? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

Klaus Zimmermann on ZeroNet

A hacker stuck in a world of conformity.

I code, advocate free software and try to do my best to make the world a better place. Help me out in my campaign!

kzimmermann

Follow me!

Follow in NewsfeedFollowing

Latest comments:

Random pseudonym generator

on Aug 16, 2016 · 1 min read ·
2 comments

Building on top of my previous post on username privacy concerns, I realized that sometimes a better "cloaking" can be built on top of your nondescript username by associating a pseudonym on top of it.

Likewise usernames, you shouldn't make a pseudonym a name that somehow can be traced back to your personality, birthplace or other identifiable reference, but in practice this can be not so easy to do. We all tend to drift back to something we've already seen before when thinking about picking "a name, any name," which clouds the judgement and reduces your chances for anonymity. This is why I decided to figure out a way to have random pseudonyms generated.

Read more

On usernames and privacy

on Apr 08, 2016 · 3 min read ·
3 comments

I'm writing this post after a white-hot, furious hacking session involving random device files, base64, and some good old Python. After my work on the strong password generator, I got to thinking about the implications on privacy rather than security of the authentication systems used in web apps.

Some stuff gets leaked by default because our browsers are naive (IP address, navigator string, etc) and most of it can be obfuscated by using the appropriate countermeasures such as Tor, NoScript, etc. However, there's one point that I believe is still overlooked: the username. Could a badly-chosen username effectively kill your anonymity online?

Read more

A graphical strong password generator

on Apr 04, 2016 ·
1 comments

I've updated my old strong password generator to be used in a simple GUI. Now people who dislike the command-line or have trouble copying and pasting text from it can equally benefit from having a strong password generated from simple, easy to remember strings!

enter a password seed and an identifier string

copy the generated password and paste it where you need it

No more excuses about picking weak passwords! Everyone can create strong and unique passwords now.

Read more

ZeroNet - Tips, tricks and beginners' questions

on Mar 22, 2016 · 4 min read ·
6 comments

There has been a huge growth to ZeroNet lately (perhaps started out in the end of February or beginning of March) that has really impressed me. We went from 70 peers or so on a good day to a whopping 800+ average in just a few weeks! Some people say it was because of Play and its fine torrent collections, others say that it was a movement away from other darknets such as Freenet or I2P, but regardless of what it really was, the bottom line is this: never has P2P software been so strong as it is now. This is a truly amazing feat.

With that said, this change also meant that a lot of beginners have flocked here, and may be slightly lost as to how does ZeroNet work. Looking to give back to this awesome community, I've decided to put some advice here based on my experience with it so far (I've been using it since around June 2015) that I gather everyday. I'm by no means the most experienced person around here of course, so if you have more advice to give, please feel free to add it in the comments to this post! I pulled some stuff from the official documentation so make sure you look into it as well.

Let's begin...

Read more

Blog engine updated!

on Mar 19, 2016 ·
2 comments

This is just a quick interlude post. A meatier one will come soon!

Klaus Zimmermann's ZeroBlog has just been updated with the latest ZeroBlog engine! This includes the option of feed following, so now you can subscribe to new posts as they appear.

Sorry if it took a while, but I didn't have the time before. Now it should be working great!

A real post will come soon.

Read more

A new post and update is coming soon...

on Mar 16, 2016 ·
4 comments

Promise!

I became so marvelled at how ZeroNet expanded in the past month that I got inspired to use it actively again. This time I'd like to do two things:

  • "Hold hands" with beginners and answer a few questions they all might be having
  • Update my blog's engine so as to allow the reader to follow my feed on the home timeline.

Post coming soon!

Read more

The concept of Web Browser needs to change

on Jan 23, 2016 · 4 min read ·
12 comments

I love web browsers. I'm using one right now, and I bet so are you. I use them every day to read the news, connect to friends. I do business with them, and perform financial transactions with them. In fact, a very large portion of my online interactions is done through these wonderful pieces of software. Does that mean I think browsers are perfect? Absolutely not.

It's time to rethink the concept of web browsers. Today this is not so much a proposition as it is a fact. I claim that browsers have become unnecessarily bloated and, in the process, also ripe targets for vulnerability exploitation, tracking and surveillance, and a potential platform for instituting DRM without the user knowing. The need for a change is very real.

Don't believe me? Read on.

Read more

Project Swarm: digital life based on P2P

on Dec 14, 2015 · 3 min read ·
11 comments

During the past few weeks, I dove deeply into P2P applications. To me they're, to put it simply, the future of free computing and networking, and what users need to switch to, if there's such an alternative to a proprietary service. My study eventually culminated into an idea: how much of my digital itinerary can I replace with just P2P applications?

Read more

Trying out BitMessage to replace email

on Dec 01, 2015 · 1 min read ·
7 comments

I'm on a roll now trying out all P2P solutions that I can find. It's like I'm in a game and every P2P system I try is another powerup I collect. My latest? Bitmessage. You can message me here:

BM-2cTfdPokxEpcVXiUFPmDQ7YHYq1LKwHxki

Bitmessage seems to be a very welcome replacement to stupid old email. What? Replace email? Are you crazy? you might say, but no, I'm perfectly sober right now. And currently I see two major flaws about email that are yet to be fixed even after a whopping 40 years of development history.

Read more

Customizing my ZeroNet life

on Nov 29, 2015

Despite my absence in posting to ZeroNet lately, I haven't been idle these days. I guess that one just cannot keep coming up with great posts every day, right TheOatmeal?

kzimmermann

Regardless, I've been researching a little more on how to customize my experience around ZeroNet to make it better, more familiar and dynamic to my tastes. So here are a few things that I've learned and modified on my blog to suit my needs:

CSS and JS files

Those were the basics: with my background of webdesign and development, I was able to change some of the choices of styling and formatting of the default ZeroBlog app to better suit my tastes. For example, I hate white backgrounds (they are hard on the eyes) so I changed my color scheme to something a little more relaxing. You can find them in the /css and /js folders of your site respectively.

It wasn't difficult at all: for most cases, the workflow was simply discovering the elements on the page with Firefox's F12 key, looking up the styling line in the CSS file and then changing it accordingly. The only tricky bit is that All ZeroNet sites add an extra frame to any page which may cause some confusion. Here's an example, where a static page gets the frame regardless

Custom subapps and pages

I haven't read all the specs on how do the ZeroNet sites work and talk to each other (I will soon, though, these are interesting) but in the meantime I fiddled around with the idea of having a distinct home page and then linking from there to this blog.

ZeroNet allows relative linking just like in a web server so creating a new static page is as easy as vim newpage.html. The "dynamic" portion of the content, it seems, is fed into the page by the content.json file and through SQLite (?) database files that you can see lying around the /data folder. How the interaction works I'm not so sure yet, but it looks like it's done through AJAX on page-load time, since ZeroNet is so Javascript-heavy.

I haven't taken this bit very far, but I did create a few separate pages to try it out. If this turns out to be possible, I can make this ZeroNet site my own homepage, linking it to the public internet through a proxy. And if I can develop a simple messaging app, who knows? Maybe I can even create a "contact me" form or something that gets it right to my email.

Other

I finally got around an old problem that I used to have in Zeroid.bit and now am able to post replies and use an identity in ZeroNet. This means that I can interact a lot easier with the remaining community (instead of just me posting things and shouting to the wind) which is great.

Perhaps this signals a great new era for me in ZeroNet, especially if I can export and use my private key elsewhere, like when I'm browsing through a proxY!

Read more

How can I convince someone to stop using plaintext communications?

on Nov 26, 2015

Seriously, how do I do that?

I'm not instructing anything in this post; I'm asking you a question. I'm asking because I frankly don't have the slightest clue about how can I do it anymore. I've tried convincing people with all arguments I could come up with, but they all shrug it off like it's superfluous or just some paranoia.

Let me provide a little background.

My friend told me a few days ago that she might have a stalker following her around in virtual life. She's the daughter of a mid-level executive of a famous company that's currently under a highly publicized media scandal, with the media screaming around every time it so much steps outside the line. Now, her father doesn't have anything to do with the issues being publicized, but to the eyes of the general public that matters little.

I already had advised her to start using encryption in her communications. Encrypted email was the first thing I recommended, but when she waved it off saying it was "too compicated" (which, in hindsight, might be for the complete beginner), I showed her the following:

  • XMPP with OTR through the Xabber mobile app
  • Encrypted SMS messages through SMSSecure
  • P2P encrypted messaging and calling through Tox

I didn't even venture into the issue of proprietary social networks, and the tracking by corporations; I kept the focus only in her personal direct communication means. And yet it wasn't enough. She said this was not needed, as that nobody would be able to read her messages or emails anyway. When I objected that a determined attacker did have the means to intercept her communications, she answered this:

"Ah, but they can't do that. That would be illegal. Like, you need a judge's warrant for that."

Oh yeah?

After you have been assaulted, raped or murdered, does it matter if your attacker found where you live or work illegally?

When you're being held a hostage for a ransom of few grands from your family, does it matter if the kidnapper found your location from your whatsapp chats without asking a judge's permission?

When your bank account suddenly has a thousand dollars missing, does it matter if the thief read the number and password from your plaintext email to your partner without asking if you were ok with it?

Illegal doesn't imply impossible. Especially when you don't care or are aware of the law. There's a side much bigger to encryption than just having privacy or confidentiality. Depending on your situation, not using it may risk your own or someone else's life.

She wasn't even convinced by these examples, and after this I simply gave up. When will people realize that encrypted communications are not simply a thing of secrecy, but rather a necessity in today's highly electronic world?

Read more

A simple cypher written in C++

on Nov 24, 2015

I wrote a simple Rotating Substitution Cypher engine in C++ that can be used to encode and decode simple messages without raising much suspicion - messages end up looking like an "alien language" instead of encrypted. You can find it in my NotABug repository, here:

https://notabug.org/kzimmermann/quickcypher

This is by no means a substitute to strong encryption, but rather a fun side project that you can use to jumble messages around. And if you create a complex enough cypher, I think the encoding can become fairly hard to solve. Here's a demonstration of the program.

Suggested applications:

  • Encoding a message for a friend (not whistleblower-ready!)
  • Creating strong passwords from simple, memorable words (as long as your cypher is complex enough)
  • Encoding already encrypted ASCII-padded messages so as to make decryption by brute force harder

Hope you guys enjoy it!

Read more

Problems that can be avoided by using p2p

on Nov 22, 2015

Usually, when you start hosting a web-based service, you have to start worrying about some things like these:

  • Availability
  • Scalability
  • Backups and contingency plans
  • Resilience
  • Quality of Service

It can be a real pain in the ass having to monitor your servers on a constant basis because there's always a possibility that the service will be lost for some time. Some people choose to self-host to minimize the effort into getting their hands into the server if it goes down. Do you know what is a better solution? Using P2P instead.

With P2P, all the problems listed above are irrelevant. Availability and resilience are supported and growing by the number of nodes that choose to host your content (this also makes it a good motivation for one to produce interesting content that people would like to host as well). Your data is backed up among the peers. You want to talk about scalability in P2P? P2P is the very essence of it: everyone who joins the network brings in extra storage, bandwidth and processing power so sites scale up naturally in performance.

By hosting a ZeroNet blog, for example, I don't have to worry about leaving my machine on an entire day while I'm off to work, and risk having it crash, overheat and burn the whole house. Content is pushed, peers get an update and the content stays available regardless of my own machine.

P2P represents a paradigm shift for the old adage of "server-client" model, and the idolization of 100% uptime service management. We can flip over the definition and make a world where everything is client-client instead.

Read more

I seriously need to get back to ZeroNet

on Nov 21, 2015

There's a perpetual problem with the hosting within the mainstream internet: even if you're self-hosting, you still need to think about availability, resilience, quality of service... all of which reduce to nothing when you go full P2P.

Seriously, dude, ZeroNet and the rest of the P2P networks are the future.

Read more

Darknets as a platform for hosting and publishing

on Sep 25, 2015

I am considering the ways that zeronet and other darknets could be used to enhance the word of self-publishing. Who knows? Maybe this could become the next generation of blogging, microblogging or even a full social network.

Read more
Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Title

21 hours ago · 2 min read

0 Comments:

user_name1 day ago
Reply
Body
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More