06:13:58 Imagine using an unencrypted messenger for this 07:26:21 Imagine using IRC in 2024. 07:27:04 >mocks Telegram users for lack of E2EE 07:27:12 >types the mocking from IRC 07:27:19 🫡😂 07:27:56 This is a public room, why bother with encryption? 07:38:15 IRC is a public channel though - it makes sense. Telegram lacks encryption IN DMs. 07:39:04 What is mockable in IRC? What is mockable is messengers that KYC their users and cannot be hosted independently. Although Libera being big does concern me, ye. 07:52:18 encryption is of relevance when we talk about private use, but in public chatrooms that doesnt matter, as it's regarding public use. 07:52:18 but in the sense that you can use IRC anonymously but not telegram, it makes irc a better choice if the goal is anonymous use 07:52:31 encryption is of relevance when we talk about private use, but in public chatrooms that doesnt matter, as it's regarding public use. 07:52:32 but in the sense that you can use IRC anonymously but not telegram (due to the KYC), it makes irc a better choice if the goal is anonymous use 07:53:50 I bought a phone number from https://stealths.net/product/virtual-phone-number and used it to sign up for telegram lmao 07:55:14 yea the only way to have an anonymous phone number, is like that: 07:55:16 image.png 07:55:20 $15? Can't you use one of those SMS websites 07:56:55 hmm which ones? 07:58:03 I don't want to shill any of them because they're sketchy and have high minimum deposits 07:58:04 but yes telegram/signal don't really count as "anonymous" since it requires a phone num 07:58:26 but you can get phone numbers for a few cents 07:58:33 yee they all look shady. stealths.net was sponsored in monerica i believe 07:59:13 but then you have a paper trail of a credit card transaction that you bought a phone num with them 08:00:22 credit card? the backend to these websites are literal russian phone botnets, they all accept crypto 08:00:41 oh ok i assumed incorrectly 08:02:24 im curious now 08:04:20 dang i feel ripped off XD 08:06:28 meh, I haven't seen any accepting XMR 08:06:56 starlingfarchecker, you'd need a clear mobile phone too, these fuckers won't let you in from desktop. Unlike - guess what! - IRC. 08:07:03 you'd be paying that $15 in swap fees and BTC network fee 08:07:32 That's why XMR FTW. 08:07:43 and the minimum deposit 08:08:38 strawberry, kycnot.me usually has a collection. Have found VPSes for Monero there, have not looked at numbers because I see phone-bound messengers as a lost cause but probably there are some. 08:09:51 (Btw after learning XMR I think that I would keep using XMR even when I can use my card abroad again. It just is more comfortable knowing it cannot be charged without your consent) 08:11:03 it never made sense to me how credit cards can be that insecure and remain in use 08:11:18 Signal at least has signal-cli, no idea whether TG has that. If you used it from the same phone as your main account - it's the same KYC. I just see it as a lost cause and "that one messenger that is a public space but that I cannot get rid of because of uni". 08:12:12 strawberry, debit too! That is why I use cash even in online stores, unless it is really unavoidable. I did have to prepay one item recently, and for such cases I have a card that is pretty much always empty. 08:12:53 For XMR, it's domain registrars that I still have trouble with. 08:14:08 reject DNS, use onions 08:15:08 Not practical. Then I would only be able to communicate with other onions, which is a large handicap. 08:15:31 yeah :( 08:15:51 That is why I still needed to follow the sad system. 08:15:55 DNS is just awful on so many levels, wish we could do away with it 08:16:00 ye indeed 08:16:17 Similar for the system of cert authorities. 08:16:32 I was just about to compare it with those 08:16:47 like who decided that only these companies get to be registrars? 08:16:56 bunch of cronies 08:18:11 Well, you technically can be your own registrar. Heard that some criminals (Paul Le Roux?) did that just so that their shady sites won't be taken down as easily. 08:20:09 buying TLDs is crazy too, how come google get to have .google, .gle, .goog, etc? 08:20:20 ye 08:21:11 buy them in a non-KYC way : tor only, payments in monero only 08:21:36 they're selling TLDs for Monero!? 08:21:37 setup the dns in non-KYC VPses too, you can maintain anonymity and admin clearnet services just fine 08:21:55 there are a few non-KYC registrars selling domains for monero yea 08:22:02 im currently at nicevps.net for instance 08:22:13 i was at incognet.io before 08:22:35 I'm talking about the part after the dot 08:23:27 https://nicevps.net/products/cat/domains 08:23:45 bro i wanna see that .xmr site 08:26:18 Tor is kinda unnecessary - I do connect to my domain from home all the time anyway. 08:26:28 But ye, did rent mine for XMR. 08:27:05 Because I don't know other cryptos mostly. And don't know how thorough the background checks for normal registrars are, 100% putting fake info there. 08:27:34 I got away with putting nonsense info on Namecheap, I doubt most of them check 08:27:49 anonymity is a very strict practice yea, the moment you ID yourself (with your home ip for example) while using a specific online persona, anonymity is lost for that persona 08:28:02 Large part of why I need this VPS is as a proxy to get to blocked sites, using it with Tor would mean slowijg everything - including media - down. 08:28:23 nihilist, depending on a threat model though. 08:28:53 well yea, but depending on how well opsec is being practiced mostly 08:29:23 I don't need much "opsec" per se, because the domain and VPS are actively used from my hope IP. 08:29:33 they would email me every year about URGENT NEW REGULATIONS asking me to add a phone number, never did, site still up 08:29:44 bruh 08:30:31 yea depends on the usecase, different usecases (public, private, anonymous, sensitive) all come with different technological requirements 08:30:44 My main threat is the registrar itself potentially ceasing service because of my location - thus phone numbers are a "no" and address has to be a real one but in the country of my VPS. 08:31:06 I renewed it in a rush again though, so I guess transfer is delayed until next summer. 08:35:39 i have these 2 tutorials on opsec in general (without going into too much detail) 08:35:40 https://blog.nihilism.network/servers/opsec4levels/index.html 08:35:42 https://blog.nihilism.network/servers/internetsegmentation/index.html 08:35:44 i'll try to present them on monerotopia if tux accepts my request :^) 08:36:22 Btw I think that seizing a domain manually is unlikely, since I have only mundane communication services and a harmless hobby website. What I am afraid is a blanket ban. It has not happened to registrars to my knowledge, but read that Hetzner left a thick hint to change the address to one in another country, so would not be surprised if the address was what a registrar doing the same would act by. 08:37:22 I like reading about opsex in theory, and think I do have a nice grasp on the basics at least) Just very thankful I don't have to apply this in actual defense. 08:38:16 i feel like the topic of opsec is largely misunderstood / misrepresented / not taken seriously in general 08:39:02 Ye 08:40:02 What I really dislike is "if "they" want to get you, they're getting you anyway, why bother protecting yourself?" That is worse than "I have nothing to hide". 08:40:40 (Also btw I am not very extreme on this irl) 08:41:09 that's the defeatist way to go about it, "eh it dont matter", mostly argued by people who dont want to put any effort changing their way of doing things 08:41:55 no, if you implement the right tech, and use it the right way, you can get privacy, anonymity, and plausible deniability, All ti takes is you are willing to go and implement whats needed 08:42:08 Yes, indeed. 08:42:56 I honestly don't know how well I am doing now myself. 08:43:47 https://matrix.monero.social/_matrix/media/v1/download/m.datura.network/QtdHvPBjfvtYMdwWQEzLGQWt 08:45:34 Also I cannot really tell how well I am doing because I don't really communicate with a lot of people, aside from IRC, XMPP, Matrix and sometimes Simplex. 08:45:47 very simple: 08:45:48 if you use closed source software = your actions are public 08:45:50 if you use open source only + you've made sure you're not being spied on = your actions (at least locally) are private 08:45:52 if you ID'd yourself anywhere along the way, you're not anonymous while using some service 08:45:54 if your computer can be taken away from you and whats found in it can be used against you (even if forced to type a password) you cant have plausible deniability 08:45:59 Yes, I assume such. 08:46:51 I do have Telegram, for example, and treat it as a public space since it is effectively under my passport. The phone is a public space too. E-reader might've been one too but it was never allowed online. 08:47:29 Laptop has a spyware-less distro, it is fine. 08:49:11 seems like a bad definition since all Intel+AMD are running closed source software 08:49:51 yea there is a clear need for open source hardware, i've discussed that on monero talk yesterday 08:49:54 we do with what we have man 08:49:57 Plausible deniability is not really a thing in face of $5 wrench method, but even without your decrypted drive they can make up any case they want against you. So... Interacting with LE is outside my threat model completely, they would absolutely wreck a weak person like me, both physically and mentally. Maximum I can do is not do anything dangerous - this is just not for fragile ingenues. But this is a roulette anyway. 08:50:11 gotta wait for the riscv explosion 08:50:17 Ye 08:50:38 unless you go full tinfoil hat with arm/riscv, you will be stuck with me, fsp, other junk in boot process 08:50:48 Yes, this is understandable. 08:50:50 yea what i propose works if you live under a government that respects human rights 08:51:01 if you live in china and use a vpn or tor you're crucified JUST for using the technology 08:51:27 but in a democracy they don't ban it, they need to figure out what you're doing with it to use it against you 08:51:49 At least from what I know, it is not actively siphoning data off, but it can be an additional and unfixable attack vector if you're targeted. I am more concerned about mass surveillance specifically on my level though. 08:52:34 nihilist, nah, here everybody and their mom uses VPNs, this is just to be expected. Also hearf that even in China, some VPNs can work uncensored. 08:53:27 man you've got no idea how far the chinese government is willing to go to spy on, and censor the internet over there 08:53:56 Recently read about XRay and things like it and how they bypass the Firewall. Our guys are nowhere near as competent so Firewall probably is not happening in its mightiest form. So I just have instructions saved to set up a few utilities that are decidedly overkill. 08:54:18 nihilist, ours censors a lot too, and they're just as ruthless. 08:54:34 I mean people still do that despite the efforts. 08:54:56 theres this great ressource here regarding censorship evasion in china https://github.com/net4people/bbs/issues 08:55:14 its actively updated too 08:55:35 I believe I saw this one sometime during researching evasion methods. 08:56:24 but yea in chinese citizens case, the risks are too high i dont recommend them trying to use privacy/anonymity tech just due to how ruthless and anti human freedom the government is 08:56:36 https://matrix.monero.social/_matrix/media/v1/download/monero.social/XOckxQPJGjkyLdXmmEtdowtD 08:56:52 I just noticed element’s app privacy 08:56:53 Ours are just as ruthless but nowhere near as organized/competent, so given that there are methods even in China - that makes me not really worry about this. Although given how fast it updates - I should indeed educate myself about whether there were new advances. 08:57:25 nihilist, they still do though. I guess you getbused to your fate being a roulette at least to an extent. 08:57:43 Element. Eww, Electron. 09:01:15 nihilist, but even in case of anonymity tools being truly and unavoidably dangerous - you pretty much must make your local environment private at least. 09:03:53 I once tried to bypass the great firewall of china while im in the hongkong airport by connecting to a wireguard vpn server i have running at home in the US lol. Sidenote i was surprised they blocked libgen 09:05:49 sometimes I feel glad not to be from China, then I remember PRISM has been a thing since 2007 09:07:18 Wireguard is very easy to detect and block though, it happened here for a little while. 09:07:58 That is why the main protocols make the traffic mimic https, also making sure there is no "double" encryption that is easy to detect. 09:08:27 strawberry, you at least have a chance to not disclose your encryption passwords, points for that. 09:08:48 snowden's leaked files are in i2p btw (tracker2.postman.i2p) . It's cool to peruse them 09:09:08 * BlueyHealer would be looking at GFW bypass updated posts today 09:09:13 pretty sure they can force you to disclose those in UK 09:09:15 i2p ftw 09:09:24 hell yeee 09:09:40 strawberry, no idea about the law here, but either way few people can resist physical pain long enough. 09:10:31 Either way not enganing in anything political at least. I know this is shameful but it is not a place for an ingenue. 09:11:56 Also mom warned me that recently there was a wave of provocators online, willing to provoke people to say openly what they shouldn't to later arrest. I should be wary of them in every chat I am in, but kinda feel more relaxed about it because logically they're more likely to be discovered on - again - Telegram or Whatsapp. 09:29:08 What do you guys think abt simplex 09:29:32 no idea how it works 09:34:59 I am concerned that everyone is on the same set of servers now, but I have my server set up, participate in a few groups and following development. Hope there would be lighter third-party clients. How the project is funded is a bit sus though. 09:41:13 https://simplex.chat/blog/20230422-simplex-chat-vision-funding-v5-videos-files-passcode.html 09:43:34 Reading it it seems they’ll charge for higher file transfer limits in the future? 09:45:03 They are also vc funded but i’m not sure if that’s inherently a bad thing 09:45:04 I’m biased since i kinda like their features 09:45:27 Would charging for such limits matter if anyone can host their own server? 09:45:45 I like their features too and it seems to work well so far. 15:08:19 We hit 25 members on our signal monero group if anyone wants to join too https://signal.group/#CjQKIMtPr_BcagCe6ARHnHOYXMzS-WMLFVndrjRX-QLye9foEhDjts9QEhsvErDn7i0oiZaV 15:09:25 no need to post it in every room 15:10:18 Oh I didn’t know how independent these rooms were 15:10:20 My bad 15:10:51 Interconnected is a better word 16:14:41 Thank you! I'll check it out. My opsec is awful, but improving gradually. 16:15:37 My opsec is sufficient for my realistic threat model I think, but no idea - I might actually be actively terrible. 16:16:59 crypto nerds will often describe how vulnerable you are and then attempt to sell a solution to you 16:18:24 Two months ago I was as googled as can be 16:21:05 if you take basic precautions you're in the top 1% already 16:22:07 Two months ago I was as googled as can be: gmail, drive, android, maps, fi 16:25:09 I don't really have a choice in having Android at least - no custom OSes. I do sometimes go with mostly a dumbphone though. 16:26:48 I just made the switch to running GrapheneOS, so at least google doesn't have any elevated privileges anymore. 16:39:37 I kinda want that, but even 7a is still $300 and only sold unofficially. 16:40:37 Best guide on opsec imo 16:40:46 https://anonymousplanet.org/guide.html 16:41:39 Its the guide that got me started on amonymity tryharding it goes into great detail 16:42:18 Preety good resource, on my blog I try to simplify it to the essentials though 16:43:28 https://github.com/jermanuts/bad-opsec 16:44:37 Aye, I first got hooked from their PDF too! 16:45:15 Think of just not using mobile in general. 16:46:27 Or maybe locking its traffic down and using it as just an mp3 player (well, that's what I basically did for a long time anyway, but it was just simless, not in perma-airplane mode) 16:47:29 I'm testing proton mail, drive, VPN, calendar, password manager. Got anonymous phone service. 16:50:23 I'm testing proton mail, drive, VPN, calendar, password manager. Got anonymous phone service (silent.link, collects no info, accepts XMR) 16:51:31 Just be careful not to end up just trusting another company just like you did Google. 16:52:07 Also I dislike Proton due to not allowing your mail client of choice. 16:52:20 Be aware that you can't be anonymous if the esim or simcard is next to you 16:53:49 I would just rather treat the phone service as exposed in general. There was KYC for it, but not just that. 16:54:16 I'm sure as long as my phone is not in airplane mode the IMEI is probably exposed. 16:55:03 That too. 16:55:39 And when you're saying about Proton - I just hope you're treating them as just another cloud and don't, say, upload your files unencrypted. 16:56:04 The moment the simcard is powered on and has gsm, the cellphone carrier knows where that simcard is at all times, so if it shows up at your house yknow ;) garlicbreadtornado: 16:57:32 ye 16:58:04 If you are in airplane mode you can still connect to wifi and imei exposed? 16:58:19 What I am really uncomfortable seeing is people swapping Google for other companies instead of just not trusting anyone in general and changing habits instead. 16:59:04 xmrfamily, wi-fis don't see that, imei is for cellular connectivity. But they can indeed track you in other ways, and phone can use them to determine its location too. 16:59:07 Don't do sensitive work on mobile? 16:59:15 Isn't proton fully encrypted in transit and at rest using my private key? 16:59:34 xmrfamily, I treat my phone as public space, ye. 17:00:30 Wifis can see mac and mac can be linked to imei? 17:00:39 Yeah you can spoof mac but most dont 17:00:48 garlicbreadtornado, the encryption of mail at rest is up to them, I wouldn't rely on that for anything serious. Also I am concerned that they want to have your private key on their servers - they say it's encrypted with your password but imo still should not be happening. 17:01:38 Serverside encryption is what incognito market did too 17:03:10 Not just that - I'd say encryption that happens on your device but by javascript you redownload every time counts as such too. 17:13:22 BTW heard in a podcast that apparently google services would be needed for managing an e-sim like this - is that true or I got confused? 17:14:44 Use a degoogled OS like GOS and you can use eSIM without google services 17:16:14 Yea, I remembered is as you needed the sandboxed ones that GOS can provide - am I misremembering/misunderstanding? 17:20:42 hello 17:22:19 Guess you're right 17:22:20 https://grapheneos.org/usage#esim-support 17:23:25 Says it doesn't require or communicate with google play 17:25:11 I have a grapheme phone too, you can use Aruba store or fdroid instead 17:25:24 Sorry aurora store* 17:25:40 Grapheneos is nice 17:26:16 garlicbreadtornado, how did you set it up? Did you do so without the sandboxed google services? 17:29:23 If I put aside for a moment that it’s technically possible to make powerful computers with simple tools and resources to manufacture (just requires a whole different paradigm of computing that you’ll have to figure out for yourselves), 17:29:24 You can still make simple but effective traditional computers with low compute and low memory in your garage. And with thoughtfully designed software you can certainly make due with that low memory. Practically all of the operations you’d want to perform can be computed with competitive asymptotic time complexity with O(p) space complexity , p = output bits, and with small const 17:29:26 ant factors for the exact complexity. 17:29:28 Rn monero isn’t really space efficient for this though. Although that could change if people wanted it, likely with some design trade offs depending on the approach taken. 17:29:30 If enough people are motivated to work with weaker hardware, I might be motivated to help. I could make guides for manufacturing and initializing. And I could develop the needed software with high space efficiency in mind. 17:29:32 Honestly though I just don’t think a significant number of people want do to all that work just for the sake of extreme privacy and security. Even people who care a lot about privacy, security, and self-sufficiency in the monero space don’t seem to be willing to forego the convenience of being able to buy powerful hardware made by someone else. 17:29:34 Personally I use typical computing hardware as my daily driver in relation to anything that interfaces in some capacity with the internet, one of the main reasons being it’s just less cumbersome that way since everything online already is interwoven around existing hardware and software infrastructure. 17:30:52 Specifically talking about eSIM? 17:30:52 If you toggle on eSIM support and use it to add eSIMs it uses some proprietary google thing for that function 17:31:00 Yeah you can do it yourself pretty easily so why buy for more expensive price too? You can flash from phone-phone with USB c cable pretty sure 17:32:08 > <@m-relay:monero.social> garlicbreadtornado, how did you set it up? Did you do so without the sandboxed google services? 17:32:08 Specifically talking about eSIM? 17:32:10 If you toggle on eSIM support and use it to add eSIMs it uses some proprietary google thing for that function. 17:32:12 Doesn't mean you have to enable or install any other google things 17:36:14 hardhatter, I saw instructions for such a low-power-conputer in the Radio magazine relatively recently) 17:36:49 I was put off by the lack of my own understanding of computers back then. 17:37:12 I saw radio as the way forward... But ye, it's regulated as hell so abandoned it. 17:37:49 garlicbreadtornado, yes, was asking about esim! And ye, having to use google services for that is concerning. 17:38:12 Do you have no Google services enabled at all now? 17:42:59 I'm in a transitional phase right now. I have all my Google stuff on my phone too since I rely on those tools. I'm also collecting potential alternatives and testing them. 17:49:15 Wish you luck) 18:08:10 Now to figure out Bisq. I want XMR 18:10:08 Use haveno dex directly man, you won't need to go through btc to get xmr 18:10:16 It can be directly fiat -> xmr 18:10:33 Ooh 18:11:00 https://blog.nihilism.network/servers/haveno-client-f2f/index.html 18:11:09 Check out this tutorial on how to use it 18:14:13 If you got a link I could check it out and comment on it 18:16:26 Thanks! I'll get that going! 18:20:32 Dammit that reminds me I need to figure out Qubes and Whonix too 19:21:13 Qubes is easy if you don’t care about actually running it securely 19:21:40 It’ll have ports blocked but it still works 21:33:23 i am using simple-monerod in docker and i keep getting errors like 21:33:24 ``` 21:33:26 2024-07-07 21:19:27.689 E Failed to get tx meta from txpool 21:33:28 2024-07-07 21:19:27.690 E internal error: error adding transaction to txpool: Error adding txpool tx metadata to db transaction: MDB_CORRUPTED: Located page was wrong type 21:33:30 2024-07-07 21:19:27.690 W Failed to query m_blocks: MDB_BAD_TXN: Transaction must abort, has a child, or is invalid 21:33:32 2024-07-07 21:19:27.690 E Exception at [core::handle_incoming_txs()], what=Failed to query m_blocks: MDB_BAD_TXN: Transaction must abort, has a child, or is invalid 21:33:34 2024-07-07 21:19:27.691 W Failed to commit a transaction to the db: MDB_BAD_TXN: Transaction must abort, has a child, or is invalid 21:33:36 2024-07-07 21:19:27.691 E Exception in cleanup_handle_incoming_blocks: Failed to commit a transaction to the db: MDB_BAD_TXN: Transaction must abort, has a child, or is invalid 21:33:38 2024-07-07 21:19:42.285 E Failed to get tx meta from txpool 21:33:40 2024-07-07 21:19:42.286 E internal error: error adding transaction to txpool: Error adding txpool tx metadata to db transaction: MDB_CORRUPTED: Located page was wrong type 21:33:42