Heres a riddle for you: What does voat have in common with 4chan, 8chan, archive.is, and thepiratebay? ( conspiracy )

submitted by Sciency

The rabbit hole goes deep on this one, and you don't need to go much deeper than wikipedia to see it.

https://archive.is/9j8aw

Voopin__Voopin

so can i visit the archive link now? i missed this thrad when originally posted, and in light of archive being compromised...

Sciency

Probably best not to. Most of them were just wiki and bloomberg business links for the people mentioned. At the time I was unaware of the exploit on archive.is specifically, and wanted mostly to illustrate that a host of this size going down would mean you don't have anything left for free speech on the internet. It the feds take down this host, it would be like turning the free internet off.

Then the 3 litter agency ties were PMed to me by another user, and I went wild in the comments. This info is still out there and still live, so research away.

Voopin__Voopin

thanks for the info! So should I stay away from archive alltogether? or just dont use it for viewing sensitive shit? The latter was my primary purpose for using in the first place :(

also, for elaboration

host of this size going down

do you mean archive actually going offline? or the fact that it got compromised with an IP harvester?

Sciency

Ill try and lay out my thinking here, but this is a lot of theory on my part, just FYI.

should I stay away from archive alltogether?

Its a hard call. I only have a surface understanding of this exploit, and Ive only heard about it from the one source posted today. To the credit of that claim: I have all a browser addon that blocks "hijack attempts" to send you do another domain, and Ive had cases where the page would stop working alltogether while trying to archive a site. This vulnerability is probably unrelated to the NSA/FBI/CIA connections many of these sites have. Im also not sure if this exploit applies to everyone who visits, or just those who archive pages. I suspect the latter.

My new worry about archive.is is that advertisers are harvesting IPs of those people who are costing them money. Advertisers have the most to lose from these archiving services. Who knows what they might do with that info?

do you mean archive actually going offline? or the fact that it got compromised with an IP harvester?

Either or, really. This host (wiki link) has been a longtime proponent of free speech, and theyre the only US host that has economic prices for DDoS protection. These two factors mean that lots of very vocal people (good and bad) all use thise service to host their sites safely, and in theory anonomously. VPN hosting and DDoS protection are their key selling points.

Even if all the suspicious connections in their past are coincidence, Its still safe to assume that the NSA has direct access to everything that passes through any given corprate server, as laws now require compliance with any national security invesigation. Of course, the NSA operations are already by definition matters of national security under project stellar wind (wiki link).

So this raises the question I dont have a solid answer for: Why does it bennifit the 3 letter agencies to have all vocal free speech hosted by one legal entity? They already have the ability to pull man-in-the-middle attacks (like what archive.is has happening), but on a universal scale?

My working theory is this: If things get out of control for the 3-letter agencies, the fbi will shut down the host, leading to a complete blackout of all these sites (1.8 million iirc) until they could rehost. It would likely take days, if not weeks. A lot can happen in 3 days, and a true week of the internet going dark could start or stop wars depending on the context. Its the biggest security flaw the internet has, from my view anyway.

Hope that explains a bit for you.

Voopin__Voopin

it does, and im rereading it a few times. (been a long day)

i am really having a hard time right now deciding whether to click any archive links anymore. I used the FUCK out of that site, feel like im missing a lot now.

Sciency

I can definately relate, the internet has become a minefield for everyone. If you have a VPN, you should be immune to the archive.is exploit. TOR would be another option. Neither VPNs nor TOR are truly secure, but they sure as hell trump ip gathering scripts.

On the browser side, id recommend pale moon (an actively developed open-source fork of firefox) and a few good addons like no-script(always asks to activate javascript,) ublock origin (ad blocker with no corprate whitelist), HTTPS everywhere (might be called 'encrypted web' for palemoon), secret agent which randomizes your user agent ( browser verson, operating system, ect) and a cookie manager (like 'self-destructing cookies'). I also use 'flagfox' to keep an eye on what country a given page is hosted from.

Once behind a VPN, youll want to make new accounts for any and all websites you use, and keep them strictly for use while behind VPN.

If you do all of the above, and dont click silly links, youll be un-gettable by corprate level players, and (still) completely in the open to NSA level survailence. That's just the nature of it now days.

Good luck out there, and dont be stupid :)

Sciency

Acquired in June 2014, CryptoSeal was implemented to increase the security services provided. Wiki has the following to say about Ryan Lackey is the creator of CryptoSeal:

Lackey operated BlueIraq, a VSAT communications and IT company serving the DoD and domestic markets in Iraq and Afghanistan during the US conflicts.

In other words, they bought software from the the founder of a cell phone provider that served to spy on the local populations of Iraq and Afghanistan during US conflicts.

frankenmine

You can get similar service from many other providers, just not as cheap.

Why is it so cheap? That's where it gets suspicious. A three letter agency may be funding them in exchange for access to decrypted HTTPS data.

Sciency

Now you're asking the right questions. Take a guess which 3 letter agency has a multi billion dollar data center about 20 miles from park city.

Sciency

Owned and managed by Unspam. From their own website, the first words out of their own mouth:

Unspam is a software and services company helping governments implement and enforce effective laws to control unwanted messages.

https://archive.is/70lNC

I hope your tinfoil hat is securely fastened.

Sciency

The host's 2009 pivot brought a round of fund-raising which involved Pelion Venture Partners and Venrock ( venrock's wiki ). They would later receive the rest of their 182 million in funding from New Enterprise Associates (NEA is the biggest private venture capital firm in the world), Fidelity Investments, and Google Capital.

Atarian

Do you know what Cloudflare is for?

I use it on some of my sites.

Womb_Raider

He's not disputing it as a valuable service, he's saying that they're doing more than they let on. Potentially very nefarious.

Sciency

The wiki covers that pretty well. DDoS protection and reverse proxy being their selling points to the average site.

solar_flare

Cloudflare seems to be a necessary evil at this point given the state of DDoS attacks. You can always use a VPN or Tor or both to access these websites.

Sciency

Cloudflare seems to be a necessary evil at this point given the state of DDoS attacks.

It seems suspicious to me that there's only one viable option for such services.

You can always use a VPN or Tor or both to access these websites.

Very true, but its not like those services are bullet proof either.

solar_flare

It seems suspicious to me that there's only one viable option for such services.

Indeed, and we desperately need better options. I think it would be interesting for there to be a decentralized solution using P2P and the blockchain. Any good centralized cloud service needs to be highly transparent(independent server-side inspections and whatnot), be based on at least open source software but preferably libre software, and accept bitcoin as payment.

Very true, but its not like those services are bullet proof either.

That's correct, but it's some protection nonetheless. Of course it goes much deeper with things like browser/machine/habits/grammar fingerprinting and packet size/timing monitoring, the latter doesn't have much of a solution that I know of at this point, unless there's an encrypted proxy service with traffic padding and delay options with a sufficient amount of users on each node.

Sciency

That, or possibly something much much worse for the internet. If this host went down today, many sites wouldn't be able to rehost before the election. Combine that with a test run of a DNS attack that left the better part of the internet as unlisted... Well you could fight world war 3 and people 100 miles away wouldn't know until it was already over.

This is the internet's single biggest pressure point. All of our free speech eggs in on one basket, and the basket just happens to be hosting ISIS' chatboards.

Sciency

In 2007, 3 people out of park city utah got funding for a tech start-up with a pretty interesting name. Some pretty interesting people funded them. They restructured in 2009, gaining additional funding from some people with rather controversial last-names. By 2012 they had joined the billion dollar club, and today they host upwards of 1.6 million active domains.

So how do you go from less than 2 million in upstart funds, to a billion dollar private web hosting service in 7 years? Well, it helps to get a glowing recommendation from lulzsec (the guys who hacked sony and the CIA webpage) 3 weeks after their leader Sabu flipped to become an FBI informant.