Honeypots thread

[unbelivable]

Hey,
I think it would be good to have a thread for discussing what services are/aren't trustworthy or sharing interesting and concerning news. At the end of the day there might be a lot of meaningless speculation, but it would be a useful archive, and good in case there's an obscure piece of info worth knowing that you might not find otherwise.

On that note,

I was looking at Windscribe VPN and wondering. They actually let you sign up without an email, just username and password (wow), but then they give you 10GB (up from the normal 2) of monthly data use IF you add and verify an email address. What's in it for them there? [come to think of it, probably just prevents spam]

They say no logs, which is good.

Also they try pretty hard in their marketing to sound cool:
e.g. frontpage:

• "Why Windscribe F*cks"

• "Become American
  Are you sick of not having access to foreign oil?
  Do you love using advanced weapons to fuck up someone’s day?
  Obsessed with manipulating your financial records to make yourself look more successful than you are?"

I don't have any problem with that, But it might be targeting a particular strain of internet user. Then again, the actual US gov "Freedom VPN" is so retarded that it makes me doubt that they could really go that extra level of irony up and directly insult themselves.

Obviously, I haven't really looked into them farther than that. I wonder if anyone else has thoughts about this?

[digdeeper]

Obviously Proton with their three million fulfilled gov data requests. An admitted honeypot, at least.
The resurrected Lavabit when it was around was a pretty obvious honeypot. https://digdeeper.love/articles/email.xhtml#lavabit
Hola VPN...dunno if that is still around. Nothing else comes to mind that has a solid case.

[qualia]

Wouldn't trust them, see: https://arstechnica.com/gadgets/2021/07 ... encrypted/

Seems more like incompetence, rather than honeypot behaviour and the list of requirements needed to exploit this makes it unlikely to be a threat to the average user. But still, I'd rather pay for Mullvad or if you specifically need a free VPN use Riseup. Don't trust morons who can't encrypt their servers properly with all of your traffic data.

To be fair to them, I'll also mention that the dutch authorities supposedly seized their server racks with no user data to be found but the only source for this information is their tweet (https://xcancel.com/windscribecom/statu ... 9008685438) and articles quoting said tweet, so it might just be marketing.

[moeloli]

I was looking at Windscribe VPN and wondering. They actually let you sign up without an email, just username and password (wow)

That's not impressive. A good VPN should have a token system like Mullvad or Cryptostorm.

[wxbeonay]

Session and their network Lokinet is one of the most successful and longest running honeypots I've seen.

[digdeeper]

Session and their network Lokinet is one of the most successful and longest running honeypots I've seen.

Why do you think so?

Anyway, forgot 8kun, which literally admitted to freezing boards on government demand. Doesn't get much more obvious than that. It's also spammed by QAnon crap (even today) and has almost nothing else.

[wxbeonay]

[quote=digdeeper post_id=248 time=1772875510 user_id=2]
[quote=wxbeonay post_id=246 time=1772873511 user_id=120]
Session and their network Lokinet is one of the most successful and longest running honeypots I've seen.
[/quote]

Why do you think so?

[/quote]
1. Their network is not decentralized, it costs tens of thousands of dollars to buy their memecoin token if you want to run a node. They did this to prevent sybil attacks but it only discourages ordinary users from running nodes to strengthen the network. They also clearly did not take into account the fact that glowies can just waste taxpayers money to operate nodes to deanonymize users.
2. The Session messenger has cryptographic weaknesses that has been discovered by a security researcher:
https://soatok.blog/2025/01/14/dont-use ... ignal-fork
https://soatok.blog/2025/01/20/session-round-2

[equilibria]

.

[qualia]

tor. ironically, my source for this is hosted on the tor network.
http://opbible7nans45sg33cbyeiwqmlp5fu7 ... rhoneypot/

[moeloli]

just because i haven't seen Bitcoin posted as honeypot i add it here: 中本智 (Nakamoto Satoshi) -> 中智本 (Central Intelligence Agency). how more obvious can it get? that whitepaper was obviously written by a committee of spooks.

That's an interesting theory, though 中智本 looks a bit awkward, particularly the 本 part (can it translate to "agency"?) - for reference, 中央情報局 is the actual Japanese translation of Central Intelligence Agency. At any rate, Bitcoin is indeed honeypot-y, particularly because it actually has zero privacy due to everything in the blockchain being public. Monero is everything Bitcoin should have been. https://lukesmith.xyz/articles/monero-m ... is-a-coin/

tor. ironically, my source for this is hosted on the tor network.
http://opbible7nans45sg33cbyeiwqmlp5fu7 ... rhoneypot/

Tor has shady things going on for it and it's not perfect, but is there anything better for browsing the clearweb? Anti-Tor doomerism looks like a demoralization psy-op to me. And every (or almost every) known case of Tor-using criminals being caught doesn't involve security issues on the Tor network itself, but rather those individuals' poor opsec (like using a personal Gmail for hacking activities or whatever).
And that's a funny website there, because after looking a bit through it, it seems to spread questionable ideas like privacy being black-and-white, and also some ideological black-and-white nonsense about "anarchy" and "statism".

[d7oqkeho]

tor. ironically, my source for this is hosted on the tor network.
http://opbible7nans45sg33cbyeiwqmlp5fu7 ... rhoneypot/

If Tor is a honeypot then it is a really good one (https://www.theguardian.com/world/inter ... n-document) (https://www.theguardian.com/world/inter ... -anonymity). This person new anonymity network seems to be have attributes of a mixnet like Nym which sounds great in theory but the high latency will make it only useful for sending emails or doing other asynchronous activities like writing a blog post.