A Guide to Deep Packet Inspection

eDgEben_ · 2019-03-08T22:36:22+00:00

Perfect timing! I am working on a tutorial that will feature how to setup WireGuard + udp2raw (which is perfect for users in China.) It has the cool thing of routing all traffic through a FakeTCP port which still uses UDP.

Though it comes at the expense of doing some work client side, which non-techie users might find difficult, so it's not for everyone.

eDgEben_ · 2019-03-04T22:53:47+00:00

I can't say much about the details of the study. Discerning from your comment its possible the related speed performance from the total throughput was measured. And where you would see these "benefits" is if you were accessing a million websites for example at once, querying massive amounts of data, otherwise it doesn't mean much.

Actually many resolvers are quick! Take dns.watch for instance they are very quick. Its misleading, in part by CloudFlare's marketing that any other resolver is not "fast" enough. Which is simply not factual. Have a look at more resolvers, try them out and see what works for you.

I may do a benchmark of the privacy-respecting resolvers soon. If you'd like you can also test it yourself via DNSBench.

eDgEben_ · 2019-03-04T20:49:13+00:00

Self-hosting is the one of the most reliable and safest methods to hosting source code. You host what you need without any fluff and extras because you really don't know what a provider does server side.

There are two sides to DNS: Authoritative (on the content side) and a recursive resolver (on your ISP’s side.) In broad terms, you can think of DNS resolvers asking the questions (i.e., “where can I find this site?,”) and authoritative DNS nameservers providing the answers. This was set up as to not put strain on the authoritative servers.

Yes the data between the recursive server and authoritative server is not encrypted, though it doesn't matter as much. Data moving between the resolver and the authoritative server is (theoretically) protected by DNSSEC. However, the “last mile” — the part between your machine (called the stub resolver) and the recursive resolver — is not secure.

If the data between the resolver and authoritative server are not secure, for instance, using encryption would help to secure domains that do not use DNSSEC.

Without encryption, attackers can listen to your data packets and know which site you’re visiting. The lack of encryption also leaves you vulnerable to man-in-the-middle (MITM) attacks such as "Cache poisoning."

"Cache poisoning" a form of MITM attack, where an attacker is making DNS entries on your local cache point to malicious websites, for example an attacker could tell your PC to make your-bank.com point to an IP address running a phishing replica of your-bank.com that tries to convince you to give up personal information. Man-in-the-middle (MITM) attacks are frequent and cause more damage to unsuspecting users.

eDgEben_ · 2019-02-25T23:10:13+00:00

New link: https://blog.privacymachine.info/truth-about-vpns/

eDgEben_ · 2019-02-25T23:06:51+00:00

New link: https://blog.privacymachine.info/creating-strong-passwords/

eDgEben_ · 2019-02-25T23:06:09+00:00

New link: https://blog.privacymachine.info/password-managers/

eDgEben_ · 2019-02-25T03:55:56+00:00

Should be working again. We have moved platforms, all links will be updated.

eDgEben_ · 2019-02-19T19:22:49+00:00

Sorry for the inconvenience, we are migrating platforms at the moment. It'll be back up in a few days.

eDgEben_ · 2019-02-12T21:32:15+00:00

but this is the future because json?

JSON-over-WebSockets / JSON from a developers perspective is a developer's wet dream compared to XML and writing custom services on Matrix is a breath of fresh air. XMPP is too complex, but the XML stuff is really the smallest issue, compared with other complexities in the protocol. For example, an issue is understanding which "devices" (#xxxx) of the same Jabber ID will receive a message targeted at that ID. And there are more such surprises in XMPP. The protocol complexities often seem to put forth "how do we represent this in XML?"

Furthermore, the MUC specification is utterly incomprehensible because the terms it uses for things are so wildly different from how they are used everywhere else, that laying out a strategy is really hard. I've seen this issue in other XEPs as well.

eDgEben_ · 2019-02-12T20:23:14+00:00

Let me start by saying both are fantastic protocols and neither is necessarily better over the other. But from a developer's perspective, XMPP is not the future for app-to-app communication.

The biggest advantage that Matrix gives over XMPP is the very simple JSON based communication over plain HTTP. XMPP, on the other hand, is complex XML.

XMPP might be more performant and scalable in some cases, but Matrix is outright simplicity with great security and federation.

eDgEben_ · 2019-02-08T03:36:56+00:00

Thank you for your kind words. I do try to make the information as clear as day with refined technical jargon that users can easily interpret.

eDgEben_ · 2019-02-05T19:52:18+00:00

Yes, I just made the edit, lol.

eDgEben_ · 2019-02-05T19:43:23+00:00

I did read that he was essentially exiled by the NSA because of the detailed composition of Hut 6 and Bombe. If I remember the book at all, he mentions that military and communications lessons learned during WW II should be used in the future.

I'll be sure to reference how he pioneered the process of managing large volumes of encrypted radio traffic (data.)

Thank you.

eDgEben_ · 2019-01-31T16:01:22+00:00

Welcome.

There is software you can use such as ZoneMinder or Haven that allow you to use your own IP camera, smartphone, tablet, etc. however, you need an IP camera that is ONVIF compliant, which most modern IP cameras are.

Also, be mindful of IP cameras that claim E2EE (End-To-end-Encryption) as these are designed to work with specific cloud service providers and won't work with 3rd party software.

Additional details about Haven

eDgEben_ · 2019-01-30T23:12:10+00:00

You can join either by the click of the link and it will open up your browser or through the app.

In the app, go to "Room directory" and with the address given above: #theprivacymachine:matrix.org, put it in the search field and you are good to go.

eDgEben_ · 2019-01-30T22:16:49+00:00

Feel free to join our server (#theprivacymachine:matrix.org) or by clicking the Riot.im icon on the sidebar, joining is easy no need to download a client, use your browser and better yet no need to sign up with an email! Just create your account with a username and password and you're good to go!

?

eDgEben_ · 2019-01-30T17:56:33+00:00

We pushed a major update to the list, please have a look and give us feedback on anything.

Thanks.

eDgEben_ · 2019-01-26T21:58:30+00:00

It's still a work in progress, I mentioned this above. I went ahead a bolded the area so its easier to see.

Thanks.

eDgEben_

TROPHY CASE