• Rise of the Dark Nets

    From S/370@VERT/ECBBS to All on Friday, August 16, 2013 21:52:15
    We can sit and argue for all eternity about the politics behind SOPA, NSA, etc. But since these things are mostly not going to go away, we may as well avoid it entirely through methods such as encryption and dark nets.

    I once read a document called "How to Exit the Matrix" which was very informative on the subject of anonymity. But as far as internet usage itself goes, I don't believe Tor is the best thing to rely on due to the idea of exit nodes alone. I wonder how safe encryption even is. I really need to analyze my outgoing packets sometime...

    So any good tips on this subject? Are we safe from the NSA with SSH v2? SSL? General thoughts?

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Poindexter Fortran@VERT/REALITY to S/370 on Saturday, August 17, 2013 08:06:03
    Re: Rise of the Dark Nets
    By: S/370 to All on Fri Aug 16 2013 09:52 pm

    So any good tips on this subject? Are we safe from the NSA with SSH v2? SSL? General thoughts?

    I think ubiquitous encryption helps. Encrypt your email to your friends, your shopping list, your secret love letters. Get a VPN, route everything through it. Run your web traffic through SSL through an SSH tunnel through your
    VPN. Increase the amount of crap that needs to be encrypted exponentially.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Folsom@VERT/XBIT to Poindexter Fortran on Saturday, August 17, 2013 14:20:28
    Re: Rise of the Dark Nets
    By: Poindexter Fortran to S/370 on Sat Aug 17 2013 08:06 am

    Re: Rise of the Dark Nets
    By: S/370 to All on Fri Aug 16 2013 09:52 pm

    So any good tips on this subject? Are we safe from the NSA with SSH v2? SSL? General thoughts?

    I think ubiquitous encryption helps. Encrypt your email to your friends, you shopping list, your secret love letters. Get a VPN, route everything through it. Run your web traffic through SSL through an SSH tunnel through your
    VPN. Increase the amount of crap that needs to be encrypted exponentially.


    Although encrypting everything cannot hurt, I am afraid that it is impossible to have private realtime communication. At best encryption can hide the whats, but even mixers like tor cannot hide the whoms which could be enough to target someone for more direct surveillance. Probably the best we can hope for is a store and forward network that sends all traffic to everyone. That will let us encrypt and decrypt with some assurance that the whoms cannot be derived.

    ---
    þ Synchronet þ The X-BIT BBS * http://x-bit.org * http://x-bit.org/777.htm
  • From Corey@VERT/TSGC to Folsom on Saturday, August 17, 2013 15:35:54
    Re: Rise of the Dark Nets
    By: Folsom to Poindexter Fortran on Sat Aug 17 2013 02:20 p
    m

    Re: Rise of the Dark Nets
    By: Poindexter Fortran to S/370 on Sat Aug 17 2013 08:06 am

    Re: Rise of the Dark Nets
    By: S/370 to All on Fri Aug 16 2013 09:52 pm

    So any good tips on this subject? Are we safe from the NSA with SSH v SSL? General thoughts?

    I think ubiquitous encryption helps. Encrypt your email to your friends, shopping list, your secret love letters. Get a VPN, route everything thro it. Run your web traffic through SSL through an SSH tunnel through your VPN. Increase the amount of crap that needs to be encrypted exponentially


    Although encrypting everything cannot hurt, I am afraid that it is impossibl to have private realtime communication. At best encryption can hide the what but even mixers like tor cannot hide the whoms which could be enough to targ someone for more direct surveillance. Probably the best we can hope for is a store and forward network that sends all traffic to everyone. That will let encrypt and decrypt with some assurance that the whoms cannot be derived.


    I need new glasses.
    I could have sworn the title was rise of the dork nits

    "Practise safe Lunch, Use a Condiment"



    ---
    þ Synchronet þ Three Stooges Gentlemens Club - Las Vegas, Nv - tsgc.dyndns.org
  • From Poindexter Fortran@VERT/REALITY to Folsom on Sunday, August 18, 2013 08:42:20
    Re: Rise of the Dark Nets
    By: Folsom to Poindexter Fortran on Sat Aug 17 2013 02:20 pm

    Although encrypting everything cannot hurt, I am afraid that it is impossible to have private realtime communication. At best encryption can hide the whats, but even mixers like tor cannot hide the whoms which could be enough to target someone for more direct surveillance.

    With this illegal wiretap debacle involving the NSA recently, I'm cynical. Metadata isn't data, but metadata without supporting evidence = damning circumstantial evidence that doesn't need supporting evidence, or a warrant.

    I can imagine a criminal case being built on who a suspect called, not what was said.

    Probably the best
    we can hope for is a store and forward network that sends all traffic to everyone. That will let us encrypt and decrypt with some assurance that the whoms cannot be derived.

    I *knew* I kept this BBS running for a reason! Session passwords, packet passwords - too bad there isn't an easy way to include PGP into the mix with packets.

    Aw, hell - they'll just confiscate the hardware. Ain't no avoiding getting 0wned if you can touch the box.



    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Kc2ugv@VERT/KC2UGV to Folsom on Sunday, August 18, 2013 21:08:49
    Re: Rise of the Dark Nets
    By: Poindexter Fortran to S/370 on Sat Aug 17 2013 08:06 am

    Re: Rise of the Dark Nets
    By: S/370 to All on Fri Aug 16 2013 09:52 pm

    So any good tips on this subject? Are we safe from the NSA with SSH v2? SSL? General thoughts?

    I think ubiquitous encryption helps. Encrypt your email to your friends, you shopping list, your secret love letters. Get a VPN, route everything through it. Run your web traffic through SSL through an SSH tunnel through your VPN. Increase the amount of crap that needs to be encrypted exponentially.


    Although encrypting everything cannot hurt, I am afraid that it is impossible to have private realtime communication. At best encryption can hide the whats, but even mixers like tor cannot hide the whoms which could be enough to target someone for more direct surveillance. Probably the best we can hope for is a store and forward network that sends all traffic to everyone. That will let us encrypt and decrypt with some assurance that the whoms cannot be derived.

    ---
    þ Synchronet þ The X-BIT BBS * http://x-bit.org * http://x-bit.org/777.htm

    I2P delivers that, as does Freenet. Both do a pretty good job of hiding the source, and the client.

    ---
    þ Synchronet þ Sent from KC2UGV-1
  • From S/370@VERT/ECBBS to Poindexter Fortran on Thursday, August 22, 2013 05:46:23
    Re: Rise of the Dark Nets
    By: Poindexter Fortran to S/370 on Sat Aug 17 2013 08:06:03

    I agree with this for the most part. I already encrypt my aim and IRC sessions. I'm still going to encrypt email anyway, but there's one problem: The government has been monitoring emails on-site at the ISPs for years. Once it gets decrypted at the endpoint, the government gets a copy. Back when ISPs were fighting in court over this, noone seemed to pay attention. Wonder why the NSA came as a huge shock...

    To be honest, I still don't understand the concept of VPNs. I find them very useful for bypassing region lockout on websites, but never understood the protection it could provide (besides wireless sniffing). But I may pursue this idea simply for friends overseas.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From S/370@VERT/ECBBS to Folsom on Thursday, August 22, 2013 05:52:42
    Re: Rise of the Dark Nets
    By: Folsom to Poindexter Fortran on Sat Aug 17 2013 14:20:28

    A lot of people also tend to overlook the concept of exit nodes when it comes to tor. Tor is a great program as long as it is used properly. But if I read the documentation correctly, it seems that the exit node can see everything unencrypted.

    Freenet on the other hand seems to be much better in this regard since everything can remain encrypted. Now if only Freenet wasn't as dead as Geocities...

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From S/370@VERT/ECBBS to Corey on Thursday, August 22, 2013 05:54:40
    Re: Rise of the Dark Nets
    By: Corey to Folsom on Sat Aug 17 2013 15:35:54

    Well it will be the rise of the dork nits when we're alive while everyone else is getting butt-raped in the jail by the gov't for every little thing they do and say on the internet.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From S/370@VERT/ECBBS to Poindexter Fortran on Thursday, August 22, 2013 06:05:41
    Re: Rise of the Dark Nets
    By: Poindexter Fortran to Folsom on Sun Aug 18 2013 08:42:20

    That's a good point. I read an article recently about an IT specialist who got convicted of possessing child pornography. Although his hard drives were encrypted, the judge ordered him to turn over the passwords to decrypt them. Self incrimination? The judge says its not because he is already assumed to be guilty! So much for innocent until proven guilty.

    Of course, there were other things that gave him away, such as his download logs in his P2P program (which also pointed to his encrypted drives). From what I can see though, it seems that encrypted files are safer than encrypted partitions since they are harder to spot. A cool trick to try is to encrypt a file or archive and concatenate it to a jpeg. Just make sure that the filesize doesn't get too huge or even a kid will know something is special about that file.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Poindexter Fortran@VERT/REALITY to S/370 on Thursday, August 22, 2013 07:16:11
    Re: Rise of the Dark Nets
    By: S/370 to Poindexter Fortran on Thu Aug 22 2013 05:46 am

    To be honest, I still don't understand the concept of VPNs.

    When you don't trust that the guy next to you at Starbucks isn't sniffing packets, or that someone upstream is snooping on traffic, user VPNs are nice. It all depends on the VPN owner, whether they log traffic on their end that can be connected back to you, but it's a start.

    SSL through an SSH proxy through a VPN tunnel - have fun with that one - spend some cycles decrypting it just to see it's the latest groupon email.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Poindexter Fortran@VERT/REALITY to S/370 on Thursday, August 22, 2013 09:41:43
    Re: Rise of the Dark Nets
    By: S/370 to Poindexter Fortran on Thu Aug 22 2013 06:05 am

    That's a good point. I read an article recently about an IT specialist who got convicted of possessing child pornography. Although his hard drives were encrypted, the judge ordered him to turn over the passwords to decrypt them. Self incrimination? The judge says its not because he is already assumed to be guilty! So much for innocent until proven guilty.

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Khelair@VERT/TINFOIL to S/370 on Thursday, August 22, 2013 14:07:12
    So any good tips on this subject? Are we safe from the NSA with SSH v2? SSL? General thoughts?

    Well, here are my thoughts on the matter... I've been watching the crypto scene, particular PKI, pretty closely since about 1994, when Zimmerman released PGP 2.3a. Lately I've been in debate with a close friend, hell, he's pretty much my best friend, as well as the fact that he was back in that day & age, too, about the same matters. We differ in views on the whole matter a bit, but I'll detail each side of our debate-- the guy has a few IQ points on me, AND he's a software dev who is doing github projects regarding implementation of strong crypto and darknet solutions on ARM (7?) processors right now. Basically he's trying to create small, cheap solutions that make it easy for anyone to expand the tor network at the same time that he's working on finding a more effective dark- & mesh-net solution.
    (see https://www.philzimmermann.com/EN/background/index.html )
    In 1991, Philip Zimmerman began releasing PGP onto the internet, at this time I believe it was primarily distributed on usenet. I think it was at the time that he released 2.3a that the federal government (not sure which bureau, almost certainly the FBI or NSA) decided to press charges on him for exporting cryptographic software. At this point the claim was made (pretty sure it still stands) that certain public key encryption algorithms were a 'munition', and illegal for private ownership in the USA.
    Not long after, the NSA patented the RSAREF algorithm for public key encryption and declared it legal for public usage. As a result, my view ever since has been that the NSA has a serious problem cracking the original 2.3a algorithm; if the mathematical analysis of that algorithm is correct (and mathematicians as well as software peeps concerned with privacy have been pouring over it ever since), it is a real bitch to brute force. Of course, this always leaves open the waterboarding avenue of attack in order to get you to give up your passphrase. Due to the number of operations required to crack this algorithm it is still highly unlikely that even a massive amount of computing power can, within the space of many months to dozens of years, depending on key size, brute force that ciphertext.
    This is where my opinion is different than my friend's. His view of this matter is that, after the protracted legal battle which was dropped in 1996 against Zimmerman, the NSA decided that sending up a flag about which algorithms they can't crack was a bad idea, so they've been silent ever since. He makes a good point that the amount of crypto, mathematics, and software geeks that have been pouring over this software for over 20 years have never turned up anything, including the 'back door' that I suggested might exist within the patented RSAREF algorithm. For those who are seriously paranoid like myself, there is an option that hides the fact that you're using the
    old PGP 2.3a algorithm called pgp26ui, found as pgp26uis and pgp26uix as the archive base names online. This version will allow you to use any algorithm up to the ones that PGP 2.6 implemented, including the 2.3a one; you can specify how you want the ascii armor file or binary ciphertext file specified as a bogus version to fool anybody who takes a superficial look at the ciphertext. Of course this probably doesn't stand up to detailed analysis.
    For what it's worth, I'd feel [hypothetically] comfortable using this algorithm to encrypt data for myself or someone else to decrypt later probably for at least the next 10 years, barring implementation of any sort of quantum computing device to crack public key cryptography. Also, for information on how hard it is to break some other algorithms, take a look at distributed.net's results on using distributed computing power to crack RC5 encryption, even at a remarkably small relative keyspace ( http://tinyurl.com/mpn7ur2 ).
    As far as SSL, I've read some articles lately that talk about what it truly protects and what it does not. While it provides relative security compared to plaintext, I wouldn't rely on it for much of anything.
    SSH I'm a little bit more confident about, but not nearly as much as I used to be. I'm pretty sure that with the smaller keyspaces that are so common in these algorithms that they wouldn't handle any real amount of brute force attempt, at least if implemented against a small subset of the streamed data, as opposed to everything sent in a massive session. These last two opinions are not really justified by a large amount of armchair research, not compared to the opinions I have on PGP's algorithm.
    I do believe that Blowfish and Twofish, when implemented in the streams of some of these other protocols, may be used to increase probable security. I've heard very good things about them from people that know a hell of a lot more about compsci than I do.
    Um... Trying to think about what else I might be able to offer in the way of opinions... I guess I haven't researched many transparent disk image file encryption protocols like LUKS or the one that OpenBSD uses very much, although I rely on them. :P I'll have to make a point to be doing that soon here, I guess. I did study up a bit on OS/X's Tiger and Jaguar versions about their disk & sparseimage encryption when I realized that I'd forgotten a passphrase for a whole trove of data that I'd had to keep encrypted from the military. Still haven't found a decent way into that, and I haven't stumbled across anybody else that's gotten into that kind of stuff very easily, either. :| Pretty sure the idea I had to try it was going to rely on brute forcing the password, which, with the insane passphrases that I use, would've taken years at least.
    So anyway, that's what I've got for now. :) Hope it's helpful.

    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From Khelair@VERT/TINFOIL to Folsom on Thursday, August 22, 2013 20:50:40
    Re: Rise of the Dark Nets
    By: Folsom to Poindexter Fortran on Sat Aug 17 2013 14:20:28

    Although encrypting everything cannot hurt, I am afraid that it is impossibl to have private realtime communication. At best encryption can hide the what but even mixers like tor cannot hide the whoms which could be enough to targ someone for more direct surveillance. Probably the best we can hope for is a store and forward network that sends all traffic to everyone. That will let encrypt and decrypt with some assurance that the whoms cannot be derived.

    I've read a sh-tton of opinions be leading crypto people that encrypting everything and flooding the net with it is one of the best things that we could do at this point. I'm on my fone and llaying down for bed right now, but I guess I could jfgi if nobody else wants to. If nothing else it gives me content to link to in my wiki. :) Anyway the secure algorithms supposedly lose nothing in security with a large amount of cyphertext being out in the open, so the end result is totally positive in the agencies having much more cyphertext to sort through and no idea what they might be interested in and what is just normal backgroud chatter.

    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From Khelair@VERT/TINFOIL to S/370 on Saturday, August 24, 2013 03:24:28
    Re: Rise of the Dark Nets
    By: S/370 to Folsom on Thu Aug 22 2013 05:52:42

    A lot of people also tend to overlook the concept of exit nodes when it come to tor. Tor is a great program as long as it is used properly. But if I read the documentation correctly, it seems that the exit node can see everything unencrypted.

    Yes, the exit node gushes cleartext. Someone has to, unless the service is built to encrypt further.

    http://security.stackexchange.com/questions/27845/how-is-tor-secure/27851#27851

    That page seems to have a fairly decent description of the process. I do not believe that the exit node can determine your IP, however. Of course if there are a sufficient number of compromised nodes...

    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From S/370@VERT/ECBBS to Poindexter Fortran on Monday, August 26, 2013 02:51:22
    Re: Rise of the Dark Nets
    By: Poindexter Fortran to S/370 on Thu Aug 22 2013 07:16:11

    Sorry, I typed up a somewhat long response to your post, but my connection crapped out. Basically I thought VPN sounded pretty cool, but didnt quite see how it protects from sniffers. Usually I see it used to conceal identities from strangers on the internet.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From S/370@VERT/ECBBS to Khelair on Monday, August 26, 2013 03:02:27
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Sat Aug 24 2013 03:24:28

    That's the thing. Considering that the US Navy originally developed tor, I wouldn't be surprised if a good number of the exit nodes are run by the US government. But personallly I haven't heard any stories of people being busted on tor (yet), so maybe its safer than it looks. Nevertheless, someone mentioned I2P so I'll try reading more about that.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From S/370@VERT/ECBBS to Khelair on Monday, August 26, 2013 03:32:18
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Thu Aug 22 2013 14:07:12

    Damn, that was an informative read! That PGP story reminds me of what happened with DES. Basically NSA wanted IBM to reduce the key length in the algorithm. I think I'll look into PGP 2.3a a little more.

    My opinion is that the government will probably promote the crackable algorithms and stay relatively quiet about the impossible ones. Then again, they do get pretty bitchy about the exportation of them, so that could be a good sign as well. I heard somewhere that the goverment was having trouble cracking 256-bit AES so personally I wouldn't use anything less than that as far as AES is concerned. Then again, why would anyone ever use less encryption ;-) .

    Ouch! I didn't realize SSL and SSH were that insecure. But for now, it would probably be a good idea to monitor network traffic in public to spot possible sniffers. I feel pretty safe with them, but I really don't know too much about SSL or certificates.

    Can't remember much about Blowfish since I usually use MD5 instead, but personally it seems like it was a great algorithm when it came out. But as far as today, it may not be nearly as safe anymore. Of course, thats why we have Twofish! :-)

    Couldn't read the links yet cause I gotta wake up early tomorrow but I have them bookmarked.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Poindexter Fortran@VERT/REALITY to S/370 on Wednesday, August 28, 2013 10:08:28
    Re: Re: Rise of the Dark Nets
    By: S/370 to Khelair on Mon Aug 26 2013 03:32 am

    Damn, that was an informative read! That PGP story reminds me of what happened with DES. Basically NSA wanted IBM to reduce the key length in the algorithm. I think I'll look into PGP 2.3a a little more.


    We should look into a sysop's key exchange. I'd like to play with PGP after a LONG hiatus and would like some key partners to test with.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Kc2ugv@VERT/KC2UGV to S/370 on Wednesday, August 28, 2013 16:24:07
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Sat Aug 24 2013 03:24:28

    That's the thing. Considering that the US Navy originally developed tor, I wouldn't be surprised if a good number of the exit nodes are run by the US government. But personallly I haven't heard any stories of people being busted on tor (yet), so maybe its safer than it looks. Nevertheless,
    someone mentioned I2P so I'll try reading more about that.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

    It's all a function of your allowable attack profile.

    Yes, TOR exit nodes act as a man in the middle, and can potentially intercept your traffic. So, in order to use TOR efficiently, you should also cloud your identity.

    FWIW, I2P "outproxies" do the same thing. However, I2P is made to function as a network on top of the public internet, with all internal traffic
    untrackable, and encrypted.

    Freenet completely hides the source, however, the requester might be vulnerable, as all chunks will be located in their local cache.

    The I2P group has a great page discussing their threat model: http://www.i2p2.de/how_threatmodel.html
    I2P compared/contrasted with other networks: http://www.i2p2.de/how_networkcomparisons
    And, an entire distro designed to obscure all of your traffic: https://tails.boum.org/

    I do like I2P quite a bit, as it allows for private hosting of all kinds of services. You can even host a Synchronet BBS on it :)

    I personally have used TAILS, and have analyzed it a bit. It does appear to
    be on the up and up, and have not found a trojan or backdoor on it. But,
    don't trust, verify :)

    ---
    þ Synchronet þ Sent from KC2UGV-1
  • From Kc2ugv@VERT/KC2UGV to Poindexter Fortran on Wednesday, August 28, 2013 18:59:48
    Re: Rise of the Dark Nets
    By: S/370 to Poindexter Fortran on Thu Aug 22 2013 06:05 am

    That's a good point. I read an article recently about an IT specialist who got convicted of possessing child pornography. Although his hard drives were encrypted, the judge ordered him to turn over the passwords to decrypt them. Self incrimination? The judge says its not because he is already assumed to be guilty! So much for innocent until proven guilty.

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

    All of which means nothing if your upstream is willing to turn over any and
    all logs of traffic originating from you.

    At which point, you're in their house, and they are free to disclose anything the like about you. You, have no say in the matter.

    ---
    þ Synchronet þ Sent from KC2UGV-1
  • From Khelair@VERT/TINFOIL to S/370 on Friday, August 30, 2013 09:45:34
    Re: Re: Rise of the Dark Nets
    By: S/370 to Khelair on Mon Aug 26 2013 03:02:27

    That's the thing. Considering that the US Navy originally developed tor, I wouldn't be surprised if a good number of the exit nodes are run by the US government. But personallly I haven't heard any stories of people being bust on tor (yet), so maybe its safer than it looks. Nevertheless, someone mentio I2P so I'll try reading more about that.

    Yeah, I've thought about the exit node issue, too. After all, that's how a good portion of the wikileaks information got pwned, too. If you'll remember, Assange came on the scene, and it's not like you can just advertise "Leak all your info to us! Be the first!" When they got on the scene they already had millions of leaked cables and documents. It was from running tor exit nodes. Thing about that is that you still can't determine the original sender's IP from the information that flows from them, so if you are careful enough with your online habits, you've still got a decent degree of protection. Using tor alone really isn't a good defense if you're still logging in to the same accounts, with the same passwords, from the same location, etc etc etc. Tor's site has a lot of documentation about proper usage of it that is pretty valuable.
    Unfortunately, I just came across the news yesterday that the NSA has made some massive, but thoroughly unspecific, advances in decrypting common encrypted data. So it doesn't really specify if that is for SSL/SSH/PGP, or what, but it really should make a person reconsider what they're willing to commit to digital media in the first place. I can't find the exact link that I first read it at, but here is one referencing the same information that came courtesy of Ed Snowden: http://tinyurl.com/oc3avnp Needless to say, I'm reassessing my previous assertions that the PGP 2.3a algorithm, even, is still an issue for the NSA to crack.
    Came across this while I was looking for that last link, too. Ugh I closed the link but it should be easy enough to google. Looks like anybody with decent sniffing capabilities on your data can get through SSL pretty easily.
    Oh as far as people being busted on tor, also... Look up the massive wave of child porn busts that the federal government made not too long ago. Those were all related to federal interception of tor data and/or bitcoin data.

    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From Corey@VERT/TSGC to Khelair on Friday, August 30, 2013 09:09:05
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Fri Aug 30 2013 09:45 am

    Re: Re: Rise of the Dark Nets
    By: S/370 to Khelair on Mon Aug 26 2013 03:02:27

    That's the thing. Considering that the US Navy originally developed tor, wouldn't be surprised if a good number of the exit nodes are run by the U government. But personallly I haven't heard any stories of people being b on tor (yet), so maybe its safer than it looks. Nevertheless, someone men I2P so I'll try reading more about that.

    Yeah, I've thought about the exit node issue, too. After all, that's ho good portion of the wikileaks information got pwned, too. If you'll remembe Assange came on the scene, and it's not like you can just advertise "Leak al your info to us! Be the first!" When they got on the scene they already ha millions of leaked cables and documents. It was from running tor exit nodes Thing about that is that you still can't determine the original sender's IP from the information that flows from them, so if you are careful enough with your online habits, you've still got a decent degree of protection. Using t alone really isn't a good defense if you're still logging in to the same accounts, with the same passwords, from the same location, etc etc etc. Tor site has a lot of documentation about proper usage of it that is pretty valuable.
    Unfortunately, I just came across the news yesterday that the NSA has ma some massive, but thoroughly unspecific, advances in decrypting common encrypted data. So it doesn't really specify if that is for SSL/SSH/PGP, or what, but it really should make a person reconsider what they're willing to commit to digital media in the first place. I can't find the exact link tha first read it at, but here is one referencing the same information that came courtesy of Ed Snowden: http://tinyurl.com/oc3avnp Needless to say, I'm reassessing my previous assertions that the PGP 2.3a algorithm, even, is sti an issue for the NSA to crack.
    Came across this while I was looking for that last link, too. Ugh I clo the link but it should be easy enough to google. Looks like anybody with decent sniffing capabilities on your data can get through SSL pretty easily.
    Oh as far as people being busted on tor, also... Look up the massive wa of child porn busts that the federal government made not too long ago. Thos were all related to federal interception of tor data and/or bitcoin data.

    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell



    beware the dorknits!

    "Practise safe Lunch, Use a Condiment"


    ---
    þ Synchronet þ Three Stooges - Las Vegas, Nv - tsgc.synchro.net
  • From Poindexter Fortran@VERT/REALITY to Khelair on Friday, August 30, 2013 12:01:58
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Fri Aug 30 2013 09:45 am

    Yeah, I've thought about the exit node issue, too. After all, that's how a good portion of the wikileaks information got pwned, too.

    Yep, TOR protects where you're coming from, not what you're sending.

    Anyone here interested in a PGP key exchange?

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org
  • From Khelair@VERT/TINFOIL to Poindexter Fortran on Sunday, September 01, 2013 13:02:42
    Re: Re: Rise of the Dark Nets
    By: Poindexter Fortran to Khelair on Fri Aug 30 2013 12:01:58

    Anyone here interested in a PGP key exchange?

    Yessir. I will get on getting some new ones generated for this
    very thing asap. Well, as asap as I can being as the coffee is not yet
    making up a suitable percentage of my bloodstream just yet.


    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    þ Synchronet þ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From Kc2ugv@VERT/KC2UGV to Poindexter Fortran on Sunday, September 01, 2013 22:38:56
    Re: Re: Rise of the Dark Nets
    By: Khelair to S/370 on Fri Aug 30 2013 09:45 am

    Yeah, I've thought about the exit node issue, too. After all, that's how a good portion of the wikileaks information got pwned, too.

    Yep, TOR protects where you're coming from, not what you're sending.

    Anyone here interested in a PGP key exchange?

    ---
    þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

    Why not just submit your signing key here: http://keys.gnupg.net/pks- commands.html#submit

    ---
    þ Synchronet þ Sent from KC2UGV-1
  • From S/370@VERT/ECBBS to Kc2ugv on Tuesday, September 17, 2013 02:30:42
    Re: Re: Rise of the Dark Nets
    By: Kc2ugv to Poindexter Fortran on Sun Sep 01 2013 22:38:56

    Sorry for the late reply everyone. I haven't been home in a long time. I
    forgot how much moving begins to hurt!

    I finally got around to reading that PDF about researchers using parallelism to break encryption. While it is very impressive, I'm wondering what this means for our data in the real world, since there was one slight flaw in the experiment: They already knew what they were trying to crack. Of course, the main intent was to show the performance benefits of parallel computing so this isn't too important. :)

    I've been meaning to ask for a long time, but is this BBS encrypted through telnet? I probably sound like a retard for saying it. But I tried sniffing my own packets and couldn't find my own password or username in plain text. Maybe its a Synchronet feature I don't know about. :)

    The PGP key exchange sounds fun!...except I'm still a noob at this subject. I'm up for it as well, but I need to research the subject first.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com
  • From Sampsa@VERT/B4BBS to S/370 on Thursday, September 26, 2013 16:11:00
    S/370 wrote to Kc2ugv <=-

    I've been meaning to ask for a long time, but is this BBS encrypted through telnet? I probably sound like a retard for saying it. But I
    tried sniffing my own packets and couldn't find my own password or username in plain text. Maybe its a Synchronet feature I don't know
    about. :)

    Telnet is all plain text - when you type your password in it'll be sent
    as plaintext over the wire.


    ... MultiMail, the new multi-platform, multi-format offline reader!
    --- MultiMail/Darwin v0.49
    þ Synchronet þ B4BBS = London, England - b4bbs.sampsa.com:2323 (telnet) or 2222 (ssh)
  • From S/370@VERT/ECBBS to Sampsa on Saturday, September 28, 2013 03:45:41
    Re: Re: Rise of the Dark Nets
    By: Sampsa to S/370 on Thu Sep 26 2013 16:11:00

    I figured the same, but its still strange that my username and password aren't showing up in the output from tcpdump. Guess I'll keep messing with it.

    ---
    þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com