Re: [tor-talk] Anonymous Publishing Is Dead.
Dear Anonymous Person, I have to admit, it was a very interesting read, even though I am not too sure I agree completely. It seems as if your threat model has encompassed every single tiny thing that could possibly (theoretically) go wrong, without much thought given to real-world randomness and incompetence... so I thought I'd make a few observations. 1. Your use of Tor. If you were to run, say, an instance of TAILS with tor set up to act as a relay, that would increase your anonymity greatly (in fact, I have yet to hear of a case where someone running a tor relay was identified and/or arrested solely based on that fact). If you wanted to add an additional step, you could run your whole connection through a good VPN server that allows anon payments (with bitcoin) and doesn't keep logs, like Mullvad.net, THEN run a tor relay... I'm not saying it'd be the fastest option imaginable, but it would throw a lot of obstacles in the way of anyone trying to trace your location. 2. Email. I signed up for mailoo.org through Tor, I believe. But for all practical purposes, you could easily get a disposable e-mail address through a Firefox plugin called Bloody Vikings. Otherwise, pretty much any web mail will do... just war drive and sign up through the first open wi-fi connection you find ;) 3. Bitcoins. Yes, block chains are not that anonymous, especially considering the difficulty of buying them legitimately in the first place. How about a coin mixing service like www.bitcoinfog.com? Their methodology is very interesting, and it seems like you'd be able to 'launder' ordinary coins, bought legitimately through an exchange... There are a few other sites like this one: http://vzpzbfwsrvhfuzop.onion.to 4. Do you really need your own dedicated VPS?! And only in developed Western countries? Have you checked out this list of BTC-friendly servers: https://en.bitcoin.it/wiki/Trade#Dedicated.2FVirtual_Server_Hosting ? This guy, for example, will register a wide range of domains, with fees starting from 1 BTC per year, and you can provide pretty much any e-mail address you want: http://jetstarforever.com/hosting/ In other words, it's never in your name... His hosting costs 0.5 BTC/month, though he is dependant on his provider's T&C... Anyway, my point is that there are ways to acquire BTC, randomised enough not to be a concern, after which you can buy all the hosting (and related) services your heart desires. And if your threat model encompasses an organisation with vast resources, like the NSA for example, consider that they haven't yet managed to track down the guys running the Silk Road drug site (http://silkroadvb5piz3r.onion)... ;) That's my 0.001 BTC worth :) > I know it is dead, because I have tried to do it, and I can assure you it is > dead.Text is easy of course I can still blast a simple email out to a > mailing list, I can lay my claims out in 7bit ASCII and let the world judge > the merits solely on this simple medium.But media publishing a story with > supporting images, scans, video or audio it is dead, left only to the > elites. And perhaps worst of all is the promise made by all of you that if > you just try a little harder, if you just use this service over here, if > you just think about it another way that it is still possible.It is not.Some > time ago as an experiment I began the process to publish material fully > anonymously no compromises.I obtained a prepaid line of credit, paid in > cash, verified with a prepaid telephone, also paid in cash, and only turned > on in an ambiguous physical location.And I set about to find a Virtual > Private Server I could run a Tor Hidden Service on.My requirements throughout > all of this were si > mple: use Tor for everything, pay cash or cashequivalent for everything, > leave no account on a service run by a US/UK/AUS/NZ/CA company, have the VPS > hosted outside the same, pay a reasonable sum.I needed an email of > course.Nymservers like http://isnotmy.name/ or http://mixnym.net should have > been the solution but of course they didn't work.No amount of guesswork or > trial and error got me a nym.Free webmail became the next goal.The more > trustworthy (gmail), the less satisfactorily anonymous it was.The easier it > was to register (in.com) the less trustworthy it was deemed.After signing up > for a lowtrust but easytoget email, I narrowed down my hosting options to a > group of VPS in the price range, hosted outside the 'bad' countries, and > whose company itself was also outside.There aren't a lot.The next problem > became finding a VPS I could pay for.You see, most VPS sellers are small > resellers and don't process their own credit cards they outsource it to a > payment processor, u su > ally Paypal. Paypal doesn't work.Paypal or AlertPay too stringent > verification; Liberty Reserve blocks Tor; CashU no easily found online > merchant able to convert from a prepaid Credit Card; one after another all >
Re: [tor-talk] Anonymous Publishing Is Dead.
May i give you some hints about the future scenarios for which we could see diffusion in 2013 about the two topic you underlined: - Anonymous Publishing One of the new frontieer of Anonymous Publishing is given by the Tor2web Project that is growing and making important progress, has a plan (https://github.com/globaleaks/Tor2web-3.0/issues/milestones) and people working on it (https://github.com/globaleaks/Tor2web-3.0/commits/master). With Tor2web you can setup a Tor Hidden Service on your own PC and be online in matter of minutes, exposed to the internet under *.tor2web.org (or other domains such as Tor2web.is and other will come). You may even place in front of your TorHS, internet-exposed via Tor2web, a CloudFare.net frontend or other "cloudizer" to improve performance improved caches. Additionally, i hope that we will see a new wave of "anonymous applications" that can be setup easily on your own desktop computer and easily exposed via TorHS. This should be enabled by APAF project, now in development as a GSoc on http://github.com/mmaker/APAF . Think when we'll see "AnonymousBlog.exe", a self-contained APAF application that let you securely and automatically publish your own blog on TorHS in a dumb-end-user-proof way, having it automatically exposed via Tor2web. When we'll reach that in a scalable way, i think we'll have setup a new enabled way to use anonymous technology, opening it to end-user also for anonymous publishing in a "easy and cheap way" . On 6/30/12 10:15 PM, Anonymous Person wrote: > Well, I went through all of these: > leakdirectory.org/index.php/LeakSiteDirectory and all of them seemed to be > either wannabes who had never published a thing or news organizations who > were security illiterate and had no way to accept content.Anonymous > Publishing Is Dead. Please consider that "public disclosure" is the least path that one should follow in order to make wrongdoing/justice done. Most "activism" WB sites just born on the Wikileaks-hype but never organized themselves really well. With the upcoming GlobaLeaks 0.2 (http://wiki.globaleaks.org) for Windows and OSX we want to remove the requirements to be a "technical guy" or to require the "support of a technical guy" to be able to implement an anonymous whistleblowing system. That way we expect that transparency activism community (mostly composed by non-techy guys) will be able to engage mostly on the important tasks of making that job: - campaigning to sollicitate, promote the whistleblowing initiative - handling submitted material trough investigative journalism practices - "act" on the basis of the result of investigations Then "the public disclosure" things is something to be to make cautious reflection, to handle it responsibly, mostly because you may seriously harms some innocent reputation. Public disclosure is a powerful tool, is required, but to be used with care. -naif ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [ZS] Re: Can one make money running anonymity services?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 30/06/12 20:29, Jerzy Łogiewa wrote: >>> After all, SR is on TOR. Maybe reading their FAQ helps. Hint: >>> Use a Tumbler. >> I've no idea what "SR" is. "Tumbler" sounds like some sort of >> mixing/laundering service. Which would require a *lot* of people >> to use it in order for it to work in any meaningful way. If you >> know of such a service that has maybe 50,000 people or more using >> it daily, please let me know. My guess is that they all have >> several orders of magnitude fewer users. I'm not a fan of pretend >> anonymity. > Not really. You should learn more about Bitcoin. My research indicates it's exactly what I thought it was. No matter how much you "mix" your coins with X other people, all you're doing is making it so that if anyone wants to trace the origin of those coins, instead of it leading directly back to you, it leads directly back to a group of X people, including you. If X isn't sufficiently large, it becomes a pointless exercise. There's no way X is large enough to offer any sort of meaningful protection. - -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -BEGIN PGP SIGNATURE- iQGGBAEBCgBwBQJP8CngMBSAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu Z0BwZ3AuY29tcGdwbWltZTgUgAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBIuXCACIe5qECCi9 StkjVIx5yJQydNoTsqlX8vN5YzkxplRXMO+m3hBBiNmuOW4l/y5s4egcJKisWZC+ x4w+yHJOfHwkhPlxDabL8NjOkovTx0EQ72Tls+kJTW1bK/mgkhTrtlVsFFgJS03E XjhOnCRf3tdkkCh6UkMBr+21t0RVxOzJlWPMBWeRQpqDsCgg33DnI8pW2rvhaodI r1amS49zdiy4wEoHsdJHYJz0oBo7ekNPX50R6mKQRNdWGKHgnpd+TfnGY0qrqBXJ 5AWAA2M+2czcpUCY+z6kzdEqnXdYsrMIhSRpXBX4TsaoSMb7iDAX3+PzFMFrerEq A5SlWzrzmfQZ =QKu7 -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
Apologies and Thank You for reading even though the line breaks were lost.Apparently even 7bit ASCII is difficult to publish in.In case it happens again, I will include paragraph breaks at the #, and repeat the initial email between ==='s.##I know it is dead, because I have tried to do it, and I can assure you it is dead.#Text is easy of course I can still blast a simple email out to a mailing list, I can lay my claims out in 7bit ASCII and let the world judge the merits solely on this simple medium.But media publishing a story with supporting images, scans, video or audio it is dead, left only to the elites. And perhaps worst of all is the promise made by all of you that if you just try a little harder, if you just use this service over here, if you just think about it another way that it is still possible.#It is not.#Some time ago as an experiment I began the process to publish material fully anonymously no compromises.I obtained a prepaid line of credit, paid in cash, verified with a prepaid telephone, also paid in cash, and only turned on in an ambiguous physical location.And I set about to find a Virtual Private Server I could run a Tor Hidden Service on.My requirements throughout all of this were simple: use Tor for everything, pay cash or cashequivalent for everything, leave no account on a service run by a US/UK/AUS/NZ/CA company, have the VPS hosted outside the same, pay a reasonable sum.#I needed an email of course.Nymservers like http://isnotmy.name/ or http://mixnym.net should have been the solution but of course they didn't work.No amount of guesswork or trial and error got me a nym.Free webmail became the next goal.The more trustworthy (gmail), the less satisfactorily anonymous it was.The easier it was to register (in.com) the less trustworthy it was deemed.#After signing up for a lowtrust but easytoget email, I narrowed down my hosting options to a group of VP S in the price range, hosted outside the 'bad' countries, and whose company itself was also outside.There aren't a lot.#The next problem became finding a VPS I could pay for.You see, most VPS sellers are small resellers and don't process their own credit cards they outsource it to a payment processor, usually Paypal. Paypal doesn't work.Paypal or AlertPay too stringent verification; Liberty Reserve blocks Tor; CashU no easily found online merchant able to convert from a prepaid Credit Card; one after another all online payment methods fell by the wayside.#You might think 'Bitcoin'.You would be wrong.No bitcoin service accepts any anonymous funding source most only accept bank transfers.Apparently people performed chargebacks on credit cards to defraud the merchants.I can't blame them for this, but it certainly kills the idea of 'anonymity'.And I don't trust the blockchain to provide anonymity.#After finding one of three or four VPS' I thought I could pay for, I encounte red the next obstacle: MaxMind.MaxMind is a fraud detector built into WHMCompleteSolution which in turn is the VPS management tool used by every budget VPS.I set off every detector it had: proxy software, low trust email account, strange addresses, no valid phone number, etc etc.When I inquired to one company about this, I was laughed off.Even though I was willing to let them charge my card and sit on it for a month before providing service no such luck.#At this point, I needed to find a company large enough they processed their own credit cards, didn't block Tor, and didn't use fraud detectors.I found one, a competitor to Amazon EC2, that I thought I could fall through the cracks of.It didn't like my low trust email address, but after enough searching, I found an ISP I could get an account on without paying.After getting that, creating and verifying an account, and finally set up to make my payment... the prepaid card is declined.There's no explanation, it just didn't work .#I thought at this point, perhaps there was a service that could be used.There was an announcement recently: http://karelbilek.com/anontorrent/ Supposedly this guy will seed anything until it has 20 seeders of its own.Except the file limit is 50MB.And you can't upload copyrighted material.How about any of the muchacclaimed 'leak sites' that spun up after Wikileaks shuttered their wiki and submission system?Well, I went through all of these: leakdirectory.org/index.php/LeakSiteDirectory and all of them seemed to be either wannabes who had never published a thing or news organizations who were security illiterate and had no way to accept content.#Anonymous Publishing Is Dead.#You may seek to respond with the 'right way' to do it, the company you know will let me fall through the cracks, the trick you use to whitelie your way through the process.Don't bother.If there is a way through, and I'm not convinced there is, it is so difficult to find that a technicall
Re: [tor-talk] Anonymous Publishing Is Dead.
On Sun, Jul 1, 2012, at 14:20, Edward Thompson wrote: > 2. Email. I signed up for mailoo.org through Tor, I believe. But for all > practical purposes, you could easily get a disposable e-mail address > through a Firefox plugin called Bloody Vikings. Otherwise, pretty much > any web mail will do... just war drive and sign up through the first > open wi-fi connection you find ;) Hmm... I already do something like that. And I tell you that most free providers are a pain to work with. And that includes all the major players. They are all going to punish you with a long annoying reidentification which will prove zero security just because you change location. And they do have the time and computing power just to try to locate you any other possible way as their business model is tightly integrated with tracking and selling private data. Disposable email is good for accessing some resource once. Otherwise is a pain in the rear. > 3. Bitcoins. Yes, block chains are not that anonymous, especially > considering the difficulty of buying them legitimately in the first > place. How about a coin mixing service like www.bitcoinfog.com? Their > methodology is very interesting, and it seems like you'd be able to > 'launder' ordinary coins, bought legitimately through an exchange... > There are a few other sites like this one: > http://vzpzbfwsrvhfuzop.onion.to I spent some time reading about bitcoin. It's a miracle discovery. It's a proof about non conventional methods being able to compete with the conventional financial transaction type. But I fail to see the anonimity side of things. It's so nice. It's sooo geeky. It employs silly terms to scare the layman like mining. Or worse, it has terms with a clear equivalent in conventional finance like wallet. My grandma knows she can watch over her wallet and things would be all right. And if someone forces her she can go to the police station and declare the theft. Till version 0.6 there was no protection from theft with BC. Crap concept with junk application from the point of view of annonimity. Each time some conspiracy theorist starts making sense I remind myself that people (programmers are people, aren't they?) are above all stupid followed closely by lazy. Just take a look at the way FF is developed: in the era of Facebook developers are doing their best to shed MORE data instead of patching up the holes. By holes I don't mean Secunia security holes, but privacy holes. > 4. Do you really need your own dedicated VPS?! And only in developed > Western countries? Have you checked out this list of BTC-friendly > servers: Actually any service should be checked for its origin or place of doing business. Always remember the case of Hide My Ass which proved to be full of Holes if you allow such a gross joke. They weren't keeping logs till pressured. Than they said everybody is obliged under law to keep logs. And to prove the indolence of their users: they are still in business, trapping flies for the government. On the other hand, servers hosted outside the reach of certain totalitarian governments are blocked on the crime of spam or copyright infringement. If these were anything but hassle (see the problems with the free webmail above) yahoo and google would have offered email only between their users. > Anyway, my point is that there are ways to acquire BTC, randomised > enough not to be a concern, after which you can buy all the hosting (and > related) services your heart desires. And if your threat model > encompasses an organisation with vast resources, like the NSA for > example, consider that they haven't yet managed to track down the guys > running the Silk Road drug site (http://silkroadvb5piz3r.onion)... ;) Usually this kind of trafic is tolerated because they want to catch a bigger fish. Sometimes services like that are set up by the investigating authorities. And some other times they set it up independently just for the sake of compensating the budget restrictions (those drones are mighty expensive, mind you). Cheers ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
On Sun, Jul 1, 2012, at 12:34, Fabio Pietrosanti (naif) wrote: > You may even place in front of your TorHS, internet-exposed via Tor2web, > a CloudFare.net frontend or other "cloudizer" to improve performance > improved caches. What is cloudfare? I tried and got pushed to some facebook page so I closed the tab. There should be some hosting platform. Because no matter how private people have a hard time keeping a small server online 24/7. To make things worse readers I expecting instant gratification. During the BBS era there was some mistique associated with virtual places. And you tried and tried till it worked. Today, once they get a 404 they never come back. > Additionally, i hope that we will see a new wave of "anonymous > applications" that can be setup easily on your own desktop computer and > easily exposed via TorHS. It would be wonderful to have Thunderbird too, although the users are only a few. Also some more privacy with Tor Brower — like a unique screen resolution or the inability to probe for extensions from outside. Cheers ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] blocked exit node IP because of spam
On Sat, Jun 30, 2012 at 3:17 PM, || ΣΖΟ || wrote: > So spammers abuse tor... Yes, they always have, and probably always will. > > I wonder how the tor community thinks about this is this accepted, or > will know spammers be blocked or anything? Tor is designed to keep people anonymous; this works for both the good guys, and the bad. This isn't something the Tor Project needs to fix except through continued marketing and education. I'd suggest emailing the administrator of the forums you're having trouble with (and possibly the IP blacklist site) and explain what Tor is, a bit about how it works, and exactly why it's beneficial for them to whitelist Tor exit nodes. Maybe you can convince them to change their minds. Good luck. —Sam -- Sam Whited pub 4096R/EC2C9934 SamWhited.com s...@samwhited.com 404.492.6008 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
On Sat, Jun 30, 2012 at 4:15 PM, Anonymous Person wrote: > I know it is dead, because I have tried to do it, and I can assure you it is > dead. I had a similar experience. When I decided to publish a large collection (30gb) of previously paywalled (but public domain) JSTOR documents[1] I initially planned to do so anonymously— simply to mitigate the risk of harassment via the courts. Ultimately, after more consideration I decided to publish with my name attached and I think it made more of an impact because I did so (even though quite a few journalists reported it as though it were a pseudonym)— though if I didn't have even the prospect that I could publish anonymously I can't say for sure that I would have started down that road at all. I perused anonymous publication for some days prior to deciding to not publish anonymously and I encountered many of the same issues that Anonymous Person above named at every juncture I hit roadblocks— though in my case I already had bitcoins, but I couldn't find anyone to take them in exchange for actually anonymous hosting especially without access to freenode. If I'd wanted to emit a few bytes of text fine— but large amount of data, no. It's also the case that non-text documents can trivially break your anonymity— overtly in the case of things like pdf or exif metadata, or more subtly through noise/defect fingerprints in images. I think I can fairly count myself among the most technically sophisticated parties, and yet even I'm not confident that I could successfully publish anything but simple text anonymously. The related problems span even further than just the anonymity part of it. Even once I'd decided to be non-anonymous I needed hosting that wouldn't just take the material down (for weeks, if not forever) at the first bogus DMCA claim (or even in advance of a claim because the publication was 'edgy'). I ended up using the pirate bay— which turned out pretty well, though there were some issues where discussion of my release was silently suppressed on sites such as facebook because they were hiding messages with links to the pirate bay, and it was blocked on some corporate networks that utilized commercial filtering. So I think that the problems for anonymous publication on the Internet are actually a subset of a greater problem that there is little independence and autonomy in access to publishing online. You can't _effectively_ publish online without the help of other people, and they're not very interested in helping anonymous people, presumably because the ratio of trouble to profit isn't good enough. About the only solutions I can see are: (1) Provide stronger abuse resistant nymservices so that things like freenode don't have to block anonymous parties, thus facilitating person to person interactions. (2) Improve the security and useability of things like freenet and hidden services, so that they are usable for publication directly and provide strong anonymity. I'm disappointed to see some of the naysaying in this thread. It really is hard to publish anything more than short text messages anonymously, at least if you care about the anonymity not being broken and you want to reach a fairly large audience. [1] https://thepiratebay.se/torrent/6554331/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] blocked exit node IP because of spam
On Sun, Jul 1, 2012 at 3:32 PM, Sam Whited wrote: > Tor is designed to keep people anonymous; this works for both the good > guys, and the bad. This isn't something the Tor Project needs to fix There are things the tor project and surrounding community could do to help here. For example, If I could anonymously donate $10 to a charity and in return receive a persistent nym which I could use to get around those kinds of blocks... I'd be hesitant to misbehave and get my nym blocked. (And forums should feel good about whatever small residual amount of spammers who do buy donation nyms, because even though they spam their need to keep buying nyms support the charities). But no practical software infrastructure exists for this sort of thing today. And until it does any education/advocacy will not go too far because it doesn't offer much in terms of real alternatives. "It's not really so bad." "Yes it is, or we wouldn't have bothered putting in the blocking in the first place" "er.." ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
On Sun, Jul 1, 2012, at 15:38, Gregory Maxwell wrote: > When I decided to publish a large collection (30gb) of previously > paywalled (but public domain) JSTOR documents[1] I initially planned > to do so anonymously— simply to mitigate the risk of harassment via > the courts. Ultimately, after more consideration I decided to publish > with my name attached and I think it made more of an impact because I > did so (even though quite a few journalists reported it as though it > were a pseudonym)— though if I didn't have even the prospect that I > could publish anonymously I can't say for sure that I would have > started down that road at all. Bravo! I would have done it anonymously anyway. > It's also the case that non-text documents can trivially break your > anonymity— overtly in the case of things like pdf or exif metadata, or > more subtly through noise/defect fingerprints in images. I think I can > fairly count myself among the most technically sophisticated parties, > and yet even I'm not confident that I could successfully publish > anything but simple text anonymously. That is a MAJOR issue with anonymity. But you are mistaken: not only text, but HTML / XML can be clean with a careful, but fast examination. Also the derivates like EPUB. Otherwise, hairy and badly written standards always will have places to watermark. Imagination is the limit. That goes for PDF for example. Most of the watermarks could fall with a succession of conversions which will degrade the quality of the document, but will erase the less imaginative watermarks (say PDF -> DJVU -> PDF). To downright criminal formats like .DOC which are ready to store information about your configuration and private document path. You could, for example, process PDFs or scans through Abbyy Finereader which is quite fast and reliable. The OCR results will discard part of the image fingerprinting if not all and also the metadata. > So I think that the problems for anonymous publication on the Internet > are actually a subset of a greater problem that there is little > independence and autonomy in access to publishing online. You can't > _effectively_ publish online without the help of other people, and > they're not very interested in helping anonymous people, presumably > because the ratio of trouble to profit isn't good enough. That's because the major players of the Internet are LIVING out of selling data to third parties. An anonymous individual is not a liability as they declare, but a loss of revenue. Still, at the time, they can't really verify everybody so a lot of people just slip in. But Google and Facebook are pretty decided to close this gap ASAP. And the less than very big players still can get a nice income out of selling data, or are plain careless. Myself I'm amazed of how many sites are ready to share their data with Facebook or Google for free. > (2) Improve the security and useability of things like freenet and > hidden services, so that they are usable for publication directly and > provide strong anonymity. That is very hard to achieve. Once things become a few clicks away carelessness shows its head. And people are already so very used to give their private data expecting someone else to take care and hide it. And it takes a few more steps in terms of thinking than the regular ways. Because it's not enough to buy a new GSM prepaid card in order to receive calls from a third party. Because the phone in which you use the card has a serial number that is already associated with an identity. Because nobody from the „other” life can use that number for a chat. Because you can't spend those extra credits just about to expire by midnight talking with your dear mother. Because mobile phones reveal location. Wikileaks had the advantage of filtering data and protecting the source. But they could not protect Bradley from talking too much with a mercenary. People publishing themselves is a huge risk. And that without couting people trained to find out stuff. It can be as easy as a couple of exchanged comments. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] blocked exit node IP because of spam
On Sun, Jul 1, 2012, at 15:32, Sam Whited wrote: > On Sat, Jun 30, 2012 at 3:17 PM, || ΣΖΟ || wrote: > > So spammers abuse tor... > > Yes, they always have, and probably always will. I feel there is a need to dispell some wonderful magic of the modern society: the World has always been large. Even if it takes a lot less to cover large distances, the World is still large. And that might mean, among others, diverse too. A second spell of the modern society is safety. The World has always been both comfortable and unsafe in various proportions. There are cries about protecting someone or something. But that was never ever in history a given. Oh, food should be free of additives like in the good old days. Actually in the good old days it was a lor more probable to eat rotten meat and not have the faintest idea that going vegan was an option. Sure, for the demigods breed in the last decades the spectre of cancer might mean dying of fear, but less than a century ago rotten food would mean potential death tomorrow as an alternative to starvation today. Phobos had a wonderful article about this recently on the Tor blog [https://blog.torproject.org/blog/real-name-internet-versus-reality] but people still expect that terrorism should come from a virtual entity far far away and not from the local corrupt cop [http://socialistworker.org/2012/06/21/nypd-kills-again] Myself I'm not shure all spammers turn a profit, but they all are ready to employ every mean available to push their merchandise. This doesn't mean checking the identity would do any good as they can impersonate anybody if willing. But that goes to the third issue of the modern society: mistaken an identity with a number. That would pretty much go with Michel Foucault and his prison society, because most people see themselves as obedient inmates. They are the national ID number or the SSN. And not much more. That's why there was so much fuss about the birth certificate of a presidential candidate and less about what the man was about to do. Back in the days when there was no registration people would build up some fame and invoke some ancestry. Or they were practically nobody. Up to a certain point in history everybody was an anonym and only few could break through to become somebody. Superficially things seem to have reversed, but it's a fake assumption. I still can't differentiate most of the people I pass each day. They are still nobodies. But they are proud to show a number: proof of uniqueness. > Tor is designed to keep people anonymous; this works for both the good > guys, and the bad. This isn't something the Tor Project needs to fix > except through continued marketing and education. I'd suggest emailing > the administrator of the forums you're having trouble with (and > possibly the IP blacklist site) and explain what Tor is, a bit about > how it works, and exactly why it's beneficial for them to whitelist > Tor exit nodes. Maybe you can convince them to change their minds. Actually blocking Tor won't help. A few sane filtering measures do. Have people create an account. Have someone take a look at that list from time to time. Generated or random users usually can be flagged easily. Ask people to do some customization to the account before posting. Quarantine the first few messages or a certain amount of time. Have a button or link called „report” and let the other users report messages. Quarantine the account and ask for an explanation from the offender. Blocking IPs makes sense only when you are Wikipedia and have a mission to let the government agencies have their fair chance of tweaking the facts. As I've never seen anything resembling closer the official newspaper of Airstrip One than Wikipedia. I don't feel Tor is designed to keep people anonymous. Tor is more of a hack to give back some privacy. To bring things more in line with the romantic image of the Internet. Because people want to see the Internet as a nice place where people go to share ideas and not what it is: a military project hack done by some unimaginative blokes who were happy to have things working so they could go to video games arcade or just sleep. Most of the protocols used to connect computers are horribly designed by people who can barely understand the concept of consequence. Probably it's not their fault as the educational system everywhere splits the curricula into sciences and humanities. And all the philosophy and ethics are given to the people with no tech background. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
30gb is a lot. what about using i2p? for smaller data, you could always host it yourself on your home connection. with tor hidden service, anonymously. -- Jerzy Łogiewa -- jerz...@interia.eu On Jul 1, 2012, at 3:38 PM, Gregory Maxwell wrote: > I perused anonymous publication for some days prior to deciding to not > publish anonymously and I encountered many of the same issues that > Anonymous Person above named at every juncture I hit roadblocks— > though in my case I already had bitcoins, but I couldn't find anyone > to take them in exchange for actually anonymous hosting especially > without access to freenode. If I'd wanted to emit a few bytes of > text fine— but large amount of data, no. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [info] Anonymous Publishing Is Dead.
2012/7/1 Edward Thompson > And if your threat model > encompasses an organisation with vast resources, like the NSA for > example, consider that they haven't yet managed to track down the guys > running the Silk Road drug site (http://silkroadvb5piz3r.onion)... ;) The Dutch secretest agency had several forums for extreme Islamics. Honeypots. Do you know who runs Silk Road? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Anonymous Publishing Is Dead.
The conversation has landed on cryptome.org and hackerne.ws . The last comment at cryptome.org is interesting for the discussion. http://hackerne.ws/item?id=4184850 Gregory Maxwell wrote: >On Sat, Jun 30, 2012 at 4:15 PM, Anonymous Person > wrote: >> I know it is dead, because I have tried to do it, and I can assure >you it is dead. > >I had a similar experience. > >When I decided to publish a large collection (30gb) of previously >paywalled (but public domain) JSTOR documents[1] I initially planned >to do so anonymously— simply to mitigate the risk of harassment via >the courts. Ultimately, after more consideration I decided to publish >with my name attached and I think it made more of an impact because I >did so (even though quite a few journalists reported it as though it >were a pseudonym)— though if I didn't have even the prospect that I >could publish anonymously I can't say for sure that I would have >started down that road at all. > >I perused anonymous publication for some days prior to deciding to not >publish anonymously and I encountered many of the same issues that >Anonymous Person above named at every juncture I hit roadblocks— >though in my case I already had bitcoins, but I couldn't find anyone >to take them in exchange for actually anonymous hosting especially >without access to freenode. If I'd wanted to emit a few bytes of >text fine— but large amount of data, no. > >It's also the case that non-text documents can trivially break your >anonymity— overtly in the case of things like pdf or exif metadata, or >more subtly through noise/defect fingerprints in images. I think I can >fairly count myself among the most technically sophisticated parties, >and yet even I'm not confident that I could successfully publish >anything but simple text anonymously. > >The related problems span even further than just the anonymity part of >it. Even once I'd decided to be non-anonymous I needed hosting that >wouldn't just take the material down (for weeks, if not forever) at >the first bogus DMCA claim (or even in advance of a claim because the >publication was 'edgy'). I ended up using the pirate bay— which >turned out pretty well, though there were some issues where discussion >of my release was silently suppressed on sites such as facebook >because they were hiding messages with links to the pirate bay, and it >was blocked on some corporate networks that utilized commercial >filtering. > >So I think that the problems for anonymous publication on the Internet >are actually a subset of a greater problem that there is little >independence and autonomy in access to publishing online. You can't >_effectively_ publish online without the help of other people, and >they're not very interested in helping anonymous people, presumably >because the ratio of trouble to profit isn't good enough. > >About the only solutions I can see are: > >(1) Provide stronger abuse resistant nymservices so that things like >freenode don't have to block anonymous parties, thus facilitating >person to person interactions. >(2) Improve the security and useability of things like freenet and >hidden services, so that they are usable for publication directly and >provide strong anonymity. > >I'm disappointed to see some of the naysaying in this thread. It >really is hard to publish anything more than short text messages >anonymously, at least if you care about the anonymity not being broken >and you want to reach a fairly large audience. > > > >[1] https://thepiratebay.se/torrent/6554331/ >___ >tor-talk mailing list >tor-talk@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] blocked exit node IP because of spam
> anonymously donate Well, very few places take cash or money order in the mail. Call them stupid to not take the money. Then there's AML with bitcoin, etc. > a persistent nym Building a persistent nym is handy if you wish to establish such a personage for compartemented tasks, etc. However, there are linkable nyms and unlinkable ones. Advocating that users or sites evolve to support only linkable nyms is not a good idea. For example, the 'invite' or 'cell number' type nym systems are an example of terrible privacy policy. People need the ability to create new, unlinked, taint free, accounts whenever they want. They many need more than one persona, or to come back as a fresh incarnation of themselves when up against unwarranted/irrational dislike. > But no practical software infrastructure exists for [nym tech]. Linkable nyms are worthless for some people and purposes, so I've no problem with that lack. If I ran a system, I would allow signups from anywhere, no 'recovery' email, no name, no cell, no geoip. Nothing but username, password, and a few strong captchas to keep out the bots. Maybe even a time delay (n days) to calm down the impulse users. AND definitely... a policy that allows me to nuke misbehaving accounts at will. Because let's be honest, if you've got the helpdesk cycles to learn all about VPN's, scrape proxy lists, scrape Tor, sink ip's etc... you've surely got it to sink accounts on verifiable abuse reports. Come on people, hitting 'delete' just isn't all that hard, especially when your policy permits it. Do NOT penalize those who need multiple random unlinked accounts by blocking ip's, making up nym systems, etc. Penalize the accounts that act up. They are the bad ones, not the former. > This isn't something the Tor Project needs to fix except through > continued marketing and education. I would actually donate much more to Tor/EFF project if I could earmark it for a formal emissary to talk with some of the sites I've seen implementing bad policy. And hopefully report back to me with the positive results ... > I'd suggest emailing the administrator of the forums you're having > trouble with ... and explain what Tor is ... ... because when I do (under a separate unlinkable nym of course), I end up ignored as the expendable small guy. > Tor is more of a hack to give back some privacy. To bring things > more in line with the romantic image of the Internet. Because > people want to see the Internet as a nice place where people go > to share ideas Exactly! And when I can't use these sites in perfectly good, responsible, creative and nice ways... because they have implemented crap blocking policies... it pisses me the fuck off. Anonymous != evil. That is what we need to be teaching. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [info] Anonymous Publishing Is Dead.
>> like the NSA for example, consider that they haven't yet managed to track >> down the guys running the Silk Road drug site (http://silkroadvb5piz3r.onion) Call me stupid, but I actually think the NSA does have the capability to locate Tor hidden services, even if only those existing within the USA. But as usual, they may be restricted from originally passing it to enforcement, or from producing data at bequest of same. Or for whatever reason, no one cares, or wishes to keep capabilties or bigger fish under wraps. Nothing new here. > Do you know who runs Silk Road? Silk Road will likely go down via the usual means... some Joe somewhere flapping their gums, a street grudge, too much bling, etc. Just as with Farmer's Market, the case files will certainly make for interesting reading. But not really tell us much about Tor :( ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] blocked exit node IP because of spam
On Sun, Jul 1, 2012 at 11:48 PM, grarpamp wrote: > Do NOT penalize those who need multiple random unlinked accounts > by blocking ip's, making up nym systems, etc. Penalize the accounts > that act up. They are the bad ones, not the former. It's this kind of thinking that will result in the web continuing to be largely read-only for Tor users. People running services that block Tor aren't blocking Tor because they Hate Freedom™, or because they can't help but staying up at night trying to come up with ways of screwing people over. Blocking tor isn't trivial, especially to do it well... and many of the people who have been involved with blocking tor at major sites are themselves Tor supporters and bridge/relay operators and only block tor when it is clear that they must. They block write access from Tor because when an abusive user is blocked their inevitable recourse to evade the block is Tor (if not their first choice). After the umpteenth occurrence of whatever antisocial jerkwad assaulting the site via tor it simply has to go. Arguing that a problem doesn't exist is unconvincing to people who are dealing with it, arguing that blocking tor is ineffective or involves unacceptable tradeoffs is unpersuasive to people who have made the changes and measured the results. One of the great forces which makes online communities viable and not all trivially destroyed by a few byzantine troublemakers is that the cost of excluding people is low, but when tor makes the cost of evading the exclusion nearly zero— the balance is upset. Even captchas are a pretty weak tool: Commercial services will solve them for pennies each, and targeted trouble makers aren't deterred by them at all. Perhaps most importantly, — this has been the ongoing approach used by the Tor community and it is demonstratively ineffective: Write access via tor is frequently inhibited. And yes, sure, there are cases where nym use doesn't solve things. But there are a great many where it does. > I would actually donate much more to Tor/EFF project if I could > earmark it for a formal emissary to talk with some of the sites > I've seen implementing bad policy. And hopefully report back to me > with the positive results ... The Tor project absolutely has done this in the past. Though as far as I can tell it has not hat much success except in areas where the Tor prohibitions are sloppy (blocking read access, blocking relays instead of just the relevant exits). > Exactly! And when I can't use these sites in perfectly good, > responsible, creative and nice ways... because they have implemented > crap blocking policies... it pisses me the fuck off. > > Anonymous != evil. > That is what we need to be teaching. You're making a grave error to characterize the people who've made different calls than you have as foolish or insensitive. I'm sure it's true in some cases, but even the well informed frequently make the dispassionate, considered, and rational decision to block write access from Tor. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
