - I forgot all 
the rest =P

        https://freenetproject.org/pages/donate.html

        "Google open source have three times donated $18,000, as well as paying 
for students to work with us over summer since 2006 through the Google Summer 
of Code program."






> >     Anyway, what does 'the literature' say about the traffic analysis 
> > capabilities of GovCorp? That's a topic I never see discuessed by tor 
> > advocates (but maybe I missed the discussions).
> 
> It's hard to say. 

        Exactly my point? People build networks that can be attacked using 
traffic analysis but they don't seem to have a clue about the traffic analysis 
capabilities of the adversary? That's ridiculous. 

        Notice how if you use something like AES you can make educated guesses 
about the resources needed to brute force it.

        If you use public key encryption it gets more difficult but it still 
possible. 

        But if you use something like tor there are no 'objective' metrics 
apart from "I saw a 'CP' .onion site on tor"!


> My best guess is that they can intercept essentially
> everything. But that it's still at least nontrivial, and perhaps not yet
> feasible, to trace particular connections through multiple hops. But
> really, who knows?

        That's the point. Furthermore, whoever knows something he isn't 
publishing it. And yet you have all the 'academics' writing their 'academic' 
papers about their 'low latency' networks and bla bla bla. Sounds like a 
barefaced scam to me...



> >     As I said in a previous post you apparently ignored :
> > 
> >     "in the past you could find links on reddit to .onion sites that kinda 
> > looked 'uncensored'. Those sites do not exist anymore. But feel free to 
> > prove me wrong and POST EVIDENCE, that is, links to content that the 
> > 'authorities' would like to remove but can't. " 
> 
> OK, let me see. I don't spend much time on .onion sites. Many sites did
> disappear over the past year or two.

        Many sites disappear EVERY year or two. That is, they don't LAST more 
than a year or two. And that's always been so. 

        And actually it's probably getting worse because there isn't any 
upgrate to tor whereas you can expect the traffic analyisis capabilities of the 
enemy to be upgraded all the time.


> A couple huge hosting operations
> were taken down. Ast least some of that was CMU fallout.

> 
> >     so again, link an uncesored .onion directory. Or don't if you are 
> > afraid of going to jail, or having the cpunk list raided or something like 
> > that. But last time I checked there wasn't any noteworthy 'illegal' content 
> > on .onion sites, apart from some alleged dealers, which I assume represent 
> > something like 0.01% of dealers in real life. 
> > 
> >     Likewise, going by the same metric, if you say there's lots of 'child 
> > porn' on freenet then the  conclusion is that freenet is as secure or more 
> > secure than tor.
> 
> Or a honeypot ;)

        Right. Just like tor =)
 



Reply via email to