privacy
Chainalysis uses the fee structure to analyze monero transactions. I thought using the fees hardcoded into monero-gui should be fine, but x0.2 does not show up at all, x200 is less used than x100 (even though not available in the gui, but x200 is). I guess these fee multipliers are used by other wallets a lot. Is x1 the safest to use? Is the gitter in between caused by "automatic" transaction priority? Would it increase privacy to sync fee structures between different clients?
tech.michaelaltfield.net
# 3TOFU: Verifying Unsigned Releases **By Michael Altfield** License: CC BY-SA 4.0 https://tech.michaelaltfield.net This article introduces the concept of \"3TOFU\" \-- a harm-reduction process when downloading software that cannot be verified cryptographically. | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | Verifying Unsigned Releases with [3TOFU](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | > ⚠ NOTE: This article is about harm reduction. > > It is dangerous to download and run binaries (or code) whose authenticity you cannot verify (using a cryptographic signature from a key stored offline). However, sometimes we cannot avoid it. If you\'re going to proceed with running untrusted code, then following the steps outlined in this guide may reduce your risk. # TOFU TOFU stands for [Trust On First Use](https://en.wikipedia.org/wiki/Trust_on_first_use). It\'s a ([often abused](https://security.stackexchange.com/a/238912/213165)) concept of downloading a person or org\'s signing key and just blindly trusting it (instead of [verifying it](https://en.wikipedia.org/wiki/Web_of_trust)). ## 3TOFU 3TOFU is a process where a user downloads something three times at three different locations. If-and-only-if all three downloads are identical, then you trust it. # Why 3TOFU? During the [Crypto Wars](https://en.wikipedia.org/wiki/Crypto_Wars) of the 1990s, it was illegal to export cryptography from the United States. In 1996, after intense public pressure and [legal challenges](https://en.wikipedia.org/wiki/Bernstein_v._United_States), the government officially permitted export with the 56-bit [DES cipher](https://en.wikipedia.org/wiki/Data_Encryption_Standard) \-- which was a known-[vulnerable](https://en.wikipedia.org/wiki/Data_Encryption_Standard#Chronology) cipher. | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | The EFF\'s [Deep Crack](https://en.wikipedia.org/wiki/EFF_DES_cracker) proved DES to be insecure and pushed a switch to 3DES. | But there was a simple way to use insecure DES to make secure messages: **just use it three times**. 3DES (aka \"[Triple DES](https://en.wikipedia.org/wiki/Triple_DES)\") is the process encrypting a message using the insecure symmetric block cipher (DES) three times on each block, to produce an actually secure message (from known attacks at the time). 3TOFU (aka \"Triple TOFU\") is the process of downloading a payload using the insecure method (TOFU) three times, to obtain the payload that\'s magnitudes less likely to be maliciously altered. # 3TOFU Process To best mitigate targeted attacks, 3TOFU should be done: 1. On **three distinct days** 2. On **three distinct machines** (or VMs) 3. Exiting from **three distinct countries** 4. Exiting using **three distinct networks** For example, I\'ll usually execute - **TOFU #1/3** in TAILS (via **Tor**) - **TOFU #2/3** in a Debian VM (via **VPN**) - **TOFU #3/3** on my daily laptop (via **ISP**) The possibility of an attacker maliciously modifying something you download over your ISP\'s network are quite high, depending on which country you live-in. The possibility of an attacker maliciously modifying something you download onto a VM with a freshly installed OS over an encrypted VPN connection (routed internationally and exiting from another country) is much less likely, but still possible \-- especially for a [well-funded adversary](https://en.wikipedia.org/wiki/Advanced_persistent_threat). The possibility of an attacker maliciously modifying something you download onto a VM running a hardened OS (like [Whonix](https://www.whonix.org/) or [TAILS](https://tails.net/)) using a hardened browser (like [Tor Browser](https://www.torproject.org/download/)) over an anonymizing network (like Tor) is quite unlikely. **The possibility for someone to execute a network attack on all three downloads is very near-zero** \-- especially if the downloads were spread-out over days or weeks. ## 3TOFU bash Script I provide the following bash script as an example snippet that I run for each of the 3TOFUs. ``` REMOTE_FILES="https://tails.net/tails-signing.key" CURL="/usr/bin/curl" WGET="/usr/bin/wget --retry-on-host-error --retry-connrefused" PYTHON="/usr/bin/python3" # in tails, we must torify if [[ "`whoami`" == "amnesia" ]] ; then CURL="/usr/bin/torify ${CURL}" WGET="/usr/bin/torify ${WGET}" PYTHON="/usr/bin/torify ${PYTHON}" fi tmpDir=`mktemp -d` pushd "${tmpDir}" # first get some info about our internet connection ${CURL} -s https://ifconfig.co/country | head -n1 ${CURL} -s https://check.torproject.org | grep Congratulations | head -n1 # and today's date date -u +"%Y-%m-%d" # get the file for file in ${REMOTE_FILES}; do wget ${file} done # checksum date -u +"%Y-%m-%d" sha256sum * # gpg fingerprint gpg --with-fingerprint --with-subkey-fingerprint --keyid-format 0xlong * ``` Here\'s one example execution of the above script (on a debian DispVM, executed with a VPN). ``` /tmp/tmp.xT9HCeTY0y ~ Canada 2024-05-04 --2024-05-04 14:58:54-- https://tails.net/tails-signing.key Resolving tails.net (tails.net)... 204.13.164.63 Connecting to tails.net (tails.net)|204.13.164.63|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 1387192 (1.3M) [application/octet-stream] Saving to: ‘tails-signing.key’ tails-signing.key 100%[===================>] 1.32M 1.26MB/s in 1.1s 2024-05-04 14:58:56 (1.26 MB/s) - ‘tails-signing.key’ saved [1387192/1387192] 2024-05-04 8c641252767dc8815d3453e540142ea143498f8fbd76850066dc134445b3e532 tails-signing.key gpg: WARNING: no command supplied. Trying to guess what you mean ... pub rsa4096/0xDBB802B258ACD84F 2015-01-18 [C] [expires: 2025-01-25] Key fingerprint = A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F uid Tails developers (offline long-term identity key) <tails@boum.org> uid Tails developers <tails@boum.org> sub rsa4096/0x3C83DCB52F699C56 2015-01-18 [S] [expired: 2018-01-11] sub rsa4096/0x98FEC6BC752A3DB6 2015-01-18 [S] [expired: 2018-01-11] sub rsa4096/0xAA9E014656987A65 2015-01-18 [S] [revoked: 2015-10-29] sub rsa4096/0xAF292B44A0EDAA41 2016-08-30 [S] [expired: 2018-01-11] sub rsa4096/0xD21DAD38AF281C0B 2017-08-28 [S] [expires: 2025-01-25] sub rsa4096/0x3020A7A9C2B72733 2017-08-28 [S] [revoked: 2020-05-29] sub ed25519/0x90B2B4BD7AED235F 2017-08-28 [S] [expires: 2025-01-25] sub rsa4096/0xA8B0F4E45B1B50E2 2018-08-30 [S] [revoked: 2021-10-14] sub rsa4096/0x7BFBD2B902EE13D0 2021-10-14 [S] [expires: 2025-01-25] sub rsa4096/0xE5DBA2E186D5BAFC 2023-10-03 [S] [expires: 2025-01-25] ``` The TOFU output above shows that the release signing key from the TAILS project is a 4096-bit RSA key with a full fingerprint of \"`A490 D0F4 D311 A415 3E2B B7CA DBB8 02B2 58AC D84F`\". The key file itself has a sha256 hash of \"`8c641252767dc8815d3453e540142ea143498f8fbd76850066dc134445b3e532`\". When doing a 3TOFU, save the output of each execution. After collecting output from all 3 executions (intentionally spread-out over 3 days or more), diff the output. If the output of all three TOFUs match, then the confidence of the file\'s authenticity is very high. # Why do 3TOFU? Unfortunately, many developers think that hosting their releases on a server with https is sufficient to protect their users from obtaining a maliciously-modified release. But https won\'t protect you if: 1. Your DNS or publishing infrastructure is compromised ([it happens](https://github.com/cncf/tag-security/tree/main/supply-chain-security/compromises)), or 2. An attacker has just one (subordinate) CA in the user\'s PKI root store ([it happens](https://security.stackexchange.com/questions/234052/where-can-i-find-a-list-of-all-government-agencies-with-cas-in-pki-root-stores)) Generally speaking, publishing infrastructure compromises are detected and resolved within days and MITM attacks using compromised CAs are targeted attacks (to avoid detection). Therefore, a 3TOFU verification should thwart these types of attacks. > ⚠ Note on hashes: Unfortunately, many well-meaning developers erroneously think that cryptographic hashes provide authenticity, but cryptographic hashes do not provide authenticity \-- they provide integrity. > > Integrity checks are useful to detect corrupted data on-download; it does not protect you from maliciously altered data unless those hashes are cryptographically signed with a key whose private key isn\'t stored on the publishing infrastructure. # Improvements There are some things you can do to further improve the confidence of the authenticity of a file you download from the internet. ## Distinct Domains If possible, download your payload from as many distinct domains as possible. An adversary may successfully compromise the publishing infrastructure of a software project, but it\'s far less likely for them to compromise the project website (eg \'`tails.net`\') *and* their forge (eg \'`github.com`\') *and* their mastodon instance (eg \'`mastodon.social`\'). ## Use TAILS | [](https://tech.michaelaltfield.net/2024/08/04/3tofu/) | |:--:| | [TAILS](https://tails.net/) is by far the best OS to use for security-critical situations. | If you are a high-risk target (investigative journalist, activist, or political dissident) then you should definitely use [TAILS](https://tails.net/) for one of your TOFUs. ## Signature Verification It\'s always better to verify the authenticity of a file using cryptographic signatures than with 3TOFU. Unfortunately, some companies like [Microsoft don\'t sign their releases](https://superuser.com/questions/1623134/how-to-cryptographically-verify-the-authenticity-and-integrity-of-microsoft-wind), so the only option to verify the authenticity of something like a Windows `.iso` is with 3TOFU. Still, whenever you encounter some software that is not signed using an offline key, please do us all a favor and [create a bug report](https://github.com/freedomofpress/dangerzone/issues/761) asking the [developer to sign](https://github.com/osTicket/osTicket/issues/5750) their releases with PGP (or minisign or signify or *something*). ## 4TOFU 3TOFU is easy because [Tor is free](https://www.torproject.org/download/) and most people have access to a VPN (corporate or [commercial](https://www.privacyguides.org/en/vpn/) or an [ssh socks proxy](/2015/05/31/tor-vpn-in-tails-to-bypass-tor-blocking/)). But, if you\'d like, you could also add [i2p](https://en.wikipedia.org/wiki/I2P) or some [other proxy network](https://en.wikipedia.org/wiki/Internet_censorship_circumvention#Software) into the mix (and do 4TOFU).
www.privacyguides.org
After [almost 2 years](https://github.com/privacyguides/privacyguides.org/issues/1899), Privacy Guides has added a new [Hardware Recommendations](https://www.privacyguides.org/en/basics/hardware/) section to their website. Thanks to [Daniel Nathan Gray](https://github.com/dngray) and [others](https://github.com/privacyguides/privacyguides.org/pull/2268) for implementing this new hardware guide
Very insightful interview from Whitney Webb (last part of the show). We are already starting to see the same pattern that we’ve seen with Trump’s first term where Trump surrounds himself with deep state figures to advance the surveillance state agenda. At which point liberty-minded Trump supporters will start questioning the role played by Trump? https://www.youtube.com/live/8BqVnOu1WBs
Hey everyone, Von der Leyen just secured a second term as EC President, and I'm beyond frustrated. Let's break this down: 1. Privacy nightmare: * **Pushing for Chat Control**: Goodbye, digital privacy! This move threatens to undermine end-to- end encryption, making our private conversations vulnerable. * **eID System**: This essentially paves the way for mass surveillance, linking our digital identity to nearly every online activity. * **Data Retention Revival**: Trying to bring back data retention ignores the EU Court of Justice's stance on its incompatibility with fundamental rights. * **Europol's Mass Data Collection**: Europol gets a free pass to collect massive amounts of data without sufficient oversight. This is a dangerous precedent. * **AI Act and Biometric Surveillance**: Supporting biometric mass surveillance within the framework of AI regulation is a direct path to an Orwellian society. 2. Corruption allegations: * **Shady Pfizer Vaccine Deal**: A €35 billion deal with Pfizer, shrouded in secrecy. Why are we not demanding transparency here? * **Refusing to Disclose Texts with Pfizer CEO**: Transparency shouldn't be optional, especially in public health matters. * **EU Courts vs. Von der Leyen**: EU courts have called her out for breaking the law. Why is this not a bigger deal? * **Piepergate**: The controversy surrounding the EU Envoy is troubling and raises questions about integrity and accountability. We deserve a leader who champions our rights as non-negotiable and upholds transparency as a fundamental duty, not one who treats our freedoms as expendable and accountability as an inconvenience. What are your thoughts on this? What will another five years of Von der Leyen bring us? Sources: Privacy: [European Digital Identity](https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-digital-identity_en) [Is eID Building Trust or Invading Privacy?](https://epicenter.works/en/content/eidas-building-trust-or-invading-privacy) [Heise Article about data retention](https://www.heise.de/news/EU-Kommission-von-der-Leyen-bleibt-bei-Ueberwachung-und-Urheberrecht-auf-Kurs-4467701.html) (German) [Europol's Data Retention Critique](https://www.patrick-breyer.de/en/europol-report-insistence-on-data-retention-contradicts-the-threats-presented/) [EDRi on the AI Act](https://edri.org/our-work/eus-new-artificial-intelligence-law-risks-enabling-orwellian-surveillance-states/) [Von der Leyen Rejects Criticism on Biometric Surveillance](https://www.patrick-breyer.de/en/ai-proposal-commission-president-von-der-leyen-rejects-critism-of-meps-about-biometric-mass-surveillance-in-public-spaces/) Corruption: [PfizerGate Vaccine Scandal](https://www.politico.eu/article/pfizergate-covid-vaccine-scandal-european-prosecutors-eu-commission/) [EU's Top Court Rules Against the Commission](https://www.politico.eu/article/eus-top-court-rules-against-european-commission-in-vaccine-contracts-transparency-case/) [Politico on PfizerGate](https://www.politico.eu/newsletter/brussels-playbook/pfizergate-back-to-haunt-von-der-leyen/) [Patrick Breyer on Digital Age Misunderstandings](https://www.patrick-breyer.de/en/breyer-von-der-leyen-has-simply-not-understood-the-digital-age/) [Corporate Europe on Piepergate](https://corporateeurope.org/en/2024/04/piepergate-vdl-propels-anti-regulation-zealot-major-new-commission-job)
www.buskill.in
We're happy to announce that [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/). **What: Open Hardware Design for BusKill Cord When: 2024-08-10 12:00 - 13:45 Where: W303 – Third Floor – LVCC West Hall** | [](https://www.buskill.in/defcon32/) | |:--:| | [BusKill is presenting at DEF CON 32](https://www.buskill.in/defcon32/) | via [@Goldfishlaser@lemmy.ml](https://lemmy.ml/u/Goldfishlaser) # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device. # What is DEF CON? DEF CON is a yearly hacker conference in Las Vegas, USA. | [](https://www.buskill.in/defcon32/) | |:--:| | *Watch the [DEF CON Documentary](https://www.youtube.com/watch?v=3ctQOmjQyYg) for more info [youtube.com/watch?v=3ctQOmjQyYg](https://www.youtube.com/watch?v=3ctQOmjQyYg)* | # What is BusKill presenting at DEF CON? I ([goldfishlaser](https://github.com/goldfishlaser)) will be presenting **Open Hardware Design for BusKill Cord** in a Demo Lab at DEF CON 32. **What: Open Hardware Design for BusKill Cord When: Sat Aug 10 12PM – 1:45PM Where: W303 – Third Floor – LVCC West Hall** Who: Melanie Allen ([goldfishlaser](https://github.com/goldfishlaser)) [More info](https://forum.defcon.org/node/249627) ## Talk Description BusKill is a Dead Man Switch triggered when a magnetic breakaway is tripped, severing a USB connection. I’ve written OpenSCAD code that creates a 3D printable file for plastic parts needed to create the magnetic breakaway. Should anyone need to adjust this design for variations of components, the code is parameterized allowing for easy customization. To assemble a BusKill Dead Man Switch cord you will need: 1. a usb-a extension cord, 2. a usb hard drive capable of being attached to a carabiner, 3. a carabiner, 4. the plastic pieces in this file, 5. a usb female port, 6. a usb male, 7. 4 magnets, 8. 4 pogo pins, 9. 4 pogo receptors, 10. wire, 11. 8 screws, 12. and BusKill software. | [](https://www.buskill.in/defcon32/) | |:--:| | Golden DIY BusKill Print | Full BOM, glossary, and assembly instructions are included in the [github repository](https://github.com/BusKill/usb-a-magnetic-breakaway). The room holds approx. 70 attendees seated. I’ll be delivering 3 x 30 min presentations – with some tailoring to what sort of audience I get each time. ## Meet Me @ DEF CON If you'd like to find me and chat, I'm also planning to attend: - ATL Meetup (DCG Atlanta Friday: 16:00 – 19:00 \| 236), - Hacker Kareoke (Friday and Sat 20:00-21:00 \| 222), - Goth Night (Friday: 21:00 – 02:00 \| 322-324), - QueerCon Mixer (Saturday: 16:00-18:00 \| Chillout 2), - EFF Trivia (Saturday: 17:30-21:30 \| 307-308), and - Jack Rysider’s Masquerade (Saturday: 21:00 – 01:00 \| 325-327) I hope to print many fun trinkets for my new friends, including some BusKill keychains. | [](https://www.buskill.in/defcon32/) | |:--:| | Come to my presentation @ DEF CON for some free BusKill swag | By attending DEF CON, I hope to make connections and find collaborators. I hope during the demo labs to find people who will bring fresh ideas to the project to make it more effective.
www.buskill.in
This post contains a canary message that's cryptographically signed by the [official BusKill PGP release key](https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html) | [](https://www.buskill.in/canary-008/) | |:--:| | The BusKill project just [published](https://www.buskill.in/canary-008/) their Warrant Canary #008 | For more information about BusKill canaries, see: - <https://buskill.in/canary> ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Status: All good Release: 2024-06-11 Period: 2024-06-01 to 2024-12-31 Expiry: 2025-01-31 Statements ========== The BusKill Team who have digitally signed this file [1] state the following: 1. The date of issue of this canary is June 11, 2024. 2. The current BusKill Signing Key (2020.07) is E0AF FF57 DC00 FBE0 5635 8761 4AE2 1E19 36CE 786A 3. We positively confirm, to the best of our knowledge, that the integrity of our systems are sound: all our infrastructure is in our control, we have not been compromised or suffered a data breach, we have not disclosed any private keys, we have not introduced any backdoors, and we have not been forced to modify our system to allow access or information leakage to a third party in any way. 4. We plan to publish the next of these canary statements before the Expiry date listed above. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation. Special announcements ===================== None. Disclaimers and notes ===================== This canary scheme is not infallible. Although signing the declaration makes it very difficult for a third party to produce arbitrary declarations, it does not prevent them from using force or other means, like blackmail or compromising the signers' laptops, to coerce us to produce false declarations. The news feeds quoted below (Proof of freshness) serves to demonstrate that this canary could not have been created prior to the date stated. It shows that a series of canaries was not created in advance. This declaration is merely a best effort and is provided without any guarantee or warranty. It is not legally binding in any way to anybody. None of the signers should be ever held legally responsible for any of the statements made here. Proof of freshness ================== 04 Jun 24 14:10:16 UTC Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss) Fortress Europe: Migrants Abandoned on the Edge of the Sahara Israel-Gaza-Krieg: Menschenrechtler Aryeh Neier über Schuldfrage und Strafverfolgung (Kopie) Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml) Middle East Crisis: Israeli Airstrikes Kill Iranian General in Syria Live Updates: India’s Election Results Suggest a Setback for Modi Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml) Shock for India's Modi as opposition set to slash majority Gaza ceasefire plan turns into deadly game of survival Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash) 000000000000000000014cd79802b29c1dcd7fc6debee1e3968cfc216b59bf16 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmZfIwgACgkQaLi8sMUC OQXZYA/9ElVoUy3Um3IXFSwUGO+ctkvKd6idD7RuOBjqZyfadr4emrDrfQKYbCpa Gik4M1H/GWobO/RaDjeSjQtGUmlPn8anhoFzmI6pPz7fBSfg5VGemllyHI2ypPpf cJ1jLrmzpDGxLqPd/R/WsoE8dY9E7q20JgNESAqEYyjmjxqOjx6EnIjBjy8u+xL3 YWBw5BQn/1XbLXw4X7WJNH1cNIIZDgePdIb8Wq6wEDTzFzAvfw5BPhJ2rVaChV9P 6d25htXLy5FU/qvomiy1C+ZskzbZPKGDNgr8lC/MPeNgLi0d/ps2Rgut/CGjKreW UiBmp3xslizR2/WhpRrcz0VLYxdNolfPY0odpgXkvQSEqGiZ1gOw5OQIN0f8HMiL nOXnnxFVgdO/I/x9X2DwKAGwuts/GSeWOHdeNxvflyDGEYJHt9YMT7kXcJ0/dl6z QSNHDoCMzMkxBCX23mlgY8pDSjw0Lqud0HDIChi1DFuNk7m1SfMIKGOn0ZAPsNqX RuMiLCMOPzdE8BBBpKFwZFtx0zyC78xAOBK1M8DqlUexT3CBGFjOwCmGY27dLFZe 6ygdrqptb5uDOXFsw63cWSOilCnEcx7M8FDX7QjuV6EUQwvsxpeKvHZIFVlJNQCX L5F8Lig/y4Q9iCjGiu3oT5zPuuEXPhKkyPsIeM9lC+zP/eC8rL4= =E7lp -----END PGP SIGNATURE----- ``` To view all past canaries, see: - <https://www.buskill.in/category/Canary/> # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
> “It is completely absurd to inflict mass surveillance on the general public under the premise of fighting theft.” > It comes at a cost to the privacy and civil liberties of the people of Britain.
simplex.chat
I was kind of blown away to what length the developers go to ensure your communication is as safe/secure as possible (while still delivering a very useable app).
This article will describe how lemmy instance admins can [purge images from pict-rs](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/). | [](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) | |:--:| | [Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) | This is (also) a horror story about accidentally [uploading very sensitive data](https://tech.michaelaltfield.net/2024/03/04/lemmy-fediverse-gdpr/) to Lemmy, and the (surprisingly) difficult task of deleting it.
This is an interesting article for anyone trying to navigate the banking system and KYC rules that not only affect crypto but also the ACH fiat money transfer system.
www.buskill.in
This post contains a canary message that's cryptographically signed by the [official BusKill PGP release key](https://docs.buskill.in/buskill-app/en/stable/security/pgpkeys.html) | [](https://www.buskill.in/canary-007/) | |:--:| | The BusKill project just [published](https://www.buskill.in/canary-007/) their Warrant Canary #007 | For more information about BusKill canaries, see: - <https://buskill.in/canary> ``` -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Status: All good Release: 2024-01-10 Period: 2024-01-01 to 2024-06-01 Expiry: 2024-06-30 Statements ========== The BusKill Team who have digitally signed this file [1] state the following: 1. The date of issue of this canary is January 10, 2024. 2. The current BusKill Signing Key (2020.07) is E0AF FF57 DC00 FBE0 5635 8761 4AE2 1E19 36CE 786A 3. We positively confirm, to the best of our knowledge, that the integrity of our systems are sound: all our infrastructure is in our control, we have not been compromised or suffered a data breach, we have not disclosed any private keys, we have not introduced any backdoors, and we have not been forced to modify our system to allow access or information leakage to a third party in any way. 4. We plan to publish the next of these canary statements before the Expiry date listed above. Special note should be taken if no new canary is published by that time or if the list of statements changes without plausible explanation. Special announcements ===================== None. Disclaimers and notes ===================== This canary scheme is not infallible. Although signing the declaration makes it very difficult for a third party to produce arbitrary declarations, it does not prevent them from using force or other means, like blackmail or compromising the signers' laptops, to coerce us to produce false declarations. The news feeds quoted below (Proof of freshness) serves to demonstrate that this canary could not have been created prior to the date stated. It shows that a series of canaries was not created in advance. This declaration is merely a best effort and is provided without any guarantee or warranty. It is not legally binding in any way to anybody. None of the signers should be ever held legally responsible for any of the statements made here. Proof of freshness ================== 09 Jan 24 17:35:23 UTC Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss) Germany's Role in the Middle East: Foreign Minister Baerbock Sees an Opening for Mediation Assaults, Harassment and Beatings: Does the EU Share Blame for Police Violence in Tunisia? Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml) Israel-Hamas War: Blinken Calls on Israel to Build Ties With Arab Nations Gabriel Attal Is France’s Youngest and First Openly Gay Prime Minister Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml) 2023 confirmed as world's hottest year on record Gabriel Attal: Macron's pick for PM is France's youngest at 34 Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash) 00000000000000000001bfe1a00ed3f660b89016088487d6f180d01805d173a3 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmWfOwAACgkQaLi8sMUC OQXHAQ/9Fqja31ypWheMkiDHNJ6orkt/1SiVCWX3dcMR8Ht2gFUBOlyAhu3Pubzl 5rEhy31KCCYKycn09ZpzsYO5HHQ2MzdVIS8lXFDpYqLbWL2z/Qa2/lU0onJVy7bj xgsJ+CheHD44/PnBmCBB1Y7mIob+gw84csaLLoUHLguM66LjFCeeukTSc7NA5r3v WVhQZ9LGz+TfQZEmwio8+KNOyXLWRyT9BMPx9tXR+G1/xOfUh6a2WJ2pC4lcscGD 2j9iWx5VfNMKOGfZvVXq70kCLcke2tkELE67u5EfypAkH0R875V7B2LNr/POQ+B+ 4cW9yNY41ARdf+wwWZscel8PI50sKQ9zMF+sZQTHVIU4e+hZtAhlhUS+Tl9WTuc6 uBTJZ7SY/hRYDT9kHJLgwuhZCbAySk/ojidZetki/N1Gyrb5sMWHUV8Xtv/c6Dge JMowbug9/brT4AkiKOIgClOJVYfDLbDnQ3sUPhhtrf8OA+7AxB285wbXVNQylZKy i0Uax+cUol691MIWv7xt+jz/NjEakVHrlpyfifv8B5APyv1wf1gRpXXNjVb7CYzT d+l2SNCH8MRF/Ijo6ub6WzzNAVROn7JSpBOztcMKw6G/vt10gHjrP45IcSZG8mdm tbroqVAorWlG6wabcTjkpmcWQlykEr7QzGMcLW3AGdUwRdOcgdg= =XpGW -----END PGP SIGNATURE----- ``` To view all past canaries, see: - <https://www.buskill.in/category/Canary/> # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.
www.youtube.com
2:21 – • Andrew Tate's Privacy & Freedom Lessons 4:32 - • Why You Should Fear Cybercrime 7:48 - • Paul Rosenberg: Of Anarchy and Abolition 11:58 - • Standard Notes: Model Privacy Software 18:32 - • Firewalls Don’t Stop Dragons with Carey Parker 27:20 - • All About Linux w/ The Linux Experiment 33:03 - • Leaving Humanity: The Technocratic Worldview with Joe Doran 40:08 - • Intro to **Monero**: With Seth for Privacy 45:24 - • Samourai Wallet: Waging War on Fiat 49:21 - • Sparrow Wallet with Craig Raw 52:27 - • Tor Part I: History and Basic Features 56:30 - • What is Private Email? Andrew Milich from Skiff 58:17 - • Jayant Bhandari: The Empire Strikes Back 59:55 - • “An Unencrypted Hard Drive on Wheels:” Car Privacy with Andrea Amico 1:02:26 - • James Wesley, Rawles: Private Guns, Economic Collapse, and Survival 1:07:05 - • Bitcoin Privacy Reignited with BitcoinQnA 1:12:02 - • The Politics of Bitcoin (Zelko & Samourai Wallet)
Zero click “Triangulation” compromises Macs, iPods, iPads, Apple TVs, and Apple Watches at the hardware level. edit: iPhone is the particular device focused on for the exploit documentation here, but the hardware vulnerability exists in all of the above.
www.eff.org
> The right time to start protecting your digital privacy is before your trip […] The simplest and most reliable precaution against border searches is to reduce the amount of information that you carry across the border. [](https://monero.town/pictrs/image/21c08bef-3967-4445-b9d2-9f0354ac14b7.webp "Click to Enlarge") *** > Sometimes law enforcement officials achieve so-called “consent” by being vague […] You can try to dispel this ambiguity by inquiring whether border agents are asking you or ordering you […] If an agent says it is a request only, you might politely but firmly decline to comply with the request. > > If you are a U.S. citizen, border agents cannot stop you from entering the country, even if you refuse to unlock your device, provide your device password, or disclose your social media information. However, agents may escalate the encounter if you refuse. > > If you elect to comply with a border agent’s order to unlock your device, provide your password, or disclose your social media information, you can inform the agent that you are complying under protest and that you do not consent. *** > It is possible that if you unlock your device, and agents then search your device, a court will rule that you consented to the search. […] As noted in Part 1, the best way to avoid an inadvertent “consent” to search is to decline to unlock your device, provide the device password, or provide any social media information. > > Technically, you don’t even need to admit that you know the password. > > If you believe that border agents violated your digital rights at the border, please contact EFF at borders@eff.org. *** See also: * https://www.eff.org/document/eff-border-search-pocket-guide * https://www.eff.org/issues/border-searches * https://monero.town/post/402125 *Fifth Circuit says law enforcement doesn’t need warrants to search phones at the border*
securityaffairs.com
> The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. > > As usual, Google did not publish details about the attacks exploiting the flaw in the wild. See also: https://www.cert.europa.eu/publications/security-advisories/2023-100/ > This vulnerability also affects Chromium-based web browser such as Microsoft Edge [3], Brave, Opera, and Vivaldi.
blog.torproject.org
>privacy has nothing to do with having something to hide. Instead, privacy means protecting the human being that you are, all the personal details that make you, you. What you care about, what you love, what you hate, what you are curious about, what makes you laugh, what you fear. And most importantly, choosing when you decide to share that information and who you share it with. >it *is* possible to build technology used by millions of people with privacy at the heart. **We build technology to advance that right in order to help users reclaim their agency in digital spaces.** (But by default, Tor Browser is *not* shipped with uBlock Origin.) PS: ONION LINK http://pzhdfe7jraknpj2qgu5cz2u3i4deuyfwmonvzu5i3nyw4t4bmg7o5pad.onion/tor-in-2023/index.html
www.eff.org
NOTE: This is about the Fifth Amendment protection against self-incrimination after a search warrant for someone’s cell phone is procured; *not* about digital privacy in general at the U.S. Border (a warrantless search). See also: https://monero.town/post/1134494 *EFF to Supreme Court: Fifth Amendment Protects People from Being Forced to Enter or Hand Over Cell Phone Passcodes to the Police*
www.theregister.com
>Now before the House, HR 6570 proposes to reauthorize Section 702 for three years — but with reforms including requiring all US intelligence agencies to obtain a warrant before conducting a US person query. >a competing bill, the FISA Reform and Reauthorization Act of 2023 (HR 6611), doesn't include a warrant requirement — and, in fact, includes language that many worry could be used to force private US companies into assisting in government-directed surveillance
justthenews.com
> House Intelligence Committee bill would also expand the definition of an electronic communication service provider include a broader range of providers, including those who “provide hardware through which people communicate on the Internet.” See also: [Tell Congress: They Must Defeat HPSCI’s Horrific Surveillance Bill | EFF Action Center](https://act.eff.org/action/tell-congress-they-must-defeat-hpsci-s-horrific-surveillance-bill)
netzpolitik.org
> Bis zum Jahr 2030 will die EU allen Bürger:innen eine „European Digital Identity Wallet“ (ID-Wallet) zur Verfügung stellen. Sie soll on- wie offline bei Verwaltungsgängen und Bankgeschäften, aber auch bei Arztbesuchen, Alterskontrollen oder beim Internetshopping zum Einsatz kommen. (*By 2030, the EU wants to provide all citizens with a “European Digital Identity Wallet” (ID wallet). It is intended to be used online and offline for administrative procedures and banking as well as medical visits, age verification, and internet shopping.*) The article (in German) is mostly about eIDAS 45\ Cf. https://monero.town/post/1018961 Last Chance to fix eIDAS: Secret EU law threatens Internet security (There are many English articles about it; see e.g.\ https://mullvad.net/en/blog/eu-digital-identity-framework-eidas-another-kind-of-chat-control ) Though not the main topic of the article, this “ID wallet” thing sounds disturbing. (EU politicians calls a normal wallet “unhosted wallet” and don’t like it very much.)
blog.torproject.org
>Many countries use censorship systems to block access to human rights resources >.onion sites are particularly useful at maximizing internet users' privacy and anonymity because they never leave the Tor network. While technically I2P might be better, it’s good news that a recognized human rights organization has adopted an onion, because that will improve the “shady” image of Tor, esp. hidden services (aka darknet), as in “privacy technology is good, not for criminals, but *for you*, for everyone. Using Tor is normal, and Monero is a great tool.”
Retroshare establish encrypted connections between you and your friends to create a network of computers, and provides various distributed services on top of it: forums, channels, chat, mail... Retroshare is fully decentralized, and designed to provide maximum security and anonymity to its users beyond direct friends. Retroshare is entirely free and open-source software. It is available on Android, Linux, MacOS and Windows. There are no hidden costs, no ads and no terms of service.
> law enforcement has been using […] systems since 2015, in utmost secrecy. The software in question […] can track a person across a network of cameras, for instance, by the color of their sweater > Any policeman […] can request to use [it] > The potential use of facial recognition worries within the institution itself. […] In France, facial recognition is only authorized in rare exceptions > This massive installation was carried out outside the legal framework provided by a European directive and the French Data Protection Act The National Commission on Informatics and Liberty (CNIL), a French administrative regulatory body, started an investigation against the French Minister of the Interior [1][2]. The Minister, Gérald Darmanin ordered an investigation [2]. - [1] https://nitter.oksocial.net/CNIL/status/1724745047537488019 [French] - [2] https://web.archive.org/web/20231121093507/https://www.ouest-france.fr/politique/gerald-darmanin/entretien-gerald-darmanin-lantisemitisme-le-signe-dune-societe-qui-ne-va-pas-tres-bien-938b76ce-856c-11ee-9632-b62f00689e79 [French] > La Cnil […] annonce l’ouverture d’une enquête contre le ministère de l’Intérieur. Elle soupçonne la police d’utiliser un logiciel de reconnaissance faciale, depuis 2015, en dehors de tout cadre légal. Qu’en est-il ? (CNIL suspects the police are using facial recognition outside any legal framework. Comments? - Gérald Darmanin’s answer: The news is true. I ordered an investigation.)
www.wired.com
>the White House has, for the past decade, provided more than $6 million to the program, which allows the targeting of the records of any calls that use AT&T’s infrastructure >the program takes advantage of numerous “loopholes” in federal privacy law >the DAS program has been used to produce location information on criminal suspects and their known associates, a practice deemed unconstitutional without a warrant (This website is a bit annoying.)
> See https://monero.town/post/968066 Onion http://rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion/ This free email provider is not for everyone. Sometimes a Cockmail address is not accepted to register something. Sometimes, though not often, another email provider may indiscriminately block email from Cock.li. Afaik Cock.li<->Proton, Cock.li<->Tuta work. *** PS: Admin, Vincent Canfield [@vc@shitposter.club](https://shitposter.club/users/vc)
buskill.in
In celebration of **Bitcoin Black Friday 2023**, we're offering a **10% discount** on all [BusKill cables](https://buskill.in/buy/) sold between Nov 18 to Dec 03. | [](https://buskill.in/bitcoin-black-friday-2023) | |:--:| | *BusKill [Bitcoin Black Friday Sale](https://buskill.in/bitcoin-black-friday-2023) - Our Dead Man Switch Magnetic USB Breakaway cables are [10% off](https://buskill.in/buy/) all orders paid with cryptocurrency* | # What is BusKill? BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer. | [](https://www.buskill.in/#demo) | |:--:| | *Watch the [BusKill Explainer Video](https://www.buskill.in/#demo) for more info [youtube.com/v/qPwyoD_cQR4](https://www.youtube.com/v/qPwyoD_cQR4)* | If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device. # What is Bitcoin Black Friday? [Black Friday](https://en.wikipedia.org/wiki/Black_Friday_(shopping)) is ~1 month before Christmas, and it's the busiest shopping day in the US. The first "[Bitcoin Friday](https://web.archive.org/web/20121213223642/http://bitcoinfriday.com/)" ([launched](https://bitcoinmagazine.com/culture/bitcoin-friday-sale-happening-today-1352497394) by Jon Holmquist) was [Nov 9th, 2012](https://www.theregister.com/2012/11/09/bitcoin_friday_sale_event/) (at the time, one bitcoin was ~$11). The following year, the two ideas merged to become [Bitcoin Black Friday](https://www.vice.com/en/article/jp5xxp/bitcoin-is-taking-on-black-friday). This year, we're joining Bitcoin Black Friday by offering our products at a 10% discount if you pay with cryptocurrency. # Why should I use cryptocurrencies? We've always accepted cryptocurrencies because: 1. They're more [secure](https://www.buskill.in/bitcoin-black-friday-2023/#secure) than pre-cryptocurrency payment methods 2. They're a more [egalitarian](https://www.buskill.in/bitcoin-black-friday-2023/#egalitarian) system than pre-cryptocurrency finance 3. They're more [environmentally friendly](https://www.buskill.in/bitcoin-black-friday-2023/#environmentalism) than pre-cryptocurrency financial systems 4. The [fees are less](https://www.buskill.in/bitcoin-black-friday-2023/#fees) than pre-cryptocurrency transactions 5. They allow for [anonymous](https://www.buskill.in/bitcoin-black-friday-2023/#privacy) purchases online 6. Their transactions are [censorship-resistant](https://www.buskill.in/bitcoin-black-friday-2023/#censorship) ## Security Before cryptocurrencies, making an online transaction was horrendously insecure and backwards. | [](https://buskill.in/bitcoin-black-friday-2023) | |:--:| | "Conceptually, pull-based transactions are really not that different than giving three parties the password to your online banking service and trusting them to log in and take what they need. You have to trust the merchant, their IT supplier; the acquiring bank, their third-party processor; the card network; and your own card issuer---and everybody who works for them and has access to their systems. If a bad guy gets hold of your card details at any point in this process, they could drain your account. | | The picture shows the scope of all the entities with access to your critical card information" [source](https://www.coincenter.org/education/crypto-regulation-faq/how-are-payments-with-bitcoin-different-than-credit-cards/) | [Asymmetric cryptography](https://en.wikipedia.org/wiki/Public-key_cryptography#History) has been available since the 1970s, but [CNP (Card Not Present)](https://en.wikipedia.org/wiki/Card_not_present_transaction%22) transactions to this day still don't use public keys to sign transactions. Rather, you give your private keys (that is, your credit card number, expiry, etc) directly to the merchant and you authorize them to **pull money out of your account** (trusting that they take the right amount and not to loose those precious credentials). Bitcoin flipped this around to actually make transactions secure. **With bitcoin**, you don't give others the keys to take money out of your account. Instead, **transactions are push-based**. You sign a transaction with your private keys, and those keys are shared with no-one. Even today, pre-cryptocurrency transactions are abhorrently insecure. In the US or Europe, if someone knows your account number and bank, they can [direct debit money out of your account](https://www.telegraph.co.uk/news/uknews/1574781/Jeremy-Clarkson-eats-his-words-over-ID-theft.html). For the same reason, losses due to credit card theft is enormous. To quote Satoshi Nakamoto's criticism of pre-cryptocurrency transactions, "A certain percentage of fraud is accepted as unavoidable" In fact, fraudulent transactions in the banking industry are so common that your bank will generally reimburse your account for any malicious transactions that you tell them about within 60-90 days. But if someone drains your account of all your money and you don't notice for 12 months? Too bad. All your money is gone. | [](https://buskill.in/bitcoin-black-friday-2023) | |:--:| | In Bitcoin, transactions are push-based. [source](https://www.coincenter.org/education/crypto-regulation-faq/how-are-payments-with-bitcoin-different-than-credit-cards/) | [Tokenization](https://en.wikipedia.org/wiki/Tokenization_(data_security)) and [3DS](https://en.wikipedia.org/wiki/3-D_Secure) are merely bandages on a fundamentally backwards, pull-based transaction model. But because [bitcoin is push-based](https://www.coincenter.org/education/crypto-regulation-faq/how-are-payments-with-bitcoin-different-than-credit-cards/), it's magnitudes more secure. ## Egalitarian If you have a bank account, then you probably take a lot of things for granted. Like buying things online (with a credit card). Or getting cash when traveling abroad (from an ATM machine). Or taking out a loan so you can start a business. Before crypto-currencies, it was very difficult to do these things unless you had a bank account. And in 2008 (the year with the first-ever bitcoin transaction), McKinsey & Company published a report concluding that [half of the world's adult population is unbanked](https://www.mckinsey.com/~/media/mckinsey/industries/public%20and%20social%20sector/our%20insights/half%20the%20world%20is%20unbanked/half-the-world-is-unbanked.pdf). But with crypto-currencies, anyone with access to the internet and a computer or smart phone can use bitcoin to send and receive money online -- without needing to first obtain a bank account. ## Environmentalism The energy required to facilitate transactions in decentralized, blockchain-based cryptocurrencies like bitcoin is minuscule by comparison. And, most importantly, the amount of energy used to solve the proof-of-work problem does not grow as the number of transactions-per-second grows. Traditional financial institutions require an enormous amount of overhead to facilitate transactions in their centralized networks. Unlike bitcoin, which was designed specifically to [eliminate the unnecessary overhead](https://www.buskill.in/bitcoin-black-friday-2023/#fees) created by a trusted third party, pre-cryptocurrency transactions required humans to verify transactions. These humans require office buildings. These office buildings require energy to build and maintain. And, most importantly, as the number of transactions-per-second grows on their network, the number of humans and office space also grows. | [](https://buskill.in/bitcoin-black-friday-2023/) | |:--:| | Bitcoin versus other industries --- yearly energy use, in TWh [source](https://bitcoinmagazine.com/business/bitcoin-energy-use-compare-industry) | This fact is often misunderstood because there's a lot of misinformation on the Internet that makes a few disingenuous modifications to the facts: 1. They calculate the energy usage of the computers processing transactions only, maliciously omitting calculating the energy usage of the entire industry's infrastructure (eg energy used by office buildings) 2. They calculate the energy usage *per transaction*, maliciously omitting the fact that the amount of energy expended by bitcoin miners is automatically adjusted by the proof-of-work algorithm (so energy usage does not increase as the network scales-up) 3. They offer statistics about "energy usage" without mentioning the energy sources. It matters if the energy source is coal/nuclear/natural-gas or solar/wind/hydroelectric > | "...estimates for what percentage of Bitcoin mining uses renewable energy vary widely. In December 2019, one report suggested that 73% of Bitcoin's energy consumption was carbon neutral, largely due to the abundance of hydro power in major mining hubs such as Southwest China and Scandinavia. On the other hand, the CCAF estimated in September 2020 that the figure is closer to 39%. But even if the lower number is correct, that's still **almost twice as much [renewable energy sources] as the U.S. grid**" | [](https://buskill.in/bitcoin-black-friday-2023/) | > |:--:|:--:| > | [source: Harvard Business Review](https://hbr.org/2021/05/how-much-energy-does-bitcoin-actually-consume) | Nic Carter | The facts are that the energy usage of bitcoin is magnitudes less than the energy used by pre-cryptocurrency financial intuitions, that energy usage does not increase as the number of transactions processed by the network increases, and that mining bitcoin is often done with renewable energy. The facts are that the energy usage of bitcoin is magnitudes less than the energy used by pre-cryptocurrency financial intuitions, that energy usage does not increase as the number of transactions processed by the network increases, and that mining bitcoin is often done with renewable energy. ## Low Fees The introduction to the [Bitcoin White Paper](https://bitcoin.org/bitcoin.pdf) (2008) clearly states that Bitcoin was created to reduce costs by using a distributed ledger (the blockchain) to eliminate the need for a trusted third party. > | "Commerce on the Internet has come to rely almost exclusively on financial institutions serving as trusted third parties to process electronic payments. While the system works well enough for most transactions, it still suffers from the inherent weaknesses of the trust based model. | | > |:---|:---| > | Completely non-reversible transactions are not really possible, since financial institutions cannot avoid mediating disputes. **The cost of mediation increases transaction costs**... | | > | These costs and payment uncertainties can be avoided in person by using physical currency, but no mechanism exists to make payments over a communications channel without a trusted party. | | > | What is needed is an electronic payment system based on cryptographic proof instead of trust, allowing any two willing parties to transact directly with each other without the need for a trusted third party. Transactions that are computationally impractical to reverse would protect sellers from fraud, and routine escrow mechanisms could easily be implemented to protect buyers. In this paper, we propose a solution to the double-spending problem using a peer-to-peer distributed timestamp server to generate computational proof of the chronological order of transactions." | [](https://buskill.in/bitcoin-black-friday-2023/) | > | [source: Bitcoin Whitepaper](https://bitcoin.org/bitcoin.pdf) | Satoshi Nakamoto | At the time of writing, **the [average transaction fee](https://bitcoinfees.net/) for a bitcoin transaction is $0.06**. And unlike pre-cryptocurrency transactions, you can increase or decrease the fee that you pay to increase or decrease the time it takes for the transaction to complete (at $0.06, it will get added to the blockchain in **~1 hour**). By comparison, the way to send funds internationally through the Internet via pre-cryptocurrency banks is via an **[international wire transfer](https://en.wikipedia.org/wiki/Wire_transfer)**. Fees very per bank, but [they typically charge **$15-$85 per transaction**](https://www.nerdwallet.com/article/banking/wire-transfers-what-banks-charge). And unlike bitcoin, wire transfers won't make move on nights and weekends, so they can take **1-7 days** to complete. Also, with bitcoin, that $0.06 transaction fee only applies when you're sending money. Many banks will *also* charge a fee for an incoming wire transfer. In bitcoin, there is no transaction fee to receive money. ## Anonymity Though early cryptocurrencies like Bitcoin don't ensure anonymity like newer privacy coins, [ZCash](https://en.wikipedia.org/wiki/Zcash) and [Monero](https://en.wikipedia.org/wiki/Monero) were designed specifically to provide private transactions. This allows our customers to purchase from us anonymously, which can be extremely important for activists and journalists whose lives are threatened by their adversaries. | [](https://twitter.com/wikileaks/status/80774521350668288) | |:--:| | WikiLeaks started accepting donations in Bitcoin 7 months after PayPal froze their account | We accept both ZCash and Monero. If you'd like us to accept another privacy coin, please [contact us](https://buskill.in/contact) :) ## Censorship-Resistant Cryptocurrencies like bitcoin are peer-to-peer and permissionless. Transactions exchanging bitcoins occur directly between two parties. There is **no middle-man** that has the power to block, freeze, or reverse transactions. Before blockchains were used to maintain a public ledger and enable peer-to-peer transactions, we were dependent on big financial institutions to move money on our behalf through the internet. That antiquated system allowed them to censor transactions, such as donations made to media outlets reporting war crimes and donations to protest movements. > | "For me, that is one of the coolest things about bitcoin... | | > |:---|:---| > | People can potentially use it donate more anonymously to dissident groups and causes in a world where mass government surveillance threatens freedom of expression and certainly harms activists' ability to fundraise for their work, when people are afraid they could be targeted by a government for donating to a worthy cause." | [](https://buskill.in/bitcoin-black-friday-2023/) | > | [source](https://www.vice.com/en/article/jp5xxp/bitcoin-is-taking-on-black-friday) | Evan Greer | After [PayPal froze WikiLeaks's donation account](https://wikileaks.org/PayPal-freezes-WikiLeaks-donations.html) in 2010, WikiLeaks started [accepting bicoin](https://www.forbes.com/sites/forbesdigitalcovers/2018/07/30/the-backsies-billionaire-texan-builds-second-fortune-from-wreckage-of-real-estate-empire-hed-sold/?sh=6f75c6883a72) in 2011. From [Occupy Wall Street](https://web.archive.org/web/20111126164538/http://occupywallst.org/donate/) to [Ukraine](https://www.washingtonpost.com/world/2022/03/03/donate-ukraine-money-crypto/), defenders of democracy have utilized permissionless cryptocurrencies to accept international donations without the risk of transactions made through financial institutions. ## Buy BusKill with crypto Don't risk loosing your crypto to a thief that steals your laptop. Get your own [BusKill Cable](https://buskill.in/buy/) at a 10% discount today! **[Buy a BusKill Cable](https://buskill.in/buy)** [https://buskill.in/buy](https://buskill.in/buy) You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our [BusKill Store's .onion site](http://buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/buy/). ` ` [](https://buskill.in/buy) [](https://buskill.in/buy) ` ` ` ` Stay safe, The BusKill Team https://www.buskill.in/ http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion
www.eff.org
See also: Fifth Circuit says law enforcement doesn’t need warrants to search phones at the border https://monero.town/post/402125
techcrunch.com
> The app store “collects and sends data […] This includes information like device model, brand, country, timezone, screen size, view events, click events, logtime of events, and a unique KID ID,” > Hancock didn’t return the tablet to her daughter until after making changes to protect her daughter’s privacy. > [She] even installed Tor, a browser that is designed to protect the anonymity of its user. An awesome Mom, like [Mrs. Roberts](https://xkcd.com/341/) from xkcd!
>A storefront, said Ortis, is a fake business or entity, either online or bricks-and-mortar, set up by police or intelligence agencies. > >The plan, he said, was to have criminals use the storefront — an online end-to-end encryption service called Tutanota — to allow authorities to collect intelligence about them. Tutanota (now Tuta) denies this: https://tuta.com/blog/tutanota-not-a-honeypot
> These changes radically expand the capability of EU governments to surveil their citizens by ensuring cryptographic keys under government control can be used to intercept encrypted web traffic > This enables the government of any EU member state to issue website certificates for interception and surveillance https://www.internetsociety.org/resources/doc/2023/qualified-web-authentication-certificates-qwacs-in-eidas/ > The browser ecosystem is global, not EU-bounded. Once a mechanism like QWACs is implemented in browsers, it is open to abuse https://en.wikipedia.org/wiki/EIDAS > The proposal would force internet companies to place a backdoor in web browsers to let them perform a man-in-the-middle attack, deceiving users into thinking that they were communicating with a server they requested, when, in fact, they would be communicating directly with the EU government. […] If passed, the EU would be able to hack into any internet-enabled device, reading any sensitive or encrypted contents without the user's knowledge See also: https://mullvad.net/en/blog/2023/11/2/eu-digital-identity-framework-eidas-another-kind-of-chat-control/
privacy
!privacy@monero.townRules (WIP)
- No ad hominem allowed
- Attack the idea, not the poster