#archiveteam-bs 2017-09-16,Sat

↑back Search

Time Nickname Message
00:13 πŸ”— etudier has quit IRC (Quit: My MacBook has gone to sleep. ZZZzzz…)
00:19 πŸ”— melas has joined #archiveteam-bs
00:19 πŸ”— _refeed_ has joined #archiveteam-bs
00:51 πŸ”— godane has quit IRC (Quit: Leaving.)
01:10 πŸ”— BlueMaxim has joined #archiveteam-bs
01:17 πŸ”— refeed has joined #archiveteam-bs
01:17 πŸ”— refeed has quit IRC (Connection closed)
01:18 πŸ”— refeed has joined #archiveteam-bs
01:20 πŸ”— __refeed_ has joined #archiveteam-bs
01:25 πŸ”— _refeed_ has quit IRC (Ping timeout: 600 seconds)
01:25 πŸ”— refeed has quit IRC (Read error: Connection reset by peer)
01:28 πŸ”— Honno has quit IRC (Read error: Operation timed out)
01:36 πŸ”— _refeed_ has joined #archiveteam-bs
01:36 πŸ”— __refeed_ has quit IRC (Read error: Connection reset by peer)
01:44 πŸ”— _refeed_ has quit IRC (Quit: Leaving)
02:22 πŸ”— fie_ has quit IRC (Ping timeout: 255 seconds)
02:35 πŸ”— fie_ has joined #archiveteam-bs
02:53 πŸ”— brayden has quit IRC (Read error: Connection reset by peer)
02:54 πŸ”— godane has joined #archiveteam-bs
02:54 πŸ”— brayden has joined #archiveteam-bs
02:54 πŸ”— swebb sets mode: +o brayden
02:55 πŸ”— godane so i think my wifi or comcast is fing with me
02:59 πŸ”— yuitimoth has quit IRC (Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac)
02:59 πŸ”— yuitimoth has joined #archiveteam-bs
02:59 πŸ”— yuitimoth has quit IRC (Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac)
02:59 πŸ”— yuitimoth has joined #archiveteam-bs
03:09 πŸ”— pizzaiolo has quit IRC (Quit: pizzaiolo)
03:37 πŸ”— godane has quit IRC (Read error: Operation timed out)
03:42 πŸ”— arkhive has joined #archiveteam-bs
03:43 πŸ”— arkhive I am having trouble resetting my password on archiveteam.org
03:44 πŸ”— arkhive i want to update some stuff on the wiki.
03:55 πŸ”— drumstick has quit IRC (Ping timeout: 255 seconds)
04:08 πŸ”— arkhive has quit IRC (Quit: My iMac has gone to sleep. ZZZzzz…)
04:09 πŸ”— yuitimoth has quit IRC (Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac)
04:09 πŸ”— yuitimoth has joined #archiveteam-bs
04:27 πŸ”— VADemon_ has joined #archiveteam-bs
04:29 πŸ”— VADemon has quit IRC (Ping timeout: 255 seconds)
04:48 πŸ”— melas has quit IRC (melas)
04:49 πŸ”— Sk1d has quit IRC (Ping timeout: 250 seconds)
04:56 πŸ”— Sk1d has joined #archiveteam-bs
06:04 πŸ”— drumstick has joined #archiveteam-bs
06:07 πŸ”— DFJustin has quit IRC (Remote host closed the connection)
06:48 πŸ”— drumstick has quit IRC (Ping timeout: 255 seconds)
06:49 πŸ”— drumstick has joined #archiveteam-bs
07:07 πŸ”— DFJustin has joined #archiveteam-bs
07:07 πŸ”— swebb sets mode: +o DFJustin
07:11 πŸ”— DFJustin has quit IRC (Remote host closed the connection)
07:20 πŸ”— Honno has joined #archiveteam-bs
07:23 πŸ”— DFJustin has joined #archiveteam-bs
07:23 πŸ”— swebb sets mode: +o DFJustin
08:11 πŸ”— godane has joined #archiveteam-bs
08:40 πŸ”— schbirid has joined #archiveteam-bs
09:01 πŸ”— BartoCH has joined #archiveteam-bs
09:41 πŸ”— schbirid anyone able to get this to run with wpull? i am onl ygetting an immediate FINISHED... https://pastebin.com/raw/1MQ63tD6
09:41 πŸ”— schbirid probably PEBKAC but whyyy
09:46 πŸ”— JAA DEBUG Skipping β€˜http://www.zeit.de/’.
09:47 πŸ”— JAA Hmm
10:02 πŸ”— JAA Aaaah
10:02 πŸ”— JAA schbirid: The problem is in the reject regex.
10:02 πŸ”— JAA Among others, you ignore /www\.zeit\.de/, which matches http://www\.zeit\.de/.
10:05 πŸ”— JAA By the way, that regex could also use some other refinements, like replacing . with \. or removing the unnecessary backslashes in front of / and &.
10:05 πŸ”— JAA And /gtm\.js\.html$ to only match at the end of URLs.
10:06 πŸ”— schbirid oops
10:06 πŸ”— JAA The debug output of wpull could definitely be a bit more verbose though. I monkey-patched the DemuxURLFilter to figure out what was going on.
10:07 πŸ”— JAA That message should be something like "Skipping <URL> (reason: regex)".
10:07 πŸ”— schbirid \/(jobs|marktplatz|www|zeitreisen).zeit.de/ should not sk... oh
10:07 πŸ”— schbirid duh
10:08 πŸ”— schbirid man, how i wish wpull was maintained
10:11 πŸ”— JAA maintainable*
10:11 πŸ”— JAA trollius and exception-driven control flow doesn't make it easy. :-/
10:11 πŸ”— JAA don't*
10:12 πŸ”— schbirid =(
10:24 πŸ”— yuitimoth has quit IRC (Read error: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac)
10:24 πŸ”— yuitimoth has joined #archiveteam-bs
10:37 πŸ”— RichardG has quit IRC (Ping timeout: 260 seconds)
10:38 πŸ”— RichardG has joined #archiveteam-bs
10:51 πŸ”— Asparagir has quit IRC (Read error: Connection reset by peer)
10:51 πŸ”— godane has quit IRC (Read error: Operation timed out)
10:52 πŸ”— Asparagir has joined #archiveteam-bs
10:53 πŸ”— svchfoo3 sets mode: +o Asparagir
10:53 πŸ”— svchfoo1 sets mode: +o Asparagir
11:02 πŸ”— godane has joined #archiveteam-bs
11:11 πŸ”— BlueMaxim has quit IRC (Quit: Leaving)
11:16 πŸ”— sun_shine has quit IRC (Ping timeout: 245 seconds)
11:28 πŸ”— Soni has quit IRC (Ping timeout: 272 seconds)
11:48 πŸ”— Soni has joined #archiveteam-bs
11:50 πŸ”— Stiletto has quit IRC (Ping timeout: 250 seconds)
11:56 πŸ”— Soni has quit IRC (Ping timeout: 272 seconds)
12:05 πŸ”— Soni has joined #archiveteam-bs
12:09 πŸ”— REiN^ has quit IRC (Read error: Operation timed out)
12:09 πŸ”— REiN^ has joined #archiveteam-bs
12:17 πŸ”— refeed has joined #archiveteam-bs
12:33 πŸ”— drumstick has quit IRC (Read error: Operation timed out)
12:44 πŸ”— Mateon1 has quit IRC (Read error: Operation timed out)
12:45 πŸ”— Mateon1 has joined #archiveteam-bs
13:11 πŸ”— etudier has joined #archiveteam-bs
13:22 πŸ”— Mateon1 has quit IRC (Remote host closed the connection)
13:22 πŸ”— Mateon1 has joined #archiveteam-bs
13:35 πŸ”— dd0a13f37 has joined #archiveteam-bs
14:14 πŸ”— dd0a13f37 You were right about stating my intent
14:14 πŸ”— dd0a13f37 I got a reply from one of the service operators, they asked from where I was writing and what services I was operating
14:16 πŸ”— dd0a13f37 >Might want to explain a little bit about who you and why you want the info, so they don't think you work for the RIAA or MPAA or something.
14:51 πŸ”— dd0a13f37 Should I include this in my email:
14:51 πŸ”— dd0a13f37 The backups are uploaded to Internet Archive (archive.org), so the easiest way to back up the site would probably be to upload the gzipped torrent files via torrent directly from the server with aria2c or rtorrent (see http://archiveteam.org/index.php?title=Internet_Archive#Uploading_to_archive.org)
14:52 πŸ”— dd0a13f37 Or is there a better way?
15:07 πŸ”— schbirid what site?
15:07 πŸ”— dd0a13f37 itorrents.org
15:08 πŸ”— dd0a13f37 >Torrent files are cached on disk in gzip format making it extremely time consuming to search for any data contained within the torrent files.
15:08 πŸ”— dd0a13f37 >The torrent files are saved to disk in gzip format
15:11 πŸ”— schbirid if i was them, i would not want to give out info about what my service was seeding. might be super illegal stuff inside and publishing that will lead LE or trolls to discover that easily
15:12 πŸ”— dd0a13f37 They aren't seeding anything
15:12 πŸ”— dd0a13f37 They're a torrent cache site, they're not indexing it either
15:13 πŸ”— dd0a13f37 All they do is take torrents uploaded via API, hash them, store them as <hash>.torrent.gz, then serve them
15:14 πŸ”— schbirid ooh
15:14 πŸ”— schbirid mixed up with another site with similar layout in my head
15:15 πŸ”— dd0a13f37 I'm just asking if it's the technologically best solution and if I should recommend it
15:15 πŸ”— dd0a13f37 to make a torrent, seed with rtorrent/aria2, then upload to ia
15:27 πŸ”— dd0a13f37 has quit IRC (Ping timeout: 270 seconds)
15:31 πŸ”— dd0a13f37 has joined #archiveteam-bs
15:36 πŸ”— dd0a13f37 Apparently, all EFnet servers don't block Tor https://trac.torproject.org/projects/tor/wiki/doc/BlockingIrc
15:36 πŸ”— dd0a13f37 >​EFnet (most of the servers)
15:36 πŸ”— dd0a13f37 Which ones don't?
16:50 πŸ”— icedice has joined #archiveteam-bs
16:56 πŸ”— pizzaiolo has joined #archiveteam-bs
16:59 πŸ”— icedice Hi zino
16:59 πŸ”— icedice "Parameters negotiated with site owner, so don't fiddle with them /zino"
16:59 πŸ”— icedice ^ regarding https://theseus.fi/
16:59 πŸ”— icedice What did the site owner say?
17:00 πŸ”— icedice Was my archivation job a pain in the ass/expensive for them?
17:00 πŸ”— dd0a13f37 According to itorrents, they get 10-15k torrents/d, so around 200MB/day. They had "almost all", so running a complete bittorrent DHT crawler would probably be quite cheap IF you manage to get a hold of all the legacy data
17:01 πŸ”— dd0a13f37 although no, that can't be right, either they don't have it all or bittorrent usage has declined by a lot since some arbitrary date
17:02 πŸ”— icedice I think BitTorrent usage will start going up again evenually
17:03 πŸ”— JAA icedice: I believe they said that 1 concurrent connection is okay.
17:04 πŸ”— icedice Once the MAFIAA starts making it too difficult for filehosting sites and streaming sites to operate some people will go back to the resilient torrents
17:04 πŸ”— icedice JAA: Ok
17:05 πŸ”— icedice The chat logs here are archived btw, right?
17:05 πŸ”— JAA Yes. http://archive.fart.website/bin/irclogger_logs
17:05 πŸ”— icedice Do you remember any details? Channel/date/nick?
17:06 πŸ”— JAA They weren't here. zino contacted them via email, I think.
17:06 πŸ”— icedice Ah, ok
17:06 πŸ”— JAA He posted about it in #archivebot on 2017-09-07.
17:07 πŸ”— icedice The chat logs are apparently restricted
17:07 πŸ”— icedice Requires login
17:07 πŸ”— JAA Yeah. Unfortunately, I don't know the password for those logs.
17:08 πŸ”— icedice Ok
17:08 πŸ”— JAA (If anyone does, I'd appreciated a PM.)
17:08 πŸ”— icedice Do you remember if they were pissed off?
17:08 πŸ”— JAA Well, they banned the pipeline's IP.
17:08 πŸ”— icedice That's understandable
17:09 πŸ”— JAA This is what zino wrote: "The Finnish National Library guy was OK with us continuing the crawl with a concurrency of 1. So he'll unblock us."
17:09 πŸ”— icedice They probably thought it was a regular DDoS
17:09 πŸ”— icedice Ok
17:09 πŸ”— icedice Thanks
17:09 πŸ”— JAA DoS*
17:09 πŸ”— JAA I guess we did cause quite a bit of load on their server(s).
17:10 πŸ”— icedice Weren't there three workers on that archivation job initially?
17:10 πŸ”— JAA Yep
17:10 πŸ”— icedice Wouldn't that make it distributed?
17:10 πŸ”— JAA Which is the default
17:10 πŸ”— JAA No
17:10 πŸ”— JAA Three workers = three threads on the same machine.
17:10 πŸ”— icedice Ah
17:10 πŸ”— icedice Ok
17:23 πŸ”— arkhive has joined #archiveteam-bs
17:25 πŸ”— dd0a13f37 If they want to they can just start going after individual filesharers
17:26 πŸ”— dd0a13f37 the future is likely popcorntime/similar for a short while then some hackjob that's just decentralized enough that the last parts of the puzzle can be put in some obscure country where it doesn't get taken down
17:28 πŸ”— dd0a13f37 bittorrent is not secure or resillient, they could go after it a lot harder than they do right now
17:34 πŸ”— arkhive has quit IRC (Quit: My iMac has gone to sleep. ZZZzzz…)
17:38 πŸ”— arkhive has joined #archiveteam-bs
17:56 πŸ”— arkhive has quit IRC (Quit: My iMac has gone to sleep. ZZZzzz…)
18:01 πŸ”— etudier has quit IRC (Quit: My MacBook has gone to sleep. ZZZzzz…)
18:06 πŸ”— zino icedice: JAA got yuu up to date. Unfortunately shortly after restarting the job it hung with 90k links left or something. I'd rather let it be stalled until I have time to look at it so that no one reschedules the job and lands me in more trouble with the Finns.
18:08 πŸ”— icedice zino: I see, ok
18:10 πŸ”— icedice dd0a13f37: a logless, leak proof VPN and/or an anonymously purchased seedbox takes care of that
18:10 πŸ”— zino icedice, and fair warning, it might take weeks before I get to it.
18:10 πŸ”— icedice Ok, that's fine
18:12 πŸ”— icedice Even if we don't get those last links the site is still updating on more or less a yearly basis (students usually upload in the fall as far as I know, though there are probably a lot of exceptions to that as well), so the crawl could be redone in a few years or so
18:14 πŸ”— icedice BitTorrent is currently the most resillient solution for filesharing though
18:24 πŸ”— dd0a13f37 that doesn't make it resillient
18:25 πŸ”— dd0a13f37 you could go after vpn providers like in russia, and they're only good for downloading
18:25 πŸ”— dd0a13f37 there are much more resillient solutions, gnunet etc
18:26 πŸ”— dd0a13f37 bittorrent needs indexers, trackers, torrent caches, they're all centralized points of failure
18:26 πŸ”— dd0a13f37 can't you restrict the crawls to during the night if you're worried about load? can't imagine too many people wanting to download thesis papers at 5am
18:29 πŸ”— dd0a13f37 the upload rate feels quite constant, look at https://theseus.fi/recent-submissions and replace offset with different values, then look at upload date
18:42 πŸ”— icedice Can GNUnet handle huge filesizes and heavy loads from many downloaders?
18:42 πŸ”— icedice VPN hides uploaders just as good
18:42 πŸ”— icedice But yeah, dead torrents is a problem
18:44 πŸ”— icedice VPN bans only happen in totalitarian countries like Russia, China, and in the future maybe the UK at most in Europe
18:44 πŸ”— icedice But yeah, it's still an issue
18:45 πŸ”— icedice Private trackers are pretty secure in general though and well-seeded
18:48 πŸ”— dd0a13f37 Yes, GNUnet works like tor but instead of optimizing for low latency/low speed they optimized for high latency/high speed
18:49 πŸ”— dd0a13f37 Nobody important cares about torrents right now, but people were really upset about it in the 00's
18:50 πŸ”— dd0a13f37 All they do now is send out an abuse notice here and there, but they used to have lots of shady dealings (ddos, hacking, straight up bribery)
18:50 πŸ”— dd0a13f37 No, it hides uploaders but running a tracker behind a VPN isn't possible (unless you have a static IP, and then you're not really talking about a vpn)
18:51 πŸ”— dd0a13f37 Private trackers, same thing there, if they actually did give a shit they wouldn't be operational
19:07 πŸ”— icedice Ah
19:07 πŸ”— icedice I wasn't talking about trackers, just uploaders, but you're right
19:08 πŸ”— icedice They could probably do what some torrent sites do for their main site though
19:10 πŸ”— refeed has quit IRC (Ping timeout: 600 seconds)
19:10 πŸ”— icedice Which is set up a reverse proxy to some bulletproof hosting provider in some country that is on unfriendly terms with the US or at least doesn't give a shit about what Americans think
19:12 πŸ”— icedice For example, The Pirate Bay uses VinaHost - which is based in Vietnam - for their reverse proxy
19:12 πŸ”— icedice Venezuela wo
19:12 πŸ”— icedice uld probably also do the trick
19:13 πŸ”— icedice RuTracker would probably be operational even if it was on their radar, which it is
19:13 πŸ”— icedice since it's based in Russia
19:14 πŸ”— icedice RuTracker was in some official MAFIAA piracy shitlist from 2016
19:16 πŸ”— VADemon_ Rutracker is not based in Russia else they'd have been taken down. (they're banned but still online)
19:20 πŸ”— dd0a13f37 There are no bulletproof hosts though
19:21 πŸ”— dd0a13f37 Why do you think botnets use decentralized architectures?
19:22 πŸ”— dd0a13f37 They still need a domain, and you could just ask US ISPs to BGP hijack them
19:23 πŸ”— dd0a13f37 There is nothing preventing someone from just doing a DoS attack on VinaHost until they stop hosting them
19:25 πŸ”— dd0a13f37 The reverse proxy is the one that needs to be bulletproof, the backend can be hosted on amazon if you want
19:26 πŸ”— dd0a13f37 That the internet is "technologically uncensorable" is just an illusion, the only reason Tor works in e.g. China is because the US is a safe haven. Running a tor entry guard/bridge inside china is an excercise in futility
19:44 πŸ”— Xibalba has quit IRC (Remote host closed the connection)
19:46 πŸ”— Xibalba has joined #archiveteam-bs
19:50 πŸ”— icedice VinaHost is the reverse proxy
19:50 πŸ”— icedice Nobody knows who is really hosting The Pirate Bay
19:51 πŸ”— dd0a13f37 Yes, the real host doesn't matter since they will never get any abuse letters, the point of failure is vinahost
19:51 πŸ”— icedice Yeah
19:51 πŸ”— dd0a13f37 and TPB isn't heavily attacked. If you want to see what it looks like when someone with a large amount of resources wants to censor something, look at IS
19:52 πŸ”— dd0a13f37 internet archive, twitter, liveleak, any domains get shut down in a matter of hours
19:52 πŸ”— joepie91_ icedice: there's no such thing as a "logless VPN" (assuming referring to a third-party VPN service) as you can never verify that they are not keeping logs
19:52 πŸ”— dd0a13f37 They could be bound by contract to not, though
19:52 πŸ”— joepie91_ and VPN services absolutely _are not_ anonymous, the marketing from VPN service providers notwithstanding
19:53 πŸ”— joepie91_ dd0a13f37: no, they can't
19:53 πŸ”— joepie91_ contracts are null and void in a legal investigation and that's the only point where you're ever going to find out anyway
19:53 πŸ”— icedice The Iron Dong at least makes the whack-a-mole game a bit more difficult
19:53 πŸ”— icedice https://vc.gg/blog/announcing-the-iron-dong-hidden-service-backup-system.html
19:53 πŸ”— joepie91_ the idea of using VPNs for anonymity is 100% snakeoil
19:53 πŸ”— dd0a13f37 No, they would still violate the contract, they can't be forced to keep logs, so they would have to proactively (as opposed to reactively) do something
19:53 πŸ”— icedice I figured it wouldn't take long before you popped up :D
19:54 πŸ”— joepie91_ (and entirely perpetuated by the providers selling the services, because it has almost no operational costs and high profits, ie. lucrative business)
19:54 πŸ”— icedice Read some of the arguements on GitHub
19:54 πŸ”— icedice There are about 200+ VPN services
19:54 πŸ”— joepie91_ dd0a13f37: this is not representative of how these investigations work in reality
19:54 πŸ”— icedice The vast majority of them are pure shit
19:54 πŸ”— joepie91_ no, not "the vast majority of them" --- *every single one of them* is dishonest and should be avoided.
19:54 πŸ”— icedice Private Internet Access is confirmed to not log
19:54 πŸ”— joepie91_ bullshit.
19:54 πŸ”— dd0a13f37 There are VPN providers that have held up in court though.
19:55 πŸ”— joepie91_ there is no such thing as "confirmed to not log"
19:55 πŸ”— icedice Either that or they just straight up lied in court to protect someone behind a bomb threat
19:55 πŸ”— joepie91_ a specific party at one point either decided to make the claim without basis, or inspected a system that *at the time* did not show any evidence of logging
19:55 πŸ”— joepie91_ this is worthless if what you're going for is protection from authorities
19:56 πŸ”— dd0a13f37 If they've been in 100 court cases before, in all of which they've been confirmed not to keep logs, extrapolating, what will happen time #101?
19:56 πŸ”— joepie91_ icedice: very possible.
19:56 πŸ”— dd0a13f37 But why?
19:56 πŸ”— joepie91_ because it is operationally far cheaper and safer to quietly hand over logs and then publicly state on the record that they don't have logs?
19:57 πŸ”— icedice ProtonVPN, Mullvad, AirVPN, and OVPN.com are pretty much the only VPN services I'd classify as good enough
19:57 πŸ”— dd0a13f37 Most civilized countries have public police investigations
19:57 πŸ”— joepie91_ if you're willing to bet your freedom on that not being the case, then go ahead - but the idea that you can somehow 'confirm' reliably that a VPN service doesn't log, as a third party, is a complete myth
19:57 πŸ”— icedice And if I do something that needs complete anonymity then it would be via Tor Browser
19:58 πŸ”— joepie91_ dd0a13f37: right, those same civilized countries where the exact papertrail for investigations was retroactively made up to protect intelligence sources, and showing massive overreach from intelligence agencies?
19:58 πŸ”— icedice But for the most part I want to be able to torrent
19:58 πŸ”— icedice To not have my ISP log all of my shit
19:58 πŸ”— joepie91_ not a very convincing argument.
19:58 πŸ”— icedice (I trust any of those four VPN providers more than the fuckwads at my shady ISP)
19:58 πŸ”— dd0a13f37 sweden doesn't have any such track record, neither does it have a sufficiently functioning police
19:59 πŸ”— joepie91_ okay, I'm tired of arguing pseudo-privacy tropes for tonight
20:00 πŸ”— icedice It's not a perfect system, but it works well enough for the purposes I use it for
20:00 πŸ”— dd0a13f37 There is a difference between reactive and proactive, and there is a difference between getting one record from an inverted index and iterating over all of them
20:00 πŸ”— icedice I don't plan on leaking state secrets via VPN or something
20:00 πŸ”— joepie91_ (it's always the same series of arguments and I'm tired of running the same discussion on a loop for hours on end)
20:00 πŸ”— icedice But it's nice to have an encrypted connection on school WiFi
20:00 πŸ”— dd0a13f37 What are your thoughts on VPN providers with diskless servers?
20:00 πŸ”— icedice bs
20:01 πŸ”— icedice I sent an email to Mullvad asking if they could consider implementing it like OVPN.com had
20:01 πŸ”— icedice and they told me that it doesn't matter
20:02 πŸ”— icedice since an attacker could just have the traffic redirected and recorded elsewhere or something like that
20:02 πŸ”— icedice I can pull up the exact quote if you want
20:03 πŸ”— icedice And it's also nice to have some extra protection against data brokers and tracking companies
20:03 πŸ”— dd0a13f37 that's a fair point tbh
20:03 πŸ”— icedice and yeah, I know about browser fingerprinting
20:03 πŸ”— dd0a13f37 just use torbrowser like a normal person
20:03 πŸ”— dd0a13f37 that way you know exactly what guarantees you're getting and which ones you aren't
20:04 πŸ”— icedice I've taken countermeasures against that as well, like Random Agent Spoofer
20:04 πŸ”— icedice Why not both
20:04 πŸ”— dd0a13f37 random agent spoofer just adds to your fingerprint man
20:04 πŸ”— dd0a13f37 Because torbrowser is the absolute minimum, you can't get less
20:04 πŸ”— icedice I have it change for every request
20:05 πŸ”— icedice I don't want to run everything via Tor Browser
20:05 πŸ”— dd0a13f37 You're not protected against: canvas fingerprinting, web font fingerprinting, resolution (even without JS thanks to mediaqueries), js execution time,etc
20:05 πŸ”— icedice Firefox is good enough for me even if the protection isn't 100%
20:05 πŸ”— dd0a13f37 torproject has spent tremendous amounts of time on protecting against fingerprinting, it's still not 100% with JS
20:06 πŸ”— dd0a13f37 But random agent is just pure placebo
20:06 πŸ”— icedice There are two add-ons against canvas tracking, but they probably don't work anymore thanks to the WebExtensions thing
20:06 πŸ”— dd0a13f37 Use one agent and have it be something reasonably common that fits with your browser
20:07 πŸ”— dd0a13f37 Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
20:07 πŸ”— icedice That still collects all my info to one profile
20:07 πŸ”— icedice Running Tor Browser over VPN gives you a few advantages:
20:07 πŸ”— icedice Your ISP can't see that you're running Tor
20:08 πŸ”— dd0a13f37 that's irrelevant and you could use bridges for it
20:08 πŸ”— dd0a13f37 Tor over VPN is useful, but running random ua in it is not
20:09 πŸ”— icedice There is some protection against correlation attacks, zero day exploits, and malware that pings out your non-Tor IP
20:09 πŸ”— icedice An extra layer
20:10 πŸ”— dd0a13f37 yes, but if you're not using tbb then you're doing something very wrong
20:10 πŸ”— icedice I don't need TBB for everything
20:11 πŸ”— dd0a13f37 then you shouldn't use tor
20:11 πŸ”— icedice If I want to post something anonymously or something I'd use Tor Browser over VPN
20:11 πŸ”— icedice If it's just everyday stuff then I just use VPN
20:11 πŸ”— dd0a13f37 tor and tbb or regular connection and regular browser, mixing them is just an accident bound to happen
20:12 πŸ”— icedice I just use Tor Browser
20:12 πŸ”— icedice I don't use the standalone Tor network software
20:12 πŸ”— dd0a13f37 yes, which is secure, but it becomes less secure and not more by installing random agent spoofer
20:12 πŸ”— dd0a13f37 tor browser has a built in copy of tor, tor(daemon) is just useful for torifying other software
20:13 πŸ”— dd0a13f37 but browsers are such a big can of worms that you can't just chuck localhost:9050 in the proxy settings and call it a day
20:13 πŸ”— icedice I don't modify Tor Browser
20:13 πŸ”— dd0a13f37 good
20:13 πŸ”— icedice (not that stupid)
20:14 πŸ”— icedice Aside from the security settings (enable/disable JavaScript and all that) I don't touch anything
20:14 πŸ”— icedice Firefox I have to heavily modify to have some sort of privacy
20:14 πŸ”— VADemon_ the about:addons loads google tracking scripts ;)
20:15 πŸ”— icedice it does?
20:15 πŸ”— VADemon_ https://www.ghacks.net/2017/07/13/privacy-blunder-firefox-getaddons-page-google-analytics/
20:16 πŸ”— dd0a13f37 if you want privacy in firefox just modify it to become as similar to TBB as possible (user agent to tor, disable webrtc and canvas in about config, some more stuff in about:config)
20:16 πŸ”— VADemon_ The website it loads inside of about:addons does, but it's mozilla's website yet still
20:16 πŸ”— dd0a13f37 that's about it
20:16 πŸ”— dd0a13f37 i got to switch over to palemoon soon, firefox is going straight down the drain
20:19 πŸ”— VADemon_ The TotalSpoof add-on sets your UA to a common value. I believe it's better to use some generic wide-spread FF UA than using Tor Browser's
20:19 πŸ”— dd0a13f37 they're the same thing
20:19 πŸ”— dd0a13f37 torbrowser's ua is the most common ff ua
20:20 πŸ”— VADemon_ oh ok
20:21 πŸ”— dd0a13f37 https://panopticlick.eff.org/
20:21 πŸ”— dd0a13f37 one in 121.77/6.93 bits
20:21 πŸ”— dd0a13f37 what does your "privacy friendly" firefox get you?
20:22 πŸ”— VADemon_ less google pwnership
20:23 πŸ”— schbirid has quit IRC (Quit: Leaving)
20:23 πŸ”— dd0a13f37 this is for torbrowser
20:34 πŸ”— icedice <VADemon_> The TotalSpoof add-on sets your UA to a common value. I believe it's better to use some generic wide-spread FF UA than using Tor Browser's
20:34 πŸ”— dd0a13f37 they're both the same thing
20:34 πŸ”— icedice Nice, I'll probably replace Random Agent Switcher with TotalSpoof
20:34 πŸ”— VADemon_ I didn't know Tor Browser doesnt have its own UA. and it sounded like it did
20:35 πŸ”— dd0a13f37 De facto it has, it's just the one that's shared by the most others
20:35 πŸ”— Frogging I'm more concerned about HTML5 canvas fingerprinting
20:35 πŸ”— dd0a13f37 you can disable canvas
20:35 πŸ”— dd0a13f37 don't lose out on much
20:35 πŸ”— VADemon_ one in 6500 browsers, so current TotalSpoof's definitely bad
20:35 πŸ”— icedice Disable JavaScript
20:35 πŸ”— VADemon_ NoScript + uBlock Origin do the 99% of the job
20:35 πŸ”— icedice That disables the canvas trackers
20:35 πŸ”— icedice And wrecks most webpages
20:36 πŸ”— icedice https://alternativeto.net/list/security-and-privacy-enhancing-firefox-add-ons
20:37 πŸ”— icedice ^ I'm using all of this minus RequestPolicy (ain't nobody got time for that) and Mailvelope
20:38 πŸ”— dd0a13f37 doesn't firefox send a list of your addons
20:38 πŸ”— Frogging sometimes when I really don't want to be watched, I make a brand new VM or VPS
20:38 πŸ”— dd0a13f37 check your panopticlick score
20:38 πŸ”— icedice Oh, and Cookie AutoDelete instead of Self-Destructing Cookies
20:38 πŸ”— icedice Since Self-Destructing Cookies won't become a WebExtension
20:39 πŸ”— icedice The site has been calculating my fingerprint for forever
20:39 πŸ”— icedice Do I need to enable cookies for that site or something?
20:40 πŸ”— icedice Or maybe one of my many uBlock Origin filterlists is blocking something for the site?
20:40 πŸ”— VADemon_ uBlock Origin blocks it, NoScript won't allow to run ANYTHING to begin with
20:41 πŸ”— icedice But I can already tell you that my fingerprint is probably unique
20:41 πŸ”— icedice And I get a new fingerprint for each webpage I visit
20:41 πŸ”— lag has quit IRC (Remote host closed the connection)
20:42 πŸ”— dd0a13f37 didn't noscript have some really severe issues?
20:42 πŸ”— icedice Yeah, but I only use NoScript to block pop-ups / pop-unders
20:42 πŸ”— Frogging severe issues like what?
20:42 πŸ”— dd0a13f37 don't remember, might have been something with the developer
20:42 πŸ”— icedice ^ response to VADemon_'s comment
20:43 πŸ”— icedice The NoScript site has some ads that are almost impossible to block that appear on the update pages
20:43 πŸ”— icedice Advertising some crapware PC cleaner iirc
20:43 πŸ”— icedice PC Speedbooster or whatever
20:44 πŸ”— icedice But Tor Browser still uses NoScript, so it can't be too bad then
20:44 πŸ”— dd0a13f37 they change the settings though
20:44 πŸ”— dd0a13f37 there's no whitelist
20:44 πŸ”— dd0a13f37 by default
20:44 πŸ”— Frogging I'm running AdNauseam with dynamic filtering set such that it only runs on sites I explicitly specify
20:45 πŸ”— icedice I tried AdNauseum
20:45 πŸ”— icedice I like the idea, but it fucked up my browsers preformance to the point that it almost crashed within the first try
20:46 πŸ”— JAA I block most ads at the DNS level.
20:46 πŸ”— icedice Plus I prefer to block ads instead of toying around with them
20:46 πŸ”— icedice <Frogging> sometimes when I really don't want to be watched, I make a brand new VM or VPS
20:46 πŸ”— icedice You'd have to purchase that VPS anonymously then
20:46 πŸ”— frontop has quit IRC ()
20:47 πŸ”— icedice And Bitcoin is useless for that now btw
20:47 πŸ”— Frogging if I can do my bit to disrupt/unbalance the ad economy it makes me happy
20:47 πŸ”— Frogging yes, true
20:48 πŸ”— JAA icedice: Why "now"?
20:48 πŸ”— icedice So either an anonyous crypto-currency like Monero/Dash/Zerocoin, pre-paid cards like Paysafecard/Mint Prepaid/Neosurf, pre-paid debit/credit cards or cash
20:48 πŸ”— Frogging though I'm more concerned with automated systems linking requests together than I am with someone singling me out to try and steal my info from the VPS provider
20:49 πŸ”— Frogging unfortunately I think many of them do not accept prepaid CCs
20:49 πŸ”— icedice They don't have to steal the info from your VPS provider
20:49 πŸ”— dd0a13f37 if you're going to buy a brand new vps you might as well just use tor browser, it's not so slow
20:49 πŸ”— icedice Just coerce the VPS provider
20:50 πŸ”— icedice Especially if it's in Five Eyes
20:50 πŸ”— Frogging or that
20:50 πŸ”— Frogging maybe they already have all the info from VPS providers
20:50 πŸ”— icedice I'd probably use https://abelohost.com/ if I was to get a VPS to use as VPN
20:51 πŸ”— Frogging what do you think of PrivateInternetAccess?
20:51 πŸ”— icedice Since apparently Private Layer has gone to shit
20:51 πŸ”— Frogging https://www.privateinternetaccess.com/
20:51 πŸ”— icedice It's American
20:52 πŸ”— icedice That alone is enough for me to not use it
20:52 πŸ”— Frogging yes, but their FAQ says that America is one of the few countries that doesn't require them to retain logs
20:52 πŸ”— icedice The US is one of the worst jurisdictions in the world to run online services in if you care about privacy
20:53 πŸ”— dd0a13f37 But they're one of the best for freedom of speech
20:53 πŸ”— dd0a13f37 So you have to pick your poison
20:53 πŸ”— icedice All the US government needs to do is send a National Security Letter + gag order demanding that PIA starts logging users and handing the US government backdoor access
20:53 πŸ”— dd0a13f37 I've had this idea about running a site that dynamically moves content
20:54 πŸ”— icedice And then they either have to comply, shut down their company, or go to prison
20:54 πŸ”— icedice Like with Lavabit
20:54 πŸ”— dd0a13f37 so it has one server in germany used by default, if something is reported for hate speech it's moved to the US server, if it's reported for DMCA it gets moved to egypt/iraq
20:54 πŸ”— dd0a13f37 and so on
20:54 πŸ”— icedice Iceland has a pretty good jurisdiction
20:54 πŸ”— icedice But Freedom of Speech protection depends on what you're discussing
20:55 πŸ”— dd0a13f37 US has very strong no matter what
20:55 πŸ”— icedice True, but if your site is about US government leaks, the US is a shitty place to be
20:56 πŸ”— icedice If your site critizises immigration, you probably want to stay out of the UK, Germany, and Sweden
20:57 πŸ”— dd0a13f37 Then everywhere is
20:57 πŸ”— dd0a13f37 discussing them won't give you any problems
20:57 πŸ”— dd0a13f37 and leaking them will even if you're in venezuela
20:59 πŸ”— dd0a13f37 0..9 in ascii is encoded as 30..39 when viewed in hexadecimal
20:59 πŸ”— dd0a13f37 how fucking neat isn't that
20:59 πŸ”— icedice https://translate.google.com/translate?sl=sv&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fsv.wikipedia.org%2Fwiki%2FFlashback_Forum&edit-text=&act=url
20:59 πŸ”— dd0a13f37 Flashback is hosted in the US
20:59 πŸ”— dd0a13f37 and for some unclear reason has rules against hate speech
20:59 πŸ”— icedice ^ Flashback moved to the US since it wasn't politically correct enough for Sweden
20:59 πŸ”— dd0a13f37 which are not enforced
21:00 πŸ”— dd0a13f37 that has to do with Law on responsibility for electronical bulletin boards
21:00 πŸ”— icedice brb
21:00 πŸ”— icedice has quit IRC (Quit: Leaving)
21:03 πŸ”— icedice has joined #archiveteam-bs
21:04 πŸ”— dd0a13f37 https://web.archive.org/web/20060504212948/http://www.sweden.gov.se:80/content/1/c6/02/61/42/43e3b9eb.pdf
21:05 πŸ”— icedice Frogging: Private Internet Access' one pro is that they have been tested in court
21:06 πŸ”— icedice The fact that they don't log could change though, depending on how hard the US government pressures them
21:06 πŸ”— dd0a13f37 https://www.flashback.org/regler 1.03 Incitement of racial hatred[hate speech] It's forbidden to threaten or express dislike against specially threatened [protected] groups, in regard to race, skin color, national or ethnical origin, faith or sexual identity.
21:07 πŸ”— Frogging wow, wtf
21:07 πŸ”— dd0a13f37 dislike is a bad translation though
21:07 πŸ”— dd0a13f37 but it's essentially parroted from swedish law for some unclear reason
21:08 πŸ”— Frogging the first one you posted says it does not apply to "services that are protected by the Freedom of the Press Act or the Fundamental Low on Freedom of Expression"
21:08 πŸ”— icedice The UK's anti-hate new speech law is even worse
21:08 πŸ”— Frogging Law*
21:08 πŸ”— icedice * new anti-hate speech law
21:08 πŸ”— dd0a13f37 Yes, that's if they have an issuing permit which is granted to newspapers, this also makes them immune to large parts of the law on personal data
21:09 πŸ”— dd0a13f37 which is why aftonbladet could legally hire hackers to hack flashback and then dox some random people
21:09 πŸ”— icedice Under the UK's new anti-hate speech law it's the "victim" who decides if you have broken the law
21:10 πŸ”— Frogging source?
21:10 πŸ”— dd0a13f37 Which one? "Criminal Justice and Immigration Act 2008"?
21:11 πŸ”— JAA The German one is also pretty bad.
21:13 πŸ”— dd0a13f37 swedish one is surprisingly sane all things considered, it doesn't restrict "relevant and trutful" statements nor statements made in private
21:15 πŸ”— fie_ has quit IRC (Leaving)
21:15 πŸ”— fie has joined #archiveteam-bs
21:23 πŸ”— icedice Frogging: https://www.youtube.com/watch?v=yfLl3KUnxSk#t=8m7s
21:23 πŸ”— icedice ^ the exact quote of the law is there in the video (can't find it on CPS' website atm)
21:23 πŸ”— icedice And a bunch of source links are in the description
21:24 πŸ”— icedice <JAA> The German one is also pretty bad.
21:24 πŸ”— icedice Yeah, was just about to say that
21:24 πŸ”— icedice Germany wants to police websites on an international level
21:25 πŸ”— JAA Germany wants the website's *operators* to police their websites.
21:25 πŸ”— dd0a13f37 how?
21:25 πŸ”— JAA Well, basically.
21:25 πŸ”— Frogging brb starting a controversial website
21:25 πŸ”— icedice And censor stuff for people who don't even live in Germany
21:25 πŸ”— icedice 56 million euro fines
21:25 πŸ”— dd0a13f37 But not the other way around? They wouldn't censor foreign websites?
21:26 πŸ”— Frogging how do they fine people who don't live in germany
21:26 πŸ”— icedice if appropriate action is not taken within 24 hours it's fine time iirc
21:26 πŸ”— icedice idk
21:27 πŸ”— JAA "Obviously illegal" content has to be deleted within 24 hours, less obvious cases must be reviewed within 7 days.
21:27 πŸ”— dd0a13f37 Anyone here interested in scraping bittorrent and has a VPS with decent internet and aria2c (available in repos)?
21:28 πŸ”— dd0a13f37 https://pastebin.com/Nz672PWc
21:28 πŸ”— JAA At least small platforms aren't affected by NetzDG. It's only relevant for social networks with more than 2M users, I think.
21:29 πŸ”— dd0a13f37 would build a nice starting point, when you have the most common ones then you can start with the more interesting scraping techniques
21:30 πŸ”— dd0a13f37 So basically just facebook?
21:30 πŸ”— JAA Facebook, Twitter, YouTube, and so on
21:31 πŸ”— dd0a13f37 facebook being forced to censor stuff is no big freedom of speech problem tbh
21:31 πŸ”— VADemon_ dd0a13f37: I have an idle dedi.
21:31 πŸ”— odemg bruh
21:31 πŸ”— odemg godane we got em
21:31 πŸ”— JAA odemg: The 24k tapes?
21:31 πŸ”— dd0a13f37 the big issue is when people feel they should take matters into their own hands (internet archive) and censor stuff
21:32 πŸ”— dd0a13f37 which is the only big political censorship on the internet i've ever seen
21:32 πŸ”— dd0a13f37 VADemon_: Interested in bittorrent scraping?
21:32 πŸ”— odemg JAA, yiss
21:32 πŸ”— JAA Nice!
21:32 πŸ”— VADemon_ Totally. I even have logs of my own bittorrenting to find the scraping bots :P
21:32 πŸ”— dd0a13f37 check out the pastebin link
21:33 πŸ”— godane odemg: thats good
21:33 πŸ”— odemg thank fuck, but also thanks myspleen for thinking they could get their hands on it :p
21:33 πŸ”— dd0a13f37 There is no public torrent archive, if you can download the easy ones properly then you can focus on the hard parts
21:34 πŸ”— dd0a13f37 as in, from another torrent, not from scraping
21:34 πŸ”— dd0a13f37 its a bit ugly but it should work
21:34 πŸ”— VADemon_ Scraping as in archiving or simply indexing?
21:34 πŸ”— dd0a13f37 scraping as in getting the torrent files but not downloading what they point to
21:35 πŸ”— dd0a13f37 getting all(all) torrent files is feasible (2-3tb of content at most), getting even a small fraction of torrent file contents is just impossible
21:36 πŸ”— dd0a13f37 you would end up with a large folder of files like "da39a3ee5e6b4b0d3255bfef95601890afd80709.torrent"
21:37 πŸ”— VADemon_ I need to tthink twice about it, because the server is located in germany and there have been precedents of lawyers catching up/downloaders of piracy torrents
21:37 πŸ”— dd0a13f37 indexing the files later on is trivial, all you need to do is put them into a bencode parser, put the results in a database, and apply fts directly to files
21:37 πŸ”— dd0a13f37 you're not downloading the files though
21:37 πŸ”— dd0a13f37 just the torrent files
21:37 πŸ”— VADemon_ I know.
21:38 πŸ”— dd0a13f37 if you have a VPN an ugly solution is to just install openvpn on the server while it's running
21:44 πŸ”— icedice JAA: About Bitcoin anonymity: http://cordis.europa.eu/news/rcn/141335_en.html
21:46 πŸ”— icedice There was also a post on /r/DarknetMarkets from someone who works with anti-money laundering for Australian banks who had attended a Blockchain analysis seminar
21:47 πŸ”— dd0a13f37 xmr.to
21:48 πŸ”— dd0a13f37 they also have an onion apparently http://xmrto2bturnore26.onion/
21:49 πŸ”— dd0a13f37 but really, they missed that train, if they want to do something now their only option is dos attacks on bitcoin nodes
21:49 πŸ”— icedice Apparently CIA sponsored big data company Palantir Technologies (started by Peter Thiel) has invented a system that with the help of banks can correlate Bitcoin payments back to the bank accounts used to purchase them
21:49 πŸ”— icedice Can't find the thread atm though :/
21:50 πŸ”— dd0a13f37 you can buy with cash, you could also use monero and an exchange as a tumbler (for example xmr.to as i linked earlier)
21:50 πŸ”— JAA Yeah, but what's new about that?
21:50 πŸ”— JAA Bitcoin was never designed to be anonymous.
21:51 πŸ”— JAA Well, you can use it completely anonymously by mining, but...
21:53 πŸ”— icedice https://www.reddit.com/r/DarkNetMarkets/comments/51hs6n/antimoney_laundering_and_counter_terrorism/d7c37k2/
21:53 πŸ”— dd0a13f37 There is also coinjoin
21:53 πŸ”— icedice ^ found the author
21:53 πŸ”— icedice The thread follow-up thread seems to be gone though
21:54 πŸ”— icedice Is Coinjoin like a Bitcoin tumbler?
21:54 πŸ”— icedice Because Palantir Technologies' system can detect that
21:54 πŸ”— dd0a13f37 >Out of habit spending habits
21:55 πŸ”— dd0a13f37 that's the only new one to me
21:55 πŸ”— dd0a13f37 You know how bitcoin transactions work? You have X inputs, and Y outputs. The hash of the txn has to be signed by all inputs.
21:55 πŸ”— icedice And when the author posted the follow up thread he mentioned that the system had been in use by Five Eyes banks for nine months
21:55 πŸ”— dd0a13f37 might be roleplaying
21:56 πŸ”— dd0a13f37 So what you do is you find some people who want to send coinjoin transaction, they send their transactions to some server, then you get a block
21:56 πŸ”— dd0a13f37 you only need to check that you're spending the right amount of money and that your recipient(s) are getting what you want them to
21:56 πŸ”— icedice Ok
21:56 πŸ”— dd0a13f37 then you sign it
21:56 πŸ”— dd0a13f37 and you don't know or care about the other transactions or who sent thme
21:57 πŸ”— dd0a13f37 so it's essentially a decentralized tumbler
21:57 πŸ”— dd0a13f37 and monero exists, if I was selling drugs on the darknet I would just pull all the transactions through monero
21:58 πŸ”— icedice And btw, I'm not into Darknet Markets. I just find some of the posts interesting to read from time to time
21:58 πŸ”— icedice Like the post where they discuss how to bury millions underground
21:59 πŸ”— icedice <dd0a13f37> and monero exists, if I was selling drugs on the darknet I would just pull all the transactions through monero
21:59 πŸ”— icedice Yup
22:01 πŸ”— icedice If I was to buy something anonymously online and the seller would be all right with not being anonymous, like a VPS, I'd probably buy using Paysafecard
22:01 πŸ”— dd0a13f37 if the seller is non-anonymous there already is a very simple solution
22:01 πŸ”— dd0a13f37 cash in mail
22:01 πŸ”— icedice Buy one of those in cash from a kiosk in a large city
22:02 πŸ”— icedice Yeah, but there a few cons there
22:02 πŸ”— icedice 1. You could get scammed
22:02 πŸ”— dd0a13f37 such as?
22:02 πŸ”— dd0a13f37 the seller can even fuck around with post boxes to be anonymous
22:02 πŸ”— dd0a13f37 1. good luck getting a chargeback with your anonymous paysafecard, the cost of a burner phone would be larger
22:03 πŸ”— icedice 2. It could get intercepted (though you could put it in a birthday card to arouse less suspicion I guess)
22:03 πŸ”— JAA PSC isn't anonymous in Germany anymore since a few years, by the way.
22:03 πŸ”— JAA Something something anti-money-laundering laws. Can't remember the details.
22:04 πŸ”— icedice 3. Most people who pay by mail probably leave their fingerprints all over it
22:04 πŸ”— dd0a13f37 2. you could just wrap it in paper
22:04 πŸ”— dd0a13f37 3. you could use gloves, it's only a problem if the seller keeps the envelopes
22:05 πŸ”— icedice Yeah
22:05 πŸ”— dd0a13f37 you're only worried about it being suspicious enough to get a postal worker to open it, they're not going to open random packages
22:06 πŸ”— JAA dd0a13f37: In Germany, they do sometimes.
22:06 πŸ”— dd0a13f37 the risk of paysafecard, tracking where it was bought, cameras, there is much more unpredictability than dumping a letter inside a mailbox
22:06 πŸ”— dd0a13f37 JAA: do what?
22:06 πŸ”— JAA Open random packages
22:06 πŸ”— dd0a13f37 Yes, but in the context of random checks
22:07 πŸ”— dd0a13f37 it's not drugs or anything, there are several perfectly legal vpn providers that accept cash in mail
22:07 πŸ”— icedice Yup
22:07 πŸ”— dd0a13f37 so they would definitely not steal something from when they're checking drugs/whatever
22:07 πŸ”— JAA True
22:07 πŸ”— JAA I'm not so sure about the stealing part, but yeah.
22:08 πŸ”— icedice https://www.webhostingtalk.com/showthread.php?t=1537627
22:08 πŸ”— icedice ^ Private Layer seems to have gone to shit
22:10 πŸ”— icedice I guess I'd probably use Orangewebsite (or maybe AbeloHost if it needed to be cheaper) for an anonymous VPS server for VPN
22:10 πŸ”— JAA Oh, interesting that you mention it.
22:10 πŸ”— icedice Any other good privacy respecting non-Five Eyes VPS providers that have decent support?
22:10 πŸ”— JAA The Daily Stormer's newest domain is registered through Orangewebsite.
22:11 πŸ”— felti has joined #archiveteam-bs
22:11 πŸ”— icedice Not planning on buying anything, but I like to look around at stuff like that
22:11 πŸ”— dd0a13f37 support is bad
22:11 πŸ”— dd0a13f37 the worse support, the better
22:12 πŸ”— dd0a13f37 support aren't your friends, they're also responsible for abuse handling
22:12 πŸ”— dd0a13f37 if they copypaste a template email in russian 2 months after receiving the request that's obviously better than responding politely and handing over your data
22:13 πŸ”— icedice Orangewebsite and AbeloHost both have great support according to reviews
22:13 πŸ”— dd0a13f37 that's bad
22:13 πŸ”— icedice But neither willingly hand over customer data
22:13 πŸ”— dd0a13f37 they still respond to abuse
22:14 πŸ”— icedice And at least AbeloHost ignores DMCA notices
22:14 πŸ”— icedice Since that carries no weight in the Netherlands
22:14 πŸ”— dd0a13f37 VPN providers have the advantage of sharing one IP
22:14 πŸ”— dd0a13f37 but they have european DMCA versions
22:14 πŸ”— dd0a13f37 don't remember the name
22:14 πŸ”— dd0a13f37 BREIN?
22:14 πŸ”— JAA Yep, BREIN
22:14 πŸ”— icedice AbeloHost basically doesn't give a shit until it goes to a Dutch court
22:15 πŸ”— JAA Well, that's the organisation that sues ISPs etc.
22:15 πŸ”— dd0a13f37 well, that's good, but OVH is infamous for having terrible support
22:15 πŸ”— dd0a13f37 and also hosting tons of botnet, spam, etc
22:15 πŸ”— icedice It's used a lot for hosting porn sites
22:15 πŸ”— dd0a13f37 so I'd trust them more
22:15 πŸ”— JAA Hahaha
22:15 πŸ”— JAA Lolno
22:15 πŸ”— icedice Since DMCA is apparently a pain in the ass (pun not intended) for porn site operators
22:15 πŸ”— dd0a13f37 there is nothing illegal about porn, if they're hosting child porn then you can start discussing freedom of speech
22:16 πŸ”— JAA A few years ago, dozens of private trackers, all hosted at OVH, got killed.
22:16 πŸ”— JAA Operators arrested etc.
22:16 πŸ”— dd0a13f37 Yes, of course, sometimes accidents happen
22:16 πŸ”— icedice No, regular porn
22:16 πŸ”— dd0a13f37 but in general
22:16 πŸ”— dd0a13f37 they're slower
22:16 πŸ”— dd0a13f37 yes of course
22:17 πŸ”— dd0a13f37 europe has the court ruling, you know the noe
22:17 πŸ”— JAA Possible, but I wouldn't trust them at all.
22:18 πŸ”— JAA Although the relevant people somehow heard about it before the shit hit the fan, so quite a few of the trackers had already shut down by the time police came knocking at OVH's door.
22:18 πŸ”— icedice People use it because hosting in America means that you always risk getting dropped by your hosting company when someone reports that there's copyrighted porn there
22:18 πŸ”— dd0a13f37 there is also cockbox (romania)
22:18 πŸ”— icedice lol
22:18 πŸ”— Frogging there's this also https://www.nearlyfreespeech.net/
22:18 πŸ”— Frogging not a VPS however. web hosting/domain registration.
22:19 πŸ”— icedice I know about both of those yeah
22:19 πŸ”— JAA Yeah, I think someone in here uses it actually.
22:19 πŸ”— icedice NearlyFreeSpeech is 'Murican though, wouldn't use that for privacy purposes
22:19 πŸ”— dd0a13f37 just use whichever one is cheapest, you can always throw a vpn with port forwarding on it
22:20 πŸ”— Frogging I've thought of doing that. It might be tricky to set up though
22:20 πŸ”— Frogging in a manner that is reliable, I mean
22:20 πŸ”— Frogging lots of API back-and-forth and failure modes
22:20 πŸ”— icedice The owner of OrangeWebsite is said to be an anarchist that strongly supports freedom of speech and both he and the company itself were strongly against the SOPA and PIPA legislations.
22:21 πŸ”— dd0a13f37 use tor for administration
22:21 πŸ”— dd0a13f37 a hidden service
22:21 πŸ”— dd0a13f37 then use iptables to make the vpn work
22:21 πŸ”— dd0a13f37 all that's left is fixing dns leaks, but some vpn providers run open dns
22:22 πŸ”— icedice Orangewebsite allows Tor exit nodes to be hosted there, so props to them for that
22:22 πŸ”— dd0a13f37 http://curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d6433616c7b67942fa86b0f894d32c8ed8.e34KaxiLc3qMb40Rch0SaxyMbhz0?text=&docid=187646&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1774727 curia.europa.eu/juris/document/document.jsf;jsessionid=9ea7d2dc30d6433616c7b67942fa86b0f894d32c8ed8.e34KaxiLc3qMb40Rch0SaxyMbhz0?text=&docid=191707&pageIndex=0&doclang=en&mode=lst&dir=&occ=first&part=1&cid=1774727
22:23 πŸ”— dd0a13f37 that's nice, then you can set up a tor exit node and allow all ports, then the 1% of actually relevant abuse notices can be blamed on tor
22:23 πŸ”— Frogging pfft
22:24 πŸ”— dd0a13f37 but really, unless you're doing some really edgy shit it's enough to just host it yourself on a .onion service
22:26 πŸ”— icedice I think AbeloHost is also used a bit for warez hosting
22:27 πŸ”— dd0a13f37 Can't they just use I2P?
22:28 πŸ”— icedice I'm fine with the setup I have
22:28 πŸ”— dd0a13f37 For warez hosting I mean
22:28 πŸ”— dd0a13f37 I2P is underrated
22:28 πŸ”— icedice ProtonVPN keeps the copyright nazis away and my IP away from trackers
22:29 πŸ”— icedice Don't really need anything more
22:29 πŸ”— icedice Ah
22:30 πŸ”— dd0a13f37 yes, VPN is fine for you, but if you want to host an actual warez server
22:30 πŸ”— dd0a13f37 why not just host it on i2p?
22:30 πŸ”— dd0a13f37 it's private anyway, so taking a few minutes to set it up for anyone interested doesn't matter
22:31 πŸ”— icedice I though we were still talking about self-hosted VPN on VPS servers
22:32 πŸ”— dd0a13f37 oh right, for the truly paranoid
22:32 πŸ”— icedice But yeah, that's an idea
22:32 πŸ”— icedice You don't get to mask you traffic though
22:33 πŸ”— icedice Unless you maybe invite some folks onto your VPN server
22:33 πŸ”— dd0a13f37 if the server is behind i2p, everyone connecting will have to use i2p
22:33 πŸ”— icedice I was talking about self-hosted VPN
22:34 πŸ”— dd0a13f37 you can make openvpn look like SSL
22:34 πŸ”— dd0a13f37 on port 443
22:34 πŸ”— icedice Yeah
22:34 πŸ”— icedice And run it behind restrictive firewalls
22:34 πŸ”— dd0a13f37 it's much better in practice to use a commercial provider, then your IP is shared with others
22:34 πŸ”— dd0a13f37 and ovpn.com apparently also offers a proxy that strips away tracking from pages
22:36 πŸ”— dd0a13f37 https://iknowwhatyoudownload.com/ for example this is not very funny if you're using a self hosted vpn
22:38 πŸ”— joepie91_ dd0a13f37: https://gist.github.com/joepie91/5a9909939e6ce7d09e29#but-i-want-to-confuse-trackers-by-sharing-an-ip-address
22:41 πŸ”— dd0a13f37 The reasonable assumption is, if they have a track record of not handing over logs, to assume that this is true rather than that "they" have fabricated court records for unclear reasons. >The $10/month that you're paying for your VPN service doesn't even pay for the lawyer's coffee, so expect them to hand you over. That only applies if they have them. In addition, some services such as OVPN have insurance for that purpose.
22:41 πŸ”— Frogging joepie91_: What does one do about WebGL fingerprints? NoScript for that too?
22:41 πŸ”— dd0a13f37 HMA did lose business from it, but their keeping logs was publically known from before
22:42 πŸ”— dd0a13f37 joepie91_: Your rebuttal is about tracking for advertising purposes. If there are 100 users with IP X, how will they know which one is me?
22:43 πŸ”— dd0a13f37 For torrenting etc
22:43 πŸ”— icedice EarthVPN also probably keeps logs even though they say they don't
22:43 πŸ”— Frogging he makes a concession for that in the next section dd0a13f37
22:43 πŸ”— Frogging "You want to hide your IP from a very specific set of non-government-sanctioned adversaries - for example, circumventing a ban in a chatroom or preventing anti-piracy scareletters."
22:43 πŸ”— dd0a13f37 Not really
22:43 πŸ”— Frogging but then goes onto say set up your own on a VPS... which would defeat that use case
22:43 πŸ”— icedice They claim that it was the data center keeping logs that got one of their customers busted, but I don't buy it
22:44 πŸ”— dd0a13f37 we don't have scareletters here, so only the government would care about it
22:44 πŸ”— dd0a13f37 not that they do, our police isn't working
22:44 πŸ”— joepie91_ "Your rebuttal is about tracking for advertising purposes." -- no, it's not, that is only one of the examples.
22:44 πŸ”— dd0a13f37 But that's what you're attacking.
22:44 πŸ”— Frogging joepie91_: but what of protocols where the only identifying information is the IP address (such as torrents)
22:45 πŸ”— dd0a13f37 If they do keep logs, then there's no way of proving I'm the one doing the offending activity since multiple people were using that IP
22:45 πŸ”— joepie91_ that premise is wrong
22:45 πŸ”— joepie91_ there's plenty of identifying information in TCP alone
22:45 πŸ”— icedice Setting up a leak proof VPN is hard: https://vpntesting.info/
22:45 πŸ”— joepie91_ further fingerprinting can be done by probing the client on the other end
22:45 πŸ”— joepie91_ whether TCP or UDP
22:45 πŸ”— joepie91_ etc.
22:45 πŸ”— joepie91_ different clients behave differently on different OSes in different versions
22:45 πŸ”— icedice So that's something to take into consideration as well
22:45 πŸ”— dd0a13f37 Also, using a VPN hides your physical location from geoip
22:45 πŸ”— joepie91_ with different kernel modules
22:45 πŸ”— joepie91_ and so on and so forth
22:45 πŸ”— Frogging joepie91_: but you *would* want to mask your traffic from your IP address in addition to concerns about TCP info leaks, no?
22:46 πŸ”— joepie91_ when it's about scareletters, yes - but "sharing an IP" isn't relevant there
22:46 πŸ”— joepie91_ (scareletter senders don't care whose machine it is, they just hold the IP subscriber responsible)
22:46 πŸ”— Frogging a VPS wouldn't accomplish that either; I've gotten scareletters when torrenting on a VPS
22:47 πŸ”— icedice Or I guess the leaks is more about the VPN client software than the VPN infrastructure
22:47 πŸ”— dd0a13f37 joepi91_ Say I feel the urge to send in a bomb threat to a school. 100 people were using that IP at that time. They turn over the logs. Who gets brought in for questioning?
22:47 πŸ”— dd0a13f37 joepie91_: *
22:48 πŸ”— joepie91_ Frogging: point being to put yourself in a locale that scareletter senders don't care about :P
22:48 πŸ”— joepie91_ dd0a13f37: whoever was on the other end of the connection at that time.
22:48 πŸ”— icedice https://torrentfreak.com/vpn-providers-no-logging-claims-tested-in-fbi-case-160312/
22:48 πŸ”— dd0a13f37 IPs are shared
22:48 πŸ”— joepie91_ ...
22:48 πŸ”— dd0a13f37 if there are multiple people on one IP at one point in time
22:48 πŸ”— joepie91_ you really need to read up more on how VPNs work
22:49 πŸ”— joepie91_ *external* IPs are shared
22:49 πŸ”— joepie91_ individual connections are logged, datetime/origin/external
22:49 πŸ”— joepie91_ therefore datetime stamp + external can be matched to origin IP
22:49 πŸ”— joepie91_ whether external IP is shared is irrelevant
22:49 πŸ”— dd0a13f37 Isn't it just the leases?
22:49 πŸ”— joepie91_ no
22:49 πŸ”— joepie91_ (also, s/IP/IP+port/ in the above)
22:49 πŸ”— joepie91_ (plus protocol)
22:50 πŸ”— joepie91_ point here being: the provider can easily correlate individual connections or datagrams to specific subscribers to the service, so long as the right amount of logging for that purpose is set up
22:51 πŸ”— joepie91_ iirc this is the default in many setups as well
22:51 πŸ”— drumstick has joined #archiveteam-bs
22:51 πŸ”— joepie91_ VPN provider has full visibility of all traffic and metadata
22:51 πŸ”— joepie91_ at all times
22:51 πŸ”— joepie91_ it's effectively just a proxy
22:52 πŸ”— dd0a13f37 Is it really? What log level does that require
22:52 πŸ”— joepie91_ going to vary by VPN protocol and implementation
22:53 πŸ”— joepie91_ and - or at least this was true ~2 years ago - there are certain logs in the default OpenVPN implementation that you can't disable without source patches
22:53 πŸ”— joepie91_ don't remember the extent of them, it's been a while
22:53 πŸ”— dd0a13f37 But you still haven't answered the reactive/proactive thing
22:54 πŸ”— dd0a13f37 A VPN provider that keeps logs can be forced to hand them over, sure
22:54 πŸ”— dd0a13f37 But that a VPN provider would proactively keep logs while claiming the opposite is fraud, and you're not making a convincing argument for why that would be the case
22:55 πŸ”— joepie91_ I don't particularly feel like an in-depth discussion as these discussions are extremely tiring and mood-destroying, and for every person I argue with there are two million more that still stubbornly believe the snakeoil they bought into is legitimate
22:56 πŸ”— joepie91_ but whether this is "fraud" is jurisdiction-dependent, as are the consequences for it
22:56 πŸ”— joepie91_ and in particular when the interests of governmental parties align with misrepresenting the logging policy, which they do, it's not at all certain that such claims are truthful
22:57 πŸ”— joepie91_ is it proven that every VPN provider logs? no. but "there are incentives for them to misrepresent their logging policy" should be enough to make you think thrice about trusting your traffic with them
22:58 πŸ”— joepie91_ the goal here isn't to prove that every VPN provider logs, the goal is to point out that you're trusting a single party with your sketchy traffic that has a number of incentives to behave against your best interests, and that it is an industry full of crooks
22:59 πŸ”— joepie91_ at best that is an unwise thing to get involved in, at worst it can cost you your freedom or - depending on where you are and what you're doing - your life
22:59 πŸ”— icedice ProtonVPN seems honest though. Instead of just saying "no logs" they admit that they log timestamps in order to prevent bruteforce attempts
22:59 πŸ”— joepie91_ question remains whether that's all they log.
22:59 πŸ”— icedice I think I'll switch my ISP's DNS to one of these:
22:59 πŸ”— icedice https://dnscrypt.is/
22:59 πŸ”— icedice https://servers.opennicproject.org/edit.php?srv=ns1.zh.ch.dns.opennic.glue
22:59 πŸ”— icedice https://servers.opennicproject.org/edit.php?srv=ns22.nl.dns.opennic.glue
22:59 πŸ”— Frogging opennic :D
23:00 πŸ”— joepie91_ like, for example, the idea that "sorry we don't have logs" translates to "okay good day sir" and the cops leaving through the front door, is very misguided
23:00 πŸ”— icedice https://servers.opennicproject.org/edit.php?srv=ns1.nh.nl.dns.opennic.glue
23:00 πŸ”— icedice https://servers.opennicproject.org/edit.php?srv=ns3.ro.dns.opennic.glue
23:00 πŸ”— joepie91_ "sorry we don't have logs" is far more likely to translate to "okay then we're going to hold you responsible for the traffic since you can't prove it was a customer of yours"
23:00 πŸ”— joepie91_ whiiiiich is why there's an incentive for a provider to keep logs
23:00 πŸ”— dd0a13f37 It would quite clearly be fraud in Sweden, the country in which both I and my VPN provider reside. They also have disincentives to do so which are stronger. They claim to have a specific configuration (a specific set of configuration files), so actively making false statements would require them to edit them before posting them which is more than just lying. The worst-case scenario, in the case that the VPN provider doesn't wholesale save my traffic
23:01 πŸ”— dd0a13f37 the situation I was in before. There are multiple cases of police investigations where you can see lines like "the IP number X.X.X.X belongs to a VPN provider" and it's apparent that that they don't even try, in some cases corresponcence is even posted.
23:01 πŸ”— dd0a13f37 >"sorry we don't have logs" is far more likely to translate to "okay then we're going to hold you responsible for the traffic since you can't prove it was a customer of yours"
23:02 πŸ”— dd0a13f37 That is not how swedish law works, which is an implementation of an EU directive.
23:02 πŸ”— joepie91_ (like I said: I don't intend to go into an in-depth discussion.)
23:02 πŸ”— icedice dd0a13f37: Mullvad, OVPN.com, VPNTunnel, or IPredator?
23:02 πŸ”— icedice I'm guessing Mullvad?
23:03 πŸ”— dd0a13f37 mullvad since they're the cheapest last time I checked and has a good track record
23:03 πŸ”— JAA (dd0a13f37: FYI, the web client cuts off long lines without telling you. For example, your first message three minutes ago ends with "wholesale save my traffic".)
23:03 πŸ”— icedice Mullvad is great
23:04 πŸ”— dd0a13f37 . The worst-case scenario, in the case that the VPN provider doesn't wholesale save my traffic (which sure would be something), is that my IP is exposed, the situation I was in before.
23:04 πŸ”— dd0a13f37 Was the missing part
23:04 πŸ”— icedice Don't require any personal info to set up an account
23:04 πŸ”— dd0a13f37 If efnet wouldn't ban Tor I wouldn't be using this shitty web client
23:04 πŸ”— icedice And they have even started selling retail boxes with anonymous account codes in Swedish stores
23:07 πŸ”— icedice dd0a13f37 have you tried https://convos.by/ ?
23:07 πŸ”— dd0a13f37 joepie91_: Your interpretation of holding VPN providers responsible is just straight up wrong, see http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32000L0031&from=EN under "Mere conduit"
23:08 πŸ”— icedice There's also http://ircanywhere.com/ but it hasn't been updated since November 4th, 2015
23:08 πŸ”— dd0a13f37 convos is a client for a bouncer or something like that
23:08 πŸ”— icedice I think I'll probably go with https://dnscrypt.is/
23:08 πŸ”— dd0a13f37 I'm using a proxy inside of the tor browser to access webchat
23:08 πŸ”— dd0a13f37 why not opennic?
23:09 πŸ”— icedice I prefer Iceland as jurisdiction
23:09 πŸ”— dd0a13f37 Both of those need a server to set them up on
23:10 πŸ”— icedice Besides, both OpenNic DNS operators and non-OpenNic DNS operators can lie about the DNS server being logless
23:10 πŸ”— icedice Yeah
23:10 πŸ”— icedice I thought you guys were into self-hosting
23:10 πŸ”— icedice There's always IRC Cloud, but then they'd have your chat history
23:11 πŸ”— JAA dnscrypt.is sounds a bit like snake oil as well.
23:11 πŸ”— JAA "DNSCrypt provides encryption for DNS similarly to how SSL/TLS does it for HTTP."
23:11 πŸ”— dd0a13f37 But then I could just ssh into the vps
23:11 πŸ”— JAA Well, except the hostname is still transferred in cleartext in HTTPS.
23:12 πŸ”— dd0a13f37 they are operated by https://1984hosting.com/ which I think has a good track record
23:12 πŸ”— JAA So a passive MitM will no longer be able to see your DNS queries, but if you access the host through HTTP or HTTPS afterwards, he can still see the relevant hostnames there. (And let's face it, that's the majority of the traffic.)
23:13 πŸ”— dd0a13f37 dnscrypt is a well known technology as far as I know, blaming the provider for this is just rude
23:15 πŸ”— JAA I disagree. They make it sound as though DNSCrypt will prevent an eavesdropper from figuring out what you're accessing, and that's just wrong.
23:16 πŸ”— dd0a13f37 https://www.opendns.com/about/innovations/dnscrypt/
23:16 πŸ”— JAA I'm talking only about the provider's wording, not about the underlying technology.
23:16 πŸ”— JAA I know what DNSCrypt is and how it works.
23:16 πŸ”— dd0a13f37 In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks.
23:17 πŸ”— dd0a13f37 It's the same wording
23:17 πŸ”— JAA Well yeah, OpenDNS is pretty crappy anyway.
23:17 πŸ”— JAA So I'm not surprised about that.
23:17 πŸ”— dd0a13f37 yeah, but they probably based it on that
23:17 πŸ”— dd0a13f37 they're not to blame here
23:19 πŸ”— JAA Well, since they even named the entire service after it, they should be a bit more transparent about what it actually does.
23:20 πŸ”— balrog has quit IRC (Quit: Bye)
23:23 πŸ”— balrog has joined #archiveteam-bs
23:23 πŸ”— swebb sets mode: +o balrog
23:24 πŸ”— icedice DNSCrypt is useless and outdated, as far as I've heard
23:25 πŸ”— dd0a13f37 I've gotten a response from 1/4 so far
23:25 πŸ”— icedice I just want a logless DNS in a privacy respecting jurisdiction
23:25 πŸ”— dd0a13f37 from itorrents
23:25 πŸ”— dd0a13f37 I don't expect any from torrentproject
23:25 πŸ”— dd0a13f37 so 1/3
23:25 πŸ”— icedice Preferably outside of the EU
23:25 πŸ”— JAA What do you mean by "outdated"?
23:25 πŸ”— icedice What happened to TorrentProject
23:25 πŸ”— dd0a13f37 Nobody knows
23:26 πŸ”— icedice DNSCrypt uses 1024 bit encryption
23:26 πŸ”— dd0a13f37 They went 403 on main page, .onion is still online (serving 403)
23:26 πŸ”— dd0a13f37 Mail didn't bounce
23:26 πŸ”— dd0a13f37 Just went dark one day
23:26 πŸ”— icedice Minimum nowadays would be 2048 bit
23:26 πŸ”— JAA It has always been pretty useless regarding what it was advertised as. I do use it sometimes though to get around firewalls blocking normal DNS.
23:26 πŸ”— JAA Ah, right.
23:26 πŸ”— icedice I read some article that shit all over it
23:27 πŸ”— balrog has quit IRC (Read error: Operation timed out)
23:27 πŸ”— icedice Don't remember much, but by the end it was pretty clear that there was no real point in using it
23:27 πŸ”— dd0a13f37 https://torrentfreak.com/the-pirate-bay-website-runs-a-cryptocurrency-miner-170916/ welcome to the new internet
23:30 πŸ”— dd0a13f37 Would people be interested in scraping the bittorrent DHT/collecting indexes? Should I add it to suggested projects?
23:34 πŸ”— icedice If you want to add something, add Salon.com
23:34 πŸ”— icedice https://nypost.com/2017/08/03/salon-struggling-to-pay-its-rent/
23:36 πŸ”— BartoCH has quit IRC (Quit: WeeChat 1.9)
23:37 πŸ”— dd0a13f37 Isn't that for newsgrabber?
23:40 πŸ”— icedice ?
23:40 πŸ”— icedice No idea what that is
23:41 πŸ”— dd0a13f37 http://www.archiveteam.org/index.php?title=NewsGrabber
23:41 πŸ”— balrog has joined #archiveteam-bs
23:41 πŸ”— swebb sets mode: +o balrog
23:43 πŸ”— dd0a13f37 has quit IRC (Quit: Page closed)
23:43 πŸ”— dd0a13f37 has joined #archiveteam-bs
23:44 πŸ”— arkiver #newsgrabber
23:46 πŸ”— dd0a13f37 It's a shame about the pdf archives though
23:46 πŸ”— dd0a13f37 But I guess that's a job for release groups et al
23:48 πŸ”— icedice has quit IRC (Quit: Leaving)
23:48 πŸ”— JAA icedice: So I've tried getting dnscrypt-proxy to spit out more information about the keys, but I've failed. I also couldn't find anything in the protocol specs. Are you sure you aren't confusing this with DNSSEC?
23:48 πŸ”— JAA Welp
23:50 πŸ”— JAA (DNSCrypt uses elliptic curve cryptography, so "1024 bit" doesn't make much sense in the context. I didn't find any information about key sizes anywhere though.)
23:52 πŸ”— dd0a13f37 Curve25519
23:52 πŸ”— dd0a13f37 In the current version, the construction, originally implemented in the NaCl cryptographic library and exposed under the name "crypto_box", uses the Curve25119 elliptic curve in Montgomery form and the hsalsa20 hash function for key exchange, the XSalsa20 stream cipher, and Poly1305 for message authentication. The public and secret keys are 32 bytes long in storage. The MAC is 16 bytes long, and is prepended to the ciphertext.
23:52 πŸ”— icedice has joined #archiveteam-bs
23:53 πŸ”— icedice Ok, thanks for the info
23:53 πŸ”— JAA The root keys in DNSSEC are 1024 bit RSA. But as I just found out, they'll be replaced by 2048 bit keys next month.
23:54 πŸ”— JAA About fucking time...

irclogger-viewer