Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > alt.cypherpunks > #1184 > unrolled thread
| Started by | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| First post | 2026-06-03 15:32 +0200 |
| Last post | 2026-06-04 22:42 +0000 |
| Articles | 20 on this page of 21 — 3 participants |
Back to article view | Back to alt.cypherpunks
AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-03 15:32 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-03 23:48 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 00:02 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 00:59 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 01:45 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 02:06 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 02:17 +0200
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 07:24 +0000
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 07:20 +0000
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 12:25 +0200
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 10:18 +0000
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 12:58 +0200
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 11:32 +0000
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 13:52 +0200
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 12:06 +0000
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 11:51 +0000
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 14:08 +0200
Re: AEC - Air Gapped Encrypted Communications released Ch1ffr3punk <ch1ffr3punk@gmail.com> - 2026-06-04 12:12 +0000
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 15:10 +0200
Re: AEC - Air Gapped Encrypted Communications released Anne Frank <bounce.me@n2n.oc2mx.net> - 2026-06-04 18:11 +0200
Re: AEC - Air Gapped Encrypted Communications released Gabx <mail2news@virebent.invalid> - 2026-06-04 22:42 +0000
Page 1 of 2 [1] 2 Next page →
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-03 15:32 +0200 |
| Subject | AEC - Air Gapped Encrypted Communications released |
| Message-ID | <fac3c6eb89fb22946269@n2n.oc2mx.net> |
Hi all, https://github.com/Ch1ffr3punk/AEC -- Regards Stefan
[toc] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-03 23:48 +0200 |
| Message-ID | <64202228c0d8696907b3@n2n.oc2mx.net> |
| In reply to | #1184 |
No forward secrecy: long-term Curve25519 key reused for all messages. Compromise of ~/.aec/identity decrypts entire message history. Retroactive decryption of all archived ciphertexts if key is stolen.
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 00:02 +0200 |
| Message-ID | <6fe2b4fa26d2852d0176@n2n.oc2mx.net> |
| In reply to | #1185 |
Anne Frank wrote: > > No forward secrecy: long-term Curve25519 key reused for all messages. > Compromise of ~/.aec/identity decrypts entire message history. The key pair can be changed, no need to keep it for a long time, like one keeps OpenPGP key pairs on his online Linux PC. > Retroactive decryption of all archived ciphertexts if key is stolen. AEC, like the name suggests, is used on secure air gapped (Windows) PCs and not on online OpenPGP Linux boxes. Regards Stefan -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 00:59 +0200 |
| Message-ID | <e5bcd608eb002936b7f7@n2n.oc2mx.net> |
| In reply to | #1186 |
Anne Frank wrote: > The key pair can be changed, no need to keep it for a long time, like > one keeps OpenPGP key pairs on his online Linux PC. Relying on user discipline for forward secrecy is poor security design. > AEC, like the name suggests, is used on secure air gapped (Windows) > PCs and not on online OpenPGP Linux boxes. Air-gap reduces risk but doesn't eliminate it. USB malwares and electromagnetic side-channels still apply. Moreover windowz closed-source firmware and telemetry add unnecessary attack surface compared to minimal Linux deployments. Better isolation: Debian/Proxmox VM LXC container (Alpine Linux) with no default gateway—network-level air-gap, minimal attack surface, no telemetry,auditable stack. For high-threat scenarios, ephemeral keypairs (one-time use, wiped after) should be default, not user-optional.
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 01:45 +0200 |
| Message-ID | <7512873075c0cd9639a3@n2n.oc2mx.net> |
| In reply to | #1187 |
Anne Frank wrote: > Anne Frank wrote: > > > The key pair can be changed, no need to keep it for a long time, like > > one keeps OpenPGP key pairs on his online Linux PC. > > Relying on user discipline for forward secrecy is poor security design. > > > AEC, like the name suggests, is used on secure air gapped (Windows) > > PCs and not on online OpenPGP Linux boxes. > > Air-gap reduces risk but doesn't eliminate it. > USB malwares and electromagnetic side-channels still apply. > > Moreover windowz closed-source firmware and telemetry > add unnecessary attack surface compared to minimal Linux deployments. > > Better isolation: > Debian/Proxmox VM LXC container (Alpine Linux) with no > default gateway—network-level air-gap, minimal attack surface, no telemetry,auditable stack. > > For high-threat scenarios, ephemeral keypairs (one-time use, > wiped after) should be default, not user-optional. The current rig looks like this: Air gapped little GPD MicroPC with Windows 11, no Bluetooth or WiFi. Can be shielded with view-through Faraday fabric. Encrypted QR-Codes are transferred via webcam and no USB or network is used. The receiving party for Hermes Nym Mixnet usage: Android smartphone with PlugOS hardware, Camera2 app etc. where PlugOS uses NymVPN. Screenshots from PlugOS can not be taken, when for example used in an Internet Café, with a Windows 11 PC. So, as you see no Linux box is needed. Regards Stefan -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 02:06 +0200 |
| Message-ID | <edee26ec1b4698ea6497@n2n.oc2mx.net> |
| In reply to | #1188 |
Faraday shielding mitigates EM side-channels but not supply-chain compromise (IME, firmware backdoors). Windows 11 telemetry persists in hibernation/swap even without network, data exfiltrated on next online boot unless disk is wiped. Webcam firmware is a soft air-gap. USB controller sees all camera data. Alpine LXC in a proxmox VM, with no internet gateway is *objectively* smaller attack surface. *5MB*
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 02:17 +0200 |
| Message-ID | <b8a66819b57dcc899326@n2n.oc2mx.net> |
| In reply to | #1190 |
GPD MicroPC 450€ Faraday box 50€/100€ plugos 200€ android phone ???
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 07:24 +0000 |
| Message-ID | <10vr973$3j7in$2@news.tcpreset.net> |
| In reply to | #1191 |
Anne Frank wrote: > > GPD MicroPC 450€ > Faraday box 50€/100€ > plugos 200€ > > android phone ??? > > Android phone starting at 135 € and transparent Faraday fabric from China only a few Euros, per squaremeter. Privacy costs money and can't be obtained with an online Linux box and OpenPGP as some people may think. Regards Stefan -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 07:20 +0000 |
| Message-ID | <10vr90a$3j7in$1@news.tcpreset.net> |
| In reply to | #1190 |
Anne Frank wrote: > > Faraday shielding mitigates EM side-channels but not supply-chain compromise > (IME, firmware backdoors). > > Windows 11 telemetry persists in hibernation/swap even without network, > data exfiltrated on next online boot unless disk is wiped. > > Webcam firmware is a soft air-gap. > USB controller sees all camera data. > > Alpine LXC in a proxmox VM, with no internet gateway is *objectively* smaller attack > surface. > > *5MB* People can use AEC with an air gapped Linux box, as I provided the binary for it under Releases. Regards Stefan -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 12:25 +0200 |
| Message-ID | <354e49d782ad57efb467@n2n.oc2mx.net> |
| In reply to | #1192 |
Privacy for Windows users costs money *and isn't privacy*. Windows 10/11 has built-in telemetry, Defender uploads samples to Microsoft, and the OS itself is a black box you can't audit. Wrapping a Windows laptop in Faraday fabric stops RF exfiltration, but doesn't stop the OS from logging keystrokes to encrypted storage that an attacker can dump after physical seizure. Now, back to the original point: Forward Secrecy Forward secrecy means: even if an attacker gets your long-term key today, they can't decrypt past messages. AEC doesn't have this property. AEC reuses the same Curve25519 key for all messages stored in `~/.aec/identity`. There's no technical reason AEC couldn't add ephemeral key rotation for stored messages. and again Relying on user discipline for forward secrecy is poor security design.
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 10:18 +0000 |
| Message-ID | <10vrjek$3u8fi$1@news.tcpreset.net> |
| In reply to | #1184 |
Anne Frank wrote: > > Hi all, > > https://github.com/Ch1ffr3punk/AEC > Added GL2AEC (Google Lens to AEC) for Android, so that people can capture with an Android smartphone the AEC QR-Codes from an air gapped PC. -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 12:58 +0200 |
| Message-ID | <f67c74527abfa8346707@n2n.oc2mx.net> |
| In reply to | #1194 |
Ch1ffr3punk wrote: > Anne Frank wrote: >> >> Hi all, >> >> https://github.com/Ch1ffr3punk/AEC >> > > Added GL2AEC (Google Lens to AEC) for Android, > so that people can capture with an Android > smartphone the AEC QR-Codes from an air gapped > PC. > GL2AEC (Google Lens on Android → Windows air-gap) is the opposite of privacy. You're running: - Google Lens (proprietary blob, sends image data to Google servers for OCR) - On Android (Google telemetry, proprietary firmware, unauditable) - Capturing QR codes from Windows 10/11 (Defender uploads, telemetry, keylogging to encrypted storage) This isn't an air-gap. This is *security theater wrapped in Faraday fabric.* Even if you disable network on the Windows machine: - Defender logs are still written to disk (readable after physical seizure) - Windows Event Log records every process execution - The OS itself is a black box you cannot audit Even if you airplane-mode the Android phone: - Google Play Services runs in the background - Camera metadata is logged - You're trusting Google's blob stack with your crypto QR codes **A €135 Android phone in a Faraday bag + Windows laptop ≠ privacy.** It's just expensive non-privacy.
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 11:32 +0000 |
| Message-ID | <10vrno4$26rf$1@news.tcpreset.net> |
| In reply to | #1196 |
Anne Frank wrote: > Ch1ffr3punk wrote: > > Anne Frank wrote: > > > > > > Hi all, > > > > > > https://github.com/Ch1ffr3punk/AEC > > > > > > > Added GL2AEC (Google Lens to AEC) for Android, > > so that people can capture with an Android > > smartphone the AEC QR-Codes from an air gapped > > PC. > > > > GL2AEC (Google Lens on Android → Windows air-gap) is the opposite of privacy. > > You're running: > - Google Lens (proprietary blob, sends image data to Google servers for OCR) > - On Android (Google telemetry, proprietary firmware, unauditable) > - Capturing QR codes from Windows 10/11 (Defender uploads, telemetry, keylogging to encrypted storage) > > This isn't an air-gap. This is *security theater wrapped in Faraday fabric.* > > Even if you disable network on the Windows machine: > - Defender logs are still written to disk (readable after physical seizure) > - Windows Event Log records every process execution > - The OS itself is a black box you cannot audit > > Even if you airplane-mode the Android phone: > - Google Play Services runs in the background > - Camera metadata is logged > - You're trusting Google's blob stack with your crypto QR codes > > **A €135 Android phone in a Faraday bag + Windows laptop ≠ privacy.** It's just expensive non-privacy. Why Linux users, who are not trustworthy, must always complain? This rig *is* secure, as one carries it with him, while on the road and I do not give the slightest f*ck, if Google Lens captures encrypted content on PlugOS, from an *air gapped* portable mini PC. Linux sucks, as we all know, period. -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 13:52 +0200 |
| Message-ID | <012049d9f71876577600@n2n.oc2mx.net> |
| In reply to | #1197 |
Ch1ffr3punk wrote: > Why Linux users, who are not trustworthy, must always complain? > > This rig*is* secure, as one carries it with him, while on the road and > I do not give the slightest f*ck, if Google Lens captures encrypted > content on PlugOS, from an*air gapped* portable mini PC. Linux sucks, > as we all know, period. "Linux users not trustworthy" is an interesting way to avoid answering a technical question for the third time. You've now admitted Google Lens captures your encrypted QR codes. That's a metadata leak: Google knows *when* you communicate, *how often*, and can correlate that with other Android telemetry. Forward secrecy would protect you even if: - Border agents seize your device and extract ~/.aec/identity - Supply chain attack compromises the mini PC before you bought it Signal has forward secrecy. Pond had forward secrecy. OTR has had it since 2004. AEC does not. That's a design choice, not a technical limitation. If "I don't give a fuck about Google metadata" and "Linux sucks" is your security posture, we're optimizing for different adversaries. Good luck on the road.
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 12:06 +0000 |
| Message-ID | <10vrpoq$26rf$3@news.tcpreset.net> |
| In reply to | #1199 |
Anne Frank wrote: > Ch1ffr3punk wrote: > > Why Linux users, who are not trustworthy, must always complain? > > > > This rig*is* secure, as one carries it with him, while on the road and > > I do not give the slightest f*ck, if Google Lens captures encrypted > > content on PlugOS, from an*air gapped* portable mini PC. Linux sucks, > > as we all know, period. > > "Linux users not trustworthy" is an interesting way to avoid answering a technical question for the third time. I must admit I do not like the majority of OpenPGP Linux users as they have proven publicity in the past on GnuPG ML etc., that they are stubborn and think their hobby OS has more privacy value, when used online. I always try to be polite and like to answer questions, and regarding forward secrecy in Signal etc., why would you need that when Pegasus/FinSpy captures your Signal communications from a central server in the US? AEC is a much much better solution than Crypto Messenger solutions you all use and you know that. Same complaining as before when I invented the Onion Courier Mixnet... -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 11:51 +0000 |
| Message-ID | <10vroru$26rf$2@news.tcpreset.net> |
| In reply to | #1196 |
Anne Frank wrote: > **A €135 Android phone in a Faraday bag + Windows laptop ≠ privacy.** It's just expensive non-privacy. What you Linux nerds who are using outdaded OpenPGP fail to understand is that my invention is easy to use for non-tech, elderly people and can now been used *securely* with a portable *air gapped* mini PC (with Faraday fabric) and a cheap Android smartphone *on* social media too, like X etc. where third parties, like NSO from Israel, FinSpy from Germany or the NSA can not get hold of the encryption process, unless they visit each user. This is *public* key Cryptography par excellence!!! -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 14:08 +0200 |
| Message-ID | <c64e826ff04446ab85c3@n2n.oc2mx.net> |
| In reply to | #1198 |
You've demonstrated that you're not interested in technical discussion. You want validation, not critique. Enjoy your google account with flowcrypt.
[toc] | [prev] | [next] | [standalone]
| From | Ch1ffr3punk <ch1ffr3punk@gmail.com> |
|---|---|
| Date | 2026-06-04 12:12 +0000 |
| Message-ID | <10vrq44$26rf$4@news.tcpreset.net> |
| In reply to | #1201 |
Anne Frank wrote: > > You've demonstrated that you're not interested in technical discussion. > You want validation, not critique. I am always open to constructive critism and listening to suggestions. AEC uses NaClbox which is very good for public key Cryptography. > > Enjoy your google account with flowcrypt. I enjoy Google very much, because Cypherpunks from the '90s are engineers at Google too... I no longe use FlowCrypt, it was more a test with OpenPG, which I do not like and do not recommend. -- https://oc2mx.net
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 15:10 +0200 |
| Message-ID | <96c977ad5cf8ef2c810c@n2n.oc2mx.net> |
| In reply to | #1202 |
<10mta0t$2oe8o$1@news.tcpreset.net> > I am always open to constructive criticism I've raised the forward secrecy issue five times. You've acknowledged NaCl box is good crypto, but haven't addressed the lack of ephemeral key rotation. If forward secrecy isn't in scope for AEC's design, that's a valid choice. Just be clear with users: AEC protects against network surveillance, but not retrospective decryption after key compromise. **I've asked this question six times. You've deflected to:** 1. "Linux users are untrustworthy" 2. "Cypherpunks work at Google" 3. "OpenPGP UX is bad" **None of these answer the question: Does AEC have forward secrecy? If not, why not?** > Cypherpunks from the '90s are engineers at Google too... Google was founded in 1998. The Cypherpunk Mailing List started in 1992. No cypherpunk from the '90s founded Google or worked there in the early days. **Real cypherpunks from the '90s and where they are now:** - Phil Zimmermann (PGP) → Silent Circle (encrypted communications) - Adam Back (Hashcash) → Blockstream (Bitcoin core developer) - Hal Finney (remailer, PGP) → Bitcoin early adopter, died 2014 - John Gilmore (EFF co-founder) → Privacy activism, never corporate - Julian Assange (contributor) → WikiLeaks (enemy of Google/US gov) - Jacob Appelbaum (Tor) → Exiled from US, persecuted for privacy work I'm done with this thread. Good luck with AEC development.
[toc] | [prev] | [next] | [standalone]
| From | Anne Frank <bounce.me@n2n.oc2mx.net> |
|---|---|
| Date | 2026-06-04 18:11 +0200 |
| Message-ID | <697f85edf504322ab75a@n2n.oc2mx.net> |
| In reply to | #1203 |
Anne Frank wrote: > **Real cypherpunks from the '90s and where they are now:** > - Phil Zimmermann (PGP) → Silent Circle (encrypted communications) > - Adam Back (Hashcash) → Blockstream (Bitcoin core developer) > - Hal Finney (remailer, PGP) → Bitcoin early adopter, died 2014 > - John Gilmore (EFF co-founder) → Privacy activism, never corporate > - Julian Assange (contributor) → WikiLeaks (enemy of Google/US gov) > - Jacob Appelbaum (Tor) → Exiled from US, persecuted for privacy work It seems you haven't used Usenet back in the `90s, otherwise you should have known Raph Levien. http://www.levien.com/ <https://mailing-list-archive.cryptoanarchy.wiki/authors/raph_levien_raph_at_cs_berkeley_edu_/>
[toc] | [prev] | [next] | [standalone]
Page 1 of 2 [1] 2 Next page →
Back to top | Article view | alt.cypherpunks
csiph-web