Debunking Apollo - again

At the instigation of Jelurida, 3 pdf’s and a .csv.

Another round in the APL circus.

kristina [9:38 PM]
On twitter they are trying to shift the conversation about the IP address

tomislav [9:40 PM]
only the Apollo servers know the IP, this is what makes it “private”

Anton [9:44 PM]
Lol… as explained in the provided docs …

Kristina:

tomislav [10:37 PM]
ah, so it is a responsibility of the sender to hide the balance… curious, where is the checkbox to do that in the Apollo wallet?

thewiremaster [10:43 PM]
Let’s push this up as much as we can!

kristina [10:44 PM]

Their “community” is totally brainwashed, it’s sad for these people

thewiremaster [10:45 PM]
It’s so sad…

tomislav [10:46 PM]
just in case, copy and spread these pdfs and the private_transactions.csv file to other sites, in case they decide to DDoS our server, or play some other dirty tricks

thewiremaster [4 minutes ago]
Copied them here: https://ardor.rocks/groups/ardor/forum/topic/debunking-apollo/

apenzl [< 1 minute ago]
They’re on Nxter too.

martis [10:46 PM]
Is it possible to trace IP address of sender in Nxt?

Zhang [10:47 PM]
:slightly_smiling_face:I am also very curious

tomislav [10:48 PM]
not retroactively, only if you are connected to all nodes on the network and keep logs who was the first to send each transaction, or if you are the internet service provider of the node, etc
and the measures to protect against that are trivial - tor, vpn, or best a combination of both

martis [10:48 PM]
But you can broadcast signed transaction bytes from any node?

tomislav [10:49 PM]
right, so you can always claim someone else broadcasted from your node, if it has open API

logan [10:49 PM]

mrv777 [3 minutes ago]
Great to see they will at least pay the $10k

martis [10:50 PM]
so they didn’t invent something special with IP hidding?

tomislav [10:50 PM]
we explained that in the technical part, they run a closed source socks proxy
not sure how is this better than tor, I guess it is better for Apollo because they control it…

Zhang [10:51 PM]
As far as I know, they just modified the NXT UI interface and the block time.

martis [10:51 PM]
Ok, but they now claim, that IP part was not resolved. As it cannot be resolved in Nxt also. Isn’t?

tomislav [10:51 PM]
no, to be fair they did more than that, but is is really copious amounts of code that is either not needed, or not well thought out

martis [10:52 PM]
So, in conclusion, you can also hide sender IP in old good Nxt?

tomislav [10:52 PM]
absolutely
this is an example of functionality that was not needed to be added

scienide [10:53 PM]
Is ip even recorded in the blockchain itself?

martis [10:53 PM]
nope

tomislav [10:53 PM]
Nxt already can run over tor, and we provide a simple run-tor.sh script to do that, it is only that the user must configure tor independently

martis [10:53 PM]
So IP problem is only smoke?

tomislav [10:53 PM]
they bundle a tor distribution in their installer, and also this suspicious tunneling proxy
yes, the IP issue is a desperate attempt to save face and not pay the bounty

kristina [10:54 PM]
they’ll pay only the half

martis [10:54 PM]
Ok, so that could be used if they’ll claim IP hiding is something special made by them

tomislav [10:54 PM]
I also couldn’t figure out the exact temperature in their living room, this is about as relevant as the IP address

https://ardornxt.slack.com/archives/C0JR86S2U/p1554310127334300
tomislav [6:48 PM]
now that the air is clear…

https://www.jelurida.com/debunking-apollo-again




https://www.nxter.org/wp-content/uploads/2019/04/private_transactions.csv.zip

Backed up.

tomislav [5 hours ago]
lying again… but we do not intend to engage in any further challenges, we are not a free QA service provider

scienide [5 hours ago]
They want to make it look like the sender made a mistake. However in their own chatroom they stated that certain changes had to be made. This does not sound like the sender made a mistake.

Anton [5 hours ago]
They challenged everyone… and Challenge should be solved within 7 days. Therefore They chose the moment of publication themselves.

scienide

martis [9:16 AM]
Say that in public, as they will come with new challenges hoping Jelurida will jump in and play that game.
What a poor attempt to wash their faces.

martis [9:26 AM]
Especially Jelurida publish public statement against Apollo, when APL price rises :slightly_smiling_face:
@kristina anything interesting from their telegram? Still chaos?

kristina [9:36 AM]
I only briefly looked this morning, but things seem to be calmer today, there are even some meaningful questions here and there. Some think that Bitfi posting another challenge is repeating the mistake they did by posting the previous one… And the faithful apollonauts are holding their breath for the release of “DEX and sharding” which is supposed to fix the price again. The release was actually scheduled for April 1st then delayed to April 4th (edited)

martis [9:38 AM]
Their DEX is old good Nxt AE or something else?

kristina [9:38 AM]
I don’t know
I suppose they are developing something new
they don’t seem to have lack of development and apparently a lot of people in Ukraine (I guess some outsourcing team) which is doing development for the sake of development

martis [9:42 AM]
well, quality of work matters, not amount of coders or country they came from

tomislav [9:45 AM]
The Apollo development is like a healthy but headless zombie, there is a productive development team that keeps creating meaningless features - the private transactions, the auto-update, the 2fa (which is nothing more than a wallet file), the centralized mixer… I am sure the “sharding” they come up with will be another miserable failure by design, even if the implementation is well coded.
Coming up with another challenge is diverting the attention from the real issue, which is that the Apollo servers will always know the sender and destination of the funds, even if they improve the scrambling algorithm to make it very hard for an outsider to figure it out. Not only that, but by tunneling transactions through their servers, they also know all the IPs. This is their definition of privacy - it is private, if it is known only to Apollo.