Even if you have encrypted your traffic with a VPN (or the Tor Network), advanced traffic analysis is a growing threat against your privacy. Therefore, we now introduce DAITA.
Through constant packet sizes, random background traffic and data pattern distortion we are taking the first step in our battle against sophisticated traffic analysis.
The Chinese Great Firewall (GFW) has already been using machine learning to detect “illegal” traffics. The arms race is moving towards the Cyberpunk world where AIs are battling against an AI firewall.
Careful criticizing China you will awake the Tankies.
Drums, drums in the deep …
HI WINNIE POOH! How have you been, have you had your daily dose of honey yet?
One day those tankies people here keep talking about are going to show up.
One day.
I always check under my bed each night to make sure there’s no tankies.
After I blocked hexbear and similar instances I haven’t scene them which is nice. Occasionally I’ll see a Lemmy world one but that is pretty rare.
I’d say they are more common on Lemmy.ml than Lemmy.world
Yup. I generally avoid communities on lemmy.ml and I’m much happier for it. I used to sub to several because that was the biggest instance, but now other instances (this one, mine, and some others) are big enough to replace the stuff I don’t like there.
I don’t like that the community is divided like this, but it’s more pleasant I suppose.
Lemmy.ml was originally only federated with Lemmygrad.ml, so most people who stayed around in those days were quasitankie themselves
Lemmy.world has many tankies. You keep seeing them pretend israel is not committing Genocide and America needs to kill all student protesters Tiannenmen style. They are also called liberals
Lemmy.ml does not have many tankies.
This is some top level spin here.
no u!!!
mental illness
Muh historical nihilism
I think our instance defederated with hexbear.
I have some first hand experience with this. Brand new XMPP server, never before seen by anyone in the world, blocked within about 12 hours. Wireguard VPN on AWS lasts for a few hours on some networks, more on others. Never longer than a few days though.
From China?
I was there in 2017 or 2018 and set up a Shadowsocks server before I went with whatever the latest mitigations were that I could find at the time. My server wasn’t completely blocked, but ended up getting throttled to hell after a few days.
Still waiting for Defense Against the AI Dark Arts to drop
DAIDA
?
Harry Potter reference.
And Dumbledore’s AIrmy for when they forbid DAAIDA as an anti-terrorist measure
No port forwarding really kills the utility though - I mainly use the VPN to do port forwarding (e.g. for video games, Plex, etc.) as my ISP is shit.
Like I’m not worried about state-level de-anonymisation, I just want to be able to share services remotely and have a minimum level of anonymity.
How does port forwarding help with videogames?
Opens up your NAT for matchmaking
I host a server, I forward the port, my friends can connect to the open port on the VPN side.
My ISP does not offer port forwarding.
Someone else pointed out Tailscale; I’ve had luck with free tier VPS+WireGuard.
I have an Oracle one which has worked well. Downside is I did link my CC, because my account was getting deactivated due to inactivity (even using it as a VPN and nginx proxy for my self hosting wasn’t enough to keep it “active”). But I stay below the free allowance, so it doesn’t cost.
That said: as far as anonymity goes, it’s not the right tool. And I fully appreciate the irony of trying to self-host to get away from large corporations owning my data…and relying on Oracle to do so. But you can get a static IP and VPS for free, so that’s something.
Zerotier could also work for you
You can use Tailscale for this
I love these guys. Let’s see if somebody can just bootstrap the FOSS framework directly on TCP to work on the internet without a VPN. Fantastic project
Those words sound cool and mean literally nothing
Bootstrapping See the Application section specifically.
FOSS = Free/Open Source Software TCP = Transmission Control Protocol VPN = Virtual Private Network
These words mean a lot actually. Pretty basic terms when it comes to the internet.
That means the same as fossing the tcp so it bootstraps your privacy.
See I can sound like a bot too. Or a journo.
Yes, the individual words have meanings, as words tend to do. Those words, in that order, form a NCIS, two people typing on the same keyboard, level word salad that has so little real world relevance that it tips soundly into the absurd.
Err… Like… a 2009 Java applet? Those were built straight on TCP. And the lack of security let anyone else in the same LAN cafe steal your password.
The closest thing I can think of that goes for the vibe you’re talking about is I2P
How about defense against dhcp option 121 changing the routing table and decloaking all VPN traffic even with your kill switch on? They got a plan for that yet? Just found this today.
I doubt it would matter in some environments at all.
As an example a pc managed by a domain controller that can modify firewall rules and dhcp/dns options via group policy. At that point firewall rules can be modified.
Don’t you control your dhcp server?
The Option 121 attack is a concern on networks where you don’t.
Exactly where you’d want a VPN. Cafes, hotels, etc.
True that. Hadn’t thought of that as it’s not my typical VPN use case.
I’m not sure what a VPN provider could do about that though, they don’t control the operating system’s networking stack. If the user or an outside process that the user decides to trust (i.e. a dhcp server) adds its own network routes, the OS will follow it and route traffic outside of the tunnel.
The defenses I see against it are:
- Run the VPN and everything that needs to go through the VPN in a virtualized, non-bridged environment so it’s unaffected by the routing table.
- Put a NAT-ing device in between your computer and the network you want to use
- Modify the DHCP client so that option 121 is rejected
Edit: thinking about it some more, on Linux at least the VPN client could add some iptables rules that block traffic going through any other interface than the tunnel device (i.e. if it’s not through tun0 or wg0, drop it). Network routes can’t bypass iptables rules, so that should work. It will have the side effect that the VPN connection will appear not to work if someone is using the option 121 trick though, but at least you would know something funny was happening.
Of course but you don’t control rogue dhcp servers some asshat might plug in anywhere else that isn’t your network
I swear the defense against the dark arts teacher just keeps getting weirder and weirder.
I can tell you that this exists way before AI, I wish that there was more awareness earlier but it’s good that now its starting
I use Mullvad really good, love how they don’t care who you are and can actually maintain complete anonymity even in payment.
Propably going to be banned soon for some stupid reason if gets popular, like free speech is allowing the terrorists make bears cry or something.
So it’s like a VPN-busta-busta?
What if they have a VPN-busta-busta-busta though?
Then we have to wait til they drop the legendary VPN-quad-busta
Windscribe had something similar already? Not exactly this, but they had a feature to add other random traffic to your network specifically to work against systems like these.
So… Tor?
Tor is much better than a VPN privacy wise. However, you are limited on speed and stuck with TCP.
