• 0 Posts
  • 9 Comments
Joined 2 years ago
cake
Cake day: June 25th, 2023

help-circle
  • Fair enough, I got the wrong impression with the post (which I did read) finishing with

    It is not impossible to circumvent these issues, for instance by paying for a jmp.chat phone number with monero XMR. In this case you don’t actually have the sim, but rather access it remotely over XMPP. If you do this over Tor very little can be used against you.

    and so on, which I found wanting from a privacy perspective at the implied threat level. No phones (or perhaps faraday bags, or aircraft mode, if tested, depending on threat model) is a much more astute take home, hence the spycraft suggestion.

    Anyhow, best of luck.


  • So, your key takeaway seems to be getting an untraceable phone number. From an opsec point of view I see a few problems.

    First, this is implicitly aimed at going against state level actors, which is a whole other game than random internet services. With that in mind…

    You assume TOR is actually anonymous, but it has been shown that with enough compromised exit nodes that fails. It’s also a NSA project originally, which may or may not be relevant, the code may be good and is open and has had eyes on, but at the least shows they are intimately familiar with it.

    You assume acquisition of Monero is uncompromised and untraceable. Perhaps cash at a machine might be pretty good, but a camera could easily invalidate it, or the machine itself be compromised, wouldn’t be hard to imagine a profit motive or false flag driving that.

    What’s the security implications of the XMPP protocol ? Just using TOR may not be enough (I don’t know, just asking the questions). What about the other end of the phone call?

    One approach, especially for local efforts, is just using old school spycraft, dead drops, one time pads etc.

    You asked for feedback.