home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.privacy      Discussing privacy, laws, tinfoil hats      112,125 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 111,774 of 112,125   
   Stefan Claas to Anonymous User   
   Re: M2usenet2.0 is out   
   19 Oct 25 23:08:58   
   
   XPost: alt.privacy.anon-server, sci.crypt   
   From: bounce.me@oc2mx.net   
      
   Anonymous User wrote:   
   > Stefan Claas  wrote:   
      
   > > With YAMN's security flaws you can be easily de-anonymized.   
   >   
   > Which security flaws?  You don't think of Internet I/O which anyhow has   
   > to be handled by specialized communication software like OmniMix?   
      
   First of all, Zax should IMHO seperate the client form the remailer   
   code, so that users can focus on one program.   
      
   I do not use OmniMix, so I can't speak for it.   
      
   YAMN has the following security flaws:   
      
   a) It does not want onion addresses to been used in the MX code   
   and Zax should really tell us why!   
      
   b) Users new to remailing with YAMN, see only at his repository   
   minimal configuration files, which are of not much help, IMHO.   
      
   But the problem is, if you do not look close at his source code   
   IIRC in config.go, the YAMN client, when set-up not properly,   
   with socat, can and does bypass your Tor settings in socat and   
   sends via clearnet to mixmin, filling up his log files and then   
   crashing his server. Remops know that when analyzing MTA logs   
   that they include the IP address from the originating client, if   
   Tor is bypassed, and to whom the email goes. *That is definetily   
   an absolute no-go* and Zax should explain to us why he coded it   
   that way for client usage, if users are unaware of this! I am   
   talking of the internal MXRelay = true setting, which should   
   be by default set to false in his source code. Mixmaster IIRC   
   does not do this.   
      
   c) Zax should better use Go's proxy package for a seperate   
   YAMN client, so that stats and pub keys can be fetched via   
   Tor and also remailing is done via Tor.   
      
   He should really tell us all, what has driven him to not   
   like onions, which can be seen IIRC in mail.go.   
      
   YAMN in it's current form tells me unfortunately that you   
   must rely on the old a.p.a-s saying "trust nobody" :-(   
      
   Hence the reasone I released yamn-proxy. :-)   
      
   https://github.com/Ch1ffr3punk/yamn-proxy   
      
   Regards   
   Stefan   
      
   --   
   https://tilde.club/~pollux/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca