Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 44 45 [46] 47 48 ... 249
676
Security / Re: Best VPN???
« on: August 01, 2013, 06:08 am »
ugh all the VPN talk makes me sick. First of all, telling people the VPN you use means that traces to you can start at that VPN. Thanks for not making me trace you through Tor, now I can focus on the VPN provider that you just told me you use. Second of all, I think people vastly over estimate how much more anonymous a VPN can make them. Essentially a VPN at best hides that you use Tor and gives you a static entry guard that will possibly protect you if your Tor circuit is bad (then again, your VPN provider could be bad to begin with, in which case your entry node is always bad). I wonder if I made a VPN company up and started suggesting people on SR use it, how much business I would get. Probably too much. And then I would have all of your IP addresses, and do fingerprinting and correlation attacks to link IP addresses to forum posters.

677
Security / Re: Using Other Peoples Wifi From Long Distances
« on: August 01, 2013, 05:59 am »
If I use a different neighbors router each time, would they be able to trace me from a spectrum analyzer?

For example: I connect to house A which is 1.5 miles away. The LE set up there. I then connect to house B which is 1.75 miles away in the same direction.

Would they be able to grab that signal and trace it back to me, and if they did that, they would have to be monitoring my end node also to see what I am doing

But, the only way they would set up one of thse analyzers is if they get the go ahead from the NSA to find out who is using whichever wifi.

I suggest you read about the carder iceman I think his name was. He liked using WiFi from hotels and such as one of his primary sources of anonymity. By the time the police were narrowing in on him, they saw that the IP addresses used by him all came from the same neighborhood. He was at this point hopping between wireless access points, from his house. The police simply went to that neighborhood with spectrum analyzers and they were able to pinpoint him and kick his door in etc. So hoping between different neighbors wireless is not going to save the day if the police are after you. To get the most from WiFi anonymity you need to always be using a different hotspot, but then there are attacks like okay let's pull all the data from the license plate cameras and see if any of these connections we traced back to hotspots correlate with a specific car in the area, or let's pull the list of all people registered at these hotels and intersect them. So even when it used properly, over time WiFi based anonymity can fail you. A single session traced to a single hotel, they are not going to have luck. Multiple sessions to multiple hotels? Okay they might have luck. You would think that being anonymous rather than pseudonymous would help, and in some cases it might, but there is still pattern left to analyze. Okay we traced some suspect to this hotel in this area doing something like downloading CP for ease of example. Okay this happened again in the same area, let's do intersection attack and see if there is anybody to be suspicious of. The technical trace fails but a suspect can still emerge from the crowd.

678
Your life experience is not likely to teach you quantum physics.

679
Security / anonymous membership query
« on: August 01, 2013, 04:03 am »
I have an idea, it is very likely not original but I have never read about it before. The problem is that Alice wants to ask Bob if he has a certain item in his database, but Alice doesn't want Bob to know what she is interested in. The solution is for Bob to run a bloom filter, adding items as normal. When Alice does membership query, she already knows the hash of the item she is interested in, and she knows the parameters of Bobs bloom filter. So Alice needs to do PIR to get each bit from the bloom filter where it will be set to 1 or 0 (1 for all if the item is in the database, probabilistically). So this is really cool but for it to be really really cool it needs a low bandwidth single bit PIR (not sequential block PIR). I only know one PIR scheme really well (the Pynchon Gate PIR), and it would work for this but it would be even worse than simply sending Alice the entire database (Since Alice's query size grows by 1 bit for each message in the database, and in this case each message is 1 bit). Does anyone know a good PIR protocol that would work well with this for low bandwidth anonymous membership query?

680
Security / Re: Using Other Peoples Wifi From Long Distances
« on: August 01, 2013, 03:44 am »
I forgot to mention though that there are very advanced attacks that can fingerprint wireless cards regardless of their MAC address. It is totally possible to uniquely identify WiFi cards if you can get a live sample from them, in some cases maybe even router logs are enough I dunno. Anyway, it is in the realm of possibility for the NSA to have much of the USA covered in spectrum analyzers that could perhaps even fingerprint your wireless card regardless of its MAC address. This is definitely in the realm of possibility, but it is also definitely in the realm of the NSA (ie: not the FBI).

681
Security / Re: Using Other Peoples Wifi From Long Distances
« on: August 01, 2013, 03:41 am »
If LE trace up to an access point that you are no longer using, and it has only  your spoofed MAC address, the trace is essentially dead. They will never directly tie that connection to you, in the vast majority of cases. The problem is that if the police have traced up to your neighbors house, it is very simple for them to set up shop with spectrum analyzers. While you are connected to a hotspot you send and receive signals. Receive is fine and cannot be traced, send is where the problem is. Something that is sending a WiFi signal can be pinpointed very quickly with the right equipment. When the thing stops transmitting a signal, the trace can no longer continue. So if you use a random persons internet from a park that you go to one time with a spoofed mac address, and you leave before the cops come, not even the NSA is likely going to be able to determine that *you* are the one who used the access point at the time it comes into question. If you set up shop in the park for months on end, or get in any sort of pattern, that is where the attacks come from. If you always use your neighbors internet for illegal shit, yeah the trace will first go to your neigbhor but it will only be a short amount of time before it goes to you from there. Another thing is that even if the trace is at a technical dead end, there are other things to take into consideration. Perhaps the trace goes to a hotel, from that point on it is dead, it could have been anyone at the hotel at that time. Okay, but then you have this same thing happen to five different hotels, and now the FBI does an intersection attack of the people registered at the hotels at that time and your name pops out. they didn't technically trace you but they did trace up to the hotel that you were at multiple times, and saw you are by far the most likely suspect (I guess you should have registered the room with a new fake ID each time, preferably not from celtic !).

682
I've gone longer than that in heroin withdraw with no food or water. I'd gladly not eat or drink for 5 days for a 3 million pay out. If i knew it was over after 5 days i wouldn't be drinking my own piss either but maybe i would tell my lawyer i did. Any cops want to falsely imprison me.....please?

you have a very significant chance of dying if you don't drink for 5 days

683
Security / Re: Using Other Peoples Wifi From Long Distances
« on: August 01, 2013, 03:02 am »
Usually people leave their router password at a default setting and you can take full remote control of the wireless router. I have done this in the past to erase MAC address logs. Hell some routers you can even completely root remotely, it is very very rare for people to have a password on their router and if they do it is almost always the default for the model.

684
Security / Re: Using Other Peoples Wifi From Long Distances
« on: July 31, 2013, 10:59 pm »
You can get a high gain WiFi antenna and an amplifier. A $100 amplifier + a $100 directional antenna should greatly increase your wireless range versus a stock WiFi solution. On the other hand WiFi is not a magic bullet, live WiFi sessions can be traced and the police have many times in the past traced people who tried to get all of their anonymity by using neighbors WiFi. It is definitely better imo to do this than to use your own internet, but especially if you don't move around much, the anonymity benefit of doing this is fairly minimal. For best results you would use new WiFi hotspot from new location every time you connect, people doing that by itself can manage to be untraceable indefinitely if they go about it right. So the answer to your question is yes you can use WiFi from significant distances away, but it partially depends on the strength of the WiFi access point you are using as well, however high end WiFi equipment is more sensitive to signals as well so it can pick up fainter signals from greater distance, and of course if you have an amplifier and a high end antenna you can send WiFi signals for many miles depending on environmental variables as well though (dozens or even hundreds of miles are possible with direct line of sight, add some trees in the way and the distance is much less though). I think it is reasonable to think that you can in practice increase your transmit distance by about five or six times a stock solution, and your receive sensitivity can be significantly increased as well.

685
VOTES! The politicians where just doing what the voters where telling them to when they started the drug war. That doesn't mean it was right. Majority rule is not fair or just. Its ninety-nine wolves and one sheep deciding what to eat for dinner. The scenario I described about the drug regulator wasn't a example of corruption but one in which it is in his best interest to serve the seen over the unseen. Everybody will see the flipper babies and everyone will demand that someone be held responsible for approving the drug. When the regulator errors on the side of caution the only people he hurts are all the people dying from the disease without the drug and of course the drug company's workers and shareholders. Those that do harm by producing a bad drug may be sued for damages in class action suits and I think that's about all the rules you really need. As for the other departments of government you could make a case for environment and defense but I think everything else is unnecessary and harmful.

Actually it is incorrect to think that the politicians were just doing what the voters told them to do. That is an extremely superficial understanding of the war on drugs. In reality first propaganda was distributed, in the case of marijuana in particular the government had to be creative as people already knew about cannabis and thought it was fine. So they started to call it marijuana and demonize it, and people who were just fine with cannabis were then terrified of this new Mexican drug called marijuana, so it isn't like they really told the politicians to make cannabis illegal but rather they were tricked into accepting that marijuana was to be made illegal. In the case of the synthetic designer drugs in particular, less than 1% of the population even know about the majority of the ones that have been made illegal, so it isn't like they have had any say in making particular designer drugs illegal. It is bullshit to absolve the government of responsibility for starting the war on drugs and keeping it going, because in reality it was not something that was started by the masses and it is not something that would be kept going by the masses if they actually knew the truth about drug prohibition and drugs. Your notion of freedom and democracy is an illusion.

686
Silk Road discussion / Re: Revenge heroin delivery/LE tipoff
« on: July 31, 2013, 12:54 am »
The best solution would be for a new Bitcoin fork to integrate Zerocoin. Zerocoin makes attacks like this much more difficult, impossible in some cases. The Bitcoin developers are not planning to integrate Zerocoin because their lawyers suggested against it, but if an alternative currency that forks from Bitcoin integrates it then the solution would be to spend Bitcoins buying that and then spend the new currency on Silk Road. I really do think Bitcoin is shooting itself in the foot by not integrating Zerocoin, as soon as a fork comes along that integrates it a lot of people are going to ditch Bitcoin in favor of it. Nobody wants to use a currency that is 100% trackable, in the past we accepted Bitcoin because at the time there was no known solution to distribute mixing in a trustless way, but now Zerocoin has shown that there is no requirement for transactions to be inherently traceable and it has essentially outdated Bitcoin already.

687
Quote
It makes a big difference in use cases. We will never attend key signing parties. We don't upload our keys to key servers. The web of trust as envisioned by the PGP developers doesn't work here.

Yeah that is true. We use GPG significantly differently than many others do.

688
Not sure what MDC is but I am going to go out on a limb and guess that it has to do with message authentication codes, in which case it should be left enabled. I don't know if some GPG programs don't use it or not, but if they don't it is a security flaw on their end.

Okay just looked up MDC

Quote
A modification detection code (MDC) is a message digest that can prove the integ-
rity of the message. A message authentication code (MAC) ensures the integrity of
the message and the data origin authentication. The difference between an MDC
and a MAC is that the second includes a secret between Alice and Bob.

So pretty much the MDC is to make sure that the ciphertext is not modified in such a way that the plaintext changes. All in all I don't think it is a huge threat but MDC detects it.

It is probably something like hashing the plaintext message and then concatenating the hash to the plaintext prior to encryption, and during decryption removing the hash then hashing the plaintext and comparing the hash to the concatenated hash.

689
Tails takes care of this problem but there are other solutions as well. I think isolation of the working environment from Tor and external IP address is an even better solution. And then there are things like Qubes that let you automatically open files in untrusted virtual machines without internet access.

690
Is there really a traceability to going on to a headshop website and using one of their images? for something just like seeds, pipes etc it will be just as clear what I am selling and the quality of picture will be higher.

Other than LE being able to work out that picture is from that website could they analysis the picture to know I was one who downloaded it?

Sorry if thats a stupid question and thanks for your advice.

not if you access the site through TOR  8)


as far as i understand it, that is not exactly true.i'm not smart enough to understand it completely but blah blah blah, even downloads over TOR could reveal your real IP...or something like that, blah. maybe someone who understands it better will chime in and confirm or tell me that i'm falling for SR-forum -paranoia. personally i believe that you are safe to do it that way

To a large extent it depends on what you are downloading and what you are doing with it after it is downloaded. If you download a Word document (or any other advanced text editing format/document) it could deanonymize you after you open it, because such documents can have hotlinked pictures embedded in them. So you download the document via Tor and then open it up in an application that is not set to go through Tor, and it loads the hotlinked image directly without going through Tor. That is the reason why it is not safe to open arbitrary things that you have downloaded through Tor unless you take precautions against such things happening (like opening the document in a virtual machine without networking enabled). Different files carry different risks, lots of document formats can have issues like this including .pdf, certain video files could try to load a certain codec or otherwise phone home as well also depending on the video player you run them in. For the most part pictures are safe to download and open through Tor without having to worry about things like this, although it never hurts to see if the image editing program you are using is even network capable. Amazingly these days almost every damn thing can connect to the internet, even stuff that I would think has next to no place in being networking enabled. The biggest risk comes from feature rich documents and videos though, images and simple .txt files generally cannot do this sort of thing.

Pages: 1 ... 44 45 [46] 47 48 ... 249