Been wondering lately if the folks who tell us shit like “we don’t log your IP” are instead keeping a hash of the IP, which a dedicated actor (like a state intelligence apparatus, or law enforcement) could probably combine with other sources to out you.
The IPv4 address space is small enough where hashing is effectively useless. Though a bigger concern IMO is DDOS mitigation services like Cloudfare. It doesn’t matter if websites log or not if half of the internet is using the same reverse-proxy service.
DDOS mitigation services like Cloudfare
Hexbear using Cloudflare
:side-eye-1: :side-eye-2:
Lol if it makes you feel any better it’s basically impossible to be anonymous on the internet anymore, so we’re fucked anyway
Been wondering lately if the folks who tell us shit like “we don’t log your IP” are instead keeping a hash of the IP, which a dedicated actor (like a state intelligence apparatus, or law enforcement) could probably combine with other sources to out you.
Good thing this site is open source so we don’t have to wonder.
Well yeah, of course. Otherwise there’d be more of us here who could build cool shit. My point is that it’s all there for anyone to vet who has put in the time to learn how.
@LeninWeave linked to a good example of when we’ve noticed stuff and brought it to the devs / admins: https://hexbear.net/post/127316
If you’ve got any proof hexbear is hashing all the IPs of everyone and storing them, then please make a post about it because I think we’d all want to know.
Your only option is to have it based in a country that doesn’t cooperate with the US and ensure MITM isn’t possible.
Hmm depends on which part you want to read more about.
Basically you want to avoid 14 eyes+ countries, basically any country that you think would be friendly to US requests for data. China might be the best option.
I personally just don’t out anything I wouldn’t want anyone to read in email.
For MITM that means you need e2e encryption. This way, your email sending service can’t read the contents of your emails even though you’re sending them to them to pass on to the recipients’ servers.
There is a wide scope of “cooperation with US”, from extradition treaties (so the US could demand the operator be legally extradited & jailed as opposed to kidnapped) to mutual legal assistance treaties (police collaboration), to “cybersecurity agreements”. And the US military/economic strength (such as their control of SWIFT or the widespread military and “intelligence” apparatus) means very few countries won’t cooperate. The US does not follow international law unless it wants to. US most often collaborates with EU & Anglosphere countries (UK “commonwealth” countries).
Comparison of NSA spying collaboration (known) https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/ NSA are also interested in undersea cable wiretapping: https://www.vice.com/en/article/wnnmv9/undersea-cable-surveillance-is-easy-its-just-a-matter-of-money https://www.theatlantic.com/international/archive/2013/07/the-creepy-long-standing-practice-of-undersea-cable-tapping/277855/
MLAT data: https://web.archive.org/web/20180325141949/https://www.mlat.info/
Extradition: https://qz.com/97428/map-how-to-stay-out-of-reach-of-us-extradition-treaties/ Note that they could probably use a third country that has treaties with both the US and the country where the operator is located.
The NSA also works to gather information before it is encrypted, or to weaken random number generators and encryption schemes. https://www.schneier.com/blog/archives/2013/09/good_summary_of.html https://www.zdnet.com/article/has-the-nsa-broken-ssl-tls-aes/ https://www.schneier.com/blog/archives/2012/03/can_the_nsa_bre.html Intel ME is a good example, also keyloggers, hardware surveillance devices. https://news.softpedia.com/news/intel-x86-cpus-come-with-a-secret-backdoor-that-nobody-can-touch-or-disable-505347.shtml Intel ME can be set to disable (ironically thanks to NSA), but since it’s proprietary, you can’t be certain. AMD and other chip makers likely have similar subsystems. https://privacysos.org/blog/did-this-tor-developer-become-the-first-known-victim-of-the-nsas-laptop-interception-program/
Oh and NSA is allowed to share with FBI. https://www.rt.com/usa/373644-new-rules-access-nsa-data/
:france-cool:
Moon of Alabama has pointed out protonmail showing its ass over the Ryanair Belarus scandal
also
This site’s purpose is to discuss politics, economics, philosophy and blogger Billmon’s Whiskey Bar writings.
Some time ago, the commenting at Billmon’s Whiskey Bar became a bit excessive. Billmon therefore closed the comments at his place on June 29, 2004. The community of commentators was left behind to search for a new place.
Moon Of Alabama was opened as an independent, open forum for members of the Whiskey Bar community.
Bernhard started and still runs the site. Once a while you will also find posts and art from regular commentators.
Whiskey Bar (from Wikipedia):
Billmon is the pseudonym of an American blogger who wrote commentary on various political and economic issues of the day from a left-wing perspective. His blog was called Whiskey Bar.
So they’re a weird leftover from a blog that doesn’t exist anymore?
edit: the original blog shut down in 2006 lol
Trusting a company to be truly secure is, unfortunately, a terrible idea. They exist in a world where they can be compelled to cooperate or be shut down. They’ll make the choice that continues to make some money.
Also any claim of no logging may as well be marketing nonsense. There’s no way to verify it, logs have to be kept to some extent atleast for a little while to allow functionality, and adversaries may compel or compromise and thus create logs.
