why I dont trust Xerobank

Discussion in 'privacy technology' started by mesa0k01, Jan 27, 2010.

Thread Status:
Not open for further replies.
  1. mesa0k01

    mesa0k01 Registered Member

    Joined:
    Jan 27, 2010
    Posts:
    10
    1. They admit themselves they can do a live trace.

    2. If you connect to a server with Xerobank it will know you connected with Xerobank.

    3. If the people running the server force Xerobank to do live traces of activity to the server (which they can do if they are LE, don't fool yourself Steve) then they can find you the next time you go to the server.

    4. Doing the same thing against Tor would be a lot harder because it is so much bigger and more distributed.

    5. Even though Tor offers better anonymity than Xerobank, Steve bashes it constantly while advertising his own service as superior anonymity.

    6. Steve throws out big words and acts like he gave an explanation, but if you know a thing or two about anonymity networks at a more advanced level you might notice that a lot of what Steve says is incorrect. Often times he likes to reinterpret questions to be different than they really are and then gives a true answer to the question he pretends was asked. Making sure to throw in enough technical words that no one will really understand what he is saying or that he totally (intentionally) misinterpreted the question being asked in the first place.

    7. He plays up small short comings in Tor and makes it sound like Xerobank fixes the problems. Steve, Xerobank owning all exit nodes does not make it any less likely that someone is sniffing information on them. Maybe it makes it less likely they are credit card stealers, but it does not fix the underlying issue. Instead of trusting a random person running a Tor node you are trusting Xerobank that is the only real difference. And I would even go as far as to say Xerobank is more likely to be forced to cooperate with government eavesdropping than a random person running an exit node on tor is.
     
  2. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, they do. It concerns me too. OTOH, how could they survive without that capability? Without the ability to cut off evil users, they'd be pariahs rather quickly, I suspect.

    Why is that a problem? When I'm being anonymous, I'm not pretending to not be anonymous. And when I'm not being anonymous, I'm not using XeroBank.

    I'm not sure what you mean. For one thing, XeroBank is a US corporation, and there may not be much more to it than Steve. Also, based on what I've found online, XeroBank is just a retail-level reseller of Xero Networks AG services. It's origins are apparently connected with long-term efforts to establish libertarian communities in Central America and the Caribbean. I doubt that they'd be very easy to find. I suspect that Steve may not know exactly who the principals are, or exactly how the network is structured. FWIW, I'm guessing that there are closed interlinked networks, with dedicated links to entry/exit nodes. And what do I know?

    That may be true. OTOH, given that Tor is an open network, isn't it at least somewhat vulnerable to attackers with sufficient resources to run arbitrarily many nodes, especially exit nodes?

    That does seem odd, given his history with Tor.

    That bothers me too, sometimes. It could be disinformation. Maybe he's just maxed and sleep-deprived. Or maybe he doesn't really know.

    What you say is true. Indeed, Steve was very clear on that point when I initially contacted him re XeroBank.

    As I've noted above, I can imagine that attackers can readily join Tor, perhaps massively. If not, how does Tor prevent that?
     
  3. mesa0k01

    mesa0k01 Registered Member

    Joined:
    Jan 27, 2010
    Posts:
    10
    What I mean is if I go to a website and they see I am using Xerobank, if they can force Xerobank to cooperate and I ever go there again then by Xerobanks own words (they can do live traces) they can trace me. So in the end Xerobank is as anonymous as the Government will let it be. Tor fixes part of this problem by being big and distributed and not a static organization.

    Xerobank is probably a decent service, but Steve needs to stop pretending it is more anonymous than Tor or even equal to it. It is slightly better at preventing content attacks and it is safe against side channel attacks (although so is any virtual machine that has been properly configured with Tor).

    Both Xerobank and Tor can be fully compromised by someone with enough resources. Just the resources required are different for Xerobank than they are with Tor.
     
  4. mesa0k01

    mesa0k01 Registered Member

    Joined:
    Jan 27, 2010
    Posts:
    10
    To answer your other questions:

    If they need the capacity to trace users they should at least point out how this makes them weaker than Tor is. Xerobank is one entity or a handful of them. Tor is probably at least hundreds of different people all around the world (running nodes). The high amount of centralization with Xerobank plus the fact that they can do live trace back is all you need to know to know that Tor is better anonymity than Xerobank.

    This is one of the weaknesses of Tor. But keep in mind that Xerobank already has all the nodes being run by a very small group of people (if more than one).

    All I see Steve ever do is talk poorly of Tor and every other anonymity network known to man, all the while shouting out technical terms that don't quite make sense in the context he uses them.

    And finally, Tor is not strong anonymity against an attacker with sufficient resources and know how. Neither is Xerobank. Xerobanks weaknesses are technical (hackers could compromise Xerobank exit nodes, or all nodes) and political (which Xerobank is very weak against). Tors weaknesses are mostly in that it is low latency and anyone can join the network (not that this last fact really matters considering an external threat is far more likely than an internal one. Why control nodes when you already control links?)
     
  5. bryanjoe

    bryanjoe Registered Member

    Joined:
    Feb 23, 2006
    Posts:
    380
    i don't even know what the heck he is trying to say all these while... i am newbie ...
    but hate it when the glorifying starts...

    no xB for me....
     
  6. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Yes, that's accurate, except that there are many Governments, some that cooperate freely, and some that don't, or at least, don't except under substantial pressure. Based on what I've read, I strongly suspect that at least some of Xero Networks' core servers are in less-cooperative jurisdictions.

    Steve claims that they've never gone beyond terminating users who violate their TOS. If there's anyone who's been compromised by XeroBank, or any other anonymity provider, or anyone with evidence of such compromise, I trust that they'd let the privacy community know somehow.

    That's true. Perhaps it's time to learn Tor, at least for messaging. I gather that it's pretty saturated by torrents, however, so moving data around would be SLOW.

    XeroBank and other private VPN services are also fast. I routinely get 1.5-3.0 Mb/s down and 0.5-1.0 Mb/s up for transoceanic connections.

    Yes, that's true. Compromising Xero Networks would require convincing operators to cooperate. Merely confiscating servers, many or perhaps most) of which are virtual, would yield nada, I gather (based on Steve's comments re loss of the Paris server).
     
  7. noblelord

    noblelord Registered Member

    Joined:
    Aug 19, 2009
    Posts:
    162
    Location:
    UK
    I trust Xerobank a little, but not totally. This is derived from two factors:

    1) I simply don't know enough about them in order to make an objective judgement. Trust comes from knowledge.

    2) Actions speak louder than words. XB offers a whole host of services, but only provides a few of them. Posts are made on the xB forums about development work going ahead on X project, or Y node being brought back online at the weekend - these never seem to come to anything. Steve (who is the only source of technical support I have ever seen at Xerobank) is quite happy to just disappear for an entire week without giving two hoots for XB customers who are stuck in the meantime. Whilst this doesn't make me think "OMG I CANNOT TRUST XEROBANK ONE LITTLE BIT", it doesn't exactly fill me with confidence.
     
  8. excellust

    excellust Registered Member

    Joined:
    Nov 1, 2008
    Posts:
    3
    .. and other 'anonymity' providers who are well known and beat the bushes all the time:

    If you want and need anonymity, or even only a high level of privacy, you should never use a service provider whose whereabouts are fully known and public.

    Anonymity only works if both parties, the provider and the client, are anonymous towards each other. And especially the US-providers (what an oxy moron it is...) like zerobank and cotse are for sure in line and embedded if they are on the market for a while.

    It remembers me to the old east German system (former communist part of Germany): they also had lawyers, only a few, who pretended to represent your rights (even if you tried to flee the republic), but actually where all on the payroll of the infamous STASI... (similar to CIA).

    When I hear or read about services like cotse or zerobank, I feel very uneasy.

    PS: Ah, and never forget how TOR started... the Navy was (and still may be) behind it.
     
  9. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    Right. I don't know much re Xero Networks AG. Steve Topletz, OTOH, is a pretty public guy (albeit perhaps not quite so public as Fausty). I'm sure that some here know him, even if they won't admit it.


    That bugs me too. However, new features are gradually appearing. There's a beta test group, FWIW.


    Although that's true for Steve, it's not so for Xero Networks AG, which manages the network. BTW, some have claimed that the Panama address isn't real. I wouldn't know.

    That's pretty hard core. Xero Networks AG is supposedly not subject to US, EU, etc jurisdictions. The "US provider" XeroBank (aka Steve) reportedly handles only consumer accounts, and client packages, and has no role in network management.

    What service(s) do you recommend?

    Right. That's a risk. And BTW, it wouldn't necessarily bother me if XYZ agency were a Xero Networks AG client.

    Again, what do you recommend?

    Right. And there's the CIA - Anonymizer connection. Who are the Russians? Chinese? Israelis?
     
  10. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    You expect them to carry out a covert war with .mil or .gov servers?

    So what. The U.S. Military also designed and built the internet and TCP/IP, It was called DARPA net then, wasn't it. Which expanded to Universities, who further developed the technology; Cern, developing it into the WWW we know today. I'm sure the Military only included Universities that were assets, at first.
     
  11. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I wonder what services they use.
     
  12. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,188
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.