• some_random_commie
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    4 years ago

    I mean there was that time researchers at Carnegie Mellon poisoned the network with malicious nodes

    Yeah, this is exactly what I was talking about. The Carnegie Mellon people used a Javascript exploit to do what they did. To quote a random vpn website:

    In 2014 the FBI – with assistance from researchers at Carnegie Mellon University – developed an exploit based on a Firefox JavaScript flaw that successfully de-anonymized some Tor users, including the operators of the popular Silk Road website. Although the vulnerability that allowed those attacks was fixed within days of its discovery, the incident nonetheless created fear among Tor users that it may not be 100% secure after all.

    The reader should ponder to themselves why this user wants to make it appear we’re talking about two different incidences.

    TOR has definitely never been successfully subverted.

    If you have better suggestions for anonymously communicating with a violent mass audience, I’m all ears.

    You are doling out really bad and dangerous advice.

    And you’re doling out fear and paranoia to keep people from taking up arms, based on the idiotic idea the “American” government is omniscient (it isn’t). It goes without saying that anyone willing to organize violence against the “American” government is taking their life into their hands, and the more effective they are, the more resources said government will utilize to destroy them. The advice I have given, in fact, is probably the safest advice for any organization wanting to go about conducting warfare against “American” government by mobilizing those who can be mobilized to fight them.

    • thrivingspring
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      4 years ago

      Yeah, this is exactly what I was talking about. The Carnegie Mellon people used a Javascript exploit to do what they did. To quote a random vpn website:

      Cite your source. Some random VPN website? Which? How reliable is this VPN website? Who owns it? What even is a VPN website? A website about VPN’s? A website run by a VPN provider? Who said this?

      Even though you’re douchey as fuck and also sloppy as hell, I went ahead and checked the tag on the story, because it’s quite possible that I might have misremembered.

      Here is what the actual TOR project said about the attack. Since they have a vested interest in downplaying any threats to their software, we should expect them to mention something something about users using it wrong but they didn’t. https://blog.torproject.org/tor-security-advisory-relay-early-traffic-confirmation-attack

      Based on what the TOR project said, which you can verify at the link because unlike you I have at least one actual source it was a combined traffic confirmation attack and sybil attack based on poisoning the network with malicious nodes and was directly based on weaknesses in TOR. Both attacks happened below the browser level. I’m searching and searching and the best I can piece together is that your “random VPN website” is run by confused dipshits who are confusing several different attacks, but literally nobody can verify because you’re your own source as far as anyone can tell.

      The reader should ponder to themselves why this user wants to make it appear we’re talking about two different incidences.

      “The reader” should wonder why this arrogant, pompous asshole who is too good to provide verifiable sources about their claims is trying to insinuate I’m lying when, to all appearances after I followed up in good faith on their claims, it appears that some_random_commie is actually the one who is spreading confusion about the Carnegie Mellon attack.

      My theory is that they are embarrassed to have been called out for being wrong and are now trying to save face.

      If you have better suggestions for anonymously communicating with a violent mass audience, I’m all ears.

      I haven’t examined it in detail so I can’t vouch for its security but I2P is architected for better anonymity (was designed partially in response to TOR) and I’ve never heard of any attacks on it. To be clear, I’m not specifically recommending I2P, but my point is that TOR’s not special. There are multiple anonymizing networks with different implementations.

      What I would say is that instead of spitballing on a public forum based on shit you read on “random VPN sites” a revolutionary party should recruit some computer security experts to help them examine these problems in a rigorous and well informed fashion.

      And you’re doling out fear and paranoia to keep people from taking up arms, based on the idiotic idea the “American” government is omniscient (it isn’t).

      You’re constructing a straw person argument. I never said either of these. TOR not being perfect is not a claim that the US federal government is omniscient. Criticizing your bad security advice is actually not the same as what you’re hysterically claiming I’m saying.

      And I’m not saying don’t trust TOR for anything at all, but if you’re actually gonna try to drill down into the specifics of revolutionary tactics… if a revolutionary party, like one actually participating in some popular unrest uses TOR to host a website “anonymously” they will be deanonymized. The security requirements for what you are suggesting are through the goddamn roof and TOR is not up to spec.