HackerTrans
TopNewTrendsCommentsPastAskShowJobs

RonMarken

no profile record

comments

RonMarken
·2 anni fa·discuss
Hypothetically if the machines were not rendered inoperable - either physically or by a remote 'kill switch' how self-sufficient could an operator be without support of ASML or TSMC personnel?
RonMarken
·2 anni fa·discuss
This is all very interesting. No disrespect to Mullvad but will there be any effort towards attempting to get such functionality standardized? In the past there was a XOR scrambling patch for OpenVPN[1] to attempt to circumvent certain government firewalls and the OpenVPN developers had concerns about unaudited changes to the wire protocol.

[1]: https://proprivacy.com/vpn/guides/openvpn-scramble-xor-obfus...
RonMarken
·3 anni fa·discuss
Have further information on potential malice by Private Internet Access or employees?
RonMarken
·4 anni fa·discuss
Considering past events such as this.[1] I think it is more likely that the F.B.I are aware of TAILS and its limitations against certain adversaries and choose not to comment.

[1]: https://gizmodo.com/report-facebook-helped-the-fbi-exploit-v...
RonMarken
·4 anni fa·discuss
While supporting funding more nodes is a noble goal another concern I consider overlooked is the potential 'centralisation' of nodes e.g how a large number of Tor nodes are hosted in Germany and near countries and the implications for network surveillance.
RonMarken
·4 anni fa·discuss
As a related topic the NY Times .onion site likes to refuse loading articles thinking a normal visitor with Tor Browser is a robot.

If anyone has any contact with the NYTimes ops' team perhaps this issue could be raised with them.
RonMarken
·4 anni fa·discuss
Might recall reading something to the effect of the C Tor daemon having run into bottlenecks due to lack of multi-threading of certain components and general concern over safety footguns.
RonMarken
·4 anni fa·discuss
Agree. While this is certainly a notable milestone it does seem a little premature to celebrate considering the caveats of the current version.
RonMarken
·4 anni fa·discuss
> Satoshi must be an expert in hiding.

There are allegations that Satoshi may have accidentally slipped up and leaked IP address that was not a Tor exit-node or other anonymous-proxy.

Could either be Satoshi fucking up and not using Tor all the time (has happened to other 'anonymous' entities) or perhaps they needed a clearnet connection for some reason and managed to use another internet connection not attached to any identifiers that would lead back to them despite that.
RonMarken
·4 anni fa·discuss
Some people claim this is the situation with the new Twitter onion-service. Sad.
RonMarken
·4 anni fa·discuss
Created and accessed over Tor or a clearnet connection?
RonMarken
·4 anni fa·discuss
How about the fact Twitter recently launched an official onion-service yet it is claimed by users when attempting to create an account with email over it the account is locked for 'abuse' within short order?
RonMarken
·4 anni fa·discuss
Anyone accept Monero?
RonMarken
·4 anni fa·discuss
Perhaps Twitter needs to make it easier to create accounts anonymously and stop virtue signaling (i.e suspend accounts created over Tor onion-service)

With pseudonymous usage of public services information minimisation to maintain operational-security against private user-data being disclosed by external hackers or rogue insiders is a mantra that needs to be followed religiously.
RonMarken
·4 anni fa·discuss
Conclusion. Some random person created a bunch of Tor exit nodes doing some internal routing fuckery for :80 traffic. Anyone should assume their plain-text traffic is fine-pickings when over Tor (and probably any of the VPN providers anyway)

(If you are more concerned about traffic correlation perhaps be more careful where you are entering the Tor network)
RonMarken
·4 anni fa·discuss
I was under the impression the KPN attacker merely used a single-hop VPN service from his KPN connection and the investigators managed to correlate traffic-flows.

Unfortunate that talk is not publicly available.
RonMarken
·4 anni fa·discuss
Realistically you cannot win against a resourceful adversary every time. But merely painting the situation through the lens of premature surrender is also a disservice.

It will be interesting to see what third-party researchers discover about these new protections. Might remember something about Apple rewriting format parsers for iMessage in memory-safe language with sandboxing as Blastdoor and it was discovered there was still plenty of attack-surface in the unprotected parsers.
RonMarken
·4 anni fa·discuss
One cannot remain private or anonymous from a state-level adversary indefinitely but throwing your hands up and dismissing it as impossible is also a fallacy. Details are sporadic for easy reasons but quite a few whistle-blowers and other controversial figures have managed to keep themselves anonymous and disappear in a controlled-exit without any obvious retribution. Probably the best case outcome.
RonMarken
·4 anni fa·discuss
No comment on the prospect of owning a company anonymously or publishing apps through Apple but in certain communities it is accustomed to be anonymous, particularly in those which knowledge of real-life identities could be used to gain items of value.

One omen of advice is that if you are not taking measures preemptively to actively remain anonymous that itself could be a means of exposure and makes this entire exercise futile. For longer-term anonymous identities merely picking a pseudonym and casually using it makes it easy to slip-up and potentially lead to correlation. Slightly dated now but suggest you read-up on 'OPSEC for hackers' and other publications by The Grugq as a starting point.
RonMarken
·4 anni fa·discuss
This appears to be good however recent events showing the deconstruction of prior precedents and other policies not directly implemented by laws raise a tangible concern.

It would not be surprising if some bored prosecutor with a grudge attempts to throw this out the window. In addition litigation by private-companies using the same laws could attempt to win by the virtue of having better funding and/or lawyers than the defendant.

Too cynical? Maybe.