01:10:47 Are there any native GUI Monero clients? 01:14:49 M7918070_[m]: native as in? 01:14:55 Yes. monero-wallet-gui is the one made by the monero team. There are a few others, typically for specific platforms, like cakewallet and monerujo. 01:16:08 Whatever you do, don't use freewallet, it's widely thought to be a selective scam wallet. 01:39:00 selsta, moneromooo: Native as in not web. 01:39:24 moonero-wallet-gui isn't native, since it draws its own everything and uses a lot of resources doing so. 01:40:46 For example, Electrum has a native GUI: https://i1.wp.com/www.markdigital.com/wp-content/uploads/2016/12/Bitcoin_Electrum_receive.png 01:43:18 monero-wallet-gui is not a webwallet. 01:43:55 No, but it uses a browser layout engine 01:44:01 no 01:44:12 you might be mixing it up with electron 01:44:32 Oh, monero-wallet-gui doesn't use Electron? 01:44:42 no 01:44:48 it uses Qt/QML 01:45:26 Also it does not use any noticeable amount of resources. 01:45:28 ah, that's a surprise 01:45:32 Are you using a VM? 01:45:34 But QML isn't native is it? 01:45:49 It uses 400 MB of RAM. Or is that the Monero node? 01:46:10 Which process does ? monerod is the node. monero-wallet-gui is the wallet. 01:46:27 monero-wallet-gui uses some javascript though so I bet it sucks a bit of RAM ^_^ 01:46:37 (Cheap shot) 01:47:10 QML is also used on embedded systems :D 01:47:20 How can it use Javascript if it isn't a web application? 01:47:32 I was kinda waiting for that one. 01:48:14 It causes my machine to become noticeably less responsive. top shows monero-wallet-gui 01:48:32 Are you using a VM? 01:48:32 Probably because it's busy sucking some javascript off the web to run. 01:48:46 No, why? 01:49:31 Anyway, it uses opengl, which can be quite slow if it's not accelerated. There's an env var to use some fallback that's faster on software, selsta probably knows the actual name... 01:49:58 Why does it use OpenGL?! 01:50:15 About js, moenro-wallet-gui runs its own js, not js from the web. 01:50:35 start it with QMLSCENE_DEVICE=softwarecontext 01:50:38 Not sure tbh. Probably because it's well supported and fast nowadays. 01:50:39 Yeah that's not the part I'm concerned about 01:50:44 But from a performance perspective, JS is slow as hell 01:50:58 Not when you have openGL next to it! 01:51:00 It's not just a QoL issue, because it has another problem too. 01:51:16 I barely uses JS. 01:51:24 The JS is mostly glue fwiw, it's not.. yes, that. 01:51:36 If you force kill it (e.g. via OOM killer), it loses your balance and you have to delete the sync file to start over 01:51:37 yeah but I mean why is it using either of these things 01:51:42 OpenGL is uses for video games to draw photorealistic landscapes and such 01:51:59 Right. That's step 2. Find your monero by killing baddies in a game. 01:52:03 Monero-gui is some text and a bunch of checkboxes, input fields, etc 01:52:21 opengl can be used for various things 01:52:35 also if you want to ask, is it using win32 API? no 01:52:53 selsta: thanks will try 01:52:59 Nowadays it's used for GUIs. Modern hw is pretty damn good at fillrate. 01:53:18 yeah win32 API, that's the word. Are there any Monero GUIs which use Win32 API or similar for GUI? 01:53:33 ew. 01:53:36 Maybe. 01:53:42 well sure but everyone doesn't have 'modern hardware', and it's annoying when you lose your balance 01:53:57 M7918070_[m]: Electrum is also using Qt by the way. 01:54:09 Same as monero-wallet-gui 01:54:22 Electrum looks a bit boring, sure. But it does the job. More importantly, it does not suffer from issues related to drawing text on the screen. 01:55:18 Drawing text on screen? 01:55:35 Well, it clearly doesn't use it as heavily then - it only uses 100MB of RAM and doesn't cause trouble. 01:55:39 I don't remember slowness when I used the gui, and I have a not super new laptop on a vm and no proprietary drivers. So it can probably be solved for you unless you're on 6502 or something. 01:55:59 That's what it does, no? It does some backend processing, and then displays some text on the screen 01:56:03 JS is prolly more bloatware than opengl 01:56:04 your balance and whatnot 01:56:40 My point is, this should not be a problem. If you need any kind of hardware for the GUI to work, something is _terribly_ broken. 01:56:40 Did you try the QMLSCENE_DEVICE=softwarecontext thing anyway ? That might just fix it. 01:56:52 This was a solvd problem in the 1990s already 01:57:06 one sec 01:57:45 Like I said, QML is used in embedded devices. It’s not the problem. 01:57:45 It uses less RAM and feels slightly snapper 01:57:51 by about 15MB 01:58:00 Then what is? 01:58:05 What kind of hardware do you have? 01:58:13 Is monerod syncing in the background? 01:58:47 Are you implying my syncing code is slow ? :D 01:58:57 (you can, it is) 01:59:01 No, but resource intensive :D 01:59:14 Low-end laptop, integrated graphics 01:59:39 Are you using a Chromebook? 01:59:41 Uh, I'm using the thin client mode. I can't get it to sync easily 02:00:04 no, just a low-end laptop 02:01:01 probably about the same specs though. 4GB of RAM, i5-6200U 2,2GHz 02:01:34 I remember someone having problems with a Chromebook. 02:01:39 Oh, that should run well on that, I ran it on that at some point. 02:01:49 (well, close to that) 02:02:12 And I did not even need the env var thing IIRC. 02:02:38 it was more responsive with it 02:02:49 the only people needing the env var are usually people in a VM without any graphics drivers 02:03:13 I have graphics drivers 02:03:13 Admittedly I didn't run it for like two years so maybe the renderer's changed. 02:03:35 nothing changed with the renderer 02:03:51 But is there no wallet which just uses normal drawing? Like wxWidgets or w/e? 02:04:39 QML uses C++ with opengl to display. It shouldn’t be a problem on your hardware. 02:04:52 Oh you weren't kidding about 1990. I've not used wxwidgets since... ages ago. 02:05:34 wxWidgets is nice, it's just a layer over the standard APIs 02:05:41 no need to reinvent the wheel 02:06:15 Said the dude who had invented the square wheel :P 02:06:32 People wanted a custom design GUI so we used QML. 02:06:34 yeah but it's the opposite scenario 02:06:45 electron/javascript/whatever bloatware - fast to develop, painful to use 02:06:57 win32/wxwidgets/native - painful to develop, nice to use 02:07:03 but like I said, your hardware should be plenty to display it without issues 02:07:26 Is there a way to check which of the GUI and monerod is using my RAM? 02:07:34 top 02:07:40 Because it ties into another issue, which is that monero is a juicy target for the OOM killer 02:07:44 It just displays it as one 02:10:57 It uses 320MB RAM on my system. 02:11:01 Are they running as one process? 02:11:12 400MB here, although it's during sync 02:11:30 monerod is a separate process. If it doesn't show up, it's eithre nor running or your OS (or top) is drunk. 02:11:37 Or you I guess ^_^ 02:11:39 because the issue is this, since it uses so much memory, it becomes a juicy target for the oom killer 02:11:49 Ah no I am using a remote server, so of course no monerod. 02:11:53 So that explains it. 02:12:07 Or does it go gui <-> local monerod <-> remote monerod? 02:12:17 Wallet scan can also be resource intensive. 02:12:28 It does that if you tell it to (bootstrap mode). 02:12:36 yeah, and that I'm fine with 02:12:37 That's the safe option. 02:12:38 but the thing is 02:12:40 if it gets killed 02:12:48 then it has to scan again 02:13:19 If you close the GUI a few times correctly, it can save the current progress. 02:13:28 Also, what's the risks with remote nodes? The GUI says "Less secure", and there's a "Trusted node" checkbox 02:13:30 alas no 02:13:34 this is what happened: 02:13:38 1. I scan, it works well 02:13:45 2. I close and open it in the normal course of events 02:13:54 3. It gets killed by OOM-killer. Balance is zero. 02:14:45 Getting killed does not make the balance go zero unless you are deleting the wallet cache. 02:15:11 with kill -9 it does. Or whatever OOM killer uses. 02:15:45 Blindly trusting a stranger's node can cause: 02:15:54 - they can DoS you obviously 02:15:59 - they can feed you fake blocks 02:16:16 - if they know one of your addresses, they can send you "fake" monero 02:16:24 - they can censor your transactions 02:16:44 - the whole RPC becomes part of the attack surface, not just P2P comms 02:17:07 Could you expand on 2 and 3? It seems like 1 and 4 are trivially solvable with Tor. 02:17:07 - you abdicate your decision power to that stranger 02:17:17 Do you start at 0 or 1 ? 02:17:28 I thought I was just asking them for blocks and filtering myself. If that's the case, then how can they mess with them? 02:17:31 start at 1 02:17:34 fake blocks and fake monero 02:18:03 They send you blocks, but they can be fake blocks not from the actual chain. 02:18:18 As in, not the longest chain? 02:18:25 So they can make a tx sending you monero, but since it;s not the chain, you think yo ugot some monero, but it's never actually sent. 02:18:28 Right. 02:18:35 Or even invalid for that matter. 02:18:35 so double-spending? 02:18:42 right, so they can't create XMR out of thin air 02:18:42 Could do too. 02:18:57 How can they send invalid blocks though? 02:19:06 They can't, but they can make your wallet see monero that doesn't exist. 02:19:10 The security model I'm familiar with is Bitcoin's. There, as long as you have one honest peer, you're fine. 02:19:19 Same here. 02:19:22 That doesn't exist or that they don't hold on the real chain? 02:19:46 Perhaps a stupid question, but how come I can only connect to one node in Monero guI then? 02:19:49 Wait, let me double check I'm getting your situation right here: 02:20:02 Oh. I thnk you're misunderstanding something here: 02:20:29 You're not running a node apparently. So the wallet is acting like an electrum style thing, except it verifies less and works more. 02:20:41 If you run your node like your should, then the risk above are gone. 02:20:57 If you run your node, then one honest peer and you're good, same as bitcoin. 02:21:03 If we assume that Bob holds literally all Monero in existence, controls 100% of hash rate, and is honest. Then, can Mallory, who runs a node, fake-send me say 10000 XMR? 02:21:10 Well yeah but that holds for electrum too 02:21:28 I ask 10 nodes "hey do you have some transactions for this address" and they either say "yes, here you go" or "no" 02:21:35 If your node is connected to Bob, then no, she cannot. 02:21:38 they can falsely say "no", but if they say "yes" I can verify it. 02:21:41 no 02:21:46 if I am just ocnnected to mallory 02:21:48 as a thin node 02:22:17 Then it becomes more complicated. If you're running a node, she can't. 02:22:24 *unless* 02:22:44 she mines on her own low hash rate fork, sending you stuff, and you'll accept it since you're not seeing anything else. 02:22:51 But when you do find the longest chain agian, they'll go poof. 02:23:11 Bob has 100% of hashrate, so she can't do that. 02:23:15 That'll only work in practice if she starts off a very old block where the network hash rate was low. Doing so now is impractical. 02:23:26 Well, you said you're not seeing Bob. 02:23:28 In this example, we assume literally 100%, not 99.99%. 02:23:32 Yeah 02:23:38 she can not compute any block hashing work, say 02:24:01 Ah, then if you're running a node, and it she cannot mine anything, then she cannot send you fake monero. 02:24:01 Because it seems like Monero thin client would be reasonably if it just connected to multiple remote nodes 02:24:05 or am I missing smoething? 02:24:26 no, I am not running a node in this scenario, I am running a thin client with the Monero GUI. I do not have the "trust" box checked. 02:24:41 No, it is a reasonable thing, just not done yet, and I'm not particularly interested in making it easier for people to not run their own node so it's low priority. 02:24:44 I'm using a thin client, she has no mining hashrate. What can she do to me? 02:24:59 Isn't TAILS adoption a good use-case? 02:27:49 And if that is done, what level of security will it have? 02:28:15 DoS is still there. They can't give me fake blocks (?). They can't censor my transactions. 02:28:33 If you're not running a node and are connecting to some third party's node, then the above list stands. 02:28:45 Is the 'fake' monero just a regular double-spend? Is Monero more trusting of remote nodes than say Bitcoin's Electrum? 02:28:57 Yes. Run your own node. 02:29:08 Yes to the trust question. 02:29:25 People starting using stranger's nodes, but ffs, it's not MEANT to. 02:29:48 Would you use a stranger's dildo ? Most people would not. Use your own. 02:29:58 Well you have to do something. Say you want to engage in online commerce while keeping your privacy safe. Then you use TAILS, right? 02:30:34 And with TAILS, there is just no way to run a full node. It's complete madness. Each time you want to engage in transactions, you have to download 60GB? And store it in RAM? 02:30:35 I'm not very interested in that conversation. Maybe someone else is. I'll keep to the node one. 02:30:48 OK far enough 02:30:53 fair* 02:31:31 "If you're not running a node ... then the above list stands" - even if I'm connected to several, if we assume such a thing were possible? 02:31:46 But yes, you can't dl 60 GB every time. Use a persistent volume, or whonix, or other. 02:32:38 If you were connected to several, if monero-wallet-{cli,gui} did support that, then the same would apply, just with a lot less likelihood (basically same reasoning as being eclipsed if you use your node). 02:33:09 "Yes to the trust question." - how does it trust them more? If we compare say Electrum to Monero GUI thin client. What can go wrong in Monero while not in Bitcoin? 02:33:28 So it's not more dangerous than using your own node, just antisocial? 02:33:48 I'm not familiar with Bitcoin, but my understanding is that electrum does checks. Monero wallet does not, becaiuse you're meant to connect to your trusted node, and the node does the verification. 02:34:08 So what does the checkbox do? 02:34:22 "Mark as Trusted Daemon" 02:35:11 That changes what the wallet sends the daemon. More efficient comms vs some info disclosure about owned outputs. If it's your own daemon and no MITM you don't care. 02:35:13 Electrum does checks, yes. If you have at least one honest node, nothing can go wrong as I understand it. 02:35:24 yeah ofc 02:35:40 But in theory, could Monero be as safe for thin client use as Electrum? 02:35:48 obv a bit less comfortable since it still has to scan, but w/e 02:36:16 I'm not familiar enough with Bitcoin to tell. I would say it's possible as a first approximation because I don't see any reason why it could not offhnad. 02:36:38 But that's not based on strong factual knowledge. 02:37:45 M7918070_[m], what do you think you gain by tails not remembering anything? 02:38:20 also you're assuming tor works? 02:39:35 Forensics, but also ease of setup. I can make a TAILS USB and go. 02:40:02 If the process is instead "make a TAILS external hard drive and leave it to sync overnight" the UX is somewhat degraded 02:40:25 and I can't as easily get rid of the HDD either 02:40:57 Tor works, no? It's not secure against a global adversary, but that isn't a design goal. 02:41:21 "Tor stinks... but it could be worse" 02:41:24 so who's going to raid you...? 02:41:53 tor isn't secure against 'local adversaries' , AS level adversaries, et cetera 02:42:58 I am doing nothing illegal, nobody is going to raid me. I am just looking out for my privacy. 02:43:02 https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering 02:43:24 M7918070_[m], so what's the point of tails allegedly being 'amnesic' 02:43:42 you'd be obviously better off having a copy of the chain 02:44:00 Sure, but it makes everything more cumbersome. 02:44:10 The whole point with TAILS is that it's read-only 02:44:47 How is Tor not secure against a local adversary? 02:45:05 so you're using it and didn't do your homework? 02:46:18 I did. How is it not secure? 02:46:44 you obviously didn't 02:46:46 https://www.freehaven.net/anonbib/ 02:46:57 take a look at articles discussign website fingerpriting 02:47:11 No, the burden of proof lies on you. You can't just make a claim and back it up by posting to a respository of papers. 02:47:20 ok 02:47:28 By website fingerprinting, do you mean biometrics? 02:47:29 you're a fucking idiot 02:47:34 nah 02:47:37 Or mundane stuff like browser configuration 02:48:01 Rude. It doesn't seem like either of these are applicable to Monero 02:48:29 My thesis is this: Tor works, which is why the intelligence services spread FUD against it. 02:48:42 (That and to lull people into a sense of complacency, but I digres) 02:49:01 It's certainly better than nothing. 02:49:13 so do you know how paul syverson is? 02:49:16 Well, usually. 02:49:16 who 02:50:08 US military cryptographer? 02:50:10 What about him? 02:51:09 "All low-latency systems as currently designed and deployed are essentially broken against The Man, but often much weaker adversaries are adequate." 02:51:19 https://www.freehaven.net/anonbib/cache/entropist.pdf 02:51:30 that's syverson, the boss of the US navy tor mafia 02:51:48 but I guess you're right - he is indeed a member of the 'intelligence' services 02:53:18 Are you claiming they undermined it or some such? 02:53:26 ....the member of the 'intelligence' services responsible for to. 02:53:38 for tor* 02:53:53 M7918070_[m], are you retarded or what. 02:54:01 His paper uses a queer definition of "The Man", I'd say. 2/3 nodes compromised is I believe worse than Tor's threat model, no? 02:54:11 M7918070_[m], I made the 'same' claims that tor's authors make. 02:54:45 That it's not secure against a global passive adversary, and that if you control guard and exit, in some cases you can unmask people? 02:54:51 M7918070_[m], so you're a fucking idiot and keep believing whatever you want to believe even when tor designers themselves 'disagree' with you. 02:55:07 Rude. 02:55:22 yeah - have fun 02:56:13 Sure, it isn't safe if we are just shuffling traffic around different NSA nodes. But if we are dealing with an adversary which controls say 51% of the nodes, then how screwed are we? 02:59:11 if an adversary control 51% you're fucked half of the time 02:59:26 controls* 02:59:53 Are you sure? If you take a version of Tor with these 2 trivial changes: 02:59:56 but that's just one kind of attack - passive attacks don't require any node 03:00:15 1. a circuit is capped at 100 kbit from both sides - if you send less you get kicked off, if you send more you get rate limited 03:00:20 2. Circuits can be arbitrarily long 03:00:22 and don't require a 'global' adversary either. AND the US govt and accomplice IS such global adversary anyway. 03:00:41 accomplices* 03:00:49 Then say I create a circuit with 6 nodes. Then isn't the probability of it being 100% compromised just 1 in 64? 03:01:05 0.5^6 = 2^-6 = 64 03:01:18 What passive attacks can you do as a non-global adversary? 03:01:28 yes, using constant rate streams would be a great idea - except tor doesn't do that, 'by design' 03:01:52 same as global one - you correlate traffic in and out of the network 03:01:59 You can still do it as a user. If enough users do it, you're good. 03:02:18 If some semi-large actor would band together, you would have what in game theory is called a "schelling point" 03:02:29 yes, that's how a anonymity network SHOULD work, using negotiated padding. But tor doesn't do that - at all. 03:02:37 An unspoken gentleman's agreement of sorts, to form an anonymity network within the network. 03:02:58 I can still do it, no? If I connect to a website and send a constant 50 kbit stream, no more no less, then isn't that good enough? 03:03:05 (Assuming others do too) 03:03:24 yes that can work 03:04:31 Couldn't Monero do this then? 03:04:41 and interestingly enough tor designers have opposed that sort of thing since forever because it requires more bandwith 03:04:54 or that's their excuse... 03:04:54 well yeah, they're constrained by it 03:05:03 I don't think so: https://trac.torproject.org/projects/tor/ticket/7028 03:06:12 those are patches that try to be 'efficient' 03:06:18 https://pdfs.semanticscholar.org/0f54/4d0845cb9f317722759dc49e1493ef30d83d.pdf here's the paper 03:06:27 then it turns out that more clever analysis show they don't work 03:06:46 well yes, that's how this works 03:06:49 by the way, notice that ticket proves exactly wht I said 03:06:52 if you have infinite bandwidth then it's easy 03:06:52 what 03:07:07 just send infinite traffic to everyone and you're good 03:07:21 you don't need infinite 03:07:23 "Opened 7 years ago' 03:08:00 meaning, 7 years ago they acknowledge that tor is vulnerable to local adversaries 03:08:04 obviously, you do not have infinite resources, so this isn't possible. If you want to make something which is usable, bandwidth is your limiting fator 03:08:09 and they only kinda fixed it a year ago 03:08:34 again you don't need infinite bandwith at all 03:08:45 you just gave a sensible example a few minutes ago 03:09:12 and you can have different rates, as long as you don't change them too fast 03:09:40 Sure, but browsing happens in bursts. Tor is a bit different from all the other netwroks 03:09:58 insofar as it was designed to be usable on the clearnet 03:10:06 true, so you better don't visit garbage sites with 10mb images and the like 03:10:08 (Hidden services were an afterthought) 03:10:33 Unfortunately, this makes most activity impossible. 03:10:38 ..... 03:10:43 in an ideal world, sure 03:10:48 ok so you can have privacy or 'convenience' 03:11:14 or however you spell it 03:11:16 no, not at all. The whole point of Tor was to obtain a large anonymity set. You don't get this if you can only talk to other users. 03:11:35 (See: I2P, which is not useful for anything really and thus not secure either) 03:11:41 ..... 03:11:47 i2p is not useful says who? 03:11:52 If you do want to engage in dissident speech, Tor is your best bet. 03:11:59 an 'intelligence' agent maybe? =) 03:12:06 I do. The anonymity set is too small 03:12:20 is i2p not secure because it has little users or something else 03:12:21 The intelligences don't have much to gain from praising Tor. 03:12:23 dissident speech? you mean an US cocksucker in places the US wants to invade? 03:12:44 They're orthogonal to it. US gains much more from Tor than say China 03:12:56 right 03:13:05 freenode_manifest: too few users yes 03:13:08 that's why tor sucks, except as a tool for US imperialism 03:13:10 no other issues afaik 03:13:38 by the way, 'tor stinks' is correct - it stinks from the point of view of users 03:14:07 Say USA & the west is 80/100 on an internet freedom scale, with china at 15/100. Say Tor makes it go up by 3 points. 03:14:32 US has gained 83/80 = 3,8% freedom, China has gained 20% freedom. 03:14:51 the west is 8/10? haha 03:14:57 who's the 'intelligence' agent again? 03:15:12 Even if this 3.8% is regrettable from their PoV, they would have to be shockingly stupid to shoot themselves in the foot 03:15:24 hey i need help setting this up 03:15:25 ok enough of your bullshit 03:15:46 make up your own numbers, the point still stands. 03:16:28 why would a bunch of pentagon scumbags like syverson and accomplices care about china exactly? 03:16:50 what country is the Pentagon located in? 03:16:52 you think those people are...US military altruists...? 03:16:55 Setting what up exactly ? Try a more precise question. 03:17:27 No, they act on behalf of US military interests. 03:17:48 Geopolitical power is a zero sum game. If they weaken China or Russia or whoever, that's a net gain for them, and vice versa. 03:18:22 "The intelligences don't have much to gain from praising Tor" of course they do - tor is a honeypot - if you dont believe me ask ullbricht 03:18:35 tor is 'controlled opposition' 03:18:48 yeah but it doesn't make any sense. Why would they ever want to do it that way? 03:18:59 what doesn't make sense? 03:19:07 We can point to instances when the US military interests have seen a concrete gain from Tor 03:19:19 Arab Spring for instance. 03:19:21 tor can be broken by the 'global adversar' i.e. the US govt but not by their targets. 03:19:52 It doesn't seem far-fetched to think that's why they did it. 03:19:56 right the so called arab spring were a bunch of coups supporeted by the pentagon 03:20:18 and you can see tor employees directly involved there. appelbau, 03:20:26 US government isn't a global adversary in this sense, I believe. US just has such direct control over themselves and five eyes. 03:20:43 right 03:20:47 which means they have access to a huge % of the network 03:21:08 in part because the interweb isn't as decentralized as ppl usually believe 03:21:38 they discuss this stuff in some of the papers I linked =) 03:23:03 for completness sake 03:23:03 http://www.monitor.upeace.org/innerpg.cfm?id_article=816 03:23:06 yeah, and a global passive adversary is not a design goal here 03:23:34 .... 03:23:36 uhhh 03:23:53 Yeah I agree with you here - Arab Spring is a very real use case. 03:24:04 [protecting against] global passive adversary isn't. 03:24:29 But that they at the ssame time would shoot themselves in the foot like this makes zero sense. 03:24:40 Consider the counter-example. 03:24:47 shoot themselves in the foot how? 03:24:50 Russia can't monitor Tor, yes? 03:25:13 But supposedly, the Americans can, since they control a lot of the nodes. 03:25:14 They can inside of russia and prolly elsewhere. 03:25:35 What kind of taps do you think the russians have on fiber links? 03:25:45 Why don't the Russians then go ahead and ruin it for everyone, and start running Tor ndodes like crazy? 03:26:01 pretty good ones but not global 03:26:16 not sure what you mean by 'the american control a lot of the nodes' 03:26:22 americans* 03:26:25 It would ruin the Americans' ability to surveil Americans, thus destabilizing the USA 03:26:50 You're the one claiming the intelligences run a large chunk of them 03:26:56 .... 03:26:57 at almost no cost to them 03:27:03 where did I do that, exactly? 03:27:07 Why don't we see hordes of Russian Tor nodes? 03:27:26 I never made that claim. You must have misunderstood something I said 03:28:23 You quoted the Syverson paper, whose attacker controls a lot of nodes. 03:28:28 ? 03:28:36 arguing it's tjut not secure 03:28:51 I quoted syverson admiting that 'low latency systems' (which obv includes tor) are broken 03:29:05 they are broken by traffic analyisis to be more precise. 03:29:18 in the context of an adversary who runs nodes 03:29:21 no 03:29:44 I didn't specify the attack 03:29:52 he did tho 03:29:56 LMAO 03:30:00 did you read the paper? 03:30:01 The Man is a specific modelled threat 03:30:11 "the man" means the government 03:30:32 and wait, it's not just 'the man' 03:31:00 "The Man, BUT OFTEM much WEAKER adversaries are adequate" 03:31:08 often* 03:31:14 "The Man owns big chunks of the anonymity infrastructure, either because he simply set them up himself, or because they are not hardened against takeover, He can also get access to ISPs, backbones, and websites" 03:31:30 yes that DOESN"T mean tor nodes 03:31:48 it means the ISPs and backbones 03:31:50 "big chunks of the anonymity infrastructure" 03:32:04 " He can also get access to ISPs, backbone" 03:32:47 there are two discrete claims here 03:33:01 so anyway do you have a concrete point to make or? 03:33:29 The Man is a specific threat model still. "Think organized crime, state level actors (intelligence, secret police), etc.The Man subsumes the other adversaries we might consider" 03:33:43 yes, again 03:33:50 tor doesn't work against 03:33:52 government 03:33:55 Yes. It's an inaccurate reading, that he says the intelligences already control it. 03:33:57 organized crime 03:34:04 AND MUCH WEAKER ADVERSARIES 03:34:16 I don't know how much worse it can't get... 03:34:40 "often" 03:35:35 so what is your point again? Are you denying that the very boss of the tor mafia explicity admits that tor is broken against all sorts of adversaries? 03:36:13 there's a pretty straightforward claim "broken against 'the man' AND weaker adversaries' 03:36:15 He doesn't say that. He says that some low-latency networks, such as proxies, are horribly broken. He doesn't sayTor is broken. 03:36:28 Which isn't for all low-lat networks 03:36:38 then you went to look up the defintion of the 'man' and it's governmetn AND others. 03:36:52 dude you didn't read the paper 03:37:08 and you fail at logic 101 03:37:15 1) tor is a low latency system 03:37:24 2) all low latency systems are broken 03:37:28 3) tor is broken 03:37:37 and at this point I should have stop wasting time here 03:37:50 -have 03:39:11 2) all low-latency systems _as currently designed and deployed_ are _essentially_ broken 03:39:39 It's a moot point anyway. Or else, why did the NSA write, "• With manual analysis we can de-anonymize a very small fraction of Tor users, however, no success de-anonymizing a user in response to a TOPI request/on demand. "? 03:41:46 who says that 'document' is authentic or complete? 03:41:56 or even not outdated 03:42:41 Snowden 03:42:52 are you aware that the snowden leaks were a bad joke that didn't actually cause any harm to gchq-nsa and friends? 03:43:12 What are you saying he could have done otherwise? 03:43:48 He leaked the stuff, people went 'OK' and went on with their life. How is he to blame for this? 03:43:52 for starters he should have made the stuff he got public instead of giving it to a bunch of piece of shit journos 03:44:15 I didn't say he is to blame. 03:44:39 I'm just saying his leaks weren't that threatening to the government 03:45:14 it wouldn't have changed anything. But I think we can agree they are accurate 03:45:29 no 03:45:38 the tor document is obvious bullshit 03:45:51 crackpot theories about global passive adversaries do you no good, and for Monero it is eminently suitable 03:46:03 crackpot theories/ 03:46:18 ok - you are an 'intelligence' assett 03:46:19 Then how did he leak it? Did he make it up? 03:46:26 pimping the tor honeypot 03:46:35 For Monero, the attacks are, I believe, impossible. 03:46:43 are you aware of this? 03:46:43 https://en.wikipedia.org/wiki/Room_641A 03:47:15 all the data is the same, other than who you are (not sent out), your txns (tiny), and your starting height 03:47:19 Yes. 03:47:44 so do you undersand that it was known since 2006 or earlier that the NSA tapped all backbones? 03:47:57 you think they do that for fun? 03:48:18 and what exactly did snowden add here? 03:50:40 No, they did it for other reasons. 03:50:43 Flavour? 03:51:21 hehe 03:51:30 snowden flavour(TM) 03:52:33 wow what scrollback 03:52:36 maybe pm would be better 03:53:00 seem kinda relevant if you use tor... 03:53:11 seems* 03:54:33 yeah but after an hour I think the points are covered maybe 03:54:37 could be wrong 03:54:44 In fairness, there has been a lot of discussion about Kovri no? 03:54:58 yeah but the points are covered now 13:29:55 Hello there 13:30:24 Anyone watching xmr/btc chart? 13:30:50 i opened it, whats going on