Snowden on Rogan

[grarpamp]

https://www.youtube.com/watch?v=efs3QRr8LWw
https://news.ycombinator.com/item?id=21333063

Re: Phantom

[grarpamp]

>> https://code.google.com/p/phantom

>   "3.1. Design Assumptions

Phantom's explanation of features, models, threats,
and reasons is poorly worded and often makes
unrelated moot or irrelavant points. It's easier to
just look at how the network works.

>   so as far as I can tell phantom is not protected against traffic
> correlation attacks

The point of looking at other networks is they may provide
design bits that can be assembled into future networks.

Some of these networks would be easy to add a
layer of fill traffic to.

> [Phantom is] more tor-like

Except...

DHT instead of DA's.
Random pathing instead of weighted.
IPv6 instead of TCP only onion addressing.
Arbitrary hops for pedants.
Potential exit vpn termination could similar to I2P outproxy.

See the Phantom paper for more.

Re: i2p network.

[Razer]

I said it fucking well worked, stupid.

You have a problem with shit that works, stupid?

Rr
Sent from my Androgyne dee-vice with K-9 Mail

Re: i2p network.

[Razer]

On October 23, 2019 11:19:57 AM PDT, "Shawn K. Quinn"  
wrote:
>On 10/23/19 13:01, grarpamp wrote:
>> A stripped down MediaTek can run I2P and Tor, slowly.
>
>The last time I tried it, I got Orbot + Tor Browser to run reasonably
>well on an Android phone (I think it was the Samsung Galaxy S6 that has
>since mysteriously croaked). I haven't tried it on a lower end phone
>though.

My s9 and tab s4 run torbrowser just fine, and various vpns. Riseup, 
Protonmail's.

Orbot was built-into or merged with torbrowser. It runs and shutsdown in the 
background now, but it's still useful for torifying other apps.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: i2p network.

[Shawn K. Quinn]

On 10/23/19 13:01, grarpamp wrote:
> A stripped down MediaTek can run I2P and Tor, slowly.

The last time I tried it, I got Orbot + Tor Browser to run reasonably
well on an Android phone (I think it was the Samsung Galaxy S6 that has
since mysteriously croaked). I haven't tried it on a lower end phone though.

-- 
Shawn K. Quinn 
http://www.rantroulette.com
http://www.skqrecordquest.com

Re: Pipe-Net

[grarpamp]

>>> cypherpunks 1995
>> ATM CBR SVCs would be a perfect fit for padding schemes, if they existed
>> for consumer use :)
> Telco generated clocked TDM bucket brigades...
> Suggested for years overlays can still emulate them to good use...

http://www.eecs.harvard.edu/~htk/publication/2005-jit-cheng-kung-tan.pdf
https://web.njit.edu/anl/papers/04IA.pdf

There are many more papers you can search and find
the many online paper indexes for terms like...

traffic analysis
wheat
chaff
padding
fill
gpa

Re: i2p network.

[grarpamp]

On 10/23/19, Razer  wrote:
> Let me know when I2P actually works.
> The android app is fucking useless.

Few overlays work well on Android.
Most were originally designed for x86 PC's.
Phones, cellular-data, wifi... are generally shitty platforms,
designed to spy and market you, not to serve you.

I2P takes time to join and tends to work better,
as with any app on any phone, if user doesn't have piles
of other shit running on it, including the entire Google
gapps shitware suite, all the manufacturer shitware,
all the apps the user left running in background, updaters, etc.

A stripped down MediaTek can run I2P and Tor, slowly.

> I haven't found a version of I2P that works since WinXP.

FUD.


Even you can volunteer...

https://0xcc.re/howto-setup-an-i2p-outproxy/

Re: i2p network.

[Razer]

Let me know when I2P actually works.

The android app is fucking useless. I wait 10 minutes. Oh LOOK! It FINALLY 
found a tunnel! Open Lightning Browser and check the I2P proxy box... Nothing. 
Check everything. Nothing. Wait 5 more minutes. Nothing. Check Lightning Proxy 
box for Orbot. Works instantly.

I haven't found a version of I2P that works since WinXP. I assume the project 
is run by complete amateurs or abandoned with someone tending the page (a page 
that looks like it was created in 2001 on a geocities 'whitepage') to make it 
LOOK LIKE the project is still in progress. Garbage. Literal garbage.

Rr
Sent from my Androgyne dee-vice with K-9 Mail

On October 22, 2019 8:18:45 PM PDT, jim bell  wrote:
>Since these people seem to be advertising their wares, I believe
>somebody should get in touch with them and inform them of our desire to
>implement an anonymization network.   They might will have something
>useful to say.    https://geti2p.net/en/
>
>
>However, on an attempt, I cannot seem to register for their forums.  Is
>the system down?Could someone else try to access this system.
>                     Jim Bell

Re: tor replacement - was Re: Box for simple Tor node.

[Zenaan Harkness]

On Wed, Oct 23, 2019 at 05:15:57AM -0400, grarpamp wrote:
> >> ok, so that's actually one of, or the most fundamental requirement.
> >> The connection between user and 'network' HAS to have a fixed rate.
> 
> Assuming "fixed rate" means "always filled to said rate" not
> "fillable up to said rate"... then that makes every users node
> look nicely busy.

Ack.

"Chaff fill" has become overloaded.

Let's try Link Metrics Normalization or LMN (or something better if
someone speaks up soon):

 1. packets per time unit normalization

 2. packets transmission latency/jitter normalization

 3. packet size normalization (this one's easy)


> And if the rate is the same for all users, then
> every user looks the same.

Ideal operating mode.

Practical (as in acceptable to users) operation probably requires as
coderman suggested earlier, to allow steady stepping upwards/
downwards over time (by config only of course), to provide for the
impatient bittorrent and youtuber crowd. There is no bw cap that will
be accepted by all, probably not even by a majority.


> However all nodes in the net need to be always filled to
> some rates.

Ack. I imagine a network ping (to friend/ connected nodes) on say a
10 minute interval, which from memory was only about 2.1MiB per
month, would be an acceptable base load for everyone, and that many
will accept higher base load than this.


> Otherwise adversary vampire can just watch
> the nodes end user is connected to, or perturb the users
> packet stream, or wait until user unluckily routes across
> quiet middle nodes, etc.

Ack. Gov stalkers gonna stalk.

One limit case to consider is all direct (first hop) p2p/f2f links
are always and only ever, 1KiB/s (say). You want more bw, you add
more separate links, and the disappearing act is handled by stepping
up, and maintaining that rate for some period of time (presumably
longer than actually needed), before eventually stepping down
(removing links).

And the point, in relation to "unluckily route across quiet
(stalking) middle node" - some application of multi-path:

  - 10 trusted friends to whom I hop in to the net

  - 1 dark net server supporting multi path, from which I download
the latest Adobe Photoshop cr24c/7

  - 10 separate routes to 10 separate "darknet server access point
nodes"

  - if 1 link gets killed in the middle, my corresponding friend node
keeps chaff filling to my node regardless, and I can attempt to
create with him, a new route;
- also, the other 9 links continue to hum along



> > last but not least, you could apply the padding traffic to key
> > pre-distribution or opportunistic protocol maintenance. e.g. distributing
> > routing and node identity information. (the "directory")
> 
> If pad fill can be used to carry something, better than to
> waste it.

Re: Box for simple Tor node.

[grarpamp]

A $ hardware offering / reference setup is nice.
And not excluding any possible donation / subsidy models.

Though by keeping x86 compatible port, and bootable via USB / cd,
many people have old computers can be repurposed to the
net at no co$t.

Computer Business Review: EXCLUSIVE – Last Punched Tape Crypto Key Rolls off the NSA’s Machines

[jim bell]

Computer Business Review: EXCLUSIVE – Last Punched Tape Crypto Key Rolls off 
the NSA’s Machines.
https://www.cbronline.com/news/nsa-punched-tape-keys

Re: Phantom

[grarpamp]

>> > https://code.google.com/archive/p/phantom/
>>
>> I keep getting 404, even with JS enabled.

Link before shutdown was...
https://code.google.com/p/phantom

>> > Other repos are not merged in.
> So if there's a newer update to the code since 2011

There was a linux port (maybe was even in a distro, debian?)
that ran in hardcode meta mode.
About that time was some devel to crypto, the goodie, and
toward disk auto meta... via tickets, etc. Might be here somewhere.

Re: Website listing donors to TOR system: We should contact them and ask for sponsorship, just like they did for TOR.

[jim bell]

 On Tuesday, October 22, 2019, 11:42:04 PM PDT, Zenaan Harkness 
 wrote:
 
 
 On Tue, Oct 22, 2019 at 08:48:11PM +, jim bell wrote:
>  On Tuesday, October 22, 2019, 02:51:16 AM PDT, Zenaan Harkness
>   wrote:

...
> >I think seeking donations may be a little to soon, but I ABSOLUTELY
> >INSIST that you hold the authority on this front!
> 
>> I should have been clearer as to why I suggested contacting these
>> organization.   Obtaining funds is, of course, a good possibility,
>> but even more important:  We want to be able to demonstrate why the
>> whole TOR arrangement is rotten and corrupt.   Some of the
> >organizations donating to TOR are merely carrying the Feds' water,
>> but a few might not be.   Put yourself in their place:  Do they
>> currently have an opportunity to support anonymized communication,
>> other than TOR?   If they don't, let's give it to them.  

>I am strongly with Juan on this one - we have yet to establish even
whether we can "convince ourselves" that what we want to achieve is
technically possible.

Yes, we need to address numerous issues;  That's one reason I left that email 
for I2P.  There are, no doubt, many other people who are considering this 
problem, this possible task.   Where does the hardware come from?  How about 
the funding?   What about the software? Who will handle the nodes?   But if the 
project is to happen, we should attempt to solve every part of the problem.  
And that other people may have already anticipated a portion of the solution.  

>This contemplation, design, challenge and re-design cycle may iterate
for months, and may possibly either not conclude, or conclude with
"we can't be sure we can relevantly improve the status quo".

We are doing what needs to be done, considering all parts of the problem.  By 
contacting other people  who may have been considering parts of the problem, we 
may be able to put together some puzzle-pieces.  The I2P people may already 
have all the software necessary, or at least source-code that can be ported to 
a computer we might want to use.   

>Of course enthusiasm is to be admired, but we must check ourselves
appropriately, and Juan has voiced an important fundamental "check"
in this instance, which I agree with (to repeat, "we don't even know
what we're doing, nor whether we believe it's possible/ probable").

Well, before TOR actually existed for the first time, whether an anonymization 
network was "possible" was unknown.  But we've long learned it is indeed 
possible.  We are just trying to implement it a second time, in a different 
way.  


>> We have a major advantage in the fact that our intended network
>> will likely be far more economical than TOR funding supports. This
> >article shows that 2017 revenue for the TOR project is 
>>  
>>https://www.secureworldexpo.com/industry-news/tor-government-funding-numbers 
> > $4.2 million dollars.
>
>> What would a 6,000 node replacement for TOR cost?   Multiply by
>> one-time cost of about $80 for the node hardware, and that's about
>> $480,000.  If we could get a $20 monthly subsidy for Internet
>> service for each node, that's $120,000 per month, or $1.44 million
>> per year.  About one third of TOR.  (Such a subsidy would pay for
>> an upgrade from a typical 40 Mbits/second node with limited monthly
>> data, to a 1 Gigabit service with unlimited data.  Many people
>> would jump on the bandwagon just for this perk.)

>But, and to echo Juan again, do we know that "a 6K node" phys net is
even useful, or that we have something significantly "advanced in
respect of today's status quo"?

I don't, it's just numbers at this point.  But I want to get other people 
THINKING about what we are considering:  What would it take to implement a 
competing, TOR-like system.   How much money?  What hardware?  What software?  
Who would volunteer to host a node?  

>And the obvious answer is no, certainly not yet.

But that's why we must continue to talk, amongst ourselves, and with others at 
well.  


>> I want to contact these organizations, more to establish the ones
>> who would FAIL to help us.  We can use such a list for
>> fundraising.  We can say, "These organizations supported TOR for an
>>unknown reason, but when they were given the opportunity to fund a
>> true competitor to TOR, they punted and wouldn't help us.  Doesn't
>> that tell you something about why they support(ed) TOR?

>It may well be that every (or nearly all) org that has funded Tor,
has been nothing but a conduit for the CIA.  Tor is the CIA's pet
project - as long as they control the directory authority nodes (thus
the lynching of Jacob Applebaum) they have a tool where they have
the upper hand over the entire world, where that tool is the only
"useful in any practical sense of the word" tool of this type...

Perhaps, but let's find out, shall we?   We have that as a working hypothesis, 
so how do we test it?  I have a relatively easy solution:  Contact all the 
former and current funders, and pitch 

Phantom

[Zenaan Harkness]

> > > Link(s) to Phantom please?
> > 
> > https://code.google.com/archive/p/phantom/
> > 
> > Other repos are not merged in.
> 
> I keep getting 404, even with JS enabled.
> 
> Anyone got a pubclicly accessible Phantom repo mirror?
> 
> Or willing to 7z into ~15MiB chunks and email to me?
> 
> (Best is just upload somewhere public... so all can dl.)

Found an old archive I had from 2011, ~1.7MiB:
phantom-r30-2011-09-12-181357.tar.gz

and a few papers ~2MiB total:
phantom-pres.ppt
phantom-implementation-paper.pdf
phantom-design-paper.pdf

And a vid in two versions (first might just be audio, dunno):
# ~11MiB:
DEF CON 16 Hacking Conference Presentation By Magnus Brading - The Phantom 
Protocol - Audio.m4b
# ~ 117 MiB:
DEF CON 16 Hacking Conference Presentation By Magnus Brading - The Phantom 
Protocol - Slides.m4v

So if there's a newer update to the code since 2011, looks like it
would easily fit in an email - happy to receive such if someone has
that...

Re: Box for simple Tor node.

[Zenaan Harkness]

On Wed, Oct 23, 2019 at 01:05:29AM -0400, grarpamp wrote:
> > GAA
> > GPA
> > GT-1 - ??
> 
> Global Tier-1 Internet and Telecom Backbones
> aka: rats, fiber splitting log and data giving, government cocksucking
> yes men and apologists
> 
> Except maybe Joseph Nacchio of Qwest, so they jailed him too.
> 
> 
> > "between two edge hosts (aka src and dst)" is the point why more than
> > say 3 to 9 hops adds little to nought - and if you're onion routing,
> > not only reducing bw by [header_size] per layer, but consuming
> > overall network bandwidth according to hop count
> 
> Which is why onioncat bittorrent users had howto on setting
> BT usage rate limits 1/7 under Tor limits to provide that bandwidth back.
> 
> And partly why people should be able to understand that if they
> dedicate 1/Nth of their ISP pipe to a fulltime chaff padding fill network
> they can still get that entire rate as wheat on demand whenever
> needed, same as setting any overlay network today to 1/Nth.
> 
> And see that a ping through an empty network still has roughly
> same usable latency as a ping though a network just at saturation,
> or at any other node-to-node fixed transport contract so long as
> CPU is available to perform the regulation.

Sounds logically sane.

And with actual friend to friend connections, if my friend jumps on,
downloads a movie, jumps off, well, ok, he was keen for a movie, and
if does it again (jump on, big dl, jump off), I'll accept that too,
but I'll speak with him and say "hey, you know you need to give back
X3 or X7 times your DL, to save your sorry arse from the MAFIAA?",
and if he wants to continue under my wing, he's going to give back,
or get booted.

And to "give prime authority to every node" in their own routing
decisions, means sharing of node IDs and node metrics.

"Sure - generate a new node ID, but $MY_FRIEND, as I said last time,
if you ain't making up for past sins, you ain't connecting to me" -
thus generating a new node ID is almost irrelevant - what is relevant
is finding meat space friends who will actually allow him to connect
to their nodes :D

Node metrics, and end user authority, FTW :)

Did I mention "for the muffaluggerin win"?


> >> (even delivery of storage or msgs is in a way a stream)
> 
> Even fixed envelope size messaging mixnets can end up
> pathing your message through a bunch of idle nodes to
> your recipient... no amount of store and forward random
> delay mixing is going to save you from end to end
> traffic analysis there.

Indeed. Ack.


> And people are talking about trying to use actual applications...
> mail, IRC, voice, video, file transfer, web services, shells, etc...
> over TCP / UDP etc... over overlays...
> all ultimately, end to end, input to output, streams of Bytes^N
> and pulsations and waves that stick out like canaries...
> over todays overlay networks, whether mix or circuit,
> that have degenerate paths, no traffic fill etc...
> 
> Todays darknet overlays (ie: Tor onionspace, Pond, etc) survive
> pehaps not because they're particularly strong, but because their
> weakness is currently an open TOP SECRET, remanding all finds
> out to parallel construction.

S ... you're not meant to say such things publicly grarpamp, you
should -know- that already :)


> The encryption is probably pretty good.
> The who is talking to who is quite likely not the best regarding G*.
> 
> People think it's hard to sift distill analyze and line up the
> waveforms coming off 2^32 IP addresses... it's not.
> This is not the old game of manually picking up the phone calling
> ISPs and tracing back 1990s crackers anymore.
> It's f(n) 24x365 lights out in Bluffdale and elsewhere... point,
> click, you're done.
> 
> Next generation overlay networks must not fail to put
> serious effort into characterizing and mitigating
> the various G* traffic analysis, and Sybil, risks.

Ack. Anything less is not worth our effort.

Keep those thoughts coming - the more specific the better.


> Many of todays nets write those off, and or irresponsibly hush
> those topics under the rug (no doubt to appear better than they are).
> That's sad, and shameful.

Ack.


> > Jurisdictional hops - e.g. through Russia if you're avoiding USGov
> > etc - sound conceptually useful.
> 
> Intentional routing lets you select and diversify across different sets
> of fiber taps and Sybil deployment efforts, serves as fun random
> takedown splash page badge generator, increases spook workunits
> and their private backhaul lambdas required, etc...
> 
> 
> > Link(s) to Phantom please?
> 
> https://code.google.com/archive/p/phantom/
> 
> Other repos are not merged in.

I keep getting 404, even with JS enabled.

Anyone got a pubclicly accessible Phantom repo mirror?

Or willing to 7z into ~15MiB chunks and email to me?

(Best is just upload somewhere public... so all can dl.)

Re: i2p network.

[Zenaan Harkness]

On Wed, Oct 23, 2019 at 03:18:45AM +, jim bell wrote:
> Since these people seem to be advertising their wares, I believe
> somebody should get in touch with them and inform them of our
> desire to implement an anonymization network.   They might will
> have something useful to say.    https://geti2p.net/en/
> 
> However, on an attempt, I cannot seem to register for their
> forums.  Is the system down?Could someone else try to access this
> system.
>                      Jim Bell

I don't like forums.

Email is convenient, readily downloadable, text, never reliant on CSS
and JS etc etc.

If anyone wants to participate, jump on to this list and chat in
email?

>From the Debian i2p package, you could try to contact
mhatta AT() debian.org

Or just scour their website/ Debian source package/ le wiki etc.

Whatever works...

Test Your Worldview, Disassembling Statist Dictionary

[grarpamp]

Worldview
https://www.youtube.com/watch?v=ofNMBqrnDDc

Dictionary
https://www.youtube.com/watch?v=cG7f5IFXRK0

Re: Website listing donors to TOR system: We should contact them and ask for sponsorship, just like they did for TOR.

[Zenaan Harkness]

On Tue, Oct 22, 2019 at 08:48:11PM +, jim bell wrote:
>  On Tuesday, October 22, 2019, 02:51:16 AM PDT, Zenaan Harkness
>   wrote:

...
> >I think seeking donations may be a little to soon, but I ABSOLUTELY
> >INSIST that you hold the authority on this front!
> 
> I should have been clearer as to why I suggested contacting these
> organization.   Obtaining funds is, of course, a good possibility,
> but even more important:  We want to be able to demonstrate why the
> whole TOR arrangement is rotten and corrupt.   Some of the
> organizations donating to TOR are merely carrying the Feds' water,
> but a few might not be.   Put yourself in their place:  Do they
> currently have an opportunity to support anonymized communication,
> other than TOR?   If they don't, let's give it to them.  

I am strongly with Juan on this one - we have yet to establish even
whether we can "convince ourselves" that what we want to achieve is
technically possible.

This contemplation, design, challenge and re-design cycle may iterate
for months, and may possibly either not conclude, or conclude with
"we can't be sure we can relevantly improve the status quo".

Of course enthusiasm is to be admired, but we must check ourselves
appropriately, and Juan has voiced an important fundamental "check"
in this instance, which I agree with (to repeat, "we don't even know
what we're doing, nor whether we believe it's possible/ probable").


> We have a major advantage in the fact that our intended network
> will likely be far more economical than TOR funding supports. This
> article shows that 2017 revenue for the TOR project is 
>  https://www.secureworldexpo.com/industry-news/tor-government-funding-numbers 
>  $4.2 million dollars.
>
> What would a 6,000 node replacement for TOR cost?   Multiply by
> one-time cost of about $80 for the node hardware, and that's about
> $480,000.  If we could get a $20 monthly subsidy for Internet
> service for each node, that's $120,000 per month, or $1.44 million
> per year.  About one third of TOR.  (Such a subsidy would pay for
> an upgrade from a typical 40 Mbits/second node with limited monthly
> data, to a 1 Gigabit service with unlimited data.  Many people
> would jump on the bandwagon just for this perk.)

But, and to echo Juan again, do we know that "a 6K node" phys net is
even useful, or that we have something significantly "advanced in
respect of today's status quo"?

And the obvious answer is no, certainly not yet.


> I want to contact these organizations, more to establish the ones
> who would FAIL to help us.  We can use such a list for
> fundraising.  We can say, "These organizations supported TOR for an
> unknown reason, but when they were given the opportunity to fund a
> true competitor to TOR, they punted and wouldn't help us.  Doesn't
> that tell you something about why they support(ed) TOR?

It may well be that every (or nearly all) org that has funded Tor,
has been nothing but a conduit for the CIA.  Tor is the CIA's pet
project - as long as they control the directory authority nodes (thus
the lynching of Jacob Applebaum) they have a tool where they have
the upper hand over the entire world, where that tool is the only
"useful in any practical sense of the word" tool of this type...



> >One of the major problems in the past is that good men allow others
> who may be [ younger | more zealous | more vocal | more bold | what
> ever ], to assume authority.
> 
> >This broken dynamic has GOT to stop.
> 
> >Good men must be A) recognized, B) acknowledged, C) be willing to
> actually hold, and exercise, power.
> 
> >If you wonder why every political system today is so rotten, re-read
> the above!
> 
> >Jim, one of your jobs, is to establish a not-for-profit structure for
> the receiving of financial donations.
>
> I am certainly willing to participate, but I question whether I
> should be seen, by publicity, as "The Head Guy".  I could just as
> easily be "One of many".   

Not to worry - it's (far) too early to put ourselves in boxes as far
as I'm concerned - I believe that it will be 4 to 6 months, bare
minimum, just for us to analyze the problem space, and the relevant
papers (current thoughts) on this space.

And at -that- point it might even make sense to code up a few actual
tests, if we come to e.g. conclusions such as "well, since we've
apparently satisfied ourselves in apparent logic that ABC should
theoretically work but we're Not Sure (TM)(C)(R), at least we can
whip up a test platform and eliminate variable XYZ" - but even this
may not be possible - we may never reach the point of sufficient
confidence. We may well, but we may not.


> >You are known as an amazing individual with rare human rights and
> stoic/ staunch credibility. Marketing that appropriately is almost
> irrelevant (and is easy to do) - but the first fact is, you exist,
> you are who you are, and I personally trust you (and no doubt, many
> others do too).
>
> Again, I appreciate your support.  But let's 

Planning for a project to implement 1000-node anonymization network

[jim bell]

I am emailing as an interested party on behalf of some people on the 
cypherpunks email list.   We are considering a project implementing a large 
anonymization network, hopefully in excess of 1000 nodes.  One possibility is 
that the hardware for a node will be a Raspberry Pi 4 computer, nodes which 
could be placed in residences.   We hope to get subsidies to buy the hardware, 
and possibly partly-subsidized Internet service as well.  We want to amount to 
competition to the TOR system.  
Can you direct us to literature, or any information that would help us planning 
this project?  I am copying this email to the Cypherpunks email list.
                Jim Bell