XeroBank Privacy

Honestly I wouldn't even bother asking, it's his opinion, he can't back it up.

 

Fair enough, sorry.

 

Kinda what I was thinking.
Why would anyone password protect their computer(s) if they have nothing to hide? Why even close your blinds? Lock your doors?
Because there are people out there that will try to take advantage the moment you let your guard down. Years ago, in small town America, many people left their doors unlocked. Times changed and the people responded.
This is no different.

 

Understand. It's a shame though, because that's when we typically see civil liberties going down the toilet. In my opinion, why punish the many that abide by the law to catch the few that break it?
But I digress from the original topic, which is to determine the best method(s) for trying to maintain anonymity in cyberspace while using public tools (ISPs, search engines etc)

 

Boy could I make a hell of a post about the state of civil liberties, lol. It would probably offend a lot, oh well, the truth sometimes hurts. Anyway, at the moment vpn tunneling and the like and encrypted solutions like TrueCrypt for data storage is probably about as much as you can do to provide as close to sure anonymity as it's going to get. As long as you remember that just by the very nature of human creations that nothing is 100% foolproof, those two things will probably be enough.

 

There is no such thing as a "leak proof" software. Software is coded by humans, and since there is no perfect human, there is no perfect software. You might mean that XeroBank is the best software for anonimity purpose, but since this claim is based on NOTHING at all, I am personally considering this snakeoil

 

Sorry, this is a bit off topic, but what is the price for the xB Machine? I see none listed on the website.

 

like all our software, it is 100% free. It works on XeroBank, Tor, IronKey, and any 3rd party OpenVPN or SSH network.

 

I put the leak proof in quotes for a reason. It is essentially just that. All communications are double firewalled on internal ports, and it can't communicate unless it is through encrypted channels. It doesn't have a way or method to leak unencrypted data. It's kind of like how I don't worry about my toaster broadcasting my tv programs: it just doesn't have any components that do that.

 

So you confirm your software being "leak proof". Every security device is "leak proof" until some leak is found... which sometimes take just few hours.

And comparing your software to your toaster makes me think that your software can't be so complex... like a toaster isn't.
By the way... a toaster is used for one purpouse: toasting!
An OS is usually multithread, which makes it far more difficult to understand, realize, tune and secure. Or maybe your "leak proof" OS is not multi-thread?

PS: Never undestimate the potentials of a toaster...

 

Yes, I definitely believe in simplicity of design. Not creating the problem, rather than being forced to fight a losing battle, seems to be the better method to me. I submit it for anyone to test. We submitted it at defcon last year, which is perhaps the most hostile network environment on the planet, and it didn't even break a sweat. So yes, high confidence in that it is leak proof. We had some design diagrams up for it a year ago, but we changed a lot of the structure, and we're locking it down even further.

What you would need to break it, I think, is first a critical bug that allows remote code execution, then you would need a SSH compromising attack, then you would need a privilege escalation attack, then combine it with a virtualization beakout attack. If you could find the space to perform such legendary attacks, and then string them all together in a mythical hack, then you've got a shot. Till then, too few vectors, too many layers of separation, too much least-privileges, too much lockdown, too much firewall, to much checks.

It's kind of like how no gold bars ever end up leaking on to the lawn at fort knox. Much more, trying to break in there... heh.

 

Dear XeroBank,
I am impressed with how confident in you are about yourself/your product. I believe you about your OS not being ever broken so far, and I am not willing to investigate any further about this.
But defining it "leak proof" means that you are confident that it cannot be broken, if not by some mythical attack performed by some supernatural hacker. And this puts you in an uncomfortable position, since you are claiming something that should never be claimed when dealing with security: Confidence in being unbeatable. Remember that the devil is in the details.

If you said that your product, in your opinion, is the most secure around, you would be trying to sell it. Saying that it is absolutely safe and leak proof, you are turning your service into something "snakeoil looking".

 

markoman,

"leak proof" != leak proof

using quotations creates a happy euphamism as a generic description.

 

Oh, sorry about that misunderstanding then! So you mean the your product is "leak proof", meaning that it is not leak proof at all. Correct?

 

For all intents and purposes it is leak proof, but we haven't fuzzed it to prove it beyond all doubt. Let's just say it is the most leak resistant design implemented in an OS.

 

This sounds much more sellable. I am willing to try the 30 days per 1$. Does it include all software (including the OS)?

 

All the software is free, client or not.

 

Awesome