• 목록
• 답변
• 글쓰기
• 게시판 리스트 옵션
  • 수정
  • 삭제

Contact me for suggestions or questions! I reply to everyone.

Avoiding "The Botnet" - inconceivable?

Introduction

People as of late fear an increasing number of usually about escaping what I'll call "The Botnet" in this text - just a "meme" approach of describing mass surveillance. Websites have been created describing spyware and options to it. Replacements for social companies, instant messaging, VoIP, and so on. already exist. You should utilize anonymizers like the TOR network or a VPN to cover from your ISP. There are ways to privately share information and host web sites as properly. But are all these effective - and extra importantly - is this the core of the botnet - or maybe we're going after this completely the fallacious method?

Existing ways of combatting The Botnet - and why they're ineffective

VPNs

These are proxies that route ALL traffic (not simply HTTP) by their servers. There are many them claiming to be 'no log', however it is easy to search out examples the place folks obtained ratted out by these, like https://www.wipeyourdata.com/other-information-erasing/no-logs-earthvpn-person-arrested-after-police-finds-logs/ (archive). Even assuming the 'no log' coverage is true, the government could nonetheless possibly legally power the supplier to trace somebody (at least in certain nations the place that's allowed). If that's not an option, there's all the time the previous raid them and steal the servers (archive) tactic. After all, VPN traffic can also be simply blocked at the ISP or webpage stage.

VoIP, social, IM, and many others.

Simply suffers from lack of utilization - so in order for you to really attain anyone, it is Facebook, Skype, and many others. Much of the commonly advisable "safe and personal" IM software has varied points (Signal and Telegram require a phone quantity; Keybase has had a safety audit which found many points; Matrix protocol has simply had a security challenge discovered (archive)). TOR-based mostly messengers depend on the safety of the TOR community, which is analyzed beneath. Server-based mostly ones, then again, depend on the safety of servers controlled by folks you don't know. And as common, it is all going by way of the enemy's networks.

File sharing, hosting...

All common hosting / file sharing providers have enormous lists of what is allowed and what is not. Even my current host reserves the right to suspend, block or cancel access to any and all Services, if they determine one thing contradicts their listing. And naturally, copyright holders can claim something is violating theirs, and also you get your shit deleted then. Rom websites have been getting taken down recently for example. There are also 'good hosts' like autistici.org, however who's to say the government won't finally take them down if they host an excessive amount of stuff they don't like? So long as we're utilizing their networks, nothing is secure. Push involves shove and they raid the servers. Even Freedom Hosting went down finally.

Operating methods

Alternatives to Windows are available, however you'll come across Microsoft's system eventually - whether at a relative's house, college (they have deals with those), or someplace else. Not that Linux is all that nice both within the botnet department - huge companies like Mozilla or Red Hat (by means of systemd), nonetheless influence it in detrimental ways. It will happen in any society during which deals primarily based on revenue and / or management are prevalent.

The TOR Illusion

The TOR community allegedly permits you to browse the Internet anonymously. It really works like three proxies connected collectively besides encrypted, so a "proxy" (called the TOR node) cannot see the contents of the previous, only the destination. However, the last node does see unencrypted site visitors - so we hit a roadblock already before we began. The first node additionally sees your IP, however not the contents of your request.

What are another issues with TOR? Well, so much of websites merely block it, or in any other case attempt to make its utilization inconvenient. For the reason that record of exit nodes is public, any website owner can simply do it. So you might be planning to "anonymize your shopping", but then notice it's simply unsuitable for on a regular basis usage. Even more so if you happen to intend to really work together with the websites you are visiting - forums, imageboards, markets, file obtain websites, and so forth. all famously hate TOR. If push involves shove, ISPs may very easily block all TOR visitors as properly - in actual fact this has already occurred in Venezuela for instance - https://www.accessnow.org/venezuela-blocks-tor/ (archive).

What in regards to the so-called hidden providers - exclusive to the TOR network? Well, most of them are defunct and it is arduous to find one that really works - and in case you do, mostly you simply see some scraps. In my nation, I used to be solely capable of finding ONE onion discussion board that I may actually connect to, and it did not have very a lot exercise. Their servers are additionally routinely raided (see Freedom Hosting) and their owners jailed.

There are many ways of identifying TOR customers anyway - browser fingerprinting, stylometry, or even folks sharing their private knowledge whereas on TOR. Operation Onymous (archive) was very successful (though form of overstated by the feds - the quantity of seized websites were "solely" 27 - right here is a listing). An already well-known case of a guy sending a bomb risk utilizing TOR may be learn right here: https://www.bestvpn.com/privacy-news/harvard-bomb-threat-student-caught-utilizing-guerrilla-mail-tor/ (archive). They received him because he was the one individual using TOR on that exact network at the time. The FBI has even paid a university to deanonymize TOR customers (archive), and that's how Silk Road 2.0's proprietor may very well be locked up. This is just what we know about - more assaults are absolutely in use or preparation.

TOR still depends on its encryption, and if that is ever damaged - say goodbye to your anonymity, since all of the traffic is stored for attainable future decryption. Though the TOR community does use Perfect Forward Secrecy, which ought to ensure the safety of the encryption keys (without a direct assault in your machine) - cracking the actual ciphers remains to be a chance:

Quantum computing makes this seemingly, too. Another thing that is absolutely required for the security of TOR (that in some way no one is talking about) are the 9 trusted-by-default directory authorities. If a couple of of those are ever compromised (perhaps that's already the case?) all of TOR's benefits exit the window. This subject has been analyzed in depth right here.

Even the praised TOR Browser will not be completely secure - for instance, just utilizing completely different buttons in your window supervisor can expose a distinct display decision (TBB model 8.5.3, latest as of writing). The first theme is Murrine, second - Default XHDPI, if you wish to affirm.

After all, this alone might be not enough to deanonymize you - however many extra issues certainly exist, waiting to be found. Put a few collectively and also you would possibly just end up uncovered. Conclusion? TOR is just not the panacea. Does that mean you shouldn't use it? No, after all. Use something that is out there to improve your privacy and anonymity - just notice it's not a magic spell, and doesn't strike on the core of the botnet.

Inventing more darknets does not do something

I do not care whether or not it is i2p or nym. I do not care how superior they seem at first - weaknesses can be discovered eventually, like they were for TOR. They all depend on encryption that will likely be broken finally. And they are all going through the enemy's networks. A meshnet has a too excessive barrier for entry (each skills and cost), and doesn't protect in opposition to states who've decided that promoting meshnet units will probably be banned, or those which have access to CCTV AI to detect who's using them, the ones who can compromise them at the manufacturing stage, the ones who can put an Alexa in your apartment by default to listen to what you're doing at all times, the ones who can delete you from existence by zeroing your bank account or throwing you into prison or doing any of the myriad of issues that getting access to the physical infrastructure lets them. Do you not see now how it all comes all the way down to the physical infrastructure?

The core of internet surveillance

To derive benefit from the Internet's commonest providers (like Facebook, Twitter, IM, web site internet hosting), you must deal with their horrible terms of service and privacy insurance policies. Not solely that, but any packet you send or receive is physically going through networks that you don't control. ISPs can watch, modify and block them any method they need - and they're topic to authorities whims as properly. Encryption is at finest a short lived non-answer, as explained within the TOR part (they could block all encrypted messages simply for example - by comparing them to known languages. If it's not found in any identified language, the packet is trashed. Blocking HTTPs? What was it - port 443? Boom and accomplished). Maybe some sensible 'hackers' would learn to bypass these blocks, but ultimately, we would be fighting a battle we're positive to lose. Eventually we'll have to face the fact that...

The real Botnet...is Physical

As stated, servers for the services we use are owned largely by large firms (or sometimes different strangers), while ISPs and governments personal the networks, so the botnet is physical, not technological - and the answer, by extension, should be as well. This may be onerous to see in internet surveillance (which is not even the worst botnet) - however easy in something equivalent to CCTV. They are available in, mount the cameras, and boom! You're being watched. You're now their property - which they literally admit to. No really - for 30 days (or another amount), they can do no matter they want along with your captured movements. And the duration is just claimed...Regardless, you're at their mercy now. If they see you partaking in some 'forbidden conduct', they'll punish you they usually do have a proof you did it. And they'll blame you for sins they arbitrarily selected - they definitely aren't asking you if one thing needs to be banned or not. Everything in this society is owned by companies or governments - and so serves their pursuits, not yours. CCTV is only one example. Drones, killer robots, whatever you possibly can consider - and never essentially technological. Schools, hospitals, airports (remember the patdowns?) - you don't have any management of any of those. And that is The real Botnet. If we want to destroy internet surveillance, we're going to should take over not only the most popular providers' servers (hey, we are able to have a Facebook that respects the consumer - no, actually!) but also the ISPs - Physically - since presumably we won't spy on or censor ourselves...And with that, hopefully we can bury the other botnets as effectively.

The Fake Botnet Fighter

The man sitting in his condo sporting a hoodie, operating a fully libre ThinkPad, unbreakable Qubes OS, TOR for all connections, fastidiously avoiding all stylometry and sharing any personal knowledge in any respect, encrypting his stuff with a one time pad three times, and worrying whether or not some botnet hasn't slipped in anyway. He has no telephone or only makes use of "burner phones" and pays with bitcoins. After which...he finally has to come out of his house, and has his face recorded by a CCTV camera 100 occasions. This guy must be respected for his dedication, but he's useless for a revolution. You can not combat The Botnet using tech only.

All your tech solutions...will finally fall!

It's inevitable. And everytime it follows the same script - some country or ISP blocks TOR or VPNs, or torrent sites get taken down, or Facebook / Twitter / YouTube implement one more method of censorship, or any of the myriad of other issues you possibly can consider. People then freak out and scramble for more technological solutions that are solely band-aids. Then, in the event that they discover one, they proceed their comfy life while the cuffs get tighter. I imply, are you able to imagine that, in 20 years, you will be able to make use of the Internet as freely as at present? Impossible - they'll keep cracking down on every thing till the 'options' are too tough or not even viable anymore. If we controlled the infrastructure, we couldn't only delete all logging ISP-large, but also fix all the problems with FB / YT / different malicious service providers. In fact, you can't take over just like that - the web of slavery is simply too deep - if we just barged in, the police, media etc. would get involved, and that would be the end of it. A full-scale revolution is our solely possibility - and we should use the time throughout which we will pretty freely talk on the internet to plan for it. Then we may repair not only "The Botnet", but most of the opposite problems of society.

But what about decentralization?

Hiding or moving the issue. The "federated instances" all the time endure from lack of exercise, unreliability / short-livedness (hey, why aren't we all hosting our own shit? That's right...), and being subject to the whim of an internet stranger as a substitute of an enormous corpo. Or take torrents. What number of seeds does your favorite anime collection have? How about something less standard, like video recreation soundtracks? People additionally get notices from their ISPs (VPN / TOR is simply shifting the problem again) in the event that they did not like their torrenting; some are apparently fined (archive). And of course, torrent websites nonetheless get taken down or compromised (archive). Mesh networks? Yeah, like anyone's going to trouble. Even if there theoretically was a decentralized resolution worth shit, the governments would possibly simply determine to kill off the entire Internet once they can not control individuals via it. Or install backdoors in the encryption algorithms or any one of the units which are used for the meshnet. Again, our enemies have larger resources / affect than us. Therefore, even decentralization can be temporary in the end - we are going to want their infrastructure finally. In that case, we may additionally take management of one thing like YouTube or MEGA and keep their reputation and all the content material, but change design / policies / TOS, so that customers are assured primary respect, privateness and freedom.

We want the physical!

If I did not make my level clear sufficient earlier, nicely, I'll now. Everything goes again to the bodily! We can't keep pretending that placing digital bandages over physical wounds works. The issue is inside the routers, the processors, the datacenters, the wires. The capitalist system that benefits from amassing information. And the legal system that enables and justifies abuses. We need our own factories, our personal cities - that are designed with privateness and respect in mind.

We're all cucks

We all join by means of ISPs, having to signal contracts that might not have our best interests in mind, e.g banning hosting or WiFi sharing. Those ISPs may also collect data, share or promote it wherever, give it to the feds, inject advertisements, block protocols, censor "misinformation", or do actually anything - and we can't cease it. To produce our computer systems, we rely on corporations that integrate malicious stuff like Intel IME or Microsoft Pluton into the components. Though we would use open programs for ourselves, Windows continues to be everywhere at institutions. And people open methods (e.g Linux) are increasingly being taken over by corporations, anyway. We depend on Twitter or Facebook for outreach, hoping they don't seem to be going to kick us out for "misinformation". And people companies are so massive, that even national governments or political events are subservient to their whims. We rely on YouTube for hosting movies, and feel good and cunning when we wear a condom like Invidious, but the company upstream can break the condom at any time. And so we toil fixing the frontends each time our masters decide to change one thing. Even our FOSS is hosted on a service ran by the largest anti-FOSS company, funnily sufficient. We rely on donation platforms like PayPal or GoFundMe that can block our funds in the event that they decide we're undesirable. We hunt down ad networks so as to add to our filter lists, solely to be foiled time and again by the advertisers and trackers. We expect our darknets will save us, when all of them still undergo the enemy's networks and will be easily blocked. We're fucking cucks! I imply, have a look at this man and tell me he is not completely embarassing. Or take a look at all the people complaining about YouTube's removal of the dislike count.

You'll be able to uncuck your self individually up to the level of possibly 80% if you are actually skilled / decided. But it will take a number of sacrifice and isn't going to reach 100%, anyway. It's also going to turn out to be increasingly tougher as time goes on and every newly invented expertise additionally becomes apart of the identical slavery scheme. I am so uninterested in taking part in the whack-a-mole game with evil. Let's tackle it at its cores. What we are doing right this moment are band-support fixes over stuff that exists solely because evil individuals are currently in cost. Yet we're all simply deluding ourselves by means of the band-aids. How can you merely install an adblocker and forget about what it represents? The one purpose advertisements exist is as a result of they earn profit for the companies that show them. Yet individuals happily swallow the capitalist bedrock of society whereas offloading its costs onto the (most) people who don't install an adblocker. That is of course all going to return crashing down quickly, for example when grass or sky adverts change into extra frequent. The identical applies to closed source software - organizations like the FSF whine and whine concerning the evils of it, however love the profit motive that births it - or they even welcome the corporations into FOSS and pretend they won't have a unfavourable effect there. See? It's cuckery all the best way down even when "options" are concerned. How about cryptocurrency? You possibly can barely buy anything for it and are nonetheless most likely going to want a checking account just to live. And in lots of places, it is extremely inconvenient to use crypto with how laborious it is to get it anonymously (the essential advantage). It is all additionally dependent on the infrastructure of the Internet and electricity. As I said before, we have to arrange a society with the values we care about (privateness, anonymity, freedom of speech, and others) baked in, instead of put on high as afterthoughts. It is not just concerning the profit motive - that's only one example. Power and control are motivations in themselves for some folks. And so you've gotten the spying, censorship, and many others for the purpose of protecting power. So we've to move the dimensions of power towards our facet, but I really feel like everything in this society is set up to forestall that. For instance, folks imagine things like:

- The regulation is the regulation, you gotta observe it. Vote better if you don't prefer it!- A personal firm can do no matter it needs with out consequence. Vote with your toes / dollar!- Property rights are sacred. Don't you dare deface those adverts or destroy these CCTV cameras!- Profit motive is wonderful, rewards "benefit" and "creates innovation". The alternative is communism, and that is bad and killed gorillions of people!

The powerful unfold the memes that keep the ability of their arms, whereas the plebs repeat them and believe them as in the event that they themselves benefitted from these ideas. If that isn't the ultimate cuckery, I do not know what's. But it is also cucked to think we can clear up all our problems by typing away at our keyboards whereas ceding all physical territory to the forces of the dark.

Society needs sane defaults

We will not expect your secretary or plumber to turn into an knowledgeable in technology and fish out Monero, self-hosting and mesh gadgets from the sea of deadly sharks. Identical to we shouldn't need to turn into consultants in nutrition simply so we are able to select the few foods that will not make us sick. But the theme of this report is tech, so that's what we will keep on with. Anyway, the peak of ethics in society can be reached solely when an everyday person can simply soar into the favored selections and be rewarded with ease of use, anonymity, privacy, freedom of speech, good functionality, etc. When the Windowses, YouTubes, Discords, Facebooks, financial institution accounts or their future equivalents, ISPs usually are not making an attempt to abuse us always and are not less than mildly moral. Imagine all the wasted manpower on these now! Imagine all the infrastructure that may very well be repurposed for good, while we need to do with breadcrumbs... These institutions have to both be regulated to hell, reformed by insiders, or burned down and changed with one thing better. How precisely that is going to happen, I don't know. But the defaults must develop into sane for our society to be sane, too. Maybe then our present band-aids of darknets and crypto will not be so needed. In fact, I'm not delusional sufficient to think that a "one product to rule all of them" could be created, so there will still be a spot for fanatics to roll their own setups. But no less than the basics ought to have the ability to be ensured for the normies. And so, can we answer the title's question of whether or not Avoiding The Botnet is impossible? Well, with the present mindset this can be an empathic Yes. But with correct elementary modifications to how the world works, we will the truth is bury The Botnet. And let's end on this good note.

If you have any kind of questions pertaining to where and the best ways to use https://xfans.tube/, you can call us at our own webpage.