Saki

exchanges may randomly use this to freeze and block funds from users, claiming these were "flagged" […]. You are left hostage to their arbitrary decision […]. If you choose to sidestep their invasive process, they might just hold onto your funds indefinitely.

The criminals are using stolen identities from companies that gathered them thanks to these very same regulations that were supposed to combat them.

KYC does not protect individuals; rather, it's a threat to our privacy, freedom, security and integrity.

• For individuals in areas with poor record-keeping, […] homeless or transient, obtaining these documents can be challenging, if not impossible.

PS: Spanish speakers: KYC? NO PARA MÍ

Cloudflare-free link for Tor/Tails users: https://web.archive.org/web/20230926042518/https://balkaninsight.com/2023/09/25/who-benefits-inside-the-eus-fight-over-scanning-for-child-sex-content/

It would introduce a complex legal architecture reliant on AI tools for detecting images, videos and speech – so-called ‘client-side scanning’ – containing sexual abuse against minors and attempts to groom children.

If the regulation undermines encryption, it risks introducing new vulnerabilities, critics argue. “Who will benefit from the legislation?” Gerkens asked. “Not the children.”

Groups like Thorn use everything they can to put this legislation forward, not just because they feel that this is the way forward to combat child sexual abuse, but also because they have a commercial interest in doing so.

they are self-interested in promoting child exploitation as a problem that happens “online,” and then proposing quick (and profitable) technical solutions as a remedy to what is in reality a deep social and cultural problem. (…) I don’t think governments understand just how expensive and fallible these systems are

the regulation has […] been met with alarm from privacy advocates and tech specialists who say it will unleash a massive new surveillance system and threaten the use of end-to-end encryption, currently the ultimate way to secure digital communications

A Dutch government official, speaking on condition of anonymity, said: “The Netherlands has serious concerns with regard to the current proposals to detect unknown CSAM and address grooming, as current technologies lead to a high number of false positives.” “The resulting infringement of fundamental rights is not proportionate.”

As enacted, the OSB allows the government to force companies to build technology that can scan regardless of encryption–in other words, build a backdoor.

Paradoxically, U.K. lawmakers have created these new risks in the name of online safety.

The U.K. government has made some recent statements indicating that it actually realizes that getting around end-to-end encryption isn’t compatible with protecting user privacy. But

The problem is, in the U.K. as in the U.S., people do not agree about what type of content is harmful for kids. Putting that decision in the hands of government regulators will lead to politicized censorship decisions.

The OSB will also lead to harmful age-verification systems. This violates fundamental principles about anonymous and simple access

See also: Britain Admits Defeat in Controversial Fight to Break Encryption

Libereco estas plej bona.

Just an old cliché :) Monero, je te choisis !

门罗币 就决定是你了！ ¡Monero, te elijo a ti!

2023-10-24 Testing https://www.imagebam.com/view/MEPORDX using this old post; not sure if direct links to images are okay with them. They seem to be Tor-friendly and one can upload images without registration, so if it works, it may be good to save server space/bandwidth of monero.town.

P2Pool v3.6.2 was released. There were no code changes since v3.6.1, but the MacOS aarch64 build and Windows build were re-compiled with the previous compiler same as in v3.5, to fix reported stability issues.

It is said: “If the previous version works fine for you, you don't need to update.” but even if you think v3.6.1 is working, you may want to carefully monitor the situation (e.g. Hashrate / CPU temperature) to see which compiler works better for you. It is possible that keeping using v3.6.1 is better for some users.

Apparently it is not yet proven that the new compiler is the culprit for this, though a compiler optimization-related issue is suspected.

Changes:

• macOS aarch64 build is back to using old compiler (same as in v3.5) to fix reported stability issues
• Windows build is back to using MSVC compiler (same as in v3.5) to fix reported stability issues

Release P2Pool v3.6.2 · SChernykh/p2pool · GitHub

EDIT (Clarification for Windows users)

• The previous (old) version (v3.6.1) was created with a NEW compiler, and is supposed to run faster (7-8% faster block verification), while there might be crashing bugs or other unexpected issues.
• The current (new) version (v3.6.2) was created with the OLD compiler (same as v3.5), and is supposed to run only as fast as v3.5 (so 7-8% slower block verification, than v3.6.1), although it might be stabler.

[The linked article has a lot of ads. You may want to disable JS.]

This case, alongside the proceedings against the TornadoCash developers, highlights how digital service providers and software developers are being increasingly targeted by law enforcement for offering products and services with potential for misuse despite not being directly involved in said misuse.

The Tornado Cash mixer, an Ethereum-based tool designed to conceal cryptocurrency transactions, has been in legal trouble. The founders of Tornado Cash, Roman Storm, and Roman Semenov, have been indicted on charges including money laundering and potentially face up to 20 years in prison.

[...]

The sanctions imposed by OFAC freeze any assets held in Tornado Cash and prohibit transactions to or from the service. However, effectively shutting down the service is challenging. Despite the ban, Tornado Cash continues to be used, with reports of it being leveraged for laundering unlawfully acquired crypto assets.

Those kinds of lawsuits set precedents dangerous for those involved with offering services and developing software meant to ensure privacy, anonymity, and permissionlessness — the core tenets of the cypherpunk movement that Bitcoin (BTC) was born in. Many in the crypto community raise concerns that it may lead to prosecutions against encrypted messaging services, privacy-centric cryptocurrencies, such as Monero (XMR), and web hosting services that do not snoop on their customers.

This kind of pressure may render the development of a cryptocurrency ecosystem free from control as originally envisioned much harder in a world where political dissidents, journalists, and many other vulnerable categories rely on them.

The Tornado Cash incident occurred in August, 2022, just around Monero HF. In Tornado Cash Civil Decision Limits the Reach of the Treasury Department’s Actions while Skirting a Full First Amendment Analysis dated August 25, 2023, EFF says: “A District Court recently considered a civil claim that the Treasury Department overstepped when it listed Tornado Cash on the U.S. sanctions list. This claim took some steps, if not enough, to address EFF’s concerns about coders rights.”

Windows user who'd like to try Tor + wallet etc.: if this is your first time, it may take like 10-20 minutes, but everything is easy.

Although there may be a easier shortcut (see below), the regular way is like this:

1. Go to https://www.torproject.org/download/tor/ and get a "Tor Expert Bundle" (get one that says 64 if your CPU is 64-bit). To open this ".tar.gz" file, you may need a tool like 7-zip. (*1)
2. Open (decompress) it to get a .tar; open (untar) this .tar, and you'll see two folders ("data" and "tor") there. Copy these 2 folders (with everything inside them) to a new folder, created wherever you like.
3. Open the "tor" folder, and double click on tor.exe. If asked, allow it to run and allow it to make remote connections. A text-based window (console) appears with status messages (read them to see if it's working). That's it. You're now running your own copy of Tor.

Once this is ready, you can optionally Tor-ify any tool that supports proxy (Socks5) server. Go to the "Network" or "Proxy" settings of the tool (e.g. Monero Official GUI), and input the proxy server address "127.0.0.1" (without quotes), port number "9050", and if necessary, select the type of your proxy, "Socks5". Your login name and password (if asked) can be empty or anything random (*2).

(*1) Technically, you're supposed to verify a PGP sig here. For now, let's say if you download a file from (archive.)torproject.org, it should be safe.

(*2) Similarly, you can Tor-ify other tools, e.g. a chat tool, a BitTorrent client. A regular browser can be also Tor-ified but that's a bit tricky and usually unnecessary: for web browsing, using Tor Browser is a good idea.

Official GUI vs. Feather (about Tor)

• Official GUI: Tor is not used by default. You'll have to do manual settings and run your own copy of Tor, like above.
• Feather: Tor is used automatically. That's easy. However, according to the docs, Tor is NOT ALWAYS used by default, unless you select "Always over Tor" or you're on Tails, etc. Another potential problem of Feather is, if you automatically use Tor coming with Feather, you might be stuck with an old version of Tor. This is because Tor tends to be updated more often than Feather. A solution is…

The same page states:

Feather releases are bundled with a Tor binary. If the presence of a local Tor daemon on the default port (9050) is not detected, Feather will place the bundled Tor binary in the config folder and run it on port 19450.

This should mean, if Tor is already listening to 9050, then Feather will just use it. So, if you'd like to: Feather + Latest version of Tor = also easy (just like Official GUI + Tor).

Elsewhere I saw some kind of confusion like "Feather does everything via Tor, yet it's fast" "Since Feather does everything via Tor, don't use it on Tails, which is already on Tor" etc. etc. and felt that this should be clarified and the fact should be shared. This confusion about Tails is kind of understandable, though.

A possible shortcut: If you already have Tor Browser, and if you start it, Tor Browser's Tor is listening to 9150 (I think). Thus you should be able to do wallet etc. + Tor 9150 (instead of 9050), if you don't mind always opening Tor Browser. This might feel easier…

In a well-intentioned yet dangerous move to fight online fraud, France is on the verge of forcing browsers to create a dystopian technical capability. Article 6 (para II and III) of the SREN [sécuriser et réguler l'espace numérique] Bill would force browser providers to create the means to mandatorily block websites present on a government provided list.

--France’s browser-based website blocking proposal will set a disastrous precedent for the open internet

[Unfortunately one should no longer trust Mozilla itself as much as one did 10 years ago. If you do sign, you might want to use a fake name and a disposable email address.]

This bill is obviously disturbing. It could be that eventually they assume that .onion sites are all suspicious and block them, or something similar might happen, which would be bad news for privacy-oriented users including Monero users, for freedom of thought, and for freedom of speech itself. Note that the EU is going to ban anonymous domains too (in NIS2, Article 28).

For a regular end user, if something like this happens and if the block is domain-name-based, then one quick workaround would be using web.archive.org (or Wayback Classic), or ANONYM ÖFFNEN of metager.de (both work without JS). If this is France-specific, of course a French user could just get a clean browser from a free country too (perhaps LibreWolf or Tor Browser, or even Tails), provided that using a non-government-approved browser is not outlawed.

Mozilla, financially supported by Google, states that Google Safe Browsing is a better solution than SREN, but that too has essentially similar problems and privacy implications; especially Gmail's Enhanced Safe Browsing is yet another real-time tracking (although, those who are using Gmail have no privacy to begin with, anyway).

If it's DNS-level blocking, you can just use a better DNS rather than one provided by your local ISP, or perhaps just use Tor Browser. Even if it's browser-side, as long as it's open-source, technically you're free to modify source code and re-compile it yourself, but that may not be easy even for a programmer, since a browser is complicated, with a lot of dependencies; security- and cryptography-related minor details tend to be extremely subtle (just because it compiles doesn't mean it's safe to use), especially given that Firefox/Thunderbird themselves really love to phone home behind the user's back.

See also: Will Browsers Be Required By Law To Stop You From Visiting Infringing Sites?

Having free and open-source tools and a decentralized way of fighting back and reclaiming some of that power is very important. Because if we don’t resist, we’re subject to what somebody else does to us

While Tor is useful in several situations, probably we shouldn't believe in it blindly. For clearnet, LibreWolf is a great option too, and I2P might be the future.

The Online Safety Bill, now at the final stage before passage in the House of Lords, gives the British government the ability to force backdoors into messaging services, which will destroy end-to-end encryption.

Requiring government-approved software in peoples’ messaging services is an awful precedent. If the Online Safety Bill becomes British law, the damage it causes won’t stop at the borders of the U.K.

Random thoughts...

Even if platform-assisted end-to-end encryption (pseudo e2e) is censored, perhaps we could still use true user-to-user encryption. If "end" means the messenger software itself or a platform endpoint, then the following will be true e2e - "pre-end" to "post-end" encryption:

1. Alice and Bob exchange their public keys. While using a secure channel for this is ideal, a monitored channel (e.g. a normal message app) is okay too for the time being.
2. Alice prepares her plain text message locally: Alice.txt
3. She does gpg -sea -r Bob -o ascii.txt Alice.txt
4. Alice opens ascii.txt, pastes the ascii string in it to her messenger, sends it to Bob like normally.
5. So Bob gets this ascii-armored GPG message, and saves it as ascii.txt
6. gpg -d -o Alice.txt ascii.txt, and he has the original Alice.txt
7. He types his reply locally (not directly on the messenger): Bob.txt
8. gpg -sea -r Alice -o ascii.txt Bob.txt and sends back the new ascii string
9. Alice gets it, so she does gpg -d -o Bob.txt ascii.txt to read Bob.txt

In theory, scanning by government-approved software can't detect anything here: Alice and Bob are simply exchanging harmless ascii strings. Binary files like photos can be ascii-armored too.

Admittedly this will be inconvenient, as you'll have to call gpg manually by yourself. But this way you don't need to trust government-approved software at all, because encryption/decryption will be done by yourself, before and after the ascii string goes through the insecure (monitored) channel.

Congress is trying to push through a swarm of harmful internet bills that would severely impact human rights, expand surveillance, and enable censorship on the internet. On July 20, we’re launching a week of action to get loud about our opposition to legislation like KOSA and EARN IT and demanding that Congress focus on passing badly needed comprehensive privacy legislation to actually protect us from the harms of big tech companies and data brokers, instead of pushing through misguided legislation before August congressional recess.