OMEGA release 37 is available for download

BM-2cSsaUfZ6zcSwtZ7bhrNAuE81BRVA89afn
Oct 3 23:01

http://www.cyanbyte.de/ Minor code changes applied (Python 2 & 3): Disk space check has been completely removed to ensure code compatibility between Linux and BSD operating systems. Under some circumstances, the disk space check could cause trouble when running the OMEGA software on OpenBSD. FOR NO SPECIAL REASON EXCEPT WEBSITE DESIGN CHOICES, DECISION HAS BEEN MADE TO REMOVE THE CANARY SYMBOL. An alternate (and time-limited) HTTPS download option is also provided here: https://pastebin.com/mw6Ch1US

[chan] privacy
Oct 4 04:46

Is there a valid canary? Or should I worry?

BM-2cSsaUfZ6zcSwtZ7bhrNAuE81BRVA89afn
Oct 4 07:22

There is *NO* need to worry. We have simply decided to remove the canary since it has no real benefit here. The OMEGA software is hosted in Germany, a country where encryption is not prohibited (yet). You may also want to look at these thoughts on warrant canary by Bruce Schneier (see second paragraph): https://www.schneier.com/blog/archives/2015/03/australia_outla.html

[chan] privacy
Oct 4 07:31

THE CANARY IS DEAD NSA HAS INFILTRATED THE WEB SITE

[chan3] privacy
Oct 4 07:35

FUD. NSA has infiltrated your mom.

BM-NBKKF1io494ddT3GxwzEebZVEJJ5ULQe
Oct 4 11:30

That's fair. So to prove there are no nefarious changes in the latest version (37), why not publish the previous versions as well? That way we could have a look to ensure the changes are legit. Obviously if your PC were compromised we would have no way of knowing this is you talking or and FBI agent.

[chan] privacy
Oct 4 12:57

it would have been best to include the whole thing in a git repo (even locally and put in a zip archive) right from start, so changes easily could have been tracked. and yes, i know about the sha1 issues, but it makes meddling much more complicated. otoh, the script is short enough to look through the entire thing and watch for nasties.

[chan] privacy
Oct 4 13:37

Any canary to be taken seriously anyways should be PGP signed. If the software is still open source it can be audited.

[chan3] privacy
Oct 4 14:00

The previous release (36) is available here for your comparison: https://tinyurl.com/y9vlo7jw There are no code changes except for the removal of disk space check.

[chan3] privacy
Oct 4 15:20

Deleting a canary that's PGP signed means nothing more than deleting an unsigned canary.

[chan3] privacy
Oct 4 15:22

Somebody should develop really secure and verifiable "canary protocol".

[chan3] privacy
Oct 4 21:13

The whole point of a canary is that deletion is proof. Any more would violate the whole gag order problem.

[chan] privacy
Oct 5 16:05

CANARY no longer alive == PIG ASSAULT ongoing

[chan] privacy
Oct 6 03:04

What kind of swine would assualt a pig?

[chan3] privacy
Oct 6 07:59

A reverse pig assault happened here: https://www.damninteresting.com/the-skyhook/ "The first live test was conducted with a pig as the target. Due to some stability issues, the pig spun in the 125 mph wind, and arrived on the plane dizzy and discombobulated. It recovered, however, and promptly attacked the crew." LMAO

[chan] privacy
Oct 7 03:46

> Deleting a canary that's PGP signed means nothing more than deleting an unsigned canary. It is not the same. A canary that is unsigned can be created by anyone.

[chan3] privacy
Oct 7 21:07

Well, yes. We use control over the server as a weak authentication. Canaries needn't be strongly authenticated.

[chan3] privacy
Oct 8 15:04

> It is not the same. A canary that is unsigned can be created by anyone. Well, let me play devil's advocate for a bit. What is the idea behind a canary? Having some sort of "passive" signaling (= canary disappeared) that you had to comply to a subpoena without getting you into trouble i.e by actively saying so, right? Now let's say you get a subpoena by $THREE_LETTER_AGENCY to hand out data and you are forced to comply. Depending on jurisdiction (hint: see UK) you can even be forced to comply by handing out your passwords. What would be the first thing you might get asked if you use some signature software? Maybe password and secret key you are using to sign things? And after that, if you do comply in order to not go to jail and give out your password, what would $THREE_LETTER_AGENCY do next? Maybe posting a signed canary to tel users everything is just fine and even better everything is just fine because the signature matches? Now, do you see the big, deep rabbit hole that just opened up right in front of you?

[chan3] privacy
Oct 8 15:36

What Bruce Schneier said.

[chan3] privacy
Oct 8 15:37

Well, if so I take this as a compliment then.

[chan] privacy
Oct 8 15:47

I don't get it. If your real life security is on point, how will the bad guys even KNOW you have the signing key, in order to force you to sign the canary?

[chan3] privacy
Oct 8 15:51

Threatening to throw youin jail if you don't hand it out maybe? If you do have it and don't hand it out, you go to jail and you are fucked. If you don't have it and can not convince the bad guys you don't have it (good luck with that btw.), you go to jail and you are fucked. If you do have it and hand it out, you might still be a free man and your users are fucked. Choose your poison.

[chan3] privacy
Oct 8 15:56

Or, to say it with a famous xkcd strip: https://imgs.xkcd.com/comics/security.png

[chan] privacy
Oct 8 16:19

I still don't get it. Threatening to throw WHO in jail, that's what I don't understand? Don't they have to know who you are first? How can you throw Satoshi in jail, or ShaolinFry, or I don't know, that fucker Verto ex-Evo (I'd pay to see that)? Even if they captured the person who previously identified as Verto for unrelated reasons, how would they know it was her? All linkage has been destroyed years ago. I think post- Ladar Levinson most people know better than to reuse the same identity across unrelated businesses.

[chan3] privacy
Oct 8 16:34

In a perfect world, you could be correct. Getting operational security right is extremely hard and people make mistakes all the time. But as you mentioned Ladar Levinson, he is a good example for looking at the problem from many different perspectives. He chose deliberately to do the right thing and he did so in offering his his mail service as his little business with his own name on it. Do you think this was stupid under the circumstances he started it? Do you think it was stupid even when he was forced by the NSA to comply to their subpeona? Yes, there are maybe some examples where people chose (or will chose) to do the right thing and (more or less) successfully do that in complete anonymity. Bitcoin is one of them (at least until now), but do you think this model will become the standard andmore importantly, do you think this will scale? I would love to be wrong on this, but I doubt it. Also take into account that if in doubt the really bad guys don't care if they get the right guy/gal (see silk road for examle).

[chan] privacy
Oct 8 17:18

>But as you mentioned Ladar Levinson, he is a good example for looking at the problem from many different perspectives. >He chose deliberately to do the right thing and he did so in offering his his mail service as his little business with his own name on it. >Do you think this was stupid under the circumstances he started it? >Do you think it was stupid even when he was forced by the NSA to comply to their subpeona? I think when Ladar started (early 2000's, years before Satoshi) he had no idea what he was getting into, and by the time he figured out it was too late to pivot. He did manage to back off gracefully, which was really impressive. >Yes, there are maybe some examples where people chose (or will chose) to do the right thing and (more or less) successfully do that in complete anonymity. >Bitcoin is one of them (at least until now), but do you think this model will become the standard andmore importantly, do you think this will scale? Absolutely I do, and sadly I think survival of the fittest will have a major role in this. I mean "survival" in the most literal sense: people are being killed, exiled or imprisoned for using insufficient or inappropriate security measures. Not sure what you mean by do I think it will scale? In what way is scaling a concern, and what would be the limiting factors?

[chan3] privacy
Oct 8 18:25

> Absolutely I do, and sadly I think survival of the fittest will have a major role in this. I mean "survival" in the most literal sense: people are being killed, > exiled or imprisoned for using insufficient or inappropriate security measures. And even if people are very determined and maybe even if they are very fit compared to others,they still might fail badly in the moment they are becoming an interesting target. If you have (as I luckily have not directly and only through persons I know) experienced once that people were killed for being determined and courageous although they at least tried to apply operational security, it might give you a rather pessimistic look at such things. I know the last sentence sounds like a teaser but I am not sure if I want to write about this in a personal perspective, but I will give you a hint, serach for what the "Telecomix" group did during the so-called "arab spring", especially in syria and what was the impact on their members. Disclaimer: I was not directly involved in "Telecomix" but I "know" somebody who was, so it is "second hand info", but that was ugly enough for me and I have no reason to doubt what I heard. > Not sure what you mean by do I think it will scale? In what way is scaling a concern, and what would be the limiting factors? Well, as an example see Bitmessage vs. something like WhatsApp/Facebook/$ADD_YOUR_OVERRATED_SERVICE_HERE. BM is great for privacy, at least by its design, and this gets me to the point already. We don't really know how secure/anonymous BM is, I am optimistic but still, nobody wrote a cheque of maybe a few tens of thousand Dollars/Euros to pay for an audit. But one thing is for sure, privacy/anonymity will most likely improve with the size of user base, see for example the tor network. And now one may ask, what is the (financial) budget for BM and how bbig is its user base? Unfortunately, the answer will be "pretty small" in both cases. Now have a look at one of the usual suspects of highly popular services, who -at best- don't really give a fuck about privacy or even worse deny you real privacy as it would be against their business model. How big is their budget and how large is their user base? Unfortunately, compared to BM "huge" would be the answer to both. Reasons? I won't (and can't) give you a comprehensive list, but convenience and a certain amount of(natural) laziness will certainly play a substantial role.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Oct 8 18:46

Hi, This is Stman. You post very interesting stuff on the privacy channel. Can I use a nickname for you in my Bitmessage local database or do you want to stay fully Anonymous ? I know several telecomix guys in France too. There is a lot to say about Telecomix and how they get instrumentalized, exactly like Anonymous, or even the Anarchist scene in general. Kind regards, Stman.

[chan3] privacy
Oct 8 18:51

> You post very interesting stuff on the privacy channel. Thx, appreciate it. > Can I use a nickname for you in my Bitmessage local database or do you want to stay fully Anonymous ? I would prefer the latter, otherwise I would not be posting with the chan address as sender.

[chan] privacy
Oct 8 19:25

Has anyone archived this thread somewhere?

[chan] privacy
Oct 8 20:19

---------------------------------------------------- >> Absolutely I do, and sadly I think survival of the fittest will have a major role in this. I mean "survival" in the most literal sense: people are being killed, >> exiled or imprisoned for using insufficient or inappropriate security measures. >And even if people are very determined and maybe even if they are very fit compared to others,they still might fail badly in the moment >they are becoming an interesting target. There's one important aspect that you should never dismiss: the technology involved is strongly asymmetrical in our favour. It costs next to nothing to defend and millions of dollars to attack. It's also easy to adapt, deploy and fix. Yes, some people will fail but those who survive will pass on the experience. It's natural selection, brutal yet efficient. >> Not sure what you mean by do I think it will scale? In what way is scaling a concern, and what would be the limiting factors? >Well, as an example see Bitmessage vs. something like WhatsApp/Facebook/$ADD_YOUR_OVERRATED_SERVICE_HERE. >Reasons? I won't (and can't) give you a comprehensive list, but convenience and a certain amount of(natural) laziness will certainly play a substantial role. Oh, understood. You mean the scaling of the platforms in particular. To be honest I never worried much about this, as "it's only software". Decentralized technologies are a very hot research field right now and a lot of it is being invented as we go. Many of us are truly at the proverbial point of having jumped off a cliff and building our wings on the way down. Not trying to divert the discussion, personally I am more interested in the scaling of the new social and economic structures enabled by the new platforms. How larger groups can organize, self-regulate and interact trustlessly in secure enclaves, free from arbitrary interference from external self-appointed authorities. What type of event would cause a normal person to one day decide to quit the rat race, go out there and "find their tribe" - become a respected member of a free community, or several. This kind of stuff. But yes, scaling the platforms is also important.

[chan3] privacy
Oct 8 21:17

> Oh, understood. You mean the scaling of the platforms in particular. To be honest I never worried much about this, as "it's only software". > Decentralized technologies are a very hot research field right now and a lot of it is being invented as we go. Many of us are truly at the proverbial point of having > jumped off a cliff and building our wings on the way down. You brought up an interesting point and let me pay devil's advocate again on this one. Technically, scaling of decentralized platforms should be easy, right? What about the non-technical aspects of scaling in the sense ofpeople adopting platforms/services/whatever? Decentralized sevices should be very attractive mainly due to the lack of a single point of failure and taking the internet itself it is a spectacular success for exactly achieving that goal. So far, so good but have a look at the types of internet based services which really took off the last few years. Most of them are centralized not in the sense "only one data centre" but inthe sense "one entity with total control over it". Facebook, twitter instagram, Youtube just to name a few. And with the "internet of shit^W things" people are being told it would be a good idea that even their light bulbs need access to a cloud servicewhich again is centralized in the sense i mentioned above. This is fucking insane, isn't it? It makes no real sense to hand over control over your devices and to put yurself at the mercy of one entity -with the only detail that it might be at the mercy for different signle entities for different devices which does not make things better- and still this whole cloud crap is the "hot piece of shit of the day". Sometimes I think of this as a parody of the Titanic desaster with the whole crew+passengers hailing the ice berg they are about to hit got hours in advance (instead ofat least trying to steer away from it). ---------------------------------------------------- >> Absolutely I do, and sadly I think survival of the fittest will have a major role in this. I mean "survival" in the most literal sense: people are being killed, >> exiled or imprisoned for using insufficient or inappropriate security measures. >And even if people are very determined and maybe even if they are very fit compared to others,they still might fail badly in the moment >they are becoming an interesting target. There's one important aspect that you should never dismiss: the technology involved is strongly asymmetrical in our favour. It costs next to nothing to defend and millions of dollars to attack. It's also easy to adapt, deploy and fix. Yes, some people will fail but those who survive will pass on the experience. It's natural selection, brutal yet efficient. >> Not sure what you mean by do I think it will scale? In what way is scaling a concern, and what would be the limiting factors? >Well, as an example see Bitmessage vs. something like WhatsApp/Facebook/$ADD_YOUR_OVERRATED_SERVICE_HERE. >Reasons? I won't (and can't) give you a comprehensive list, but convenience and a certain amount of(natural) laziness will certainly play a substantial role. Oh, understood. You mean the scaling of the platforms in particular. To be honest I never worried much about this, as "it's only software". Decentralized technologies are a very hot research field right now and a lot of it is being invented as we go. Many of us are truly at the proverbial point of having jumped off a cliff and building our wings on the way down. Not trying to divert the discussion, personally I am more interested in the scaling of the new social and economic structures enabled by the new platforms. How larger groups can organize, self-regulate and interact trustlessly in secure enclaves, free from arbitrary interference from external self-appointed authorities. What type of event would cause a normal person to one day decide to quit the rat race, go out there and "find their tribe" - become a respected member of a free community, or several. This kind of stuff. But yes, scaling the platforms is also important.

[chan3] privacy
Oct 8 21:26

OMG, recognizing the huge amount of typos in my postings, implementing support for some spell checking software (aspell/hunspell or the like) into the BM client would reduce the amount of embarrassment when reading my own stuff. So at least for the last sentence, let me correct the one which really confuses the potential reader. "Sometimes I think of this as a parody of the Titanic desaster with the whole crew+passengers hailing the ice berg they are about to hit FOR hours in advance (instead ofat least trying to steer away from it)."

[chan3] privacy
Oct 8 22:59

Well, this is a point where I have to partially disagree. Sadly it is not always the fittest ones who will survive literally. mainly due to the wide range of possible consequences if being caught. A Ross Ulbricht who gets imprisoned for allegedly being (one of the) Dread Pirate Roberts is bad, A Bradley/Chelsea Manning who gets imprisoned for leaking documents and being treated badly is even worse but a young syrian organising protests in the early uprising against Assad being tortured and literally beaten to death with the little extra for his family getting a video tape of that sent to their home is the league we are talking about when it comes to those areas of the world where good security/privacy/anonymity would be needed the most. (In addition now I actually wrote about some of the things I saw/heard when talking to one of the people of Telecomix.) The stakes are very high for some people and while good technology to enhance security is crucial, it can only contribute a tiny amount to the overall game.

[chan] privacy
Oct 9 01:09

Good point. Perhaps we took the life-and-death angle a bit too far. Happy to dial it back a notch. 1) Everywhere in the world, Europe, USA, Middle East, China, SE Asia etc, security failures can result in bad outcomes of the worst possible flavour available locally. 2) The role of network security technologies is minimizing these bad outcomes irrespective of their flavour. 3) Also, anywhere in the world, a self-inflicted security failure resulting in bad outcomes for self and/or others usually does disqualify one from being a security instructor for a while. Would you care for some OPSEC training from Ross? :)

[chan] privacy
Oct 9 03:55

Just kick them in the nuts.

BM-2cWZW87PJN5VZjtJCpk3hXcYefhNCxdjU6
Oct 9 15:17

My two cents here : - The cyber-space, as it is architectured today, has completely transmutted / denatured / unballanced all power relations on earth, but the global system we live in has not evolved at the same speed. - In the current technological statut quo, it is much more easy to attack than to protect yourself against cyber-attacks. - I have been studying Crypto-Anarchism for years to its maximum radical limits to understand better the natural laws within the current cyber-space. - A cyber-space is not equal to another. The current Cyber-space relies on some standards (TCP/IP), and on current microprocessor architectures, that lead to the current statut quo I personnaly find dangerous and leading to war, chaos and criminality. In the current cyber-space statut quo, we face a paradox between fixing cyber-chaos (Cyber-war, cyber-criminality, cyber-terrorism, cyber-fascism), and war, criminality, terrorism and fascism in the real world. When fixing one univers against bad things, you make things worse in the other, and vice-versa. - I long believed that Crypto-Anarchism was the solution, but that may intermediary step were needed into the society to have it working fixing things both in the cyber-space and the meat-space. - Today I have another understanding of the thing : The paradox of the Cyber-space and the meat-space regarding fixing bad things in one is damaging them in another is the consequence of the nature of the cyber-space itself. My conclusion : The debate about prefering Crypto-Anarchism or not in the current cyber-space technological statut quo is wrong, outdated, non relevant. We are tortured by this paradox, and it seems to have no solution, except maybe a kind of middle path, but it seems hard to find. My latest understanding is that we have to change the nature of the cyber-space itself, modifying its nature so that some of its inner natural laws gets modified to that the paradox we are facing would not exist anymore. Everybody, the military, but also the Crypto-Anarchists themselves have been fighting some how for nothing for years. It is appearing to me that the Crypto-War could have been a kind of divide and conqueer thing. By fixing a few things in the cyber-space nature, architecture, we can fix both chaos in the cyber-space and in the meat space, without falling into fascism and preserving human rights and peace. It's a new approach. A new road to explore. There is no word for it, yet. I think Crypto-Anarchism is outdated. That it was a kind of simple reaction to what military were doing. But being in the reaction usually means being manipulated. The Post-Crypto-Anarchism, let's call it this way, is a new new approach that prevents the paradox from the current statut quo to exist. This is the path I will follow for now, because I think it is a more clever approach to all the problems we are facing. This is exactly how I found the definite solution to Stack and Buffer overflows and R.O.P. . I took another road nobody took. Because I'm a fucking asperger and I don't see things like a normal person, for the better, and for the worse. I'm just trying to have it for the better. Kind regards, Stman.

[chan] privacy
BM-2cUJvFYHhXpBHyd96KHfjxsgTYi44BajdE

Subject Last Count
The Bitmessage Primer for Patriots Oct 20 05:34 2
The industry lobby battle against ePrivacy Oct 18 20:35 1
Julian Assange and Pedophile Baby Farms Oct 18 20:29 2
Wikileaks - Made By The NSA Oct 18 19:20 1
Tor is a Military Contract Oct 18 04:57 60
new chanbot 'cast' command Oct 17 14:26 6
Ukraine Kiev Now Oct 17 13:48 1
OTP talk by Frank Rieger at 19c3 (mp3/mp4) Oct 17 08:35 1
Were can I find links to OPSEC and darknet chans and forums? Oct 16 19:18 3
VPN & Firefox (+ other Gecko browsers)* rev. 0.3.10 Oct 16 14:48 1
OMEGA release 38 is available for download Oct 16 10:11 1
Tribler Makes BitTorrent Impossible to Shut Down Oct 16 09:43 1
What is your advice on untracable printers Oct 15 12:45 8
Cat lady Oct 15 11:57 3
Your privacy - VPN & Firefox (+ other Gecko browsers)* rev. 0.3.9 Oct 15 09:17 1
Using whatsapp, anybody? Oct 14 22:00 12
It's TCP/IP's fault, and microprocessors architecture's fault. Oct 14 21:01 22
Let's compile a list of privacy and security software (+Secret Agent) Oct 14 16:40 1
Let's compile a list of privacy and security software (+ipfs) Oct 13 17:48 3
VPN & Firefox (+ other Gecko browsers)* rev. 0.3.8 Oct 13 17:07 1
Is this chan Alive? Oct 12 02:22 6
Message by Julian Assange. Oct 10 15:01 5
OMEGA release 37 is available for download Oct 9 15:17 37
World's largest CP website was run by two Australian cops, so what Oct 9 14:56 3
Well guess what Oct 7 09:05 4
Several Privacy Related Questions Oct 6 10:14 8
Steganography against security Oct 6 02:46 3
Degraded entropy during major events? Oct 5 22:42 16
[chan] jewcifer BM-2cSrzbEEhoBvmwDbnu2bP5tzcfHJZ7DuSc Oct 2 01:14 2
[chan] freemasons BM-2cUFiGj4QgwznYJ32NpMxT5wp4rNcE4aZU Oct 1 19:30 1
Gang Stalking & NWO - The begining Sep 30 15:37 1
RFC: HTTP/S-based secondary peer wire protocol (proposal) Sep 30 04:34 1
Bitmessage best software so far for total anonymity and privacy? Sep 29 21:36 43
From the Bitmessage old days Sep 29 18:30 4
What's my displayed address? Sep 29 11:47 5
Secret ANTIFA Handbook Exposes Real Agenda of AntiFa Sep 29 07:51 1
Weev the Injun Half Jew Nazi Teaches White Racial Purity Sep 29 06:21 1
tor browser sandbox 0.0.20 r48240 Sep 29 02:27 1
Bitmessage POW Sep 29 02:19 1
Run .onion Sep 29 02:11 4
has anyone modded vault7-ware yet ? Sep 29 02:06 1
Crypto Question Sep 29 01:12 85
addon to pyBM : otp crypter -- soon to be integrated into BM for extra safety ! Sep 28 00:19 1
BitText ADD confirmation Sep 27 23:17 1
ADD privacy software Sep 27 23:16 1
Merovingians: Dawn of Aquarius Sep 27 23:15 1
'sup muh peeps Sep 27 22:02 4
America: Death of the Phoenix Sep 27 22:02 1
Let's compile a list of privacy and security software Sep 27 22:02 1
Serial Killers: The Homosexual Deathstyle Sep 27 22:01 1
Face the Truth. Fags Recruit. Sep 27 22:01 1
password Sep 27 22:01 1
COUNTERINTELLIGENCE Sep 26 21:44 1
Argue with me Sep 23 16:05 4
Elude.In is down Sep 23 05:41 2
NATO member Turkey boast that Russian S-400 SAMs can take out American B-52s, F-22s and Tomahawks Sep 22 20:04 5