Demonsaw
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
Does demonsaw actually obfuscate your IP address or is its dubious claims of "Your IP address is safe" just a buzzword.
It just seems like any other P2P file sharing system.
>>54804984
Why don't you google and learn about dns, and then sit down and think about how stupid this post was
If it sounds too good to be true, it likely isn't.
>>54805090
Well I'm gonna watch the talks for now.
>>54805080
If you weren't going to contribute to this thread, why did you bother posting?
>>54805090
Encryption is all fine and dandy, but if they can still tell what you are downloading, its not that it doesn't work, but that it doesn't do its job
>>54804984
>demon saw
Not enough users to justify using it.
Doesn't seem much different than limewire or Kazaa.
>>54805789
> Demonsaw is a private information sharing network. This means that you are your own network. Demonsaw is one of the most secure information sharing applications available today. It is unlike any sharing application that's ever been created. The architecture and overall design of demonsaw ensures that the file data is completely isolated from the clients who upload and download. There will be those who are skeptical of such security claims without having access to the source code - I understand and respect your caution. demonsaw's foundation is built off of DemonCrypt, which I've made open-source and available on GitHub. Demonsaw is my gift back to the community to enable secure information sharing and protect our Right to Share - it adds on a lot of functionality, in an intuitive and user-friendly way, to DemonCrypt.
And DemonCrypt is just a thing OOP layer around Crypt++ -- There's no way that this justifies the claims made. I really don't trust this, or I wish I could but can't.
>>54805889
>In Peer-to-Peer applications, clients connect directly to one another by their IP address. This allows clients to identify and locate other members of the swarm with relative ease. With demonsaw, your IP is never revealed to anyone.
So what? It all runs centralized over the bucket? Obviously another peer has to connect to me to share data.
>>54805923
>>54805889
https://github.com/eijah/demoncrypt
THIS is what is used to justify these outrageous claims -- there's nothing new or revolutionary about abstracting another library. What the fuck
>>54805923
I guess the idea is that you connect to a server that handles the routing of IPs, meaning that you never actually connect to the person. By that logic the only thing that has your IP is the server. Is that even encryption?
>>54806022
How would the data be shared then? How can this scale if it isn't peer-2-peer?
Apparently the developer did a talk at defcon
https://www.youtube.com/watch?v=lTngMxmymX4
watching it at the moment.
>>54806061
Yeah me too, the real stuff starts around 18. But he just talks about basic encryption and hashing so far.
So does it encrypt your files before it sends them and then decrypts them?
Even if they have my IP address, if they can't see the data I don't really care about my IP address. On reddit the developer claims that it doesn't look like "normal web traffic". But how can that be?
>>54806061
>>54806076
No, this is retarded. There is literally nothing in the talk, except him shilling Demonsaw and his Demoncrypt library. No reasoning why it's magically more secure, it's not audited and he isn't making it open-source.
This is a joke.
>>54806061
>John McAffee
Oh god, He teamed up with a nut job. Holy shit.
His whole revolutionary thing is not using passwords, but files/bytes as keys for various ciphers...
You'd have to sell my on why this is more secure than encrypted usenet.
>>54805323
He did contribute. He called you a complete fucking idiot in so many words. A retard incapable of learning on his own, which is the worst kind of retard.
The contribution is the faint glimmer of hope that you'll realize you're this kind of retard, and take the steps necessary to correct it.
>inb4 samefag
>inb4 copious amounts of asshurt
>>54806331
>feeling the need to complain that other people are having a conversation
>still not contributing
>>54806331
His argument was completely retarded though. What does DNS have to do with Demonsaw -- use some different DNS servers if you are concerned about DNS leaks from your ISP.
>>54806356
>>54806361
Wow, inb4'ed them both successfully.
>>54806372
So apparently someone sets up a router, and a client can connect to it.
I take it the router does the encryption?
I guess demonbucket is a default router.
So theoretically I guess you could make and connect to any router.
>>54806384
>i'm assmad, and don't really have anything to say
>better start posting le meemay pictures
Seems like a good plan. Don't mind if I join in.
>>54806416
At least justify why you think:
>>54805080
was a good argument. You are just a shitty troll, and you are literally describing yourself. In none of your posts you have contributed a single argument either for or against Demonsaw and its supposed security -- you are just shitposting.
>>54806391
So basically if you share on public routers its just as insecure as a torrent using a private tracker. The difference is you need to know all the stuff required to connect ahead of time.
Then again if they can't find your IP can't they theoretically can't prove you downloaded anything, only that you connected to a network.
>>54806429
I think you should probably learn to use Google. And be less mad. I'm not sure it matters in which order you do them in. Angry Googling is probably fun.
This shit is McAfee approved. I'll use it if it ever goes open source. And that's literally only out of convenience; I want it on fdroid.
>>54806434
From the talk this also appeared as if it were using statically hosted content for keys. Is this true, or does it rotate the keys when a sites content changes?
Do all clients update to the sites new hash or does the router just break for new clients?
>>54806449
So you are samefagging. You have no clue what DNS even is or means. Fucking retard.
>>54806434
So ideally:
People with "shared experiences" as he calls it, share some Demonsaw auth data: "Take this picture, take this algorithm, choose this entropy" and they join a shared group. If it's then P2P you can easily tell their IP addresses, if it's not P2P it has to run centralized over a router (bucket?) and won't scale well and has a single point of failure.
Additionally if someone else gets access to that post with the shared auth information they have access to all files.
It's nothing revolutionary. Social crypto is just a buzzword to say "you don't use plaintext passwords, you use binaries as keys".
>>54806481
There is a reconnect button, I assume if you can't see anyone who is broadcasting you could just reconnect, which should in theory supply you with the correct information.
>>54806472
Wasn't it specifically stated that it wasn't ever going open source?
>>54806498
>everyone who isn't willing to spoonfeed me, or let me bait them into giving me something to attack, is a samefag
Seems legit.
>>54806498
From the end of the demonstration, he had to set up a router first. So if you use a different computer to host the router, you could avoid dealing directly with their IP. It seems the router does the work to connect you.
> mentions spoonfeeding and knowing how to use Google
> literally asks a question that is immediately answerable by using Google
oh boy
>a closed-source project claiming to facilitate potentially illegal activity safely, with mcafee attached to it
I don't see the problem here, guys. This looks fine.
>>54806543
The data still has to come from somewhere even if the router takes care of advertising peers for you. That source is either something centralized or another peer.
> using spaces after his meemee arrows
> still desperately fishing for something, anything, to attack the person he thinks called him an idiot on an anonymous chinese tapestry board
oh boy
>>54806506
That makes sense. I was just thinking of the tenability of such a thing once you start trying to scale your network up. A more popular url will have more dynamic content (not even going into ads) whereas say a statically hosted url may not be permanent.
It's hard to think of things on the internet that are both ubiquitous, non-obvious and static. Maybe everyone will use ytmnd pages?
>>54804984
so is this worth the download?
Does it have potential to be something bigger with McAfee there. They're building a company the brings in his every keys as well.
>>54806564
I know it has to use an IP address to get the data, but if It only shows me the IP address of the router, how do I get the IP from the person feeding me the data?
I'm using it right now and connecting to another router is as simple as getting its address and password if one is applicable.
>>54804984
>Demonsaw
so wtf is it?
if its not the limewire of 2016 then fuck it
>>54806628
also inb4 tryhard nerd faggots quote me
>winmx
>kazaa
etc
dont give a fuck. limewire was the normalfag p2p and had the most fun shit
>>54806612
Yeah but the router is the single-point of failure then, as mentioned. Imagine a big file-sharing group with a single router. I mean, sure the thing works in theory but it's nothing revolutionary -- Demonsaw in its entirety.
It's basically just:
A router "demonsaw server", clients and shared passwords (as binary files or plaintext). Data is transferred from client to client end-to-end encrypted over the router. I mean... I don't understand the hype. Creating big file-sharing groups is still really hard, and problems arise when government/DMCA shills gain access to the group key, see that copyrighted files are hosted and then sue/take down the router.
>>54806608
>>54806628
It acts a lot like Limewire, if you search for a file it will be swarmed with other people who have similar data.
Its supposedly not using P2P but we are having a difficult time figuring out how it supposedly achieves this.
File I got from there seem to work. A lot of people are hosing linux distros for some reason.
>>54806656
All it would take to fix it is really just making another router. This would in theory allow anyone to make a bunch of routers and therefor you would never run out of people to connect to.
I think adoption is key to this working.
>>54806656
To elaborate on this:
> A router "demonsaw server", clients and shared passwords (as binary files or plaintext). Data is transferred from client to client end-to-end encrypted over the router. I mean... I don't understand the hype. Creating big file-sharing groups is still really hard, and problems arise when government/DMCA shills gain access to the group key, see that copyrighted files are hosted and then sue/take down the router.
Yes, while it is true that no one else in the swarm or even the router might be able to tell what you are sharing -- the person hosting the router will still get fucked.
>>54806677
Yes, but who would want to take the risk of being a router willingly? You are the one that gets into trouble and sued in the end.
>>54806656
No files are actually hosted on the router, and supposedly your IP is not broadcast to the people who want to download from you.
>>54806707
But the router transfers the data from one peer to another, and once the auth key to the group is public people can easily tell that copyrighted content is shared over the router acting as the middleman. Doesn't that create some kind of liability?
>>54806703
All the router is doing is being a pass-between there is no data stored on the router.
>>54806018
it's literally all marketing lol
demonsaw is a cool name but that isn't going to make me want to use your software
>>54806703
Technecally the routers being used now are public and there is tons of files that can be considered illegal to distribute (but not to have).
If no one knows you are doing it, how can you get in trouble. The key here is how no know can know you are doing it.
Hey the developer is in the chat, in this thing, why don't we ask him?
>>54806736
So your defense is basically:
"Oh you see that there is copyrighted available in a group served by the router, but it's just there! It's not being shared over the router -- no worries."
Do you really think this will fly?
>>54806767
I still don't know exatly how its supposed to hide your IP address, but assuming they can't, how can they find you?
>>54806754
ask him, but he will just say "ah I can't explain right now, because of the same reasons why it's not open source."
>>54806783
It doesn't obfuscate your IP address. The router knows your IP address, the other clients just don't.
>>54806783
It uses TOR as a dns to hide your IP, it spoofs the tor IP as your own so that you are protected completely- yet the data is not transferred over the tor network, so that you get maximum speeds
>>54806783
>>54806801
To elaborate on this: Everyone knows the router's IP address, but all people connected to the router don't know each other's IP address. Kind of like the website you are on right now works.
It's just centralized communication over a middle-man.
>>54806801
So if you need to connect as a client to see the data other people are hosting, how can they see your IP?
Its sort of like an MMO where you can see other people playing, but don't see their IP.
>>54805923
Maybe the program works like hamachi
>>54806814
> as a DNS to hide your IP.
Do you even know what you are saying? What does resolving domains over TOR have to do with anything -- there is no domain resolution involved here you fucking retard.
>>54806819
It doesn't work like that otherwise you can just hack the server and see everyones IP
It uses TOR
>>54806819
So the only compromising feature is the middle man? If someone connects to a compromized router what is stopping them from viewing your IP address?
Or can the router not see what data you put through it?
>>54806814
>>54806842
Absolutely retarded shit. Stop spreading misinformation. Or preferably link your sources
.
>>54806859
The router only transfers encrypted data from client to client -- it doesn't know what it's transferring, really. But it does know your IP address.
This guy however >>54806814 is spouting absolutely retarded bullshit.
If its not open source and licensed properly, as fa as I'm concerned its a honeypot. Make it FOSS and stop dancing around the question of your security, privacy, and policies. It doesn't matter what you "pledge" We don't trust, and we shouldn't. Not without verification.
>>54806903
So just decompile it and audit the source code
>>54806944
> decompile it, audit the source code
Are you by any chance this guy:
>>54806842
>>54806814
Rarely have I seen such idiocy in a row.
>>54806873
So what you are saying, just to be clear, the client is encrypting the data, so when the data is sent over the router, it has no idea what is being transferred, regardless of IP. Meaning that even if people have your IP address there is no way to prove that you sent anything to anyone.
What if you ran both the client and the router? wouldn't that supply you with enough information?
>>54806962
Do you have any argument as to why you cannot decompile it or are you just too lazy to do it yourself and going to spout memes?
>>54807013
Not him, but you do seem very misinformed.
You can't always just "decompile" a program, and even if you could, there are a lot of ways you can obfuscate your code so when you do decompile it, you get garbage, this is practically impossible to circumvent.
>>54806979
> So what you are saying, just to be clear, the client is encrypting the data, so when the data is sent over the router, it has no idea what is being transferred, regardless of IP. Meaning that even if people have your IP address there is no way to prove that you sent anything to anyone.
Yes.
> What if you ran both the client and the router? wouldn't that supply you with enough information?
I'm not quite sure I'm understanding you correctly. You mean something like a honeypot? I don't think the router is aware of the any group's contents, members or anything else (at least I hope it isn't).
>>54807013
It's not C# anymore (that executable was never public afaik), it's C++. You wouldn't get the "source code" back, but the assembly for whatever architecture it was compiled. Reversing, analyzing and auditing that in its entirety is not a matter of being lazy -- it's basically impossible to do reliably.
>>54807013
Realistically you can't, unless you want to wait ~400 years.
It would actually take less time and resources to kidnap and torture the developer for the source code.
>>54807013
trying to decompile the client and understand its logic is far from enough proof to label it as safe
and decompiling a good obfuscated application is virtually impossible
>>54806903
to add, TOR and encryption in general isn't magic privacy dust, adding layers on top is as likely to weaken as strengthen it
>>54806979
Not familiar with this software, but this is the type of problem TOR tries to solve by 'layering' through several 'bridges' (equivalent to 'routers' in this other software). Each layer adds encryption so that the intermediate nodes can't correlate that packets are of a same file between nodes. This is also of course why it's insanely slow.
Unless this other software has a similar scheme, this is bunk.
So I got this from the dev about how Demon saw works. There are few words on it.
>>54807128
I think the idea is, even with the everyones info, you still don't know what is being transferred by anyone but yourself.
Theoretically there if there is no illegitimate data transfer, there is no problem.
>>54807102
I wonder if the magenta lines denote ``eh, maybe maybe not'' traffic.
>>54807172
I assume routers can connect to other routers? Maybe thats what it is?
>>54807172
if you notice on the chart, the purple lines are linked between the chat server and tor encryption servers.
They are all components of the big "router", if you will- the chat demonstrates that while the server may be accessed by nsa, your data uplinks are protected by group access
>>54807172
From the developer
>those are Communications between the message router and the data routers. the message router setup the connection between the clients and the data router.
>>54807224
THERE IS NO TOR IN THIS YOU BLATHERING RETARD.
>>54807224
You need to stop.
>>54807232
More words from the developer
>the other cool thing is that message routers and data routers can both be configured on the same machine. which is to say you can have a router that does both message and transfer. which would mean currently if you chose to you could pick one of the listed bucket routers from demonbucket.com and if it has messaging turned on you could connect directly to that instead of connecting here.
>which means for instance if you wanted to connect to Tokyo and only speak to people that can speak your language or if you wanted to connect to Frankford and only speak to people that can speak German then you could easily do that instead of speaking to people that are on the entire network. in some cases that might actually improve your
>>54807333
Ask him if the data routers can be hold liable for what they are transferring -- if they actually know what they are transferring is irrelevant. Assuming in the scenario that the group authentication data became public ("illegal to share" content was hosted) and the router's IP is obviously known -- would the router be liable?
>>54807393
If they cannot prove what type of data is on the router, then, no.
>>54807463
But they can -- when the group authentification is public, as I said. Someone gets access to the key/cipher combination for the group, they can see and download all files and then sue the shit out of the guy providing the router that transfers this data between the clients, even if it's end-to-end encrypted.
So basically it's nothing revolutionary. The "shared social experiences" thing is literally just using some random binary data as the key.
>>54807483
In order to actually sue someone for data transfers, you have to prove that the data was sent at all, and you can't really do that, even if you are part of the group.
If you look at the diagram from >>54807102 You can see that the "group" is not connected to each other, and therefor cannot see each other without the router.
>>54807543
It is not illegal to have mp3s I bought legally on my computer. And if you can't prove I sent those mp3s to someone, you have no case.
>>54807567
Ever heard of subpoena? They will get you with the subpoena and you'll be fucked. All they need to do is use subpoena on your client.
>>54807543
You do realize I can send copyrighted data to anywhere in my house over my private LAN right?
Doing so is illegal, but since you can't prove I've done it, you can't sue me.
>>54807567
Okay, assuming that I'm not missing anything and if it's really that simple: You can't tell me that Demonsaw is the first file-sharing application that does things this way (besides the strange "use a website as they cipher-key" thing) -- and if everything was as secure as you claim then there would already be a de-facto file-sharing application that's hugely popular and untouchable.
>>54807584
>de-facto file-sharing application that's hugely popular and untouchable.
This is what demonsaw is going to be.
It's happening now
>>54807611
What about this:
>>54807579
>>54807584
While I will admit I cannot prove its claims, I would argue its relatively small advertisement, as well as the incredible popularity of torrents is part of the reason. Not a lot of people use lime/frostwire anymore. Doesn't mean its not useful
Just because its not popular does not mean it doesn't work or is bad. I'm getting great speeds for downloading a linux mint iso.
I want to stress I can't prove its security claims, but your logic is flawed as to why its not used a lot.
>>54807579
The client is just data, you can change your client. as for the router even with IP address it does not know what files were sent through it. They could be legitimate transfers for all you know.
>>54807645
Actually you can have multiple clients running in the same program. I'm sure someone clever could hide your downloading if you really wanted to.
>>54807673
Just hook it up to your neighbors wifi xD
>>54807102
so all data is going through the central servers? i get that 'message' servers are separate, but if they're run by the same group, that data is trivial to correlate.
>>54807683
You would also have to connect to a router/client that had compromised data. For example if you and only you are hosting a file, and I download it, even on their router, they can't see the data between us. Only the data that they serve to you would they be able to prove was illegitimate. They would have to illegally download a lot of stuff to be able to prove traffic, and even then, when you get more than just one file, proving who downloaded what becomes impossible to tell.
When you get a letter from your ISP about your torrenting, they tell you the file you downloaded and got flagged for. You can't do that if the compromised client has 2 files in it.
>>54807742
A letter from my ISP, you say?
How about this. I'll write a letter to you, Anon.
Fuck off,
Bye.
>>54807832
?
There are people who get letters from their IPS telling them they torrent the file over P2P such as "buttsluts 59.mp4"
>>54807742
The case is when they are doing the downloading, they know what file they're getting, and they know what router it came from. The router knows the data came from you, and that's the problem. At that point I'm not even sure they need the message server.
I think these attacks are within the range of a large copyright enforcement entity. It also leaves potential that this system is a huge honeypot.
>>54807845
Pretty sure trying to incriminate people by downloading from them is illegal.
>>54807845
Wouldn't having a lot of users/files fix that problem?
>>54807872
It's not illegal, and it's one of the most frequently used methods to catch perpetrators.
>>54807224
honestly if this thing is using Tor then it can fuck right off, that nsa riddled app isn't worth using for anything and nobody but the biggest neckbeards will use it
>>54807917
YOU FUCKING RETARD ITS NOT USING TOR
>>54807896
Just don't make your files shareable?
When you download you aren't also uploading. Its not bit torrent
>>54808035
That defeats the purpose and makes this whole thing a glorified chatroom, then.
>>54808068
Well if your run the router yourself, you don't run the risk of a honey pot. Because even with the IP addresses you have no way of knowing who transfers what, and if YOU don't care about the legality of it, and no one can prove anything from the outside, why does it matter if someone else makes a router?
>>54808068
The weakest link is if both the bad client and the router are in the control of someone malicous. If you control the router, no one could know anything. You trust private trackers, why not private routers?
>>54808194
It doesn't matter if they attack the router first, the TOR network basically guarantees that they'd only be accessing one random node out of the entire network.
Combine that with the absolute tons of random other data streaming out of the node, and you've got a data uplink that's literally indistinguishable from any other traffic whatsoever. Basically how a VPN works
>>54808226
The Onion Router has literally nothing to do with my project.
t. Ejiha
PS: Fuck you
>>54808226
You are in the wrong thread.
>>54808243
>>54808254
Did you even watch the defcon video?
>>54808296
I did, the onion router wasn't mentioned once. Stop trolling you fucktard.
>>54808243
>The Onion Router has literally nothing to do with my project.
>t. Ejiha
>PS: Fuck you
mfw this thread is just the dev stealth shilling his app
There don't seem to be a lot of users, and therefore less files to download. You would need either mass adoption or a lot of distributed networks to get what you want.
>>54808358
No one in this thread seems to even know how it works. A dev would at least be able to tell us that.
if you guys have questions comments or concerns about demonsaw or the main public network that it's hosted on please feel free to come into public chat using the software and we would be more than happy to answer any question at all you would like. as for is it safe secure Anonymous free so on and so forth we would wholeheartedly encourage you to sandbox it put it through its Paces however you would like and try to backwards engineer it if you would prefer anything you need to feel comfortable knowing that it doesn't call out to any place that you don't ask it to and that the security methods that are in place are both strong and legitimate. I find it strange that so many people would comment about software that they've never used and do not fully understand. I understand there may not be a wealth of documentation out there right now but 3.0 will have full documentation and you can always feel free to ask us how anything works.
