Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kmfkewm

Pages: 1 ... 111 112 [113] 114 115 ... 249
1681
Off topic / Re: Gays on SR
« on: January 03, 2013, 04:35 pm »
Quote from: master_of_coin on January 03, 2013, 04:17 pm
Quote from: kmfkewm on January 03, 2013, 04:08 pm
I see that people do the same exact thing when it comes to child pornography actually, they equate child pornography possession as being the same thing as child molestation for some reason. To a rational mind there is a clear difference between these things though.

There's even a difference there. To have child porn somebody has to have been exploited and abused.

Yes  there is a difference there. Most non-child rape pornography is fantasy, most child pornography is actually documented child abuse. However, I believe that no information should be outlawed and that includes real rape pornography as well as child pornography. The dangers of legalization of possession of these forms of pornography are vastly exaggerated, the actual evidence shows that criminalization of possession of these forms of pornography is more damaging to society than their legalization would be, and indeed that the criminalization of these sorts of pornography is counterproductive to the stated goals of those who are in favor of their criminalization.

1682
Off topic / Re: Gays on SR
« on: January 03, 2013, 04:08 pm »
Not that I want to take this thread further off topic than it already is starting to go, but I feel as if I should weigh in my opinion regarding the last two posts. First of all, I do not think that rape pornography causes people to desire to rape. People who are not sexually aroused by the thought of rape are going to find rape pornography extremely disgusting, people who are aroused by the thought of rape are going to find rape pornography arousing. My opinions on rape pornography are pretty much the same as they are on child pornography, both are sought out because of an already existing desire and neither cause new desires. In the case of child pornography, numerous studies have shown that its availability negatively correlates with the prevalence of child molestation. Other studies show that the availability of abusive pornography has a negative correlative relationship with sexual abuse. I do not at all think it is an honest analogy to compare rape pornography : rape with firing a shotgun at someone point blank : murder. Firing a shotgun at someone point blank has a clear causative link to murder, there is a negative correlative relationship between the availability of rape pornography and sexual assault. 

Second I agree that there is a clear distinction between fantasy and reality. Studies have shown that > 1/3rd of males have fantasized about raping someone and additionally the fantasy of being raped is quite common for females. If your claim that fantasy is evidence of intention was true it would mean that a large percentage of females have the desire to be forced to engage in sexual intercourse without their consent and against their will. Just food for thought. There is also ample evidence that a desire to rape has been genetically encoded into large percentages of males, even more than 1/3rd. It is called the evolutionary theory for rape and I believe it is the theory that makes by far the most sense, although it is quite controversial due to its implications. Essentially, for most of human existence rapists were very difficult to catch, and mothers life preserving abortions and contraceptives were unheard of. This meant that rapists produced far more offspring than non-rapists. The implication of this is that if there is any genetic component that predisposes someone to desire rape, it is going to be a very common gene. Of course, as the proponents of the evolutionary theory of rape (ie: scientists) are quick to point out, this does not excuse rape at all. Humans are intelligent and self controlling beings, not slaves to their primal desires. 

Third of all, you act as if someones viewing of images is equal to perpetrating the acts they see in those images. This is extremely nonsensical. The poster you reply to has said that he does not think images of rape should be illegal, not that he thinks it should be legal for him to rape whoever he wants. Additionally you claim that you don't watch rape unless you want to do that yourself, however a substantial percentage of the market for rape fantasy pornography consists of females, whom as I already mentioned quite commonly fantasize about being raped. I do agree though that a person who fantasizes about rape is statistically much more likely to rape someone than a person who does not have such fantasies, after all a great many rapists fantasize about rape prior to actually raping anyone. However taking this claim at face value is misleading yourself, someone who has been sexually abused is statistically far more likely to sexually abuse another person than someone who has not been sexually abused is, however only a minority of those who have been sexually abused go on to sexually abuse others.

I agree with you entirely that it is absolutely not okay for anyone to force another person to have sex with them against their will. However I see that you are blurring two entirely different issues together into one issue: rape fantasy and actual rape. This is most likely some emotional response and it is not doing you any good actually. I see that people do the same exact thing when it comes to child pornography actually, they equate child pornography possession as being the same thing as child molestation for some reason. To a rational mind there is a clear difference between these things though. 

1683
Off topic / Re: The Body Builder Forums
« on: January 03, 2013, 10:45 am »
Quote from: bynter on January 03, 2013, 09:52 am
Quote from: kmfkewm on January 03, 2013, 09:37 am
Quote from: bynter on January 02, 2013, 11:27 pm
I still can't get over the prevalence of the use of the word, "bro", how everyone's avatar is that person shirtless, and how absolutely nobody there knows what theyre talking about.

Plus half of the threads are about jailbait
Whhaaa?! I actually can't relate to that. Do you mean in like a pedo-way, or like 19 year-olds showing off pictures of their highschooler girlfriends?

jailbait pretty much means hot ~14-17 year old, so I don't mean it in a pedo way.  In my minimal experience with the body building forums, it seems to be far more prevalent in their culture than in the culture we have here. Searching for jailbait in the forum here: http://forum.bodybuilding.com gives 84 threads (many of which have several dozen posts or more), with titles such as "We need a jailbait thread!!!!!" and "im trying to come up with ways to get jailbait " and "I never had a girlfiend untill I was 18, I missed out on all the jailbait" for some examples. Searching for jailbait here turns up a total of 18 posts containing the keyword jailbait , although that is not the number of threads with a title containing the word. A quick scan through the threads here shows that most of the people saying it are saying it for entirely different reasons than the people on the body building fourms.

Then again that forum is way bigger than ours so it makes sense that the number of such threads would scale upwards as well. I just have some association between body building forums and people talking about jailbait, much like the person I quoted associates them with people having avatars of themselves without shirts on, calling each other bro and having absolutely no idea what they are talking about :).

1684
Off topic / Re: The Body Builder Forums
« on: January 03, 2013, 09:37 am »
Quote from: bynter on January 02, 2013, 11:27 pm
I still can't get over the prevalence of the use of the word, "bro", how everyone's avatar is that person shirtless, and how absolutely nobody there knows what theyre talking about.

Plus half of the threads are about jailbait

1685
Security / Re: I'm a little worried about my safety
« on: January 02, 2013, 09:11 am »
Generating random session keys for each message isn't the problem, the problem is how to transfer them between Alice and Bob without an attacker in the middle being able to determine them, and without an attacker in the middle being able to stockpile ciphertexts that they can later demand the key for. Managing it yourself with something like GPG is pretty much out of the question due to the fact that it wasn't really designed for that sort of communication, you would need some specialized software program. GPG allows for secure transfer of session keys, but essentially everyone uses it with long term keys because it doesn't aid end users in using ephemeral keys. Right now the only software programs I know of that allow for ephemeral keys / forward secrecy use DH or ECDH and they are Torchat and OTR. I like OTR, I dislike Torchat primarily due to the fact that it makes you run as a hidden service. That said nothing prevents someone from making a OpenPGP compliant program that makes this sort of system easy to manage, although it would be easiest if it doesn't require the user to actually handle keys themselves at all (like OTR, where you never have to type in a password, load someone elses public key or look at your own public key, because the software does all of it for you. Another example of software like this is Tor, and Torchat due to the fact that it piggybacks on Tor for encryption).

See with GPG Alice and Bob exchange public keys and use them in the process of encrypting messages for each other. The public and private keys stay the same for long periods of time and large volumes of messages. Since the same private key is used to decrypt the session keys on dozens or even hundreds of messages, the compromise of one long term private key can be used to decrypt all of the ciphertexts that were encrypted to it. With OTR, a new ephemeral public key is generated for each message and after Alice sends the message (and for Bob after he decrypts it) the ephemeral keys are securely overwritten. This means that an attacker who stockpiles a thousand ciphertexts will never be able to get the keys to decrypt them because the keys are destroyed immediately after they are used. Furthermore, unless Alice or Bob are malicious and running malicious clients, even they will never see the ephemeral public keys used or know the session keys, because OTR handles all of that for you.

1686
Security / Re: I'm a little worried about my safety
« on: January 02, 2013, 06:18 am »
I never argued in favor of Torchat I am actually quite against it :P. Currently all end user implementations of DH with forward secrecy that I am aware of require both users to be on at the same time, however this is not an underlying requirement of the system it is merely how it has been implemented so far. The same exact thing can be done with RSA, you just exchange a brand new keypair with every person you communicate with, and you delete it after each message, and with each message you send a new public key for the next message to be encrypted to. It really isn't anything to do with DH or RSA, it is just the DH cryptosystems I have seen tend to go towards this approach and the RSA implementations I have seen tend to go towards long term keys. Of course an end user actually juggling so many keys is pretty much impossible, systems like this need to be built right into the software like with OTR. Right now there is a system being developed that is similar to Mixminion but more secure from long term intersection attacks, fully internal without any reliance on E-mail addresses, with encryption like OTR built into it and supporting group communications. It will be pretty interesting I think.

1687
Security / Re: How would SR attack LEO
« on: January 02, 2013, 04:21 am »
Quote from: Limetless on January 02, 2013, 03:52 am
Lol the thread delivers fuck all KMF is about as likely to go and cap a cop as he is to stop talking all his bullshit and get up off his lazyboy computer chair and act on his conviction.

"But no he can't do that because he's part of the underground maaaaan, overt action would achieve nothing maaaan so we have to be cloak and dagger yano" = Doesn't have the balls.

I would totally roll up on some DEA agents shooting but I don't have a bomb proof armored hummer with its own supply of oxygen to protect me from them like you do.

1688
Security / Re: I'm a little worried about my safety
« on: January 02, 2013, 04:19 am »
The primary thing to note is that with long term keys (the way RSA is generally used, ie: with GPG the way it is usually used) if Alice has her private key compromised, all intercepted ciphertexts ever sent to her that were encrypted with that private keys corresponding public key can be decrypted. The way that (DH / ECDH) is usually used (ie: Tor, OTR), intercepted ciphertexts become impossible to decrypt with traditional (non-quantum) computing power as soon as the private keys are erased, which happens every time a new message is sent.

1689
Security / Re: I'm a little worried about my safety
« on: January 02, 2013, 04:12 am »
Everyone who uses Torchat runs as a hidden service. Essentially it is like Alice is a hidden service and Bob is a hidden service. When Alice communicates with Bob she sends her messages to his .onion address, and when Bob sends messages to Alice he sends them to her .onion address. This sort of hides the encryption being used from the user, because unlike GPG where you need to manage your keys and ciphertexts and such, you are just piggy backing on the encryption already provided by Tor. Torchat is sort of neat in that by having everyone run as a hidden service, there is no fixed middle point server that your communications go through (as compared to IRC for example).

I have two primary issues with Torchat. The first issue I have with it is that I saw one of the Tor developers comment that the code is buggy. I have not audited the code myself so have no comment, but I am inclined to believe them. Torchat is not part of the Tor project. My biggest issue with Torchat is that everyone runs as a hidden service. Hidden services do not have as strong of anonymity as normal clients do. Everyone running as a hidden service is a Bad Idea, and this design choice is enough to make me suggest strongly against using Torchat.

Additionally, it is not technically correct to say that Torchat has no key. It is just that the keys are managed by Tor, since Torchat provides encryption by piggy backing on Tor as I already mentioned. The real difference you guys are talking about is not so much between GPG and Torchat but rather between the general way that RSA is used and the general way that ECDH is used.

The use model for RSA is generally that Alice and Bob each have a long term public/private keypair. When Alice wants to send Bob an encrypted message, she encrypts her plaintext with a symmetric algorithm, something like AES-256. The randomly generated key used to symmetrically encrypt the message to Bob is then asymmetrically encrypted with Bobs public key. Upon receiving the ciphertext, Bob enters his password to decrypt his symmetrically encrypted private key. He then uses his private key to decrypt the encrypted session key, and then uses the decrypted session key to decrypt the symmetrically encrypted ciphertext back into the plaintext. 

(EC)DH is generally used a bit differently. It is a secret sharing algorithm. Imagine Alice and Bob both have long term ECDSA keypairs. These are used for signing messages. Alice and Bob exchange public ECDSA keypairs so they can verify plaintexts from each other in the future. When Alice wants to send Bob an encrypted message, she generates an ephemeral ECDH keypair and sends the public key to Bob. Now Bob generates an ephemeral public keypair and sends his public key to Alice. Alice uses her ephemeral private key and Bobs public key to derive a shared secret, at which point she can securely overwrite her private and even public ephemeral keys. Now she uses her ECDSA private key to sign her plaintext. She then uses the shared secret to symmetrically encrypt the signed plaintext and then she sends it to Bob. Bob uses his ephemeral private key and Alice's ephemeral public key to derive a shared secret as well, and due to the properties of (EC)DH his secret will be the same as Alice's (it is a SHARED secret after all). Now Bob uses this secret to symmetrically decrypt the ciphertext, and then uses Alice's public ECDSA key to verify that Alice actually sent the message. He can then securely erase his public and private ephemeral ECDH key. New ephemeral ECDH keys are generated on a message by message basis. This is a cryptosystem that uses ECDH to achieve forward secrecy, which is a pretty common way of using ECDH, although the same thing can also be done with RSA and ECDH can also be used with long term non-ephemeral keypairs.

So it isn't that there is no key, it is just that the key is deleted as soon as you are done with it. It isn't even really a fundamental difference between RSA and DH , it is just the way the systems that use these ciphers are generally constructed. OTR is one example of a system that uses DH in such a way. Tor is another.

1690
Security / Re: Vendors - Possible attack vector.
« on: January 02, 2013, 01:08 am »
Yeah I would worry a lot more about a direct attack on Tor than this. But better to protect from as much as possible.

1691
Security / Re: Vendors - Possible attack vector.
« on: January 02, 2013, 12:57 am »
Quote from: ShardInspector on January 02, 2013, 12:48 am
Quote from: astor on January 01, 2013, 10:13 pm
That is a little more practical, but not something worth doing, IMHO, unless you're looking for a major drug distributor.

IMHO LE definitely considers SR to be a platform used by many major drug distributors.
I guess it's a question of ones individual perspective on that one, but I see often the attitude of "we are just little fish" or like earlier up in this very thread a poster stated that even a $100,000 transaction would not be considered that big.

I see that as a dangerous attitude and that people here are starting to come under some sort of illusions. Like I said, my belief is that LE consider many SR vendors to be major drug distributors. Or let me put it this way... in the very least in any media reports that may come about because of any bust, they are going to be referring to the vendor as a major drug distributor and in court the arresting officer is going to refer to the defendant when testifying as a major drug distributor, the prosecutor is going to push the line that the defendant is a major drug distributor and the judge will view the defendant as a major drug distributor and the fact is that in most legal systems anything over around 2 grams is in fact considered to be for distribution and therefore a major drug distribution.

Someone I know made $100,000 deals and worked via mail online. They busted him with a joint operation between DEA, USPI, CBP and DHS. They had him under manned surveillance for some period of time, and additionally had bugged his vehicle with GPS tracking equipment, and they followed him around with dogs smelling all the boxes he dropped packages off in.

1692
Security / Re: Vendors - Possible attack vector.
« on: January 02, 2013, 12:50 am »
AHH second time I try and make this fucking post I hope it sticks this time (copy to clipboard this time at least):

Indeed there are several ways in which you can minimize the risk of this sort of attack. Clearly not carrying a cellphone with you is a good idea, additionally you can use Tor bridges. However, there are still some potential things to keep in mind. One thing is that some cities have license plate geopositioning technology that is nearly as accurate as cellphone geopositioning. Additionally there is always the risk that simply moving in a random fashion could be enough to flag you as a suspect. I imagine that very few people move in a truly random fashion. Of course there are taxi drivers and delivery people, however they can likely be filtered out to a large extent as their movement patterns fall inline with those you would expect of someone who holds such an occupation, they will not be the same movement patterns that a vendor who drops of packs at random boxes will have. This presents a sort of catch-22, on the one hand you may make yourself more vulnerable to geopositioning intelligence flagging you for moving randomly, on the other hand you will certainly make yourself weaker to traditional surveillance if you always follow the same schedule and use the same set of drop boxes for sending outgoing packages. I am inclined to believe that given a choice between the two, it is better for you to make yourself weaker to being flagged for moving randomly than it is to make yourself weaker to traditional surveillance by always sending from the same small set of boxes in a set schedule.

Another thing to keep in mind is that the sort of attack discussed does not entirely rely on cellphone geopositioning data or even on license plate geopositioning data. It relies on geopositioning data in general , without regard to how that data was gathered. For example imagine an assassin, a hitman for hire. One month he kills someone in Alicesville, the next month someone in Bobsville and the next someone Carolsville. For the most part he is secure, except while he is in each city he uses his credit card to purchase a cup of coffee. Now law enforcement with access to financial transaction data can intersect the sets of credit cards identified as used in these cities, and they will see that some number of credit cards were used in all three cities. They will additionally be able to see that some of the credit cards were used in the three cities in the same order that the assassinations were carried out. Depending on the closeness of the cities and how cross contaminated the set size of credit cards used in them is, this attack could very well be enough for them to narrow in to only one person; the assassin. Another possibility is that the assassin has paid for an airplane ticket to each of the three cities in which the hits were carried out. The fundamental attack here is an intersection attack. Intersection attacks can take crowds that by themselves are essentially meaningless and then filter the noise away, leaving only the most likely targets. The list of credit cards used in Alicesville is not going to by itself help the investigators identify their target, the list contains credit cards belonging to far more people than their targeted assassin. However, as soon as they intersect that list with the list of credit cards used in Bobsville, they will filter away an enormous amount of that noise. Normally it doesn't take very many intersections before a target is identified.

This sort of crowd intersecting attack is one of the fundamental methods used in a large amount of intelligence and investigatory work. Another fundamental attack is a correlation attack, whether it involves a correlation between the timing characteristics of packets at two points on an encrypted tunnel or a correlation between tire marks left in the mud at a murder scene and the tires on a suspects vehicle.

Sorry, I wrote this out a bit nicer the first two times, but now I am sick of writing this large post out and just pounded it out from memory the best I could.

1693
Security / Re: Vendors - Possible attack vector.
« on: January 01, 2013, 06:38 pm »
Quote from: Harmful Hits on January 01, 2013, 06:28 pm
There is a 0% chance of anything the OP said happening UNLESS he is getting more than $1,000,000 in drugs mailed. Even $100,000 isnt that much and LE will bust you using much cheaper methods. For the kind of crazy shit you are talking about they would have to call in specialist in addition to thier regular cops. Set up some whole operation and do alot of crazy shit.

~Now that I read the OPs name this all makes sense lol

Several police agencies already have cell phone tracking towers up and running, so it isn't like they don't have all of that data available to them. It would take a significant target for them to use chemical markers though I imagine. Of course the police will set up a 'whole operation' to bust a vendor though, didn't you already realize that? That is what the police do. They set up operations, to bust criminals.

Quote
How many people visit their PO box a few times a week? How many people use Tor for non-drug activities?

How many people visit a new drop box that has been identified as a box drugs were sent out of every week? If the vendor uses the same outgoing box for all shipped orders catching them will be trivial. How many people within sixty miles of Alice use Tor at all?

1694
Security / Re: How would SR attack LEO
« on: January 01, 2013, 06:30 pm »
We have no moral reason to not assassinate LE. We have no obligation to allow ourselves to be subjected to the unjust rules of a brainwashed society. It is quite apparent that those who are in favor of drug laws are either brainwashed or slave traders. It is okay for us to have pity on those who are brainwashed, but it is wrong for us to suffer for their mental weakness. Slave traders deserve to die. Look at the people who are most in favor of continuing the war on drugs, police, 'addiction specialists', people in the prison industry, people at drug testing companies, etc. Of course they give as many reasons as they can for why they would like to continue the war on drugs, always they say that their goal is to help people. But it only takes the smallest amount of common sense to see that their goal is to make a profit. Their goal is to make a profit off of our unjust imprisonment and this is nothing other than slavery. These people do not deserve to live and if killing them is in any way beneficial to us then they should be killed. Maybe people just need to see that they have a choice, they can let us be free or they can live in a war zone. They already live in a war zone but the only people who are feeling that in a significant way are us. The people who are dying preventable deaths from impure drugs and drugs like PMA marketed as MDMA? They are casualties to the chemical warfare of the DEA. The people dying in prisons for drug charges are nothing other than slaves, people whose lives have been sacrificed so some fucking DEA agent can have a job. The people getting HIV from dirty needles are the victims of biological warfare. It is unconventional warfare against us and slavery against us, only extreme pacifists could wish anything on them other than the same exact death and misery they dish out onto us. Fuck them, as long as they want to kill us let them be killed.

1695
Security / Re: Vendors - Possible attack vector.
« on: January 01, 2013, 06:20 pm »
Quote from: astor on December 31, 2012, 12:12 am
Theoretically this attack could work, but it seems impractical. Telecoms turn over location data quite easily, usually without a warrant, but then LE would have to work with ISPs to watch thousands of internet connections (most don't log your browsing history).

Further, you can mask your Tor activity by connecting to bridges and using pluggable transports such as obfsproxy, which make your encrypted connection look like something other than a Tor connection. Well, Tor already tries to look like Firefox talking to Apache over SSL, but the hand shake is different and a Tor connection can be recognized from that. Pluggable transports try to make the connection look like something else, such a Skype call, and they're working on obfuscating the handshake even more (in Tor 0.2.4).

More on pluggable transports: https://www.torproject.org/docs/pluggable-transports.html.en

Or you could use a VPN, but then you should get something overseas that isn't subject to US laws.

Law enforcement would need to work with ISPs in order to determine if one of their clients is using Tor. However the infrastructure for this is already completely in place as mandated by CALEA. Law enforcement will never need a warrant to determine if someone who is not using a bridge is using Tor, trap and trace has no requirement for a warrant as it looks at who the target communicates with rather than what they say. If the target communicates with a known Tor relay, it is quite trivial to determine that the target uses the Tor network without the need for a warrant. Using bridges helps to protect from this though. It is not likely that LE will order trap and traces on thousands of people to narrow in on one target, but it is entirely within the realm of possibility that they will confirm that Alice uses Tor after determining that she is a likely suspect. 

Pages: 1 ... 111 112 [113] 114 115 ... 249