• AEC - Air Gapped Encrypted Communications released

    From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Wed Jun 3 15:32:05 2026
    From Newsgroup: sci.crypt

    Hi all,

    https://github.com/Ch1ffr3punk/AEC
    --
    Regards
    Stefan
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Wed Jun 3 23:48:50 2026
    From Newsgroup: sci.crypt

    No forward secrecy: long-term Curve25519 key reused for all messages. Compromise of ~/.aec/identity decrypts entire message history.

    Retroactive decryption of all archived ciphertexts if key is stolen.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 00:02:06 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    No forward secrecy: long-term Curve25519 key reused for all messages. Compromise of ~/.aec/identity decrypts entire message history.

    The key pair can be changed, no need to keep it for a long time, like
    one keeps OpenPGP key pairs on his online Linux PC.

    Retroactive decryption of all archived ciphertexts if key is stolen.

    AEC, like the name suggests, is used on secure air gapped (Windows)
    PCs and not on online OpenPGP Linux boxes.

    Regards
    Stefan
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 00:59:00 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    The key pair can be changed, no need to keep it for a long time, like
    one keeps OpenPGP key pairs on his online Linux PC.

    Relying on user discipline for forward secrecy is poor security design.

    AEC, like the name suggests, is used on secure air gapped (Windows)
    PCs and not on online OpenPGP Linux boxes.

    Air-gap reduces risk but doesn't eliminate it.
    USB malwares and electromagnetic side-channels still apply.

    Moreover windowz closed-source firmware and telemetry
    add unnecessary attack surface compared to minimal Linux deployments.

    Better isolation:
    Debian/Proxmox VM LXC container (Alpine Linux) with no
    default gatewayrConetwork-level air-gap, minimal attack surface, no telemetry,auditable stack.

    For high-threat scenarios, ephemeral keypairs (one-time use,
    wiped after) should be default, not user-optional.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 01:45:27 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:
    Anne Frank wrote:

    The key pair can be changed, no need to keep it for a long time, like
    one keeps OpenPGP key pairs on his online Linux PC.

    Relying on user discipline for forward secrecy is poor security design.

    AEC, like the name suggests, is used on secure air gapped (Windows)
    PCs and not on online OpenPGP Linux boxes.

    Air-gap reduces risk but doesn't eliminate it.
    USB malwares and electromagnetic side-channels still apply.

    Moreover windowz closed-source firmware and telemetry
    add unnecessary attack surface compared to minimal Linux deployments.

    Better isolation:
    Debian/Proxmox VM LXC container (Alpine Linux) with no
    default gatewayrConetwork-level air-gap, minimal attack surface, no telemetry,auditable stack.

    For high-threat scenarios, ephemeral keypairs (one-time use,
    wiped after) should be default, not user-optional.

    The current rig looks like this:

    Air gapped little GPD MicroPC with Windows 11, no Bluetooth or WiFi.
    Can be shielded with view-through Faraday fabric.

    Encrypted QR-Codes are transferred via webcam and no USB or network is used.

    The receiving party for Hermes Nym Mixnet usage:

    Android smartphone with PlugOS hardware, Camera2 app etc. where PlugOS uses NymVPN. Screenshots from PlugOS can not be taken, when for example used in
    an Internet Caf|-, with a Windows 11 PC.

    So, as you see no Linux box is needed.

    Regards
    Stefan
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 02:06:25 2026
    From Newsgroup: sci.crypt

    Faraday shielding mitigates EM side-channels but not supply-chain compromise (IME, firmware backdoors).

    Windows 11 telemetry persists in hibernation/swap even without network,
    data exfiltrated on next online boot unless disk is wiped.

    Webcam firmware is a soft air-gap.
    USB controller sees all camera data.

    Alpine LXC in a proxmox VM, with no internet gateway is *objectively* smaller attack
    surface.

    *5MB*


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 02:17:06 2026
    From Newsgroup: sci.crypt

    GPD MicroPC 450re4
    Faraday box 50re4/100re4
    plugos 200re4

    android phone ???


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 07:20:39 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    Faraday shielding mitigates EM side-channels but not supply-chain compromise (IME, firmware backdoors).

    Windows 11 telemetry persists in hibernation/swap even without network,
    data exfiltrated on next online boot unless disk is wiped.

    Webcam firmware is a soft air-gap.
    USB controller sees all camera data.

    Alpine LXC in a proxmox VM, with no internet gateway is *objectively* smaller attack
    surface.

    *5MB*

    People can use AEC with an air gapped Linux box, as I provided
    the binary for it under Releases.

    Regards
    Stefan
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 07:24:16 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    GPD MicroPC 450re4
    Faraday box 50re4/100re4
    plugos 200re4

    android phone ???



    Android phone starting at 135 re4 and transparent
    Faraday fabric from China only a few Euros, per
    squaremeter.

    Privacy costs money and can't be obtained with
    an online Linux box and OpenPGP as some people
    may think.

    Regards
    Stefan
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 10:18:56 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    Hi all,

    https://github.com/Ch1ffr3punk/AEC


    Added GL2AEC (Google Lens to AEC) for Android,
    so that people can capture with an Android
    smartphone the AEC QR-Codes from an air gapped
    PC.
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 12:25:06 2026
    From Newsgroup: sci.crypt

    Privacy for Windows users costs money *and isn't privacy*.
    Windows 10/11 has built-in telemetry, Defender uploads samples to Microsoft, and the OS itself is a black box you can't audit.

    Wrapping a Windows laptop in Faraday fabric stops RF exfiltration,
    but doesn't stop the OS from logging keystrokes to encrypted storage
    that an attacker can dump after physical seizure.

    Now, back to the original point: Forward Secrecy

    Forward secrecy means:

    even if an attacker gets your long-term key today, they can't decrypt past messages.
    AEC doesn't have this property.

    AEC reuses the same Curve25519 key for all messages stored in `~/.aec/identity`.

    There's no technical reason AEC couldn't add ephemeral key rotation for stored messages.

    and again

    Relying on user discipline for forward secrecy is poor security design.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 12:58:35 2026
    From Newsgroup: sci.crypt

    Ch1ffr3punk wrote:
    Anne Frank wrote:

    Hi all,

    https://github.com/Ch1ffr3punk/AEC


    Added GL2AEC (Google Lens to AEC) for Android,
    so that people can capture with an Android
    smartphone the AEC QR-Codes from an air gapped
    PC.


    GL2AEC (Google Lens on Android raA Windows air-gap) is the opposite of privacy.

    You're running:
    - Google Lens (proprietary blob, sends image data to Google servers for OCR)
    - On Android (Google telemetry, proprietary firmware, unauditable)
    - Capturing QR codes from Windows 10/11 (Defender uploads, telemetry, keylogging to encrypted storage)

    This isn't an air-gap. This is *security theater wrapped in Faraday fabric.*

    Even if you disable network on the Windows machine:
    - Defender logs are still written to disk (readable after physical seizure)
    - Windows Event Log records every process execution
    - The OS itself is a black box you cannot audit

    Even if you airplane-mode the Android phone:
    - Google Play Services runs in the background
    - Camera metadata is logged
    - You're trusting Google's blob stack with your crypto QR codes

    **A re4135 Android phone in a Faraday bag + Windows laptop rea privacy.** It's just expensive non-privacy.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 11:32:17 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:
    Ch1ffr3punk wrote:
    Anne Frank wrote:

    Hi all,

    https://github.com/Ch1ffr3punk/AEC


    Added GL2AEC (Google Lens to AEC) for Android,
    so that people can capture with an Android
    smartphone the AEC QR-Codes from an air gapped
    PC.


    GL2AEC (Google Lens on Android raA Windows air-gap) is the opposite of privacy.

    You're running:
    - Google Lens (proprietary blob, sends image data to Google servers for OCR)
    - On Android (Google telemetry, proprietary firmware, unauditable)
    - Capturing QR codes from Windows 10/11 (Defender uploads, telemetry, keylogging to encrypted storage)

    This isn't an air-gap. This is *security theater wrapped in Faraday fabric.*

    Even if you disable network on the Windows machine:
    - Defender logs are still written to disk (readable after physical seizure)
    - Windows Event Log records every process execution
    - The OS itself is a black box you cannot audit

    Even if you airplane-mode the Android phone:
    - Google Play Services runs in the background
    - Camera metadata is logged
    - You're trusting Google's blob stack with your crypto QR codes

    **A re4135 Android phone in a Faraday bag + Windows laptop rea privacy.** It's just expensive non-privacy.

    Why Linux users, who are not trustworthy, must always complain?

    This rig *is* secure, as one carries it with him, while on the road and
    I do not give the slightest f*ck, if Google Lens captures encrypted
    content on PlugOS, from an *air gapped* portable mini PC. Linux sucks,
    as we all know, period.
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 11:51:22 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    **A re4135 Android phone in a Faraday bag + Windows laptop rea privacy.** It's just expensive non-privacy.

    What you Linux nerds who are using outdaded OpenPGP fail to understand
    is that my invention is easy to use for non-tech, elderly people and
    can now been used *securely* with a portable *air gapped* mini PC (with
    Faraday fabric) and a cheap Android smartphone *on* social media too,
    like X etc. where third parties, like NSO from Israel, FinSpy from Germany
    or the NSA can not get hold of the encryption process, unless they visit
    each user. This is *public* key Cryptography par excellence!!!
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 13:52:48 2026
    From Newsgroup: sci.crypt

    Ch1ffr3punk wrote:
    Why Linux users, who are not trustworthy, must always complain?

    This rig*is* secure, as one carries it with him, while on the road and
    I do not give the slightest f*ck, if Google Lens captures encrypted
    content on PlugOS, from an*air gapped* portable mini PC. Linux sucks,
    as we all know, period.

    "Linux users not trustworthy" is an interesting way to avoid answering a technical question for the third time.

    You've now admitted Google Lens captures your encrypted QR codes.
    That's a metadata leak: Google knows *when* you communicate, *how often*, and can correlate that with other Android telemetry.

    Forward secrecy would protect you even if:
    - Border agents seize your device and extract ~/.aec/identity
    - Supply chain attack compromises the mini PC before you bought it

    Signal has forward secrecy. Pond had forward secrecy. OTR has had it since 2004. AEC does not.
    That's a design choice, not a technical limitation.

    If "I don't give a fuck about Google metadata" and "Linux sucks" is your security posture, we're optimizing for different adversaries.

    Good luck on the road.


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 12:06:47 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:
    Ch1ffr3punk wrote:
    Why Linux users, who are not trustworthy, must always complain?

    This rig*is* secure, as one carries it with him, while on the road and
    I do not give the slightest f*ck, if Google Lens captures encrypted
    content on PlugOS, from an*air gapped* portable mini PC. Linux sucks,
    as we all know, period.

    "Linux users not trustworthy" is an interesting way to avoid answering a technical question for the third time.

    I must admit I do not like the majority of OpenPGP Linux users as they
    have proven publicity in the past on GnuPG ML etc., that they are stubborn
    and think their hobby OS has more privacy value, when used online.

    I always try to be polite and like to answer questions, and regarding forward secrecy in Signal etc., why would you need that when Pegasus/FinSpy captures your Signal communications from a central server in the US? AEC is a much much better solution than Crypto Messenger solutions you all use and you know that.

    Same complaining as before when I invented the Onion Courier Mixnet...
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 14:08:19 2026
    From Newsgroup: sci.crypt

    You've demonstrated that you're not interested in technical discussion.
    You want validation, not critique.

    Enjoy your google account with flowcrypt.


    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Ch1ffr3punk@ch1ffr3punk@gmail.com to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 12:12:49 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    You've demonstrated that you're not interested in technical discussion.
    You want validation, not critique.

    I am always open to constructive critism and listening to suggestions.

    AEC uses NaClbox which is very good for public key Cryptography.

    Enjoy your google account with flowcrypt.

    I enjoy Google very much, because Cypherpunks from the '90s are
    engineers at Google too... I no longe use FlowCrypt, it was more
    a test with OpenPG, which I do not like and do not recommend.
    --
    https://oc2mx.net
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 15:10:17 2026
    From Newsgroup: sci.crypt

    <10mta0t$2oe8o$1@news.tcpreset.net>

    I am always open to constructive criticism

    I've raised the forward secrecy issue five times.
    You've acknowledged NaCl box is good crypto, but haven't addressed the lack of ephemeral key rotation.

    If forward secrecy isn't in scope for AEC's design, that's a valid choice.

    Just be clear with users:
    AEC protects against network surveillance, but not retrospective decryption after key compromise.

    **I've asked this question six times. You've deflected to:**

    1. "Linux users are untrustworthy"
    2. "Cypherpunks work at Google"
    3. "OpenPGP UX is bad"

    **None of these answer the question: Does AEC have forward secrecy? If not, why not?**

    Cypherpunks from the '90s are engineers at Google too...

    Google was founded in 1998.
    The Cypherpunk Mailing List started in 1992.
    No cypherpunk from the '90s founded Google or worked there in the early days.

    **Real cypherpunks from the '90s and where they are now:**
    - Phil Zimmermann (PGP) raA Silent Circle (encrypted communications)
    - Adam Back (Hashcash) raA Blockstream (Bitcoin core developer)
    - Hal Finney (remailer, PGP) raA Bitcoin early adopter, died 2014
    - John Gilmore (EFF co-founder) raA Privacy activism, never corporate
    - Julian Assange (contributor) raA WikiLeaks (enemy of Google/US gov)
    - Jacob Appelbaum (Tor) raA Exiled from US, persecuted for privacy work


    I'm done with this thread.

    Good luck with AEC development.
    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Anne Frank@bounce.me@n2n.oc2mx.net to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 18:11:47 2026
    From Newsgroup: sci.crypt

    Anne Frank wrote:

    **Real cypherpunks from the '90s and where they are now:**
    - Phil Zimmermann (PGP) raA Silent Circle (encrypted communications)
    - Adam Back (Hashcash) raA Blockstream (Bitcoin core developer)
    - Hal Finney (remailer, PGP) raA Bitcoin early adopter, died 2014
    - John Gilmore (EFF co-founder) raA Privacy activism, never corporate
    - Julian Assange (contributor) raA WikiLeaks (enemy of Google/US gov)
    - Jacob Appelbaum (Tor) raA Exiled from US, persecuted for privacy work

    It seems you haven't used Usenet back in the `90s, otherwise you should have known Raph Levien.

    http://www.levien.com/ <https://mailing-list-archive.cryptoanarchy.wiki/authors/raph_levien_raph_at_cs_berkeley_edu_/>

    --- Synchronet 3.22a-Linux NewsLink 1.2
  • From Gabx@mail2news@virebent.invalid to alt.privacy.anon-server,alt.cypherpunks,sci.crypt on Thu Jun 4 22:42:17 2026
    From Newsgroup: sci.crypt

    -----BEGIN YUBISIGNER SIGNED MESSAGE-----
    Hash: SHA256

    I don't care about Raph Levien or anyone else who jumped ship.
    The cypherpunk ethos doesn't depend on individuals, it's an ideology.

    I read here Raph Levien wrote Premail 30 years ago, then joined Google.
    Good for him !
    is its code any good?
    his career choices are irrelevant.

    and than
    What matters:
    Does the software protect anonymity?
    Is the crypto solid?
    Is the code open?
    Can anyone fork it and run their own node?

    If yes raA cypherpunk.
    If no raA theater.

    IDEOLOGY !!!
    and
    Don't use mainstream shit !!!!


    Gabx

    Author: Gab Virebent
    Signed at: 2026-06-04 22:41:58 +0000
    Filename: m2n-msg.DZWzo8
    File size: 527 bytes
    Email: gabriel1@virebent.art
    Telefax: n/a
    URL: https://contact.virebent.art
    Comment: Posted via NeoMutt mail2news
    RIPEMD-256: 0c8f6d890e67e879af3884674bdc32d7fba3c1534be59ae52cb4eac12618e11e
    SHA-256: ee7b107c265702f1b9570205123bc1c828cc4e5a957bd709b947eac9a2daa583
    SM3: eb46b53e64be83e5ee2feeff953b0c4fdf20410ce861ba04d8a882ea803aae01 Streebog-256: 0ce9584378bf20261ae38d46c10b3c885d4824e48a8493d46c1e65918b8b9edd -----BEGIN YUBISIGNER ED25519 SIGNATURE----- 016a3022f054b794469ed0178235afd551ac9537e5c4a787ceaec8ce6bc29a8a 2c78aeb11ad3468287a7e7bf001518464474dbb9597a66b76484340b6d5dfbcd adb003afcd26d657f877ffe27e24fb1adaa035bcac08bdf9bfe7cc32bbeeba08
    -----END YUBISIGNER ED25519 SIGNATURE-----


    --- Synchronet 3.22a-Linux NewsLink 1.2