Author

Topic: Economic Totalitarianism - page 108. (Read 345758 times)

legendary
Activity: 2968
Merit: 1198
July 11, 2015, 07:58:44 PM
smooth okay I understand to add I2P for privacy since it will probably adds privacy against adversaries not as powerful as national security agencies.

It certainly does that.

Quote
I think I did allude to that in my detailed post.

Yes you did.

Quote
My issue is that so many people think that means I2P (thus Monero) is safe against the NSA

People are going to think what they think. Many think that Bitcoin is anonymous. i2p has certainly never been sold as NSA-proof and furthermore without knowing the totality of NSA's capabilities you can never correctly describe any implementation of anything as NSA-proof. Even most pure cryptography can't be proven to be secure, and once you get into implementation the potential vulnerabilities explode.
legendary
Activity: 2968
Merit: 1198
July 11, 2015, 07:48:57 PM
My issue is that so many people think that means I2P (thus Monero) is safe against the NSA (and the 5 Eyes countries and the German Stasi which is still active btw), which is what I mean by marketing (whether untended or not). I wanted to make clear I2P can't be relied on for that threat model.

I'm pretty sure that every significant discussion of I2P and Monero has stated that won't make it NSA proof.

I'm also pretty sure that merely improving a mixnet won't make something NSA proof either. The threat model is much wider than that.
sr. member
Activity: 268
Merit: 256
July 11, 2015, 04:25:32 PM
The TTIP vote. They knew it would not get through, despite the details being
kept secret.

Then, after a few weeks, the vote goes through with a huge majority. What?Huh

What happened to get several hundred of the EU lawmakers to change their minds?
And how did those pushing the TTIP know they could get the votes? In a couple of weeks?

The more I think about this the more suspicious I become - make that paranoid.
sr. member
Activity: 268
Merit: 256
July 11, 2015, 04:18:05 PM
The best thing about M$Access is the front-end. There are other
SQL based applications, postgresQL, mySQL that will run on both
Linux and on Windows, though I speak only from Linux experience.

The WINE application may allow some of the M$Access code to
run on Linux, but I have not checked the current situation. It
is unfortunate that making the transition requires far more skill
than setting up an maintining the systems afterwards.

HTH. Apologies for the OT.
sr. member
Activity: 268
Merit: 256
July 11, 2015, 04:12:03 PM
Theoretically mixmaster should provide good enough anonymity if
used with pgp. Most Linux based mailers eg Mutt, include hooks to
process both pgp and transmit via mixmaster.

For Mixmaster to be effctive, messages (encrypted) are passed though
several mailhosts and eventually delivered (encrypted) anonymously
to the recipient.

Regrettably, any encrypted message or any posts to remailers are
going to be like walking around with a ladder on your shoulder in
a thunderstorm.

If things are really that bad, emigration might be the best option.
sr. member
Activity: 420
Merit: 262
July 11, 2015, 01:24:58 PM
This Linux works almost like Windows:

http://www.linuxmint.com/

I prefer the MATE version not Cinnamon.
sr. member
Activity: 420
Merit: 262
July 11, 2015, 12:48:00 PM
smooth okay I understand to add I2P for privacy since it will probably adds privacy against adversaries not as powerful as national security agencies. I think I did allude to that in my detailed post.

They did not design I2P to be anonymous to powerful adversaries, rather they designed it to be a performant, low-level network layer for basic privacy.

My issue is that so many people think that means I2P (thus Monero) is safe against the NSA (and the 5 Eyes countries and the German Stasi which is still active btw), which is what I mean by marketing (whether untended or not). I wanted to make clear I2P can't be relied on for that threat model.

I am contemplating building a more secure high latency anonymity network and not what I had described to you many months ago.

I am also not satisfied with Bitmessage. It doesn't even run on one of my ISPs here. Quirky, has to be downloaded, and doesn't run out-of-the-box on Linux. Python is a horrendous choice for cryptography (ewww).

generalizethis thank you. I have no more time to expend on extraneous discussion (especially with noisy n00bs who think they are senior system design analysts). I know what needs to be done. No slow consensus politics needed. I can just go straight to implementing.



It is utilizes Tor hidden services which have been Allegedly broken by the NSA. Tor and I2P are not reliable anonymity. Do not rely on them. As well, they are probably honeypots so using them brings you to the attention of the NSA....

Fixed, The question was not what is uncrackable but "free & easy-to-use encryption software for email". The only thing I would trust is paper/pencil in a closet with a flashlight and a lighter to be NSA proof. And I'd sweat that as well.

But thank you for your correction.

Sorry but you are again misinformed:

https://blog.torproject.org/blog/thoughts-and-concerns-about-operation-onymous

Information Theoretic Security is reliable against any attacker no matter how powerful. Please be more informed before erroneously incorrecting me. Note still need to make sure Sybil or spam attacks can drive down usage thus weakening the size of anonymity sets (one of my criticisms of Bitmessage).


OROBTC you can run Windows programs on Linux with varying success:

https://www.google.com/search?q=run+windows+programs+on+linux
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
July 11, 2015, 03:14:15 AM
Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.

The plan to integrate I2P was not "for marketing reasons" it was simply hat I2P is the most suitable extant solution to provide a higher degree of network-level privacy than sending everything in the clear.

If you develop something better or someone else does, then we'll be happy to use that too. We're not going to just stand still and do nothing because the perfect solution doesn't exist, nor does the plan to use I2P constitute some sort of endorsement that I2P is 100% bulletproof (which they don't claim nor do we).

I started a link here: https://www.reddit.com/r/i2p/comments/3cw3wm/discussion_i2p_and_ip_obfuscation_from_economic/

Hopefully, we can move toward a best-standard or a new solution that works better for everyone.
legendary
Activity: 2968
Merit: 1198
July 11, 2015, 02:43:54 AM
Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.

The plan to integrate I2P was not "for marketing reasons" it was simply hat I2P is the most suitable extant solution to provide a higher degree of network-level privacy than sending everything in the clear.

If you develop something better or someone else does, then we'll be happy to use that too. We're not going to just stand still and do nothing because the perfect solution doesn't exist, nor does the plan to use I2P constitute some sort of endorsement that I2P is 100% bulletproof (which they don't claim nor do we).
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
July 11, 2015, 01:26:48 AM
Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.

I2P (which is relied on by Monero to insure your anonymity) has updated their detailed summary of potential attacks. That looks really bad (as I had expected). I wouldn't trust for that for obfuscating who sent a message to whom in the face of a powerful adversary and neither do they...

How do you plan to stop IP leakage with I2p? (A decentralized IP ring signature would be nice--seriously though, would a market solution built on top of I2p help unlink all the transactions? Or does the whole structure need to be overhauled/fine-tuned/scrapped?)

I do take issue with the bolded part as there is TOR (even worse) and I2p, so it is like choosing between Hillary Clinton and Donald Trump (though, who knows how to order their awfullness)--AFAIK the Monero Devs are working to improve I2p function with Monero not just integrating the two--so without knowing how they are or are not planning to improve the IP functionality, how are you sure if the criticism isn't already addressed....

I would like to read their response and how you plan to improve the functionality as this is a huge opportunity to improve financial privacy.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
July 10, 2015, 11:26:22 PM

It is utilizes Tor hidden services which have been Allegedly broken by the NSA. Tor and I2P are not reliable anonymity. Do not rely on them. As well, they are probably honeypots so using them brings you to the attention of the NSA....

Fixed, The question was not what is uncrackable but "free & easy-to-use encryption software for email". The only thing I would trust is paper/pencil in a closet with a flashlight and a lighter to be NSA proof. And I'd sweat that as well.

But thank you for your correction.
sr. member
Activity: 420
Merit: 262
July 10, 2015, 10:50:23 PM

It is utilizes Tor hidden services which have been broken by the NSA. Tor and I2P are not reliable anonymity. Do not rely on them. As well, they are probably honeypots so using them brings you to the attention of the NSA.


Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.

I2P (which is relied on by Monero to insure your anonymity) has updated their detailed summary of potential attacks. That looks really bad (as I had expected). I wouldn't trust for that for obfuscating who sent a message to whom in the face of a powerful adversary and neither do they...

I am thinking about fixing this and helping Monero (and Bitcoin and every cryptocurrency) before I continue work on another coin. So that will demonstrate I am not attacking Monero and I am not selfish. It would also demonstrate my (or my small dev group's) coding skills to everyone. But that is not yet a promise. I am exploring this option now.

Note this past week nearly no symptoms from the Multiple Sclerosis (other than fatigue that results from working 100+ hours per week). So the strict Paleo diet I am on appears to be helping.
legendary
Activity: 1050
Merit: 1001
July 10, 2015, 07:45:36 PM
...

TPTB and friends

15 years ago I was able to use all kinds of fun and interesting software that was either FREE or cheap.  And easy-to-use (important to those of us who are not tekkies).

One program was Zimmerman's PGP.  It was free and easy to use.  But, none of my friends (none of my friends are programmers or otherwise tech-savvy) so I was never able to USE PGP.

I took a quick look around via Google to see if there was free & easy-to-use encryption software for email, but was not able to find any obvious candidates.

You guys have any suggestions re email encryption software?  Especially easy-to-use...

*   *   *

I also miss the cheap (or free) AND easy-to-use data analysis programs (SPSS: now $2000 or so, and an "OLAP" program to analyze database data that cost me just $100, now it would cost MUCH MORE).

Also, I bought Microsoft's SQL Server 2000 (w/ another OLAP program included in it) for just $100 or so back then.  SQL Server 2000 will not work on modern Windows versions...

Frustrating that the software in 2000 was better, cheaper and more available than in 2015!

+ 1 life without windows is better & linux is easy to use.
Google will help with installing certain softwares.
legendary
Activity: 3836
Merit: 4969
Doomed to see the future and unable to prevent it
July 10, 2015, 03:58:11 PM


I took a quick look around via Google to see if there was free & easy-to-use encryption software for email, but was not able to find any obvious candidates.

You guys have any suggestions re email encryption software?  Especially easy-to-use...


Frustrating that the software in 2000 was better, cheaper and more available than in 2015!
https://en.wikipedia.org/wiki/Ricochet_%28software%29
sr. member
Activity: 420
Merit: 262
July 10, 2015, 01:59:02 PM
...

TPTB and friends

15 years ago I was able to use all kinds of fun and interesting software that was either FREE or cheap.  And easy-to-use (important to those of us who are not tekkies).

One program was Zimmerman's PGP.  It was free and easy to use.  But, none of my friends (none of my friends are programmers or otherwise tech-savvy) so I was never able to USE PGP.

I took a quick look around via Google to see if there was free & easy-to-use encryption software for email, but was not able to find any obvious candidates.

You guys have any suggestions re email encryption software?  Especially easy-to-use...

I2P's Bote is better than PGP because it encrypts the headers too, except for the destination address. But all your recipients need to be using I2P-Bote too.

Realize that any email encryption won't hide whom is writing to whom. It only hides with encryption the content in the email. But this is no good! If the officials can prove whom you were communicating with, they can try to attack your machine with back doors and spyware, or that fails they could potentially rubberhose you to force you to reveal what was communicated.

Bitmessage encrypts everything and sends every encrypted message to every recipient in your stream. Thus in theory it can't be proven whom is talking to whom. But Bitmessage has unaudited code and security model, as well it is often subject to spam which may to cause real traffic to move to more streams, thus diluting the anonymity sets. Also Bitmessage is very poorly programmed, has lots of usability quirks, and often doesn't work on some user's connection.

Someone really needs to make something better.

As for encrypting standard email the easiest way, Google can help you with that, such as PGP plugins for open source email clients. Your recipients will need to use PGP too and I believe there are easier plugins now. It is still a pita though. As I said, someone needs to fix the internet! I am working on it! But I am only one person (or perhaps a small team of devs).


*   *   *

I also miss the cheap (or free) AND easy-to-use data analysis programs (SPSS: now $2000 or so, and an "OLAP" program to analyze database data that cost me just $100, now it would cost MUCH MORE).

Also, I bought Microsoft's SQL Server 2000 (w/ another OLAP program included in it) for just $100 or so back then.  SQL Server 2000 will not work on modern Windows versions...

Frustrating that the software in 2000 was better, cheaper and more available than in 2015!

Install Linux, such as Mint Linux is very easy. Abundant software often for free.

Ditch Windows. That is your problem.
legendary
Activity: 2940
Merit: 1865
July 10, 2015, 01:42:04 PM
...

TPTB and friends

15 years ago I was able to use all kinds of fun and interesting software that was either FREE or cheap.  And easy-to-use (important to those of us who are not tekkies).

One program was Zimmerman's PGP.  It was free and easy to use.  But, none of my friends (none of my friends are programmers or otherwise tech-savvy) so I was never able to USE PGP.

I took a quick look around via Google to see if there was free & easy-to-use encryption software for email, but was not able to find any obvious candidates.

You guys have any suggestions re email encryption software?  Especially easy-to-use...

*   *   *

I also miss the cheap (or free) AND easy-to-use data analysis programs (SPSS: now $2000 or so, and an "OLAP" program to analyze database data that cost me just $100, now it would cost MUCH MORE).

Also, I bought Microsoft's SQL Server 2000 (w/ another OLAP program included in it) for just $100 or so back then.  SQL Server 2000 will not work on modern Windows versions...

Frustrating that the software in 2000 was better, cheaper and more available than in 2015!
sr. member
Activity: 420
Merit: 262
July 10, 2015, 10:20:00 AM
Someone please post a link to this post over in the Monero thread so they can come over here to address it. I don't want to shit on their thread. I am not criticizing Monero per se. I am technically criticizing I2P when deployed against a high-powered adversary such as the NSA. I am disappointed in whom ever made this decision for marketing reasons (apparently) without sufficient engineering investigation.

I2P (which is relied on by Monero to insure your anonymity) has updated their detailed summary of potential attacks. That looks really bad (as I had expected). I wouldn't trust for that for obfuscating who sent a message to whom in the face of a powerful adversary and neither do they:

https://geti2p.net/en/comparison/other-networks

Quote
Mixminion and Mixmaster are networks to support anonymous email against a very powerful adversary. High-latency messaging applications running on top of I2P (for example Syndie or I2PBote) may perhaps prove adequate to meet the threat model of those adversaries, while running in parallel along side the needs of low latency users, to provide a significantly larger anonymity set. High-latency support within the I2P router itself may or may not be added in a distant future release. It is too early to say if I2P will meet the needs of users requiring extreme protection for email.

What they are really saying at the above quote is that the underlying I2P network is low-latency hogwash that can't protect against a high-latency adversary and that if someone builds a high-latency system (whether they run it on I2P or not is irrelevant), then you may be protected. Well duh! I2P isn't high-latency mixing and doesn't protect you. I doubt I2PBote does either. I am studying I2PBote and once again the design is not fully documented. I2PBote appears to store messages in a DHT and uses optionally high-latency relaying to provide the anonymity, but absolutely no details are given and the relaying may not even be sufficiently implemented or utilized (too small of mix set) to be of any use.

I2P was designed by the folks who did P2P file sharing apps. They did not design I2P to be anonymous to powerful adversaries, rather they designed it to be a performant, low-level network layer for basic privacy.

Stay away! Don't trust I2P for that threat model!

Thus Monero is not yet anonymous against a high-powered adversary (such as the NSA) unless you use a connection to the internet that can not be correlated to you nor to any activity you do from that connection (e.g. Google's cookie in your browser, logging into any website, etc). This is because if an identity is attached to a sent transaction (via the lack of IP address obfuscation), then it is known that identity is associated with the sender of that transaction, regardless of the ring signature mixing on chain.

Most users have no clue what they are doing and will not likely be anonymous against a high-powered adversary in Monero even if they think they are using an unregistered connection to the internet. And if widely the case, then this can cascade into reduced anonymity sets for everyone thus even destroying the anonymity for those who were careful enough.

You see this shit is very complex and it can't be done with such nonchalant attitude. It requires serious technical documentation and analysis.

I am not angry at any one per se; we are running out time and we should be working together to solve the problem instead of playing marketing battles here. We need to stop attacking each other. I am not attacking Monero. I am just stating technical facts.

You know they added I2P because I mentioned last year in a forum there where smooth et al were present or lurking that IP address wasn't obfuscated. I think fluffypony picked up on my criticism and pushed for adding it, but I am not really sure who did. Ever since then, I've been telling smooth that I2P is not sufficient against a high-powered adversary. It is one year hence and we still haven't solved the problem.

As AnonyMint I was the guy in the Anoncoin thread in 2013 (as kLee can attest) making the point their I2P integration lacked high-latency protection against timing attacks. Now 2 years later we are still in the same predicament.

Look I am just one guy. You can't expect me to do the work that requires dozens and dozens of highly skilled programmers working for years. I can only do so much. I am working 100+ hours a week and doing my best. I will try to fix all this shit but I won't be able to do it alone.

P.S. what got me off on this tangent was searching for a better alternative to Bitmessage, but unfortunately I think maybe there is none when obfuscating the link between sender and recipient. In terms of encrypting messages so only sender and recipient can read (and not concerned about linking the identities of sender and recipient), then I2PBote looks better than Bitmessage because it has a 512-bit ECC encryption option (thus maybe providing a few more years of historical protection, perhaps even against early, less powerful quantum computers that may come) and better usability features.

To demonstrate how naive users are, I had asked a programmer for his Bitmessage address and he told me bitmsg.me! Cross that guy off the list for potential employment. He doesn't even understand how using a website would eliminate the entire point of using Bitmessage in the first place (unless of course that website is using client-side Javascript encryption and receiving all network messages from the server and attempting to decrypt them client-side and not relying on the server hosting bitmsg.me to do that instead, which may be the case but I doubt it).


Edit: I am reading I2P's technical documentation. They are talking about maybe implementing some high-latency delays for version 3.0 (they aren't even at version 1 yet since starting in 2003), and worse is they plan to let the sender set the delays at each hop of the garlic layer! I guess they don't realize that this will allow a high-powered, omniscient attacker to flood inbound tunnels with specifically timed delays so they can unmask the tunnel! These I2P devs should not be trusted about anonymity.
legendary
Activity: 1750
Merit: 1036
Facts are more efficient than fud
July 10, 2015, 02:04:12 AM
sr. member
Activity: 420
Merit: 262
July 10, 2015, 01:05:27 AM
You will get no argument from me about Regulatory (Unc)(C)ertainty in the USA...

Most people follow the herd (e.g. Bitcoin instead of Monero or better anonymous coin) and thus the hidden future regulatory pain isn't factored into their stampedes.

Thus the USA will be perceived as the least risky until end of 2017.
legendary
Activity: 2940
Merit: 1865
July 09, 2015, 05:03:03 PM
...

minor-transgression

You will get no argument from me about Regulatory (Unc)(C)ertainty in the USA...  Our Overlords make it harder for small business (the engine of job growth and innovation) to start up and even continue operating.  I am going to guess that it is probably at least this bad in Europe as well.

These secret international trade treaties, almost by definition, introduce further uncertainty!  Else, why not let us look at them?  THEY won't let us look at them because THEY have something to hide.

Goin' Galt in 3....2....1..
Jump to: