Conversation
Notices
-
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 19:35:05 JST 
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus yeah I use tor and i2p for things too, but for a basic VPN that I can use on my phone and home computer I just run a dedicated vps with wireguard. I would imagine proton VPN is a known provider that is blocked wherever people are blocking VPN users. I've not used orbit. You say that's part of the tor project? -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 19:39:09 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus reading over the orbot description it sounds like torsocks for the phone, not an actual vpn
> Orbot is a free app from The Guardian Project that empowers other apps on your device to use the internet more securely. Orbot uses Tor to encrypt your Internet traffic and hide it by bouncing through a series of computers around the world. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 19:39:42 JST 
Soy_Magnus
@thatguyoverthere @Humpleupagus indeed it is¡ it was made by the same people who run for. It has a proxy on case if the VPN cause issues and you can choose which one is turned on. I like turning them both on alot. And if its running a site janky you can use for on ur phone and that scrambles the bits and takes care of any jankyness
Screenshot_20230505-063732.pngDisinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 19:43:54 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus ah on my phone I use InviZiblePro for i2p and for access. Similar functionality. Usually I keep the wireguard up and consider that to be sufficient for most things. Still, having layers of obfuscation can be useful -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 20:27:13 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus wireguard is free software, but to create your own vpn tunnel for browsing the web you need to have a host somewhere. Incognet allows you to use an anonymous email address (tmpmail works well for this) and pay in xmr. They have a small vps host that you can pay annually for which is 50usd/yr which makes the monthly cost less than 5 bucks. It's ideal for this purpose. I am planning to go a step further and set up tor and i2p proxies on the vps host and start accessing them from there instead of directly from my devices.
Now at the end of the day, since mine is the only IP address using wireguard it wouldn't be hard for someone with the proper authority to connect me to it. One way to help further obfuscate would be to create a shared gateway and get more people's traffic mixed in. Also I've considered adding an intermediary node from a different provider.
There is a service called sporestack which is a bit more expensive than incognet, but they are accessible over tor and require no email address or identity information. They accept xmr, and they have a billing model that is good for ephemeral stuff. I have on my todo list a plan to write a script that fires up a sporestack node and configures wireguard on both sides of the tunnel for you. They use resources from digital ocean though and I've had services flag me as a bot because of it. Less of an issue with incognet, so I was thinking you could use a sporestack node as the intermediary for the wireguard tunnel to your incog node.
Mostly I am just researching to see how much you can actually do to obfuscate your internet activity. If your threat model includes governments it is very difficult to be sure that you are not creating a trail that can be followed later. What I am doing now helps make it more difficult for my ISPs to snoop, but even if I added the sporestack intermediary, if an intelligence agency wanted to find me, I imagine it would not be difficult. tor or i2p helps more than a vpn for that kind of stuff, but they can be misused in ways that diminish their effectiveness and you can't hide the fact that you are using them from your target destination. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 20:27:16 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus how much does woreguard cost¿ Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 20:36:37 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus i bought this book a while back and it covers a lot of interesting stuff on how to be more anonymous and ways to think about anonymity. I think it's a book worth having. Some of what's in there is obvious, but some less so. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 20:39:07 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus have you considered experimenting with loki net¿ I've heard it has less nodes but since its used less its anonymity is superior when using things like time triangulations to pin point entrance and exit connections. One cool thing about orbit is you can enable a buffer to stop those kind of identification tactics. You should download orbit just to check out its features since you understand tech on a higher level
Screenshot_20230505-073522.png
Screenshot_20230505-073528.png
Screenshot_20230505-073542.png
Screenshot_20230505-073535.png
Screenshot_20230505-073547.pngDisinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 20:46:05 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus yeah I'll check orbot out it looks interesting. I tend to prefer i2p over tor, but I use both. I do understand the concepts but I wish I had more in depth knowledge. It's a matter of bandwidth unfortunately. I also have real world shit to do so I dont have time to dive as deep into the technical details as I'd like. My understanding is that garlic routing (used by i2p) is kind of like added layers of obfuscation over onion routing. I don't **know** one is better than the other, but generally speaking more layers means more obfuscation (assuming at least equal encryption) which should make it harder to deanonymize someone. I2p is also more decentralized which is appealing to me. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 20:46:09 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus that's dope! Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 21:28:14 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus yes anything that is outside of "the norm" can make you stick out. That's part of why I'd like to obfuscate the fact that I even use i2p or tor at all -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 21:28:17 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus I'll see if I can find the video about it but I just remember I heard using too many layers actually makes you more trackable. Same thing as turning off site cookies it makes your pattern more recognizable the more customized you make it Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 21:32:55 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus I figure if I use tor and i2p over an ssh tunnel over a VPN (wireguard) then all traffic going through those networks looks the same as VPN traffic. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Friday, 05-May-2023 22:06:32 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus I haven't yet implemented it. I didn't even think about it until just before spring really kicked off and I have a lot of other things to occupy my time. I'm also not sure what tools an ISP or government have at their disposal to target wireguard but I imagine they can tell it's a VPN. I don't know if they can tell whether or not an ssh tunnel is running in the tunnel but they shouldn't if it does what it is supposed to do. That said you may be able to make certain assumptions with a large enough sample set. I've never tried to break wireguard myself but I think it's pretty robust. I am not really a security expert or anything. It's more one of many interests. I would be interested in trying to snoop the wireguard I'm just not sure where to begin. I think if you want to look for patterns in tunnel traffic you might need to collect traffic from a lot of tunnels with known traffic patterns and train some kind if machine learning algorithm to detect those patterns (assuming the encryption is strong enough that you can't just read the data). I don't really have access to those kinds of resources myself but I imagine potential adversaries do. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Friday, 05-May-2023 22:06:35 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus that's really interesting is this theoretical or have you actually tried implementing it yet and testing how it looks from the side of a snooper¿ -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Saturday, 06-May-2023 03:20:20 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus well I know someone who really enjoys computer theoretical stuffs =} @p hey buddy what do you think of this stuffs¿ a lot of its over my head but I've seen you talk a lot of theoretical with people you seem to enjoy it :winkingfelix: -
pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Saturday, 06-May-2023 03:20:22 JST 
pistolero :thispersondoesnotexist:
@SoyMagnus @thatguyoverthere @Humpleupagus
> I imagine they can tell it's a VPN.
Yeah, they can. It's a heuristic, but all of this stuff has distinctive patterns. Maybe they can't tell it's a VPN but they can tell it's proxying traffic. SSL client libs leak data about their implementation so it's possible that they can tell what you're running. They're mostly interested in selling ads, though. (Which Ajit Pai greenlit; it was illegal for ISPs to inspect your traffic before he did that.)Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Saturday, 06-May-2023 05:16:15 JST
Disinformation Purveyor :verified_think:
@p @Humpleupagus @SoyMagnus @TheMadPirate dual purpose legislation :smirk: -
pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Saturday, 06-May-2023 05:16:18 JST
pistolero :thispersondoesnotexist:
@TheMadPirate @Humpleupagus @SoyMagnus @thatguyoverthere Oh, no, this time it was just "Sure, let's let the two biggest residential ISPs merge and then let's make it totally legal to snoop on traffic for advertising purposes." Disinformation Purveyor :verified_think: likes this. -
Cuddly Lovely Sassy Motherfucker :verified: - https://the-mad-pirate-prints.com/ (themadpirate@freespeechextremist.com)'s status on Saturday, 06-May-2023 05:16:19 JST 
Cuddly Lovely Sassy Motherfucker :verified: - https://the-mad-pirate-prints.com/
@p @SoyMagnus @Humpleupagus @thatguyoverthere
Which Ajit Pai greenlit; it was illegal for ISPs to inspect your traffic before he did that
Well, you know, the all powerful, all seeing government has to has a way to catch those pesky “Terrorists”, right ?.
-
Cuddly Lovely Sassy Motherfucker :verified: - https://the-mad-pirate-prints.com/ (themadpirate@freespeechextremist.com)'s status on Saturday, 06-May-2023 06:05:42 JST
Cuddly Lovely Sassy Motherfucker :verified: - https://the-mad-pirate-prints.com/
@thatguyoverthere @p @Humpleupagus @SoyMagnus They come for the ad intelligence, they stay for the personal info. Disinformation Purveyor :verified_think: likes this. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Saturday, 06-May-2023 07:29:57 JST
Soy_Magnus
@p @Humpleupagus @thatguyoverthere wasn't khajiit pie that India guy from google¿ is there any way to plug up the leaks or is that an idiosyncratic risk of that kind of tech¿ Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Saturday, 06-May-2023 07:35:52 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus @p patterns always emerge with enough data. Even the lack of patterns is itself a pattern. I think signaling you use a vpn is probably less of an indicator that you might be interesting than signalling that you use tor or i2p though. I could be wrong, but it seems like vpns are pretty popular among the average consumer these days so it wouldn't be as interesting to see vpn traffic as it would to see someone using i2p or tor which probably much better at detaching what you are actually doing from your identity (especially since many vpn users are using a handful of providers). -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Saturday, 06-May-2023 07:36:42 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus @p ** a handful of providers and using identity linked payment methods -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Saturday, 06-May-2023 19:18:25 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus @p yeah in the book I mentioned earlier there is a chapter on chaff which is basically adding noise to the signals you can't help but send. I can't do much to mask the use of a VPN, but whatone idea I had is to build a web crawler that I run both inside and outside of the tunnel. Inside so that there is more encrypted traffic and outside to act as a kind of decoy dataset. If you ran something like that 24/7 it would be mixed in with your regular traffic and it would help to mask peak usage times too which might hide your sleeping patterns. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Saturday, 06-May-2023 19:18:26 JST
Soy_Magnus
@p @Humpleupagus @thatguyoverthere okay so that's interesting. Instead of pluggingnuo the holes you send out a bunch of decoy signals to throw off the trail. I like that (and also fuck all government agencies, especially ones that aren't run by cats) -
pistolero :thispersondoesnotexist: (p@freespeechextremist.com)'s status on Saturday, 06-May-2023 19:18:29 JST
pistolero :thispersondoesnotexist:
@SoyMagnus @Humpleupagus @thatguyoverthere Turns out he's now running the FCC. Thank Trump for that one.
You can fuzz the SSL handshakes (Chrome does this now, so ja3 doesn't work), you can randomly shove other traffic through the pipeline to make it hard to tell your actual traffic. -
Soy_Magnus (soymagnus@freespeechextremist.com)'s status on Saturday, 06-May-2023 20:22:04 JST
Soy_Magnus
@thatguyoverthere @Humpleupagus @p have you considered publishing any of your work on github¿ it sounds like your doing stuff advanced enough that you might be able to make a nice passive income off your creativity Disinformation Purveyor :verified_think: likes this. -
Disinformation Purveyor :verified_think: (thatguyoverthere@shitposter.club)'s status on Saturday, 06-May-2023 20:22:45 JST
Disinformation Purveyor :verified_think:
@SoyMagnus @Humpleupagus @p yeah eventually I hope to put something together. I need to manage my time better.
-
All 076萌SNS content and data are available under the 
