-
M7918070_[m]
Are there any native GUI Monero clients?
-
selsta
M7918070_[m]: native as in?
-
moneromooo
Yes. monero-wallet-gui is the one made by the monero team. There are a few others, typically for specific platforms, like cakewallet and monerujo.
-
moneromooo
Whatever you do, don't use freewallet, it's widely thought to be a selective scam wallet.
-
M7918070_[m]
selsta, moneromooo: Native as in not web.
-
M7918070_[m]
moonero-wallet-gui isn't native, since it draws its own everything and uses a lot of resources doing so.
-
M7918070_[m]
-
selsta
monero-wallet-gui is not a webwallet.
-
M7918070_[m]
No, but it uses a browser layout engine
-
selsta
no
-
selsta
you might be mixing it up with electron
-
M7918070_[m]
Oh, monero-wallet-gui doesn't use Electron?
-
selsta
no
-
selsta
it uses Qt/QML
-
selsta
Also it does not use any noticeable amount of resources.
-
M7918070_[m]
ah, that's a surprise
-
selsta
Are you using a VM?
-
M7918070_[m]
But QML isn't native is it?
-
M7918070_[m]
It uses 400 MB of RAM. Or is that the Monero node?
-
moneromooo
Which process does ? monerod is the node. monero-wallet-gui is the wallet.
-
moneromooo
monero-wallet-gui uses some javascript though so I bet it sucks a bit of RAM ^_^
-
moneromooo
(Cheap shot)
-
selsta
QML is also used on embedded systems :D
-
M7918070_[m]
How can it use Javascript if it isn't a web application?
-
moneromooo
I was kinda waiting for that one.
-
M7918070_[m]
It causes my machine to become noticeably less responsive. top shows monero-wallet-gui
-
selsta
Are you using a VM?
-
moneromooo
Probably because it's busy sucking some javascript off the web to run.
-
M7918070_[m]
No, why?
-
moneromooo
Anyway, it uses opengl, which can be quite slow if it's not accelerated. There's an env var to use some fallback that's faster on software, selsta probably knows the actual name...
-
M7918070_[m]
Why does it use OpenGL?!
-
moneromooo
About js, moenro-wallet-gui runs its own js, not js from the web.
-
selsta
start it with QMLSCENE_DEVICE=softwarecontext
-
moneromooo
Not sure tbh. Probably because it's well supported and fast nowadays.
-
M7918070_[m]
Yeah that's not the part I'm concerned about
-
M7918070_[m]
But from a performance perspective, JS is slow as hell
-
moneromooo
Not when you have openGL next to it!
-
M7918070_[m]
It's not just a QoL issue, because it has another problem too.
-
selsta
I barely uses JS.
-
moneromooo
The JS is mostly glue fwiw, it's not.. yes, that.
-
M7918070_[m]
If you force kill it (e.g. via OOM killer), it loses your balance and you have to delete the sync file to start over
-
M7918070_[m]
yeah but I mean why is it using either of these things
-
M7918070_[m]
OpenGL is uses for video games to draw photorealistic landscapes and such
-
moneromooo
Right. That's step 2. Find your monero by killing baddies in a game.
-
M7918070_[m]
Monero-gui is some text and a bunch of checkboxes, input fields, etc
-
selsta
opengl can be used for various things
-
selsta
also if you want to ask, is it using win32 API? no
-
M7918070_[m]
selsta: thanks will try
-
moneromooo
Nowadays it's used for GUIs. Modern hw is pretty damn good at fillrate.
-
M7918070_[m]
yeah win32 API, that's the word. Are there any Monero GUIs which use Win32 API or similar for GUI?
-
moneromooo
ew.
-
moneromooo
Maybe.
-
M7918070_[m]
well sure but everyone doesn't have 'modern hardware', and it's annoying when you lose your balance
-
selsta
M7918070_[m]: Electrum is also using Qt by the way.
-
selsta
Same as monero-wallet-gui
-
M7918070_[m]
Electrum looks a bit boring, sure. But it does the job. More importantly, it does not suffer from issues related to drawing text on the screen.
-
selsta
Drawing text on screen?
-
M7918070_[m]
Well, it clearly doesn't use it as heavily then - it only uses 100MB of RAM and doesn't cause trouble.
-
moneromooo
I don't remember slowness when I used the gui, and I have a not super new laptop on a vm and no proprietary drivers. So it can probably be solved for you unless you're on 6502 or something.
-
M7918070_[m]
That's what it does, no? It does some backend processing, and then displays some text on the screen
-
as2333
JS is prolly more bloatware than opengl
-
M7918070_[m]
your balance and whatnot
-
M7918070_[m]
My point is, this should not be a problem. If you need any kind of hardware for the GUI to work, something is _terribly_ broken.
-
moneromooo
Did you try the QMLSCENE_DEVICE=softwarecontext thing anyway ? That might just fix it.
-
M7918070_[m]
This was a solvd problem in the 1990s already
-
M7918070_[m]
one sec
-
selsta
Like I said, QML is used in embedded devices. It’s not the problem.
-
M7918070_[m]
It uses less RAM and feels slightly snapper
-
M7918070_[m]
by about 15MB
-
M7918070_[m]
Then what is?
-
selsta
What kind of hardware do you have?
-
selsta
Is monerod syncing in the background?
-
moneromooo
Are you implying my syncing code is slow ? :D
-
moneromooo
(you can, it is)
-
selsta
No, but resource intensive :D
-
M7918070_[m]
Low-end laptop, integrated graphics
-
selsta
Are you using a Chromebook?
-
M7918070_[m]
Uh, I'm using the thin client mode. I can't get it to sync easily
-
M7918070_[m]
no, just a low-end laptop
-
M7918070_[m]
probably about the same specs though. 4GB of RAM, i5-6200U 2,2GHz
-
selsta
I remember someone having problems with a Chromebook.
-
moneromooo
Oh, that should run well on that, I ran it on that at some point.
-
moneromooo
(well, close to that)
-
moneromooo
And I did not even need the env var thing IIRC.
-
M7918070_[m]
it was more responsive with it
-
selsta
the only people needing the env var are usually people in a VM without any graphics drivers
-
M7918070_[m]
I have graphics drivers
-
moneromooo
Admittedly I didn't run it for like two years so maybe the renderer's changed.
-
selsta
nothing changed with the renderer
-
M7918070_[m]
But is there no wallet which just uses normal drawing? Like wxWidgets or w/e?
-
selsta
QML uses C++ with opengl to display. It shouldn’t be a problem on your hardware.
-
moneromooo
Oh you weren't kidding about 1990. I've not used wxwidgets since... ages ago.
-
M7918070_[m]
wxWidgets is nice, it's just a layer over the standard APIs
-
M7918070_[m]
no need to reinvent the wheel
-
moneromooo
Said the dude who had invented the square wheel :P
-
selsta
People wanted a custom design GUI so we used QML.
-
M7918070_[m]
yeah but it's the opposite scenario
-
M7918070_[m]
electron/javascript/whatever bloatware - fast to develop, painful to use
-
M7918070_[m]
win32/wxwidgets/native - painful to develop, nice to use
-
selsta
but like I said, your hardware should be plenty to display it without issues
-
M7918070_[m]
Is there a way to check which of the GUI and monerod is using my RAM?
-
moneromooo
top
-
M7918070_[m]
Because it ties into another issue, which is that monero is a juicy target for the OOM killer
-
M7918070_[m]
It just displays it as one
-
selsta
It uses 320MB RAM on my system.
-
M7918070_[m]
Are they running as one process?
-
M7918070_[m]
400MB here, although it's during sync
-
moneromooo
monerod is a separate process. If it doesn't show up, it's eithre nor running or your OS (or top) is drunk.
-
moneromooo
Or you I guess ^_^
-
M7918070_[m]
because the issue is this, since it uses so much memory, it becomes a juicy target for the oom killer
-
M7918070_[m]
Ah no I am using a remote server, so of course no monerod.
-
M7918070_[m]
So that explains it.
-
M7918070_[m]
Or does it go gui <-> local monerod <-> remote monerod?
-
selsta
Wallet scan can also be resource intensive.
-
moneromooo
It does that if you tell it to (bootstrap mode).
-
M7918070_[m]
yeah, and that I'm fine with
-
moneromooo
That's the safe option.
-
M7918070_[m]
but the thing is
-
M7918070_[m]
if it gets killed
-
M7918070_[m]
then it has to scan again
-
selsta
If you close the GUI a few times correctly, it can save the current progress.
-
M7918070_[m]
Also, what's the risks with remote nodes? The GUI says "Less secure", and there's a "Trusted node" checkbox
-
M7918070_[m]
alas no
-
M7918070_[m]
this is what happened:
-
M7918070_[m]
1. I scan, it works well
-
M7918070_[m]
2. I close and open it in the normal course of events
-
M7918070_[m]
3. It gets killed by OOM-killer. Balance is zero.
-
selsta
Getting killed does not make the balance go zero unless you are deleting the wallet cache.
-
M7918070_[m]
with kill -9 it does. Or whatever OOM killer uses.
-
moneromooo
Blindly trusting a stranger's node can cause:
-
moneromooo
- they can DoS you obviously
-
moneromooo
- they can feed you fake blocks
-
moneromooo
- if they know one of your addresses, they can send you "fake" monero
-
moneromooo
- they can censor your transactions
-
moneromooo
- the whole RPC becomes part of the attack surface, not just P2P comms
-
M7918070_[m]
Could you expand on 2 and 3? It seems like 1 and 4 are trivially solvable with Tor.
-
moneromooo
- you abdicate your decision power to that stranger
-
moneromooo
Do you start at 0 or 1 ?
-
M7918070_[m]
I thought I was just asking them for blocks and filtering myself. If that's the case, then how can they mess with them?
-
M7918070_[m]
start at 1
-
M7918070_[m]
fake blocks and fake monero
-
moneromooo
They send you blocks, but they can be fake blocks not from the actual chain.
-
M7918070_[m]
As in, not the longest chain?
-
moneromooo
So they can make a tx sending you monero, but since it;s not the chain, you think yo ugot some monero, but it's never actually sent.
-
moneromooo
Right.
-
moneromooo
Or even invalid for that matter.
-
M7918070_[m]
so double-spending?
-
M7918070_[m]
right, so they can't create XMR out of thin air
-
moneromooo
Could do too.
-
M7918070_[m]
How can they send invalid blocks though?
-
moneromooo
They can't, but they can make your wallet see monero that doesn't exist.
-
M7918070_[m]
The security model I'm familiar with is Bitcoin's. There, as long as you have one honest peer, you're fine.
-
moneromooo
Same here.
-
M7918070_[m]
That doesn't exist or that they don't hold on the real chain?
-
M7918070_[m]
Perhaps a stupid question, but how come I can only connect to one node in Monero guI then?
-
moneromooo
Wait, let me double check I'm getting your situation right here:
-
moneromooo
Oh. I thnk you're misunderstanding something here:
-
moneromooo
You're not running a node apparently. So the wallet is acting like an electrum style thing, except it verifies less and works more.
-
moneromooo
If you run your node like your should, then the risk above are gone.
-
moneromooo
If you run your node, then one honest peer and you're good, same as bitcoin.
-
M7918070_[m]
If we assume that Bob holds literally all Monero in existence, controls 100% of hash rate, and is honest. Then, can Mallory, who runs a node, fake-send me say 10000 XMR?
-
M7918070_[m]
Well yeah but that holds for electrum too
-
M7918070_[m]
I ask 10 nodes "hey do you have some transactions for this address" and they either say "yes, here you go" or "no"
-
moneromooo
If your node is connected to Bob, then no, she cannot.
-
M7918070_[m]
they can falsely say "no", but if they say "yes" I can verify it.
-
M7918070_[m]
no
-
M7918070_[m]
if I am just ocnnected to mallory
-
M7918070_[m]
as a thin node
-
moneromooo
Then it becomes more complicated. If you're running a node, she can't.
-
moneromooo
*unless*
-
moneromooo
she mines on her own low hash rate fork, sending you stuff, and you'll accept it since you're not seeing anything else.
-
moneromooo
But when you do find the longest chain agian, they'll go poof.
-
M7918070_[m]
Bob has 100% of hashrate, so she can't do that.
-
moneromooo
That'll only work in practice if she starts off a very old block where the network hash rate was low. Doing so now is impractical.
-
moneromooo
Well, you said you're not seeing Bob.
-
M7918070_[m]
In this example, we assume literally 100%, not 99.99%.
-
M7918070_[m]
Yeah
-
M7918070_[m]
she can not compute any block hashing work, say
-
moneromooo
Ah, then if you're running a node, and it she cannot mine anything, then she cannot send you fake monero.
-
M7918070_[m]
Because it seems like Monero thin client would be reasonably if it just connected to multiple remote nodes
-
M7918070_[m]
or am I missing smoething?
-
M7918070_[m]
no, I am not running a node in this scenario, I am running a thin client with the Monero GUI. I do not have the "trust" box checked.
-
moneromooo
No, it is a reasonable thing, just not done yet, and I'm not particularly interested in making it easier for people to not run their own node so it's low priority.
-
M7918070_[m]
I'm using a thin client, she has no mining hashrate. What can she do to me?
-
M7918070_[m]
Isn't TAILS adoption a good use-case?
-
M7918070_[m]
And if that is done, what level of security will it have?
-
M7918070_[m]
DoS is still there. They can't give me fake blocks (?). They can't censor my transactions.
-
moneromooo
If you're not running a node and are connecting to some third party's node, then the above list stands.
-
M7918070_[m]
Is the 'fake' monero just a regular double-spend? Is Monero more trusting of remote nodes than say Bitcoin's Electrum?
-
moneromooo
Yes. Run your own node.
-
moneromooo
Yes to the trust question.
-
moneromooo
People starting using stranger's nodes, but ffs, it's not MEANT to.
-
moneromooo
Would you use a stranger's dildo ? Most people would not. Use your own.
-
M7918070_[m]
Well you have to do something. Say you want to engage in online commerce while keeping your privacy safe. Then you use TAILS, right?
-
M7918070_[m]
And with TAILS, there is just no way to run a full node. It's complete madness. Each time you want to engage in transactions, you have to download 60GB? And store it in RAM?
-
moneromooo
I'm not very interested in that conversation. Maybe someone else is. I'll keep to the node one.
-
M7918070_[m]
OK far enough
-
M7918070_[m]
fair*
-
M7918070_[m]
"If you're not running a node ... then the above list stands" - even if I'm connected to several, if we assume such a thing were possible?
-
moneromooo
But yes, you can't dl 60 GB every time. Use a persistent volume, or whonix, or other.
-
moneromooo
If you were connected to several, if monero-wallet-{cli,gui} did support that, then the same would apply, just with a lot less likelihood (basically same reasoning as being eclipsed if you use your node).
-
M7918070_[m]
"Yes to the trust question." - how does it trust them more? If we compare say Electrum to Monero GUI thin client. What can go wrong in Monero while not in Bitcoin?
-
M7918070_[m]
So it's not more dangerous than using your own node, just antisocial?
-
moneromooo
I'm not familiar with Bitcoin, but my understanding is that electrum does checks. Monero wallet does not, becaiuse you're meant to connect to your trusted node, and the node does the verification.
-
M7918070_[m]
So what does the checkbox do?
-
M7918070_[m]
"Mark as Trusted Daemon"
-
moneromooo
That changes what the wallet sends the daemon. More efficient comms vs some info disclosure about owned outputs. If it's your own daemon and no MITM you don't care.
-
M7918070_[m]
Electrum does checks, yes. If you have at least one honest node, nothing can go wrong as I understand it.
-
M7918070_[m]
yeah ofc
-
M7918070_[m]
But in theory, could Monero be as safe for thin client use as Electrum?
-
M7918070_[m]
obv a bit less comfortable since it still has to scan, but w/e
-
moneromooo
I'm not familiar enough with Bitcoin to tell. I would say it's possible as a first approximation because I don't see any reason why it could not offhnad.
-
moneromooo
But that's not based on strong factual knowledge.
-
as2333
M7918070_[m], what do you think you gain by tails not remembering anything?
-
as2333
also you're assuming tor works?
-
M7918070_[m]
Forensics, but also ease of setup. I can make a TAILS USB and go.
-
M7918070_[m]
If the process is instead "make a TAILS external hard drive and leave it to sync overnight" the UX is somewhat degraded
-
M7918070_[m]
and I can't as easily get rid of the HDD either
-
M7918070_[m]
Tor works, no? It's not secure against a global adversary, but that isn't a design goal.
-
M7918070_[m]
"Tor stinks... but it could be worse"
-
as2333
so who's going to raid you...?
-
as2333
tor isn't secure against 'local adversaries' , AS level adversaries, et cetera
-
M7918070_[m]
I am doing nothing illegal, nobody is going to raid me. I am just looking out for my privacy.
-
as2333
-
as2333
M7918070_[m], so what's the point of tails allegedly being 'amnesic'
-
as2333
you'd be obviously better off having a copy of the chain
-
M7918070_[m]
Sure, but it makes everything more cumbersome.
-
M7918070_[m]
The whole point with TAILS is that it's read-only
-
M7918070_[m]
How is Tor not secure against a local adversary?
-
as2333
so you're using it and didn't do your homework?
-
M7918070_[m]
I did. How is it not secure?
-
as2333
you obviously didn't
-
as2333
-
as2333
take a look at articles discussign website fingerpriting
-
M7918070_[m]
No, the burden of proof lies on you. You can't just make a claim and back it up by posting to a respository of papers.
-
as2333
ok
-
M7918070_[m]
By website fingerprinting, do you mean biometrics?
-
as2333
you're a fucking idiot
-
as2333
nah
-
M7918070_[m]
Or mundane stuff like browser configuration
-
M7918070_[m]
Rude. It doesn't seem like either of these are applicable to Monero
-
M7918070_[m]
My thesis is this: Tor works, which is why the intelligence services spread FUD against it.
-
M7918070_[m]
(That and to lull people into a sense of complacency, but I digres)
-
moneromooo
It's certainly better than nothing.
-
as2333
so do you know how paul syverson is?
-
moneromooo
Well, usually.
-
as2333
who
-
M7918070_[m]
US military cryptographer?
-
M7918070_[m]
What about him?
-
as2333
"All low-latency systems as currently designed and deployed are essentially broken against The Man, but often much weaker adversaries are adequate."
-
as2333
-
as2333
that's syverson, the boss of the US navy tor mafia
-
as2333
but I guess you're right - he is indeed a member of the 'intelligence' services
-
M7918070_[m]
Are you claiming they undermined it or some such?
-
as2333
....the member of the 'intelligence' services responsible for to.
-
as2333
for tor*
-
as2333
M7918070_[m], are you retarded or what.
-
M7918070_[m]
His paper uses a queer definition of "The Man", I'd say. 2/3 nodes compromised is I believe worse than Tor's threat model, no?
-
as2333
M7918070_[m], I made the 'same' claims that tor's authors make.
-
M7918070_[m]
That it's not secure against a global passive adversary, and that if you control guard and exit, in some cases you can unmask people?
-
as2333
M7918070_[m], so you're a fucking idiot and keep believing whatever you want to believe even when tor designers themselves 'disagree' with you.
-
M7918070_[m]
Rude.
-
as2333
yeah - have fun
-
M7918070_[m]
Sure, it isn't safe if we are just shuffling traffic around different NSA nodes. But if we are dealing with an adversary which controls say 51% of the nodes, then how screwed are we?
-
as2333
if an adversary control 51% you're fucked half of the time
-
as2333
controls*
-
M7918070_[m]
Are you sure? If you take a version of Tor with these 2 trivial changes:
-
as2333
but that's just one kind of attack - passive attacks don't require any node
-
M7918070_[m]
1. a circuit is capped at 100 kbit from both sides - if you send less you get kicked off, if you send more you get rate limited
-
M7918070_[m]
2. Circuits can be arbitrarily long
-
as2333
and don't require a 'global' adversary either. AND the US govt and accomplice IS such global adversary anyway.
-
as2333
accomplices*
-
M7918070_[m]
Then say I create a circuit with 6 nodes. Then isn't the probability of it being 100% compromised just 1 in 64?
-
M7918070_[m]
0.5^6 = 2^-6 = 64
-
M7918070_[m]
What passive attacks can you do as a non-global adversary?
-
as2333
yes, using constant rate streams would be a great idea - except tor doesn't do that, 'by design'
-
as2333
same as global one - you correlate traffic in and out of the network
-
M7918070_[m]
You can still do it as a user. If enough users do it, you're good.
-
M7918070_[m]
If some semi-large actor would band together, you would have what in game theory is called a "schelling point"
-
as2333
yes, that's how a anonymity network SHOULD work, using negotiated padding. But tor doesn't do that - at all.
-
M7918070_[m]
An unspoken gentleman's agreement of sorts, to form an anonymity network within the network.
-
M7918070_[m]
I can still do it, no? If I connect to a website and send a constant 50 kbit stream, no more no less, then isn't that good enough?
-
M7918070_[m]
(Assuming others do too)
-
as2333
yes that can work
-
M7918070_[m]
Couldn't Monero do this then?
-
as2333
and interestingly enough tor designers have opposed that sort of thing since forever because it requires more bandwith
-
as2333
or that's their excuse...
-
M7918070_[m]
well yeah, they're constrained by it
-
M7918070_[m]
-
as2333
those are patches that try to be 'efficient'
-
M7918070_[m]
-
as2333
then it turns out that more clever analysis show they don't work
-
M7918070_[m]
well yes, that's how this works
-
as2333
by the way, notice that ticket proves exactly wht I said
-
M7918070_[m]
if you have infinite bandwidth then it's easy
-
as2333
what
-
M7918070_[m]
just send infinite traffic to everyone and you're good
-
as2333
you don't need infinite
-
as2333
"Opened 7 years ago'
-
as2333
meaning, 7 years ago they acknowledge that tor is vulnerable to local adversaries
-
M7918070_[m]
obviously, you do not have infinite resources, so this isn't possible. If you want to make something which is usable, bandwidth is your limiting fator
-
as2333
and they only kinda fixed it a year ago
-
as2333
again you don't need infinite bandwith at all
-
as2333
you just gave a sensible example a few minutes ago
-
as2333
and you can have different rates, as long as you don't change them too fast
-
M7918070_[m]
Sure, but browsing happens in bursts. Tor is a bit different from all the other netwroks
-
M7918070_[m]
insofar as it was designed to be usable on the clearnet
-
as2333
true, so you better don't visit garbage sites with 10mb images and the like
-
M7918070_[m]
(Hidden services were an afterthought)
-
M7918070_[m]
Unfortunately, this makes most activity impossible.
-
as2333
.....
-
M7918070_[m]
in an ideal world, sure
-
as2333
ok so you can have privacy or 'convenience'
-
as2333
or however you spell it
-
M7918070_[m]
no, not at all. The whole point of Tor was to obtain a large anonymity set. You don't get this if you can only talk to other users.
-
M7918070_[m]
(See: I2P, which is not useful for anything really and thus not secure either)
-
as2333
.....
-
as2333
i2p is not useful says who?
-
M7918070_[m]
If you do want to engage in dissident speech, Tor is your best bet.
-
as2333
an 'intelligence' agent maybe? =)
-
M7918070_[m]
I do. The anonymity set is too small
-
manifest
is i2p not secure because it has little users or something else
-
M7918070_[m]
The intelligences don't have much to gain from praising Tor.
-
as2333
dissident speech? you mean an US cocksucker in places the US wants to invade?
-
M7918070_[m]
They're orthogonal to it. US gains much more from Tor than say China
-
as2333
right
-
M7918070_[m]
freenode_manifest: too few users yes
-
as2333
that's why tor sucks, except as a tool for US imperialism
-
M7918070_[m]
no other issues afaik
-
as2333
by the way, 'tor stinks' is correct - it stinks from the point of view of users
-
M7918070_[m]
Say USA & the west is 80/100 on an internet freedom scale, with china at 15/100. Say Tor makes it go up by 3 points.
-
M7918070_[m]
US has gained 83/80 = 3,8% freedom, China has gained 20% freedom.
-
as2333
the west is 8/10? haha
-
as2333
who's the 'intelligence' agent again?
-
M7918070_[m]
Even if this 3.8% is regrettable from their PoV, they would have to be shockingly stupid to shoot themselves in the foot
-
hv-bridge
<zera> hey i need help setting this up
-
as2333
ok enough of your bullshit
-
M7918070_[m]
make up your own numbers, the point still stands.
-
as2333
why would a bunch of pentagon scumbags like syverson and accomplices care about china exactly?
-
M7918070_[m]
what country is the Pentagon located in?
-
as2333
you think those people are...US military altruists...?
-
moneromooo
Setting what up exactly ? Try a more precise question.
-
M7918070_[m]
No, they act on behalf of US military interests.
-
M7918070_[m]
Geopolitical power is a zero sum game. If they weaken China or Russia or whoever, that's a net gain for them, and vice versa.
-
as2333
"The intelligences don't have much to gain from praising Tor" of course they do - tor is a honeypot - if you dont believe me ask ullbricht
-
as2333
tor is 'controlled opposition'
-
M7918070_[m]
yeah but it doesn't make any sense. Why would they ever want to do it that way?
-
as2333
what doesn't make sense?
-
M7918070_[m]
We can point to instances when the US military interests have seen a concrete gain from Tor
-
M7918070_[m]
Arab Spring for instance.
-
as2333
tor can be broken by the 'global adversar' i.e. the US govt but not by their targets.
-
M7918070_[m]
It doesn't seem far-fetched to think that's why they did it.
-
as2333
right the so called arab spring were a bunch of coups supporeted by the pentagon
-
as2333
and you can see tor employees directly involved there. appelbau,
-
M7918070_[m]
US government isn't a global adversary in this sense, I believe. US just has such direct control over themselves and five eyes.
-
M7918070_[m]
right
-
as2333
which means they have access to a huge % of the network
-
as2333
in part because the interweb isn't as decentralized as ppl usually believe
-
as2333
they discuss this stuff in some of the papers I linked =)
-
as2333
for completness sake
-
as2333
-
M7918070_[m]
yeah, and a global passive adversary is not a design goal here
-
as2333
....
-
as2333
uhhh
-
M7918070_[m]
Yeah I agree with you here - Arab Spring is a very real use case.
-
M7918070_[m]
[protecting against] global passive adversary isn't.
-
M7918070_[m]
But that they at the ssame time would shoot themselves in the foot like this makes zero sense.
-
M7918070_[m]
Consider the counter-example.
-
as2333
shoot themselves in the foot how?
-
M7918070_[m]
Russia can't monitor Tor, yes?
-
M7918070_[m]
But supposedly, the Americans can, since they control a lot of the nodes.
-
as2333
They can inside of russia and prolly elsewhere.
-
as2333
What kind of taps do you think the russians have on fiber links?
-
M7918070_[m]
Why don't the Russians then go ahead and ruin it for everyone, and start running Tor ndodes like crazy?
-
M7918070_[m]
pretty good ones but not global
-
as2333
not sure what you mean by 'the american control a lot of the nodes'
-
as2333
americans*
-
M7918070_[m]
It would ruin the Americans' ability to surveil Americans, thus destabilizing the USA
-
M7918070_[m]
You're the one claiming the intelligences run a large chunk of them
-
as2333
....
-
M7918070_[m]
at almost no cost to them
-
as2333
where did I do that, exactly?
-
M7918070_[m]
Why don't we see hordes of Russian Tor nodes?
-
as2333
I never made that claim. You must have misunderstood something I said
-
M7918070_[m]
You quoted the Syverson paper, whose attacker controls a lot of nodes.
-
as2333
?
-
M7918070_[m]
arguing it's tjut not secure
-
as2333
I quoted syverson admiting that 'low latency systems' (which obv includes tor) are broken
-
as2333
they are broken by traffic analyisis to be more precise.
-
M7918070_[m]
in the context of an adversary who runs nodes
-
as2333
no
-
as2333
I didn't specify the attack
-
M7918070_[m]
he did tho
-
as2333
LMAO
-
as2333
did you read the paper?
-
M7918070_[m]
The Man is a specific modelled threat
-
as2333
"the man" means the government
-
as2333
and wait, it's not just 'the man'
-
as2333
"The Man, BUT OFTEM much WEAKER adversaries are adequate"
-
as2333
often*
-
M7918070_[m]
"The Man owns big chunks of the anonymity infrastructure, either because he simply set them up himself, or because they are not hardened against takeover, He can also get access to ISPs, backbones, and websites"
-
as2333
yes that DOESN"T mean tor nodes
-
as2333
it means the ISPs and backbones
-
M7918070_[m]
"big chunks of the anonymity infrastructure"
-
as2333
" He can also get access to ISPs, backbone"
-
M7918070_[m]
there are two discrete claims here
-
as2333
so anyway do you have a concrete point to make or?
-
M7918070_[m]
The Man is a specific threat model still. "Think organized crime, state level actors (intelligence, secret police), etc.The Man subsumes the other adversaries we might consider"
-
as2333
yes, again
-
as2333
tor doesn't work against
-
as2333
government
-
M7918070_[m]
Yes. It's an inaccurate reading, that he says the intelligences already control it.
-
as2333
organized crime
-
as2333
AND MUCH WEAKER ADVERSARIES
-
as2333
I don't know how much worse it can't get...
-
M7918070_[m]
"often"
-
as2333
so what is your point again? Are you denying that the very boss of the tor mafia explicity admits that tor is broken against all sorts of adversaries?
-
as2333
there's a pretty straightforward claim "broken against 'the man' AND weaker adversaries'
-
M7918070_[m]
He doesn't say that. He says that some low-latency networks, such as proxies, are horribly broken. He doesn't sayTor is broken.
-
M7918070_[m]
Which isn't for all low-lat networks
-
as2333
then you went to look up the defintion of the 'man' and it's governmetn AND others.
-
as2333
dude you didn't read the paper
-
as2333
and you fail at logic 101
-
as2333
1) tor is a low latency system
-
as2333
2) all low latency systems are broken
-
as2333
3) tor is broken
-
as2333
and at this point I should have stop wasting time here
-
as2333
-have
-
M7918070_[m]
2) all low-latency systems _as currently designed and deployed_ are _essentially_ broken
-
M7918070_[m]
It's a moot point anyway. Or else, why did the NSA write, "• With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand. "?
-
as2333
who says that 'document' is authentic or complete?
-
as2333
or even not outdated
-
M7918070_[m]
Snowden
-
as2333
are you aware that the snowden leaks were a bad joke that didn't actually cause any harm to gchq-nsa and friends?
-
M7918070_[m]
What are you saying he could have done otherwise?
-
M7918070_[m]
He leaked the stuff, people went 'OK' and went on with their life. How is he to blame for this?
-
as2333
for starters he should have made the stuff he got public instead of giving it to a bunch of piece of shit journos
-
as2333
I didn't say he is to blame.
-
as2333
I'm just saying his leaks weren't that threatening to the government
-
M7918070_[m]
it wouldn't have changed anything. But I think we can agree they are accurate
-
as2333
no
-
as2333
the tor document is obvious bullshit
-
M7918070_[m]
crackpot theories about global passive adversaries do you no good, and for Monero it is eminently suitable
-
as2333
crackpot theories/
-
as2333
ok - you are an 'intelligence' assett
-
M7918070_[m]
Then how did he leak it? Did he make it up?
-
as2333
pimping the tor honeypot
-
M7918070_[m]
For Monero, the attacks are, I believe, impossible.
-
as2333
are you aware of this?
-
as2333
-
M7918070_[m]
all the data is the same, other than who you are (not sent out), your txns (tiny), and your starting height
-
M7918070_[m]
Yes.
-
as2333
so do you undersand that it was known since 2006 or earlier that the NSA tapped all backbones?
-
as2333
you think they do that for fun?
-
as2333
and what exactly did snowden add here?
-
M7918070_[m]
No, they did it for other reasons.
-
M7918070_[m]
Flavour?
-
as2333
hehe
-
as2333
snowden flavour(TM)
-
nioc
wow what scrollback
-
nioc
maybe pm would be better
-
as2333
seem kinda relevant if you use tor...
-
as2333
seems*
-
nioc
yeah but after an hour I think the points are covered maybe
-
nioc
could be wrong
-
M7918070_[m]
In fairness, there has been a lot of discussion about Kovri no?
-
M7918070_[m]
yeah but the points are covered now
-
kiwi_46
Hello there
-
kiwi_46
Anyone watching xmr/btc chart?
-
manifest
i opened it, whats going on
