THE SIGNAL 📡

Dianne Feinstein - Isn't It Ironic

NEWS ARCHIVE 021 INTRODUCING PROOF-OF-WORK DEFENSE FOR ONION SERVICES by pavel | August 23, 2023 Today, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8. Tor's PoW defense is a dynamic and reactive mechanism, remaining dormant under normal use conditions to ensure a seamless user experience, but when an onion service is under stress, the mechanism will prompt incoming client connections to perform a number of successively more complex operations. The onion service will then prioritize these connections based on the effort level demonstrated by the client. We believe that the introduction of a proof-of-work mechanism will disincentivize attackers by making large-scale attacks costly and impractical while giving priority to legitimate traffic. Onion Services are encouraged to update to version 0.4.8. Why the need? The inherent design of onion services, which prioritizes user privacy by obfuscating IP addresses, has made it vulnerable to DoS attacks and traditional IP-based rate limits have been imperfect protections in these scenarios. In need of alternative solutions, we devised a proof-of-work mechanism involving a client puzzle to thwart DoS attacks without compromising user privacy.  How does it work? Proof of work acts as a ticket system that is turned off by default, but adapts to network stress by creating a priority queue. Before accessing an onion service, a small puzzle must be solved, proving that some "work" has been done by the client. The harder the puzzle, the more work is being performed, proving a user is genuine and not a bot trying to flood the service. Ultimately the proof-of-work mechanism blocks attackers while giving real users a chance to reach their destination. What does this mean for attackers and users? If attackers attempt to flood an onion service with requests, the PoW defense will kick into action and increase the computational effort required to access a .onion site. This ticketing system aims to disadvantage attackers who make a huge number of connection attempts to an onion service. Sustaining these kinds of attacks will require a lot of computational effort on their part with diminishing returns, as the effort increases. For everyday users, however, who tend to submit only a few requests at a time, the added computational effort of solving the puzzle is manageable for most devices, with initial times per solve ranging from 5 milliseconds for faster computers and up to 30 milliseconds for slower hardware. If the attack traffic increases, the effort of the work will increase, up to roughly 1 minute of work. While this process is invisible to the users and makes waiting on a proof-of-work solution comparable to waiting on a slow network connection, it has the distinct advantage of providing them with a chance to access the Tor network even when it is under stress by proving their humanity.  Where do we go from here? Over the past year, we have put a lot of work into mitigating attacks on our network and enhancing our defense for onion services. The introduction of Tor's PoW defense not only positions onion services among the few communication protocols with built-in DoS protections but also, when adopted by major sites, promises to reduce the negative impact of targeted attacks on network speeds. The dynamic nature of this system helps balance the load during sudden surges in traffic ensuring more consistent and reliable access to onion services. 🌐 Original Source (Tor Project) --- 📄 FEED CONTENTS 📡 THE SIGNAL

"One person's transparency is another person's surveillance." Dr Berg says certain pockets of the economy rely on cash because of the privacy it offers. "The most obvious one here is sex work … [which] tend[s] to be cash-heavy because [customers] like the privacy of cash." The changing role of cash According to an RBA survey, more than 25 per cent of respondents report they would experience inconvenience or hardship if cash was hard to access or use. For some, cash is less a valuable method of payment and more a store of value representing security. The onset of the coronavirus pandemic in 2020 saw a run on cash as bank customers withdrew funds, fearful of a stock market crash. "The amount of cash that we use to buy and sell things has continued to decline [since the pandemic] … but the amount of cash that's out there in the world has spiked, and it's because people aren't using it as a means of exchange, they're using it as a kind of security blanket," says Dr Vasantkumar. Banknote data from the RBA Annual Report 2022 bears this out: Although cash transactions are down, cash in circulation is up. According to the RBA, more than 2 billion banknotes are in circulation with a value of more than $102 billion, which amounts to around $4,000 in cash per Australian. Dr Vasantkumar argues that countries like Sweden have recognised that regulation is necessary to ensure financial inclusion and the ongoing viability of cash, because — while cash still exists in Australia — plenty are quite content to hold onto it. -----END TEARLINE----- Analyst: RD Derived from ABC (Australia) END REPORT OOOO

RR The Signal Wire 0130H August 25th, 2023 PRECEDENT: ROUTINE RR DTG: 012505Z AUG 25 ICOD: 012505Z AUG 25 CONTROLS: Public Release OOOO BLUF: Australia's transition to a cashless society raises concerns about financial exclusion, privacy and safety -----BEGIN TEARLINE----- Aside from those that involve the tooth fairy, cash transactions are at an all-time low. According to the Reserve Bank of Australia (RBA), cash accounted for just 13 per cent of all payments made in 2022. The ability to pay by tapping our phones is partly driving the downward trend. "Even credit cards, or debit cards, are starting to feel a bit antiquated," Chris Berg, director of the RMIT Blockchain Innovation Hub, tells ABC RN's Download This Show. Cash payments plummeted during the first two years of the coronavirus pandemic, when online shopping spiked, and they show little sign of bouncing back. According to RBA data, just 7 per cent of Australians are "high cash users" (those who use cash for 80 per cent or more of their in-person transactions). That's a 50 per cent drop since 2019. While the benefits of phasing out cash include increased convenience, transparency and safety, the transition to a wholly digital economy risks excluding some sections of society. "A lot of policymakers will talk about the end of cash as if it is something we should be aspiring to," Dr Berg says. So if a cashless society doesn't benefit everyone, who pays when a country goes cash-free? Disadvantaged and at-risk communities The transition away from cash disproportionately affects disadvantaged groups, such as people with disabilities and those who live in remote and regional Australia who have difficulty accessing digital financial services. Many people over 65 still rely on cash, with nearly one in five qualifying as high cash users. RBA data also shows that people from low-income households use cash more often than their more affluent counterparts. And while most Australians have access to a bank account, a small percentage of the population does not. Often described as "unbanked", this group comprises undocumented workers and others who lack identification, such as newly arrived migrants. "In the absence of cash, they are going to really struggle," Dr Berg says. In Sweden, one of the first nations in the world to embrace a cash-free economy, concerns about financial exclusion among marginalised communities saw a backlash against the shift to cashlessness, particularly when many bank branches removed cash-handling facilities altogether. Many now believe Sweden went too hard too early, removing cash-handling infrastructure that is hard to replace and leaving these vulnerable groups behind. Cash can also be a lifeline for victims of abuse who might have limited access to online financial services and cards. A spokesperson from 1800RESPECT told ABC RN that "access to cash can support a person experiencing family, domestic or sexual violence to make discreet purchases or payments, reducing their risk of being monitored or tracked through bank transactions by the person using violence". And in emergency situations, like floods and bushfires, "cash is king", says creative technologist Jessie Hughes. Electricity and telecommunications outages can take out digital networks and people's access to funds with them. For instance, during the devastating Lismore floods in 2022, electronic payment systems crashed, leaving flood victims unable to pay for essential items like water, food and fuel. Five local credit unions arranged for a helicopter to deliver a cash-filled ATM to the flood-ravaged town, where blackouts lasted for weeks. People who care about privacy Regulators such as the International Monetary Fund (IMF) are pushing to phase out cash, citing transparency as a major reason. But "transparency is a double-edged sword", says Chris Vasantkumar, a lecturer at Macquarie University who studies the anthropology of cash and cashlessness.

RR The Signal Wire 1100H August 5th, 2023 PRECEDENCE: ROUTINE RR DTG: 023005Z AUG 5 ICOD: 022505Z AUG 5 CONTROLS: Public Release OOOO BLUF: strong sign of Australia becoming cashless society -----BEGIN TEARLINE----- It appears Australia is truly on its way to becoming a cashless society, with the number of notes in circulation officially declining for the first time since dollars and cents were introduced in 1966. According to data from the Reserve Bank of Australia (RBA), more than a billion dollars worth of physical cash disappeared from circulation in the last financial year, a shift that's likely to make life more difficult for the elderly and for those in the regions. Authorities say less cash will also hurt the nation's criminals, who rely heavily on its use, making it harder for them to make transactions undetected. Every year since 1966 when the country transitioned from pounds and shillings to decimal currency, the total value and number of notes in circulation increased. That all came crashing to a halt in the 2022-23 financial year, with a sharp decrease in $50 notes especially. The RBA's survey of consumers' payment trends revealed that a third of Aussies now consider themselves "low cash users" - meaning they claim to use cash for less than 20 per cent of all their in-person transactions. In 2019, about half of the nation's residents were reported as such. Despite the rise of ultra-quick payment forms such as Apple Pay and other touch-and-go methods, cash use actually increased during the COVID years, despite the preference of electronic payments at the time. But jump forward three years, there's now just $101.3 billion in cash circulating around the country, according to the RBA, which is the smallest since November 2019. The number of $5 notes fell to the lowest point since October '19, with the number of $20 notes (May 2021) and $50 notes (August 2021) is also on a sharp decline. The $100 note however is increasing slightly, but even they are slowing overall. It's expected that cash use will continue to decrease in the coming years, similar to the use of cheques, which are set to wrap up completely in the country by 2030 -----END TEARLINE----- Analyst: RD Derived from 9 News Australia (original article) END REPORT OOOO

BROADCAST 049 FILE SHARING AND SYNC A how-to privately share your files between your devices, with your friends and associates, or anonymously online. FILE SHARING SEND Send is a fork of Mozilla’s discontinued Firefox Send service which allows you to send files to others with a link. Files are encrypted on your device so that they cannot be read by the server, and they can be optionally password-protected as well. The maintainer of Send hosts a public instance. You can use other 🌐 public instances, or you can host Send yourself. 🌐 Official Website Send can be used via its web interface or via the ffsend CLI. If you are familiar with the command-line and send files frequently, we recommend using the CLI client to avoid JavaScript-based encryption. You can specify the --host flag to use a specific server: ffsend upload --host https://send.vis.ee/ FILE ONIONSHARE OnionShare is an open-source tool that lets you securely and anonymously share a file of any size. It works by starting a web server accessible as a Tor onion service, with an unguessable URL that you can share with the recipients to download or send files. 🌐 Official Website 🏴 Tor Website 💻 Windows Download 🦄 Linux Download 🖥️ MacOS Download FREEDOMBOX FreedomBox is an operating system designed to be run on a single-board computer (SBC). The purpose is to make it easy to set up server applications that you might want to self-host. 🌐 Official Website FILE SYNC NEXTCLOUD (CLIENT-SERVER) Nextcloud is a suite of free and open-source client-server software for creating your own file hosting services on a private server you control. 🌐 Official Website ▶️ Google Play Download 🍎 Apple App Store 😼 Github Repository 💻 Windows Download 🦄 Linux Download 🖥️ MacOS Download 😈 OpenBSD Download ⛔ Warning: We don't recommend using the E2EE App for Nextcloud as it may lead to data loss; it is highly experimental and not production quality. SYNCTHING (P2P) Syncthing is an open-source peer-to-peer continuous file synchronization utility. It is used to synchronize files between two or more devices over the local network or the internet. Syncthing does not use a centralized server; it uses the 🌐 Block Exchange Protocol to transfer data between devices. All data is encrypted using TLS. 🌐 Official Website ▶️ Google Play Download 💻 Windows Download 🦄 Linux Download 🖥️ MacOS Download 😈 Open/Free/Net BSDs Download 📡 SIGNAL CONTENTS

OPEN PGP OpenPGP is sometimes needed for specific tasks such as digitally signing and encrypting email. PGP has many features and is complex as it has been around a long time. For tasks such as signing or encrypting files, we suggest the above options. When encrypting with PGP, you have the option to configure different options in your gpg.conf file. We recommend staying with the standard options specified in the 🌐 GnuPG user FAQ. 💡Tip: Use future defaults when generating a key. When generating keys we suggest using the future-default command as this will instruct GnuPG use modern cryptography such as Curve25519 and Ed25519: gpg --quick-gen-key [email protected] future-default GNU PRIVACY GUARD GnuPG is a GPL-licensed alternative to the PGP suite of cryptographic software. GnuPG is compliant with RFC 4880, which is the current IETF specification of OpenPGP. The GnuPG project has been working on an updated draft in an attempt to modernize OpenPGP. GnuPG is a part of the Free Software Foundation's GNU software project and has received major funding from the German government. ➡️ Google Play Download 💻 Windows Download 🦄 Linux Download 🖥️ MacOS Download GPG4WIN GPG4win is a package for Windows from Intevation and g10 Code. It includes various tools that can assist you in using GPG on Microsoft Windows. The project was initiated and originally funded by Germany's Federal Office for Information Security (BSI) in 2005. 🌐 Original Website 💻 Windows Download GPG SUITE GNU Privacy Guard (PGP implementation) Suite provides OpenPGP support for Apple Mail and macOS. It is recommended taking a look at their First steps and Knowledge base for support. 🌐 Official Website 🖥️ MacOS Download 📝 Note: The use of Canary Mail for using PGP with email on iOS devices is The Signal security recommendation OPENKEYCHAIN OpenKeychain is an Android implementation of GnuPG. It's commonly required by mail clients such as K-9 Mail and FairEmail and other Android apps to provide encryption support. Cure53 completed a security audit of OpenKeychain 3.6 in October 2015. Technical details about the audit and OpenKeychain's solutions can be found 🌐 here. 🌐 Official Website ▶️ Google Play App Download --- 📡 SIGNAL CONTENTS

BROWSER BASED SOFTWARE Browser-based encryption can be useful when you need to encrypt a file but cannot install software or apps on your device. HAT.SH Hat.sh is a web application that provides secure client-side file encryption in your browser. It can also be self-hosted and is useful if you need to encrypt a file but cannot install any software on your device due to organizational policies. 🌐 Official Website

FILEVAULT (MacOS) FileVault is the on-the-fly volume encryption solution built into macOS. FileVault is recommended because it leverages hardware security capabilities present on an Apple silicon SoC or T2 Security Chip. It is recommend storing a local recovery key in a secure place as opposed to using your iCloud account for recovery. LUKS (Linux) LUKS (Linux Unified Key Setup) is the default FDE method for Linux. It can be used to encrypt full volumes, partitions, or create encrypted containers. 😼 Git Repository (Readme.txt) Creating Encrypted Containers: dd if=/dev/urandom of=/path-to-file bs=1M count=1024 status=progress sudo cryptsetup luksFormat /path-to-file Opening Encrypted Containers: It is recommend opening containers and volumes with udisksctl as this uses Polkit. Most file managers, such as those included with popular desktop environments, can unlock encrypted files. Tools like udiskie can run in the system tray and provide a helpful user interface. udisksctl loop-setup -f /path-to-file udisksctl unlock -b /dev/loop0 💡Tip: We recommend you always back up your LUKS headers in case of partial drive failure. This can be done with: cryptsetup luksHeaderBackup /dev/device --header-backup-file /mnt/backup/file.img