You may have also heard of a tool with a similar goal, known as torsocks, which works by overwriting all network-related libc functions in a way to route traffic over a SOCKS proxy offered by Tor. While this approach is a bit more cross-platform, it has the notable downside that applications making system calls not through a dynamically linked libc, either with malicious intent or not, will leak data.

We're very happy to share Techlore's video review of the BusKill Kill Cord.

Can't see video above? Watch it on PeerTube at neat.tube or on YouTube at youtu.be/Zns0xObbOPM

Disclaimer: We gave Techlore a free BusKill Kit for review; we did not pay them nor restrict their impartiality and freedom to publish an independent review. For more information, please see Techlore's Review Unit Protocols policy. We did require them to make the video open-source as a condition of receiving this free review unit. The above video is licensed CC BY-SA; you are free to redistribute it. If you are a video producer and would like a free BusKill Kit for review, please contact us

To see the full discussion about this video on the Techolore forums, see:

• discuss.techlore.tech/t/buskill-secure-your-laptop-in-seconds

Support BusKill

We're looking forward to continuing to improve the BusKill software and looking for other avenues to distribute our hardware BusKill cable to make it more accessible this year.

If you want to help, please consider purchasing a BusKill cable for yourself or a loved one. It helps us fund further development, and you get your own BusKill cable to keep you or your loved ones safe.

Buy a BusKill Cable
https://buskill.in/buy

You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our BusKill Store's .onion site.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

With the current TOS fiasco of Mozilla it seems there is a brigade to other forks or Brave. What's your current browser of choice and why?

Okey, I know this is a bit beside the typical scope of this community. However sometimes it's nice to take a step back, zoom out and reflect on why preserving and creating our privacy matters. This video certainly gave me a different perspective on some things, and I hope you will find it useful too.

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #009

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2025-01-14
Period: 2025-01-01 to 2025-06-01
Expiry: 2025-06-30

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is January 14, 2025.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

14 Jan 25 01:01:33 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
A Miracle? Pope Francis Helps Transsexual Prostitutes in Rome
Boost for the Right Wing: Why Did a German Newspaper Help Elon Musk Interfere in German Politics?

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
What an Upended Mideast Means for Trump and U.S. Gulf Allies
Russia and Ukraine Battle Inside Kursk, With Waves of Tanks, Drones and North Koreans

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Gaza ceasefire deal being finalised, Palestinian official tells BBC
Watch: Moment man is saved from burning LA home

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
0000000000000000000042db9e17f012dcd01f3425aa403e29c28c0dc1d16470

Footnotes
=========

[1] https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmeFuPcACgkQaLi8sMUC
OQXctQ//Zv7RZXPKMMyjMjfE2LjrL6RVESIZMT2tUO/y0wx8XTXKBpgOA7fTh2eC
BHkLajpU/S3LOb+wBniuo29tpGJHG5MBWDwyNUAWXqZfJ/A9YNikNYq9lOn6nKSH
oHyLB8h2nP9rfQ2wXUtN6lFJVKWU5Ef5pjMQb8flJO2kbou7QpgcOzxvRqrXOUcN
UumjSlDTtwIOYOX+Ee8SamI4LyApOlwxIGMbFcbRMcJNhtioS4qCGNGw1pqhvqmF
pi1kIaqd79I8y1U9ufncvC+pbCEvRdo+wb7ZsXA9ZYpYfJSQJzSkdCGgkbe0b1Tx
6CNlcgoXIVaEH6/W+C2DFlyG1u4JuH22eXIrloYnjOxlqSJCd0Dw1EeO33tg3xg3
tfeO9pGOcZPOwlBL509VlE9z6W3czyKJk7Z4RwYXCFYWWi8vlHvRQg0LNu0C4Jyw
fRV2LlMSeUgBz9xyE62jh/BUNZzXsD0ntprR1eRTkeW4kOGEc6Wql4lBKE08sajT
YdgTi4ojrcfTdS7Sgzh1Onh5h/nF7hoyCX0lINgyTrJFMynC6qadTZtiJ2yO8GT+
Ovk9ZJMggBMNr4Vbw6CyrU/4yYMyrEd5dzXYZLZ41lMMpjwM8OBJ/yp1pcGo9vk4
NTAjUQUvOj6nrA/r3j2ywFMDZtFR/jBjXULWE77ca3iJmc/FUdg=
=xahN
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Chainalysis uses the fee structure to analyze monero transactions. I thought using the fees hardcoded into monero-gui should be fine, but x0.2 does not show up at all, x200 is less used than x100 (even though not available in the gui, but x200 is).

I guess these fee multipliers are used by other wallets a lot.

Is x1 the safest to use? Is the gitter in between caused by "automatic" transaction priority? Would it increase privacy to sync fee structures between different clients?

Very insightful interview from Whitney Webb (last part of the show). We are already starting to see the same pattern that we’ve seen with Trump’s first term where Trump surrounds himself with deep state figures to advance the surveillance state agenda. At which point liberty-minded Trump supporters will start questioning the role played by Trump?

https://www.youtube.com/live/8BqVnOu1WBs

Hey everyone,

Von der Leyen just secured a second term as EC President, and I'm beyond frustrated. Let's break this down:

1. Privacy nightmare:

• Pushing for Chat Control: Goodbye, digital privacy! This move threatens to undermine end-to- end encryption, making our private conversations vulnerable.

• eID System: This essentially paves the way for mass surveillance, linking our digital identity to nearly every online activity.

• Data Retention Revival: Trying to bring back data retention ignores the EU Court of Justice's stance on its incompatibility with fundamental rights.

• Europol's Mass Data Collection: Europol gets a free pass to collect massive amounts of data without sufficient oversight. This is a dangerous precedent.

• AI Act and Biometric Surveillance: Supporting biometric mass surveillance within the framework of AI regulation is a direct path to an Orwellian society.

2. Corruption allegations:

• Shady Pfizer Vaccine Deal: A €35 billion deal with Pfizer, shrouded in secrecy. Why are we not demanding transparency here?

• Refusing to Disclose Texts with Pfizer CEO: Transparency shouldn't be optional, especially in public health matters.

• EU Courts vs. Von der Leyen: EU courts have called her out for breaking the law. Why is this not a bigger deal?

• Piepergate: The controversy surrounding the EU Envoy is troubling and raises questions about integrity and accountability.

We deserve a leader who champions our rights as non-negotiable and upholds transparency as a fundamental duty, not one who treats our freedoms as expendable and accountability as an inconvenience.

What are your thoughts on this?

What will another five years of Von der Leyen bring us?

Sources:

Privacy:

European Digital Identity

Is eID Building Trust or Invading Privacy?

Heise Article about data retention (German)

Europol's Data Retention Critique

EDRi on the AI Act

Von der Leyen Rejects Criticism on Biometric Surveillance

Corruption:

PfizerGate Vaccine Scandal

EU's Top Court Rules Against the Commission

Politico on PfizerGate

Patrick Breyer on Digital Age Misunderstandings

Corporate Europe on Piepergate

“It is completely absurd to inflict mass surveillance on the general public under the premise of fighting theft.”

It comes at a cost to the privacy and civil liberties of the people of Britain.

I was kind of blown away to what length the developers go to ensure your communication is as safe/secure as possible (while still delivering a very useable app).

This is an interesting article for anyone trying to navigate the banking system and KYC rules that not only affect crypto but also the ACH fiat money transfer system.

The right time to start protecting your digital privacy is before your trip […] The simplest and most reliable precaution against border searches is to reduce the amount of information that you carry across the border.

Sometimes law enforcement officials achieve so-called “consent” by being vague […] You can try to dispel this ambiguity by inquiring whether border agents are asking you or ordering you […] If an agent says it is a request only, you might politely but firmly decline to comply with the request.

If you are a U.S. citizen, border agents cannot stop you from entering the country, even if you refuse to unlock your device, provide your device password, or disclose your social media information. However, agents may escalate the encounter if you refuse.

If you elect to comply with a border agent’s order to unlock your device, provide your password, or disclose your social media information, you can inform the agent that you are complying under protest and that you do not consent.

It is possible that if you unlock your device, and agents then search your device, a court will rule that you consented to the search. […] As noted in Part 1, the best way to avoid an inadvertent “consent” to search is to decline to unlock your device, provide the device password, or provide any social media information.

Technically, you don’t even need to admit that you know the password.

If you believe that border agents violated your digital rights at the border, please contact EFF at borders@eff.org.

See also:

• https://www.eff.org/document/eff-border-search-pocket-guide
• https://www.eff.org/issues/border-searches
• https://monero.town/post/402125 Fifth Circuit says law enforcement doesn’t need warrants to search phones at the border

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm.

As usual, Google did not publish details about the attacks exploiting the flaw in the wild.

See also: https://www.cert.europa.eu/publications/security-advisories/2023-100/

This vulnerability also affects Chromium-based web browser such as Microsoft Edge [3], Brave, Opera, and Vivaldi.

NOTE: This is about the Fifth Amendment protection against self-incrimination after a search warrant for someone’s cell phone is procured; not about digital privacy in general at the U.S. Border (a warrantless search).

See also: https://monero.town/post/1134494 EFF to Supreme Court: Fifth Amendment Protects People from Being Forced to Enter or Hand Over Cell Phone Passcodes to the Police

Now before the House, HR 6570 proposes to reauthorize Section 702 for three years — but with reforms including requiring all US intelligence agencies to obtain a warrant before conducting a US person query.

a competing bill, the FISA Reform and Reauthorization Act of 2023 (HR 6611), doesn't include a warrant requirement — and, in fact, includes language that many worry could be used to force private US companies into assisting in government-directed surveillance

Bis zum Jahr 2030 will die EU allen Bürger:innen eine „European Digital Identity Wallet“ (ID-Wallet) zur Verfügung stellen. Sie soll on- wie offline bei Verwaltungsgängen und Bankgeschäften, aber auch bei Arztbesuchen, Alterskontrollen oder beim Internetshopping zum Einsatz kommen.

(By 2030, the EU wants to provide all citizens with a “European Digital Identity Wallet” (ID wallet). It is intended to be used online and offline for administrative procedures and banking as well as medical visits, age verification, and internet shopping.)

The article (in German) is mostly about eIDAS 45
Cf. https://monero.town/post/1018961 Last Chance to fix eIDAS: Secret EU law threatens Internet security

(There are many English articles about it; see e.g.
https://mullvad.net/en/blog/eu-digital-identity-framework-eidas-another-kind-of-chat-control )

Though not the main topic of the article, this “ID wallet” thing sounds disturbing. (EU politicians calls a normal wallet “unhosted wallet” and don’t like it very much.)

Retroshare establish encrypted connections between you and your friends to create a network of computers, and provides various distributed services on top of it: forums, channels, chat, mail... Retroshare is fully decentralized, and designed to provide maximum security and anonymity to its users beyond direct friends. Retroshare is entirely free and open-source software. It is available on Android, Linux, MacOS and Windows. There are no hidden costs, no ads and no terms of service.

A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies.

The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them.

Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot

These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic

This enables the government of any EU member state to issue website certificates for interception and surveillance

https://www.internetsociety.org/resources/doc/2023/qualified-web-authentication-certificates-qwacs-in-eidas/

The browser ecosystem is global, not EU-bounded. Once a mechanism like QWACs is implemented in browsers, it is open to abuse

https://en.wikipedia.org/wiki/EIDAS

The proposal would force internet companies to place a backdoor in web browsers to let them perform a man-in-the-middle attack, deceiving users into thinking that they were communicating with a server they requested, when, in fact, they would be communicating directly with the EU government. […] If passed, the EU would be able to hack into any internet-enabled device, reading any sensitive or encrypted contents without the user's knowledge

See also: https://mullvad.net/en/blog/2023/11/2/eu-digital-identity-framework-eidas-another-kind-of-chat-control/

[Edit 2: Read the admin’s “reasoning” and comments here or see PS below. The clearnet site is up again. The onion versions = 100% up tme for me]

[Edit: As of writing this (2023-11-01) their clearnet server is down, while the onion version is working. Cock.li is exactly like this… Relatively rarely but randomly it’s down. Kind of irresponsible but it’s just like that. Interestingly, though, onion is up and clearnet is down. Usually opposite.]

Onion http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/

Cockbox on kycnot.me - https://kycnot.me/service/cockbox

(From their webpage)

Cock.li is your go-to solution for professional E-mail and XMPP addresses. Since 2013 cock.li has provided stable E-mail services to an ever-increasing number of users. Cock.li allows registration and usage using Tor and other privacy services (proxies, VPNs) and thanks to continued funding by its users is certain to stay free forever.

Cock.li (aka Cockmail) is a Tor-friendly, privacy-focused, soon-to-be-10-year-old free email provider (IMAP, POP, XMPP, Webmail). Although currently (since around 2021) a new registration is invite-only, the admin @vc now states on their website:

E-mail is a Human Right!

Oppressive governments are using dirty tricks to try and force e-mail providers to require phone numbers or other controlled integrations to register. We will never allow these crimes against our userbase. We will stand up for the right to register for e-mail without being surveilled, and demand this right to be recognized globally. Public registration re-opens on cock.li's 10th birthday, 20 November.

Probably people here know this service pretty well, but some important points:

• Their email addresses are sometimes blacklisted when you want to use them, because in the past the service was abused by spammers. So this provider may not be suitable for normal users/normal usage. Its “technical scores” may be low too, when checked e.g. via https://internet.nl/mail/ If you think this is sketchy and its name is weird, it is. It’s not for you, so please just ignore it.

• A cock.li account may be great to have if you want to sign up and use it anonymously always via onion (something you can’t do with Proton or Tutanota), perhaps with PGP. Maybe great to use on Tails OS too.

• Their service was not very stable in the past. In recent years, it’s been rather stable and very fast even via onion. Pop/Imap via Tor works perfectly. Cock.li onion may load 100 times faster than that of Proton.

• Custom domains are not supported! Consider Disroot or Tutanota if you need them and would like to pay with Monero.

• They are one of the earliest v3 onion providers. In contrast, Proton was so slow to migrate from v2 to v3 (even after v2 got obsolete). Cock.li is also one of the oldest mail providers that started accepting BTC and XMR donations. So probably they’re extremely well-funded (you know why).

• If you use Thunderbird, set up your account manually (its automatic setup probably doesn’t work right).

For more info, visit their webpage. Please DO NOT abuse this based cypherpunk service.

PS. Vincent Canfield (vc@shitposter.club) wrote on September 23, 2023:

Good morning, CISA is now calling cock.li a "Malicious E-mail Domain" and implies this is because it's not "publicly available". So, cock.li will once again open to the public on its 10th birthday, 20 November. #StopRansomware

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a

For those who don't remember, a previous CISA advisory which recommended "service providers strengthen their user validation and verification systems to prohibit misuse of their services" shortly predated cock.li going invite only.

https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-116a

I'm sure if cock.li added phone number verification these joint statements would go away. Everyone sees what's happening, you want to force all providers to link to identities so you can surveil people. Cock.li is never adding that bullshit.