Viewing a single comment thread. View all comments

quandyalaterreux wrote

Signal and Tor are in various ways, known and suspected, compromised to state-level actors in USA, and probably the rest of the 14 eyes. This is because they were designed and marketed by CIA front agencies.

Where's your evidence? The best evidence we have from the Snowden leaks indicates that Tor is the king of privacy (and he still recommends it to this day). For Signal:

You can't just slap a few FUD claims with non-technical innuendo and expect us to move back to plaintext and just accept our doomed fate.


celebratedrecluse OP wrote

The US government runs like 1/3 or more of the relays. It's right on the website FAQ that the network is not designed to handle a committed global adversary with limitless financial and logistic resources. Correlation attacks are not difficult for such global actors.

If you want proof, it's still "unexplained" how hundreds of markets, child porn sites, and other darknet sites were compromised at the same time by LE across the globe. Simply taking over the sites themselves is implausible, how would they have done so many at once. And these are the .onions, the exit nodes are much easier to track one with, trivial in comparison.

Most of the drug markets have USA government participation, the USA has a long history of some agencies selling drugs to finance black ops operations. This is why they keep them around. It's not because they're technically beyond their capacity to take down.

Signal, it scans your whole contacts list. That's all LE needs, your messages are less desirable than understanding your social network. The server is in Mountain View, CA, USA: why? USA is one of the worst countries for a privacy service to host in, endless headaches even if no data is lost.

But let's say the contacts lists aren't broken. The application requires you to connect your phone number to register, which forces you to use it on a smartphone. The desktop applications are pretty shitty, bloated, and still force you to use a smartphone because you can't use them standalone. For a very long time, it was impossible to get the application without using the Google Play or iOS app stores: both are PRISM partners, and obviously they force you to use a smartphone. But that's not suspicious, not at all, right? Just coincidences of course.

These aren't FUD. These tools are specifically designed to encourage US geopolitical interests, not to help people evade USA LE. There are no technocratic solutions to the problem of widespread mass surveillance, you have to consider the socioeconomic element.

If you are forced to rely on a central server or set of servers, you are beholden to that server. What if it goes down, or is censored? What if it is compromised? Having centralized services makes a large target, and through social engineering or context manipulation, substantial problems emerge.

It is better and more anarchist to take matters into your own hands, and ditch central servers entirely. In fact, moving away from total reliance on the corporate internet is for the best; meshnets are very much needed as a backup, especially in an age of high socioeconomic tensions and protest-related censorship & tracking.

as far as this great man theory of cryptoanarchy....

Snowden is an op. His story's just not credible to me.

Jacob Applebaum, one of the main tor developers, gets paid a very large salary from the US government's military contracts with the tor project. And they're friends with an enemy of the state? I just don't buy it, something has to be up with that.


quandyalaterreux wrote

The US government runs like 1/3 or more of the relays.

[citation needed], go to tor-relays mailing list to get familiar with who actually runs them.

It's right on the website FAQ that the network is not designed to handle a committed global adversary with limitless financial and logistic resources. Correlation attacks are not difficult for such global actors.

Even with a global adversary you're better off using Tor (if you disagree please tell us to go directly plaintext so we can laugh at your suggestion).

Signal, it scans your whole contacts list.

I agree that metadata is important, but Signal does make significant effort at making it private, and your assertion here is blatantly false:

In addition to the end-to-end encryption that protects every Signal message, the Signal service is designed to minimize the data that is retained about Signal users. By design, it does not store a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars.

(see for the technology and as a case in point).


celebratedrecluse OP wrote

Why do you think the US Military bankrolls this project?

Where do you think the money is going?

Why would they invest in something that does not benefit them?

A wet paper towel is not better than a wet toilet paper, when it comes to drying your clothes. Similarly, a global adversary will rip right through tor, they have automated systems to do so. The snowden leaks...revealed this. I'm serious, there was one powerpoint in particular from about seven years ago called "Tor Stinks" that detailed their plan to deal with this obstacle and deanonymize the users by running a plurality of the relays. If you think there isn't a use of soft power to do so, you are kidding yourself, because you want to believe in the technology over all political reality. This is the technocratic mindset that I referred to above. The government would not continue to fund this if it wasn't serving their interests overall vis a vis foreign policy.

I don't have a problem, I don't live in USA, and I do not think they will drone strike me at this time. But I don't imagine for a second that I am not able to be tracked by the government that funds the tor service. I am just not as worried about those threat model. But the people on this website, seem to be disproportionately USA residents, because it is english language predominantly. is relevant to bring up.

It would be different if tor relay technology was able to be federated, creating smaller networks which are invite only. But I have not heard of such an implementation of onion routing. I think it would be a great experiment for anarchists to look into.

Signal does not enable sealed sender for all messages...only ones with your contacts. If you are speaking to someone for the first time, guess what is sent to the server? The metadata. On a USA server. Where all traffic is monitored by government third parties, no doubt. If the USA government wasn't doing that...I would lose faith in their capacity to do basically anything.

Might want to consider how this will be used for metadata mapping, I imagine it is quite effective. Sure, you are not getting a picture over time, but with active Signal users numbering only in the tens of millions, it is trivial to use such first time messages to paint a picture of point in time contact networks. Which has its uses, no doubt more profound than the non-tech people who take Signal at face value usually consider.

If sealed sender is enabled for everything, at this time I believe there are concerns it could present a censorship liability for the service. Which is why, at this time, it does not appear to be enabled by default for all messages on the default install. There is a catch 22 here that hasn't been solved, if i am mistaken i am happy to learn more about the system but this is what i read in the link you provided, a blog post that i am already familiar with.

the address book is distributed and user-owned.

Is it, moxie? No, it is on a very compromised device, 95+% of the time people are not running the app on a virtual machine or using desktop only or whatever shitty hack their substandard software forces people to do if they want actual privacy with basic functionality. Relying on embedded OS contact lists, and phone numbers, and apple/google app an enormous problem. The service kicking the problem down the road, making people even more dependent on a deeply compromised structure, is the very problem I am trying to point out. But you are speaking as if this is a strength of the code. In any political context, this is a very misleading argument which leaves non-technical political users with a very inflated view of their security.

Signal's threat model, like Tor's, does not account for USA government. This is the only point I am making, they would both admit as much to you. As far as the "big brother" link, I would refer you to the Apple-FBI drama over the San Berdanido (spelling?) attack, and Apple's presence in the snowden leaks as a collaborator of the NSA since 2012. These type of fake legal battles are conjured to keep people using certain, few platforms. Why? To concentrate all the users of interest into just a few platforms, making surveillance and contact analysis easier, by layering the systems one on top of another so you cannot escape without what most people would consider impractical and technically complicated shitty hacks.

But instead of owning up to this, or making the system easier to use safely, they spend time making sticker packs to encourage more snapchat and Tik Tok users to switch. And desktop still cannot make or receive calls, video or voice, after years. I guess they really want you chained to your smartphone, how considerate of them right?


stoned_chief wrote

Why do you think the US Military bankrolls this project?

Because they need to use Tor themselves. These technologies aren't made to just benefit the people, they also benefit the government agencies/organizations who fund them. Tor wouldn't work if it was only used by military/intelligence. They needed to open it up to the public.

Is Tor perfect? Fuck no.

Is Signal perfect? No, it actually kind of sucks.

Does that mean they are completely backdoored and purely made for surveillance? No... Well, at least Tor isn't. Signal can be sort of sketchy because of how centralized it is, but they also allow you to verify your contact's keys as well so worst-case scenario you just have to verify that they are providing the correct crypto keys.

We 100% need to rebuild technology from the ground up. Networks/the internet, hardware, firmware, software, it's all backdoored. But that doesn't mean we should completely disregard these band-aid solutions for the time being. Instead of attacking these projects, I think our time would be MUCH better spent on getting the word out about how everything is backdoored and why we need to rebuild everything from scratch, because until then, we will never defeat state/corporate surveillance, we can only fight a constant battle of trying to minimize it.


thelegendarybirdmonster wrote

She didn't say that plaintext was better, she said that one shouldn't idealise tor as a 100% safe tool to conspire with!

tor is probably safe for minor illegal stuff (like buying drugs or watching child porn) thought, since the people monitoring it don't care about those, or don't want to expose that they've "solved" tor.


quandyalaterreux wrote (edited )

She didn't say that plaintext was better, she said that one shouldn't idealise tor as a 100% safe tool to conspire with!

Of course no one is idealizing tools here, nothing is perfect. There are bugs, there are known longstanding issues that affect all anonymity systems (not just Tor). But the way they were framing the discussion made it look as if not using Tor was the preferable course of action.