XPost: alt.privacy.anon-server, sci.crypt   
   From: nobody@yamn.paranoici.org   
      
   Gabx  wrote:   
      
   >So this response isn't for the trolls or the blind fanboys.   
   >It's for anyone who genuinely wants to understand the technical details.   
   >   
      
   Let me reintroduce what you liar and forger deliberately removed:   
      
   >>Gabx  wrote:   
   >>>Yamn2 Remailer wrote:   
   >>>> Looks like poisoned snake oil offered by GarbageX!   
   >>>   
   >>>This is the classic non-technical critique from people who blindly trust   
   >>>closed-source software with ambiguous licenses while lecturing others   
   >>>about privacy.   
      
   I repeat: "closed-source software"   
      
   >Yamn2 Remailer wrote:   
   >> As you also post to sci.crypt we have here experts in this field.   
   >   
   >And you are not part of them.   
      
   Which you're a judge of?  OMG!   
      
   >   
   >> First of all, OmniMix isn't closed source software even if you repeat   
   >> that lie again and again.  Why do you do that as you know better?  Fact   
   >> is that with OmniMix you even get the complete IDE, which with a few   
   >> mouse clicks builds the executable program on your computer ready to be   
   >> run in a debugger step by step and compared with the file from the   
   >> installation package byte by byte.  You're in control of everything!   
   >   
   >"Providing an IDE to compile is not equivalent to 'open source' in the   
   >OSI definition.   
   >Open source requires:   
   >   
   >- Public source code repository   
   >- OSI-approved license (GPL, MIT, BSD, etc.)   
   >- Right to modify and redistribute   
   >   
   >If OmniMix meets these criteria, I stand corrected.   
   >A link to the public repository would clarify this."   
      
   Reread <20250920095312.C1E173E76F@mail.tcpreset.net> ff., liar!   
      
   >   
   >> Now to your web interface.  There we have the exact oposite.  You   
   >> present us source code, but whether that's what processes our data is   
   >> beyond our control.  Even if we once or twice download the published   
   >> code the next time for whatever reason it may be different and   
   >> compromize our identity.  A system for gamblers.   
   >   
   >For maximum security: Self-host your own instance. That's why it's   
   >open source.   
      
   So we have to run our own webserver to get some kind of security?  OMG!   
      
   >   
   >> Furthermore, the anonymity of our plain text messages is secured by an   
   >> extremely weak real-time Tor connection of usually no more than 3 nodes   
   >> while with OmniMix you're allowed to route your data through much longer   
   >> Tor circuits and those data aren't plain text but multilayer-encrypted   
   >> remailer packets.   
   >   
   >Calling Tor "extremely weak" with "no more than 3 nodes" shows a   
   >fundamental misunderstanding of the architecture, for both tor and m2usenet.   
   >   
   >m2usenet routes through THREE Tor hidden services:   
   >1. Pluto2 SMTP relay (.onion)   
   >2. mail2news gateway (.onion)   
   >3. NNTP server (.onion)   
   >   
   >Each hidden service connection uses 3 hops. Total: 9+ hops minimum.   
      
   And at every stage the clear text message is available!  OMG!   
      
   >   
   >Calling this "weak" is not a technical argument, it's dismissive rhetoric.   
      
   Ciruits of 3 Tor nodes providing strong anonymity?  OMG!   
      
   >   
   >> And then there still is the unanswered question of a signature based on   
   >> a single-use throwaway key, where the user only gets knowledge of the   
   >> public key but not the secret key or the passphrase, both only known to   
   >> you as the service provider.  That's weird.  It doesn't verify anything.   
   >> It just proves that the user is stupid enough to deal with your insecure   
   >> web interface.   
   >   
   >- keyPair generated client-side   
   >- keyPair.secretKey stays IN BROWSER MEMORY (never transmitted)   
   >- Only publicKey + signature sent to server   
   >- Server CANNOT access secretKey   
      
   So what is it all about when even the user can't access the secret key   
   to reuse it?  OMG!   
      
   >   
   >> Equally weird is your statement about Hashcash bits in MID   
   >> <1760739178.dcc2021df3109aecc5b428f2d8ff300f@m2usenet.local>:   
   >>   
   >> | 16bit option is fast.   
   >> | But not recommended, thou !   
   >>   
   >> So you recommend spammers for fairness reasons to select more bits?  No   
   >> kidding?   
   >   
   >The difficulty levels serve different purposes:   
   >   
   >- 16 bits: Prevents message flooding   
      
   It reads:   
      
   | 16 bits (very fast, ~instant - recommended fot Tor Browser)   
      
   So with "instant" you prevent message flooding?  OMG!   
      
   >- 20 bits (default): Balanced protection (~5-10 seconds per post)   
   >- 24 bits: Strong protection (~30-60 seconds per post)   
   >- 28 bits: Very strong (~several minutes per post)   
      
   Now tell us the reason why a user should select more that the 16 bit   
   option?  To warm up his home?  OMG!   
      
   >   
   >Real spammers use botnets with GPU/ASIC mining, not browser interfaces.   
   >A web UI with mandatory proof-of-work is specifically designed to   
   >PREVENT automated spam tools.   
   >   
   >> Man!  You're really a droll fellow.   
   >   
   >Gabx   
      
   You're not droll.  You're a troll, a liar, a forger, simply an idiot!   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)