Ultimate Anonymity

I'm thinking of sending these people my money. Any comments on how
useful or otherwise their program is?

Re: Ultimate Anonymity

"Rick D" <> wrote:
> I'm thinking of sending these people my money. Any comments on how
> useful or otherwise their program is?

If you want anonymity, why not just using Tor or JAP/AN.ON?

Yours,
VB.
--
Ein vision statement ist in aller Regel planfreies Gelalle einer Horde
realitätsferner Spinner.
Dietz Pröpper in d.a.s.r

Re: Ultimate Anonymity

Volker Birk wrote:
> "Rick D" <> wrote:
>> I'm thinking of sending these people my money. Any comments on how
>> useful or otherwise their program is?
>
> If you want anonymity, why not just using Tor or JAP/AN.ON?
>
> Yours,
> VB.

The German authorities have a backdoor installed in JAP/AN.ON. Feel
free to Google it for the whole story.

I just researched the topic over my winter vacation and came to the
conclusion that Tor is the best anonymity tool. It was produced by the
U.S. Navy, it is open source and fully documented, and it is supported
by the Electronic Frontier Foundation.

If anyone has a different opinion and can offer a reasonable argument I
would be glad to read it.

Re: Ultimate Anonymity

In article ,
Alvin Schurman wrote:
>The German authorities have a backdoor installed in JAP/AN.ON. Feel
>free to Google it for the whole story.

Hmmm, the googling that I've just done says the opposite, that
AN.ON was successful in getting the surveilance order vacated.

http://lists.grok.org.uk/pipermail/full-disclosure/2003-Sept ember/010390.html&e=10384

http://anon.inf.tu-dresden.de/strafverfolgung/index_en.html& e=10384

http://anon.inf.tu-dresden.de/strafverfolgung/bericht_en.pdf &e=10384

Re: Ultimate Anonymity

Alvin Schurman wrote:
> Volker Birk wrote:
> > "Rick D" <> wrote:
> >> I'm thinking of sending these people my money. Any comments on how
> > If you want anonymity, why not just using Tor or JAP/AN.ON?
> The German authorities have a backdoor installed in JAP/AN.ON. Feel
> free to Google it for the whole story.

Yes. Please read the whole story. And what's with Tor?

> I just researched the topic over my winter vacation and came to the
> conclusion that Tor is the best anonymity tool. It was produced by the
> U.S. Navy

Does not sound like there is no backdoor ;-)

OK, forget that. Neither Tor nor JAP are offering what the two of us
would call "absolute anonymity". But both are giving a good possibility
to get a good amount of anonymity, if one choses nodes for the onion
routing in a clever way.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Ultimate Anonymity

Walter Roberson wrote:
> In article ,
> Alvin Schurman wrote:
> >The German authorities have a backdoor installed in JAP/AN.ON. Feel
> >free to Google it for the whole story.
> Hmmm, the googling that I've just done says the opposite, that
> AN.ON was successful in getting the surveilance order vacated.

Yes, in this first (and until now, only) case.

Because JAP is Free Software, too, reading the source code offers you
the "back door" (which is in fact a documented front door) for legal
interception.

And this is, why chosing nodes is so important, because if a state wants
to do legal interception, then they must bind _every_ node's driver.

This is true for AN.ON as well as for Tor.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Ultimate Anonymity

Volker Birk wrote:
> Alvin Schurman wrote:
>> Volker Birk wrote:
>>> "Rick D" <> wrote:
>>>> I'm thinking of sending these people my money. Any comments on how
>>> If you want anonymity, why not just using Tor or JAP/AN.ON?
>> The German authorities have a backdoor installed in JAP/AN.ON. Feel
>> free to Google it for the whole story.
>
> Yes. Please read the whole story. And what's with Tor?
>
>> I just researched the topic over my winter vacation and came to the
>> conclusion that Tor is the best anonymity tool. It was produced by the
>> U.S. Navy
>
> Does not sound like there is no backdoor ;-)
>
> OK, forget that. Neither Tor nor JAP are offering what the two of us
> would call "absolute anonymity". But both are giving a good possibility
> to get a good amount of anonymity, if one choses nodes for the onion
> routing in a clever way.
>
> Yours,
> VB.

Thanks for the replies.

I agree with your suspicion about the Navy. History has shown us that
govenments and militaries are the last people to trust with personal
privacy. But I think tor is a different creature. I read an article
about how tor was released by the military to the public so that:

1. U.S. mil & gov snoops would have a cloud of public users as cover.

2. A potential method for providing anonymous communications in and out
of counties like China.

I won't reference the article because it was written with a
paranoid/schizo slant, but regardless of that I think it had some sound
logic.

You sound like you know what you're talking about so I have a technical
question for you if you don't mind. I thought tor always routed through
3 unspecified nodes. How can you specify which onion routers to use?
Are you talking about sending traffic through a personal tor server
prior to usual routing?

Thanks.

Re: Ultimate Anonymity

Alvin Schurman wrote:
> I thought tor always routed through
> 3 unspecified nodes. How can you specify which onion routers to use?

You can do this indirectly by choosing a directory server, with the
exception of entry and exit nodes. These nodes you can enforce.

Additionally, you can define, which nodes will _not_ be used.

> Are you talking about sending traffic through a personal tor server
> prior to usual routing?

Not only.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Ultimate Anonymity

Volker Birk wrote:
> Alvin Schurman wrote:
>> I thought tor always routed through
>> 3 unspecified nodes. How can you specify which onion routers to use?
>
> You can do this indirectly by choosing a directory server, with the
> exception of entry and exit nodes. These nodes you can enforce.
>
> Additionally, you can define, which nodes will _not_ be used.
>
>> Are you talking about sending traffic through a personal tor server
>> prior to usual routing?
>
> Not only.
>
> Yours,
> VB.

VB,

Thank you for the info. It sounds like you know quite a bit about tor.
I've heard about the DNS leaks, but I haven't read everything about
overcoming them yet. I've also heard that the individual server
maintainers can mess with the code/implementation and defeat the
anonymity of the system in certain cases. It sounds like there are
certain nodes you'd be wary of using. Can you say which nodes are areas
of nodes?

Did you glean all of your data from the manual or is there a website or
resource you could recommend?

Thanks again for the replies.

Re: Ultimate Anonymity

Alvin Schurman wrote:

> I agree with your suspicion about the Navy. History has shown us that
> govenments and militaries are the last people to trust with personal
> privacy. But I think tor is a different creature. I read an article
> about how tor was released by the military to the public so that:

A couple of points about this. First, it was the Naval Research Lab
that supported the original onion routing work -- there's a pretty
significant difference in attitude between NRL and a more traditional
military setting.

Second, Tor is being developed with support from both the military and
EFF. A very odd combination. I know the prime guy behind Tor, and
trust me when I tell you he's no military stooge. He's much more in
the EFF mold, but the military is willing to fund the work he wants to
do, so why not?

--

Steve Stringer
sillybanter@gmail.com

Re: Ultimate Anonymity

Alvin Schurman wrote:
> I've heard about the DNS leaks, but I haven't read everything about
> overcoming them yet.

Using DNS for identifying nodes of course is a problem, because DNS is
not secure. But the main problem is with the directory server you're
using. If it is compromized, then anything is compromized with Tor.

> I've also heard that the individual server
> maintainers can mess with the code/implementation and defeat the
> anonymity of the system in certain cases.

I cannot see that a single server maintainer can do this.

> It sounds like there are
> certain nodes you'd be wary of using. Can you say which nodes are areas
> of nodes?

This is a general question: to make onion routing work, you need at
least one node in the chain you can trust in.

> Did you glean all of your data from the manual or is there a website or
> resource you could recommend?

I did receive this information by reading the documentation, having a
look on the source code, and trying it out.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Ultimate Anonymity

Volker Birk wrote:
> Alvin Schurman wrote:
>> I've heard about the DNS leaks, but I haven't read everything about
>> overcoming them yet.
>
> Using DNS for identifying nodes of course is a problem, because DNS is
> not secure. But the main problem is with the directory server you're
> using. If it is compromized, then anything is compromized with Tor.
>
>> I've also heard that the individual server
>> maintainers can mess with the code/implementation and defeat the
>> anonymity of the system in certain cases.
>
> I cannot see that a single server maintainer can do this.

As far as I know, a maintainer can snoop all plain text leaving the
router and has access to the tor logs.

ref1:

ref2:


>
>> It sounds like there are
>> certain nodes you'd be wary of using. Can you say which nodes are areas
>> of nodes?
>
> This is a general question: to make onion routing work, you need at
> least one node in the chain you can trust in.
>

It actually wasn't a general question. my question was in response to
this remark by you:

"Additionally, you can define, which nodes will _not_ be used."

That led me to think that you had a list of servers that you didn't
trust or that you knew something interesting.

>> Did you glean all of your data from the manual or is there a website or
>> resource you could recommend?
>
> I did receive this information by reading the documentation, having a
> look on the source code, and trying it out.

Having a look on the source code and trying it out???

Do you have any references for me to read?

I want to learn why you recommended AN.ON as an anonymity solution and I
want to know why you then implied that tor, like JAP, also has a backdoor?

Are you a Phd, CISSP, grad student? Do you have any professional
security credentials? You could be anyone, so without references for me
to read I'm just going to go on believing that tor is the best single
non-invasive anonymity solution we have at present. Wasn't that the issue?

Re: Ultimate Anonymity

Alvin Schurman wrote:
> >> I've also heard that the individual server
> >> maintainers can mess with the code/implementation and defeat the
> >> anonymity of the system in certain cases.
> > I cannot see that a single server maintainer can do this.
> As far as I know, a maintainer can snoop all plain text leaving the
> router and has access to the tor logs.
> ref1:
> ref2:

Your references are not showing this. And, having a look onto how Tor
works, I cannot see that any Tor server has access to the plaintext,
but the last one in a route (which must have). But this one cannot see,
from where the traffic is.

And using encryption, say: SSL or SSH, even will prevent this.

> >> It sounds like there are
> >> certain nodes you'd be wary of using. Can you say which nodes are areas
> >> of nodes?
> > This is a general question: to make onion routing work, you need at
> > least one node in the chain you can trust in.
> It actually wasn't a general question. my question was in response to
> this remark by you:
> "Additionally, you can define, which nodes will _not_ be used."
> That led me to think that you had a list of servers that you didn't
> trust or that you knew something interesting.

Sorry, I'm not a frequent Tor user (more often, I'm using AN.ON), so I
did not have a closer look onto the concrete nodes yet. I'm just talking
about security considerations.

> >> Did you glean all of your data from the manual or is there a website or
> >> resource you could recommend?
> > I did receive this information by reading the documentation, having a
> > look on the source code, and trying it out.
> Having a look on the source code and trying it out???

Yes.

> Do you have any references for me to read?

http://tor.eff.org/cvs/tor/doc/design-paper/tor-design.html

Very interesting in this paper i.e. is 7. Attacks and Defenses.

Here you can get the source code: http://tor.eff.org/download.html.en

> I want to learn why you recommended AN.ON as an anonymity solution and I
> want to know why you then implied that tor, like JAP, also has a backdoor?

I don't think, that Tor already has a backdoor (in fact, I didn't find
one yet ;-)

I just wanted to remember, that attacks on directory servers for legal
interception purposes quickly could lead into a solution for intelligence
services.

> Are you a Phd, CISSP, grad student?

While I'm teaching at a small university, and I'm CTO and software architect
in a software developing company, as a matter of fact I did not complete a
study myself. Most of my engineers and developers have, though ;-)

> Do you have any professional
> security credentials?

What? ;-)

> You could be anyone, so without references for me
> to read I'm just going to go on believing that tor is the best single
> non-invasive anonymity solution we have at present.

BTW: I agree with you here. And AN.ON is not worse, if you have one
node in it you can trust.

I just wanted to discuss the borders, both are facing.

BTW: the reason, why I'm more often using AN.ON/JAP and not Tor, is
performance.

Yours,
VB.
--
maximum inquementum tum biguttam egresso scribe. meo maximo vestibulo
perlegamentum da. da duo tum maximum conscribementa meis listis. dum listis
decapitamentum damentum nexto fac sic nextum tum novumversum scribe egresso.
lista sic hoc recidementum nextum cis vannementa da listis. cis.

Re: Ultimate Anonymity

"Rick D" <> wrote:
> I'm thinking of sending these people my money. Any comments on how
> useful or otherwise their program is?


I think for the one time fee its well worth it. I have been using them
on a regualr basis since late 1998 or early 1999 so I have certainly got
my monies worth.

Them and Cotse are pretty much all I use and they work well together.

RW

Re: Ultimate Anonymity

Ultimate Anonymity is great to start with and the account lasts for
life, but it's a beginners service, I don't know how you could possibly
use it in conjunction with another paid service? They do offer anon
credit cards which is value in itself. I use: www.privacyoffshore.net
they offer great protection at a reasonable price, and lots of perks.