Git-Mirrors
/
into-the-crypt
mirror of https://0xacab.org/optout/into-the-crypt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

minor tweak

This commit is contained in:
arcanedev 2022-01-14 00:31:55 +00:00
parent 36acbb170f
commit 4417163674
No known key found for this signature in database
GPG Key ID: 13BA4BD4C14170C0
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -184,7 +184,7 @@ The Onion Router (TOR) has faced the most scrutiny of all protocols and provides
Both of these channels have some pitfalls, so why not combine them for layered security? There have been numerous articles published by Whonix[^21] and TAILS[^22] developers along with other Information Security professionals highlighting the ineffectiveness of the VPN / TOR combination. The synopsis of their articles is that at best it doesn't help you, at worst, it hurts you. I find it useful if I am trying to mask the fact that I am using TOR from the ISP. Bridges can also be used for this purpose, but they are likely easier to identify by the Intelligence Community (IC). While on public WiFi, I recommend solely using TOR.
I2P[^23] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same concept as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and deanonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
I2P[^23] or the Invisible Internet Project spawned in 2003. This is an encrypted private network layer designed to mask user identity. I2P is not the same idea as TOR, although some concepts cross over. I2P users cannot officially communicate with clearnet sites like TOR users can; all I2P traffic stays internal to the I2P network. Without having the exit of traffic via exit nodes or outproxies to the internet, this reduces usability and enhances privacy. I2P can prove useful at limiting the information captured by global passive adversaries. I should note that some mixnets have called I2P legacy technology claiming that it opens up users to a number of attacks that can isolate, misdirect, and deanonymize users. Therefore I2P should not be solely relied on. If one is adament about using I2P, there are configurations that facilitate the use of I2P via TOR.
Mixnets have the goal of anonymizing packets through uniformity. The design is to obscure and craft packets of the same size despite the amount of data being transmitted. Often times mixnets have technology that address time-based attacks, provide decoy or cover traffic, and implement uniformity of packets, however the pitfalls tend to be lack of scrutiny and adoption. Anonymity loves company, and most mixnets lack that component, especially in their early conceptions. Due to the lack of scrutiny with early conception and lack of adoption, I cannot provide any recommendations. Even if one is to involve themselves with the use of a mixnet, they should be on guard. Intelligence agencies are not ones to shy away from a good honeypot. While not a perfect example as this wasn't a mixnet, the FBI ran an operation with an operating system called ArcaneOS and a built-in messaging platform called anom[.]io[^24] designed for organized crime. ANOM was an application that opened as a calculator which had the user enter a pin to reach the hidden messenger. All communications were intercepted. The morale of the story is that the slightest amount of skepticism into the website communications, hosting platform, or the closed-source application could've prevented the downfall of multiple criminal enterprises globally. The same skepticism should be applied to any organization unwilling to address their shortcomings and model their potential attack vectors. Many are willing to route your traffic, and node-based cryptocurrency projects with a model that resembles that of a ponzi-scheme could always be a source of both black budget funds and traffic analysis for letter agencies. I have no fingers to point or organizations to accuse. However, it is far from a half-cocked conspiracy that intelligence agencies would engage in this type of activity.