5 changed files with 193 additions and 13 deletions
@ -0,0 +1,119 @@ |
|||
# Copyright Infringement of HUSH code |
|||
|
|||
This file exists to document the copyright infringement of HUSH code as clearly as possible |
|||
with as much supporting info as possible, so people can decide for themselves. Any project |
|||
that infringes on "The Hush Developers" copyright will be listed here. Currently there |
|||
is one project that severely infringes the copyright of Hush code, which is Pirate. |
|||
|
|||
|
|||
## What is Copyright Infringement? |
|||
|
|||
Copyright infringement is when one project takes code from another project, and maliciously |
|||
or accidentally changes copyright information and/or mixes code of incompatible copyrights |
|||
together. In the case of HUSH, our code is GNU Public License Version 3 (GPLv3), which means |
|||
projects that use non-GPL code cannot (legally) take our code and add it to their project, |
|||
unless they: |
|||
|
|||
* Change their copyright to GPLv3 (or a higher version) |
|||
* Add copyright disclaimers from "The Hush Developers" |
|||
|
|||
## z\_getbalances RPC |
|||
|
|||
Hush wrote a new RPC which does not exist in any other cryptocoin called `z_getbalances` first created on April 13th 2021 in commit |
|||
https://github.com/hushmirror/hush3/commit/52e14828c8366d28a47d16acff42f64e988669fe then less than a month later the same exact RPC name, with same functionality was added |
|||
in Pirate commit https://github.com/PirateNetwork/pirate/commit/be114569ec692c41b0af5d6ad84e6acf7da6305f . It adds a new optional argument and is a derived work: |
|||
|
|||
https://github.com/hushmirror/hush3/blob/dev/src/wallet/rpcwallet.cpp#L3646 |
|||
|
|||
https://github.com/PirateNetwork/pirate/blob/master/src/wallet/rpcwallet.cpp#L4157 |
|||
|
|||
## hush-cli was renamed pirate-cli |
|||
|
|||
Very interestingly, in https://github.com/PirateNetwork/pirate/commit/412f5a296165ed7601749383cb4b94a4d8a0a9c5 it can be seen |
|||
that the `hush-cli` script was renamed `pirate-cli`, and the Hush copyright line was removed and replaced with a Pirate copyright |
|||
that says "no rights reserved" : |
|||
|
|||
``` |
|||
#!/bin/bash |
|||
-# Copyright (c) 2019 Hush developers |
|||
+# Copyright (c) 2019 PirateChain - no rights reserved |
|||
|
|||
# set working directory to the location of this script |
|||
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" |
|||
cd $DIR |
|||
|
|||
-NAME=HUSH3 |
|||
+NAME=PIRATE |
|||
CLI=${KOMODOCLI:-./komodo-cli} |
|||
$CLI -ac_name=$NAME "$@" |
|||
``` |
|||
|
|||
This file no longer exists in their master branch, but is a good example of Pirate blatantly infringing on Hush code copyright. |
|||
|
|||
## TLS Code |
|||
|
|||
Pirate seems to have copied huge sections of the TLS code from Hush, including entire files |
|||
and detailed code comments in certain functions, while also not adding our Copyright disclaimer |
|||
to their files. Since Pirate is MIT and Hush is GPLv3, mixing this code is incompatible. |
|||
|
|||
For instance: https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was created in |
|||
commit https://github.com/PirateNetwork/pirate/commit/a21bf4051094a8ca9c481efd32d706361e8003b5 |
|||
on Oct 31st 2021 but https://github.com/hushmirror/hush3/blob/dev/src/hush/tlsenums.h was |
|||
created on Sep 29th 2020 in commit https://github.com/hushmirror/hush3/commit/62f67821ecd801cc26b9f3aa14de8735d6563a0a |
|||
|
|||
The files are almost exactly the same, except Hush Copyright lines have been removed, the namespace |
|||
"hush" was changed to "tls" and whitespace has been added. The exact ordering of elements and exact |
|||
names of variables is exactly the same. |
|||
|
|||
Another fact is that all the filenames in https://github.com/PirateNetwork/pirate/tree/master/src/tls |
|||
are exactly the same as the filenames in https://github.com/hushmirror/hush3/tree/dev/src/hush yet |
|||
the Hush files were created over a year prior. |
|||
|
|||
Additionally the function threadSocketHandler at https://github.com/PirateNetwork/pirate/blob/master/src/tls/tlsmanager.cpp#L347 |
|||
is almost exactly the same. The differences are because Hush uses WolfSSL where Pirate uses OpenSSL and |
|||
logging to a different log category ("net" vs "tls") . |
|||
|
|||
The `-tls` CLI option and `-tls=only` argument was added in commit https://github.com/hushmirror/hush3/commit/62f67821ecd801cc26b9f3aa14de8735d6563a0a on Sep 29th 2020 |
|||
and then appears over a year later in Pirate source code in commit https://github.com/PirateNetwork/pirate/commit/a21bf4051094a8ca9c481efd32d706361e8003b5 |
|||
|
|||
Additionally, Hush added the field `tls_connections` to two RPCs: `getinfo` and `getnetworkinfo` and Pirate took this code, |
|||
and turned the oneliner to a for loop to make it look different, yet it is still a derived work: |
|||
|
|||
``` |
|||
pirate/src/rpc/net.cpp |
|||
515: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
557: obj.push_back(Pair("tls_connections", sslNode)); |
|||
|
|||
pirate/src/rpc/misc.cpp |
|||
212: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
302: obj.push_back(Pair("tls_connections", sslNode)); |
|||
|
|||
hush3/src/rpc/net.cpp |
|||
506: " \"tls_connections\": xxxxx, (numeric) the number of TLS connections\n" |
|||
541: obj.push_back(Pair("tls_connections", (int)std::count_if(vNodes.begin(), vNodes.end(), [](CNode* n) {return n->ssl != NULL;}))); |
|||
|
|||
hush3/src/rpc/misc.cpp |
|||
219: " \"tls_connections\": xxxxx, (numeric) the number of encrypted TLS (SSL) connections\n" |
|||
293: obj.push_back(Pair("tls_connections", (int)std::count_if(vNodes.begin(), vNodes.end(), [](CNode* n) {return n->ssl != NULL;}))); |
|||
``` |
|||
|
|||
You can also notice they exactly copied the documentation of each RPC, with no changes. |
|||
|
|||
In the file `src/net.h` you can see that Pirate copied the exact variable names of the TLS context objects: |
|||
|
|||
``` |
|||
pirate/src/net.h |
|||
extern SSL_CTX *tls_ctx_server; |
|||
extern SSL_CTX *tls_ctx_client; |
|||
|
|||
/hush3/src/net.h |
|||
extern SSL_CTX *tls_ctx_server; |
|||
extern SSL_CTX *tls_ctx_client; |
|||
``` |
|||
|
|||
Additionally, these two objects were added at exactly the same place in the file, between the `strSubVersion` and `LocalServiceInfo` struct. |
|||
|
|||
https://github.com/PirateNetwork/pirate/blob/master/src/net.h#L226 |
|||
|
|||
https://github.com/hushmirror/hush3/blob/dev/src/net.h#L196 |
|||
|
|||
@ -0,0 +1,53 @@ |
|||
# Summary |
|||
|
|||
TLDR: ECC profits directly from their own users lack of privacy. |
|||
|
|||
The company behind Zcash, Electric Coin Company, works directly with Law Enforcement and blockchain analysis companies, whose largest customers are Law Enforcement Organizations (LEOs). |
|||
|
|||
This is the Military-Industrial-Surveillance complex, where ECC directly profits from their users lack of privacy |
|||
|
|||
The Hush community finds this to be an egregious conflict-of-interest |
|||
What follows are important summaries and quotes from this video: |
|||
|
|||
https://www.bitchute.com/video/PWXU7D4VV0lB/ |
|||
|
|||
The video was removed from YouTube and then uncensored by the Monero community |
|||
|
|||
The companies actually make fun of Zcash optional privacy, but say if people use the tech, they can't track it. |
|||
|
|||
It shows that ECC profits directly from their own users lack of privacy. |
|||
|
|||
0:43:45 |
|||
|
|||
Ciphertrace and other companies are starting to work with Zcash team at Electric Coin Company on integration |
|||
of tools for that blockchain. |
|||
|
|||
-- Dave Jevans, CEO of Ciphertrace |
|||
|
|||
1:00:00 - Summary of Bitcoin ATM usage: stolen CC's, darknet markets, overseas remittance to family members |
|||
1:03:24 - Mixers can be wiretapped, Denial-of-Service'd and have code errors, not as good as privacy coins. |
|||
1:03:55 - Custody and exit fraud risk of "mixers" are inferior to protocol level privacy. Privacy coins have less risk of theft, almost none |
|||
1:04 - |
|||
|
|||
``` |
|||
We also have projects that are funded by Law Enforcement Organizations, |
|||
to work on Monero and Zcash tools and support, so there is good interest |
|||
in the research funding side, as well as the investigation side. |
|||
|
|||
- Dave Jevans, CEO of Ciphertrace |
|||
``` |
|||
|
|||
``` |
|||
The other thing, we are in touch with some communities and I would say, for example, we are getting a lot of helpful attitude from the Zcash Community, they were able to explain to us how exactly coin anonymization feature worked. Of course, if you have a suspect that knows what he is doing, he is not making stupid mistakes, their community is, of course, not in a position to help. |
|||
|
|||
-- ChainAnalysis |
|||
``` |
|||
|
|||
* 1:04:20 - What should Law Enforcement Organizations do? |
|||
* 1:05:00 - What Should Law Enforcement Do When They See A Privacy Coin? |
|||
* Very few options, forensics tools don't help. Monero + Tor is a dead end. |
|||
* Seizing phones is the easiest way to de-anonymize privacy coins! |
|||
* 1:06:00 - Telling Law Enforcement to search for privacy coin wallets, not just Bitcoin wallets, on seized phones. Wallets can be imported into surveillance software. |
|||
|
|||
|
|||
Originally from https://gist.github.com/leto/c351124c937e1516e9ac37e86738b0b2 |
|||
Loading…
Reference in new issue