Comments

You must log in or register to comment.

An_Old_Big_Tree wrote

tldr anybody?

3

celebratedrecluse OP wrote

Signal and Tor are in various ways, known and suspected, compromised to state-level actors in USA, and probably the rest of the 14 eyes. This is because they were designed and marketed by CIA front agencies.

It is very important for every affinity group to have people capable of making actual semi-secure infrastructure for direct action comms, and to go low tech rather than high whenever possible, rather than relying on the suspiciously easy-to-use and technically flawed tools bankrolled by the same people who funded Radio Free Asia.

There is, behind my intent in posting this, a broader critique of the first world cryptoanarchist community and their technocratic aversion to politics, which i will probably write my own essay on as it's something I've reflected on as someone who no longer feels comfortable with that particular label/ideology.

4

An_Old_Big_Tree wrote

a broader critique of the first world cryptoanarchist community and their technocratic aversion to politics, which i will probably write my own essay on

please do, I would like to read it

I'm not sure what you mean by "technocratic aversion to politics" but it sounds interesting

4

celebratedrecluse OP wrote

thank you, i will work on that essay soon, within the next week i should be able to finish the spell/logic check

as an aside, i wish i had more help to work on my bioscience projects, i am the only one who has interest and time/energy right now. essays are easier because it's a one-woman job, but science requires peer review etc. i hope i can get started on that sooner rather than later

3

An_Old_Big_Tree wrote

I hope you find people who get on board! It may help to make it more accessible

3

celebratedrecluse OP wrote

I am hopeful that Raddle can be a fruitful place to start and collaborate on it, there's just....so much to do to get started. I set out to start learning and documenting these endeavour before all the crises. I feel I am juggling quite a many different things at once.

2

An_Old_Big_Tree wrote

I don't even have a real sense of what kind of work you are interested in here.

2

celebratedrecluse OP wrote

Oh, the stuff I was talking about before, assessing the options and creating a guide for decentralized manufacture of estradiol (first, and then other compounds) through purification & processing of genetically modified yeast cultures. the goal being to make these medicines producable. i was inspired by 4 thieves vinegar among others.

2

An_Old_Big_Tree wrote

How's this going?

2

celebratedrecluse OP wrote

i am obtaining the base equipment for this operation with proceeds from an alternative process which i have been able to make money from. once the lab has all it needs generated from its activity, i can start the wiki entry relevant to estradiol.

3

An_Old_Big_Tree wrote

This sounds exciting.

2

celebratedrecluse OP wrote

I've been delayed by coronavirus, the economic bullshit, losing a job, getting another, and starting a co-op, as well as some online endeavours. I also have a couple, uh, "side hustles"...all legal, of course! and some other shit ass praxis i can't list here. however, it is plugging along, slowly but what can you do. I've decided to host my workshops on Raddle when the time comes around, because IRL fuckers aren't reliable, though i don't really blame them. It was supposed to be easier to have an infoshop and recruit in person, but such is life.

4

quandyalaterreux wrote

Signal and Tor are in various ways, known and suspected, compromised to state-level actors in USA, and probably the rest of the 14 eyes. This is because they were designed and marketed by CIA front agencies.

Where's your evidence? The best evidence we have from the Snowden leaks indicates that Tor is the king of privacy (and he still recommends it to this day). For Signal: https://signal.org/bigbrother/

You can't just slap a few FUD claims with non-technical innuendo and expect us to move back to plaintext and just accept our doomed fate.

1

celebratedrecluse OP wrote

The US government runs like 1/3 or more of the relays. It's right on the website FAQ that the network is not designed to handle a committed global adversary with limitless financial and logistic resources. Correlation attacks are not difficult for such global actors.

If you want proof, it's still "unexplained" how hundreds of markets, child porn sites, and other darknet sites were compromised at the same time by LE across the globe. Simply taking over the sites themselves is implausible, how would they have done so many at once. And these are the .onions, the exit nodes are much easier to track one with, trivial in comparison.

Most of the drug markets have USA government participation, the USA has a long history of some agencies selling drugs to finance black ops operations. This is why they keep them around. It's not because they're technically beyond their capacity to take down.

Signal, it scans your whole contacts list. That's all LE needs, your messages are less desirable than understanding your social network. The server is in Mountain View, CA, USA: why? USA is one of the worst countries for a privacy service to host in, endless headaches even if no data is lost.

But let's say the contacts lists aren't broken. The application requires you to connect your phone number to register, which forces you to use it on a smartphone. The desktop applications are pretty shitty, bloated, and still force you to use a smartphone because you can't use them standalone. For a very long time, it was impossible to get the application without using the Google Play or iOS app stores: both are PRISM partners, and obviously they force you to use a smartphone. But that's not suspicious, not at all, right? Just coincidences of course.

These aren't FUD. These tools are specifically designed to encourage US geopolitical interests, not to help people evade USA LE. There are no technocratic solutions to the problem of widespread mass surveillance, you have to consider the socioeconomic element.

If you are forced to rely on a central server or set of servers, you are beholden to that server. What if it goes down, or is censored? What if it is compromised? Having centralized services makes a large target, and through social engineering or context manipulation, substantial problems emerge.

It is better and more anarchist to take matters into your own hands, and ditch central servers entirely. In fact, moving away from total reliance on the corporate internet is for the best; meshnets are very much needed as a backup, especially in an age of high socioeconomic tensions and protest-related censorship & tracking.

as far as this great man theory of cryptoanarchy....

Snowden is an op. His story just...it's just not credible to me.

Jacob Applebaum, one of the main tor developers, gets paid a very large salary from the US government's military contracts with the tor project. And they're friends with an enemy of the state? I just don't buy it, something has to be up with that.

1

quandyalaterreux wrote

The US government runs like 1/3 or more of the relays.

[citation needed], go to tor-relays mailing list to get familiar with who actually runs them.

It's right on the website FAQ that the network is not designed to handle a committed global adversary with limitless financial and logistic resources. Correlation attacks are not difficult for such global actors.

Even with a global adversary you're better off using Tor (if you disagree please tell us to go directly plaintext so we can laugh at your suggestion).

Signal, it scans your whole contacts list.

I agree that metadata is important, but Signal does make significant effort at making it private, and your assertion here is blatantly false:

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. https://signal.org/blog/sealed-sender/

(see https://signal.org/blog/private-contact-discovery/ for the technology and https://signal.org/bigbrother as a case in point).

2

celebratedrecluse OP wrote

Why do you think the US Military bankrolls this project?

Where do you think the money is going?

Why would they invest in something that does not benefit them?

A wet paper towel is not better than a wet toilet paper, when it comes to drying your clothes. Similarly, a global adversary will rip right through tor, they have automated systems to do so. The snowden leaks...revealed this. I'm serious, there was one powerpoint in particular from about seven years ago called "Tor Stinks" that detailed their plan to deal with this obstacle and deanonymize the users by running a plurality of the relays. If you think there isn't a use of soft power to do so, you are kidding yourself, because you want to believe in the technology over all political reality. This is the technocratic mindset that I referred to above. The government would not continue to fund this if it wasn't serving their interests overall vis a vis foreign policy.

I don't have a problem, I don't live in USA, and I do not think they will drone strike me at this time. But I don't imagine for a second that I am not able to be tracked by the government that funds the tor service. I am just not as worried about those threat model. But the people on this website, seem to be disproportionately USA residents, because it is english language predominantly. So...it is relevant to bring up.

It would be different if tor relay technology was able to be federated, creating smaller networks which are invite only. But I have not heard of such an implementation of onion routing. I think it would be a great experiment for anarchists to look into.

Signal does not enable sealed sender for all messages...only ones with your contacts. If you are speaking to someone for the first time, guess what is sent to the server? The metadata. On a USA server. Where all traffic is monitored by government third parties, no doubt. If the USA government wasn't doing that...I would lose faith in their capacity to do basically anything.

Might want to consider how this will be used for metadata mapping, I imagine it is quite effective. Sure, you are not getting a picture over time, but with active Signal users numbering only in the tens of millions, it is trivial to use such first time messages to paint a picture of point in time contact networks. Which has its uses, no doubt more profound than the non-tech people who take Signal at face value usually consider.

If sealed sender is enabled for everything, at this time I believe there are concerns it could present a censorship liability for the service. Which is why, at this time, it does not appear to be enabled by default for all messages on the default install. There is a catch 22 here that hasn't been solved, if i am mistaken i am happy to learn more about the system but this is what i read in the link you provided, a blog post that i am already familiar with.

the address book is distributed and user-owned.

Is it, moxie? No, it is on a very compromised device, 95+% of the time people are not running the app on a virtual machine or using desktop only or whatever shitty hack their substandard software forces people to do if they want actual privacy with basic functionality. Relying on embedded OS contact lists, and phone numbers, and apple/google app stores...is an enormous problem. The service kicking the problem down the road, making people even more dependent on a deeply compromised structure, is the very problem I am trying to point out. But you are speaking as if this is a strength of the code. In any political context, this is a very misleading argument which leaves non-technical political users with a very inflated view of their security.

Signal's threat model, like Tor's, does not account for USA government. This is the only point I am making, they would both admit as much to you. As far as the "big brother" link, I would refer you to the Apple-FBI drama over the San Berdanido (spelling?) attack, and Apple's presence in the snowden leaks as a collaborator of the NSA since 2012. These type of fake legal battles are conjured to keep people using certain, few platforms. Why? To concentrate all the users of interest into just a few platforms, making surveillance and contact analysis easier, by layering the systems one on top of another so you cannot escape without what most people would consider impractical and technically complicated shitty hacks.

But instead of owning up to this, or making the system easier to use safely, they spend time making sticker packs to encourage more snapchat and Tik Tok users to switch. And desktop still cannot make or receive calls, video or voice, after years. I guess they really want you chained to your smartphone, how considerate of them right?

2

stoned_chief wrote

Why do you think the US Military bankrolls this project?

Because they need to use Tor themselves. These technologies aren't made to just benefit the people, they also benefit the government agencies/organizations who fund them. Tor wouldn't work if it was only used by military/intelligence. They needed to open it up to the public.

Is Tor perfect? Fuck no.

Is Signal perfect? No, it actually kind of sucks.

Does that mean they are completely backdoored and purely made for surveillance? No... Well, at least Tor isn't. Signal can be sort of sketchy because of how centralized it is, but they also allow you to verify your contact's keys as well so worst-case scenario you just have to verify that they are providing the correct crypto keys.

We 100% need to rebuild technology from the ground up. Networks/the internet, hardware, firmware, software, it's all backdoored. But that doesn't mean we should completely disregard these band-aid solutions for the time being. Instead of attacking these projects, I think our time would be MUCH better spent on getting the word out about how everything is backdoored and why we need to rebuild everything from scratch, because until then, we will never defeat state/corporate surveillance, we can only fight a constant battle of trying to minimize it.

2

[deleted] wrote

0

quandyalaterreux wrote (edited )

She didn't say that plaintext was better, she said that one shouldn't idealise tor as a 100% safe tool to conspire with!

Of course no one is idealizing tools here, nothing is perfect. There are bugs, there are known longstanding issues that affect all anonymity systems (not just Tor). But the way they were framing the discussion made it look as if not using Tor was the preferable course of action.

1

zddy wrote

Seems like there isnt a truly safe way to organize online unless, like you said, built your own comm systems.

1

libre_dev wrote

This is why you should use Briar instead of Signal. In addition to Tor it can also communicate over Bluetooth and Wifi Direct, no Internets necessary. I don't really consider Tor to be the largest concern next to Signal's servers being in the US. It's also much easier to subpoena Google for its web tracking data to track Tor Browser users than breaking Tor itself.

Another thing to keep in mind is that every router, phone, laptop and desktop is compromised by things like Intel ME. RISC-V and libre software defined radio makes the situation better, but low-tech solutions are easier for most people to understand. Meeting face-to-face in random physical locations with no phones costs way more for the spooks to try and eavesdrop on, compared to tricking people into thinking WhatsApp is secure.

There are also systems that make use of data diodes which are immune to data exfiltration over the network.

3

cute wrote

Another thing to keep in mind is that every router, phone, laptop and desktop is compromised by things like Intel ME.

None of so have been proven but I do agree that a backdoor may exist due to it being proprietary.

1

celebratedrecluse OP wrote

if it did not, I would lose faith in USA government competence. They spend billions on mass surveillance annually, how would they not use their corporate partner to put one. They have said they want one for years, and Intel relies in big part on the contracts with them...

1

kore wrote

Re: Tor, no correlation is made between the funding by state-level actors and the ability to compromise Tor's anonymity. That is, there's no argument that these groups are paying Tor to put in back doors. I thought everyone knew that a traffic analysis attack is possible by organizations with sufficiently large access to monitoring internet traffic? No surprise to me anyway.

Re: Signal: I don't use it mostly because of the phone number thing, though I suppose you could use a burner phone. But, I still think that E2EE is secure when used properly.

1

celebratedrecluse OP wrote (edited )

Re: Tor

You don't understand. This has nothing to do with "backdoors", the code is irrelevant and a red herring that the government uses all the time to shift the discourse away from the actual flaws which allow them to break their own tools. The government of USA and its surveillance partners runs a huge proportion of the relays. They monitor all the major internet traffic cables, as you said. Tor does not protect you at all from USA surveillance. It was never designed to, its purpose was to shield spies and USA-allied dissidents who were operating in a foreign country and wanted to disguise their internet traffic from non-global adversaries, like the authorities of the country they are embedded in.

Signal

It forces you to use a smartphone. The USA government can see everything you type into your smartphone. It doesn't matter how encrypted it is, they get all your data in plaintext beforehand...

1

kore wrote (edited )

The USA government can see everything you type into your smartphone.

can you explain how this works? a link to an authoritative leaked document perhaps? I guess I just wonder why many pro-privacy organizations (like the EFF) don't really seem to talk about this. I guess this also gets into threat models. Like, if you're just trying to keep intimate conversations private or something.

1

celebratedrecluse OP wrote

Google Play Services. That's it, you're done, anything on the phone will be uploaded to Google servers, where it will be transferred to NSA's historically massive Nevada databases, unprecedented in world history. If you become of interest, they look through all the data. Why else would they build such a huge data center.

Apple's proprietary root OS has very similar characteristics, but we know less about it because of the secrecy.

EFF doesn't talk about this because, there's nothing to be done. People aren't going to stop using cell phones, not most people anyway, so talking about it would turn people off.

1

kore wrote

i dont have google play services installed on my smartphone.

1

celebratedrecluse OP wrote

oh, a great step! most do not take. but i am not surprised, the average technical competence of people on Raddle is much higher than the norm.

However, does everyone you communicate not have it on their phone? Otherwise, any communications involving those parties who do, is going to be compromised, because the screen can be read directly and keystrokes are logged. The data collection capacity is basically infinite.

And moreover, what of the cellular baseband? There are backdoors in the firmware of every GSM modem, which is proprietary and tightly guarded information (especially for newer cell networks, certainly including but not limited to the 5G capable products that will be rolling out). what's worse, most modems are either known to not be well isolated from the rest of the device, or are unknown whether they are well isolated from the rest of the device.

Like with all common CPUs and GPUs, cellular modems are not free or safe from determined state-level actors.

1

cute wrote

Android virtual machines/ emulators and the desktop app exist.

1

celebratedrecluse OP wrote

Yes, and the desktop signal app is shit, lacks basic functionality and most users will never even think to use a virtual machine, let alone learn how to work out all the various kinks and issues which arise when implementing such a nonstandard use case.

But at least they have stickers now, right? Lol

1

cute wrote

They're trying to appeal to the general population, not really mad at them for that since things like XMPP and Briar are very unappealing to most

1

quandyalaterreux wrote

Where is the evidence? All I see is FUD spreading and innuendo. Yes, the Open Technology Fund is financed by the USA, so what?

The second link is from a known forger.

1

celebratedrecluse OP wrote

All the information that is relevant to what i am saying is public information, offered by the developers themselves. you don't have to trust the specific authors, it is just a conversation starter.

I am not spreading FUD...you can't just trust code to keep you safe, technology is nothing without social context. It's frustrating to see some of you get defensive when people try to have this conversation, to be frank.

0

quandyalaterreux wrote (edited )

All the information that is relevant to what i am saying is public information, offered by the developers themselves. you don't have to trust the specific authors, it is just a conversation starter.

Can you point to where you find this evidence in public information and how you synthesized it from it?

I am not spreading FUD...

Yasha Levine is a known FUD spreader, and you're sharing his offensive idiocies which make a accomplice to the charge of FUD spreading.

1

celebratedrecluse OP admin wrote

This is an ad hominem, and irrelevant to what I'm talking about. My points are already detailed above, in a much more constructive and interesting conversation we had up there.

additionally, i'm not saying this to win the argument, but you can't use ableist language here, i'm a mod and nobody else has said anything so i have to mention this. You can insult me in a less problematic way, that's fine.

0