Huge Microsoft Outage leads to Global Closed Businesses

Banks, Airlines, Businesses Worldwide Shut Down.

London Stock Exchange’s news service was down.

In the US, many 911 and non-emergency call centers weren’t working properly.

Many television channels around the world have been hit by the outage, with Sky News in the UK broadcasting from a phone after its studio equipment failed.

The Paris Olympics organizing committee also said it had been hit by the outage, but that it had contingency plans in place.

In Europe, Amsterdam Schiphol Airport—one of the continent’s biggest connecting hubs—was shut to all arrivals due to the issues, according to Eurocontrol, Europe’s air-traffic-control agency. KLM Royal Dutch Airlines said it had suspended most of its operations.

This story not only shows the horrible dangers of Microsoft’s operating system, but also proprietary software that constantly and unnecessarily monitors systems that otherwise could be offline. CrowdStrike is a corrupt pro-Democrat firm that supposedly does cybersecurity. And it’s their software going down has caused Microsoft operating systems globally to have the blue screen of death. Thousands of airlines globally have delayed flights, and millions of people are being inconvenienced.

CrowdStrike’s bloated proprietary software is morally corrupt and forced upon workers. The software monitors all activity on a computer, even when offline actions are performed such as copying a file. Then this data is all sent back to CrowdStrike to be monitored for their supposed security purposes.

But what is never discussed is that CrowdStrike now has complete surveillance over all documents in organizations that could have otherwise been kept offline, and is now a centralized point of failure for incidents exactly like this. Further, it’s a massive invasion of privacy for employees, and is often pushed on them for all their devices.

CrowdStrike’s invasive software is difficult to remove, and hijacks the system at the OS-level. It’s not something employees can just toggle on and off. While as if employees were just using Linux and end-to-end encrypted communication systems, this would not only save companies money, but has a more reliable track record for reducing security inncidents.

CrowdStrike is famous for lying about Wikileaks. Even though they had no special knowledge, these supposed experts mouthed off malicious lies that Wikileaks was a hack, and not leak. Their goal was to create trust in Hillary Clinton, which they failed to do because they provided zero proof.

Between Microsoft and CrowdStrike, they have invaded all corporate computers with surveillance of all OFFLINE activity, that has now brought corporations globally to a screeching halt. Now is a great time to switch over to Linux, using our rich educational resources.

On September 11th the World Trade Center skyscrapers collapsed at the speed of gravity,

By the laws of physics, this would be impossible without internal explosions, according to the thousands of members of the architects and engineers for 9/11 Truth.

The same people who dismiss this, are the exact same people who with covid-19, tell me to “just FOLLOW THE SCIENCE”

Thanks, yeah should be, SimplifiedPrivacy@getalby.com

maybe its liquidity on your end?

WireGuard is faster, but has a 2 minute log of IP. This is not a big deal, but on Tor, it’s not faster.

Tor is slow due to latency, while WireGuard is faster due to throughput.

So you get no speed benefit but the minor downside. It’s a small point though to have this 2 min log.

I wouldn’t worry about it unless it’s a huge deal what you’re doing on Tor.

https://simplifiedprivacy.com/vpn-protocols-which-one-should-you-use/index.html

very nice, gracias

Yes sir, the sources at the bottom

I see. Could use a bridge? Host your own, or we can help

How you can be deanonymized through Tor

Tor is an excellent tool for privacy, and we do not recommend you avoid it. However, there are many limitations to be aware of and ways of using it that can compromise your anonymity on Tor. This post will discuss just a few of the ways, but there may be others that the public is unaware of. For example in 2017, the FBI dropped a case against a school worker accused of downloading child pornography because the FBI would have rather let him go than reveal the source code for how they deanonymitized him through Tor. [1]

The techniques we will cover include:

1) JavaScript based attacks

2) Cookies

3) Compromised Exit Nodes

4) Compromised Middle Relays

5) Compromised Entrance Guards

6) Opening Files Outside Tor

7) Ultrasonic Sounds

JavaScript Attacks

JavaScript can be used to identify a user through Tor in a number of different ways. This is why Tor Browser comes pre-bundled with the “NoScript” plugin. This plugin can either reduce or disable JavaScript’s ability. When the plugin is set on the “Safest” setting, JavaScript is completely disabled. This level of security is required to completely stay anonymous and secure on Tor.

The first way that JavaScript can identify a user is if a malicious website were to inject code into Mozilla Firefox (the foundation upon which the Tor Browser bundle is built). An example of this exploit was demonstrated as recently as 2022 by Manfred Paul at a Pwn2Own hacking contest of getting a user’s real IP address through Tor. [4a] [4b]

But this is not a one time bug or incident, as Mozilla Firefox has a history of being vulnerable to these types of malicious JavaScript injections. Malicious script hacks caused Tor to have to patch to correct them in 2019 [5], 2016 [6], and 2013 [8].

Back in 2016, cybersecurity researcher Jose Carlos Norte revealed ways that JavaScript could be used to identify Tor users through its hardware’s limitations. These advanced techniques fingerprinted the user’s mouse movements, which are tied to hardware restrictions and potentially unique operating system settings. Norte additionally warned how running CPU intensive code could potentially identify the user’s PC based on how long it takes to execute. [7]

The point of all of this is that all of these vulnerabilities did not work when NoScript was set to the safest mode of disabling JavaScript.

Browser Alone doesn’t stop cookies

Another security issue with Tor is pre-existing cookies, which could compromise your anonymity. For example, let’s say you previously signed on to your Amazon account from the same computer you are now using Tor Browser in (but using a different browser). If you now visit an Amazon page using Tor Browser (or maybe even receive a forwarded Amazon URL), you could potentially be connected to the Amazon cookie already on your computer and be deanonymized instantly. This would immediately connect the Tor traffic with you.

Remember though that Tor Browser is only one of a few options for using Tor. The way around this cookie issue is to use Tor in a virtual machine with the Whonix operating system or the USB operating system version of Tor called Tails.

Compromised Tor Exit Nodes

Your traffic enters Tor encrypted and stays encrypted through its journey throughout the mixnet until it gets to the final stop, which is the exit node. Here the exit node communicates with the “regular” clearnet without Tor’s onion encryption to access a website on your behalf.

Outside of Tor on the “regular” clearweb internet, most websites use httpS encryption. This is shown with a padlock in the top by the URL. If the website is http, without the “s,” then it’s unencrypted plain text data. Anything you do using an unencrypted http website with a Tor exit node can be snooped on and seen. However, this risk is relatively low because of the high percentage of websites that use httpS.

The biggest risk is that the httpS encryption can be removed using SSL stripping. This is when the Tor Exit node acts as a man in the middle, faking the server with which you’re trying to authenticate and downgrading the connection to httpS. For example in 2020, a malicious actor took control of over 23% of all Tor exit nodes and started doing SSL stripping to steal Bitcoin being sent on mixing websites. [9] [10]

To prevent against these types of attacks, upgrade the Tor security level to safest, which requires the use of HTTPS encryption with “HTTPS-Only”. Also pay attention to the top icon by the URL bar, to make sure there’s always a padlock showing it’s using this encryption.

You can click on the icon to see your Tor connection route and the certificate authority. Certificate authorities are the entities that validate the authenticity of the HTTPS encryption to this IP address. On a side note, these certificate authorities can act as a censor by removing an entry’s IP address, and this is one of the flaws that many cryptocurrency blockchains are actively working to solve.

Another way to prevent malicious Tor exit nodes from stealing your data or cryptocurrency is to avoid using exit nodes by using primarily Onion services. If you only login to Onion websites, then you never exit Tor. This doesn’t mean completely avoiding clearweb sites, but try to only browse them and not login. It’s the login/password credentials that malicious exit nodes steal with SSL stripping.

Malicious Middle Relays

The next type of risk is malicious middle relays — the hop between an entrance guard and an exit node. For example, the malicious group KAX17 had been identified as having run up to 35% of the middle relays and 10% of the overall Tor network before the official Tor project removed 900 of its servers. [15] [16]

While malicious exit nodes often want to steal Bitcoin or data, the goal of malicious middle relays is to deanonymatize users by seeing the path of their traffic. This is especially true on Onion hidden services because it doesn’t even use exit nodes.

There are a few things you can do to reduce this risk. We will go over them in the entrance guard section, because they are the same methods.

Malicious Entrance Guards

Entrance guards can see what IP address is connecting to the Tor network, but can’t see the traffic itself as it’s onion layer encrypted. However, they can gather some information, such as the time, size, and frequency of the data packets.

Researchers from Massachusetts Institute of Technology and Qatar Computing Research Institute wrote in a 2015 paper that if one of their malicious machine learning algorithm servers gets randomly picked to be a user’s entrance guard, then it may be able to figure out what website that user is accessing. The MIT researchers are able to do this by analyzing the patterns of packets from a pre-determined list of websites and seeing if they match the traffic their malicious entrance guard snoops. [17] [18]

According to MIT News, the MIT machine learning algorithm has above an 80% chance to be able to identify what hidden services a given Tor participant is hosting, but there are two conditions. First the host has to be directly connected to its malicious entrance guard and second the hosted site was on MIT’s predetermined list. [18] And finding who is the host of controversial materials is often of more interest to oppressive regimes than just who are the website’s visitors.

How can you avoid this?

There are a few ways you can reduce your risks with malicious entrance guards and middle relays.

First, use your own hosted ob4s bridge as an entrance guard to avoid ever having both a malicious relay and guard. Our company can help you set this up on a cloud server (VPS) or you can do it on your own.

And second, you can enter Tor with a VPN first.

Opening Files Outside of Tor

If files are opened outside of Tor Browser, they could have code that executes and reveals back to an adversary your real IP address. To avoid this, one can use a dedicated virtual machine like Whonix, which forces all traffic in the VM through Tor. Another option is the Tails operating system on a USB stick, which automatically erases everything after you’re done.

However, if you want to use a PDF outside of Tor, then you’ll need to convert it to plain text. One great Linux tool to do this inside Whonix’s command line is PDFtoText. You can install it with this command:

sudo apt install poppler-utils

Then use it with this:

pdftotext -layout input.pdf output.txt

The -layout flag keeps the original layout. input.pdf is the original file, and output.txt is what you want the output to be named.

Ultrasonic Cross Device Tracking

As University of California Santa Barbara cybersecurity researchers presented at a BlackHat European conference, malicious websites can identify users through Tor using sounds invisible to the human ear. [20]

The way this works is that many popular phone apps use Silverpush’s ad system, which can receive high frequency audio without the phone’s owner being aware of it. Audio of this type could be broadcast maliciously from a Tor website.

Silverpush enables the sale of your location data

These doctoral researchers warned of the dangers Silverpush presents by being connected to wide-spread platforms such as Google Ads. To demonstrate this, the researchers played video of their lab experiment, which de-anonymatized a laptop through Tor Browser, as a result of an Android’s mic next to the laptop’s speakers, while being signed in to a Google account. [34]

While the researchers presented a Chrome browser app that can stop this, we do not recommend it for Tor use because of fingerprinting (and Tor Browser is Firefox based). The best solution is to turn off the speakers and any phones around you when visiting controversial or private websites. Also consider a degoogled phone with a custom operating system, such as Graphene or Calyx, which would allow you to modify when apps have microphone privileges.

Conclusion

In this article, we covered a variety of different ways your identity can be revealed through Tor. To summarize your best defenses are:

1) Disable JavaScript with Tor’s Safest Setting

2) Use a custom private entrance bridge (ob4s) for an entrance guard that you control. Our company can help you set this up, or do it on your own.

3) Use Whonix or Tails when you need JavaScript or for doing anything outside a browser, such as opening unknown software or files

4) Before connecting to Tor, first use a high quality VPN with OpenVPN (Wireguard won't be faster for Tor)

5) Avoid resizing Tor Browser because of fingerprinting

Consider sharing what you learned. And of course, here's the sources:

https://simplifiedprivacy.com/how-you-can-be-deanonymized-through-tor/index.html

This is factually true, but not that insightful, because you’re comparing investing to consuming an electronic.

Of course investing will always beat consuming. The real question is if the person bought in 2016, if they held it through the drawdown the next few years.

this is bravenewpipe?

its different than the other one

nostr:npub1x3n9jcp54npw2l6scvewdvy47jhvj30706u783nu2hktu6a8gc5q8f00qs, I’m going to answer publicly, so others can benefit to hear.

Ctemplar was an iceland email provider that shut down due to refusing to hand over data.

But Protonmail stays open because they hand over thousands a year.

When we designed our VPS combo, we did so with the intention that each customer gets a different account that is not related to us or other customers. This prevents any government from forcing us to hand over data or compromise privacy because we are not tied to any particular location, And it’s unclear who is even our customer.

This is the only way for us not to share the fate of Ctemplar or Protonmail. Because while a VPN company can say they don’t log, there’s no way for an email provider to dodge that they have emails coming in.

And with Nostr, Tor Onions, SimpleX, Session, cryptocurrency, and other tools, this makes us even so more independent of even any particular website server to advertise. Or any fiat bank to collect.

While it is less profitable for us to setup a VPS with a third party and walk away (because we don’t collect monthly fees), it gives me a sense of purpose to provide something of value that the market lacks.

As far as your 2nd question of public recommendations, please refer to: simplifiedprivacy.com/vps which has our list, although some providers need to be updated.

nostr:nevent1qqsrdsy2nkhzqr6345xcyffn9h8aehu0ux9cekak06tvcvskxgmrc2qpzamhxue69uhky6t5vdhkjmn9wgh8xmmrd9skctcpzpmhxue69uhk2tnwdaejumr0dshszrnhwden5te0dehhxtnvdakz7tlt3h3

for sure. even PGP signs with browser extensions should be a thing

Give me Liberty or Give me Death

yes pip does non-root uid without root. they justify it as it's more open and reviewed. also that the user used sudo to install pip/python3 to begin with.

I'm not saying I agree with this, just answering your question

Are you asking about who we use for our VPS combo, where we set it up for you,

or what providers we recommend in general for the US?

Thanks for admitting it. Most times people string us along for awhile as a form of DDoS

Ok, but the 2nd question is not only was there intent to kill or not, but was it a lone individual or the Deep State?

The people who think JFK was the CIA are not just “security minded”, but the logical evidence points to it

are you pranking? of course not. you want long random passwords with complex characters like %$#^

This list of breaches shows the importance of giving out minimal information.

Some tips:

a) Use a different random password for different accounts

b) Use an email alias service like AnonAddy or burners

As once a data breach happens and data is sold on the darkweb, the buyer will automate testing the password with that email, on OTHER services.

nostr:nevent1qqsxcn6cw68u7r4dysz2g2zv2wjerkmunn3canfw8geuy8v0jw2vtfsppemhxue69uhkummn9ekx7mp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7lkmf6n

Wait at the start of your reply, you're saying the Deep State shot his ear to make him win? or force biden to step aside? seems high risk