Author

Topic: [ANN][XST] Stealth-Coin.com | Tor | StealthText, World's first anonymous SMS Tx! - page 124. (Read 748616 times)

legendary
Activity: 1008
Merit: 1000
Making money since I was in the womb! @emc2whale
So where is the wallet update? its been a while already.
legendary
Activity: 2184
Merit: 1028
#mitandopelomundo
legendary
Activity: 1118
Merit: 1002
Yea it is better, but not as well known nor as easy to implement into a wallet.  Hondo said he would look into i2p.  Thats specifically why I asked the question in the first place.

https://twitter.com/_DiCE1904/status/517501293368455168
full member
Activity: 134
Merit: 100
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time



Seeing how you missed that FACT about Sabu, I also have to question your "sources" for your claims.

TOR IS FUGAZI. NSA CONTROLS A LOT OF NODES OF NETWORK.

moron, tor is just a plus in stealthcoin.
XST has several layers of anon features, do you dont know to read, troll?

Okay but I2P is better.
legendary
Activity: 2184
Merit: 1028
#mitandopelomundo
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time



Seeing how you missed that FACT about Sabu, I also have to question your "sources" for your claims.

TOR IS FUGAZI. NSA CONTROLS A LOT OF NODES OF NETWORK.

moron, tor is just a plus in stealthcoin.
XST has several layers of anon features, do you dont know to read, troll?
legendary
Activity: 1008
Merit: 1000
Back to tonight update, it's AWESOME!
Hondo/team releasing working POSA like it was nothing special  Grin
I feel bad for the Cloakcoin main dev but hey he did give Stealthcoin the first step
legendary
Activity: 1118
Merit: 1002
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time



Seeing how you missed that FACT about Sabu, I also have to question your "sources" for your claims.

Im a kid and dont know my facts


Please continue and enlighten us with more bullshit you seem to know

full member
Activity: 134
Merit: 100
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time



Seeing how you missed that FACT about Sabu, I also have to question your "sources" for your claims.

TOR IS FUGAZI. NSA CONTROLS A LOT OF NODES OF NETWORK.
legendary
Activity: 1008
Merit: 1000
Making money since I was in the womb! @emc2whale
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING

Big time.. And you can still be safe on tor, you just need to know how to use it right and not be trying to buy nuclear weapons. Cant be having the NSA looking for you on there because they may find ya.. but to send a few coins.. fuck that.. NSA has better stuff to do then try to track my stealthcoin.







I agree, alot of it comes down to personal responsibility and usage. For joe schmo spending it, it works fine

Yep... That's why I see it as a winner. So many oppressed countries, so many people and everyone one of them has a need to hold, spend, send and receive money.



Stealthcoin for the win bud!
legendary
Activity: 1118
Merit: 1002
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time



Seeing how you missed that FACT about Sabu, I also have to question your "sources" for your claims.
legendary
Activity: 1118
Merit: 1002
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING

Big time.. And you can still be safe on tor, you just need to know how to use it right and not be trying to buy nuclear weapons. Cant be having the NSA looking for you on there because they may find ya.. but to send a few coins.. fuck that.. NSA has better stuff to do then try to track my stealthcoin.







I agree, alot of it comes down to personal responsibility and usage. For joe schmo spending it, it works fine
legendary
Activity: 1008
Merit: 1000
The NSA runs lots of Tor nodes and also the American government, TOR will never be 100% safe. SAD but TRUE.

Stop bullshitting TOR is not safe.

Quote
"Update: This is a controversial claim. I have some sources I cannot name. Also: I don't have the exact details as to what "many" means: 1%? 10% 30%??"

LOL
Sound like this guy know nothing. I heard Iran also have TOR servers and the NSA can't do crap about that as they can't get the send/receive packages from these Iran servers. When the NSA receive lose packages then the message/program not going to work so it reveal nothing.
legendary
Activity: 1008
Merit: 1000
Making money since I was in the womb! @emc2whale
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING

Big time.. And you can still be safe on tor, you just need to know how to use it right and not be trying to buy nuclear weapons. Cant be having the NSA looking for you on there because they may find ya.. but to send a few coins.. fuck that.. NSA has better stuff to do then try to track my stealthcoin.




member
Activity: 84
Merit: 10
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING

Do any other cryptonote coins have native tor integration?    It seems Stealthcoin is emerging as a cryptonote front-runner.
legendary
Activity: 1118
Merit: 1002
^This is part of the reason that I asked if XST would ever get i2p implemented.
However I think you are missing the point that Tor is a much much better alternative to NOTHING


and your
Quote
Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.
is a fucking lie. He was a FED the whole time
full member
Activity: 134
Merit: 100
The NSA runs lots of Tor nodes and also the American government, TOR will never be 100% safe. SAD but TRUE.


Anonymity Smackdown: NSA vs. Tor link:http://blog.erratasec.com/2013/08/anonymity-smackdown-nsa-vs-tor.html#.VCy9RGddVCg

By Robert Graham

In recent news, Tor was hacked -- kinda. A guy hosting hidden services was arrested (with help from FBI), and his servers changed to deliver malware to expose user IP addresses (with help from NSA). This makes us ask: given all the recent revelations about the NSA, how secure is Tor at protecting our privacy and anonymity?

The answer is "not very". Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't. I'm going to describe some of the reasons here.

The NSA runs lots of Tor nodes

The NSA hosts many nodes, anonymously, at high speed, spread throughout the world. These include ingress, middle nodes, hidden services, and most especially, egress nodes. It's easy for them to create a front company, sign up for service, and host the node virtually anywhere.

On any random Tor connection, there is a good chance that one of your hops will be through an NSA node.
Update: This is a controversial claim. I have some sources I cannot name. Also: I don't have the exact details as to what "many" means: 1%? 10% 30%??
Tor uses only three hops

By default, Tor chooses three hops: the ingress point, the egress point, and only a single in-between node. If the NSA is able to control one or two of these nodes, you are still okay because the third node will protect you. But, if the NSA is able to control all three, then your connection is completely unmasked.

This means that the NSA occasionally gets lucky, when somebody's connection hits three NSA nodes, allowing them to unmask the user.
Update: If we assume the NSA controls 1% of Tor nodes, that comes out to one-in-a-million chance the NSA will unmask somebody on any random connection. If a million connections are created per day, that means the NSA unmasks one person per day.
Tor creates many new paths

Tor doesn't use a single static path through the network. Instead, it opens up a new path/tunnel every 15 minutes. Modern web-services create constant background connections. Thus, if you have your Outlook mail or Twitter open (and aren't using SSL), these will cause a new path to be created through the Tor network every 15 minutes, or 96 new paths every day, or 3000 new paths a month.

That means over the long run, there's a good chance that the NSA will be able to catch one of those path with a three-hop configuration, and completely unmask you.
Update: This is partly mitigated by the "guard" ingress node concept. You crease only a single connection to the guard node, then fan out paths from there. But, mitigated doesn't mean the same thing as "fixed".
Your egress traffic may be unencrypted

Tor encrypts your traffic on your end, but when it leaves the last node in the Tor network, it'll be whatever it would be originally. If you are accessing websites without SSL, then this last hop will be unencrypted. It's usually easy to verify within web-browsers whether they are using SSL, but most other apps have bugs that cause unencrypted sessions to be created.
Update: Also, some of your egress traffic is poorly encrypted, such as the 1024-bit keys without forward security that Facebook uses.
Update: @addelindh points out that things like SSLstrip often works because people aren't paying attention and websites don't support things like HSTS, and thus, even when you want SSL, it'll sometimes fail for you in the face of a hostile attacker. Somebody needs to setup an exit node, then SSLstrip it to figure out how often that works.
Tor uses 1024-bit RSA DH

Tor connections are only protected by 1024-bit RSA/DH keys. The NSA can crack those keys. We don't know how easily they can do it. I'm guessing the NSA spent several years and a billion dollars to build ASICs. That means, their internal accounting might  charge $1-million per 1024-bit RSA/DH key cracked. This means they won't try to crack keys for petty criminals, but they have the power to crack keys for serious targets.

The NSA doesn't need to control all three servers along your route through Tor. Instead, it can control two servers and crack the RSA/DH key of the remaining connection.
Update: We know the NSA can crack 1024-bit keys, because would cost only a few million dollars. What we don't know how many such keys it can crack per day. The number could be less than one such key per day.
Major Update: Because of Tor's "perfect forward secrecy", the NSA wouldn't be cracking the RSA key when eavesdropping. Instead, they would need to crack the "ephemeral" keys. A lot of older servers use 1024-bit DH ephemeral keys, which are about as easy to break as 1024-bit RSA keys. Newer servers use 256-bit ECDH keys which are a lot stronger, and likely not crackable by the NSA (estimates say NSA can crack up to 160-bit ECDH keys). Thus, for older servers, the ability of the NSA to passively eavesdrop and crack keys is a big threat, but for newer servers, it's likely not a threat. (I'm using http://www.keylength.com/ and round numbers here for key lengths). (I'm using http://torstatus.blutmagie.de/ and my own pcaps to confirm a lot of 1024-bit DH is still out in the Tor nodes).
Update: I did a rough survey of the 4200 active Tor servers. Roughly 10% use the newer uncrackable ECDH keys, whereas the other 90% use the older crackable 1024-bit DH keys.
The NSA can influence parts of the network

The NSA can flood the servers it doesn't control with traffic, thus encouraging users to move onto their own servers. Thus, they can get more connections onto their servers than chance would suggest.

Multiple apps share the same underlying Tor egress

Let's say that you use SSL for Twitter, but non-SSL for your email app. Both of these go out the same exit node. This allows the the NSA to associate the two together, the user named in the email connection associated with the otherwise anonymous Twitter connection. This association works well when the NSA is controlling the exit node, and less well if it's simply monitoring the exit node.

Outages out you

As everyone knows, if the NSA is monitoring you and the server you visit, they might be able to match up traffic patterns to associate the two. This is tricky for them, so a better way is to control the association by injecting faults. If the NSA is able to reset (spoof TCP RST) packets to your end of the connection, it'll cause the egress connection on the other end to drop. Some suspect the NSA is doing this in order to find hidden services.

Exploits (0day or not) can leak your IP address

In the recent incident, the FBI put a Firefox exploit on the servers that was designed to leak a person's IP address. There are lots of other things that can do this, ranging from hidden stuff within video files to PDF files. I doubt that it is possible, in the normal sense (i.e. without putting the Tor proxy and apps on separate machines), to prevent your IP address from being discovered.

DNS leakages can get you

This is partially fixed, with the latest build of Firefox in the Tor Browser Bundle. But it's potentially broken in other apps. The basic problem is that Tor is TCP-based, but DNS requests go over UDP. Also, DNS requests go over separate APIs in the operating system that bypass the proxying of Tor. Consequently, when apps open a proxied TCP connection, they'll still leak your IP address when resolving a name via DNS. (h/t @inthecloud247)

Mistakes inevitably happened

Remember: Lulzsec hacker Sabu was discovered because while he normally logged onto chatrooms using Tor, he forgot once -- and once was enough.


The NSA passes info to the FBI !!!

Normally, the NSA wouldn't go after petty criminals, like kids buying drugs on SilkRoad. That's because doing so would reveal the existence of the program, which the NSA wants to keep secret.

But now we've heard stories about how the NSA can give such information to FBI without revealing the program. Unmasking connections is opportunistic: the NSA is just running a huge dragnet and testing connections when they get lucky. With the above program, they can just pass it along to the FBI. That means even the pettiest of petty criminals might getting caught with the NSA's Tor monitoring.

Conclusion

Experts can probably use Tor safely, hiding from the NSA -- assuming they control a smaller number of nodes, and that their 1024-bit key factoring ability is small. It would require a lot of opsec, putting apps on a different [virtual] machine than the proxy, and practicing good opsec to make sure egress connections are encrypted.

However, the average person using the Tor Browser Bundle is unlikely to have the skills needed to protect themselves. And this might be good thing: it means dissidents throughout the world can probably hide from their own government, while our NSA cleans the network of all the drug dealers and child pornographers.


Stop bullshitting TOR is not safe.
legendary
Activity: 1008
Merit: 1000
Hondo is amazing!
He released as a bonus, outside the roadmap, a anon feature like as that cloak's dev team is trying to develop for months without succeed!

Yes, he's AWESOME in my book. When roadmap first come out it don't even have SMS or StealthAddress and now we have it. Hondo and the team keep surprising us time after time. Heck, even before StealthSend or OpenBaazar out we probably going to have some more awesome and cool stuffs that we don't even know.
legendary
Activity: 1008
Merit: 1000
Making money since I was in the womb! @emc2whale
legendary
Activity: 2184
Merit: 1028
#mitandopelomundo
Hondo is amazing!
He released as a bonus, outside the roadmap, a anon feature like as that cloak's dev team is trying to develop for months without succeed!
sr. member
Activity: 322
Merit: 250
Tonight Bonuses: Upgrade the Tor, improve transaction speed and block chain analysis resistance(StealthAddress). Sound to me StealthAddress = POSA of Cloakcoin.

"In principle, yes. Stealth Addresses represent working PoSA".--Hondo
Jump to: