Singapore Expats

Deep Web Dark Web etc..

Discuss about computers & Internet. Including mobile phones, home appliances & other gadgets. Read about Windows security risks or virus updates.
Post Reply
User avatar
rajagainstthemachine
Manager
Manager
Posts: 2871
Joined: Sat, 24 Nov 2012 10:45 am
Location: Singapore

Re: Deep Web Dark Web etc..

Post by rajagainstthemachine » Wed, 12 Aug 2015 1:50 pm

zzm9980 wrote:
rajagainstthemachine wrote:. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.

I can't ever imagine that working too well, unless it is more of a 'walkie talkie' mode like voice memos in WeChat or Whatsapp.
at the moment the voice is on TCP. that wouldn't work too well on a tor network where there's a random path taken for each packet. its good for data but for real time voice its going to be terrible and end up with a lot of latency and jitter.
To get there early is on time and showing up on time is late

User avatar
zzm9980
Governor
Governor
Posts: 6869
Joined: Wed, 06 Jul 2011 1:35 pm
Location: Once more unto the breach

Re: Deep Web Dark Web etc..

Post by zzm9980 » Wed, 12 Aug 2015 2:08 pm

rajagainstthemachine wrote:
zzm9980 wrote:
rajagainstthemachine wrote:. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.

I can't ever imagine that working too well, unless it is more of a 'walkie talkie' mode like voice memos in WeChat or Whatsapp.
at the moment the voice is on TCP. that wouldn't work too well on a tor network where there's a random path taken for each packet. its good for data but for real time voice its going to be terrible and end up with a lot of latency and jitter.
Even UDP will suck over tor for real time voice given the latency. Best to record messages and send.

x9200
Moderator
Moderator
Posts: 10073
Joined: Mon, 07 Sep 2009 4:06 pm
Location: Singapore

Re: Deep Web Dark Web etc..

Post by x9200 » Wed, 12 Aug 2015 2:55 pm

zzm9980 wrote:The point of the hidden service is that the traffic never leaves the network, so even if the entry node is owned it shouldn't know what hidden service you're accessing.

A lot of the FBI's efforts have been to find flaws in the hidden service which expose its real IP, or try client side exploits. Easy since so many people using TOR are using known application stacks that aren't (or weren't previously) updated as frequently.
I read about some cases where they just matched the activities (anonymous) inside TOR with the open network activities. If the frequency and duration was sufficient, they were able to find a pattern. E.g. someone of the interest was doing something inside TOR and this followed timing of the traffic coming from IPs belonging to a specific machine/location. May sound like looking for a needle in a haystack but I guess if one is determined, it's mostly a matter of time.

Sporkin
Chatter
Chatter
Posts: 181
Joined: Fri, 20 Jun 2014 2:16 pm

Re: Deep Web Dark Web etc..

Post by Sporkin » Wed, 12 Aug 2015 3:01 pm

I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.
x9200 wrote:
zzm9980 wrote:"Deep dark web" or whatever is a non technical gibberish made up by the media. Although non-indexed sites and even sites with just IP (no domain) exist, that's not what this generally refers to.

What they're talking about are TOR hidden services. These are sites you can't just hit by IP unless you're coming over the TOR network and using a specific TOR-only address (.onion). Access to TOR hidden services are generally anonymous if the appropriate safeguards are taken, and not traceable. That said, US FBI, NSA, etc are getting really good at de-anonymizing the traffic. If you're doing something illegal enough that you'd be in their crosshairs, I wouldn't rely solely on it. (and if you are, google for the grugq's "opsec for hackers" paper to get some practical advice).
I believe it requires a lot of more effort to stay anonymous than just by using TOR. People don't even think about it. The authorities have access to the whole infrastructure so it may be enough to monitoring in/out from the TOR nodes to find somebody if sufficiently determined.

I think I read recently the way one types on the keyboard (timing-wise, or other) is also being used. Interesting stuff.

x9200
Moderator
Moderator
Posts: 10073
Joined: Mon, 07 Sep 2009 4:06 pm
Location: Singapore

Re: Deep Web Dark Web etc..

Post by x9200 » Thu, 13 Aug 2015 6:44 am

Sporkin wrote:I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.
I would expect the password needs to be sufficiently long for something like this to be possible. Besides, I think there must be heaps of differences depending on the keyboards (key mapping, dimensions, key response times etc.) that would need to be addressed somehow unless the password is for a specific, physical machine.

Sporkin
Chatter
Chatter
Posts: 181
Joined: Fri, 20 Jun 2014 2:16 pm

Re: Deep Web Dark Web etc..

Post by Sporkin » Thu, 13 Aug 2015 4:47 pm

True i was thinking only on QWERTY keyboards, the cadence would change immensely if say you were using your mobile for input. I suppose you could always use a biometeric anal probe if you wanted that nth degree of security....
x9200 wrote:
Sporkin wrote:I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.
I would expect the password needs to be sufficiently long for something like this to be possible. Besides, I think there must be heaps of differences depending on the keyboards (key mapping, dimensions, key response times etc.) that would need to be addressed somehow unless the password is for a specific, physical machine.

User avatar
rajagainstthemachine
Manager
Manager
Posts: 2871
Joined: Sat, 24 Nov 2012 10:45 am
Location: Singapore

Re: Deep Web Dark Web etc..

Post by rajagainstthemachine » Thu, 13 Aug 2015 6:26 pm

one could do what sporkin stated with an analog telephone and simulate dtmf pulses, back in the day people actually used to lock the keypad on a telephone in India lol
eg image below
Image

you didnt need the rotary dial or for that matter pulse dialing to initiate an outbound call from that telephone, you just needed to go off hook and presh the hookflash with a certain frequency of your hand that matched the digit outpulsing. :cool:
To get there early is on time and showing up on time is late

User avatar
kaseyma
Chatter
Chatter
Posts: 214
Joined: Sat, 05 Apr 2008 6:15 pm
Location: in question

Re: Deep Web Dark Web etc..

Post by kaseyma » Thu, 13 Aug 2015 6:56 pm

rajagainstthemachine wrote:one could do what sporkin stated with an analog telephone and simulate dtmf pulses, back in the day people actually used to lock the keypad on a telephone in India lol
eg image below
Image

you didnt need the rotary dial or for that matter pulse dialing to initiate an outbound call from that telephone, you just needed to go off hook and presh the hookflash with a certain frequency of your hand that matched the digit outpulsing. :cool:
That used to work on payphones in the US, too, many, many years ago.

Sporkin
Chatter
Chatter
Posts: 181
Joined: Fri, 20 Jun 2014 2:16 pm

Re: Deep Web Dark Web etc..

Post by Sporkin » Thu, 13 Aug 2015 7:16 pm

It was called freaking or something like that wasn't it?

Sent from my C6903 using Tapatalk

User avatar
nakatago
Moderator
Moderator
Posts: 8363
Joined: Tue, 01 Sep 2009 11:23 pm
Location: Sister Margaret’s School for Wayward Children

Re: Deep Web Dark Web etc..

Post by nakatago » Fri, 14 Aug 2015 6:36 am

Sporkin wrote:It was called freaking or something like that wasn't it?

Sent from my C6903 using Tapatalk
https://en.wikipedia.org/wiki/Phreaking
"A quokka is what would happen if there was an anime about kangaroos."

bgd
Manager
Manager
Posts: 1684
Joined: Wed, 25 Jul 2007 4:09 pm

Re: Deep Web Dark Web etc..

Post by bgd » Fri, 14 Aug 2015 11:15 am

I remember doing that in call boxes to save a few cents as a kid. We used to call it phone tapping. You would generally get through, but not always to the number you wanted.

Post Reply
  • Similar Topics
    Replies
    Views
    Last post

Return to “Computer, Internet, Phone & Electronics”

Who is online

Users browsing this forum: Bangkok Billy and 6 guests