• 2 Posts
  • 3 Comments
Joined 4 years ago
cake
Cake day: September 22nd, 2020

help-circle



  • Yeah, this is exactly what I was talking about. The Carnegie Mellon people used a Javascript exploit to do what they did. To quote a random vpn website:

    Cite your source. Some random VPN website? Which? How reliable is this VPN website? Who owns it? What even is a VPN website? A website about VPN’s? A website run by a VPN provider? Who said this?

    Even though you’re douchey as fuck and also sloppy as hell, I went ahead and checked the tag on the story, because it’s quite possible that I might have misremembered.

    Here is what the actual TOR project said about the attack. Since they have a vested interest in downplaying any threats to their software, we should expect them to mention something something about users using it wrong but they didn’t. https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack

    Based on what the TOR project said, which you can verify at the link because unlike you I have at least one actual source it was a combined traffic confirmation attack and sybil attack based on poisoning the network with malicious nodes and was directly based on weaknesses in TOR. Both attacks happened below the browser level. I’m searching and searching and the best I can piece together is that your “random VPN website” is run by confused dipshits who are confusing several different attacks, but literally nobody can verify because you’re your own source as far as anyone can tell.

    The reader should ponder to themselves why this user wants to make it appear we’re talking about two different incidences.

    “The reader” should wonder why this arrogant, pompous asshole who is too good to provide verifiable sources about their claims is trying to insinuate I’m lying when, to all appearances after I followed up in good faith on their claims, it appears that some_random_commie is actually the one who is spreading confusion about the Carnegie Mellon attack.

    My theory is that they are embarrassed to have been called out for being wrong and are now trying to save face.

    If you have better suggestions for anonymously communicating with a violent mass audience, I’m all ears.

    I haven’t examined it in detail so I can’t vouch for its security but I2P is architected for better anonymity (was designed partially in response to TOR) and I’ve never heard of any attacks on it. To be clear, I’m not specifically recommending I2P, but my point is that TOR’s not special. There are multiple anonymizing networks with different implementations.

    What I would say is that instead of spitballing on a public forum based on shit you read on “random VPN sites” a revolutionary party should recruit some computer security experts to help them examine these problems in a rigorous and well informed fashion.

    And you’re doling out fear and paranoia to keep people from taking up arms, based on the idiotic idea the “American” government is omniscient (it isn’t).

    You’re constructing a straw person argument. I never said either of these. TOR not being perfect is not a claim that the US federal government is omniscient. Criticizing your bad security advice is actually not the same as what you’re hysterically claiming I’m saying.

    And I’m not saying don’t trust TOR for anything at all, but if you’re actually gonna try to drill down into the specifics of revolutionary tactics… if a revolutionary party, like one actually participating in some popular unrest uses TOR to host a website “anonymously” they will be deanonymized. The security requirements for what you are suggesting are through the goddamn roof and TOR is not up to spec.