Follow

Earlier tonight, I posted a link to a site that is scoring mastodon sites based on their threat score. Using things like violence, socialism, and polygamy as data points to score instances.

I removed the link, because they are a known entity that we can use for Projekt:ONI.

Let me take a moment to describe Projekt:ONI.

We are working on a detection and response system to detect listeners on the fediverse. It is in it’s very early stages... but essentially we will be compiling statistics in order to find targets that are likely surveillance operations, and then alerting the fediverse.

Think of it as an AI/ML system to keep snoops out of our shit.

You’re welcome.

Perhaps a Fediverse SOC.

Not sure what that endgame will look like, but we have assembled a team of Netizens to develop a detection system, and a response system.

We will be debuting more information in the future.

Show thread

This is currently a 5 person team, dedicating time freely to secure our home in the fediverse. If they want to announce who they are, that is on them, but operations are moving forward.

We will find you.

Show thread

@mewmew honestly, I’m not yet even sure it’s real data.

@mewmew @thegibson Am I missing something? It seems pretty obvious that they have to scrape public timelines. Isn't the point of public that we expect people we don't know to see it? Did I miss something?

@TheGibson
Oooh, I want to join the Fediverse SOC!
"Mutuum Foedus Inure"

@TheGibson aside from blocking these a-holes, perhaps at the IP level, what else can we do to prevent these bogons from snarfing our shit?

@PhoneBoy we detect them as quickly as we can and make the effort to do so expensive to operate.

@TheGibson Still sounds like a cat and mouse game. Very much how infosec works when you have a determined adversary.

@TheGibson I do wonder when the big boys (the Googles, MSFTs, Amazons, Apple, etc) start trying to do this crap on the Fediverse. You have to know it's coming.

@PhoneBoy twitter is working on it already.

I know an exploit that could make them effectively unblockable. We are working to mitigate that as well, but it’s a tough problem to crack due to the nature of AP.

@TheGibson it does confirm my basic thesis that the only safe data at this point isn't digitized anywhere. If it's digitized, it's only a matter of time before someone who shouldn't get it will.

@PhoneBoy @thegibson Fighting this thesis, no matter how reasonable it seems, is essential; we need the force multiplier of digitizing our own knowledge for our own use.

@PhoneBoy

How about Jane’s Intelligence dedicating 2 podcasts to us? Seems relevant.

youtu.be/iZxQhpJDmvE

@TheGibson ML countersurveillance. I was wondering if people were going to start trying that... *huge approving grin*

@Kyresti you should see the system Inproposed to a prospective employer last week to stop browser fingerprinting.

@TheGibson I'd seen you post about it some too. IIRC, something to do with either spoofing the metadata or throwing out a bunch of junk data to render it useless?

@Kyresti yep. Not junk, has to be consistent. Unique junk is still trackable

@thegibson Sounds like a very worthy pursuit. I assume that the whole world is reading anything I post in a public context, but the real danger of these surveillance operations is the information disparity they seek to create, where they know more than you. I'm glad you're leveling the playing field by making their activities as public as ours.

I'm curious, though - does that surveillance operation consider socialism a threat?

@TheGibson Sounds kind of like DShield for the fediverse... Should end up more useful than throwing manual detections into a toot and ask for similar sightings, like I sometimes did in the past.

@TheGibson

Is Projeky:ONI also going to detect active sabotage accounts and operations within the fedi?

@dublinux

Maybe, be will adjust TTPs as data becomes available.

It really depends on what the resolution of our optics can get to.

@thegibson hey this sounds super interesting. Can I grab a link to wherever the progress for this is occuring? I've been interested in something like this for a while now!

@thegibson alright, do you have a link to the site scanning the fediverse? I'd link to block them until there's a better solution

@goat @TheGibson same here - seeing as I run an instance, that's obviously relevant for me, and while I get wanting to have cleanish data, I still want to shut this off

@halcy @goat

I don’t have the instance yet. This was just a web front end we found.

@goat we have not yet isolated their instance. Just found the reporting platform, which I pulled down continue research and not guide attention to.

@TheGibson you didn't happen to make a note of who was winning that ranking did you?

@troubleMoney

No, and it appears the site has been pulled down.

I’d say the considerable number of boost over the past couple of days may have spooked them.

@TheGibson aw, shame

I was going to see what we could do about getting a high score

@thegibson Now I'm almost wondering about the opposite of this: an operation that "scrapes" (and throws away!) to test out detection. A red team version, if you will.

(I will probably not do this, and would let you know if I were, but it would be interesting.)

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.