Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Xerobank, privacy rip off ??

16 views
Skip to first unread message

macarro

unread,
Jun 23, 2007, 6:49:05 AM6/23/07
to
I have come across a privacy service called Xerobank.com after spending
a while reading it I suspect that they are offering Tor services at $35
month!!

Their privacy policy says "the servers are located in different
countries so we can't give the logs to the authorities".

Anyone could confirm this? They are quite good at marketing in the
webpage so it is not that obvious that they use Tor, but I looked into
it because a PC magazine in the UK names them as a Tor ACCESS provider.

It is also highly suspecious that they have the free Torpark logo on
their page.


--

Customized News: http://news.spotback.com

Anonymous

unread,
Jun 23, 2007, 12:58:50 PM6/23/07
to
macarro wrote:

> I have come across a privacy service called Xerobank.com after spending
> a while reading it I suspect that they are offering Tor services at $35
> month!!

Scam.

This is nothing but Torpark (preconfigured version of firefox/privoxy/etc)
packaged in a shrink wrapped box and sold alongside a tunnel. And the
tunnel is nothing but a default configuration of OpenSSH. That's how
difficult it is to set up a "privacy tunnel", you install the ssh daemon
and open a hole in your firewall if necessary.

The business was faltering as torrify.com, and it will probably falter as
xerobank.com. Even Tor's developers don't look favorably on Torpark. It
introduces a whole bunch of new problems, and the author doesn't seem to
want to be bothered addressing them.

You can get better privacy and the best anonymity in the world using
JanusVM. It's the exact same basic setup, 100% free, and you're not
allowing someone else to handle all your Tor traffic and effectively
become your sole entry node.

> Their privacy policy says "the servers are located in different
> countries so we can't give the logs to the authorities".

Same FUD, different FUDster. ;-)

If you read certain forums or hang out in the right IRC channels you
already know that "Arrakistor" A.K.A Steve Topletz has a bit of an
overactive imagination and likes to make unsupported claims. His "leaves
no traces on your PC", or "doesn't use swap files" nonsense has been
disproved over and over, by experts and laypersons alike for example. It's
a pretty easy thing to check, so Steve either didn't bother checking
before he made those claims, or he's dumber than a toadstool.

The "high speed access to the Tor network" snake oil is particularly
bogus. It doesn't matter how fast you get there, the Tor network is what
it is. In a typical configuration you're getting there at your computer's
internal bus speeds, and it's still dog slow at times. So how is a "high
speed SSH tunnel" suppose to speed things up?

Answer: It wont.

> Anyone could confirm this? They are quite good at marketing in the
> webpage so it is not that obvious that they use Tor, but I looked into
> it because a PC magazine in the UK names them as a Tor ACCESS provider.
>
> It is also highly suspecious that they have the free Torpark logo on
> their page.

It's his product, why shouldn't he use the logo? :) I think it's suspicious
that they don't make the facts more clear. They seem to want to hide what
their service really is for some reason.

Hmmmmmmmmmmmmmmmm..........

Anyway, as for the "making money off Tor" angle, it's already been brought
to the attention of Tor's developers and the Tor community at large. They
don't see it as something a respectable person would do, but on principal
they're not going to do anything about it because it's not technically a
breach of any licensing agreement to make money off Tor. One of Tor's
developers has considered a private, pay-for Tor network in fact.

It's wrong to stand on the shoulders of others and play to the fears of
paranoid minds with FUD and lies just to make a buck or two, but so far
there's nothing unlawful going on that anyone knows about. It's just shady
beyond anything who you'd want to trust with your privacy might do.

Anonymous

unread,
Jun 23, 2007, 3:34:19 PM6/23/07
to
Anonymous wrote:

> macarro wrote:
>
>> I have come across a privacy service called Xerobank.com after spending
>> a while reading it I suspect that they are offering Tor services at $35
>> month!!
>
> Scam.

Scam might be a little harsh. There's a lot of FUD and hype attached to
TorPark/Torrify/Xeroban, but underneath it all I really believe Steve
thinks he's doing a good thing.

What bothers me the most about the whole TorPark/cDc/Hactivismo thing is
the fact that they're all deluding themselves about how noble and effective
they are with respect to human rights. I lived in Asia for 11 years, and
made it into mainland China 7 times for a total of about 14 months living
on Chinese soil. You have to understand the culture to understand what a
sad joke the whole thing is.

China is almost identical to Japan when it comes to "face", or respect and
honor. Trafficking in subversive material is a crime, but not one that's
going to get you shot no matter what the media tells you. I know, I was
there in the middle of it with friends on both sides of the wall. If
you get caught doing a crime anywhere in that part of the world your
punishment is defined almost entirely by how you conduct yourself after
being caught. Deny your crimes and you're royally screwed. Accept and
atone, and you're given the lightest possible penalty.

Just using Tor in China to cover up your activities will get you in deep
ca-ca. Deeper ca-ca than doing the crime in the first place will. That
society sees it as a personal insult to their intelligence when you try
and con job them, so you either come clean about what you're doing or
suffer big time. And there's is no "innocent until proved" there. If
you're suspected, you're pretty much guilty.

Tor is causing more problems for more people in China than it's solving,
you can be sure of that. And the saddest part of the whole deal is that
they're luring innocent people to their folly because they're blind to the
truth of things by the same western ideals they think they're promoting. :(

ad...@torrify.com

unread,
Jun 24, 2007, 5:42:36 PM6/24/07
to
Greetings,

Macarro, I wrote Torpark, and I am an admin at XeroBank (formerly
Torrify), and XeroBank now owns the former Torpark. That is why the
logo is on the page.

Perhaps I can address some of these claims directly, as they seem to
reach conclusions without even the most cursory observation of facts
or experience. I am amazed by what a little knowledge but a lot of
confusion can lead people to believe. Let's clear that up.

Regarding Tor usage in China, it is not an issue at all. If you are
already a known dissident, there is little harm in accessing the Tor
network. I gave a thorough exposition on this at the Torrify forum, as
to why China continues to allow access to the Tor network. If you
aren't already a known dissident, it can alert authorities to the fact
that you are. I was discussing covert data channels with another
hacktivismo member, in this regard. Let's get back to the issue at
hand though:

We are not offering onion routing services, yet. However, we have
secretly developed and deployed an onion-routing network. It is in
testing right now, and is not yet available for public consumption.
And by the way it is FAST! I was bouncing 1800Kbps through it while it
was just warming up to the nameservers. While I think this solution
for anonymity is superior, the throughput consumption is enormous. For
every 1MB you transfer in/out, it creates 6MB of traffic. The network
services we are offering, broken down with technical specificaitions,
are 1) SSH tunnel for http/https/smtp traffic, providing 200Kbps to
700Kbps from our servers. This is a multi-hop network. Right now this
is priced at $10/month. 2) VPN TLS connection, providing 1500Kbps to
4000Kbps from our servers. This is a multi-hop network. Right now this
is priced at $35/month. 3) VPN TLS connection, providing a bandwidth
pool of 40,000Kbps, which can be shared by up to 30 user connections
which the owner of the account can assign. Right now this is priced at
$500/month, and can be made available preconfigured on hardware
routers so they are plug and play.

Most of the confusion seems to be that people think because we offer
high speed access _to_ the tor network, that somehow we are claiming
to make the tor network itself fast, or that we are using resources of
the tor network for commercial gain. Neither of which is true. Some of
our network providers already run many of the fastest tor nodes on the
public network, in the same datacenters as ours, in addition to us
running our own gateway entry nodes. This virtually eliminates the
latency of entry nodes and puts you right into the tor network. So if
you are trying to access a hidden service (thus using the Tor
network), you get there pretty quick. At least, you're dropping the
number of latency vectors by 33%. I think we also have JAP gateway
servers as well, I'll have to check and see if those are available
yet.

>The business was faltering as torrify.com, and it will probably falter as
>xerobank.com. Even Tor's developers don't look favorably on Torpark. It
>introduces a whole bunch of new problems, and the author doesn't seem to
>want to be bothered addressing them.

I'm not sure where you get your "information", but we never even
offered services as Torrify. You may be surprised to know that Torpark/
xB Browser is THE most popular online anonymity browser in the world.
Tor's developers had issue with Torpark because it wasn't written
cross platform in a language they could read, nor was it released
under GPL/3BSD as they wanted it to be. Torpark introduces no new
problems, and solves many of the prior problems that Tor itself had
with implementation, such as the DNS leak problem that requires the
use of Privoxy to solve. Torpark became more popular among users than
Tor itself did, so the reaction of competitors and detractors isn't
hard to understand. No objections yet have had any merit or gained any
traction, and I challenge you in public to dispute it by listing any
of these inherent "problems" you claim to have knowledge of.

>You can get better privacy and the best anonymity in the world using
>JanusVM. It's the exact same basic setup, 100% free, and you're not
>allowing someone else to handle all your Tor traffic and effectively
>become your sole entry node.

I can't tell that you have any idea what you are talking about
regarding networks and anonymity. JanusVM has its own set of problems,
and is based upon a design idea I mentioned to someone in the Tor
project about a year ago. But we have designed a superior solution
that will be released on August 3rd, called xB Machine. And like all
our software, it is free, turn-key, and easy to use.

Regarding leaving traces, this is an inherent flaw in Windows, and not
a function of Torpark/xB Browser. The specific problem lies in Firefox
paging, but suffice to say, it isn't Torpark that is leaving data
behind. And what data does it leave behind? Well if you have memory
that gets sent to the swap, you could have that memory written to disk
and stay persistent after you shutdown the program, assuming it
doesn't get overwritten by another problem (like RAM). While the
solution seems to be to reduce your swapsize to 0, and turn on swap
wiping at shutdown, that is too over-reaching and just shifts the
problem to RAM. That is just shifting the vector from non-volatile
memory to semi-volatile memory, which is the illusion of a solution.
While it would be easy enough to do, assuming the user had the rights
to do it, that just isn't a real solution for the problem in the
design of Windows. Another issue is that of registry keys. Torpark
itself isn't creating registry keys, but firefox might. While we could
go back and erase any registry keys created, easily enough, that
doesn't tackle the issue. What it does is tell a forensics person that
someone ran firefox. I don't personally find that very compelling, but
Iet's give it some thought... If you have someone who already has
administrative access to your system, but you're complaining about
innocuous registry keys, you're rearranging deckchairs on the titanic.
At that point, you've got much bigger problems, and why you weren't
using disk encryption in he first place is the issue.

>Anyway, as for the "making money off Tor" angle, it's already been brought
>to the attention of Tor's developers and the Tor community at large. They
>don't see it as something a respectable person would do, but on principal
>they're not going to do anything about it because it's not technically a
>breach of any licensing agreement to make money off Tor. One of Tor's
>developers has considered a private, pay-for Tor network in fact.

I agree, why would anyone sell something that others are giving away
at their
own expense? This is why XeroBank has never used the Tor network, and
xB Browser
is free and will always remain so.

Regards,
Steve Topletz
XeroBank Administrator

traveller 66

unread,
Jun 24, 2007, 7:19:56 PM6/24/07
to
On Sun, 24 Jun 2007 14:42:36 -0700, ad...@torrify.com wrote:

> Greetings,
>
> Macarro, I wrote Torpark, and I am an admin at XeroBank (formerly
> Torrify), and XeroBank now owns the former Torpark. That is why the
> logo is on the page.

FUD is a specialty here, good luck in your business. I hope someone doesn't
troll you or set up posts from you without your headers on topics to try
and discredit you with them. That's what happens to people in here that say
anything but cotse. Only cotse trols do business in usenet like that.

joe

unread,
Jun 24, 2007, 6:45:40 PM6/24/07
to

It will live or die on it's own merit.

I see my plea did no good.

Nomen Nescio

unread,
Jun 24, 2007, 7:40:05 PM6/24/07
to
traveller 66 wrote:

Allow me to translate Ademspeak for you, what he meant to say was:

"If you don't lie to people in here you'll get along fine, if you do
then you will be shredded for those lies."

If you do choose the Adem route of lying in your claims and end up
shredded for it, the current fave to blame it on is Cotse. Just so you
know and can be prepared. But if you don't lie in your claims of what
the service provides, you'll have no issues here, welcome to alt.privacy.

I, for one, welcome a mix choice for a paid service. While still having
the problem of a single entity owning all machines, it is a far better
setup than a single SSH server tunnel. Freedom.Net once tried to offer
a similar service, you may want to look for where it went wrong for them
and avoid those same pitfalls. I believe that they quite overestimated
the existing market, as well as the legal issues they'd face.

Anonymous

unread,
Jun 24, 2007, 8:57:03 PM6/24/07
to
traveller 66 wrote:

> FUD is a specialty here, good luck in your business. I hope someone doesn't
> troll you or set up posts from you without your headers on topics to try

Unfortunately for you Google isn't the only Usenet archive on the planet.

Suck on this you filthy pedophile. It's your admission, complete with the
headers you're whining about. Another major *spank* for your filthy
pedophile ass this week. Anyone using a server with decent retention can
look it up by message ID now. Hope you enjoy having your nose rubbed in it,
and have a nice day! <laugh>

---cut---
Path: s02-b27.iad01!nx02.iad01.newshosting.com!newshosting.com!post01.iad01!not-for-mail
Newsgroups: alt.privacy
Subject: Re: Any Phone Safe?
From: "Eggplant©" <veget...@theguarden.com>
References: <b61949089c833bed...@dizum.com> <Xns98D83ADFD...@63.218.45.252> <gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net> <1af100c765b949c3...@dizum.com> <Xns98DF50B8F...@63.218.45.254> <29162e230034491a...@deuxpi.ca>
Organization: 60's Burnout
Message-ID: <Xns98DF85604...@63.218.45.252>
User-Agent: Xnews/5.03.24
X-No-Archive: yes
Date: 22 Feb 2007 21:57:02 GMT
Lines: 36
X-Complaints-To: ab...@newshosting.com

Anonyma <anon-b...@deuxpi.ca> wrote in
news:29162e230034491a...@deuxpi.ca:A vortex formed within
the smokey haze of my alledged mind and became this:

> Eggplant=C2=A9 wrote:
>
>> Nomen Nescio <nob...@dizum.com> wrote in=20
>> news:1af100c765b949c3...@dizum.com:A vortex formed
>> within the smokey haze of my alledged mind and became this:
>>=20
>> > traveler 66 wrote:
>
> <CLIP>
>
>> WTF are you talking about (in your further attempts to confuse
>> issues).
>>=20
>> I don't have a server, nor am I connected to anyone who does beyond
>
> ROTFLMAO!!!!!
>
> Forget to change socks there, asslicker?
>
> So it turns out the "traveler" puppet is also a pedofuck pervert called
> Eggfart. That explains a lot. You were always "both" just a couple of
> fucktarded asslickers. It's good to know Privacy.LIE and its twin
> sister scam services have such a distinguished customer base.
>
> Owned by perverted racists..... patronized by racist perverts.=20
>
> LOL! Outstanding. Thank you. LOL!!
>
>
Boy are you a moron. I'd use remailers for everything and stay anonymous
if I were going to be 2 people. Yeah, I've forgotten to change nics on my
Xnews. But I don't use remailers. You're way off base as usual.
---cut---

Ari

unread,
Jun 24, 2007, 10:12:31 PM6/24/07
to
On Sun, 24 Jun 2007 14:42:36 -0700, ad...@torrify.com wrote:

> Tor's developers had issue with Torpark because it wasn't written
> cross platform in a language they could read, nor was it released
> under GPL/3BSD as they wanted it to be.

What did the ONI have to say?

ad...@torrify.com

unread,
Jun 25, 2007, 12:28:10 AM6/25/07
to
On Jun 24, 9:12 pm, Ari <arisilverst...@yahoo.com> wrote:

> On Sun, 24 Jun 2007 14:42:36 -0700, a...@torrify.com wrote:
> > Tor's developers had issue with Torpark because it wasn't written
> > cross platform in a language they could read, nor was it released
> > under GPL/3BSD as they wanted it to be.
>
> What did the ONI have to say?

ONI? Office of Naval Intel?

Anonymous

unread,
Jun 24, 2007, 11:12:09 PM6/24/07
to
In article <e03fdb208e01a5f2...@ecn.org>

Anonymous <cri...@ecn.org> wrote:
>
> traveller 66 wrote:
>
> > FUD is a specialty here, good luck in your business. I hope someone doesn't
> > troll you or set up posts from you without your headers on topics to try
>
> Unfortunately for you Google isn't the only Usenet archive on the planet.
>
> Suck on this you filthy pedophile. It's your admission, complete with the
> headers you're whining about. Another major *spank* for your filthy
> pedophile ass this week. Anyone using a server with decent retention can
> look it up by message ID now. Hope you enjoy having your nose rubbed in it,
> and have a nice day! <laugh>

By Gum you're right! allnews.readfreenews.net still had the whole thread
hanging around. Wowzers.

In order:

From: Nomen Nescio <nob...@dizum.com>
Newsgroups: alt.privacy
Subject: Any Phone Safe?
References:
X-No-Archive: Yes
Message-ID: <b61949089c833bed...@dizum.com>
Date: Tue, 13 Feb 2007 01:30:08 +0100 (CET)
Mail-To-News-Contact: ab...@dizum.com
Organization: mail...@dizum.com
Xref: authen.puce.readfreenews.net alt.privacy:217848

Other than having crypto phones on each end what's the safest, most
anonymous phone you can own nowadays? Is cell safer than landline? Why or
why not. Anyone who believes that the government only listens to
terrorists I think is really taking a big risk especially if they are on
Bush's black list (I am sure he has one).

-------------------------

Newsgroups: alt.privacy
Subject: Re: Any Phone Safe?
From: "Eggplant©" <veget...@theguarden.com>
References: <b61949089c833bed...@dizum.com>

Organization: 60's Burnout
Message-ID: <Xns98D83ADFD...@63.218.45.252>
User-Agent: Xnews/5.03.24
X-No-Archive: yes
Date: 15 Feb 2007 13:46:37 GMT
Lines: 17
X-Complaints-To: ab...@newshosting.com
Xref: authen.puce.readfreenews.net alt.privacy:217882

Nomen Nescio <nob...@dizum.com> wrote in
news:b61949089c833bed...@dizum.com:A vortex formed within the


smokey haze of my alledged mind and became this:

> Other than having crypto phones on each end what's the safest, most
> anonymous phone you can own nowadays? Is cell safer than landline? Why or
> why not. Anyone who believes that the government only listens to
> terrorists I think is really taking a big risk especially if they are on
> Bush's black list (I am sure he has one).
>
>

The problem with cell phones is the "implied consent" laws. You are
knowingly using a portable transmitter/reciever. Anything done on a cell
phone can be used in court without any privacy protection laws that would
apply to landlines. No warrant necessary because it was sent openly over
the airwaves.

--------------------------------

From: traveler 66 <nor...@nym.alias.net>
Subject: Re: Any Phone Safe?

Newsgroups: alt.privacy
User-Agent: 40tude_Dialog/2.0.14.1
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Reply-To: nor...@nym.alias.net
Organization: Anonymous
References: <b61949089c833bed...@dizum.com>
<Xns98D83ADFD...@63.218.45.252>
Date: Thu, 15 Feb 2007 23:12:39 -0800
Message-ID: <gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net>
Lines: 21
X-Complaints-To: adm...@privacy.li
Xref: authen.puce.readfreenews.net alt.privacy:217907

On 15 Feb 2007 13:46:37 GMT, Eggplant© wrote:

> Nomen Nescio <nob...@dizum.com> wrote in

> news:b61949089c833bed...@dizum.com:A vortex formed within the


> smokey haze of my alledged mind and became this:
>

>> Other than having crypto phones on each end what's the safest, most
>> anonymous phone you can own nowadays? Is cell safer than landline? Why or
>> why not. Anyone who believes that the government only listens to
>> terrorists I think is really taking a big risk especially if they are on
>> Bush's black list (I am sure he has one).
>>
>
> The problem with cell phones is the "implied consent" laws. You are
> knowingly using a portable transmitter/reciever. Anything done on a cell
> phone can be used in court without any privacy protection laws that would
> apply to landlines. No warrant necessary because it was sent openly over
> the airwaves.

Why don't you post your address here, I'll look up the law in your area for
you.

---------------------------------------

From: Nomen Nescio <nob...@dizum.com>
Subject: Re: Any Phone Safe?

Newsgroups: alt.privacy
References: <b61949089c833bed...@dizum.com>
<Xns98D83ADFD...@63.218.45.252>
<gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net>
Message-ID: <1af100c765b949c3...@dizum.com>
Date: Fri, 16 Feb 2007 14:00:04 +0100 (CET)
Mail-To-News-Contact: ab...@dizum.com
Organization: mail...@dizum.com
Xref: authen.puce.readfreenews.net alt.privacy:217912

traveler 66 wrote:

> On 15 Feb 2007 13:46:37 GMT, Eggplant=C2=A9 wrote:
>=20


> > Nomen Nescio <nob...@dizum.com> wrote in=20

> > news:b61949089c833bed...@dizum.com:A vortex formed


> > within the smokey haze of my alledged mind and became this:
> >=20

> >> Other than having crypto phones on each end what's the safest, most
> >> anonymous phone you can own nowadays? Is cell safer than landline?
> >> Why or why not. Anyone who believes that the government only
> >> listens to terrorists I think is really taking a big risk
> >> especially if they are on Bush's black list (I am sure he has one).
> >>=20
> >=20
> > The problem with cell phones is the "implied consent" laws. You are=20
> > knowingly using a portable transmitter/reciever. Anything done on a
> > cell phone can be used in court without any privacy protection laws
> > that would apply to landlines. No warrant necessary because it was
> > sent openly over the airwaves.
>=20
> Why don't you post your address here, I'll look up the law in your
> area for you.

Do you mean "look up" as in the way you ignore and deny the laws in all
the cheap hosting privacy SHIT HOLES where you rent server space just
so you can swindle people with your off-shore lies?

Slimy asslickers like you offering legal research assistance is BEYOND
ironic. How many times have you tried to tell us local laws and MLATS
don't matter now? A couple dozen?=20

How's it feel to have your bullshit come back to haunt you? Hmmmmm?

LOL!

-------------------------------------

Newsgroups: alt.privacy
Subject: Re: Any Phone Safe?
From: "Eggplant©" <veget...@theguarden.com>
References: <b61949089c833bed...@dizum.com>
<Xns98D83ADFD...@63.218.45.252>
<gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net>
<1af100c765b949c3...@dizum.com>

Organization: 60's Burnout
Message-ID: <Xns98DF50B8F...@63.218.45.254>
User-Agent: Xnews/5.03.24
X-No-Archive: yes
Date: 22 Feb 2007 16:46:13 GMT
Lines: 49
X-Complaints-To: ab...@newshosting.com
Xref: authen.puce.readfreenews.net alt.privacy:218035

Nomen Nescio <nob...@dizum.com> wrote in


news:1af100c765b949c3...@dizum.com:A vortex formed within
the smokey haze of my alledged mind and became this:

> traveler 66 wrote:
>
>> On 15 Feb 2007 13:46:37 GMT, Eggplant=C2=A9 wrote:
>>=20


>> > Nomen Nescio <nob...@dizum.com> wrote in=20

>> > news:b61949089c833bed...@dizum.com:A vortex formed


>> > within the smokey haze of my alledged mind and became this:
>> >=20

>> >> Other than having crypto phones on each end what's the safest, most
>> >> anonymous phone you can own nowadays? Is cell safer than landline?
>> >> Why or why not. Anyone who believes that the government only
>> >> listens to terrorists I think is really taking a big risk
>> >> especially if they are on Bush's black list (I am sure he has one).
>> >>=20
>> >=20
>> > The problem with cell phones is the "implied consent" laws. You are=
20
>> > knowingly using a portable transmitter/reciever. Anything done on a
>> > cell phone can be used in court without any privacy protection laws
>> > that would apply to landlines. No warrant necessary because it was
>> > sent openly over the airwaves.
>>=20
>> Why don't you post your address here, I'll look up the law in your
>> area for you.
>
> Do you mean "look up" as in the way you ignore and deny the laws in all
> the cheap hosting privacy SHIT HOLES where you rent server space just
> so you can swindle people with your off-shore lies?
>
> Slimy asslickers like you offering legal research assistance is BEYOND
> ironic. How many times have you tried to tell us local laws and MLATS
> don't matter now? A couple dozen?=20
>
> How's it feel to have your bullshit come back to haunt you? Hmmmmm?
>
> LOL!


>
WTF are you talking about (in your further attempts to confuse issues).

I don't have a server, nor am I connected to anyone who does beyond being
a very satified customer with prili. Nothing has come back to haunt me at
all. Who ever said the laws don't matter? Having to put words in peoples
mouths to try to look wise again I see. When do you offer anything to
help anyone? You're just a troll.

------------------------------------

From: Anonyma <anon-b...@deuxpi.ca>
X-Anonymous: yes
X-Anon-Help: <http://www.deuxpi.ca/>
<mailto:deuxpi...@deuxpi.ca>
Subject: Re: Any Phone Safe?
Newsgroups: alt.privacy
References: <b61949089c833bed...@dizum.com>
<Xns98D83ADFD...@63.218.45.252>
<gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net>
<1af100c765b949c3...@dizum.com>
<Xns98DF50B8F...@63.218.45.254>

Message-ID: <29162e230034491a...@deuxpi.ca>
Date: Thu, 22 Feb 2007 16:23:00 -0500 (EST)
Mail-To-News-Contact: ab...@dizum.com
Organization: mail...@dizum.com
Xref: authen.puce.readfreenews.net alt.privacy:218044

Eggplant=C2=A9 wrote:

> Nomen Nescio <nob...@dizum.com> wrote in=20
> news:1af100c765b949c3...@dizum.com:A vortex formed
> within the smokey haze of my alledged mind and became this:
>=20
> > traveler 66 wrote:

<CLIP>

> WTF are you talking about (in your further attempts to confuse
> issues).
>=20
> I don't have a server, nor am I connected to anyone who does beyond

ROTFLMAO!!!!!

Forget to change socks there, asslicker?

So it turns out the "traveler" puppet is also a pedofuck pervert called
Eggfart. That explains a lot. You were always "both" just a couple of
fucktarded asslickers. It's good to know Privacy.LIE and its twin
sister scam services have such a distinguished customer base.

Owned by perverted racists..... patronized by racist perverts.=20

LOL! Outstanding. Thank you. LOL!!

-------------------------------------

Newsgroups: alt.privacy
Subject: Re: Any Phone Safe?
From: "Eggplant©" <veget...@theguarden.com>
References: <b61949089c833bed...@dizum.com>
<Xns98D83ADFD...@63.218.45.252>
<gzxeevjdr3jk.1udn2x095zaia$.d...@40tude.net>
<1af100c765b949c3...@dizum.com>
<Xns98DF50B8F...@63.218.45.254>
<29162e230034491a...@deuxpi.ca>
Organization: 60's Burnout
Message-ID: <Xns98DF85604...@63.218.45.252>
User-Agent: Xnews/5.03.24
X-No-Archive: yes
Date: 22 Feb 2007 21:57:02 GMT
Lines: 36
X-Complaints-To: ab...@newshosting.com

Xref: authen.puce.readfreenews.net alt.privacy:218045

-------------------------------------

ad...@torrify.com

unread,
Jun 25, 2007, 12:35:20 AM6/25/07
to
On Jun 24, 6:19 pm, traveller 66 <nore...@nym.alias.net> wrote:

No worries. That is what key signing is for. If someone claims to be
me and makes some silly statement, ask them to sign their message
using my key. I'll probably sign all my posts once I find a good
reader that can do it.

traveller 66

unread,
Jun 25, 2007, 2:34:34 AM6/25/07
to

A troll that can't read headers, or a troll who wants to set up and accuse
people of what they themselves are. You're the one that's pathetic fool.

Flush

Ari

unread,
Jun 25, 2007, 1:49:00 AM6/25/07
to

Yessir. Going back to early 90s, DARPA handoff. They are keen about
keeping up with their "baby".

Cyberiade.it Anonymous Remailer

unread,
Jun 25, 2007, 2:47:22 AM6/25/07
to
traveller 66 A.K.A. Eggplant wrote:

> A troll that

<discard!>

Sorry pedofuk, you're owned. You pissed and moaned about someone proving
you confessed to being a pedofuk "with headers" until someone took the
time to do just that. And now that it's been referenced on two different
servers and archived at Google for all times, you're just plain old up
shit creek without your canoe.

Sucks to be you. *laugh*

Anonymous

unread,
Jun 25, 2007, 2:58:43 AM6/25/07
to
Anonymous wrote:

>> Suck on this you filthy pedophile. It's your admission, complete with the
>> headers you're whining about. Another major *spank* for your filthy
>> pedophile ass this week. Anyone using a server with decent retention can
>> look it up by message ID now. Hope you enjoy having your nose rubbed in it,
>> and have a nice day! <laugh>
>
> By Gum you're right! allnews.readfreenews.net still had the whole thread
> hanging around. Wowzers.

<snip repost>

You guys are too good at this shit. My list of links is rapidly turning
into an FAQ. Actually, that's not a bad idea. ;)

** The Truth About Privacy.LIE **

Privacy.LIE sock puppet "traveller 66" exposes himself as a pedophile.

http://groups.google.com/group/alt.privacy/browse_thread/thread/5782f0f6f5552152/385119af1d32a5ae

http://groups.google.com/group/alt.privacy/msg/385119af1d32a5ae?dmode=source

http://groups.google.com/group/alt.privacy/msg/67741086f2ff3eb4 (reposted admission)
http://groups.google.com/group/alt.privacy/msg/7f706a505f078bec (threaded admission)

Privacy.LIE outs one of their customers. Sort of.

http://groups.google.com/group/alt.privacy.anon-server/msg/558546787dbea60b?dmode=source

Privacy.LIE fails to ID yet another Tor node, about a week later.

http://groups.google.com/group/alt.privacy/msg/ea548e09d2de8558?dmode=source

http://groups.google.com/group/alt.privacy/msg/31fc61d49f980a06?dmode=source

http://groups.google.com/group/alt.privacy/msg/4dc7f83685450adb?dmode=source

Privacy.LIE's "security" is exposed.

http://groups.google.com/group/alt.privacy/browse_thread/thread/b79bfb855c3cdf10/570b6341770f8a78

http://groups.google.com/group/alt.privacy/msg/c61ababa5bf5f746?dmode=source

Privacy.LIE "fixes" their security issues.

http://groups.google.com/group/alt.privacy/browse_thread/thread/357ace4cfc6fe976/56cd101c25c5830b

The world's most recognized security expert dissects Privacy.LIE,

http://www.schneier.com/blog/archives/2005/07/the_doghouse_pr.html

Privacy.LIE engages in nymhopping to defend themselves.

http://www.homelandstupidity.us/2005/07/09/privacyli-not-to-be-trusted/

Historical Privacy.LIE theft.

http://www.appleby.net/privacy.html

Privacy.LIE theft today.

http://forums.truecrypt.org/viewtopic.php?t=5893
http://www.wilderssecurity.com/showthread.php?p=981542

Goldy

unread,
Jun 25, 2007, 3:01:09 AM6/25/07
to
I am one of the two people that put together JanusVM.

> regarding networks and anonymity. JanusVM has its own set of problems,

What problems?
I would love to hear what those are. I'm always eager to make it
better.

> and is based upon a design idea I mentioned to someone in the Tor
> project about a year ago.

We did this to try and win the VMware Ultimate Virtual Appliance
Challenge, which we didn't.
Well, I had a few of my own personal reasons as well. ;-)

JanusVM came to be because there were too many applications that
didn't support SOCKS (or Tor), and most of the third-party apps that
"wrap" your app into a SOCKS connection didn't work well in Windows,
if at all.

So we took the simple approach; just tunnel it all into a Linux VM and
handle it there.
And anyone at any time can rip through our VM and see what it's made
of; %100 open source.

Regardless, a transparent proxy approach for Tor has so far proved
itself to be worthy, and that's why we are the ONLY free product
mentioned in the Tor roadmap.
http://tor.eff.org/svn/trunk/doc/design-paper/roadmap-2007.pdf

There has also been a few LiveCD's that have come out recently, which
look quite promising. We are working on our own Live CD, but it'll be
awhile before it's done.

Anyhow, I look forward to seeing your xBMachine on August 3rd......see
you in Vegas. ;-)

traveller 66

unread,
Jun 25, 2007, 1:06:21 PM6/25/07
to

That's a must do thing for in here.

Message has been deleted

Cyberiade.it Anonymous Remailer

unread,
Jun 25, 2007, 2:20:09 PM6/25/07
to

traveller 66

unread,
Jun 25, 2007, 3:45:16 PM6/25/07
to
On Mon, 25 Jun 2007 17:45:31 GMT, John Smith wrote:

> On Mon, 25 Jun 2007 09:06:21 -0800, in article
> <2jo2jw1tw8lq$.fe1we806hr5n$.d...@40tude.net>, traveller 66


> <nor...@nym.alias.net> wrote:
>
>>>
>>> No worries. That is what key signing is for. If someone claims to be
>>> me and makes some silly statement, ask them to sign their message
>>> using my key. I'll probably sign all my posts once I find a good
>>> reader that can do it.
>>
>>That's a must do thing for in here.
>

> *sigh*
>
> Yet, you are too stupid to do so yourself and have been busted a
> number of times now using the wrong sock puppet as a
> result................
>
> Your stupidity really is priceless.
>
> Now, dance "puppety puppet", dance.
>
> <chuckle>

Puppets and FUD I leave to you.

Anonymous

unread,
Jun 25, 2007, 1:20:13 PM6/25/07
to
traveller 66 wrote:

Which is why you've relied on your failed XNA strategy to cover your
filthy pedophile ass instead of PGP signing everything, huh?

ROTFLMAO!


Anonymous

unread,
Jun 25, 2007, 4:47:33 PM6/25/07
to
traveller 66 wrote:

..nobody cares what a pedophile has to say

Goldy

unread,
Jun 26, 2007, 5:44:27 PM6/26/07
to
SIDE NOTE:
Both of you, SHUT THE HELL UP! I AM SICK OF HEARING ABOUT YOUR
SERVICE AND THEIR SERVICE AND ALL THE DAMN PUPPETS! Someone asked a
valid question about a new service, so give a valid answer or shut the
hell up if you don't know anything about it. Damn. Take your fucking
argument into a private offline channel or something, please. NOBODY
CARES ABOUT PUPPETS OR LIES ANYMORE!!!
----------------------------------------------------------------------------------------

As for XeroBank, I believe they are going to be releasing there
xB_Machine at Defcon in Las Vegas on August 3rd. I will be happy to
give you an update once I see it for myself.

I did however, get a chance to play with the XB Browser. It is the
same as Torpark. It also has "XeroBankPlus.exe" which is
PUTTY(freeware).

So to recap, they are re-using free software to support Tor. If what
you're paying for is the private network they are setting up, then
that seems fair considering bandwidth cost money. If you're paying
for freeware that you can download off the Internet at anytime, then I
wouldn't trust them, but that doesn't seem to be the case....so far.
I'm really curious to see this once it's up and running, and I'll be
happy to give my honest opinion once I can see it for myself.

Until then, I'll stick with my software that I put together (JanusVM)
which is freeware.

ad...@torrify.com

unread,
Jun 26, 2007, 8:53:13 PM6/26/07
to
Kyle,

Yeah, the XeroBankPlus.exe file is putty indeed, actually I think it
is porta-plink. We just named it that so people would know what the
process was when looking at it in the process manager. And of course,
all the xB software is free and open source, as it always was and will
be.

Regarding the xB VM: You shall know the VM, and the VM shall set you
free. And by problems I mean shortcomings, but maybe that is because I
have a different idea of what to construct for the client. You can tag
me offlist if you like and we can discuss.

I'll be giving a small talk on it at defcon. Did you hear about Mike
Perry's talk? I thought it might be of particular interest to you.

Steve

Anonymous

unread,
Jun 27, 2007, 2:13:56 PM6/27/07
to
admin wrote:

> Kyle,
>
> Yeah, the XeroBankPlus.exe file is putty indeed, actually I think it
> is porta-plink. We just named it that so people would know what the

So, you're taking other people's work and renaming it, so you can build a
business around providing access to an open network that you're charging
people to use? Then lobbing stones at projects JanusVM which provide
essentially the same functionality as your own project?

And none of that bothers you?

It's no wonder Tor's developers don't much like you. I'm sort of holding
my nose myself and I don't develop that sort of software.

ad...@torrify.com

unread,
Jun 29, 2007, 2:39:21 AM6/29/07
to
http://support.xerobank.com/wiki/doku.php?id=faq

We don't charge anything for the software, we give full credit for all
work, are fully within all license parameters, and don't charge for
access to an open network, only our private high-speed network.
However, your not being a developer elucidates about why you don't
understand licensing. And JanusVM is an excellent project idea, glad
that someone is developing it, as it is small enough to be usable as
network filter but not so big that it is a hassle to download. There
are definitely things I would change about it, but it isn't my
project. But xB Machine is, and it will be around 200MB when we finish
the first version.

Steve

Anonymous

unread,
Jun 29, 2007, 2:37:48 PM6/29/07
to
admin wrote:

It might help to quote some of what you're replying to.

> http://support.xerobank.com/wiki/doku.php?id=faq
>
> We don't charge anything for the software, we give full credit for all
> work,

You do not. PuTTY is just one example.

> are fully within all license parameters, and don't charge for
> access to an open network,

You most certainly do charge for access to a free and open network, and
provide access to that free and open network using free and open software
that you've repackaged.

> only our private high-speed network.

Your "high speed private network" has no value what so ever without access
to some outside resource. What you're really selling is anonymous access
to the Internet, and you're providing that by accessing the Tor network.
Period. That's the truth no matter how you try and doublespeak the
"private network" angle.

> However, your not being a developer elucidates about why you don't
> understand licensing.

You need to read for comprehension Steve. I've been developing software
since before you were born. I understand software licensing better than
you ever will. Nobody said you were breaching any licensing agreement in
any case, they said you were breaching normal human ethics and morality by
making money off the hard work of others.

> And JanusVM is an excellent project idea, glad
> that someone is developing it, as it is small enough to be usable as
> network filter but not so big that it is a hassle to download. There
> are definitely things I would change about it, but it isn't my
> project. But xB Machine is, and it will be around 200MB when we finish
> the first version.

So what are these "problems" you hinted at and then shied away from
explaining when that software's developer showed up?

traveller 66

unread,
Jun 29, 2007, 5:54:51 PM6/29/07
to

Just wait until the cyber troll starts posting you up here with FUD, by the
way, can you let me know about the signatures with newsreaders, etc.
Thanks.

George Orwell

unread,
Jun 29, 2007, 5:13:07 PM6/29/07
to
Anonymous wrote:

> admin wrote:
>
> It might help to quote some of what you're replying to.
>
>> http://support.xerobank.com/wiki/doku.php?id=faq
>>
>> We don't charge anything for the software, we give full credit for all
>> work,
>
> You do not. PuTTY is just one example.

I don't understand how this person can claim to be giving full credit to
other software authors when it's not even fully disclosed that "xB" is
essentially TorPark (Portable Firefox + Tor) until asked about it. Or when
just a couple messages ago in this thread he told us he wasn't even clear
about what programs his "xB" package really uses himself, and admits that
information is hidden from users...

Message-ID: <1182905593....@n60g2000hse.googlegroups.com>

"Yeah, the XeroBankPlus.exe file is putty indeed, actually I think it
is porta-plink. We just named it that so people would know what the

Anonymous

unread,
Jun 29, 2007, 6:13:32 PM6/29/07
to
Anonymous wrote:

> admin wrote:
>
> It might help to quote some of what you're replying to.
>
>> http://support.xerobank.com/wiki/doku.php?id=faq
>>
>> We don't charge anything for the software, we give full credit for all
>> work,
>
> You do not. PuTTY is just one example.
>
>> are fully within all license parameters, and don't charge for
>> access to an open network,
>
> You most certainly do charge for access to a free and open network, and
> provide access to that free and open network using free and open software
> that you've repackaged.
>
>> only our private high-speed network.
>
> Your "high speed private network" has no value what so ever without access
> to some outside resource. What you're really selling is anonymous access
> to the Internet, and you're providing that by accessing the Tor network.
> Period. That's the truth no matter how you try and doublespeak the
> "private network" angle.

If anyone has any doubts about this at all I have a private email exchange
with Steve where he tried to convince me that he could make the Tor
network work so much faster because all his alleged "secret" servers were
located in the same data centers as "Tor backbone servers". When I pointed
out there's no such thing as "Tor backbone servers" he tried to pass off
directory servers as some sort of high speed Tor nodes, flip flopped to
just "fast nodes", and then called me a 17 year old kid living in France.

I admit I was talking down a bit to see how he would respond, but I fail
to see why he thinks being French is some sort of insult....??

I'm also waiting to see if he makes the same mistakes another well known
anonymity service just made. ;-)

Anonymous Sender

unread,
Jun 29, 2007, 6:19:32 PM6/29/07
to
traveller 66 wrote:

> Just wait until the cyber troll starts posting you up here with FUD,

You mean "FUD" as in this crushing collection of documented Privacy.LIE
theft, lies, scams, racism, and moral debauchery? The informative fact
sheet with even more links being added all the time because you're just
too damned stupid to keep from making yourself look like a total asshole
every time we bait you into another pissing contest?

Is THIS the "FUD" you're referring to, pedophile....


** The Truth About Privacy.LIE **

Privacy.LIE sock puppet "traveller 66" exposes himself as a pedophile.

http://groups.google.com/group/alt.privacy/browse_thread/thread/5782f0f6f5552152/385119af1d32a5ae

http://groups.google.com/group/alt.privacy/msg/385119af1d32a5ae?dmode=source

http://groups.google.com/group/alt.privacy/msg/67741086f2ff3eb4 (reposted admission)

http://groups.google.com/group/alt.privacy/msg/7f706a505f078bec (threaded admission)

http://groups.google.com/group/alt.privacy/msg/21d4c408a0409dc5

http://groups.google.com/group/alt.privacy/msg/a02efcc71c44c767

Privacy.LIE sock puppet traveller/Eggplant pretends to argue with himself.

http://groups.google.com/group/alt.privacy/msg/31216dc836c9b7f6

Privacy.LIE outs one of their customers. Sort of.

http://groups.google.com/group/alt.privacy.anon-server/msg/558546787dbea60b?dmode=source

Privacy.LIE fails to ID yet another Tor node, about a week later.

http://groups.google.com/group/alt.privacy/msg/ea548e09d2de8558?dmode=source

http://groups.google.com/group/alt.privacy/msg/31fc61d49f980a06?dmode=source

http://groups.google.com/group/alt.privacy/msg/4dc7f83685450adb?dmode=source

Privacy.LIE's "security" is exposed.

http://groups.google.com/group/alt.privacy/browse_thread/thread/b79bfb855c3cdf10/570b6341770f8a78

http://groups.google.com/group/alt.privacy/msg/c61ababa5bf5f746?dmode=source

Privacy.LIE "fixes" their security issues.

http://groups.google.com/group/alt.privacy/browse_thread/thread/357ace4cfc6fe976/56cd101c25c5830b

The world's most recognized security expert dissects Privacy.LIE,

http://www.schneier.com/blog/archives/2005/07/the_doghouse_pr.html

Privacy.LIE engages in nymhopping to defend themselves.

http://www.homelandstupidity.us/2005/07/09/privacyli-not-to-be-trusted/

Historical Privacy.LIE theft.

http://www.appleby.net/privacy.html

Privacy.LIE theft today.

http://forums.truecrypt.org/viewtopic.php?t=5893

http://www.wilderssecurity.com/showthread.php?p=981542

More informative Privacy.LIE links

http://www.maildropnet.com/scams.htm

http://www.appleby.net/netscam/currentscam.html

http://www.ptshamrock.com/shame.htm

http://www.privacyworld.com/scams.htm

http://www.gatago.com/alt/privacy/5568908.html

http://archive.mail-list.com/privacyworld/msg00212.html

http://www.newsbackup.com/about1061381.html

http://www.hyipdiscussion.com/due-diligence/7805-venture-resources-group-interesting.html

http://www.velocityreviews.com/forums/t366184-securstar-pimping-for-privacylie.html

http://www.privacy-consultants.com/ and then...
http://www.appleby.net/netscam/FPCscam.html

Dr. §¤¤§

unread,
Jun 29, 2007, 8:19:46 PM6/29/07
to
"Anonymous" <m...@awxcnx.de> wrote in message
news:06b985c967b3adb7...@awxcnx.de...

> If anyone has any doubts about this at all I have a private email exchange
> with Steve where he tried to convince me that he could make the Tor
> network work so much faster because all his alleged "secret" servers were
> located in the same data centers as "Tor backbone servers". When I pointed
> out there's no such thing as "Tor backbone servers" he tried to pass off
> directory servers as some sort of high speed Tor nodes, flip flopped to
> just "fast nodes", and then called me a 17 year old kid living in France.
>
> I admit I was talking down a bit to see how he would respond, but I fail
> to see why he thinks being French is some sort of insult....??
>
> I'm also waiting to see if he makes the same mistakes another well known
> anonymity service just made. ;-)

It'd be nice if he operated like Christian does with OmniMix... he asks for
input, and actually makes substantive changes based upon that input. I think
Christian is building a great program, as well as the trust that will make
the program widely adopted.

I can understand that sometimes it's hard to be nice to a person who's
talking down to you, but if you're running a business, keeping your cool and
holding your tongue (as it were) while allowing people to vent goes a long
way toward smoothing over any rough spots.

So, his quip about you being an adolescent French citizen probably was a big
mistake.

There's a time to be nice, and there's a time to crack someone upside the
head... knowing which is which is very important.


George Orwell

unread,
Jun 29, 2007, 9:59:22 PM6/29/07
to
traveller 66 wrote:

Looking for some new raw material to carve pedofuck sock puppets from
now that you've destroyed the old ones with your stupidity are you?

http://groups.google.com/group/alt.privacy/msg/67741086f2ff3eb4

"Yeah, I've forgotten to change nics on my Xnews."

ROTFL!

Message has been deleted

Dr. §¤¤§

unread,
Jun 30, 2007, 10:50:25 AM6/30/07
to
"Anonymous" <cri...@ecn.org> wrote in message
news:4ce8b84e31d1af2a...@ecn.org...

>> It'd be nice if he operated like Christian does with OmniMix... he asks
>> for
>> input, and actually makes substantive changes based upon that input. I
>> think
>> Christian is building a great program, as well as the trust that will
>> make
>> the program widely adopted.
>
> Unlikely. No source code, no trust.

Yabbut, there are other ways to determine if a program is acting the way
it's supposed to (how many people can actually parse through the source code
and determine what it does, anyway?)... you can run a local proxy and funnel
all connections through that to watch all connections and log where
everything's connecting to, you can set up your router to report all the
connections to your machine, etc. And, you can strip system permissions from
it so it can't really damage your system if it happens to obtain a nasty.

So far, I've not noticed anything untoward happening with OmniMix.

Although it would be nice if it were open source... the coding I've done, I
kept closed source until I got the code perfected (mainly because I was a
bit embarrassed about the state of the code), but opened it up once it was
working the way I wanted and the code was cleaned up.

Christian understands that to gain trust, he's got to open-source it. Give
it time. Until then, rely upon the fact that he's dealt squarely with us,
he's taking suggestions and bug reports, and he's actively working to
perfect the program... all without an attitude. That's a big factor in my
book.

Plus, once it's open-source, there could be a lot more people working on it
to extend it in ways Christian probably hasn't even dreamed of (anonymous
VOIP, anyone?).

Myself, I don't worry so much about being locked-down anonymous... I've
already been 'outed' (my picture, email address, work address, home address,
telephone number, etc. published to usenet) by a kook years ago... it just
served to amuse me and earn that kook some awards. My contact information
has since changed, so I'm not 'jumping at the chance' to have it published
again, though.

But, I'm willing to run OmniMix... it works well, is easy to use and does
exactly what I need it to do... namely: allow me to poke kooks with pointy
sticks while remaining anonymous.

It's a hobby, don'tcha know.


Borked Pseudo Mailed

unread,
Jun 30, 2007, 12:31:55 PM6/30/07
to
Dr. §¤¤§ wrote:

> "Anonymous" <cri...@ecn.org> wrote in message
> news:4ce8b84e31d1af2a...@ecn.org...
>>> It'd be nice if he operated like Christian does with OmniMix... he asks
>>> for
>>> input, and actually makes substantive changes based upon that input. I
>>> think
>>> Christian is building a great program, as well as the trust that will
>>> make
>>> the program widely adopted.
>>
>> Unlikely. No source code, no trust.
>
> Yabbut, there are other ways to determine if a program is acting the way
> it's supposed to (how many people can actually parse through the source code
> and determine what it does, anyway?)... you can run a local proxy and

One person reviewing source is infinitely better than zero people reviewing
source. It has absolutely nothing at all to do with "how many" or the
tired old red herring about each individual reviewing their own copy.

Peer review DOES work. The last three serious bugs in GnuPG were found by
third parties, just to offer one in a list of so many real life examples
I'm surprised there's anyone left with the lack of self respect it takes
to argue against OSS being anything but an advantage.

There's no penalty to releasing source code. It doesn't weaken security in
any way, it only enhances it.

There's only two reasons an author of this type of software would refuse
to release source. They're either hiding something, be it intentionally
evil or otherwise, or they're not confident enough in their own coding
skills to display them for public scrutiny.

Christian is obviously the latter, he's plainly stated so. And from the
evidence presented here he's possibly also one of the the former.

> funnel all connections through that to watch all connections and log
> where everything's connecting to, you can set up your router to report
> all the connections to your machine, etc. And, you can strip system
> permissions from it so it can't really damage your system if it happens
> to obtain a nasty.

Why would you assume the only bad things a program might do will be
observable on the wire? That would be the most useless way for an actual
attacker to code in a "back door" for a couple of reasons. It would be
easy to spot for one, and it would require the attacker to monitor those
connections. Activity that's also easy to spot. It's also one of the most
unlikely accidental problems a programmer might code into a piece of
software. It's pretty hard to "mistakenly" code TCP connections to
arbitrary destinations. In fact I'd say it's next to impossible without
completely breaking the software.

A far more likely scenario is something that nobody would be able to see
by observation like an error in the steps used to encrypt a message or
some sort of subtle "pattern" being injected into the messages themselves
which compromises anonymity. Or even a conceptual flaw like improperly
using other software in ways that diminish their effectiveness.

> It's a hobby, don'tcha know.

I'm tempted to scream "SHUT UP EELBASH!" here. ;)

As has been pointed out, this "hobby" has a serious impact on some people
and in some corners of the world. Your "hobby" is another (wo)man's life
or death situation.

Dr. §¤¤§

unread,
Jun 30, 2007, 1:38:01 PM6/30/07
to
"Borked Pseudo Mailed" <nob...@pseudo.borked.net> wrote in message
news:b567c8549784a2cf...@pseudo.borked.net...

> Peer review DOES work. The last three serious bugs in GnuPG were found by
> third parties, just to offer one in a list of so many real life examples
> I'm surprised there's anyone left with the lack of self respect it takes
> to argue against OSS being anything but an advantage.

Oh, I'm not arguing against OSS being anything but an advantage... I'm just
saying that we should let Christian get his code cleaned up and
presentable... I know I'd hate for anyone to see my initial spaghetti code
before it's cleaned up.

He seems sincere in his desire to help... I guess it's just my basic
weakness to trust people who seem sincere, but I can't seem to become so
jaded that I don't trust *anybody*.


> Christian is obviously the latter, he's plainly stated so. And from the
> evidence presented here he's possibly also one of the the former.

?? You'll have to show that to me, I haven't seen it.


> A far more likely scenario is something that nobody would be able to see
> by observation like an error in the steps used to encrypt a message or
> some sort of subtle "pattern" being injected into the messages themselves
> which compromises anonymity. Or even a conceptual flaw like improperly
> using other software in ways that diminish their effectiveness.

Ah, yes. I see your point. It'd be kind of hard to modify the headers or the
body without anyone picking up on it, I'd think, but I could definitely
envision some sort of fiddling with the encryption to make it easier to
decrypt en-route.


>> It's a hobby, don'tcha know.
>
> I'm tempted to scream "SHUT UP EELBASH!" here. ;)

Heh. No, the kook / pointy stick thing is the hobby. My alter-ego allows me
more fun than I could ever have in real life. I know, I know... I have no
life. Meh, what can one do, right?


> As has been pointed out, this "hobby" has a serious impact on some people
> and in some corners of the world. Your "hobby" is another (wo)man's life
> or death situation.

Yeah, I understand that... fortunately for me, I live in a (relatively) free
country.


traveller 66

unread,
Jun 30, 2007, 3:00:45 PM6/30/07
to

No you have, and you really do need professional help.

Dr. §¤¤§

unread,
Jun 30, 2007, 2:33:29 PM6/30/07
to
"traveller 66" <nor...@nym.alias.net> wrote in message
news:1hs01bo9ce6s3.1qcnlzr1lq1tx$.dlg@40tude.net...

> No you have, and you really do need professional help.

Weak. You sound whipped... are you?


Anonymous

unread,
Jun 30, 2007, 2:47:10 PM6/30/07
to
Dr. §¤¤§ wrote:

> "Borked Pseudo Mailed" <nob...@pseudo.borked.net> wrote in message
> news:b567c8549784a2cf...@pseudo.borked.net...
>> Peer review DOES work. The last three serious bugs in GnuPG were found by
>> third parties, just to offer one in a list of so many real life examples
>> I'm surprised there's anyone left with the lack of self respect it takes
>> to argue against OSS being anything but an advantage.
>
> Oh, I'm not arguing against OSS being anything but an advantage... I'm just
> saying that we should let Christian get his code cleaned up and
> presentable... I know I'd hate for anyone to see my initial spaghetti code
> before it's cleaned up.

His code should be cleaned up and presentable before he ever releases the
software. Sloppy code means buggy programs, and we've already seen real
life examples of that from OM. Glaring examples like the misplaced hash
header (?) bug of late.

If it's not ready for peer review it certainly isn't ready for production.
That's even worse than simply not releasing source because you don't care
to, or honestly believe it's some sort of risk. If you're releasing
software compiled from code you know is so substandard you don't want
anyone else to see it you're doing something very wrong.

> He seems sincere in his desire to help... I guess it's just my basic
> weakness to trust people who seem sincere, but I can't seem to become so
> jaded that I don't trust *anybody*.

I agree, he seems sincere. So does Steve Topletz, but both of them are
still missing the mark by miles in some pretty major ways.

>> Christian is obviously the latter, he's plainly stated so. And from the
>> evidence presented here he's possibly also one of the the former.
>
> ?? You'll have to show that to me, I haven't seen it.

His own confessions regarding his coding practices are known, even if the
endless repeating of the "as soon as I get it cleaned up" excuse weren't
enough. It doesn't take that long to clean up working code. If it does,
the code is broken by the very definition of the term.

>> A far more likely scenario is something that nobody would be able to see
>> by observation like an error in the steps used to encrypt a message or
>> some sort of subtle "pattern" being injected into the messages themselves
>> which compromises anonymity. Or even a conceptual flaw like improperly
>> using other software in ways that diminish their effectiveness.
>
> Ah, yes. I see your point. It'd be kind of hard to modify the headers or the
> body without anyone picking up on it, I'd think, but I could definitely
> envision some sort of fiddling with the encryption to make it easier to
> decrypt en-route.

Or break the encryption entirely. Or misrepresent what chains are used to
redirect everything to an evil node or nodes, and then "remix" to another
legit node to give an appearance of propriety. Or manage headers in such a
way that certain sequences are known or predictable according to some
unique feature of a particular installation. Or.... I can think of
probably a hundred ways to partially or fully compromise the remailer
network without making it as easy to spot as "phoning home".

>>> It's a hobby, don'tcha know.
>>
>> I'm tempted to scream "SHUT UP EELBASH!" here. ;)
>
> Heh. No, the kook / pointy stick thing is the hobby. My alter-ego allows me
> more fun than I could ever have in real life. I know, I know... I have no
> life. Meh, what can one do, right?

Ahhhh... gotcha. ;)

>> As has been pointed out, this "hobby" has a serious impact on some
>> people and in some corners of the world. Your "hobby" is another
>> (wo)man's life or death situation.
>
> Yeah, I understand that... fortunately for me, I live in a (relatively)
> free country.

Is there really any such place left on this planet? That isn't a small
tropical island nobody really cares about because it so remote it's
useless? ;)

Anonymous

unread,
Jun 30, 2007, 4:27:36 PM6/30/07
to
travellerpuppet #66 A.K.A. Georg "Slimeball" Adem wrote:

> need professional help.

Yes you do...

http://groups.google.com/group/alt.privacy/msg/21d4c408a0409dc5

"No babies in my posts. Young and adolescent girls showing off for the
camera knowing exactly what they're doing are not babies."

http://groups.google.com/group/alt.privacy/msg/a02efcc71c44c767

"most know my prefered age for pics to view are budding 12 - 14 year olds."

You're a sick, putrid excuse for human life. The lowest form of shit.
The professional help you deserve is a slow death at the hands of a highly
skilled marksman. Knees first, then go to work on the shoulders
and elbows. Maybe an ear. Then when you've started confessing your sins
and begging for that telling shot to the head, you should be left to bleed
out in agony.

Message has been deleted

Anonymous

unread,
Jun 30, 2007, 3:55:37 PM6/30/07
to
traveller 66 wrote:

..nothing of any value

Anonymous Sender

unread,
Jun 30, 2007, 5:45:03 PM6/30/07
to
Anonymous wrote:

I like Charlie Daniels' solution...

"Just take them rascals out in the swamp,
putt'm on their knees and tie'm to a stump,
and let the rattlers and the bugs and alligators do the rest."

Why waste expensive bullets? ;-)

Anonymous Sender

unread,
Jun 30, 2007, 5:50:12 PM6/30/07
to
rover wrote:

> -----BEGIN PGP MESSAGE-----

Look everyone, I cracked PGP! ;-)

<cut>


On Sat, 30 Jun 2007, "Dr. §¤¤§" <§¤¤§@dodgeit.com> wrote:
>"Anonymous" <cri...@ecn.org> wrote in message
>news:4ce8b84e31d1af2a...@ecn.org...
>>> It'd be nice if he operated like Christian does with OmniMix... he asks
>>> for
>>> input, and actually makes substantive changes based upon that input. I
>>> think
>>> Christian is building a great program, as well as the trust that will
>>> make
>>> the program widely adopted.
>>
>> Unlikely. No source code, no trust.
>
>Yabbut, there are other ways to determine if a program is acting the way
>it's supposed to (how many people can actually parse through the source code
>and determine what it does, anyway?)...

I can. It used to be part of my job.

<SNIP>


>
>But, I'm willing to run OmniMix... it works well, is easy to use and does
>exactly what I need it to do... namely: allow me to poke kooks with pointy
>sticks while remaining anonymous.
>

>It's a hobby, don'tcha know.

Trolling is a hobby?
</cut>


Anonymous

unread,
Jun 30, 2007, 6:04:51 PM6/30/07
to
rover wrote:

<snip ASCII armored message>

Maybe you should try clearsigning instead?

Anonymous Sender

unread,
Jun 30, 2007, 6:10:55 PM6/30/07
to
Dr. §¤¤§ wrote:

Bet he says no. ;)

Dr. §¤¤§

unread,
Jun 30, 2007, 8:15:28 PM6/30/07
to
"Anonymous Sender" <anon...@remailer.metacolo.com> wrote in message
news:f44ddaba4848f136...@remailer.metacolo.com...

> Trolling is a hobby?

Well, I was thinking of turning it into a livelihood... if you payerz me 5
Quatloos, I won't torll you.

:-)


George Orwell

unread,
Jul 1, 2007, 10:00:09 AM7/1/07
to
>His code should be cleaned up and presentable before he ever releases the
>software. Sloppy code means buggy programs, and we've already seen real
>life examples of that from OM. Glaring examples like the misplaced hash
>header (?) bug of late.
>
>If it's not ready for peer review it certainly isn't ready for production.
>That's even worse than simply not releasing source because you don't care
>to, or honestly believe it's some sort of risk. If you're releasing
>software compiled from code you know is so substandard you don't want
>anyone else to see it you're doing something very wrong.

If Mixmaster had followed the same strategy of logging everything it
does, we wouldn't have this discussion. OmniMix hands over raw data
to Mixmaster, which processes them and returns the result. With each
step (client -> OmniMix -> Mixmaster -> OmniMix -> SMTP server)
checking the few lines of transmitted data at both ends and finding
out any irregularity would be a solvable task even for an elementary
pupil. No need to interpret thousands of lines of source code.

Bear in mind, it took more than half a year for the community to
stumble on the '##' problem, though OmniMix offered all the data
necessary to figure it out and each header literally yelled out
'X-Invalid: ##'. But nobody cared. Nobody went to the trouble of
reading so much as the logs presented. Whom then do you expect to
read the Delphi sources and find the crucial bug or back door you
expect? And I've no idea which TCP/IP protocol manipulation one can
have in mind that isn't overcome at least at the second remailer.

That's why in my opinion your words are nothing but hypocritical
blather and pomposity.

>Or break the encryption entirely. Or misrepresent what chains are used to
>redirect everything to an evil node or nodes, and then "remix" to another
>legit node to give an appearance of propriety. Or manage headers in such a
>way that certain sequences are known or predictable according to some
>unique feature of a particular installation. Or.... I can think of
>probably a hundred ways to partially or fully compromise the remailer
>network without making it as easy to spot as "phoning home".

That's exactly what only Mixmaster itself would be capable of. But
for years now nobody cares about where the Disastry files actually
came from and everyone relies on the source code presented belonging
to the application executed by all QuickSilver and OmniMix users day
in, day out. That's where I see the real threat. Add some file
logging facility of its in- and output, rebuild it and you end up with
a system transparent for review from the client software over to the
entry remailer. And by review I don't mean review just by the
fictious software expert you hope to do the job of rummaging through
the code, but review by every user herself without taking up a great
deal of time. That's the security I'd like to have.

Rango

Anonymous

unread,
Jul 1, 2007, 1:34:20 PM7/1/07
to
George Orwell wrote:

>>His code should be cleaned up and presentable before he ever releases the
>>software. Sloppy code means buggy programs, and we've already seen real
>>life examples of that from OM. Glaring examples like the misplaced hash
>>header (?) bug of late.
>>
>>If it's not ready for peer review it certainly isn't ready for production.
>>That's even worse than simply not releasing source because you don't care
>>to, or honestly believe it's some sort of risk. If you're releasing
>>software compiled from code you know is so substandard you don't want
>>anyone else to see it you're doing something very wrong.
>
> If Mixmaster had followed the same strategy of logging everything it
> does, we wouldn't have this discussion. OmniMix hands over raw data
> to Mixmaster, which processes them and returns the result. With each
> step (client -> OmniMix -> Mixmaster -> OmniMix -> SMTP server)
> checking the few lines of transmitted data at both ends and finding
> out any irregularity would be a solvable task even for an elementary
> pupil. No need to interpret thousands of lines of source code.

Utter nonsense. there's uncountable subtle and not so subtle things OM
could do to partition and out users that you'd never be able to spot.
Remember that OM determineds what chains are built. Also remember that
BY DESIGN OM builds very weak chains.

> Bear in mind, it took more than half a year for the community to
> stumble on the '##' problem, though OmniMix offered all the data
> necessary to figure it out and each header literally yelled out
> 'X-Invalid: ##'. But nobody cared. Nobody went to the trouble of

In your mind nobody cared. In reality some of us knew about X-Invalid but
kept the information to ourselves. Some of us know about other things OM
and other clients do too, but wont tell because that information is an
advantage when dealing with trolls like you. And now that the cat is out
of the bag anyon co go back through messages retrospectively and pick out
certain OM messages, discover patterns, etc. So EVERYBODY should care.

> reading so much as the logs presented. Whom then do you expect to
> read the Delphi sources and find the crucial bug or back door you
> expect? And I've no idea which TCP/IP protocol manipulation one can
> have in mind that isn't overcome at least at the second remailer.
>
> That's why in my opinion your words are nothing but hypocritical
> blather and pomposity.

Your opinion on the issue is meaningless because you're not bright
enough to understand a mail client that uses mixmaster to encrypt
messages can defeat mixmaster. Take this stupidity for example:

>>Or break the encryption entirely. Or misrepresent what chains are used to
>>redirect everything to an evil node or nodes, and then "remix" to another
>>legit node to give an appearance of propriety. Or manage headers in such a
>>way that certain sequences are known or predictable according to some
>>unique feature of a particular installation. Or.... I can think of
>>probably a hundred ways to partially or fully compromise the remailer
>>network without making it as easy to spot as "phoning home".
>
> That's exactly what only Mixmaster itself would be capable of. But

Idiot. One more time for our slower readers: OMNIMIX IS IN TOTAL CONTROL
OF WHICH CHAINS ARE BUILT. <sheesh!> We just HAD this discussion and even
Christian agreed that sending every copy of every message to a single
remailer was a problem.

And how do you know for a fact OM actually uses mixmaster to encrypt?

You don't.


> for years now nobody cares about where the Disastry files actually
> came from and everyone relies on the source code presented belonging
> to the application executed by all QuickSilver and OmniMix users day
> in, day out. That's where I see the real threat. Add some file

You really are an idiot. Not only has mixmaster progressed beyond the
Disastry days, the source code is compiled into an executable that's easy
to verify. When you're done making a fool of yourself you may want to stop
by the Sourceforge download page. f you're wide awake and at your best you
MIGHT just figure out that those .sig downloads have something to do with
file integrity.

> logging facility of its in- and output, rebuild it and you end up with
> a system transparent for review from the client software over to the
> entry remailer. And by review I don't mean review just by the
> fictious software expert you hope to do the job of rummaging through
> the code, but review by every user herself without taking up a great
> deal of time. That's the security I'd like to have.

You're beyond dumb. You have absolutely no clue what you're talking about.

>
> Rango

George Orwell

unread,
Jul 1, 2007, 3:18:58 PM7/1/07
to
George Orwell wrote:

>>His code should be cleaned up and presentable before he ever releases the
>>software. Sloppy code means buggy programs, and we've already seen real
>>life examples of that from OM. Glaring examples like the misplaced hash
>>header (?) bug of late.
>>
>>If it's not ready for peer review it certainly isn't ready for production.
>>That's even worse than simply not releasing source because you don't care
>>to, or honestly believe it's some sort of risk. If you're releasing
>>software compiled from code you know is so substandard you don't want
>>anyone else to see it you're doing something very wrong.
>
> If Mixmaster had followed the same strategy of logging everything it
> does, we wouldn't have this discussion. OmniMix hands over raw data
> to Mixmaster, which processes them and returns the result. With each
> step (client -> OmniMix -> Mixmaster -> OmniMix -> SMTP server)
> checking the few lines of transmitted data at both ends and finding
> out any irregularity would be a solvable task even for an elementary
> pupil. No need to interpret thousands of lines of source code.

Nonsense. The simple fact your missing is that OmniMix had direct control
over much of what Mixmaster does, and we have no way of knowing if
Mixmaster is even being called properly to begin with.

>
> Bear in mind, it took more than half a year for the community to
> stumble on the '##' problem, though OmniMix offered all the data
> necessary to figure it out and each header literally yelled out
> 'X-Invalid: ##'. But nobody cared. Nobody went to the trouble of

Nobody "cared" because there's been exactly *four* messages (in these
groups anyway) over the last year and a half or so that had this problem.
So it's either an intermittent bug, or nobody is using OmniMix anyway.

Here's the message ID's if you want to look them up:

DLQBIO653919...@anonymous.poster
54dee331cd111e60...@pseudo.borked.net
65880f7c86992339...@pseudo.borked.net
3da6b6f78da54703...@remailer.cyberiade.it

It's ironic, but what we actually have here is a sterling example of why
software authors *should* release source code. Even the astoundingly low
numbers of occurrences of this particular bug were eventually spotted,
and now everyone has another tool to partition OmniMix users. Combined
with the "evil node controlling all your traffic" problem we just got
through batting about and a good set of logs, what you end up with is the
potential for someone being outed. We now have four messages that appeared
in a certain venue at certain times, and know that they were sent by a
program that might circumvent Mixmaster's built in random node selection.
If someone had logged incoming traffic at the node OmniMix was configured
to use as it's entry that person would be owned big time right now.

Peer review targets these sort of problems a lot more than it targets huge
glaring problems. The big stuff is usually easy to spot. It's these subtle
or intermittent problems that can be squashed before the fact using open
source.

> reading so much as the logs presented. Whom then do you expect to
> read the Delphi sources and find the crucial bug or back door you
> expect? And I've no idea which TCP/IP protocol manipulation one can
> have in mind that isn't overcome at least at the second remailer.

I'll review it if it's Delphi. Or C/C++ for that matter. I've been coding
those languages for years. So will a lot of other people I suspect,
whether you hear about it or not. That's the thing about OSS, you never
know it's working until it actually works. ;)

Who said anything about TCP/IP protocol manipulation, by the way? What are
you talking about?



> That's why in my opinion your words are nothing but hypocritical blather
> and pomposity.

Your opinion is apparently forged out of ignorance of fact and some sort
of "attachemnt" to OmniMix. One or both is clouding your vision and
causing you to miss the big picture.

>
>>Or break the encryption entirely. Or misrepresent what chains are used to
>>redirect everything to an evil node or nodes, and then "remix" to another
>>legit node to give an appearance of propriety. Or manage headers in such a
>>way that certain sequences are known or predictable according to some
>>unique feature of a particular installation. Or.... I can think of
>>probably a hundred ways to partially or fully compromise the remailer
>>network without making it as easy to spot as "phoning home".
>
> That's exactly what only Mixmaster itself would be capable of. But
> for years now nobody cares about where the Disastry files actually

Ummmmmm.... you do realize that Mixmaster is developed and maintained by a
smallish group of people and not one person, right? That it's also
"changed hands" so to speak, and that the compiled binaries are signed by
one of those developers. correct?

For Mixmaster to be compromised there would either have to be a decades
long conspiracy that involved dozens of people (not counting anyone who
may have managed to compile a Windows binary using the same tools the
developers used and checked it against the published version), or someone
has cracked PGP/GnuPG.

The only chance you have of running an evil copy of Mixmaster is if you're
too lackadaisical to check signatures. Beyond that you're into the tin foil
crap. OmniMix on the other hand, is under sole control of an individual
who so far refuses to subject his work to peer review. It's exactly a
50/50 shot whether your copy is broken/cracked/compromised, or not.

Non scrivetemi

unread,
Jul 1, 2007, 4:02:13 PM7/1/07
to
Anonymous,

> His own confessions regarding his coding practices are known, even if the
> endless repeating of the "as soon as I get it cleaned up" excuse weren't
> enough.

please tell me a couple of message ids concerning those endless
repetitions. It seems that I'm stuck here.
.

Anonymous Sender

unread,
Jul 1, 2007, 5:40:03 PM7/1/07
to

I have to tell you there is no officiale 32-bit Mixmaster binary for
windows. Only JBN uses the 16-bit version you speak of, QS takes a
32-bit compilation coming from one single person, name is disastry.

Anonymous Sender

unread,
Jul 1, 2007, 6:40:08 PM7/1/07
to
>Utter nonsense. there's uncountable subtle and not so subtle things OM
>could do to partition and out users that you'd never be able to spot.
>Remember that OM determineds what chains are built. Also remember that
>BY DESIGN OM builds very weak chains.

Not at all. It's not OM which specifies the chain, it's the user who
has total control of it. If you set up OM to build a chain of random
remailers then it keeps to it.

>> Bear in mind, it took more than half a year for the community to
>> stumble on the '##' problem, though OmniMix offered all the data
>> necessary to figure it out and each header literally yelled out
>> 'X-Invalid: ##'. But nobody cared. Nobody went to the trouble of
>
>In your mind nobody cared. In reality some of us knew about X-Invalid but
>kept the information to ourselves. Some of us know about other things OM
>and other clients do too, but wont tell because that information is an
>advantage when dealing with trolls like you.

'Some of us'? If I understand you rightly you yourself were not the
one, but you're imagining being part of that ominous superior clique.
That's amusing. Please give us one single example of your other little
secrets. Only one unknown point of attack would suffice for your
rehabilitation. Come on! Ask your knowledgeable friends.

>Your opinion on the issue is meaningless because you're not bright
>enough to understand a mail client that uses mixmaster to encrypt
>messages can defeat mixmaster. Take this stupidity for example:
>
>>>Or break the encryption entirely. Or misrepresent what chains are used to
>>>redirect everything to an evil node or nodes, and then "remix" to another
>>>legit node to give an appearance of propriety. Or manage headers in such a
>>>way that certain sequences are known or predictable according to some
>>>unique feature of a particular installation. Or.... I can think of
>>>probably a hundred ways to partially or fully compromise the remailer
>>>network without making it as easy to spot as "phoning home".

Have you forgotten who wrote those 7 lines of stupidity?

>> That's exactly what only Mixmaster itself would be capable of. But
>
>Idiot. One more time for our slower readers: OMNIMIX IS IN TOTAL CONTROL
>OF WHICH CHAINS ARE BUILT. <sheesh!> We just HAD this discussion and even
>Christian agreed that sending every copy of every message to a single
>remailer was a problem.

'every copy of every message to a single remailer'? That makes no
sense. You seem to be confused. What Christian said more than once
was that sending MM packets of one single message _directly_ to the
SMTP servers of _different_ entry remailers isn't supported by
OmniMix, of which anyway only a few exist. And the number of
accessible servers diminishes further if Tor with its port 25
restrictions gets involved. With even the slightest understanding of
OM's SMTP strategy you would realize that it goes far beyond what
QuickSilver has to offer.

>And how do you know for a fact OM actually uses mixmaster to encrypt?
>
>You don't.

That's exactly why I suggested the logging of Mixmaster's I/O.
Comprende?

>> for years now nobody cares about where the Disastry files actually
>> came from and everyone relies on the source code presented belonging
>> to the application executed by all QuickSilver and OmniMix users day
>> in, day out. That's where I see the real threat. Add some file
>
>You really are an idiot. Not only has mixmaster progressed beyond the
>Disastry days, the source code is compiled into an executable that's easy
>to verify. When you're done making a fool of yourself you may want to stop
>by the Sourceforge download page. f you're wide awake and at your best you
>MIGHT just figure out that those .sig downloads have something to do with
>file integrity.

Please get an insight before babbling nonsense! For years now
QuickSilver uses the 32 Bit 2.9 Disastry build. Christian himself
tried to use the Sourceforge 16 Bit Mixmaster 2.0.4 in earlier OM
versions before he finally replaced it by MM 2.9 - you remember, that
was, due to a different behavior of the two MM versions, the
introduction of the '##' problem, which your superior clique of course
immediately noticed, but you obviously in the meantime have forgotten.
Read MID <R3AUEABW3902...@anonymous.poster> if you can't
believe it.

>> logging facility of its in- and output, rebuild it and you end up with
>> a system transparent for review from the client software over to the
>> entry remailer. And by review I don't mean review just by the
>> fictious software expert you hope to do the job of rummaging through
>> the code, but review by every user herself without taking up a great
>> deal of time. That's the security I'd like to have.
>
>You're beyond dumb. You have absolutely no clue what you're talking about.

But you do. If the assessment of software really 'used to be part of
[your] job', then it must have been a long time ago, Mr. Dementius.

Rango

Message has been deleted

Non scrivetemi

unread,
Jul 1, 2007, 10:44:12 PM7/1/07
to
>Nobody "cared" because there's been exactly *four* messages (in these
>groups anyway) over the last year and a half or so that had this problem.
>So it's either an intermittent bug, or nobody is using OmniMix anyway.

Why guesswork? A few hours ago you claimed to know everything about
OmniMix and its flaws. It seems you're not up to much.

>It's ironic, but what we actually have here is a sterling example of why
>software authors *should* release source code. Even the astoundingly low
>numbers of occurrences of this particular bug were eventually spotted,
>and now everyone has another tool to partition OmniMix users. Combined
>with the "evil node controlling all your traffic" problem we just got
>through batting about and a good set of logs, what you end up with is the
>potential for someone being outed. We now have four messages that appeared
>in a certain venue at certain times, and know that they were sent by a
>program that might circumvent Mixmaster's built in random node selection.
>If someone had logged incoming traffic at the node OmniMix was configured
>to use as it's entry that person would be owned big time right now.
>
>Peer review targets these sort of problems a lot more than it targets huge
>glaring problems. The big stuff is usually easy to spot. It's these subtle
>or intermittent problems that can be squashed before the fact using open
>source.
>
>> reading so much as the logs presented. Whom then do you expect to
>> read the Delphi sources and find the crucial bug or back door you
>> expect? And I've no idea which TCP/IP protocol manipulation one can
>> have in mind that isn't overcome at least at the second remailer.
>
>I'll review it if it's Delphi. Or C/C++ for that matter. I've been coding
>those languages for years. So will a lot of other people I suspect,
>whether you hear about it or not. That's the thing about OSS, you never
>know it's working until it actually works. ;)

So let me summarize what you wrote up to now:

You said there are experts out there to scrutinize the source code.
Then you told us you're member of a group of people who don't care
about uncovering flaws in anonymity software but use them to their own
advantage. And now you offer your services as one of those experts to
review OmniMix. No, thanks, Troll! That's exactly why I demand log
files to make my own independent decisions, which is what you
disregard fluently, and now we all know why.

>Who said anything about TCP/IP protocol manipulation, by the way? What are
>you talking about?
>
>> That's why in my opinion your words are nothing but hypocritical blather
>> and pomposity.
>
>Your opinion is apparently forged out of ignorance of fact and some sort
>of "attachemnt" to OmniMix. One or both is clouding your vision and
>causing you to miss the big picture.

Read about discernment and you'll know.

>>>Or break the encryption entirely. Or misrepresent what chains are used to
>>>redirect everything to an evil node or nodes, and then "remix" to another
>>>legit node to give an appearance of propriety. Or manage headers in such a
>>>way that certain sequences are known or predictable according to some
>>>unique feature of a particular installation. Or.... I can think of
>>>probably a hundred ways to partially or fully compromise the remailer
>>>network without making it as easy to spot as "phoning home".
>>
>> That's exactly what only Mixmaster itself would be capable of. But
>> for years now nobody cares about where the Disastry files actually
>
>Ummmmmm.... you do realize that Mixmaster is developed and maintained by a
>smallish group of people and not one person, right? That it's also
>"changed hands" so to speak, and that the compiled binaries are signed by
>one of those developers. correct?
>
>For Mixmaster to be compromised there would either have to be a decades
>long conspiracy that involved dozens of people (not counting anyone who
>may have managed to compile a Windows binary using the same tools the
>developers used and checked it against the published version), or someone
>has cracked PGP/GnuPG.
>
>The only chance you have of running an evil copy of Mixmaster is if you're
>too lackadaisical to check signatures. Beyond that you're into the tin foil
>crap. OmniMix on the other hand, is under sole control of an individual
>who so far refuses to subject his work to peer review. It's exactly a
>50/50 shot whether your copy is broken/cracked/compromised, or not.

You're incredibly biassed. May I ask why you blame Christian and
don't even consider a joined guilt of the Mixmaster developers. Would
you call it a correct behavior that an anonymity software like
Mixmaster sends an encoded error note, and an 'X-Invalid: ...' header
is nothing else, to the recipient without even informing its user
about it? What a crazy idea? That's like a gun that shoots backwards
once you miss the target.

Rango
.


Nomen Nescio

unread,
Jul 2, 2007, 3:50:07 AM7/2/07
to
Common cyber you pedo fuck fess up, we all know your eggtard aren't
you? That's why you have to try to make someone else look like you
isn't it you sickopath

Borked Pseudo Mailed

unread,
Jul 2, 2007, 6:31:26 AM7/2/07
to
The headers don't match up, fuck off you lying trolls

Anonymous Sender

unread,
Jul 2, 2007, 1:10:12 PM7/2/07
to
Borked Pseudo Mailed wrote:

<FLUSH!>

____________________________________________________________
/\ \
\_| "Boy are you a moron. I'd use remailers for everything |
| and stay anonymous if I were going to be 2 people. Yeah, |
| I've forgotten to change nics on my Xnews. But I don't |
| use remailers. You're way off base as usual." |
| |
| --Eggplant AKA traveller 66 |
| _______________________________________________________|_
\_/_________________________________________________________/

Anonymous Sender

unread,
Jul 2, 2007, 2:30:00 PM7/2/07
to
Borked Pseudo Mailed wrote:

> The headers don't match up, fuck off you lying trolls

What headers would you be talking about? The headers from Message-ID
Xns98DF85604...@63.218.45.252, posted on 22 Feb 2007 at 21:57:02
GMT? The 36 line message in which you confessed to mixing up your pedofuck
sock puppet with your privacy.lie snake oil peddler sock puppet, with these
now immortal words that are archived forever at Google in spite of your
cowardly XNA header...

"Yeah, I've forgotten to change nics on my Xnews."

<snicker>

Borked Pseudo Mailed

unread,
Jul 2, 2007, 2:40:15 PM7/2/07
to
Nomen Nescio wrote:

From: "Eggplant©" <veget...@theguarden.com>
Message-ID: <Xns98DF85604...@63.218.45.252>
User-Agent: Xnews/5.03.24
Date: 22 Feb 2007 21:57:02 GMT
X-No-Archive: NOT ANY MORE LOL!!!

"Yeah, I've forgotten to change nics on my Xnews."

<laughing>

Anonymous

unread,
Jul 2, 2007, 2:15:13 PM7/2/07
to
Anonymous Remailer (austria) wrote:

> George Orwell <nob...@mixmaster.it> wrote:
>>
>> > Bear in mind, it took more than half a year for the community to
>> > stumble on the '##' problem, though OmniMix offered all the data
>> > necessary to figure it out and each header literally yelled out
>> > 'X-Invalid: ##'. But nobody cared. Nobody went to the trouble of
>>

>> Nobody "cared" because there's been exactly *four* messages (in these
>> groups anyway) over the last year and a half or so that had this problem.
>> So it's either an intermittent bug, or nobody is using OmniMix anyway.
>

> It wasn't an intermittent bug, it appeared in every omnimix post since
> the bug was introduced. You appear to be searching wrong as there have
> been a *lot* more than 4 posts. I just grepped my news spool and it
> brought back exactly 106 messages from apas that were posted with Omnimix
> and had the X-Invalid ## header. The bug seemed to appear starting from
> Omnimix 0.9.8.0 which was released back on 31st Oct 2006. Yikes.

I have 104 in my APAS spool. Perhaps the poster meant alt.privacy rather
than "these groups". I have four there.

And yikes is right. If you start examining those messages you very quickly
realize that someone was in fact "outed" by OM as posting under their real
name and an anonymous pseudonym. A rather amusing "out" if you care to
take the time to figure it out. And no, I won't post it here so don't
anyone bother asking.

> Its not good that you can partition every message posted by a client
> with one single grep command :(
>
> But yes, obviously omnimix has far fewer users than other clients
> which is why it is so important that it hides in the crowd of the
> other messages and doesn't stand out.
>
> I wonder what other security bugs Omnimix might have that aren't so
> obvious that they appear in plain text in every post.

We have an easy way of generating a data set to analyze. So get busy. <g>


Anonymous

unread,
Jul 2, 2007, 3:04:17 PM7/2/07
to
Anonymous Sender wrote:

>>Utter nonsense. there's uncountable subtle and not so subtle things OM
>>could do to partition and out users that you'd never be able to spot.
>>Remember that OM determineds what chains are built. Also remember that
>>BY DESIGN OM builds very weak chains.
>
> Not at all. It's not OM which specifies the chain, it's the user who
> has total control of it. If you set up OM to build a chain of random
> remailers then it keeps to it.

I think that's the point. OM's setup and what OM actually does might be
two different hings and you'd have no way to know. It could easily hook
stdout and present fake mixmaster output even. If it's programmatically
possible to do something, it's programmatically possible to undo it.

>>In your mind nobody cared. In reality some of us knew about X-Invalid but
>>kept the information to ourselves. Some of us know about other things OM
>>and other clients do too, but wont tell because that information is an
>>advantage when dealing with trolls like you.
>
> 'Some of us'? If I understand you rightly you yourself were not the
> one, but you're imagining being part of that ominous superior clique.

No, I knew about it too. So did the poster who brought the problem into the
public light recently. So that's at least three people. You're bombast
aside, that qualifies as "we".

> That's amusing. Please give us one single example of your other little
> secrets. Only one unknown point of attack would suffice for your
> rehabilitation. Come on! Ask your knowledgeable friends.

There's one poster here who tries to be many people, but *always* posts
with headers in a certain order (reorders them), and adds exactly one
extra blank line to the end of every single post. That poster is easy to
spot, and has posted under a real name.

>>Your opinion on the issue is meaningless because you're not bright
>>enough to understand a mail client that uses mixmaster to encrypt
>>messages can defeat mixmaster. Take this stupidity for example:
>>
>>>>Or break the encryption entirely. Or misrepresent what chains are used to
>>>>redirect everything to an evil node or nodes, and then "remix" to another
>>>>legit node to give an appearance of propriety. Or manage headers in such a
>>>>way that certain sequences are known or predictable according to some
>>>>unique feature of a particular installation. Or.... I can think of
>>>>probably a hundred ways to partially or fully compromise the remailer
>>>>network without making it as easy to spot as "phoning home".
>
> Have you forgotten who wrote those 7 lines of stupidity?

Seems to me you're missing part of that quote.

How disingenuous of you. :(

>
>>> That's exactly what only Mixmaster itself would be capable of. But
>>
>>Idiot. One more time for our slower readers: OMNIMIX IS IN TOTAL CONTROL
>>OF WHICH CHAINS ARE BUILT. <sheesh!> We just HAD this discussion and even
>>Christian agreed that sending every copy of every message to a single
>>remailer was a problem.
>
> 'every copy of every message to a single remailer'? That makes no
> sense. You seem to be confused. What Christian said more than once
> was that sending MM packets of one single message _directly_ to the
> SMTP servers of _different_ entry remailers isn't supported by
> OmniMix, of which anyway only a few exist. And the number of

You really don't know how Mixmaster and/or OM work, do you?

When mixmaster generates messages it by default generates multiple copies
and sends each copy through the network using a unique chain, with a
unique entry node. It does this so that a single remailer operator
can't launch a latency attack against users. Building chains with a fixed
and consistent entry node like OM does defeats this. There's no longer
multiple copies of your message at all really, it's like you were sending
one copy. The entry node has total control over it. That node can delay
a message for days if it wants before sending it, and know exactly who
the author was when it finally appears out of sync and within a certain
time frame. They could know this with near certainty attacking a single
message. With a series of messages it becomes absolute knowledge.

> accessible servers diminishes further if Tor with its port 25
> restrictions gets involved. With even the slightest understanding of
> OM's SMTP strategy you would realize that it goes far beyond what
> QuickSilver has to offer.

No, OM is considerably less secure than QS on a level playing field. For
several reasons, not the least of which is it's lack of transparency.
Adding Tor to the equation as a counterbalance to some of the
obvious insecurity OM's design brings to the table doesn't change facts.

>>And how do you know for a fact OM actually uses mixmaster to encrypt?
>>
>>You don't.
>
> That's exactly why I suggested the logging of Mixmaster's I/O.
> Comprende?

Do you "comprende" how easy it is to redirect stdin and stdout? Never
heard of "piping" I take it? And you're completely oblivious to the fact
that programs simply "shut off" stdin/out/err all the time? That there's
standardized ways to do it using a line or two of code in every language
every conceived?

Never heard of a daemon, have you? ;)

>>You really are an idiot. Not only has mixmaster progressed beyond the
>>Disastry days, the source code is compiled into an executable that's easy
>>to verify. When you're done making a fool of yourself you may want to stop
>>by the Sourceforge download page. f you're wide awake and at your best you
>>MIGHT just figure out that those .sig downloads have something to do with
>>file integrity.
>
> Please get an insight before babbling nonsense! For years now
> QuickSilver uses the 32 Bit 2.9 Disastry build. Christian himself

I'd say that's another strike against OM. :(

> tried to use the Sourceforge 16 Bit Mixmaster 2.0.4 in earlier OM
> versions before he finally replaced it by MM 2.9 - you remember, that
> was, due to a different behavior of the two MM versions, the

I remember this very well. It was an easily solved "problem" that
Christian for some reason chose to address by using an outdated version of
mixmaster. I'm sorry to hear that hasn't been fixed yet. :(

> Read MID <R3AUEABW3902...@anonymous.poster> if you can't
> believe it.

You do realize Christian tattled on himself a bit in that post by claiming
the 32-bit version of mixmaster allowed chains/etc of any length, don't
you. :)


Anonymous

unread,
Jul 2, 2007, 6:00:58 PM7/2/07
to
In article <332905535e31848b...@ecn.org>

Anonymous <cri...@ecn.org> wrote:
>
>
> There's one poster here who tries to be many people, but *always* posts
> with headers in a certain order (reorders them), and adds exactly one
> extra blank line to the end of every single post. That poster is easy to
> spot, and has posted under a real name.

Hmm. I can't see what you're seeing. Reorders headers from what to what?
There are three headers which make it through unless one is adding unusual
ones - the Newsgroups, Subject, and References. My default QS template
sends them out in that order, so I'd really like to know what your take is
on what a "standard" order is because maybe I screwed around with the
template and got things out of whack. With one exception, the mail2news
gateways don't seem to reorder anything.
At any rate, I don't see anything in my messages which would distinguish me
except for my writing style, and that's probably because I know how I
write. Either way it doesn't make too much difference to me but you got me
curious. :)

Anonymous Sender

unread,
Jul 2, 2007, 8:46:30 PM7/2/07
to
In article <332905535e31848b...@ecn.org>
Anonymous <cri...@ecn.org> wrote:
>
> No, OM is considerably less secure than QS on a level playing field. For
> several reasons, not the least of which is it's lack of transparency.
> Adding Tor to the equation as a counterbalance to some of the
> obvious insecurity OM's design brings to the table doesn't change facts.

Someone said "complexity is the enemy of security".

Borked Pseudo Mailed

unread,
Jul 2, 2007, 9:03:46 PM7/2/07
to
>We have an easy way of generating a data set to analyze. So get busy. <g>

I found <200402100805...@outpost.zedz.net>. Funny.

Non scrivetemi

unread,
Jul 2, 2007, 11:13:27 PM7/2/07
to
>>>Utter nonsense. there's uncountable subtle and not so subtle things OM
>>>could do to partition and out users that you'd never be able to spot.
>>>Remember that OM determineds what chains are built. Also remember that
>>>BY DESIGN OM builds very weak chains.
>>
>> Not at all. It's not OM which specifies the chain, it's the user who
>> has total control of it. If you set up OM to build a chain of random
>> remailers then it keeps to it.
>
>I think that's the point. OM's setup and what OM actually does might be
>two different hings and you'd have no way to know. It could easily hook
>stdout and present fake mixmaster output even. If it's programmatically
>possible to do something, it's programmatically possible to undo it.

Don't act the fool now! That's detectable without problems. For
example replace MM by a program that fills the pool with bogus data
and look what's later on sent by OM. You rule your system and have all
tools to find out what data a program tries to obtain and to export,
external program calls, file i/o, registry accesses, whatever.

>>>> That's exactly what only Mixmaster itself would be capable of. But
>>>
>>>Idiot. One more time for our slower readers: OMNIMIX IS IN TOTAL CONTROL
>>>OF WHICH CHAINS ARE BUILT. <sheesh!> We just HAD this discussion and even
>>>Christian agreed that sending every copy of every message to a single
>>>remailer was a problem.
>>
>> 'every copy of every message to a single remailer'? That makes no
>> sense. You seem to be confused. What Christian said more than once
>> was that sending MM packets of one single message _directly_ to the
>> SMTP servers of _different_ entry remailers isn't supported by
>> OmniMix, of which anyway only a few exist. And the number of
>
>You really don't know how Mixmaster and/or OM work, do you?
>
>When mixmaster generates messages it by default generates multiple copies
>and sends each copy through the network using a unique chain, with a
>unique entry node. It does this so that a single remailer operator
>can't launch a latency attack against users. Building chains with a fixed
>and consistent entry node like OM does defeats this. There's no longer
>multiple copies of your message at all really, it's like you were sending
>one copy. The entry node has total control over it. That node can delay
>a message for days if it wants before sending it, and know exactly who
>the author was when it finally appears out of sync and within a certain
>time frame. They could know this with near certainty attacking a single
>message. With a series of messages it becomes absolute knowledge.

Then you claim that OM doesn't support selecting random entry
remailers and sending the Mixmaster output to those entry nodes, for
example through the mail server of an ISP? That's new to me.

>>>And how do you know for a fact OM actually uses mixmaster to encrypt?
>>>
>>>You don't.
>>
>> That's exactly why I suggested the logging of Mixmaster's I/O.
>> Comprende?
>
>Do you "comprende" how easy it is to redirect stdin and stdout? Never
>heard of "piping" I take it? And you're completely oblivious to the fact
>that programs simply "shut off" stdin/out/err all the time? That there's
>standardized ways to do it using a line or two of code in every language
>every conceived?

I've not spoken of standard i/o pipes, which are anyway occupied and
redirected by the controlling application, but of normal file
creation: hFile=CreateFile(~,GENERIC_WRITE,~). You know?

>Never heard of a daemon, have you? ;)

A hidden daemon, untraceable even for you? Unbelievable!

>>>You really are an idiot. Not only has mixmaster progressed beyond the
>>>Disastry days, the source code is compiled into an executable that's easy
>>>to verify. When you're done making a fool of yourself you may want to stop
>>>by the Sourceforge download page. f you're wide awake and at your best you
>>>MIGHT just figure out that those .sig downloads have something to do with
>>>file integrity.
>>
>> Please get an insight before babbling nonsense! For years now
>> QuickSilver uses the 32 Bit 2.9 Disastry build. Christian himself
>
>I'd say that's another strike against OM. :(

And QS. So we have to stay with JBN or bare Mixmaster 2.0.4, right?

>> tried to use the Sourceforge 16 Bit Mixmaster 2.0.4 in earlier OM
>> versions before he finally replaced it by MM 2.9 - you remember, that
>> was, due to a different behavior of the two MM versions, the
>
>I remember this very well. It was an easily solved "problem" that
>Christian for some reason chose to address by using an outdated version of
>mixmaster. I'm sorry to hear that hasn't been fixed yet. :(

And which Mixmaster version available for Windows is not outdated in
your opinion?

>> Read MID <R3AUEABW3902...@anonymous.poster> if you can't
>> believe it.
>
>You do realize Christian tattled on himself a bit in that post by claiming
>the 32-bit version of mixmaster allowed chains/etc of any length, don't
>you. :)

Undoubtedly an exaggeration, though a chain of 20 remailers should be
enough for most of us. ;)

Rango
.

Message has been deleted

Anonymous

unread,
Jul 3, 2007, 1:49:56 PM7/3/07
to
>> >I think that's the point. OM's setup and what OM actually does might be
>> >two different hings and you'd have no way to know. It could easily hook
>> >stdout and present fake mixmaster output even. If it's programmatically
>> >possible to do something, it's programmatically possible to undo it.
>>
>> Don't act the fool now! That's detectable without problems. For
>> example replace MM by a program that fills the pool with bogus data
>> and look what's later on sent by OM. You rule your system and have all
>> tools to find out what data a program tries to obtain and to export,
>> external program calls, file i/o, registry accesses, whatever.
>
>So you're telling us that to find out what Omnimix actually does on
>our computers, we have to use the same methods that anti-trojan
>researchers use to examine how trojan and virus binaries works.
>
>Next you'll be telling us to use the IDA disassembler if we want to
>see what it does. Wow. No thanks, any security program that makes it
>that difficult to know what it does isn't a program I want anywhere
>near my computer.

You were the one who claimed, that it's impossible to detect whether a
program behaves correctly, hides communication paths or feigns them
where there are none, and I had to show you, the professional, that
it's easy to spot. For me there's no need to disassemble the code when
the data which come from Mixmaster and those sent to the remailer
network turn out to be exactly the same. I don't care a damn about
what happens within OmniMix as long as those conditions are fulfilled.
This decision is at least a much safer bet than trying to find privacy
in freemailer accounts, but being spied out in superior style instead.
I'm not addicted to OmniMix. It's particularly about those who will
never bring themselves to turn away from their acquainted client
software and for whom the OmniMix system can be a real blessing. Those
are the ones that can tremendously improve the security of our all
messages.

Within this discussion there are lots of questions still unanswered by
you. You claimed OmniMix is unable to send to random entries, you
claimed it uses an outdated Mixmaster version, you told us about
Christian's "endless repeating of the "as soon as I get it cleaned up"
excuse", you allegedly figured out some were "in fact "outed" by OM as
posting under their real name and an anonymous pseudonym", and that's
only a tiny excerpt of the statements you never supplied evidence for.

For me it's a shabby strategy to make assertions and then steal away
without any proof. In this context it's no surprise that you, to top
it all, accuse others to be trolls, you, the epitome of a troll.

I don't know what your motives are, but I'm sure it is neither the
improvement of privacy technology nor the encouragement of future
users. In my view it's showmanship and disparagement - at best.

For me EOD! I have no more time for you and your campain.
May others feed the troll.

Rango

Anonymous Sender

unread,
Jul 3, 2007, 3:10:18 PM7/3/07
to
Anonymous wrote:

>>> >I think that's the point. OM's setup and what OM actually does might be
>>> >two different hings and you'd have no way to know. It could easily hook
>>> >stdout and present fake mixmaster output even. If it's programmatically
>>> >possible to do something, it's programmatically possible to undo it.
>>>
>>> Don't act the fool now! That's detectable without problems. For
>>> example replace MM by a program that fills the pool with bogus data
>>> and look what's later on sent by OM. You rule your system and have all
>>> tools to find out what data a program tries to obtain and to export,
>>> external program calls, file i/o, registry accesses, whatever.
>>
>>So you're telling us that to find out what Omnimix actually does on
>>our computers, we have to use the same methods that anti-trojan
>>researchers use to examine how trojan and virus binaries works.
>>
>>Next you'll be telling us to use the IDA disassembler if we want to
>>see what it does. Wow. No thanks, any security program that makes it
>>that difficult to know what it does isn't a program I want anywhere
>>near my computer.
>
> You were the one who claimed,

You're confused. That was me.

> that it's impossible to detect whether a
> program behaves correctly, hides communication paths or feigns them

It is impossible for most people. It's even impossible for practical
purposes among advanced users to a great extent.

> where there are none, and I had to show you, the professional, that
> it's easy to spot. For me there's no need to disassemble the code when

Easy to spot my ass. You're blowing smoke and you know it. We're both
fully aware that if Christian wanted to back door OM he'd be able to get
away with it. You wouldn't notice any more than anyone else would if he
did something like hard wired certain chains and then hooked stdout to make
it appear in logs and such that chains were built randomly. Daemon
software does this very thing all the time, in spite of your juvenile
attempts at "undetectable daemon" wit.

> the data which come from Mixmaster and those sent to the remailer
> network turn out to be exactly the same.

You're being an imbecile. Nobody said OM could swap mixmaster messages
after the fact, they said it could control the way that message was
generated in the first place.

Please try to keep up.

> I don't care a damn about
> what happens within OmniMix as long as those conditions are fulfilled.

Then you really are an imbecile. Honestly. OM could do any number of
things to a message that would break your anonymity.

> This decision is at least a much safer bet than trying to find privacy
> in freemailer accounts, but being spied out in superior style instead.

What are you blubbering about now? Who said anything about freemailer?

> I'm not addicted to OmniMix. It's particularly about those who will
> never bring themselves to turn away from their acquainted client
> software and for whom the OmniMix system can be a real blessing. Those

Or their demise.

> Within this discussion there are lots of questions still unanswered by
> you. You claimed OmniMix is unable to send to random entries, you

Bullshit. You're just flat out lying now. I said that it's option to direct
deliver was a huge security problem because it gives a single operator
sole power over your traffic and defeats one of the basic design
paradigms of mixmaster.

PLEASE try to keep up.

> claimed it uses an outdated Mixmaster version, you told us about
> Christian's "endless repeating of the "as soon as I get it cleaned up"

You're even more confused than we originally thought. That was someone
else. Sorry.

> excuse", you allegedly figured out some were "in fact "outed" by OM as
> posting under their real name and an anonymous pseudonym", and that's
> only a tiny excerpt of the statements you never supplied evidence for.

Still confused. :(

> I don't know what your motives are, but I'm sure it is neither the

Privacy, anonymity, and correcting the blind stupidity of people like you
who think they know something but obviously do not.

> For me EOD! I have no more time for you and your campain.
> May others feed the troll.

By all means tuck tail and run. You know you lost anyway. :)

Borked Pseudo Mailed

unread,
Jul 3, 2007, 4:24:50 PM7/3/07
to
Anonymous Sender wrote:
> > excuse", you allegedly figured out some were "in fact "outed" by OM as
> > posting under their real name and an anonymous pseudonym", and that's
> > only a tiny excerpt of the statements you never supplied evidence for.
>
> Still confused. :(
>
> > I don't know what your motives are, but I'm sure it is neither the
>
> Privacy, anonymity, and correcting the blind stupidity of people like you
> who think they know something but obviously do not.
>
> > For me EOD! I have no more time for you and your campain.
> > May others feed the troll.
>
> By all means tuck tail and run. You know you lost anyway. :)

You do realize that you are arguing with the author, right? No one else
but the author would argue that it was ok to keep a privacy tool closed
source in these groups.

Gotta love anonymity and those who are completely clueless that they
stand out because of the way they act. No user of a software
application will defend it with such gusto against the face of logic.
No regular joe in these groups is going to argue against open source.
Just like privacy.li, no customer would defend them in the face of what
they did and ignoring all logic like the owners socks were doing. When
owners or authors do things like this it makes them stand out like beacons.


anon...@remailer.hastio.org

unread,
Jul 4, 2007, 2:55:58 PM7/4/07
to
In article <4isf4edma4a1$.uzti1z475sbb$.d...@40tude.net>
traveller 66 <nor...@nym.alias.net> wrote:
>
> Just wait until the cyber troll starts posting you up here with FUD, by the
> way, can you let me know about the signatures with newsreaders, etc.
> Thanks.

Quit whining.

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.


George Orwell

unread,
Jul 5, 2007, 9:55:04 AM7/5/07
to
In article <9cd157be46f01f2f...@ecn.org>

Anonymous <cri...@ecn.org> wrote:
>
> In your mind nobody cared. In reality some of us knew about X-Invalid but
> kept the information to ourselves. Some of us know about other things OM
> and other clients do too, but wont tell because that information is an
> advantage when dealing with trolls like you.

Thats such CRAP! Theres no way you could tell which client
I am using to post this message as all identifying
information was removed by it. Go on I dare you.

Cyberiade.it Anonymous Remailer

unread,
Jul 5, 2007, 1:45:36 PM7/5/07
to
George Orwell wrote:

You're too stupid to be anything but a Quicksilver user.

Borked Pseudo Mailed

unread,
Jul 5, 2007, 2:44:12 PM7/5/07
to
George Orwell wrote:

Unless you just came out of a coma you should know that until recently
Omnimix had a serious bug that absolutely did make it possible for readers
to know it was the client used to generate a message. Not all that
long ago someone demonstrated how Quicksilver identifies itself, at least
to whoever it's delivering mail to. The "Sofaking" script that Eelbash
ripped off has been outing him for many months now because of the wya it
deals with long headers. And header order/reordering has been discussed
here in the more distant past as a way to partition users of one client
from another.

You might want to can the adolescent chest puffing until you've though it
through a bit kiddo. There's a whole bunch of things that can be done to a
block of text that might fingerprint the tool used to manipulate that
text, which wouldn't show up as anything so obvious as a "User-Agent"
header. Just because you can't spot them doesn't mean someone else can't.

Anonymous

unread,
Jul 5, 2007, 4:28:42 PM7/5/07
to
George Orwell wrote:

> In article <9cd157be46f01f2f...@ecn.org>
> Anonymous <cri...@ecn.org> wrote:
>>
>> In your mind nobody cared. In reality some of us knew about X-Invalid but
>> kept the information to ourselves. Some of us know about other things OM
>> and other clients do too, but wont tell because that information is an
>> advantage when dealing with trolls like you.
>
> Thats such CRAP! Theres no way you could tell which client

Hmmm..... totally oblivious to the context of a conversation, too lazy to
reach for an apostrophe....

We know it's a Windoze client anyway.

gooblue

unread,
Jul 12, 2007, 5:05:41 AM7/12/07
to
macarro wrote:
> I have come across a privacy service called Xerobank.com after spending
> a while reading it I suspect that they are offering Tor services at $35
> month!!
>
> Their privacy policy says "the servers are located in different
> countries so we can't give the logs to the authorities".
>
> Anyone could confirm this? They are quite good at marketing in the
> webpage so it is not that obvious that they use Tor, but I looked into
> it because a PC magazine in the UK names them as a Tor ACCESS provider.
>
> It is also highly suspecious that they have the free Torpark logo on
> their page.
>
>

They installed a trojan on my computer. Or rather, I did, when I
chose to download and run it. I installed it on a flash drive
and the first time I used it, it tried to upload everything I had
on that flash drive, [and I believe it may have succeeded], then
it wiped it clean. Not realizing immediately what had happened,
I didn't remember what exactly I had on the flash drive that
could have been stolen. Luckily I had a backup and when I looked
at it I realized I had a very big problem.

Roboform was one there, but thats not all, there were other
documents with sensitive information. Of course RF was password
protected, but certainly not impossible to crack. I spent an
entire day changing all passwords.

Borked Pseudo Mailed

unread,
Jul 12, 2007, 10:05:13 AM7/12/07
to
gooblue wrote:

> macarro wrote:
>> I have come across a privacy service called Xerobank.com after spending
>> a while reading it I suspect that they are offering Tor services at $35
>> month!!
>>
>> Their privacy policy says "the servers are located in different
>> countries so we can't give the logs to the authorities".
>>
>> Anyone could confirm this? They are quite good at marketing in the
>> webpage so it is not that obvious that they use Tor, but I looked into
>> it because a PC magazine in the UK names them as a Tor ACCESS provider.
>>
>> It is also highly suspecious that they have the free Torpark logo on
>> their page.
>>
>>
>>
> They installed a trojan on my computer. Or rather, I did, when I chose
> to download and run it. I installed it on a flash drive and the first
> time I used it, it tried to upload everything I had on that flash drive,
> [and I believe it may have succeeded], then it wiped it clean. Not
> realizing immediately what had happened, I didn't remember what exactly
> I had on the flash drive that could have been stolen. Luckily I had a
> backup and when I looked at it I realized I had a very big problem.

Apparently you're the only person on the entire planet to have this
problem.

*shrug*

You should either feel very special, or very stupid for mucking up your
own data, misinterpreting your modem's idiot lights, and mistakenly
blaming everything on someone else.

TorPark and this "Xerobank" evolution might be a lot of things including
a ripoff of free software and networks, a good dose of snake oil and
false advertising, and the misguided project of what amounts to an
emotionally stunted individual who says just about anything to sell a box
of free stuff, but if there were any sort of data swiping trojan included
with the package we'd sure as hell have heard about it from more than one
person named "gooblue" by now.

> Roboform was one there, but thats not all, there were other documents
> with sensitive information. Of course RF was password protected, but
> certainly not impossible to crack. I spent an entire day changing all
> passwords.

A whole day, huh?

*laugh*


gooblue

unread,
Jul 12, 2007, 6:38:51 PM7/12/07
to
Borked Pseudo Mailed wrote:
> gooblue wrote:
>
>> macarro wrote:
>>> I have come across a privacy service called Xerobank.com after spending
>>> a while reading it I suspect that they are offering Tor services at $35
>>> month!!
>>>
>>> Their privacy policy says "the servers are located in different
>>> countries so we can't give the logs to the authorities".
>>>
>>> Anyone could confirm this? They are quite good at marketing in the
>>> webpage so it is not that obvious that they use Tor, but I looked into
>>> it because a PC magazine in the UK names them as a Tor ACCESS provider.
>>>
>>> It is also highly suspecious that they have the free Torpark logo on
>>> their page.
>>>
>>>
>>>
>> They installed a trojan on my computer. Or rather, I did, when I chose
>> to download and run it. I installed it on a flash drive and the first
>> time I used it, it tried to upload everything I had on that flash drive,
>> [and I believe it may have succeeded], then it wiped it clean. Not
>> realizing immediately what had happened, I didn't remember what exactly
>> I had on the flash drive that could have been stolen. Luckily I had a
>> backup and when I looked at it I realized I had a very big problem.
>
> Apparently you're the only person on the entire planet to have this
> problem.
>
> *shrug*

Really? I guess you would know. I'll just take your word for it.

>
> You should either feel very special, or very stupid for mucking up your
> own data, misinterpreting your modem's idiot lights, and mistakenly
> blaming everything on someone else.

Well of course I know I'm not perfect, and special like you
probably are. But, I could be Borked Pseudo Mailed just as well
as you are. At least to some.

>
> TorPark and this "Xerobank" evolution might be a lot of things including
> a ripoff of free software and networks, a good dose of snake oil and
> false advertising, and the misguided project of what amounts to an
> emotionally stunted individual who says just about anything to sell a box
> of free stuff, but if there were any sort of data swiping trojan included
> with the package we'd sure as hell have heard about it

Do you mean you couldn't analyze it yourself?

from more than one
> person named "gooblue" by now.

You don't like gooblue I take it then. Ok fair enough. I don't
like it much either, but I asked my 6 year old for a nic and
thats what he gave me. Even he is smart enough to know that a
browser can act like a trojan. Or a trojan can act like a
browser. At least thats what he told me.

>
>> Roboform was one there, but thats not all, there were other documents
>> with sensitive information. Of course RF was password protected, but
>> certainly not impossible to crack. I spent an entire day changing all
>> passwords.
>
> A whole day, huh?
>
> *laugh*

It sure felt like a whole day.

I don't doubt that I could have hit a phishing site and even
suspect that that is indeed what I did do. Now you can admonish
me for not saying that originally. I probably didn't get what
ever clean version there is of this browser there might be, and
yes, I know you could find err in not being perfect there too,
but it does happen to half wits like me. I guess the facts are,
we're all not as perfect as you are, and most of us know it.
Without your aide even.

Yep, it felt like a whole day, it was very tedious for me. Again,
probably my less than perfect knowledge helped to make that
possible. It was difficult as I had to sync it all by hand to
several different drives as well as network locations too. So I
felt confident I had gotten it right, and covered. Besides
generating all new passwords change them all at the sites where I
use them and try to cover my tracks along the way. Maybe it
wasn't a whole day, but it sure as hell seemed like it I can tell
you that. I had to re-create a lot of accounts.

You like to scoff at what you manufacture yourself. Your anger
makes you look like you might have some kind of stake in this
that may be in jeopardy. Thats all.

How many people can use a remailer and your nic?

Cyberiade.it Anonymous Remailer

unread,
Jul 13, 2007, 7:09:35 AM7/13/07
to
gooblue wrote:

>>> They installed a trojan on my computer. Or rather, I did, when I chose
>>> to download and run it. I installed it on a flash drive and the first
>>> time I used it, it tried to upload everything I had on that flash
>>> drive, [and I believe it may have succeeded], then it wiped it clean.
>>> Not realizing immediately what had happened, I didn't remember what
>>> exactly I had on the flash drive that could have been stolen. Luckily
>>> I had a backup and when I looked at it I realized I had a very big
>>> problem.
>>
>> Apparently you're the only person on the entire planet to have this
>> problem.
>>
>> *shrug*
>
> Really? I guess you would know. I'll just take your word for it.

Yeah, I do know.

I know for a fact that unless you downloaded TorPark from some off the
wall "warez" site targeting clueless rubes who download software from off
the wall warez sites with bogus software, none of it had anything to do
with any trojan, and it didn't try "uploading everything on your flash
drive".

You're full of yourself whether you care to realize it or not. The disk/
idiot-light activity you saw was Tor downloading directory information.
As to what happened to your data, you probably hammered it installing
TorPark and didn't notice until after you panicked.

<much whining snipped>

> I don't doubt that I could have hit a phishing site and even suspect
> that that is indeed what I did do. Now you can admonish me for not

You really are clueless. Phishing sites don't "download everything on a
drive". No sites do because browsers don't allow access to drive contents
in that way, and TorPark (Firefox) absolutely does not.

It didn't happen the way you think it did kiddo. Sorry. You no doubt
experienced a problem of some sort, but given what you've already posted
here it's pretty clear you caused it yourself.

> You like to scoff at what you manufacture yourself. Your anger makes you
> look like you might have some kind of stake in this that may be in
> jeopardy. Thats all.

The only thing being scoffed at is your ignorance. Please don't compound
it by confusing a low tolerance for the sort of FUD you tried to spread
here with "anger". Your nonsense needed squashed, and I squashed it. It's
just as simple as that.

Now you're faced with the decision of whether to learn something from
your error, pick a fight you can't win. So far you seem to be making the
wrong decision. Fair enough, I'm up for either game you care to play.



> How many people can use a remailer and your nic?

Who the fuck cares? What sort of "point" do you think you're trying to
make with this ridiculous straw grabbing kid?

0 new messages