Saki

As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.

Paradoxically, U.K. lawmakers have created these new risks in the name of online safety.

The U.K. government has made some recent statements indicating that it actually realizes that getting around end-to-end encryption isn’t compatible with protecting user privacy. But

The problem is, in the U.K. as in the U.S., people do not agree about what type of content is harmful for kids. Putting that decision in the hands of government regulators will lead to politicized censorship decisions.

The OSB will also lead to harmful age-verification systems. This violates fundamental principles about anonymous and simple access

See also: Britain Admits Defeat in Controversial Fight to Break Encryption

Why did you remove the “How do I start mining monero?” post?

Because the OP may have been a child? Or simply because it should have been asked in Monero Mining rather than in Monero? Or perhaps because the question was trivial (too basic)?

While I do feel (a few more) rules are necessary here, I’d like them to be explicit and transparent, if possible. Thank you.

Although the UK government has said that it now won’t force unproven technology on tech companies, […] the controversial clauses remain within the legislation, which is still likely to pass into law.

the continued existence of the powers within the law means encryption-breaking surveillance could still be introduced in the future.

So all ‘until it’s technically feasible’ means is opening the door to scanning in future rather than scanning today. It’s not a change

The implications of the British government backing down, even partially, will reverberate far beyond the UK

“It’s huge in terms of arresting the type of permissive international precedent that this would set […]. The UK was the first jurisdiction to be pushing this kind of mass surveillance. It stops that momentum. And that’s huge for the world.”

[The linked article has a lot of ads. You may want to disable JS.]

This case, alongside the proceedings against the TornadoCash developers, highlights how digital service providers and software developers are being increasingly targeted by law enforcement for offering products and services with potential for misuse despite not being directly involved in said misuse.

The Tornado Cash mixer, an Ethereum-based tool designed to conceal cryptocurrency transactions, has been in legal trouble. The founders of Tornado Cash, Roman Storm, and Roman Semenov, have been indicted on charges including money laundering and potentially face up to 20 years in prison.

[...]

The sanctions imposed by OFAC freeze any assets held in Tornado Cash and prohibit transactions to or from the service. However, effectively shutting down the service is challenging. Despite the ban, Tornado Cash continues to be used, with reports of it being leveraged for laundering unlawfully acquired crypto assets.

Those kinds of lawsuits set precedents dangerous for those involved with offering services and developing software meant to ensure privacy, anonymity, and permissionlessness — the core tenets of the cypherpunk movement that Bitcoin (BTC) was born in. Many in the crypto community raise concerns that it may lead to prosecutions against encrypted messaging services, privacy-centric cryptocurrencies, such as Monero (XMR), and web hosting services that do not snoop on their customers.

This kind of pressure may render the development of a cryptocurrency ecosystem free from control as originally envisioned much harder in a world where political dissidents, journalists, and many other vulnerable categories rely on them.

The Tornado Cash incident occurred in August, 2022, just around Monero HF. In Tornado Cash Civil Decision Limits the Reach of the Treasury Department’s Actions while Skirting a Full First Amendment Analysis dated August 25, 2023, EFF says: “A District Court recently considered a civil claim that the Treasury Department overstepped when it listed Tornado Cash on the U.S. sanctions list. This claim took some steps, if not enough, to address EFF’s concerns about coders rights.”

Windows user who'd like to try Tor + wallet etc.: if this is your first time, it may take like 10-20 minutes, but everything is easy.

Although there may be a easier shortcut (see below), the regular way is like this:

1. Go to https://www.torproject.org/download/tor/ and get a "Tor Expert Bundle" (get one that says 64 if your CPU is 64-bit). To open this ".tar.gz" file, you may need a tool like 7-zip. (*1)
2. Open (decompress) it to get a .tar; open (untar) this .tar, and you'll see two folders ("data" and "tor") there. Copy these 2 folders (with everything inside them) to a new folder, created wherever you like.
3. Open the "tor" folder, and double click on tor.exe. If asked, allow it to run and allow it to make remote connections. A text-based window (console) appears with status messages (read them to see if it's working). That's it. You're now running your own copy of Tor.

Once this is ready, you can optionally Tor-ify any tool that supports proxy (Socks5) server. Go to the "Network" or "Proxy" settings of the tool (e.g. Monero Official GUI), and input the proxy server address "127.0.0.1" (without quotes), port number "9050", and if necessary, select the type of your proxy, "Socks5". Your login name and password (if asked) can be empty or anything random (*2).

(*1) Technically, you're supposed to verify a PGP sig here. For now, let's say if you download a file from (archive.)torproject.org, it should be safe.

(*2) Similarly, you can Tor-ify other tools, e.g. a chat tool, a BitTorrent client. A regular browser can be also Tor-ified but that's a bit tricky and usually unnecessary: for web browsing, using Tor Browser is a good idea.

Official GUI vs. Feather (about Tor)

• Official GUI: Tor is not used by default. You'll have to do manual settings and run your own copy of Tor, like above.
• Feather: Tor is used automatically. That's easy. However, according to the docs, Tor is NOT ALWAYS used by default, unless you select "Always over Tor" or you're on Tails, etc. Another potential problem of Feather is, if you automatically use Tor coming with Feather, you might be stuck with an old version of Tor. This is because Tor tends to be updated more often than Feather. A solution is…

The same page states:

Feather releases are bundled with a Tor binary. If the presence of a local Tor daemon on the default port (9050) is not detected, Feather will place the bundled Tor binary in the config folder and run it on port 19450.

This should mean, if Tor is already listening to 9050, then Feather will just use it. So, if you'd like to: Feather + Latest version of Tor = also easy (just like Official GUI + Tor).

Elsewhere I saw some kind of confusion like "Feather does everything via Tor, yet it's fast" "Since Feather does everything via Tor, don't use it on Tails, which is already on Tor" etc. etc. and felt that this should be clarified and the fact should be shared. This confusion about Tails is kind of understandable, though.

A possible shortcut: If you already have Tor Browser, and if you start it, Tor Browser's Tor is listening to 9150 (I think). Thus you should be able to do wallet etc. + Tor 9150 (instead of 9050), if you don't mind always opening Tor Browser. This might feel easier…

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

Having free and open-source tools and a decentralized way of fighting back and reclaiming some of that power is very important. Because if we don’t resist, we’re subject to what somebody else does to us

While Tor is useful in several situations, probably we shouldn't believe in it blindly. For clearnet, LibreWolf is a great option too, and I2P might be the future.

The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
2. Alice prepares her plain text message locally: Alice.txt
3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
7. He types his reply locally (not directly on the messenger): Bob.txt
8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

Congress is trying to push through a swarm of harmful internet bills that would severely impact human rights, expand surveillance, and enable censorship on the internet. On July 20, we’re launching a week of action to get loud about our opposition to legislation like KOSA and EARN IT and demanding that Congress focus on passing badly needed comprehensive privacy legislation to actually protect us from the harms of big tech companies and data brokers, instead of pushing through misguided legislation before August congressional recess.

Can someone explain what this does using only two words?

google extortion

more ads

surveillance capitalism

See also: Web Environment Integrity API Proposal | Hacker News