Onion Courier wrote:

> I would not underestimate TLAs that send a gag order to ISPs and VPS Providers,
> in the West. Take OmniMix under Windows, for example, which D uses. OmniMix does
> not use standard Tor ports and so TLAs, in cooperation with ISPs, can put a small
> state trojan on his computer, because he is using the Tor network, without him
> noticing and they then receive what time of day he is using OmniMix tor.exe
> and not Tor Browser or Tor Expert Bundle tor.exe.

Do not forget "snow" like GnuPG tagging attacks, which GnuPG can't detect and which
identifies Bob as sender of an anonymous symmetric only encrypted message to Alice.

In article <***@hal.oc2mx.net> Onion Courier wrote:
>In message <***@remailer.paranoici.org> Anonymous wrote:
>
>> Onion Courier <***@oc2mx.net> wrote:
>> > In message <***@mixmin.net> Yamn2 Remailer wrote:
>> >
>> > > All in all you have to crack about six remailer keys and three up to
>> > > possibly nine Tor node keys. Good luck with it!
>> >
>> > You don't have to crack remailer keys, they are freely available
>> > on VPS servers for an eclipse attack. Same applies for Tor nodes :)
>>
>> Hard to imagine an eclipse attack isolating all nodes of a circuit
>> followed by all remailers of a chain worldwide in sequence starting at a
>> suspicious sender, which also has to be done within the tight timeframe
>> determined by their key invalidation policies. Furthermore, you really
>> think such network manipulations won't be detected? Looks like a pipe
>> dream.
>>
>I would not underestimate TLAs that send a gag order to ISPs and VPS Providers,
>in the West.

Any example? And feel free to route your Tor traffic through nodes not
under Western control (<https://tormap.org/>).

> Take OmniMix under Windows, for example, which D uses. OmniMix does
>not use standard Tor ports

Please explain. Which non-standard ports?

> and so TLAs, in cooperation with ISPs, can put a small
>state trojan on his computer, because he is using the Tor network, without him
>noticing and they then receive what time of day he is using OmniMix tor.exe
>and not Tor Browser or Tor Expert Bundle tor.exe.

After a successful intrusion they just record Tor usage? LOL! And how
about those who use the same Tor instance for Omnimix as well as the Tor
Browser? BTW, here Omnimix runs 24/7 sending dummy messages at irregular
intervals.

>
>They do not even need to worry about the Tor nodes, as they know that remops does
>not have an SOP that tells them how to secure their remailers against their VPS
>providers.

No doubt, I'd also prefer remailers hosted at secure sites.

>
>They can also receive the passwords for a.a.m

Please explain. Passwords for a.a.m?

> via gag order, as nym servers hold
>them.

Apart from the account's public key the nymserver only knows the symmetric
password it has to use to encrypt the message before sending it to each
reply block's cypherpunk entry remailer. Only the Cypherpunk exits know
about their individual subject encoding parameters.

> This leaves only an asymmetric message in a.a.m which announces the key ID
>and UID and then uses this to cross-check the same on online home PCs are being
>monitored.

A.a.m nym replies always have an outer symmetric encryption layer hiding
key parameters of the most inner asymmetric layer(s).

But sure, if a suspect under surveillance holds the private key belonging
to the public key of a nymserver account they won. Btw, to allow
encrypted replies that public key is even added to the header section of
each nym message (X-PGP-Key-Public:). So better run Omnimix from within
an encrypted container and pull the plug when some TLA kicks in your front
door.

>
>Remailer users also do not know any warrant canaries from their remailer/nym server
>operators who could possibly keep them updated.

That's why we have to use Tor circuits and remailer chains of adequate
lengths.