Once again, in light of the protonmail revelations, it’s not private unless you run it yourself.

@thegibson pretty much why i am fast tracking my own email server now

@xj9 I mean if you must use email for things you want hidden, that is a close second I suppose.

@xj9 Friends are no different from a third-party provider, legally speaking.

In many jurisdictions there's a protection against spousal testimony. But not against friends being compelled to testify or give evidence.


@TheGibson which won't be the case in a client/server setup probably either, if you're using some external VPS.

It's not private unless you run it yourself *and* it's peer to peer.

@cwebber @thegibson encrypt in transit / encrypt at rest (if you're e2e this is one encrypt); it's the meta that gets folks though and nearly everyone is spewing meta like it was glitter.

@feonixrift @TheGibson Though E2EE doesn't prevent network monitoring attacks, which appears to have been sufficient for the recent Protonmail stuff.

@feonixrift @TheGibson Also, E2EE is basically "hackily layering on P2P onto a C2S model"

That's also a meme that should catch on. Spread it.

@Blort @cwebber @thegibson

It's just concise verbiage.

E2EE - End to End Encryption
P2P - Point to Point (application design model)
C2S - Client to Server (application design model)

@cwebber @thegibson Bingo. Metadata is the real goldmine. This decade bites.

@cwebber @thegibson aaaand collecting meta is way more annoying on real p2p :thonking:

@feonixrift @TheGibson Fun note: Spritely's Goblins' default "netlayer" is over tor onion services. Thus the stuff I'm building should be more resilient against this. Not perfect... you can still do network monitoring attacks against Tor Onion Services. But it's harder to do on a mass scale on the network.

@cwebber @thegibson And onion addressing takes away a lot of the petty annoyances of routing by moving them into a layer that already thought about that. Fantastic!

@TheGibson @feonixrift and yeah, I'd say: I don't actually believe in the amount of anonymnity that Tor advertises onion services having. It's too easy to do network monitoring attacks on a state level.

But... it's still better than most options out there. And it's hard to fix that without increasing latency on the network by an enormous amount.

Spritely also supports sneakernet networks too in theory btw. But I haven't implemented it. CapTPigeon!

@cwebber @feonixrift

It is better than nothing... the number of groups that can actually correlate that data is smaller than if you are running open, for sure.

@cwebber @thegibson Wishing I had a Captain Pigeon GIF for this. I see no easy way to push the envelope on metadata other than going full blown mixmaster (dull, nobody wants to work at that pace) or having the network inject false traffic to mask the signals (I've floated it but there's no interest).

@feonixrift @cwebber misdirection is the only way to muddy the metadata.

You can only point them a different direction.

@cwebber @feonixrift

Threat intel...

correlation is king. and Tor doesn't stop that... metadata will still get you.

@TheGibson @feonixrift Completely true.

The *main* reason I use Tor Onion Services is that it makes writing easy p2p systems... easy!

I try to downplay the supposed benefits we're talking about in this thread, for the very reason we're talking about them, and emphasize "it's about making p2p easy".

See VPNs for an example where I get driven mad by the amount of over-promising that's made to users of their privacy and security. I don't want to promise more than I'm giving.

@TheGibson @feonixrift On that note, I have serious annoyances with Mastodon's marketing:

> The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!

Most of those are demonstrably untrue:
- Corporate surveillance on the fediverse is completely possible
- Ads can appear, but it's definitely true there's much less thankfully
- "Own your data": I hate this phrase. Makes the same mistakes "intellectual property" does

@TheGibson @feonixrift don't get me wrong, I think Mastodon's branding is super great and is a large part of the fediverse's success. And most of these claims predate Mastodon: Diaspora also said the same "own your data" BS. It doesn't make sense. It's a non-rivalrous good... possession does not equate to exclusivity. You can't prevent copying, and it gives the impression you can. That's the same line of thinking that leads people to DRM.

@a_breakin_glass @TheGibson @feonixrift I've talked to fediverse particiants who advocated for it before, believe it or not.

@a_breakin_glass @TheGibson @feonixrift OCaps don't pretend to be able to prevent *copying data* however. Once someone has data, it can always be copied.

Ocaps do provide more control in the first place over transmitted information and particularly *permitted behavior*. But the ocap community is strongly against the "prohibiting delegation myth", which is exactly what this is:

No system can prohibit delegation. Mathematically impossible. Design with that in mind.

@cwebber @TheGibson @feonixrift

its also claimed Mastodon is "censorship-resistant" - this isn't true as its *very* easy to lean on well educated, fairly middle class young adults in tech jobs who run most instances, most won't risk going to jail or limiting their career prospects for relative strangers (nor should they be expected to do so!)

The Chinese "meow" cat picture instance got quickly confined behind the GFW (but not banned!) as soon as they started discussing politics.

@cwebber @TheGibson @feonixrift

incidentally the Chinese (around 2019) managed to configure the GFW in such a way that "Fediverse activity" scans from Germany showed the instances as open, yet it was impossible to view them from England (I suspect a lot of Chinese would also tolerate an instance that only worked domestically due to language and cultural barriers as well as timezones)

@cwebber @TheGibson @feonixrift

ofc you could substitute "China" with *any* sovereign country where folk in power have sufficient tech awareness (TBH even in USA and Europe there are a quite a few instances with limited federation for various political reasons, and they seem to still remain popular enough..)

@cwebber @feonixrift I am very guilt of this as well.

it is not private, and we have seen many questionable orgs hoovering data for research puposes.

@thegibson @cwebber I think there is a need; a deeper desire to 'jack in' in some sense and share. One that will not be diminished by lack of protocol security. The radio hams and phreakers are part of where our culture comes from... not just mit computer folks.

@feonixrift @thegibson @cwebber And before them were the beats. Part of culture jamming is the need to jam.

@TheGibson @feonixrift The "indexing outcry" was a peak example of this for me. It seemed to me that the misleading marketing was partly responsible for giving users the impression that they were on a system that *couldn't* be indexed. Once they it was a shock. The researchers voluntarily took it down. But bad actors can and *probably are* indexing the fediverse still.

I have a variant of a phrase I derived from the ocap community: "We don't pretend to be able to prevent what we cannot."

@cwebber @feonixrift

"But bad actors can and *probably are* indexing the fediverse still."

are... they are.

Watched it occurring with relative frequency last year.

@TheGibson @feonixrift Note that I'm fully in support of the robots.txt style "please don't index me". What's nice about robots.txt is that everyone knows it's an *ask*. Good actors will listen. But we know that bad actors can still choose to ignore it.

@cwebber @thegibson @feonixrift yes, and I have seen quite a bunch of such scanning bots. well, honeypots work well for detecting and banning such ones.

@cjd @TheGibson @feonixrift Yes, that I agree with.

They're softer claims than is what is being made. Maybe that makes it less compelling from a marketing standpoint. But it does make it more real.

@cwebber @TheGibson @feonixrift
and there are other aspects that also could use some more education / transparency.
Several times for instance I've seen people shocked that who has favourited or boosted a post isn't visible only to the author of said post.



I don't understand

How do onion services make p2p easier?

@AbbieNormal @cwebber no firewall raversal needed, no dns entries needed to contact a peer, e2e encryption and authentication baked into tor already.

@feonixrift @TheGibson Yes exactly. I figured, why not hand that to people who already did the work for me?

The downside of course is that it's very slow.

@cwebber AFAIU, onion monitoring is possible through watching endpoints. There are ~1000 -- 2000 Tor exit nodes (actual number ranging mostly between 1250 and 1500 per TorStats over the past year and some, as of yesterday). If you can watch bits in and out at least some of the time, you have a good idea of what's happening.

Ironically, the lower Tor latency gets, the more subject it is to traffic analysis of this sort.

Ideally you'd want some random-delay relay node in the middle.

Len Sassaman, where's your mixmailer when we need it?

@feonixrift @TheGibson

@dredmorbius @feonixrift @TheGibson Tor Onion Services don't require exit nodes, so are much safer. Tor basically provides two very different things:

- An "anonymizer" for the general internet (I mostly don't believe this works on state-actor levels)
- A P2P network (the .onion services) which stays fully encrypted within the network

The latter is MUCH more interesting to me than the former, which I suspect is already quite pwned.

@dredmorbius @feonixrift @TheGibson .onion services only require intermediate nodes, which also makes helping the network much safer than with exit nodes, which is a straight up dangerous activity.

@cwebber @dredmorbius @feonixrift @thegibson I ran an exit node for a while and it would have been _so easy_ for my network provider to run attacks if they'd been so inclined. Just by running stats on destination TCP port and blatantly obvious clues to client OS, it was evident that people were treating Tor as magic security dust that meant they didn't need to bother with encryption between the exit and the destination, _or_ with, like, running a current patched-up OS...

@cwebber You're talking about services with onion addresses specifcally.

Those enter Tor, but never leave. Traffic analysis would be limited to "subject observed using Tor", but there's no exit traffic to correlate.

Unless the service node itself leaks info (see SilkRoad / Ulbrecht).

@feonixrift @TheGibson

@dredmorbius @feonixrift @TheGibson Network analysis can still reveal a lot. Say I want to know where <alice>.onion lives and have a list of suspected computers. I send some packets to <alice>.onion and see if network activity correspondingly ends up on that node. If I can show that the same size of, and time of, information keeps happening, I can quickly narrow down which node is responsible.

Sign in to participate in the conversation

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.