Incognito succeeded by Amnesic Incognito Live System

You said "anonymity", not privacy. Two different things.
Tor is better at anonymity (you only need to trust the code which is open, not also a company). Privacy is better with xerobank (you only need to trust one instead of many).

 

Hi katio,

Indeed I did say anonymity - not privacy - and yes to confirm your statement they are two different things - but I did not discuss privacy, so why do your bring it up with regard to anonymity.

What makes you think that Tor is better at anonymity than Xerobank? Open source code that is trustable will not bring you more anonymity than the features that Xerobank brings to the table vs Tor in that regard, the issue of trusting one vs many notwithstanding.

The issue of anonymity clearly resides in the features of the technology, and where Tor vs Xerobank is concerned, Xerobank seems to implement more features than Tor that generally make it harder to do traffic analysis. That is the criteria that should be assessed when compating technologies, i.e. the number and power of the features- not whether they are open source vs a single company which has nothing whatsoever to do with evaluationg different technologies that implement a capability such as anonymity.

I am basing my comments on what I have read about the features that Xerobank have mentioned they implement. A more in-depth and critical analysis of both Tor and Xerobank is not possible without reviewing the source code and features of both. Since Tor source code is available, one would have to review the source code with an eye toward whether and/or how it implements the featues Xerobank has claimed - then ask both Tor and Xerobank for feedback on the accuracy of the analysis, or to ask them to rebut in good faith.

-- Tom

 

Tor offers anonymity by design, xerbank only "promises" anonymity. There's absolutely no way you can verify if everything they say is true, it's a closed system under their control.

Please tell me how a system can ever be anonymous if it goes like
you -> xerobank -> destination?
xerobank knows entry and exit and controls everything in between, of course they have ways of finding out who you are (and what you are doing). All that's needed is something like a search warrant in every state where a proxy is located. Or an insider attack.
You think Panama wouldn't cooperate with the FBI? Don't know where the other hops are located, I think some are in Germany (remember JAP, Tor raids, data retention laws and it's a "friendly" state).
Sure, Tor isn't perfect but having 3 hops that likely aren't controlled by the same entity means inherently better anonymity.

I brought privacy up because:

To me that definitely looks like you were confusing the two.

 

Hi katio,

Xerobank is more than 1-hop (3 as I recall). Anonymity is not an inherent capability. No confusion on my part - must have been your interpretation.

-- Tom

 

Yes, 3 hops, all controlled by xerobank.

How is it more anonymous than Tor again?

 

Hi katio,

It does random mixing and has other features Tor does not. Read up in this website and at Xerobank and at the torproject.org - you will understand everntually when you can lose your prempt attitude based on (closed system, control). And Xerobank does not have the vulnerability that Tor possesses at the Exit nodes.

Do a feature by feature analysis. It appears that you have never evaluated different technoloiges that offer different solutions to the same problem before, and only have a die-hard opinion that lacks a good argument. Again, Xerobank does not suffer from Exit Node snooping, which is Tor's biggest problem.

-- Tom

 

You suggest it is _impossible_ that a xerobank exit node is snooping?

Anonymity that requires trusting a stranger with your identity does not work, no matter what features they pack on top of it so it looks good in their charts and comparisons. Yes, that's my opinion and so far you haven't brought up any good argument that could convince me of the opposite.

The tor exit node issue is irrelevant for hidden services, you can protect yourself by using encryption and hardening your system. Both xerobank and tor share the problems of low latency networks so they aren't providing strong anonymity anyway.

 

Hi katio,

If you find that I have used the word "_impossible_" with regards to snooping on Xerobank exit nodes, then you would be correct - however, the suggestion is purely in your mind, and I have never suggested it as a impossibility.

Who is this trusted stranger you talk about? The same argument could be made for Tor - as you have maybe neither considered nor suggested - in your opinion.

Tor has never had a low latency network, compared to Xerobank - i.e. Tor is much slower.

Since you make a blanket statement that "The tor exit node issue is irrelevant for hidden services", care to say why that is with respect to your assertions?

Hardening and encryption only protect so far - it's the fingerprint you don't leave behind that is more important!

-- Tom

 

So you say eavesdropping is possible on the xerobank network just as with Tor. Contradicts your "And Xerobank does not have the vulnerability that Tor possesses at the Exit nodes."
A "vulnerability" has nothing to do with how likely an exploit is, it just means that an exploit is "possible".

I need to trust xerobank. With Tor I don't need to trust anybody. I can assume everybody I connect to is hostile and it would still offer anonymity, as long as no single adversary sees the complete traffic flow. But in that case both systems are broken.

Tor is still "low latency", even if it's slow by today's broadband standards.

Hidden services always are encrypted, no plaintext snooping possible and the hops are twice as long minimising the impact of pretty much all known weaknesses against Tor.

 

Hi katio,

There you go again using your imagination - I never said "eavesdropping is possible on the Xerobank network" - you said that. I said nothing contradictory at all.

We are not talking about exploits here - they are software in nature. Snooping on an Exit node requires a physical presence to work - that makes it possible. Vulnerabilities do not necessarily make exploits possible or even probable - it takes knowledge, action, time and money to make exploits happen - if possible at all, e.g. time dependent vulnerabilties that happen randomly.

With Tor you still need to be careful where you go - and hopefully you don't get redirected to where you don't want to go, e.g. using a poisoned DSN server at the Exit node if you have remote dns turned on in your browser vs using your ISPs DNS servers. Of course, the safest way is to use your own DNS server.

So, Tor is only really comparable to Xerobank when you stick to the hidden services, but still not as fast.

If you need to trust Xerobank - do your homework, instead of not.

-- Tom

 

So, which one?

Are we arguing semantics now? You introduced the term "vulnerability". I picked it up assuming we were on the same page. If you used that term in a different way, please explain what really meant by

 

Hi katio,

Never suggesting such-and-such is an impossibility and never saying such-and-such does not amount to the conclusion that the answer must be one or the other.

I certainly am not arguing semantics. When you make the claim that I introduced the term "vulnerability" please mention where as a reference and in the future I will accord you the same courtesy - rather than forcing me (or you) to search back to validate the claim. I say this because you have asserted several times about me saying something - your claims of which were blatantly - not true!

Be very careful what you assume - that is where most people fool themselves. We both know that assuming we are on the same page - well, to be blunt - that ship has sailed, eh?

Suffice it to say, our viewpoints are different.

-- Tom

 

I did quote the relevant part in that post.

I have to do some assumptions as you stay quite vague in your postings. As a last try to change that I'll ask my question again:

Which vulnerability does Tor possess at the exit node that Xerobank doesn't?

 

This short back and forth posting doesn't work. Only running in circles with you here. I'll summarise and change the tone a bit...

To expand on my previous post:
Some examples of your vague statements:
"the fingerprint you don't leave behind that is more important!" - what's that supposed to mean?

"I say this because you have asserted several times about me saying something - your claims of which were blatantly - not true!" - citation needed...
"Who is this trusted stranger you talk about? The same argument could be made for Tor" - yes, please tell me how...

You say: "I did not say it's impossible" and at the same time you also said "I did not say it's possible". (Yes that's rephrased, not the exact quote). But you know that's nonsense, you can't say both at the same time, both statements exclude each other. Something can't be not impossible and not possible at the same time.
Of course you couldn't give me a straight answer because if it's "It's possible" you'd be wrong from the beginning and I could finally nail you down as contradicting, If it's "It's impossible", well, that's wrong answer and you know that. Otherwise you'd never have written a remark like "If you find that I have used the word "_impossible_" with regards to snooping on Xerobank exit nodes, then you would be correct - however, the suggestion is purely in
your mind, and I have never suggested it as a impossibility." Anyway you missed that the latter already contradicts the rest of the remarks you made anyway, no matter if I get the answer now or not, specifically "Xerobank does not suffer from Exit Node snooping". Well, uhm - which one now?

"the ship has sailed:"
No, that was your first reply, then I thought you'd see your error and admit it (bringing up exit snooping as an anonymity issue of Tor instead of what it really is: a privacy issue). I couldn't foresee that you'd later argue I didn't know what exploit and vulnerability is (btw you are wrong again: the term exploit is NOT restricted to software, and a vulnerability is all about the "possibility" to conduct and "exploit")

Then you bring up that Xerobank has the upper hand in terms of features. I argue that's useless because by design its anonymity is weak. A single company controls the proprietary network, you don't know if it's working as advertised, you don't know if they are trustworthy, you don't know if they do snooping and it can't offer protection against government agencies with legal powers.
My point is, Tor is stronger, despite looking weaker on a chart.

So you counter with slow speeds - completely irrelevant when comparing security and anonymity - instead of responding to my arguments (never gave an answer to the question: "Please tell me how a system can ever be anonymous if it goes like
you -> xerobank -> destination?"
Further you accuse me of having a "prempt attitude (sic)", I should do more reading, yet you did have no idea how hidden services work, or what a "low latency network" is.

I try to answer the points you rise, but when I ask you something all I get is "I didn't say that you got it wrong." If you don't tell me clearly what you mean I'm left with guessing. I think I'm pretty good at it. If not, below is your chance to debunk my "assumptions".

 

Hi katio,

Do your homework, then we can talk. You need to reflect on your assertions to test their truth. Don't guess - know.

-- Tom

 

I know exactly what I'm talking about, what I don't know is what you THINK.
Your points are largely inconsequential, my points aren't answered. If I ask you to give me any arguments supporting your claims you simply ignore that. Instead you make ambiguous statements that essentially reveal nothing. Finally you don't for a moment consider you might be the one who's wrong. With an attitude like that we can't talk. Simple as that, I tried but I'm giving up.

 

Thank you, I'll look into it.

 

Hi katio,

Of course, you know exactly what you are talking about - that doesn't mean that well-formed thoughts and information played a role in forming the words you talk about. Regarding your quest to know what I think, I refer you to What Do You Care What Other People Think? written by Richard Feynman, one of my favorite physicists - a most amusing fellow.

You lack trust - and, in your viewpoint case closed - you have already decided based on you own criteria. Bully for you! You seem to want to argue opinions.

When I advise you to do your homework, I mean read all of the threads posted about Xerobank here at Wilders. You can start by doing a search for posts by SteveTX, read all of his posts and discussions - pick up on the attributes of the Xerobank technology. Read what satisfied users of Xerobank technology (caspian, and hierophant) here at Wilders have to say about it. Visit the Xerobank website forum and read the posts there. Followup by reading the code (downloadable) from the Tor project's website.

Logically speaking, there are four possibilities of which you speak:
1) You are right and I am wrong,
2) I am right and you are wrong,
3) Both you and I are wrong, and
4) Both you and I are right.

Since you have already precluded any further discussion with your decision that I might be wrong - you have stated that you have given up. Sad outcome for you.

If you follow my advice above, you will become enlightened, and thus able to think on your own without the aid of others - a better outcome for you and everyone whom seeks to know.

Regards,

-- Tom

 

Tom, thank you for those kind words...

I'll quickly summarize what we have been talking about the last couple of days and leave the exercise to the reader to determine which one of the four seems like the most appropriate:

you: xerobank has stronger anonymity than tor because it doesn't have the exit node snooping problem that Tor has
me: you surely are confusing privacy and anonymity
you: no, you are misunderstanding me
me: how so?
you:that's not what I said, you are twisting around my words and anyway xerobank got more features
me: those features don't matter because it's flawed by design, anonymity is impossible if the one who anonymises your traffic knows who you are.
besides, the exit node snooping vulnerability as you call it exist in xerobank too, if it's possible it's vulnerable, probability has nothing to do with it

from there on you post nothing on topic, make bold statements that both lack logic and evidence, ignoring everything I said. Of course I have to give up at some point, I can't continue posting when I see there is no development and you talk right past me.

The reason why I actually care about what you think is because you write about your thoughts in public. I saw a flaw in your statements and wanted to educate you and everybody reading this thread. The thank for my "noble ambitions" is ridicule. Well, thank you.