Going back to the main Utopia window, I went to the "Search" tab and started typing in random terms. The first one that came to mind was "music", which returned the domain... "justinbiebermusic.com". That site didn't load. I tried "utopia", which returned "darkutopia" and "utopia-google", neither of which loaded. (uNS doesn't require a domain to have a TLD, and you can just add whatever arbitrary TLDs you want to your registered domain.) Most domains were registered sometime in 2019, but I couldn't sort for new ones because clicking the "registration date" title on the table doesn't trigger any sorting. I looked in the manual to see if I was doing something wrong, but the troubleshooting section only gave instructions to reinstall the proxy configuration file and nothing else. The manual also claimed that I could go to "http://utopia" to test if the browser was working, but that domain also timed out. The only uNS site I could get working was "http://crp"... which is an internal crptocurrency exchange.
I thought about setting up a test site in Utopia. My usual modus operandi when it comes to darknets is to eschew any centralized domain service, like how I2P users insist you register a domain on one of three barely-functional services- one of them tried to set up mayvaneday.i2p without my knowledge, but I blocked requests from that domain pretty quickly- and just use the public key I'm given. So I opened up the uNS registry and went to "Packet Forwarding", but Utopia insisted that I could only set up packet forwarding after I bought a uNS record, costing about 10 CRP. (At the time of writing, that's about $6.25.)
I thought about setting up a test site in Utopia. My usual modus operandi when it comes to darknets is to eschew any centralized domain service, like how I2P users insist you register a domain on one of three barely-functional services - one of them tried to set up mayvaneday.i2p without my knowledge, but I blocked requests from that domain pretty quickly - and just use the public key I'm given. So I opened up the uNS registry and went to "Packet Forwarding", but Utopia insisted that I could only set up packet forwarding after I bought a uNS record, costing about 10 CRP. (At the time of writing, that's about $6.25.)
So I can't chat or email because I have nobody to do it with. I can't play chess by myself. (And there are better ways to do so.) I can't access websites unless it's to buy a shitcoin. I can't host my own website because I don't have the money to burn on shitcoins for a network where almost none of the websites work. There's nothing for me to do on Utopia. So I closed the program and copied my strace capture to the host computer and shut down the VM.
Now for the allegations of the Utopia client being malware...
According to strace, Utopia did not attempt to access any sensitive files in my home directory. If it had tried to access something sensitive like ~/.ssh, it would have shown up in the logs, even if the file or directory was nonexistent. In my home directory, Utopia accessed:
As shown in the table, the vast majority of IP addresses that Utopia connected to during the tests were owned by VPS hosting companies, not residential ISPs as I would have first guessed. I have three hypotheses as to why this is the case.
-Firstly, as I wrote in the beginning of this post, Utopia's devs nowadays mainly focus on their cryptocurrency, Cryptons. When attempting to debug why no sites were loading in Idyll, I forgot to mention that there was a "Console" feature, which I thought would allow me to run tools like ping, but instead it was a glorified log viewer that showed that Utopia was making thousands of connections a minute to fetch "mining history updates" and "finance balance requests". The vast majority of these mackets were marked "skipped", but that doesn't negate that they were sent to my node in the first place. Given how gung-ho the Utopia devs are about crypto, and considering that the official mining bot apparently requires four gigabytes of RAM at minimum and a public IP, it's not that far of a stretch to assume that these VPSes were running the Crypton mining bot. Please note that the bot is also closed-source, so these people trying to scrape pennies together have effectively given the Utopia devs access to lots of VPSes trusting that they won't become part of a botnet.
Firstly, as I wrote in the beginning of this post, Utopia's devs nowadays mainly focus on their cryptocurrency, Cryptons. When attempting to debug why no sites were loading in Idyll, I forgot to mention that there was a "Console" feature, which I thought would allow me to run tools like ping, but instead it was a glorified log viewer that showed that Utopia was making thousands of connections a minute to fetch "mining history updates" and "finance balance requests". The vast majority of these packets were marked "skipped", but that doesn't negate that they were sent to my node in the first place. Given how gung-ho the Utopia devs are about crypto, and considering that the official mining bot apparently requires four gigabytes of RAM at minimum and a public IP, it's not that far of a stretch to assume that these VPSes were running the Crypton mining bot. Please note that the bot is also closed-source, so these people trying to scrape pennies together have effectively given the Utopia devs access to lots of VPSes trusting that they won't become part of a botnet.
Secondly, if these are potential command-and-control centers for a Utopia botnet, then it would make sense to have as many IPs as possible in case of some of them going down from seizure and to get them from virtual private server providers to reduce the cost of quickly rotating IPs. But that doesn't explain why so many of the IP addresses are owned by the same company. In the case of an active botnet, that company would have the power to kill a large part of the infected machines.
Thirdly, less likely but still worth mentioning, is that some of these virtual private servers might be set up as personal VPNs to save users from a nasty letter from their ISP should the closed-source Utopia client generate some shady traffic. Depending on how the VPN was set up and if the VPN blocks local LAN traffic, it could make it harder for Utopia, if it was really a Trojan horse, to attempt to infect the rest of the machines in one's house.
To close out this investigation, I downloaded the Utopia installers for every operating system Utopia supports (Windows, macOS, and Debian-based and RPM-based Linux) and threw them into VirusTotal. Someone had tested the Debian installer before me, which came back clean. The RPM installer also passed VirusTotal's scans, but the Windows installer came back with a high chance of being unclassified malware. The Mac version also read some sensitive system files, may have attempted to determine if it was in a sandbox, and tripped an IDS rule relating to two CVEs.
diff --git a/china.txt b/copypastas/china.txt similarity index 100% rename from china.txt rename to copypastas/china.txt diff --git a/china2.txt b/copypastas/china2.txt similarity index 100% rename from china2.txt rename to copypastas/china2.txt diff --git a/recs/antiwork.html b/recs/antiwork.html index eab7ea0..05a81af 100644 --- a/recs/antiwork.html +++ b/recs/antiwork.html @@ -85,6 +85,17 @@| Over Work | +Brigid Schulte | +Casual | +
| Researchers have found that desk workers in an office setting tend to be interrupted about every three minutes. And after that colleague has dropped by or we've switched screens to check email, texts, social media, or a pinging notification, it can take, on average, twenty-three minutes and fifteen seconds to get back to where we were. Over and over and over throughout the day. | +