Agree, but breaking the law and putting your whole operation at risk is not a clever nor productive way to fight it.

I agree that the laws are bad. However, they are still laws. Breaking them has consequences.

If the library does not have the license or a right, guaranteed by law, to do that, then it is piracy.

The law is a law. Their aims do not override it. They are getting what any sane person would expect. Nothing prevented them from separating their legal and shady operations to separate entities. That, at least, would prevent compromising the whole operation. If someone puts his head in a lion mouth, it is still his fault, at least partially, that lion kills him.

It’s not like they’re distributing the latest Marvel slop.

I doubt this argument will hold in court.

My point still stands.

The developer is registered in Latvia. Yes, it had at one point connection to Russia, so what? A lot of software was developed in Russia. Nginx, for example, that does not prevent millions of websites from using it.

Users leaving OnlyOffice is mostly about enterprise edition (paid) users. In fact, many of them left enterprise version for the Foss version.

Can Internet Archive just stop copyright violations?

Do not get me wrong, I am all for piracy, but usually pirate websites hide themself (like libgen, for example), so that no lawsuit possesses a threat to the resource itself or resource owners.

IA, on the other hand, are pretentious pirates. They either believe that they are untouchable or just do not care in general. And when it causes expected result once again, they start running around asking for help and telling how dangerous it is for their entire work.

The comment above is wrong. OnlyOffice is available under both Foss (Community Edition) and proprietary (Enterprise Edition) licenses. The proprietary version is paid and offers some additional features like extended support.

OnlyOffice is open source and Latvia based.

Why not rutracker.org?

reg.ru

As far from US as possible.)

TOR by design is vulnerable to Sybil attacks. In fact, there have been attempts to exploit this vulnerability “in the field”. It is not clear how successful they were. There are some measures taken to prevent such attacks, but none of them guarantee safety. I2p and other p2p networks also suffer from the same problem.

In fact there is only one known way to mitigate Sybil (and alike) attacks. It is to expand the cost of operating in the network so much, that it would not be financially viable to perform it. There are two major way to achieve that: proof-of-work and proof-of-stake.

PoW is what majority of cryptocurrencies do. To operate in the network you need to perform significant calculations. The more calculations you perform the “stronger” your position is. For that you have to invest huge amount of money in hardware and energy to “outperform” other actors. That is what mining basically is.

PoS requires you instead to invest a crypto (or whatever, does not actually matter). The more crypto you invest “the bigger your ‘bank’ account is”, the “stronger” your position is as well. This is what nym and lokinet (technology behind session messenger) do.

deleted by creator

They do require to invest a certain amount of crypto to connect your node to blockchain. This in theory is done to prevent Sybil attacks.

Using VPN over TOR greatly reduces performance. Also, for most cases TOR is enough,. Why would you slap a VPN on top of it?

They also take your IP.

I would not put Nym in the same category as Mullvad and IVPN. It is a new and immature product. I have not heard that they have passed any sort of audit, their claims about non-log policy have not been tested yet.

Their infrastructure is decentralized only in name. In fact, they have the same problem as session, the cost of maintaining a server discourages decentralization so much that no one does that. As a result it nullifies any advantages their mixnet might offer, as chances are all your hops are between the servers of the same owner.

TLS clienthello contains unencrypted string, called SNI, that contains the domain of a destination web site. It must be unencrypted to work, because web sites read this string to determine which certificate to use.

You do not break encryption. It is unencrypted by design.

With all due respect, but it seams to me that you do not quite understand how HTTPS works. For encryption it relies on TLS protocol. And TLS does not encrypt everything, it encrypts only payload, but it also has to share some additional data to even establish encrypted connection. The majority of that work is done by exchanging clienthello and serverhello. To do that client has to clarify what server he is even trying to reach as there can be multiple servers on IP, but they have separate certificates, support different cyphers etc. For that a string “SNI”, that contains domain name is used. Only after client and server exchange all the necessary information encrypted conversation can start. So, by looking into clienthello and reading SNI any MITM can determine what web site are you trying to reach.

It would not be hard at all. China, Iran and Russia already do that. Clienthello is not encrypted and that is all you need.

And ECH would not solve this as you can just block cloudflare-ech (or other, depending on CDN) domain itself and force clients to fallback to non-encrypted clienthello.

Everyone gansta till DPI system is installed.