Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] dark mail alliance

phreedom at phreedom at
Thu Nov 7 02:25:56 PST 2013

On Monday, November 04, 2013 01:17:49 PM Jonathan Wilkes wrote:
> On 11/04/2013 05:28 AM, phreedom at wrote:
> > On Sunday, November 03, 2013 04:06:11 PM Bill Woodcock wrote:
> >>> On Nov 3, 2013, at 3:30, "phreedom at" <phreedom at>
> >>> wrote:
> >>> 
> >>> I don't see how "pasting over" a QR code in a way that's not easily
> >>> detectable is somehow harder than pasting over a domain/email, or
> >>> printing a real-looking fake ad and pasting it over the real one.
> >> 
> >> A QR code is already isolated in an opaque white square.  It's single
> >> color, and moreover, that color is black. And it's smaller than a
> >> billboard.
> >> 
> >> By contrast, a textual URL or email address will be in a specific
> >> typeface,
> >> probably matched to the rest of the billboard. It's also likely
> >> size-matched to other text. Most importantly, it's likely printed right
> >> over a patterned and colored background.
> >> 
> >> While you're correct that you can address, to some degree, all of those
> >> issues by wheatpasting over the entire billboard, provided you're at
> >> least
> >> as competent a visual designer as the person who executed the original
> >> ad,
> >> which is easier to print and transport? A full-color billboard, or a
> >> black-on-white sheet of tabloid-sized paper?
> >> 
> >> To put this all in more practical terms, since these issues were not
> >> apparent to you, you're a less-skilled visual designer than anyone who
> >> would be paid to produce an advertisement. Therefore, you would not be
> >> capable of covertly coopting their advertisement. Yet you'd still be
> >> perfectly capable of successfully pasting over their QR code without
> >> anyone
> >> being the wiser.
> > 
> > I can't talk about others, but I'd be quite suspicious if I saw a second
> > layer of paper exactly where the qr code is located. If such attacks
> > gained momentum, I guess people would be more careful.
> Now you are climbing up on a billboard and inspecting the QR code
> personally as a way to prove human readable addresses are a solution
> looking for a problem?

Can you name a specific attack which actually happened, and which involved 
altering an ad url in any way or posting a fake physical ad? Are we talking 
about something that actually exists? It's not like an ad by microsoft can't 
point to a legitimately-looking domain name which isn't eg

> You already mentioned the idea of domain names that aren't "as
> widely-known" as others.  "Widely-known" is a feature-- that feature
> doesn't exist with QR codes so you clearly understand the issue. I'm not
> saying that issue cannot be solved, nor that the current domain name
> system is immune to exploits.  But if you don't understand the benefits
> of human readable addresses you're likely to end up with a less secure
> system to replace it.

I understand also that:
 * these benefits exist for maybe top 100 domains
 * it's usual for well-known entities to use campaign-specific domain names
 * even if you know the entity name to be $NAME, the domain can still be 
$, $, $, get$ etc

The "security" of physical ads is pretty much about the cost/benefit, and 
that's why we don't see such attacks in the first place.

> (Especially when the smartphones people must use
> to read the QR code in the first place are almost all locked down and
> not under the user's own control.)

There are gateways like and, and these can be encoded 
into the QR code for compatibility purposes since there's 1:1 mapping beween 
darknet and gateway urls.

For all practical purposes, the DNS replacement is already available in the 
form of tor hidden services, tested and known to be quite reliable.

The status-quo is:
1) you pay money to get a DNS record which:
   a) can be revoked at will by a number of entities
   b) requires you to identify yourself, unless you're willing to play spy 
games(and noone know for how much longer the loopholes will exist, see (a))
   c) requires you to be able to pay, which may exclude "children" who can't 
get the bank account/card, residents of sanctioned countries.

2) you get a ssl cert, with MITM-by-advanced-adversary as an inherent 
"security feature". This also may come with random and potentially ridiculous 
hops to jump thru, the list is subject to change

3) wait for hours/days for payments to complete and records to propagate.

Tor hidden service:
 1) add 2 lines to torrc, or use vidalia to do the same
 2) grab the service address from tor's dir
 3) the service goes online in 5-10 minutes, with encryption and 
authentication always on.

HTTP gateway is available for legacy platforms.

Bookmarking and address book features are widely available thus making the 
appearance of the url itself not that important.

Both client and service can opt to drop their half of the circuit, which turns 
it into a more or less direct tcp connection, with nat traversal capabilities. 
Yes there are caveats, yes tor devs are spending their effort on making tor 
hide users, rather than optimizing "we don't want no anonymity" use cases, but 
the foundation is solid.

The only known issue that bothers me is that tor doesn't let you keep the root 
keys for the service offline. A 2-level setup would be really nice, tor devs. 
pretty please?

For all I care, the solution has been available for several years.

It works well, but I'm afraid that getting it adopted would require the 
current gatekeepers to step up abuses by a couple orders of magnitude.

More information about the liberationtech mailing list