The Doghouse: Privacy.li

This company has a heartwarming description on its website:

PRIVACY.LI – Privacy from the Principality of Liechtenstein, in the heart of the Alps, nestled between Switzerland and Austria. In times of turmoil and insecurity, witch hunt and suspicions, expropriations and diminishing credibility of our world leaders it’s always good to have a place you can turn to. This is the humble effort to provide a place to the privacy and freedom concerned world citizens to meet, discuss, help each other and foster ones desire for liberty and freedom.

But they have no intention of letting their customers know anything about themselves.

Company Profile

Actually, this is not to be published here:-) A privacy service like ours is best if not too many details are known, we hope you fully understand and support this. The makers of this page are veterans at the chosen subject, and will under no circumstances jeopardize your privacy.

Oh yeah, and their “DriveCrypt” product includes “real Time, 1344 bit – Military Strength encryption.”

Somehow, my heart is no longer warm.

Tags: , , , , ,

Posted on July 8, 2005 at 8:36 AM β€’ 104 Comments

Comments

blankmeyer β€’ July 8, 2005 9:36 AM

I love your ‘doghouse’ posts. They’re always good for a laugh and a shake of the head.

“We can keep you safe, but we’re not going to give you any references or any information about ourselves…trust us.”

Zwack β€’ July 8, 2005 9:56 AM

“Trust us to keep your secrets private…” Does anyone else think this would be a great company for someone like the NSA to own?

Z.

A Reader β€’ July 8, 2005 10:03 AM

The Drivecrypt software (http://www.securstar.com/products_drivecrypt.php) is derived from E4M. According to their product sheet it uses “AES, Blowfish, Tea 16, Tea 32, Des, Triple Des, Misty 1 and Square”. If they’re used together, that may explain 1344 bit key length. A bit paranoid, but also impractical, I think. How do you handle this key? Think of a password that has an entropy of 1344 bits…

PsychoHazard β€’ July 8, 2005 10:06 AM

You’ve gotta wonder about a site that doesn’t even have a whois entry…

Eric K. β€’ July 8, 2005 10:07 AM

From the site’s download section:

This section offers clients and friends of privacy.li a cache of rare documents, e-books and essays. We also have Privacy-Tunnel instructions and other technical HOWTO-files available for you.

Subjects covered comprise of the following, but are not limited to these:

Online Forensic Handbook
Successful Forex-trading
Design of a secure data haven
Hawala concept of an alternative remittance system
Global Executive
Lodging of Wayfaring Men
Credit Card Fraud
Portable Trades
A myriad of info in regard to New Nations
Computer Security Handbook
PT Hill Books (a value of USD 1500 alone!)
Maildrop Directories
Famous E-gold FAQ (how to use e-gold and stay anonymous)
and much, much more…….

Enter Your Email Address.

NOTE: Please enter a valid Email Address, the download link will be sent to your Email ID.

…uh… Why would I want to hand out my email address just to download free files about PRIVACY? Is the irony not tangible here?

Mike G. β€’ July 8, 2005 10:33 AM

I also tried for whois info, but my attempt worked. No idea why.

I guess “privacy from the streets of Panama City” wouldn’t have the same cachet… πŸ™‚

$ whois privacy.li
whois: This information is subject to an Acceptable Use Policy.
See http://www.switch.ch/id/terms/aup.html

Domain name:
privacy.li

Holder of domain name:
Small World Entertainment Inc
Lee Nguy
Internet Hosting; Oficina 2
Avenida Cuba , Ed. Don Tin 34-44
PA-n/a Ciudad de Panama
Panama
auto96878@hush.ai
Contractual Language: English

Technical contact:
Small World Entertainment Inc
Lee Nguy
Internet Hosting; Oficina 2
Avenida Cuba , Ed. Don Tin 34-44
PA-n/a Ciudad de Panama
Panama
auto96878@hush.ai

Name servers:
alpina1.mercury.orderbox-dns.com
alpina1.venus.orderbox-dns.com

Date of last registration:
26.10.1998

Date of last modification:
09.10.2004

Mike G. β€’ July 8, 2005 10:38 AM

Hmmm… Traceroute leads to sam.hitrust.net.

whois hitrust.net leads to registrants in Hanoi.

I wonder if there’s any actual Lichtenstein element in this story? Maybe the physical server is really there, I don’t know.

julianYorke β€’ July 8, 2005 10:46 AM

what do you mean by doing a “whois”

I like their privacy policy
“Yes, we 101% honor your privacy, no logs, no snooping, no profiling. No legal mumbo-jumbo to disguise our hidden efforts.”

gbushnic β€’ July 8, 2005 11:43 AM

Well, you should all stay in your ivory towers, talking to each other but don’t molest the real world out there.

privacy.li is for real folks, not the debating type of losers you all are.

the drivecrypt program you mock of is a reseller link to securstar.com, the successor of bestcrypt, if i recall correctly

Anonymous β€’ July 8, 2005 12:17 PM

Their name servers show up as:

203.199.114.89 = [ mercury.orderbox-mailforward.com ]

inetnum: 203.199.114.0 – 203.199.114.255
netname: COLO-VASHI2
descr: VSNL IDC Customer
country: IN
admin-c: IA15-AP
tech-c: VT43-AP
mnt-by: MAINT-VSNL-AP
changed: ip-admin@giasbm01.vsnl.net.in
20031030
status: ASSIGNED NON-PORTABLE
source: APNIC
person: IP Administrator
nic-hdl: IA15-AP
e-mail: ip.admin@vsnl.co.in

address: 6th Floor LVSB VSNL
address: Kashinath Dhuru marg Prabhadevi
address: Dadar(W) Mumbai 400028
address: India
phone: 91-22-56633503
fax-no: 91-22-24320132
country: IN
changed: gpsingh@giasbm01.vsnl.net.in
20040312
mnt-by: MAINT-VSNL-AP
source: APNIC
person: VSNL Tech
nic-hdl: VT43-AP
e-mail: ip.tech@vsnl.co.in

address: 6th Floor LVSB VSNL
address: Kashinath Dhuru marg Prabhadevi
address: Dadar(W) Mumbai 400028
address: India
phone: 91-22-56633503
fax-no: 91-22-24320132
country: IN
changed: kapilkumar.jain@vsnl.co.in
20040312
mnt-by: MAINT-VSNL-AP
source: APNIC

Frank Trotter β€’ July 8, 2005 12:19 PM

All the comments down the security side here miss some of the real gems on the site.

Under “Anonymous Banking” is the following: ” 9/11 changed the world forever! We believe that the WTC-attack was an inside job in order to strip you of all your rights without too much of resistance. We are not conspiracy guys, but after careful study of a lot of sources, we are quite sure about this. An excellent source to prove this theory is this site: http://www.whatreallyhappened.com/, which we consult on a daily basis. Mainstream brainwash press + TV, which is FULLY government controlled, is not telling the truth! “

Anonymous β€’ July 8, 2005 12:26 PM

Complaints for privacy.li have been many and regular. In 2004 they
were warned to stop targeting NL email addresses and news groups with SPAM.

They did not.

Privacy.li has been made to move operations to Eastgate, in Malaysia.

Their SSH servers are probably located in Vietnam. Their WWW site
already is, and possibly one of their SSH servers too already.

Their DNS was moved to India.

Asia is known for being easy on SPAM. This is probably the main reason for their location. As a European company they were famous.

They remain dishonest about their true locations. They have tried to hide this
problem even from users. I have watched privacy.li for a while. They had
this problem for years.

Carlos Gomez β€’ July 8, 2005 12:27 PM

Yes, but being a paranoid, delusional, conspiracy crackpot doesn’t preclude one from creating good security and privacy products. Not that I’m syaing this is the case here.

I also like the testimonials on the site.

Anonymous β€’ July 8, 2005 12:27 PM

Sending request for ip: 202.71.103.116…

Querying whois.apnic.net…
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 202.71.96.0 – 202.71.111.255
netname: EASTGATE
descr: Telekom Multimedia of Telekom Malaysia Berhad
descr: Telekom Exchange II, Jalan Lingkaran Fauna
descr: 63000 Cyberjaya, Selangor, MALAYSIA
country: MY
admin-c: MS283-AP
admin-c: NY30-AP
admin-c: RY88-AP
admin-c: FA18-AP
tech-c: AA125-AP
tech-c: AI30-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-MY-EASTGATE
status: ALLOCATED PORTABLE
remarks: This object can only be modified by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to mailto:hostmaster@apnic.net with your
organisation
remarks: account name in the subject line.
changed: mailto:hm-changed@apnic.net 20030702
source: APNIC

route: 202.71.96.0/20
descr: TMNet Eastgate route-object
descr: Telekom Multimedia , Telekom Malaysia Berhad
country: MY
origin: AS17971
notify: mailto:gatekeeper@eastgate.net.my
notify: mailto:gmen@tm.net.my
notify: mailto:m_ghaza@tm.net.my
mnt-by: MAINT-MY-EASTGATE
changed: mailto:gmen@tm.net.my 20011203
source: APNIC

person: mohd Ghazali Sabri
address: 3rd Floor, TM IT Complex
address: 3300 Lingkaran Usahawan 1 Timur
address: 63000 Cyber Jaya Selangor
country: MY
phone: +603-83180322
fax-no: +603-83188061
e-mail: mailto:m_ghaza@tm.net.my
nic-hdl: MS283-AP
mnt-by: MAINT-MY-EASTGATE
changed: mailto:gmen@tm.net.my 20011126
source: APNIC

person: Nur Faliza Yaakup
address: 2nd Floor, TM IT Complex
address: 3300 Lingkaran Usahawan 1 Timur
address: 63000 Cyber Jaya Selangor
country: MY
phone: +603-8318 8355
fax-no: +603-8318 8334
e-mail: mailto:faliza79@tm.net.my
nic-hdl: NY30-AP
mnt-by: MAINT-NEW
changed: mailto:gmen@tm.net.my 20011002
source: APNIC

person: Rudie Yaakub
address: 3rd Floor, TM IT Complex
address: 3300 Lingkaran Usahawan 1 Timur
address: 63000 Cyber Jaya Selangor
country: MY
phone: +603-83188046
fax-no: +603-83188242
e-mail: mailto:rudie@tm.net.my
nic-hdl: RY88-AP
mnt-by: MAINT-NEW
changed: mailto:gmen@tm.net.my 20011002
source: APNIC

person: Fairuz Rizal Abd Rashid
address: 2nd Floor, TM IT Complex
address: 3300 Lingkaran Usahawan 1 Timur
address: 63000 Cyber Jaya Selangor
country: MY
phone: +603-8318 8340
fax-no: +603-8318 8334
e-mail: mailto:f-rizal@tm.net.my
nic-hdl: FA18-AP
mnt-by: MAINT-NEW
changed: mailto:gmen@tm.net.my 20011002
source: APNIC

person: Azman Ali
address: 19th Floor, Wisma Telekom Semarak
address: Jalan Raja Muda Abdul Aziz
address: 50400 Kuala Lumpur
country: MY
phone: +603-26811949
fax-no: +603-26810186
e-mail: mailto:gmen@tm.net.my
nic-hdl: AA125-AP
mnt-by: MAINT-MY-EASTGATE
changed: mailto:gmen@tm.net.my 20011203
source: APNIC

person: Azrina Ibramsha
address: 4th floor
address: Ibusawat Telekom Wangsa Maju
address: Seksyen 4, 53300 Kuala Lumpur
country: MY
phone: +603-41492543
fax-no: +603-41425412
e-mail: mailto:anirza@tm.net.my
nic-hdl: AI30-AP
mnt-by: MAINT-NEW
changed: mailto:gmen@tm.net.my 20011002
source: APNIC

Tom β€’ July 8, 2005 12:29 PM

@Mike G.
“I wonder if there’s any actual Lichtenstein element in this story? Maybe the physical server is really there, I don’t know.”

The physical server is most likely in rack in Prague. The IP is in a netblock assigned to Coolhousing sro and delegated to the Czech operations of Active 24. Liechtenstein doesn’t border the Czech Republic, but Austria does, and active24.at resolves to the same address as active24.cz. This actually seems legitimate.

The Hanoi address is bogus, but the phone number is facially plausible… in China. Cursory searches on Howard Melter and alpina1.net (First Alpina Technologies) turn up connections to online marijuana sales, Vicodin spam, a sketchy online payment service, equally secretive high-yield investment programs, all in all a really lovely bunch of folks.

Anonymous β€’ July 8, 2005 12:37 PM

news.privacy.li = [ 66.250.146.167 ]

66.250.146.167 = [ ]
network: ID: NET-42FA920018
network: Network-Name: NET-42FA920018
network: IP-Network: 66.250.146.0/24
network: Org-Name: Newshosting.com
network: Street-Address: 130 West 2nd Street Suite 1100
network: City: Dayton
network: State: OH
network: Postal-Code: 45402
network: Country-Code: US
network: Tech-Contact: ZC108-ARIN
network: Updated: 2003-12-31 13: 30: 19
network: Updated-By: ddiller

Anonymous β€’ July 8, 2005 12:38 PM

Howard Melter…

Registrant Name:Edwin Devinopoulos
Registrant Organization:Money Daily
Registrant Street1:3782 Calle Principale
Registrant City:Moka
Registrant Postal Code:50111
Registrant Country:DM
Registrant Phone:+49.9918827
Registrant Email:mdaily@financier.com
Admin ID:tucMNB6Z5x1xcvuR
Admin Name:Heidi Schlamm
Admin Organization:SCH Org
Admin Street1:badtsr. 12
Admin City:koeln
Admin State/Province:ko
Admin Postal Code:50111
Admin Country:DE
Admin Phone:+49.9918827
Admin Email:mdaily@financier.com
Tech ID:tuizW2kOZRgUkTeZ
Tech Name:Howard Melter
Tech Organization:FAT, Inc
Tech Street1:nieuwe straat 12
Tech City:Amsterdam
Tech State/Province:EE
Tech Postal Code:1176
Tech Country:NL
Tech Phone:+31.188476124
Tech Email:support@alpina1.net
Name Server:STELLAR.HITRUST.NET
Name Server:GALAXY.HITRUST.NET

gbushnic β€’ July 8, 2005 12:40 PM

I can’t hold my belly laughing…. if you all would have real jobs, paying you for a decent lifestyle, you wouldn’t hang out here and chase mosqitos…

GET REAL LIFES!!! Or continue your medications….

The arrival of the keyboard has converted you all to detectives, a service which no one has ordered, and really no one cares about.

Anonymous β€’ July 8, 2005 12:46 PM

Bruce, you have stumbled upon an Advance Fee Fraud scam that is linked to Financial Privacy Consultants, Inc.

http://www.appleby.net/netscam/FPCscam.html

  • Bank –

Paritate Bank; 4 Terbatas Street, Riga, Latvia
Account Number: 0000 3290 0017

  • Original Registrant –

Debax Inc. (PRIVACY-CONSULTANTS-DOM
St. Georges House, 31A St. Georges Road Leyton
London E10 5RH, UK

Domain Name: PRIVACY-CONSULTANTS.COM Administrative Contact, Technical Contact, Zone Contact, Billing Contact: Musari, Nino (NM1402)
nino13@ROCKETMAIL.COM

Debax Inc. St. Georges House, 31A St. Georges Road Leyton, London, E10 5RH, UK
011441716811767 (FAX) 011441716811767

  • URLs –

http://www.privacy-consultants.com
…. and of course quite an array of Web Aliases, like ….
http://www2.privacy-consultants.com
http://www.browser.to/privacy
http://www.nauru-banker-net.com/
http://www.onetrust.net/
http://offshorebanking.av.onetrust.net/
http://www.expat-world.cx/
http://fpc.hitrust.net/
http://immigration-e-z.cx/
http://www.privacy.ch/
http://privacy.ch/
http://nestegg4u.net/
http://www.offshorecenter.cx/
http://panama-trust.cx/
http://www.trustnet.ch/
http://www.bankers-source.cx/
http://www.immigration2000.cx/
http://privacy.li/
http://www.offshoreprofit.cx/
http://www.asset-protect.net/
http://offshore2000.net/
http://www.equi-preserve.net/
http://zurich-finance.ch/
…. etc …. all of them leading to the same scamster!!

  • Represented by –

“Dr” Georg Adem – residing in … Panama (??)
…. or whatever alias he is using this week ….
assistant@privacy-consultants.com
inquire@privacy-consultants.com
kounselor@writeme.com
Gdem – Administrator for a Curzon forum
services@curzoninc.com
Igor (FPC’s webmaster) webmaster@hitrust.net
Klaus Gruber – alias or affiliate (??)

Anonymous β€’ July 8, 2005 12:59 PM

Interesting that someone is actively defending privacy.li by hurling epithets and ad hominem. Why bother?

All the important information about the site is in the FAQ:
https://www.annabelleigh.net/SEFAQ184.txt

For example:

“Privacy.Li offer an SSH encrypted connection with port forwarding through either of their own servers. One server is in The Netherlands and the other is in Hong Kong. Both well outside the control of either the American or British snoops.”

Snoops?

Also interesting to see who actively promotes the use of privacy.li, like White Nationalist (Supremecy) groups:

http://www.stormfront.org/archive/t-189499Feds_Catching_Up_With_Proxies.html

Anonymous β€’ July 8, 2005 1:01 PM

regarding appleby.net and mideastgate.com, tken from here:
http://privacy.org.cn/forum/viewtopic.php?t=247

Posted: Mon Jun 27, 2005 12:42 pm Post subject: Renate Hensmann, appley.net and mideastgate.com Reply with quote
Since years there is an outfit on the internet at appleby.net, which is listing some of our domains having been involved to scam the site owner, Renata Hensmann, German, back in 2000. Numerous efforts have been undertaken from our side to get those listings removed, as they plain and simple are libel and far away from the truth. The final word from Renata Hensmann a few years back was: Oh, no problem, please pay my loss (approx. 2000 USD), plus for my time, effort etc, making it 5000 USD!

An outrages effort to extort us, which we of course turned down.

We approached the hosting company, http://www.tierra.net , but they cover their client Hensmann, although she is in clear breach of the host’s TOS.

We have done a quick due diligence on Renata Hensmann and found the following interesting facts about her:

  • escaped from German authorities in 1997, warrant for her outstanding (fraud, embezzlement of small investors in Germany, from 1991- 1996, damage 18 million EURO, at that time about 36 million Deutsch Mark)
  • She is currently hiding in Jordan, Amman (no treaty with Germany)
  • Her web siteswww.appleby.net and http://www.mideastgate.com are the innocent looking frontpages for a continued fraud and unethical behavior.

We suggest you do not use any of the offered services at http://www.appleby.net and http://www.mideastgate.com , even better, stay completely away.

If you want to help privacy.li you may of course write yourself to abuse@tierra.net, complaining about appleby.net.

Buyer Beware!

Being paranoid is a virtue, not a malfunction!
http://privacy.org.cn
anonymous news now available!

Anony Mouse β€’ July 8, 2005 1:38 PM

Gotta love scammer hissyfits. When will you sociopaths realize these kinds of sockpuppet freakouts do nothing to help your “cause”.

If you were smart, you’d just shut up.

Anonymous β€’ July 8, 2005 1:49 PM

“sockpuppet”?

Have we fallen so low here as to resort to sad name-calling? Is there not a single point that can be made in favor of absolute anonymity by these so-called providers?

I would like to return this thread to some of the earlier posts, which echoed Bruce’s point that it is hard (or even impossible) to establish trust with something that is so shadowy and dark that it appears to be closed-off. Remember “shine the light”?

History argues that openness is the hallmark of true democracy and security. To that extent, privacy.li has a lot of explaining to do, which is probably why we see advocates here employing personal attacks instead of trying to engage in a true discussion with security experts.

Davi Ottenheimer β€’ July 8, 2005 2:17 PM

@Anonymous

Nicely said. When you reach the point that you believe you must completely lose your identity to survive, you have lost your right to Article 12 of the Universal Declaration of Human Rights:

“No one shall be subjected to arbitrary interference with his privacy,family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

The words “arbitrary” and “attacks” are probably contentious, but when a company tells a potential customer that it must hide its own identity as a precaution, it should make that customer pause and seek some reliable method to establish trust or at least evidence of shared values, no?

Matt Curtin put it quite clearly in his 1998 document “Snake Oil Warning Signs” for encryption:

http://www.interhack.net/people/cmcurtin/snake-oil-faq.html

“If the vendor won’t tell you exactly and clearly what’s going on inside, you can be sure that they’re hiding something, and that the only one to suffer as a result will be you, the customer.”

David β€’ July 8, 2005 2:58 PM

How about a doghouse review of U.S. Patent 6,289,460?

It incorrectly describes the SSL protocol (something well documented) and says secure communications can be achieved using: “With the private key the user encrypts a message that is then decrypted by its public counter part.” Ooops! That’s ass backwards.

Of course, they did no better when they describe how to verify a digital signature: “the document manager verifies the signature by decrypting the signed document [in this case, they actually mean the encrypted message digest, but go figure their crappy language], using the user’s public key and comparing the public key to the sent message digest.”

This is the technology behind http://www.docusign.com, a company that claims to offer security and digital signatures, yet their patent cannot even describe either correctly despite the fact that international standards exist that show how to do these correctly!

They should be reported to the doghouse!

Matthew Skala β€’ July 8, 2005 4:48 PM

I haven’t read the patent, but this quote: “With the private key the user encrypts a message that is then decrypted by its public counter part.” is a perfectly correct, if slightly confusing, description of how many digital signature schemes work. RSA is one example. The “sign” operation with the private key is the same thing you’d do to encrypt with the public key, and is often decribed as encrypting with the private key.

Kyle β€’ July 8, 2005 5:19 PM

Did anybody else read the name of the site as “privacy (dot) lie”?

An appropriate name, if you ask me.

Moderator β€’ July 8, 2005 5:20 PM

My thanks to those who’ve kept cool heads despite the apparent irruption of an existing feud into this thread. Deleting old comments at this point would leave confusing holes in the conversation, but from now on, anyone who can’t make their points civilly will be making them briefly.

Adminus β€’ July 8, 2005 8:03 PM

Hello, I am the owner of privacy.li. Today i saw some extra visitors, so i checked where they came from and arrived here.

First of all, thanks for the marketing, Mr. Schneier. You probably know Churchil’s old saying… πŸ™‚
(There’s no such thing as bad publicity except your own obituary)

Secondly, this thread started out of a very negligent research, that I would sell/offer the 1344 bit encryption soft. A little bit more diligence would have shown that i am merely a reseller of securstar.com hdd encryption soft. Period.
If you would like to bark up that tree please do so with http://www.securstar.com, the owner will be thankful for that extra coverage.

Thirdly, I want to explain the why I chose the REAL private setup of my operation. In comparison to most of this list members I am REALLY anonymous, thereas you all are sitting ducks and on TLA lists all over the world.

You can’t harras me, nor arrest me. Period.

You can be easily apprehended (and if necessary converted), see what happened to Phil Zimmermann.

Mr Schneier sent me (anonymously) a teaching email what trust is, and that you have to build it.
I enjoy a high level of trust among my clients and associates. I am doing what I am good at, and don’t play god or an arbitrator – suum cuique! Over 70% of new clients come by recommendation – that is UTTER TRUST.

Somebody dug up the old Georg Adem story. I even have these ‘theories’ on my own moderated forum at privacy.li, as this is another reference for my superior security enhanced setups.

He was a client of mine for 2-3 years, until mid of 2000. He was into offshore consulting and second passports (new identities). Some huge deals went sour, and half of the world was after him, he was never found – you guess why??

You (Schneier and list members) are dealing with security and encryption. Guess who uses your products and services the most??? Right, the underworld the war lords, drug dealers, kiddie porn peddlers and money launderers. Do you stop because of that? No…

Same with me: Pecunia non olet!

Before throwing a stone, one should always check out first the environment you are in: if it’s a glass/green house – don’t do it!

Have a nice encrypted weekend

Adminus

Anonymous β€’ July 8, 2005 10:24 PM

@adminus,

As you seem to know so much about encryption, why not sign your message?

After all, how else can we trust it’s really you?

Anonymous β€’ July 8, 2005 11:13 PM

“Secondly, this thread started out of a very negligent research, that I would sell/offer the 1344 bit encryption soft. A little bit more diligence would have shown that i am merely a reseller of securstar.com hdd encryption soft. Period.”

Reselling is a type of selling.

David β€’ July 9, 2005 12:31 PM

Just the way he responded shows how legit this all is. True anonymity is rarely useful for most people, though it can be from time to time, such as when whistle blowing. There was a time of publishing using pseudonyms and Anon, and that can still be useful from time to time.

The diatribe by Privacy.li appears to appeal to terrorists, criminals and anti-Americans. Would you trust your security or money to a firm that won’t say who they are and thus could deny your security and deny your money.

Sorry also for my earlier sidetracked bit as I have been overly involved in a personal pet peeve that didn’t make sense in response to this thread. @skala, you are confusing digital signing with encrypted messaging. When you digitally sign, you create a message digest and encrypt with YOUR OWN private key so that ANYBODY can verify your signature by comparing a newly calculated message digest based on the content with the encrypted message digest of the signature by using YOUR public key. This is because you want others to decrypt what you encrypted because it’s not supposed to be secret/private. In secure messaging, you would encrypt with the recipient’s public key, thus “ensuring” that only the recipient can view the message because he is the only person with the associated private key.

Anonymous β€’ July 9, 2005 4:01 PM

‘…appears to appeal to terrorists, criminals and anti-Americans..’

would you trust your security to known zionists?

Noone Important β€’ July 10, 2005 2:09 PM

“In comparison to most of this list members I am REALLY anonymous, thereas you all are sitting ducks and on TLA lists all over the world.”

I’d rather have my security handled by someone who is not a paranoid nutjob, thanks.

richmin β€’ July 11, 2005 6:50 AM

he guys,
well i just found this interesting discussion…hm..looks like they’re really not from Liechtenstein or have anything to do with it.Funny that they are using the flag from the princely family and not the nationalflag.Anyway, the site will get in trouble with officials from Liechtenstein if they don’t change their appearance.like they are some official security of the state:
“Privacy from the Principality of Liechtenstein”
i guess does guys were never there, it’s too small for privacy:
Greatest extension:
Length 24.6 km, width 12.4 km

just some “other” facts… greetings

Chris β€’ July 11, 2005 6:50 AM

I’d like to have my security handled by a paranoid nutjob–provided I have grounded, reciprocated trust in en.

Well, as long as that paranoid nutjob were reasonably sane about it.

Come to think of it, perhaps it’s best to have the paranoid nutjobs as a think tank and send any rational ideas they come up with to R&D.

Anonymous β€’ July 11, 2005 10:06 AM

“the drivecrypt program you mock of is a reseller link to securstar.com, the successor of bestcrypt, if i recall correctly”

In fact it has nothing to do with bestcrypt at all, does it?

Matthew Skala β€’ July 11, 2005 11:16 AM

David: in RSA, if your key pair consists of public modulus n, public exponent e, private exponent d, then someone who wants to send you a secret message M calculates C=M^e (mod n) and sends you C. If you want to sign a message, you calculate S=M^d (mod n) and send S. (Padding, hashing, etc. are necessary in practice but aren’t properly part of RSA, nor is the fact that you’d actually use separate key pairs for secrecy and authentication.) The signature operation is exactly the same calculation as the encryption operation, except that it is performed with the secret exponent d instead of the public exponent e. Thus many people describe signing as “encrypting using the private key”. If you use the same data structure for public and private keys, you can perform the signature operation by calling your “encrypt” function and passing it your private key instead of the recipient’s public key.

The description of signing as “encryption with the private key” probably orginates with the RSA paper, which talks about “trapdoor permutations” and emphasizes that they are invertible. A similar description applies to many other public-key schemes that provide both secrecy and authentication. It may be confusing; it may not be the best terminology; but it isn’t incorrect. Signing is encryption with the private key from the point of view of the math. I’m not confused about the difference between signing and encryption.

Davi Ottenheimer β€’ July 11, 2005 1:00 PM

@Adminus

“You can’t harras me…Period.”

Those “extra visitors” weren’t bothering you, were they?

From the discussion above it looks like you’ve had to relocate at least a couple times. Perhaps you have had to alter your own definition of “harassment”? I would guess that being a company “on the run” is hardly a cause cΓ©lΓ¨bre, no?

Also, I do not think the reference to Zimmerman actually helps your case. He believed in the right to secret communication between CITIZENS as a cornerstone of freedom. The US government tried for only three years to prosecute him though regular legal means, but eventually dropped their lawsuit and left him alone. Zimmerman himself described it as “not so bad”. Moreover, he argued that banning strong crypto would mean only terrorists and criminals would have access to it. That means that he fought for his software specifically so it could be used for good, in spite of (and in addition to) the bad.

It might be a controversial statement to some, but most agree that he was prosecuted unfairly, not persecuted, and ultimately he prevailed in more ways than one. Zimmerman regularly points out that PGP is used all over the world by groups who lack political power and who are trying to protect freedom, such as human rights watch groups. For what it is worth, these groups do not often advocate that average citizens choose anonymity to preserve their rights…since that obviously would be completely self-defeating. Thus, anonymity is a defence mechanism.

Now, compare that with your comments, which seem to advocate anonymity as the best way to avoid “responsibility” and/or “liability”…hopefully you see the disctinction.

At the end of the day, I believe Timothy Walton said it best:

“Before attempting anonymity on the Internet, it is best to think for a moment about your purpose and intent in hiding your identity. Think as well about the impact of the statement you wish to communicate. The safest course may be to acknowledge authorship. This avoids the uncertainties of liability and discovery.”

PsychoHazard β€’ July 11, 2005 1:13 PM

“Thirdly, I want to explain the why I chose the REAL private setup of my operation. In comparison to most of this list members I am REALLY anonymous, thereas you all are sitting ducks and on TLA lists all over the world.

You can’t harras me, nor arrest me. Period.”

I really have a hard time with the idea of trusting my security needs to a company that is set up in such a way so as to remove any accountability.

It seems to me that this is the perfect set-up for fraud on a major scale, after all, if you can’t find this person, or arrest them, or anything of the sort, how can you be assured that the business transactions are legitimate? With no fear of the law, what is to keep this company from just taking my money, or selling my data, or doing anything they want?

Alan β€’ July 11, 2005 5:50 PM

Their PGP key has NO signatures (other than self signed). How uninspiring:

pub 1024D/E87715F4 2001-12-02 PRIVLI
uid admin01
uid adminus
sub 4096g/60494EEC 2001-12-02

Adminus β€’ July 11, 2005 7:29 PM

I need to clarify some more things, just for the record, as by now i understand that your group and me/my clients are NOT compatible.

By stating: you can’t harras/arrest/subpoena me the point is clearly to PROTECT my clients. If you can not extort me or convert me I can not divulge ANY details about my clients. And that is the highest assurance of security and privacy I can give.

You (members of this list), in contrast, are sitting ducks, can easily be harrased, eavesdropped upon, etc.
If i would run a TLA (=three letter agency) I would appraoch one of you ‘brilliant’ guys to infiltrate, backdoor, convert etc. you. And i am pretty sure that there are moles within your organisation πŸ™‚

Encryption or cryptology is for me and my clients a mere tool, among a huge tool box available to achieve real invisibility etc., whereas the before mentioned encryption for you means ‘the holy cow’.

‘Nough

Adminus

Thomas Sprinkmeier β€’ July 11, 2005 9:45 PM

@Alan,

No signatures on this key makes sense.
The “web of trust” depends on having a link between yourself and the key in question via people who are known to you and whom you trust.

How could you have such a link to someone who wants to be anonymous?

His/Her client’s won’t sign it (except anonymously), as that would mean identifying themselves. There’s no point signing the key anonymously ‘cos that give you no more information (someone I know nothing about has signed a key I know nothing about…. big deal)

Adminus could still sign is comments though to prove it’s him/her (i.e. whomever is in control of the website, not someone else).

PsychoHazard β€’ July 12, 2005 8:06 AM

@Adminus,

“By stating: you can’t harras/arrest/subpoena me the point is clearly to PROTECT my clients. If you can not extort me or convert me I can not divulge ANY details about my clients. And that is the highest assurance of security and privacy I can give.”

This may be so, but it still does not address the issue of accountability. How could I trust you? What is to keep you from committing fraud or theft or any number of crimes for which ‘real invisibility’ is an ideal state?

“You (members of this list), in contrast, are sitting ducks, can easily be harrased, eavesdropped upon, etc.”

Someone might eavesdrop on a public discussion? Oh my! We’d better encrypt this to protect our anonymity.

“If i would run a TLA (=three letter agency) I would appraoch one of you ‘brilliant’ guys to infiltrate, backdoor, convert etc. you. And i am pretty sure that there are moles within your organisation :-)”

Why, exactly, would any TLA go through the trouble of planting moles in a public forum?

adaptr β€’ July 13, 2005 3:03 PM

The audacity of “adminus” is interesting… he/she/it defends privacy.li’s position by more or less stating that they are warranted to use any means at their disposal to assure the anonymity of their clients, right ?

Think about this for a moment – if you are truly anonymous then you cannot have any legal dealings with third parties, who will always demand to know who they’re dealing with…

No legal dealings – seems pretty clear to me.

But adminus defends his position in a way that puts the onus on “us”, his detractors, the poor, misguided, “brilliant” “nerds”or “geeks” that – to paraphrase – try to vilify and defame his pleasantly private company.

And here I thought people were posting actual, real registration data that is freely obtainable – indeed, mandatorily public- about a company that can’t even seem to decide which country it inhabits.

It feels rather similar to the story of the Cherry OS I’d been following a few weeks ago: as soon as the not-so-legal dealings of a shady company are “exposed” in a public medium such as this one, they attack from an indefensible position in the hope that their enemies will be scared off, and maybe even threaten with some vague but unenforcable legal action.

Microsoft, anyone ? πŸ˜‰

Of course, no-one would dare call MS a “shady, barely legal” company – the writs alone would bankrupt me…

Frank Lee β€’ July 18, 2005 4:00 PM

DriveCrypt uses 1344 bit by using triple blowfish (3x448bit), 768 bit by using triple AES256…. The technique behind this is more less like the old triple DES that turned the insecure DES into a secure algo.
DriveCrypt is a cool program by the way. Can create hidden containers and partitions as well as hide data into music files.

Clearer β€’ July 21, 2005 5:49 PM

For what it’s worth, I used privacy.li for twelve months and they did not defraud me or rip me off. They provided a reliable SSH service and I have no complaints.

melic β€’ September 16, 2005 9:53 AM

Thanks to all for this interesting discussion, it is always difficult to decide what company will provide the best privacy. I admit that I was fooled into believing privacy.li until I read Schneiers comments about them, in the end you have to trust someone, and one of the persorns with most prestige in the world in cryptology is someone.
Besides I have read from more or less reliable sources accounts of people using privacy.li services with no problems, perhaps if they were a big scale fraud operation someone would report them up in public forums…
Well I stick for what I know, I am not expert in crypto, so I will follow what most people who earn a living with this say, I am pretty sure it’s not personal.

~Q~ β€’ September 24, 2005 2:58 AM

Privacy.li has been a reliable privacy provider for us for over 2 years, good service, very reliable servers, cash sign up with no problems in delivery or anonymity. At times they even give more than you pay for.

I think they get more attention than some others because of thier politics, this is about privacy services and nothing more, Who cares about thier views, even if I don’t agree with them.

Georg Adem Andi LeDuc β€’ October 11, 2005 5:45 PM

I think Bruce should subtitle this doghouse as “Privacy.lie not to be trusted” but really that is being to generous to this bunch of stone cold criminals.

But as Bruce and readers have figured out, you have to watch out for Dr “Roman” “adminus” and his friends at privacy.li (A K A alpina1.net) because although most of their customers have not figured it out yet, they are running their ssh service as a phishing honey pot.

A small number of carefully chosen customers — usually the less computer literate ones — find at some point that value is missing from their accounts, or their accounts passwords suddenly stop working, with their accounts cleaned out, and they think it is because of some phishing Windoz virus they have. Think again.

Of course Georg Adem sometimes “sits in the same chair” as “Roman”, despite what “Roman” might limply claim about his association with that partic nefarious bucolic swindler.

They run scam bank First Digital International Bank (FDIB) http://www.1stdigibank.com well loved by advance fee fraud scamsters of all types including certain well heeled 419ers (closed down at firstdigitalbank.com but they came back naturally as all stone cold conmen do. For a while we also managed to get privacy.li shut down so “Roman” and gang were forced to move to privacy.org.cn but unfortunately they did succeed in getting privacy.li back and now operate from both domains).

As far as attacking those that refuse his attempts at extortion, or who expose him, “Roman” and George Adem have a quite similar style and ruthless approach (what a surprise) including but not limited to DDOS zombie attacks and publishing into the web both lies and personal information collected from those victims prior to scamming the victims.

So, gentlereader now you have this information, you can do the right thing with it and excercise your ability to act as an enlightened consumer. For others the fight against the scum of the earth goes on.

Anonymous β€’ October 16, 2005 12:30 AM

Why would anyone bother with buying a closed-source program like DriveCrypt (and lining the pockets of scam artists in the process) when you can get a superior product based on the same codebase for which the full source is available (TrueCrypt – http://www.truecrypt.org/ ) for free?

Jesse The Bull β€’ March 18, 2006 2:21 PM

privacy.li and fat technologies (aplina1.net) are in fact the cesspool of servers. one particular lowlife Jon Bond/Lightfoot uses them to host his unlicensed.info/blog. lightfoot, a criminal at large from France for drug trafficking is i think typical of their clients. online drug sales, spam, white supremacy, terrorism and kiddie porn. i’ve reported them to the FBI, Dept. of Homeland Security and US State Department, no luck yet, but i’m not finished…

JB β€’ May 14, 2006 4:31 AM

Jessie Heim said, “but i’m not finished…”

Actually, you are very nearly finished Jessie. It will soon be driven home that you cannot continually defame and libel people without suffering the consequences.

Interesting you don’t argue issues surrounding medical insurance I shine a spotlight on … the real story is fact-based and not anything to do with me, I’m simply the message-carrier, you know that, but you can’t attack the story so you defame the message-carrier.

I believe that one day you’ll have to face your own devils; you seem to carry too much inner rage around and it leaks out tainting those you come into contact with. Your ‘handle’ on the message you posted really says it all ….

Jesse The Bull β€’ May 17, 2006 9:01 PM

Bond/Lightfoot, a man who in fact made numerous false, fictitious and fraudulent statements on his application for medical insurance from International Medical Group and then filed a claim of over $150,000.00 for a pre-existing medical condition not covered under the terms of the policy is facing possible felony charges of application fraud, first-degree grand theft and first-degree insurance fraud. Bond has failed to cooperate with IMG and SIRIUS as required by the terms of the insurance Certificate by not providing previous medical records and has instead taken these issues to the public and has accused IMG, SIRIUS and myself, Jesse Heim III, (a licensed Texas General Lines Agent) of impropriety as an IMG appointed agent.

Even though the policy in question was not sold or provided by myself, Jesse Heim III, Bond has embarked on a intentional, defamatory, libelous and deceptive campaign to disrupt, impair, harm and interfere with SIRIUS, IMG’s and Jesse Heim III’s respective and legitimate businesses.

There, that sounds more like insurance.

Randy β€’ July 2, 2006 6:36 PM

i currently registered to 1stdigibank.com, they given me only an account number not knowing any information about me or from them, i was so suspicious so i try to search over the internet. is this a fraud site/banking????

Lex β€’ July 10, 2006 9:14 AM

I tried to leave a reply, and received a message from the system that it couldn’t be posted til moderated, and that I should send an email to the moderator to make sure it got to the board. That was a month ago. Must have been a “Gag” order.

Not Bruce Schneier β€’ July 20, 2006 9:06 PM

http://www.infosec.gov.hk/english/general/protect/Digibank_20051122.htm
http://www.info.gov.hk/hkma/eng/press/2005/20051122e4.htm

Suspected fraudulent website: http://www.1stdigibank.com

The Hong Kong Monetary Authority (HKMA) wishes to alert members of the public in Hong Kong to a suspected fraudulent website with the domain name “www.1stdigibank.com”. The website is operated by an alleged “First Digital International Bank”, which claims that it offers various banking services to members of the public in Hong Kong.

The public should be aware that the alleged “First Digital International Bank” is not authorized under the Banking Ordinance to carry on banking business or the business of taking deposits in Hong Kong, nor does it have the approval to establish a local representative office.

The HKMA has referred the case to the Hong Kong Police Force for further investigation. Anyone who has provided his or her personal information to the website or has conducted any financial transactions through the website should contact any local Police Station or the Commercial Crime Bureau of the Hong Kong Police Force at 2860 5012.

Given the global nature of the Internet, members of the public are reminded to verify the status of any organisation making use of the Internet to solicit deposits from the public. A list of authorized institutions is available on the HKMA’s website (www.hkma.gov.hk). Members of the public may also check the status of any entity in Hong Kong which solicits deposits from the public with the HKMA by calling its public enquiry hotline 2878 8222.

For further enquiries, please contact:
Kevin Ip, Manager (Press), at 2878 1687 or
Thomas Chan, Senior Manager (Press), at 2878 1480

Hong Kong Monetary Authority
22 November 2005

Jack Heim β€’ September 29, 2006 4:14 PM

Privacyli, Privacy li, Privacy.li an embarrassment to the WWW. Why not open an account with them. Next they will phish the passwords off your machine, unload your bank account, eavesdrop on all incoming and outgoing email. Offer to set you up with http://www.1stdigibank.com, (see above fraud advice). Then if you complain the will slander and defame you on their blog. Nice bunch of fellows. And the country of Liechtenstein, they claim privacy.li does nor exist there?

Stray Cat β€’ October 4, 2006 8:43 PM

Yup, they did it too me. I Signed up with them and started conducting business through them, next thing I know, credit cards I used while connected “through” them became maxed out, My personal information was given out or sold and my identity stolen and my credit ruined. Avoid this scam outfit at all costs. Not until after I got scammed did I find out this outfit had already been busted before for credit card fraud and bank fraud. Real SCUMBAGS.

LexScripta β€’ October 29, 2006 1:48 AM

Well folks,

You were all right. Privacy.li and 1stdigibank stole some cash from me. If you check, 1stdigibank.com is not on the www anymore.

When I brought this fact to the attention to the web site members on privacy.li, my account was revoked, and my posts erased.

Watch out for privacy.li, and Adminus – a blatant criminal.

LexScripta

Anonymous β€’ November 16, 2006 2:10 PM

btw, you’re having a pissing match with h a m a s and their supporters. In case you didn’t know guns cost money.

Jack Heim β€’ February 4, 2007 11:24 AM

Anonymous, you are almost funny. You and Adminus are now likely tapped by both the NSA and CIA. Theere is no privacy at .li

Bobba β€’ May 19, 2007 1:53 AM

I’ve read everything about privacy.li

I’m no defender of them, in fact I’m simply shopping right now. I notice that all who say that privacy.li does this or that provides no verifiable evidence – so much for accountability! Both sides lack it, so at least we’re dealing with a level playing field here.

Also, that privacy.li is the cesspool of websites doesn’t bother me at all. I’m simply looking for a service that gives me privacy.

Finally, the financial worries. Maybe they do take passwords, maybe they don’t. I’m not interested in doing financial transactions through them, so those complaints are irrelevant!

Thanks for the discussion, people!

Gary β€’ June 23, 2007 8:27 PM

The most critical piece of information for anyone thinking about using privacy.li is that if they say your money never arrived and thus don’t deliver the service you wanted with them, what are you gonna do about it? You’ve lost your money, simple as that.

Please Google privacy.li and read the growing number of complaints about them. The main trick seems to be giving most people the service they want and ripping off a select few, who then have no recourse.

Be forewarned.

Jose β€’ July 5, 2007 10:44 PM

For what it is worth, they have provided me privacy services for a few years now with almost NO downtime. They have in every case delivered what was promised. The fact that these guys are using every means available to remain untraceable is a plus to me!!!

Adminus activated my account BEFORE receiving my payment on my word alone.

Jose

Bufo Marinus β€’ July 11, 2007 12:40 AM

Commenting on the satisfied customer and assuming they are genuine, I would submit that at this late date anyone running a phishing site would be pleased to provide service upfront. Anyone running a site (privacy.li) whose reputation is now in the toilet would also be pleased to bend over backwards to some unsuspecting new customer hoping to discredit the growing body of evidence that the web site runs a number of scams.

Above all other allegations that now pepper the web, especially google newsserver groups, there are 2 revelations that seem most substantiated and are most horrifying:

OUTTING CUSTOMERS: privacy.li divulged the identity of a customer, something that genuine privacy organization would not do under any circumstances:

Newsgroups: alt.privacy.anon-server, alt.privacy
From: “Armin, der Etrusker” a...@etrusker.net
Date: Tue, 10 Apr 2007 21:59:35 -0400
Local: Tues, Apr 10 2007 6:59 pm
Subject: Re: Beware scamster site, privacy.li

Thanks for the coverage!! You are priceless, google page ranking is
moving up constantly – thus means business! Keep up the good work!
Could you please also include all other domains which lead to
http://www.privacy.li? Such as:
http://www.privacy.in
http://www.privacy.org.cn
http://www.anonymous-banking.info
http://www.anonymous-gold.info
http://www.anonymous-privacy.info
http://www.anygoldnow.us
http://www.egold.us
http://www.goldnow.us
http://www.no-taxes-with.us
http://www.noprivacy.us
http://www.offshore-banking.us
http://www.offshore-with.us
http://www.privacy-banking.info
http://www.privacy-gold.info
http://www.privacy-tunnel.info
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
And that the world sees what sicko you are, here what you ordered from
me (I am glad the money didn’t make it!):
http://www.cuddlynecrobabes.com/promo2/new.html
Here are the actual addresses of the sites I want to
sign up for. Ignore the link I sent to you in previous
e-mail.
https://secure.cuddlynecrobabes.com/pay/input.php?inifile=cash1m
$20 USD
https://secure.cuddlynecrobabes.com/pay/input.php?inifile=mexicana1m
$20 USD
https://secure.cuddlynecrobabes.com/pay/input.php?inifile=khp
$59 USD
https://secure.cuddlynecrobabes.com/pay/input.php?inifile=bodybag3month
$40 USD
Sign up service
$54 USD (40 Euro)
Total
$193 USD
Here’s the header from your order:
cnbsig…@yahoo.com
X-Spam-Checker-Version:
SpamAssassin 3.1.7 (2006-10-05) on sam.hitrust.net
X-Spam-Status:
No, score=-1.9 required=5.5 tests=ADVANCE_FEE_1,AWL,BAYES_00,
RCVD_IN_SORBS_WEB autolearn=no version=3.1.7
Received:
from sam.hitrust.net (localhost [127.0.0.1]) by sam.hitrust.net
(8.13.1/8.13.1) with ESMTP id l03IQsNK026962 for xxxxxxxxxxxxxWed, 3 Jan
2007 19:26:54 +0100
Received:
(from root@localhost) by sam.hitrust.net (8.13.1/8.13.1/Submit) id
l03IQse1003898 for xxxxxxx; Wed, 3 Jan 2007 19:26:54 +0100
Received:
from web59101.mail.re1.yahoo.com (web59101.mail.re1.yahoo.com
[66.196.101.12]) by sam.hitrust.net (8.13.1/8.13.1) with SMTP id
l03IQrP9032116 for xxxxxxx>; Wed, 3 Jan 2007 19:26:54 +0100
Received:
(qmail 1232 invoked by uid 60001); 3 Jan 2007 18:26:51 -0000
DomainKey-Signature:
a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Conten¬t-Type:
Content-Transfer-Encoding:Message-ID;
b=VRcNkAY0bi6AaE1Fa1Pd/
apwXjHDrKbOfnzYAiXMjMv4IC7gU44Mjq8Hq17dXN6Pv8pTyVrDQ¬4Lv4a7
PH8ZPyE357quW431AjYzmhrhkd6Gn5sMKMGnpyiz8IPLujFAZHX6LrfjyWA
wqMGen4q6A¬7jfXxXndpjF/qbCl8gyfee8=;
X-YMail-OSG:
SgVSAjgVM1ksJ.2FWf9xlWvq8TZc1t8kyh_SidIn
Received:
from
that’s your IP-address!!! [149.9.0.57]
by web59101.mail.re1.yahoo.com via HTTP; Wed, 03 Jan 2007 10:26:50 PST
In-Reply-To:
200701020333.l023X8VI031...@sam.hitrust.net
MIME-Version:
1.0
Content-Type:
text/plain; charset=iso-8859-1
Content-Transfer-Encoding:
8bit
Message-ID:
247604.1215...@web59101.mail.re1.yahoo.com
X-Virus-Scanned:
ClamAV version 0.88.6, clamav-milter version 0.88.6 on localhost
X-Virus-Scanned:
ClamAV version 0.88.6, clamav-milter version 0.88.6 on localhost
X-Virus-Status:
Clean

SOURCE:

http://groups.google.com/group/alt.privacy.anon-server/browse_thread/thread/093ccb60f7b16734/ef73504778872530#ef73504778872530

PRIVACY.LI TECHNICAL VULNERABILITIES: The second issue involves vulnerabilities indicating that privacy.li is not a secure tunneling service at all:

http://groups.google.com/group/alt.privacy/browse_thread/thread/b79bfb855c3cdf10/570b6341770f8a78

http://groups.google.com/group/alt.privacy/browse_thread/thread/357ace4cfc6fe976/56cd101c25c5830b

I do urge all prospective customers of privacy.li to carefully investigate all the comments made on the internet concerning them before using their service or at least divulging ANYTHING about yourself to them (use them as a chained proxy would be far preferable to accessing the privacy.li site directly).

Kath β€’ October 13, 2007 1:57 AM

This is very disturbing information. It’s unfortunate that there isn’t some kind of organization that can certify legitimate anonymizing services. Even the legit ones often have leaks through which dedicated hackers can STILL figure out the originating IP.

I would give privacy.li a wide steer.

Natursekt β€’ November 5, 2007 8:04 PM

Reading through all this garbage here brings up nothing:

  • privacy.li is a superb service for anonymity on the net
  • Adminus is knowledgeable and very helpful, even available at non-core office hours

Stop being envious.

H.C. Genius

Anonymous β€’ February 5, 2008 8:36 PM

I completely agree with the last poster who said “Reading through all this garbage here brings up nothing.”

I don’t know anything about Privacy.li, but I am disgusted by the behavior of you and most of the posters here, Mr. Schneier.

I have not seen one shred of evidence to prove anything about Privacy.li, good OR bad.

On the whole, it seems your readers have no critical thinking skills whatsoever, since they cannot tell real evidence from innuendo.

You pick up 1 line about some “DriveCrypt” product on his website, and that alone is all the evidence you need to put that company in the “doghouse?”

Give me a break.

The fact that they resell that product proves absolutely nothing.

Nothing that you or your readers have posted prove that Privacy.li is incompetent, dishonest, or anything else for that matter.

If this was a court, since nobody here actually bothered to present any evidence to justify publically trashing Privacy.li, all of you would face heavy fines for slander.

This column constitutes nothing more than a lynch mob attack on what appears to be an innocent business and business owner.

Not Anonymous β€’ February 18, 2008 12:09 AM

Privacy li and Fat Technologies might know the fellow out there that claims to have access codes and FTP info for all the domains at (www.unlicensed.info) for $20,000 Euros. I’m sure the new owner will also assume risk for the US Federal Lawsuit and Judgment of $15.6 US Million such as Jon Bond/Lightfoot.

Just as “Blogger” and “Anonymous” was keen on posting public records,

they missed this one:

Decision # 476, Docket # 98/00041, Poitiers Appeals Court (France), (The Late), John Lightfoot aka Bond charged with importing into Saint Laurent de la Salle (France) in November, 1994, 299 kilograms of cannabis resin. Defendant failed to appear. Was convicted to Three Years Imprisonment and further banned from French National Territory for Ten Years.
Chief Judge, Mr. Besset, Public Prosecutor, Mrs. Granger, Deputy Attorney General. June 11, 1998

Bond/Lightfoot fled prosecution, lived in Florida, USA under an assumed name and fraudulent passport, then Alicante, Javea, Spain.

Bond, a Typical user of Privacy li and Fat Technologies Services.

Anonama β€’ June 12, 2008 1:38 PM

I am quite disgusted by the muckraking rubbish on this blog, Mr. Schneier.

I have been a client of privacy.li for close to four years and have never had one problem with them. Like “Jose” above, I also had my account with them activated before they received my funds. They have always provided an excellent service, often with extensions. They also respond briskly to technical issues.

If there are legit complaints about them, I want to see these complaints in full with accompanying documentation. It is so easy these days to throw out accusations to a public that is quick to criticize.

Adminus’s desire to offer total anonymity to his clients is admirable. If he is keeping me anonymous, I don’t care to know who he/it/she really is.

Knowing the actual identity of a provider of anonymity isn’t any more assurance that I won’t be ripped off — the courts are full of fraudsters who operated openly at one time.

There is a very good reason to be totally anonymous — no government can be trusted to respect the rights of its citizens. Anybody here is naive if they think otherwise.

Privacy li’s anti-US stance has clearly ruffled the feathers of some in the security community. Clearly these folks are happy to see their government erode the few rights they have left.

Behind all this is jealousy and envy. Until legitimate reasons for not trusting privacy.li are documented, I will continue to trust them.

Barry Bond β€’ June 12, 2008 4:47 PM

When given the option of a relatively non-controversial anonymity service versus a controversial one, which one would YOU choose?

I would disagree with the statement “until legitimate reasons for not trusting privacy.li are documented, I will continue to trust them.” For one thing, I haven’t a clue who the writer is or their association with the privacy.li ownership. For another, I would always choose a service that doesn’t have such rabble circulating around the base!

Carry on-

Jesse Heim β€’ November 17, 2008 2:36 PM

First Posted by: Jesse The Bull at March 18, 2006 2:21 PM
UPDATE***************
privacy.li , privicyli, privicy li and fat technologies (aplina1.net) are in fact the cesspool of servers. one particular lowlife Jon Bond/Lightfoot uses them to host his unlicensed.info/blog. lightfoot, a criminal at large from France for drug trafficking is i think typical of their clients. online drug sales, spam, white supremacy, terrorism and kiddie porn. I’ve reported them to the FBI, Dept. of Homeland Security and US State Department, no luck yet, but I’m not finished…
~~~~~~~~~~~~~~~~~~~~~~~~~
It’s sad but the former client (my nemesis Jon/Bond Lightfoot) of (alpina1.net) & privacy.li passed on this last September of pancreatic cancer. To my dismay his sites are now down. On the above URL they continue to slander and defame me, as they will to anyone who draws their ire. I just wanted you to know Adminus I’m still here posting my warnings on your nefarious operation. By the way any information on myself is of public record in Texas.

BFF β€’ May 2, 2009 12:39 AM

Just going through blogs, forums and such, you quite quickly reach the conclusion that the privacy.li “owner” is an anti-Semite of near rabid intensity, a fascist of the highest order!

ghandi β€’ August 3, 2009 6:51 PM

Been reading this whole discussion as i was bored πŸ™‚ It seems only a very few of you see that Mr Schneier is a jewish person. Privacy.li seems to be against zionists (jewish extremists) .. that explains everything to me and why Mr Schneier chose to attack privacy.li and the lack of looking even into the drivecrypt product which is not even theirs. Shame on your Mr Schneier, i expected more of you as you did do some good crypto work πŸ™ Also that he is against US agression in the world doesn’t make privacy.li more popular especially after 9/11. Guys, this whole discussion is biased.

Btw, concerning anonymizing services, i’d rather trust a hard to catch service as to the “sitting duck” ones as it was put here so nicely.

on da QT β€’ October 3, 2009 5:17 PM

All anyone has to do is Google and look around some and you’ll find out what privacy.lit is REALLY up to.

By the way, any comments against Jews on this board undoubtedly come from the antisemitite Adminus, aka privacy.li owner.

Take the risk if you want and if you send cash to Adminus, maybe even lose your money! Cry out and he’ll come after you in cyberspace with a vengeance!

Most of all, read DEEPLY about privacy.li before you make any decision.

bodysnatcher β€’ November 24, 2009 9:49 AM

After reading this thread i signed up at privacy.li πŸ™‚ Thank you for the promotion guys !
Fits exactly what my views are.

Outta Space β€’ January 26, 2010 3:41 PM

Anyone who would read everything that is out there on the internet about privacy.li, not even including the comments by the respected Dr. Schneier, would be outta their minds to sign up for this mysterious scumbag service aka privacy.li

Lichtenstein? That’s apparently only the first of their many lies.

Thanks, Dr. Schneier. for opening my eyes to this con game. I first heard about you on CNN and have grown to have the utmost respect for your recommendations.

incidental β€’ April 6, 2010 5:18 PM

Privacy.li offer a ssevice un-matched by other s who fall foul of corpprate greed and intimidation. Just because lawyers shour and scream does not make it right, these same people sell their souls on a regular basis to the highest bidder, what is right about that.
Many may not like the messages sent out by privacy.li, but the truth can sometimes hurt, and is not infuenced by money , greed and corporations.

Without the voices allowed by the likes of privacy.li and others, there would be no freedom of speech left, silenced by money moguls and those who wish to influence rather than stand to the strutiny of truth.

Long live adminus and his stance, in years to come we will wish more stood shouder to shoulder like this, instaead of falling foul of twisted manipulators of truth.

By the time many realise the real truth, it will be too late, if not already. The US has become a pillar of lies, greed and decieit, so what is wrong in saying NO to this vile abuse of liberty…?

This is no con, no deceipt or lie, but a painful reflection of a sick and meaningless society, look deep into your sould and ask, what harm can truth do if nothing is to hide… unless you are one of the liars who flock to their masters bidding in the desperate hope of some pitiful, short-term gain…

You know who you are, and I wonder just how you sleep at night, black and tarnished souls without any meaningful purpose… you are the type who crucified christ in the name of just and following…

It takes a real man to stand alone and ask why, challenge the shroud of greed and manipulation… in the name of truth…

anonymous β€’ April 19, 2010 7:32 AM

I find it funny that no one mentions the global ‘yardbird’ child porn bust. Simple “information gathering” πŸ˜‰ paints a very accurate picture of privacy.li and I am surprised those with an interest in anonymity (Not for criminal means per-se but any need for strong anonymity) are not more up to date on this.

The yardbird pedophile group (just google global pedophile ring to read a lot about it) was infiltrated by the FBI sometime in 2006. In mid 2007 the Australian federal police were able to identify an Australian participant in the group. This participant likely used privacy.li , so privacy.li was NOT able to keep them anonymous although apparently it did manage to at least slow an interpol coordinated investigation.

Interpol identified ~45 pseudonyms in the group likely with little overlap (double accounts). 24 members were arrested in a coordinated international take down in march of 2008. Reports to underground security forums by their group leader (who was not arrested) around a year after the coordinated take down paint an important picture: every single one of their members who used privacy.li was compromised. None of their members who used Tor/Remailers was compromised.

One of the members of their ring was Bart Huskey who was ranked as one of the most wanted child pornography producers in the world (even before he was actually identified). He was the subject of intensive international police operations, they were trying to find him very hard because they feared he might be a threat to the life of a child. He was not arrested in the coordinated take down but was arrested three months afterwards: he was tracked based on photographic forensics and old fashioned investigative work, not a network trace. He apparently used Tor/Remailers since he was not busted by the coordinated take down.

This information shows two things: As of March 2008 interpol was incapable of compromising Tor/Remailers even as a matter of urgency with human life at risk. This is a sad yet strong indicator of anonymity. This information also shows that privacy.li does not offer anonymity that is capable of resisting interpol level adversaries, although it can slow their ability to trace significantly. It also seems likely that as of 2008 Interpol did not predict they would have the ability to break Tor/Remailers in the near future or else one would imagine they would have delayed the coordinated take down until they could electronically trace all of the suspects rather than less then 50%, especially since they feared the take down would possibly endanger the lives of children being abused by people they did not yet have the capabilities to trace.

To sum it up: Privacy.li breaks against international police level adversaries. Tor/Remailers did not as of march 2008 although it is possible they are compromised now via traffic classifiers.

journalistus β€’ August 10, 2010 1:07 PM

I’ve investigated part of the yardbird case (for my paper). The conclusion is that it was the metropipe service who was involved in it. There is another long story behind this but it’s a bit of a stretch to damage the reputation of other privacy providers. It is pointless to reply to the trolls on this blog as they try to take the heat of their own issues.

orly? β€’ September 5, 2010 4:49 PM

Here is the exact posts yardbird made public a year after half his ring got busted:

—–BEGIN PGP SIGNED MESSAGE—–

It’s Thanksgiving, 2008, as I start to write this. Nothing is likely
to change for me between now and the one year aniversary of my exodus
from usenet.

Many will not remember me, and some who do will not be glad to be
reading this, because I am free and untouched by the events of March,
2008. Untouched; not investigated, tried or jailed.

It is clear that the precautions I was taking then were sufficient.
If they weren’t, I would have been in the same boat as many others
who knew me.

So in retrospect, after much time to contemplate, review and analyze
what went wrong, I understand why some were safe and some weren’t.

The reason for having a group wasn’t protection, but economy. Open
posting not only provided a target, but the loss of the account used
for posting was likely (or inevitable). Accounts are not cheap, but
if the accounts were used only for encrypted exchange then there
would be no basis for closing the account (on the part of the ISP).
Failure of screening, therefore, would have only one adverse
consequence – loss of any anonymously created accounts. Not loss of
freedom.

Part of the screening process, in fact, was the requirement that the
applicant demonstrate proficiency in posting anonymously. Each
person chose their own “strategy” for anonymity and personal
security. The failings of the group concept did not, all by
themselves, get people arrested. Everyone I know that used
Privacy.li exclusively was arrested, most notably my number 2 who
relied on privacy.li for everything. Everyone I know that used tor
and remailers exclusively is still free. The arrests are the
ultimate test of anonymity, and SSH tunnels failed that test. At
least one never used any particular method of security because he
never posted any binaries. He was still arrested, however, for
posting a thank you note. And being part of the group.

During times of plenty, there was little reason to have a group at
all. Anything one could want could be found in usenet groups, and
one only need download the material. Such times were few and far
between though, and the group functioned as a “filler” for online
material, or just a way of keeping everything organized during both
feast and famine.

Regardless, I’m not back. I’m happy with my life despite it’s
ordinary tribulations. I lack nothing of importance, although I do
have regrets. The group concept itself was, in retrospect, a
mistake. Properly excuted, it might not have been so disastrous, but
staying anonymous is no easy task. Relying on privacy.li was clearly
a big mistake. As for Cotse, I would expect that, if asked, Gielda
would answer honestly about any subpoenas he responded to that lead
to arrests. Or maybe not.

The only surprizes from the whole affair were the intensity of the
investigation and the coverage after the fact. The Assistant
Director of the FBI? CNN? For that tiny group? Unreal.

But OTOH, we knew that the magic word “ring” would inspire
exaggeration, and provide a convenient target for those who like
“conspiracies.” Especially “Global” or “International” ones. Ha!

Curiously, the fall of egold coincided with our activities and the
indictment in April, 2007 followed the seizing of our account. You
could read about egold in wikipedia and decide for yourself.

But for me, it’s all over, and I have no desire to get involved in
usenet again. The writing has been on the wall for usenet for some
time, and I don’t need the excitement.

I wondered if I should anticipate the responses to this writing and
answer them in advance. Usenet is paranoid, and so there will be
questions about the authenticity of the post/poster (assuming someone
actually reads it) despite the PGP signature. There will be
suspicion about motives, and resurrected suspicions about what
happened and who did it. Too many questions to answer.

For historical interest, I may post another message that addresses
some of the internal workings of the group as seen from the top.

I leave you with the words to a song that I found to reflect the
thoughts and feelings of the 10 years I participated in usenet.

We skipped the light fandango
turned cartwheels ‘cross the floor
I was feeling kinda seasick
but the crowd called out for more
The room was humming harder
as the ceiling flew away
When we called out for another drink
the waiter brought a tray

And so it was that later
as the miller told his tale
that her face, at first just ghostly,
turned a whiter shade of pale

She said, ‘There is no reason
and the truth is plain to see.’
But I wandered through my playing cards
and would not let her be
one of sixteen vestal virgins
who were leaving for the coast
and although my eyes were open
they might have just as well’ve been closed

I could interpret the song, but I think it speaks for itself.

Good luck, and good bye.

Yardbird.

—–BEGIN PGP SIGNATURE—–
Version: PGPfreeware 6.5.8 for non-commercial use http://www.pgp.com

iQEVAwUBSaihvyiKTNlSgb07AQGdgwf8DhdWgSaSCOfeQbSgWNMU8CRI257BVVs/
NHfkyH/CTTEETJac8IK7QlDNj94hRmyi8KtWy6wTXf0SNGnNCXbyLOuBO/8OnImi
kPcl79NxBu5pitnUu95TUsSvUl0BNVB1EsmrOLK+F4zRT1q/mSQGLZEsnWbvJrh0
5kieVx4Q3ADN+QsBlFxdUzvTbSpOCQwxmeomYOsd0MedsEpF0arn/7jlghYSg+vF
knus+UMz13jkdUq2vQlE7FKGiY6Am79bZgic/BqvbBakJUVYQ2t8PYojB2yuF5OB
3XNSru5FyoE2jBQ+kAg2Ctil/MR86Tk2UFx5QutnufiDA69iCMn1hA==
=1xaq
—–END PGP SIGNATURE—–

Straight from the pedo’s mouth. He did not say metropipe he said PRIVACY.LI

Hay Nony Mouse β€’ September 5, 2010 10:18 PM

@orly : He did not say metropipe he said PRIVACY.LI

@journalistus : The conclusion is that it was the metropipe service who was involved in it.

If you both google around on metropipe and privacy.li, look for the name “Steve Topletz” if you look at what he has let slip in various comments you will see he appears to know quite a lot about both.

The two organisations may not be unconnected for a number of reasons (make your own judgments on what you read and dig a little more).

Jesse Heim β€’ September 13, 2010 9:55 PM

Boy Adminus you are still stirring the pot. I’m glad that you can get “Jesse Heim” no. 1 on Google. Why not start indexing my website so I can make some more money$$$

Borthulimus β€’ September 24, 2010 4:30 PM

Privacy.li undoubtedly has the most extensive trail of cyberspace evidence against it of any supposed privacy-enhancing website in history. Anyone that signs up for that scam obviously hasn’t googled the zillions of threads and articles exposing the congame. As far as I can tell (if somsone disagrees, please post me a link), I can find NO evidence of a serious analysis of its security claims that back up what privacy.li promotes. But I have found several disturbing analyses that the service is not secure and does not do what it promotes. In short, so far the evidence is that with privacy.li you’re not getting privacy and if you use the service for something illegal, you’re most certainly going to be caught and prosecuted!

I just saw the posting about Steve Topletz (aka xerobank) and metropipe. That’s all a different kettle of fish. For one, Topletz doesn’t try to hide who he is, unlike all the rest. Second, nearly all the complaints about his service (as for metropipe before) are lack of service support. I haven’t seen any brass tacks evidence that this service doesn’t measure up for what it says it will do. Topletz, as a visible personality, has been involved in the privacy movement for years, starting with the TOR project at least. Kind of like Lance Cotrell. Maybe or maybe not they’ve sold out to the CIA etc but that’s quite a different situation (and a whole ‘nuter level of professionalism) compared to the privacy.li pig pen fights. Google Cotse threads, find the anti-cotse comments by the privacy.li guy and you’ll see what I mean. Complete silliness against any perceived competitor or detractor of the privacy.li sociopath owner!!!

kinship β€’ October 25, 2010 3:43 PM

The privacy.li (=privacy.lie) founder hates Jewish people which is precisely why he started picking on Cotse. He seems a bit like a squirrel brain, so I’m glad that Schneier has put privacy.li and its ‘Adminus’ founder in the doghouse where they all belong!!!!! πŸ™‚

Megawati β€’ November 24, 2010 2:08 AM

Privacy.li is a scam. Neither is the service secure nor is it 100% reliable that the money you send won’t be stolen.

Hitler β€’ December 19, 2010 7:52 AM

I hope one day someone will get privacy.li offline and Adminus aka. Johann Kemmler aka. Klaus Gruber will be arrested!

c-spans β€’ January 26, 2011 11:56 AM

Good God, I actually considered subscribing to this service. Thanks much for those who exposed what goes on behind the scenes.

gottaluvit β€’ February 26, 2011 8:23 AM

From what I’ve been reading on usenet, etc., privacy.li is REALLY in the doghouse at the moment! πŸ™‚

darni β€’ August 3, 2014 8:11 PM

@orly?

That message fails to verify with GPG. Perhaps newlines were added?

Yardbird’s key is 0x5281BD3B aka 0x288A4CD95281BD3B:
hxxps://pgp.mit.edu/pks/lookup?search=yardbird&op=index

GPG results:
hxxp://ichigo-up.com/Sn2/download/1407114185.txt

darni β€’ August 7, 2014 5:57 AM

Somehow, that last .txt on ichigo-up.com got deleted…

New URL:
hxxp://up.karinto.in/uploader/download/1407408630.txt

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.