Forums before death by AOL, social media and spammers... "We can't have nice things"
| alt.privacy | Discussing privacy, laws, tinfoil hats | 112,125 messages |
[ << oldest | < older | list | newer > | newest >> ]
| Message 111,761 of 112,125 |
| Gabx to All |
| Re: M2usenet2.0 is out |
| 19 Oct 25 14:16:47 |
XPost: alt.privacy.anon-server, sci.crypt From: info@tcpreset.invalid So this response isn't for the trolls or the blind fanboys. It's for anyone who genuinely wants to understand the technical details. Yamn2 Remailer wrote: > As you also post to sci.crypt we have here experts in this field. And you are not part of them. > First of all, OmniMix isn't closed source software even if you repeat > that lie again and again. Why do you do that as you know better? Fact > is that with OmniMix you even get the complete IDE, which with a few > mouse clicks builds the executable program on your computer ready to be > run in a debugger step by step and compared with the file from the > installation package byte by byte. You're in control of everything! "Providing an IDE to compile is not equivalent to 'open source' in the OSI definition. Open source requires: - Public source code repository - OSI-approved license (GPL, MIT, BSD, etc.) - Right to modify and redistribute If OmniMix meets these criteria, I stand corrected. A link to the public repository would clarify this." > Now to your web interface. There we have the exact oposite. You > present us source code, but whether that's what processes our data is > beyond our control. Even if we once or twice download the published > code the next time for whatever reason it may be different and > compromize our identity. A system for gamblers. For maximum security: Self-host your own instance. That's why it's open source. > Furthermore, the anonymity of our plain text messages is secured by an > extremely weak real-time Tor connection of usually no more than 3 nodes > while with OmniMix you're allowed to route your data through much longer > Tor circuits and those data aren't plain text but multilayer-encrypted > remailer packets. Calling Tor "extremely weak" with "no more than 3 nodes" shows a fundamental misunderstanding of the architecture, for both tor and m2usenet. m2usenet routes through THREE Tor hidden services: 1. Pluto2 SMTP relay (.onion) 2. mail2news gateway (.onion) 3. NNTP server (.onion) Each hidden service connection uses 3 hops. Total: 9+ hops minimum. Calling this "weak" is not a technical argument, it's dismissive rhetoric. > And then there still is the unanswered question of a signature based on > a single-use throwaway key, where the user only gets knowledge of the > public key but not the secret key or the passphrase, both only known to > you as the service provider. That's weird. It doesn't verify anything. > It just proves that the user is stupid enough to deal with your insecure > web interface. - keyPair generated client-side - keyPair.secretKey stays IN BROWSER MEMORY (never transmitted) - Only publicKey + signature sent to server - Server CANNOT access secretKey > Equally weird is your statement about Hashcash bits in MID > <1760739178.dcc2021df3109aecc5b428f2d8ff300f@m2usenet.local>: > > | 16bit option is fast. > | But not recommended, thou ! > > So you recommend spammers for fairness reasons to select more bits? No > kidding? The difficulty levels serve different purposes: - 16 bits: Prevents message flooding - 20 bits (default): Balanced protection (~5-10 seconds per post) - 24 bits: Strong protection (~30-60 seconds per post) - 28 bits: Very strong (~several minutes per post) Real spammers use botnets with GPU/ASIC mining, not browser interfaces. A web UI with mandatory proof-of-work is specifically designed to PREVENT automated spam tools. > Man! You're really a droll fellow. Gabx -- 0745 074D FEAA 9CB7 62E9 D89D 3E54 F490 F2CC 5A82 --- SoupGate-Win32 v1.05 * Origin: you cannot sedate... all the things you hate (1:229/2) |
(c) 1994, bbs@darkrealms.ca