Deep Web Dark Web etc..

[rajagainstthemachine]

. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.

I can't ever imagine that working too well, unless it is more of a 'walkie talkie' mode like voice memos in WeChat or Whatsapp.

at the moment the voice is on TCP. that wouldn't work too well on a tor network where there's a random path taken for each packet. its good for data but for real time voice its going to be terrible and end up with a lot of latency and jitter.

[zzm9980]

. I was surprised to know that there is voice over TOR as well -> https://guardianproject.info/2012/12/10/voice-over-tor/ pretty cool but it appears to be still at nascent stages.. i happened to chance upon it while reading about security threats that could impact a SBC.

I can't ever imagine that working too well, unless it is more of a 'walkie talkie' mode like voice memos in WeChat or Whatsapp.

at the moment the voice is on TCP. that wouldn't work too well on a tor network where there's a random path taken for each packet. its good for data but for real time voice its going to be terrible and end up with a lot of latency and jitter.

Even UDP will suck over tor for real time voice given the latency. Best to record messages and send.

[x9200]

The point of the hidden service is that the traffic never leaves the network, so even if the entry node is owned it shouldn't know what hidden service you're accessing.

A lot of the FBI's efforts have been to find flaws in the hidden service which expose its real IP, or try client side exploits. Easy since so many people using TOR are using known application stacks that aren't (or weren't previously) updated as frequently.

I read about some cases where they just matched the activities (anonymous) inside TOR with the open network activities. If the frequency and duration was sufficient, they were able to find a pattern. E.g. someone of the interest was doing something inside TOR and this followed timing of the traffic coming from IPs belonging to a specific machine/location. May sound like looking for a needle in a haystack but I guess if one is determined, it's mostly a matter of time.

[Sporkin]

I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.

"Deep dark web" or whatever is a non technical gibberish made up by the media. Although non-indexed sites and even sites with just IP (no domain) exist, that's not what this generally refers to.

What they're talking about are TOR hidden services. These are sites you can't just hit by IP unless you're coming over the TOR network and using a specific TOR-only address (.onion). Access to TOR hidden services are generally anonymous if the appropriate safeguards are taken, and not traceable. That said, US FBI, NSA, etc are getting really good at de-anonymizing the traffic. If you're doing something illegal enough that you'd be in their crosshairs, I wouldn't rely solely on it. (and if you are, google for the grugq's "opsec for hackers" paper to get some practical advice).

I believe it requires a lot of more effort to stay anonymous than just by using TOR. People don't even think about it. The authorities have access to the whole infrastructure so it may be enough to monitoring in/out from the TOR nodes to find somebody if sufficiently determined.

I think I read recently the way one types on the keyboard (timing-wise, or other) is also being used. Interesting stuff.

[x9200]

I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.

I would expect the password needs to be sufficiently long for something like this to be possible. Besides, I think there must be heaps of differences depending on the keyboards (key mapping, dimensions, key response times etc.) that would need to be addressed somehow unless the password is for a specific, physical machine.

[Sporkin]

True i was thinking only on QWERTY keyboards, the cadence would change immensely if say you were using your mobile for input. I suppose you could always use a biometeric anal probe if you wanted that nth degree of security....

I've always wondered if typing cadence can be recorded with a password i.e it's not just the password itself that has to match but also the flow of the typing, its probably difficult to maintain the same cadence in milliseconds but if we quantize it in 100, 250, 500ms blocks it should afford a certain degree of fudginess. If nothing else it just lengthens the password by embedding this extra data before hashing, but it does not strengthen the encryption algo itself.

I would expect the password needs to be sufficiently long for something like this to be possible. Besides, I think there must be heaps of differences depending on the keyboards (key mapping, dimensions, key response times etc.) that would need to be addressed somehow unless the password is for a specific, physical machine.

[rajagainstthemachine]

one could do what sporkin stated with an analog telephone and simulate dtmf pulses, back in the day people actually used to lock the keypad on a telephone in India lol
eg image below


you didnt need the rotary dial or for that matter pulse dialing to initiate an outbound call from that telephone, you just needed to go off hook and presh the hookflash with a certain frequency of your hand that matched the digit outpulsing.

[kaseyma]

one could do what sporkin stated with an analog telephone and simulate dtmf pulses, back in the day people actually used to lock the keypad on a telephone in India lol
eg image below


you didnt need the rotary dial or for that matter pulse dialing to initiate an outbound call from that telephone, you just needed to go off hook and presh the hookflash with a certain frequency of your hand that matched the digit outpulsing.

That used to work on payphones in the US, too, many, many years ago.

[Sporkin]

It was called freaking or something like that wasn't it?

Sent from my C6903 using Tapatalk

[nakatago]

It was called freaking or something like that wasn't it?

Sent from my C6903 using Tapatalk

https://en.wikipedia.org/wiki/Phreaking

[bgd]

I remember doing that in call boxes to save a few cents as a kid. We used to call it phone tapping. You would generally get through, but not always to the number you wanted.