Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 17 18 [19] 20 21 ... 249
271
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 09:38 am »
After a closer read I've figured out who you are. Long time no speak bro, you have a WAY better memory than me apparently. I'll try and think of anything you missed

I am sure I missed a lot of things my memory for it all is kind of hazy as well lol.

272
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 09:31 am »
rater probably made several hundreds of thousands of dollars scamming the drug scene, also snitched out several people via doxing and straight up reporting to the police as well. I think he must have made more than 10k per scam on some forums I seem to remember him taking single people for that much.

273
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 06:54 am »
Quote
Most interesting is the progression from "getting high" to being driven enough to research cryptography and create a secure database. And then progression to political and social views as a result of this study. I think many of us can relate to that progression (minus the creation of the database of course!).

Certainly can say that my interest in drugs and getting high is what led me to research security, anonymity and cryptography, although even prior to using drugs I wanted to be a hacker since I was like 10 years old. And certainly this research into cryptography led me to groups of cryptoanarchists and precipitated my becoming an Agorist. Recently I hardly even use drugs at all and my primary interest is in honing my security skills, and particularly in helping to create a software solution that will separate the infrastructure of the markets from the goal of the markets, allowing for highly secure and leaderless organization and a decentralized trustless infrastructure that can be used by any market or even non-market organization. I think Astor coined a good name for this concept: "Blind Markets".

274
First choice should always be Secure Erase, DBAN is second choice. Best practice is to use Secure Erase and then 1 pass of random data from DBAN, for defense in depth (in case Secure Erase fucks up and you don't notice).

275
Quote

As it just so happens, historically, the rise in incarceration coincided with the rise of the privately owned prison-industrial-complex. Wall St. just looooooooves incarcerating non-violent offenders and drug users because there is really big money in it, look up some of the most notorious players on a stock ticker, your eyes will pop. You thought prostitution is recession-proof? Try incarceration!

Those that think the war on drugs was an oppressive government project should rethink their stance and do some real digging into how most of the draconian drug laws came into being. One of the foulest and vile players in that field is ALEC - a.k.a the American Legislative Exchange Council, a darling think tank of many a conservative and libertarian. They have systematically bought up conservative and libertarian candidates brute-forcing draconian incarceration policies into state after state. Of course most libertarians will attribute the US's high incarceration rate to oppressive government, when in fact free-market privateers are the driving force behind it.

Buuuuuuuuuulshit. If libertarians were in charge of the USA the prison population would plummet. Not only would all drug offenders be released from prison, but so would the people busted with CP and probably a lot of people locked up for statutory rape. Probably a lot of people locked up for tax evasion would be released as well if hard line libertarians took control of the country. Hell a ton of the people in prison in USA today did no wrong in the eyes of libertarians.

276
I believe that very soon healthcare will become mandatory under Obama's administration, if I understand it correctly. So there will be a gun involved in the provision of healthcare. Another instance where state will use a gun to achieve it's purpose. You or your partner won't have a say in the matter either way.

I don't live under Obama's jurisdiction, hence the use of UK alias and the use of mainly UK Vendors. Living with the "gun to my head", i.e. taxation for healthcare, is the very reason she is not currently severely disabled.

Americans can be weird about healthcare. Saw an interview with an African American. Diabetes had taken his toes. Nevertheless he didn't want universal healthcare because it was a step towards Communism. You just gotta LAUGH.

Once I saw an interview with two African Americans. Kidney failure was about to take both of their lives. Nevertheless, they did not want some random person to be killed so they could harvest two working kidneys. You just gotta LAUGH.

277
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 05:57 am »
The Farmer's Market is another one that went back to before 2004.  I remember talking to Marc Willems (the creator) a decade ago.  He had a forum way back then.  He used to accept paypal and everything.  He always went by the name Adam.  I am sure that there is someone else on this forum that remembers Adam F.

Was it a forum or a mailing list? I know they had a mailing list that went way back but I thought they only switched to forums recently. Or maybe they started with a forum then switched to a mailing list then back to a forum. Damn sounds like you probably even go back to before my time, guess there are still more old old old timers around than I realized.

278
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 05:38 am »
Hm didn't know any regular illegal forums that went back prior to 2004. I thought SL was pretty much the first forum since Hive and RCML. I heard about one forum that was operated by a very skilled chemist, but they didn't use the forum for much other than voting on what rare drug he should synth for them. Every six months they had a vote and he synthed a small batch of whatever rare drug people asked him to and sent out doses to everyone. I was never on that forum but I think it went back to before 2004.

I left off a lot of forums for sure, pretty much the entire pharmaceutical oriented forums like CHFC OPR and all the other ones related to those hell I cannot even remember their names now. Of course there was also Farmers Market which is now busted, you should read about their history as well oz they go back many years as well. Was also BB but I cannot remember where that one fits in now.

I don't think it matters if I spout off all the old market places I knew about or was a member on, but I can understand not wanting to. The thing is, all the forums I am talking about are so far gone that even if the DEA learns their names and histories they are not going to be able to do shit against them without a time machine. I specifically neglected to mention any forum that is currently running out of respect for their security. Also I have been using anonymity measures consistently for a lot of years now, and have changed my pseudonym and regular contacts so many times that even I cannot remember my old names anymore lol. If they can bust me because of something I have said they would have busted me a long time ago :). Not to mention that I am now hardly involved with anything illegal at all, have a perfectly spotless house more often than not and am only a small time drug user now. Plz feel free to raid me feds, you will find only several thousand lines of source code on my computer :). I determined quite a while ago that I am more valuable to the scene out of jail than in, and have acted accordingly since. Cannot get much better security than not breaking the law ;).

279
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 04:56 am »
Oh my mistake I thought they sold at cost (or slight mark ups) since everybody was required to pitch in money before the vendor even imported anything. Like I said I was never a member there only checked out their forum a few times and then never went back since they were extremely insecure and had nothing I couldn't already get. So were they not giving people any price breaks on group buys at all? I was under the impression that their forum largely existed for the goal of organizing group orders so that people could get much cheaper research chemicals than buying grams off of vendors who put money down and imported kilos with their own funds. Seems kind of stupid to send someone money for something they don't even have and not get a price break, when other vendors already were importing shit with their own funds and selling it by the gram.

280
Security / Re: Theory: Blind markets
« on: August 29, 2013, 04:21 am »
Quote
Another exposure with this architecture is DoS.  If you're blind to anything about the data except it's original creation date, it's difficult to keep someone from simply flooding petabytes into the server (make it eat its tail until it eats its head).  Unless there's something like a proof-of-work concept prior to uploading data to effectively rate-limit that forced growth by a single actor.

Proof of work will stop most potential attackers (people with only a few computers under their control) from doing massive flooding, but it isn't the ideal solution and powerful attackers (people with botnets) can easily get around it.

Quote
I think this problem is solved by querying multiple servers. Unless an adversary runs all or almost all nodes, you will be able to retrieve the content. Comparing the results of multiple queries from different nodes will allow clients to determine which ones are censoring, and even what kinds of content they are censoring, and the clients could blacklist those nodes.

In the end, censorship is simply impractical if the network of nodes is big enough.

That is a possible solution as well, however we need to think of the anonymity implications of a server being able to censor some of the information it holds. It would be better to have some cryptographic way of solving this problem rather than sheer brute content availability.

this paper looks interesting: https://www.usenix.org/conference/foci12/one-way-indexing-plausible-deniability-censorship-resistant-storage

Quote
                        Abstract                           
The fundamental requirement for censorship resis-
tance is content discoverability — it should be easy for
users to find and access documents, but not to discover
what they store locally, to preserve plausible deniabil-
ity. We describe a design for “one-way indexing” to
provide plausibly-deniable content search and storage
in a censorship resistant network without requiring out-
of-band communication, making a file store searchable
and yet self-contained. Our design supports publisher-
independent replication, content-oblivious replica main-
tenance, and automated garbage collection.


1    Introduction                                         
Censorship resistant systems allow users to find and ac-   
cess content even if an external entity is trying to pre-   
vent this, either by attempting to block specific content 
(e.g. by keyword), classes of content (e.g. video files),   
classes of websites and services (e.g. social networks),   
or block the use of the communication system itself (e.g.   
shutting down the Internet). Prior real-world experience 
demonstrates that nation-state-level adversaries are will- 
ing to engage in all these tactics [5, 18, 31]. Numerous   
potential solutions have been proposed [4, 7, 27], but the
problem of plausibly-deniable search and robust storage   
remains elusive due to its seemingly contradictory set of                                     
requirements — how does a system maintain a search-                                         
able index of content for users and yet hide it from inter-
mediate/relay nodes and volunteers who store content?
                                                         
Any useful censorship resistant system must provide
plausibly-deniable in-band search and content privacy on
the wire. Protection for storers as well as intermediaries
is vital, since we expect that any user’s computer may
be seized and examined by a powerful adversary [22], so
the owner must be able to plausibly disavow knowledge
of stored content. That same user must be able to search
and find content in the network which may already be
on his or her computer, but should not discover that it
is stored locally. Prior work has partially addressed this
by encrypting files and requiring out-of-band discovery
of decryption keys, which makes reconstruction of con-
tent difficult. We describe a design for plausibly deniable
search and robust storage for a censorship resistant net-
work that supports natural keyword search while retain-
ing deniability.1 Our design is self-contained — no out-
of-band communication is required to find content nor
obtain decryption keys to decode files. This promotes
usability and reduces users’ real-world risks.
One-way indexing. To solve the problem we propose
“one-way indexing,” such that a user can search by key-
word, but someone storing parts of the file cannot de-
termine the content of the file or query. To publish file
F with keyword kw, Alice partitions it into three logical
portions — the content, consisting of encrypted blocks
b1 , . . . , bk each indexed under ID hash1 (bi ); the content
manifest, containing a list of all block hashes (allowing
retrieval of the file) and indexed as hash2 (kw); and the
key manifest, containing the file decryption key, indexed
as hash3 (kw). To retrieve a file, a user will search for
hash2 (kw) and hash3 (kw), but any node not storing both
manifests must invert the keyword hash in order to re-
trieve the other manifest and reconstruct the file, even if
all file blocks are stored locally.
Robust storage. Censorship resistance requires perpet-
ual and robust storage. We use both erasure coding
and replication at publication time to achieve initial ro-
bustness, and maintain it without publisher intervention.
Once the file has been stored as described above, nodes
who store the file’s content manifest lazily verify that
a file is sufficiently replicated, freeing the original pub-
lisher from responsibility and providing added deniabil-
ity. To prevent mitigate adversaries overwhelming the
system with useless data, we incorporate lazy garbage
collection, randomly selecting unused contents for dele-
tion

So after reading the abrtract it sounds like this might be what we want, I need to read the rest of the paper though. It looks like it has all the functionality of encrypted keyword search (search by keyword, servers cannot determine the keyword searched for), private stream searching (same as EKS plus servers cannot tell the content returned), and the censorship resistance we were looking for (servers can obtain content from the network and still not be able to determine that they host the content as well). So maybe need to start saying OWI (one way indexing) instead of PSS instead of EKS heh.

281
Off topic / Re: my PM to OZ about my history in the drug scene
« on: August 29, 2013, 02:45 am »
You should also research Euphoric Knowledge, I was never a member there but they were a pretty significant research chemical forum, kind of like an evolution of SL but without any lineage to it. They organized massive group buys of research chemicals where all members would pool their money then one of them would import a kilo of some research chemical and break it up and distribute grams at cost to the people who pitched money in. So they all had access to dirt cheap research chemicals by doing massive group buys in this way, a lot of them got busted in an operation I believe but I was never really part of their group at all. The impression I had of them is that they were mostly young people, it really struck me as a next generation Sandoz Labs except with a lot more members.

282
Security / Re: Theory: Blind markets
« on: August 28, 2013, 02:37 pm »
put another way, how can a user obtain an item partially from a server they operate, without being able to associate a piece of data on their server with the item they obtain? PIR via numeric index is clearly out as the data at the numbered index on the server will be associated with the file the client obtains. I think that single server is also out as well, if the user has total access to the only client and server involved I think this is pretty clearly impossible. I don't know if there is even a solution to this problem yet, or if it is even possible, but it would be a great way to get strong censorship resistance.

283
Security / Re: Theory: Blind markets
« on: August 28, 2013, 02:21 pm »
Astor actually brought up a good point and I am struggling to find a perfect solution. Although the content on EKS servers is encrypted, we should assume that the people running the servers will be able to obtain keys for certain content, we should also assume that some of them are malicious and could try to censor information. There are distributed PIR schemes that hide the content of the database from the servers, but a client that queries the database still does so by index position. That means if an entity that runs a PIR server also runs a client, and the client knows a certain message is at index 42, the PIR server can then link the secret share at position 42 to the message downloaded by the client. So even Goldbergs PIR will not work to solve this problem. The problem is characterized as follows:

Given a server or cluster of servers hosting a database, how can we have it so that:

A. Clients can request specific files from the database (via position or keyword)

B. The servers hosting the database cannot determine the clients query (ie: servers cannot tell the position requested or keyword searched for)

C. The servers hosting the database cannot tell the files returned (ie: they do not know what they send back to the client)

D. The servers hosting the database cannot tell the files hosted (ie: they cannot ever see any content that the client eventually obtains, during storage or transfer)

E. An entity that owns a client and a server cannot download a known file from the database in order to be able to associate content on the database with the file (ie: the server cannot link data it hosts to content even if it downloads the content partially from itself while acting as a client)

A, B and C are solved via at least PIR , Oblivious Transfer and Private Stream Searching schemes (actually Encrypted Keyword Search only solves A and B). D has been integrated into at least some distributed PIR schemes, the one I linked to from Goldberg for example. E I do not know how to solve for, and it leads to a problem: servers can determine where a specific piece of content they host is located on their servers and censor it.

I also should start saying PSS instead of EKS, I always confuse the two terms. EKS lets the client obtain encrypted files from a remote server without the remote server knowing the content of the files or the keywords searched for, but it still knows the ciphertexts returned. PSS lets the client obtain encrypted files from a remote server without the remote server knowing the content of the files, the keywords searched for, OR the ciphertexts returned to the client. So it is kind of how PIR lets the client get a file from a database without the server hosting the database knowing the file the client got, and Oblivious Transfer does the same thing and also prevents the client from learning anything else about the database. Cryptography is full of rather subtle distinctions, but I should nip this in the bud as EKS is actually not the correct terminology in this case (although I am the one who introduced the bad terminology, as I said I frequently find that I mistakenly call Private Stream Searching Encrypted Keyword Searching).

284
Security / Re: Theory: Blind markets
« on: August 28, 2013, 01:01 pm »
Ahh i get you, That does make it a hell of a lot easier then.
Hmm, the one question that stands out in my mind is if we managed to get it all sorted, major support, donations, brilliant ideas how could we get someone to create the "site" without compromising security by some sort of backdoor being left etc. You could have lots of different cryptographers working on different sections so that the whole thing could not be compromised but think of the damage one lone skilled cryptographer could do , Should he decide to code it maliciously.

Because it is open source and will be audited by anyone who wants to audit it. Also because the people making it are not going to backdoor it (and if you don't believe me read the source code!) :).

Unless I'm misunderstanding, #1 has to be true.  If servers can see the files they store, but don't have access to the key to those files, I don't see how they can exercise any content-level control over what they store or serve.   An encrypted BLOB is an encrypted BLOB.

They could always download something from themselves, because they know the strings it is indexed by, and then they can match the ciphertext they obtained to the ciphertext on their server.

Quote
If the content is uploaded encrypted and the operator doesn't know the key, then they don't know what they are storing, so they can't be blamed for what they're hosting anymore than Dropbox can be blamed if someone dumps a Truecrypt file on their servers and LE finds out that file contains illegal content.

Pretty much this. EKS servers have plausible deniability kind of how Freenet nodes do. They cannot decrypt arbitrary files looking for illegal content. However if they also store plaintext stuff at all it would be a different story. Also since all nodes have all files, they could easily be told by police that a certain ciphertext is illegal etc. It would be better if the content of the database is hidden as well, I just don't know how to do this with EKS and have not read of any such systems, only for PIR.

Quote
The thing about dumping old content, I consider that a feature. Look at this forum. Why store every thread since the beginning, when everyone asks the same questions over and over every week? The popular threads stay on the front page for weeks or months at a time, so they are safe. It would work just as well if it was designed like 4chan to roll old threads off the server, say after 3 months of inactivity. Hell, it even warns you not to dig old threads back up and to start a new thread! It is needlessly storing gigabytes of data.

The EKS servers have no concept of a thread, only individual posts. The threading is done client side.

285
Off topic / Re: The worst LSD trip of your life ?
« on: August 27, 2013, 07:39 am »
I have never had a bad LSD trip per-se, but if I take two doses in the same week very close to each other I sometimes regret taking the second dose as I get very minimally high and just a headache usually. Being sort of high on LSD due to tolerance sucks, you are just high enough that you cannot think straight but not high enough that you get any significant value out of it. So my worst LSD trip would have to be one of the times I dosed back to back without having enough time in between.

Pages: 1 ... 17 18 [19] 20 21 ... 249